Batboard

Presuming that public safety communications don't change beyond all recognition in the next few year,
which I doubt as this is one fo the most firmly entrenched, stuck-in-the-old-ways industries I've ever seen.... ....
Motorola will eventually create an XTS-10000 of some sort. A more capable successor to the XTS-5000.

Just for fun, try to think like Motorola's engineers and design it.


I think:


It will include embedded GPS with automated position reporting as a standard feature.
An enhanced feature will be GPS navigation, including the ability to guide the user to
the location of another radio on the system if its emergency button has been pushed,
or if that user presses the "Find me" button.

It will have at least 64 MB of total memory. Systems/talkgroups capacity will be
in excess of 10,000 talkgroups IF the customer is willing to pay for that option.

It will be available in at least three bands: VHF, UHF, and 700/800 multiband.
Additionally, dual band versions will be available which combine EITHER VHF or UHF
operation with 700/800 operation in the same radio. But an all-band, VHF, UHF,
700/800 version will not be offered as there will be an extremely limited market for
such an item.

It will have an optional camera which can be on the radio housing OR can be part of
the enhanced public safety speaker-mic. This camera will even be steerable, can
be slaved to a head position-tracking sensor so it sees what the officer is looking at,
and can also be remotely steered by a suitably equipped radio or dispatch console.
It will operate on the 4.9 GHz wireless network that is exclusively for public safety use.

It will have a full color, high resolution bit-mapped display. Applications for the display
will include relayed video transmissions from the radios of other officers in surveillance
or emergency situations, and also departmental logos will be displayable when the radio is idle.

Of course, it will be a Phase II-compatible Project 25 trunked and conventional radio, capable
of supporting everything in the current standards and also backward compatible to a certain point.

And of course, it'll support every encryption format worth mentioning, internally, without the need
for additional encryption boards.

And just about everything will be an option or feature you have to PAY for to get it. You'll still be able
to buy the radio in a plain-jane, conventional only version with a flash code of 000000-100000-7,
or whatever that flash code really is in the event that I remembered it wrong.

It will be possible for the radio to be slaved into the system it's programmed for to such an extent
that it would take a trip to the depot to divorce it from that system so it could be re-used after
the agency that first owned it gets rid of it. And by policy, the new owner gets a conventional only
radio afterwards unless he's willing to pay for additional features. A trunked radio goes to surplus,
and comes back from Motorola without trunking. You have to pay to make the radio ALMOST useless,
and pay through the nose to make it REALLY useless.

The CPS will be locked down so hard, it won't even start up on your PC without making a live connection
to the Motorola Central Programming Authorization Computer and authenticating that it's operating on
the computer it was originally authorized to run on, and all other passwords and codes match. Failure
to do so will result in the CPS closing out at best, and calling the FBI at worst. Encryption will be deeply
embedded in the software and it will be for all intents impossible to hack it. Even the codeplugs will be
encrypted, if that option is selected. A more limited conventional only version of the CPS will be
available for non-commercial users but it's also pretty well controlled.

Though I would HOPE that the programming software would be pretty open and "enthusiast-friendly",
I can't presume that this will be the case. I must presume that its security features will at LEAST
equal those of present-day CPS titles. For reference, M/A-Com's current programming software package
is locked down to the point that if you buy the software, you get a very limited number of authorized
installations out of the package, and the software will "phone home" for installation authorization,
which it will get or it won't install. For additional installations, that costs extra. A renewal installation
because of a computer upgrade or a crash will be dealt with on a case-by-case basis, but you may have
to mail your old hard drive to M/A-Com for analysis and verification before they give you a "free"
reinstallation. That's TODAY.




Your guesses?


Elroy

I'm not so sure on the estimates of CPS/Flashing security.

When the Astro25 line came out (Think XTS5k), it was sold as "teh un-hackable" radio, and at the time it was totally secure. Well, within a few months of commercial release, the platform was totally compromised.


Now I would guess that if the XTS10000 comes out, we'll see whore versions of it just like we see on the Astro25 line today. You never know...

The camera thing sounds neat - would be a helpful feature for officers doing traffic stops or when they apprehend someone beacuse it'd be all in first person view.

Codeplugs have been encrypted since at least the GP300...

True, NOTHING will ever be able to prevent brute-force copying of EEPROMS and flash memory. As long as the memory contents can be output from the chip,
they can be copied. And I'd guess that this is a technique that is closely associated with some of the "aftermarket flashes" that are definitely available.


Elroy

it will look like a razer

also

Though I would HOPE that the programming software would be pretty open and "enthusiast-friendly",
I can't presume that this will be the case. I must presume that its security features will at LEAST
equal those of present-day CPS titles. For reference, M/A-Com's current programming software package
is locked down to the point that if you buy the software, you get a very limited number of authorized
installations out of the package, and the software will "phone home" for installation authorization,
which it will get or it won't install. For additional installations, that costs extra. A renewal installation
because of a computer upgrade or a crash will be dealt with on a case-by-case basis, but you may have
to mail your old hard drive to M/A-Com for analysis and verification before they give you a "free"
reinstallation. That's TODAY.

at least they don't sue everyone

but seriously, this is quite common as far as software packages go...and as such there are ways around everything.. but at least they let you install it more than once, and they sell it to enthusiasts without much fuss (conventional versions at least)

but none of the companies care about enthusiasts, some seem to downright seem to hate them (/\/\?)

HOW ABOUT BUG FREE F/W WHEN THE RADIO IS RELEASED?

SORRY CAPS LOCK IS STUCK ON

Funny story...I contacted "an unnamed entity" that was an authorized distributor of the M/A-Com programming software
and asked to buy it. He actually said to me that I could probably find a copy on ebay.

I explained to him that as I'm legitimately in the radio BUSINESS, my requirements are to obtain an authentic, LEGAL copy.

His response was "Well, frankly we don't care too much about those things as long as nobody's programming radios that
show up TRANSMITTING on our systems without authorization."

Take that with a grain of salt...but the more relaxed attitude was kind of nice to hear, while at the same time it was
also just a little bit alarming.


Elroy

I had some dip from Bearcom once trying to tell me how to force a S-REC into an Astro Saber for MODAT (way back in the day before we all knew better)...

Here's what the XTS-10000 will look like:



We'd all better hope there aren't any bugs in the firmware, otherwise we might be beamed up to a Klingon ship or something.

No problem, it'll come with a Tribble for just such an emergency.


Elroy

Damned, I'd forgotten about those overgrown furballs.

Elroy Jetson wrote:A renewal installation
because of a computer upgrade or a crash will be dealt with on a case-by-case basis, but you may have
to mail your old hard drive to M/A-Com for analysis and verification before they give you a "free"
reinstallation. That's TODAY.

Too bad if you do radio work for a government agency, and have information of any security classification related to that work on your HDD.

The firmware will be hard-coded to work for seven years from the date of manufacture. After seven years, the radio will automatically use IP connectivity to file for a large Homeland Security to replace itself with an XTS15000, and then self-destruct.

Pj wrote:I had some dip from Bearcom once trying to tell me how to force a S-REC into an Astro Saber for MODAT (way back in the day before we all knew better)...

Yeah, DIP is right on target brother.

Bearcom also has run marketing in recent trade publications touting TRBO as the "perfect public safety radio"

Sure, how bout just keep selling CP200's to the contractors and concrete pumpers and leave public safety alone. All we need is more folks going to business and industrial technologies for pubic safety purposes.

I hope someone at /\/\ saw that and got in there A$$.

Motorola touts TRBO as a PS application (albeit for "smaller" departments, lord knows the big departments have money for Quantars and 5k's) so why would they get mad at their largest distributor for saying the same thing?

I mean, FFS, Motorola labels their talkabouts as having 18 mile range...

That's possible. I think that a pair of well-aligned Talkabouts COULD operate effectively over an 18 mile range.


IF I took one up a 1000 foot tower and you took another one up a 1000 foot tower 18 miles away.


I think that would work. But it's hardly an everyday application.


I think all they have to say is "we've proven that this can be done at this range" and be able to back it up
for the FTC to allow it. And of course, "Results vary according to local operating conditions" is the phrase
that lets them escape any responsibility.


Elroy

Well you might want to read what Bruce Oberlies has to say about it here ...

http://www.naco.org/Template.cfm?sectio ... ntID=21039

Look at slide 9, it can stand enlargement to about 4x ...

It will cost only $350 including a charger and speaker/mic.

If Motorola really wanted to clamp down on the illegal use of CPS, it could create a web-based application.

You could have the user's logon credentials dictate what radios they are able to program, as well as define what features (flashcode and otherwise) the user is able to access based on the hardware they have purchased. They could also only allow the user to program the radios they have purchased by using serial number control.

Obviously this won't work so hot in the field where a reliable data connection isn't always possible. In cases like that, a stand-alone app could be written that would allow the user to program a certain kind of radio a set number of times before a "refresh" logon with Motorola's server would be required.

This would obviously put an end to user-based control of radio programming, but it would almost certainly put a stop to illegal/improper programming and CPS distribution. As a downside, it would also no doubt mean an end to playing with new technology "just because".

it would also put an end to people buying motorolas and switching to kenwood or macom

Correct me if I am wrong but does the macom software not already do this?

I thought I read a post that said this, and also said the software cost about $2500?

Someone set me straight on this please!

The trunking capable version (current version) of the M/A-Com radio programming software does indeed cost about 2500 dollars and its installation is authenticated via the web. The conventional only version costs about 250 dollars and I do not know if it has web-based installation authentication or not.

Elroy

that would never work for me, i keep my main programming machines completely isolated from any network... last thing i need is a virus or spyware getting in there and compromising my systems

Once the M/A-Com RPM software (the new radio programming software) has been given authentication and permission to install,
and installed successfully, it apparently doesn't have to be connected to the 'net anymore.

I believe it can also be authenticated by an exchange of key strings, if I have my information right. This can be done over the phone
or via email. The software generates a string of variables, which you relay to M/A-Com, and they give you the response to enter,
very much like how Windows XP is authenticated on a new installation.


Elroy

see thats not much better security, one could probably easily whip up a keygen and bam.. all done

Depending on what system is used for authentication...maybe.

Suppose they're using 256 bit encryption?

Elroy

get enough challenge responses and the valid answers, then you can figure it out.

better yet, find the code in the EXE that calls for the check and NOOP it.

grem467 wrote:that would never work for me, i keep my main programming machines completely isolated from any network... last thing i need is a virus or spyware getting in there and compromising my systems

Most federal agencies wouldn't have their radio programming machine sitting on the Internet either.

You know what

I think this new radio might be like this (matter of fact I'm certain)

2 Radios : 1 on each side

Turn it over where the battery is - it's another XTS front. 2 bands.


THAT is cool - something that I'd buy if they made it publicly avaliabe

Would that be the new Gemini platform, or would they call it the Janus platform instead?

Or maybe the Politician platform? (Two-faced.)


Elroy

It's called the "Mackinaw"


You can tell beacuse early Motorola APC Production codes (first 3 digits of the serial) lists had the Mackinaw name in them. Oops!!

"....649 HT600
652 MTX8090 PRIVACY PLUS
654 Mackinaw Covert Portable
655 Mackinaw Portable
657 XTS1500 REBANDING
656 Mackinaw Mobile
671 SUBSCRIBER MARGIN ADJUSTMENT
673 MTX900 PRIVACY PLUS ..........."

Only a single addition needed for absolute interoperability required...

A single, high capacity SD card with with all operational channels, tuning data and auto-tune data for SDR compatibility, plus the ability to remove the card and swap radios in the field.

Single card that has all tuning parameters, levels and frequencies for all bands/modes and power levels.

Once inserted in the radio, the detector firmware reads the radio, and programs the digital filters and amplifiers to that radio's internal firmware, and calibrates the radio to operate on the pre-loaded frequencies.

No more codeplug dumps, labbing or hack jobs required...just pop it in the programming computer and load your channels into it and pop it in the radio...

*SNAP* all ready for use and in spec and clean spectrum transmissions and reception without having to manually input the data into it vie the FPP operation or use of a computer again while in the field.

The SD card knows what to change or modify to make the radio wor in the cosen band plan, or single split pairs.

Password protected,access code required for ANY power cycling with a 3 try timer that erases the SD card after an attempt to gain access to the card's internal database.


No more need to maintain a slow computer for older model radios or even firware/flashcodes...it's all pre-programmed wit the exact data needed, no matter what radio yo are using at the time.

Without the card inserted into the radio, it reverts to a single bank of channels aligned for that particular model of radio.

The Sd card is the best method of utilizing any radio and have preconfigured CP data that can be swapped for a later model radio.

OK, here's what *I'd* like to see in the next gen radios:

1) Built in USB port, both for programming and for diagnostics (one endpoint for audio, one endpoint for control, one endpoint for sampled IF, etc.)
2) Built in Bluetooth, again both for audio and for programming, to enable walk-by testing.
3) A decently designed programming interface that third parties (like Aeroflex) can license, use, and expect to be supported for some time.
4) Programming/calibration libraries available for Linux - preferably licensable as source so they can run on something OTHER than x86.
5) a reasonable RF interface for hard-wired testing.
6) Reasonable diagnostics from the radio in test mode (e.g. "I don't like this control channel because of $REASON"), rather than the current "It's not working, I wonder why...."

And for any next-gen protocol:
7) A full definition of the protocol state machine done in a formal, rigorous fashion (SDL model, state-space definition) that can be synthesized so that you don't get into the stupid incompatibilities caused by holes in the spec.

I think some form of wireless programming (bluetooth is a good idea) would be a fine idea. If we could get away from the
radio-specific cabling and support equipment and go to something more generic and widely supported in the industry,
it wouldn't be a bad thing. But there will always be a need for a direct interface to work on radios that have problems.
I'd recommend a simple three-point accessory point. Power, general purpose data I/O including audio, (one-wire interface)
and a fiber optic transceiver. Basic accessories use the copper circuits, advanced accessories use fiber. Minimal connections,
minimal connectivity issues with accessories. We all know that eventually, the converta-com's connectors become problematic.


Having SD style cards would be a negative in the respect that it makes it tougher to make the radio highly water resistant.
Sealed, flush-to-surface contacts are a better way to go.

A SIM-card based approach (modified) might be a pretty decent solution. In fact, it's a great one. SIM card is programmed,
keyed to the radio's serial number or alternatively, to a block user ID. When the radio is to be retired, remove the SIM card
and the radio's an empty slate. The next owner of it can get a new SIM card for it, programmed with the features he wants,
needs, and is willing to pay for. The old owner's original SIM card can be reassigned to a new radio and reused.


Elroy

Elroy Jetson wrote:A SIM-card based approach (modified) might be a pretty decent solution. In fact, it's a great one. SIM card is programmed,
keyed to the radio's serial number or alternatively, to a block user ID. When the radio is to be retired, remove the SIM card
and the radio's an empty slate. The next owner of it can get a new SIM card for it, programmed with the features he wants,
needs, and is willing to pay for. The old owner's original SIM card can be reassigned to a new radio and reused.


Elroy

After seeing the "locked" Iphone go down in about a week, I sincerely doubt that any two-way radio manufacturer would load software-definable options on a sim card. They might as well give the radios away for free in that case. Astro25 was hacked, probably only by a handful of people. Put the options on a simcard and every scriptkiddie in the world will be selling "upgraded" radios.

You forget the marvel that is 256 bit (and beyond) encryption. A fully encrypted feature package/codeplug on the SIM card, keyed to the radio's own unique
serial number (Or even an ENCRYPTED serial number...imagine that, if you will) would pretty much guarantee that a successful hack is at the very least,
a very remote possibility.

Taking a cue from how M/A-Com handles their radio features might give you a lead on how future radios will handle feature and personality security.

If you're not aware of the M/A-Com methodology, it works like this:

Each radio has a unique ESN chip, a Dallas DS2401 Silicon Serial Number. These are individually laser-programmed at the Dallas
production plant and can not be altered, only made non-functional by sufficent abuse.

Each radio has a "feature encryption string", a string of hexadecimal code which is generated by a factory-only software package,
which takes the radio's ESN, the desired features in the radio, and generates the feature encryption string. And of course, the
radio must have the appropriate firmware and DSP revisions to make proper use of the features.

It's a lot like a Motorola flashcode, but not quite...for one, it's encrypted. And the features in the radio are read out as a
series of numbers. It's not a matrix that needs math skills to figure out like a flashcode. It's just a list of up to 40 nubers,
from 1 to 40. Each number present in the list denotes that that related option is enabled in the radio.

Essentially, the M/A-Com system is a dual key encryption system. If both the ESN and the feature encryption string aren't correct, the radio will give a
feature code error and at that point your radio will only operate properly in straight conventional mode.

Of course, there are many "valid" feature strings to match any given ESN. There are 40 defined option slots in the radio, which are
numbered 1 thru 40, and the combination of the feature string and the ESN determines which combination of these 40 possible
options are enabled in the radio. So what's 2 to the 40th power? That's how many possible feature strings there are that could
turn on some features. But it may be more complex than that, even, as there's no guarantee that ALL of the data needed by
the radio to validate the feature string is visible. A few hidden bits would change the whole game yet again, and not for the easier.

I've never heard of anyone hacking their way through the feature encryption system.

Elroy

Elroy Jetson wrote:A SIM-card based approach (modified) might be a pretty decent solution. In fact, it's a great one. SIM card is programmed,
keyed to the radio's serial number or alternatively, to a block user ID. When the radio is to be retired, remove the SIM card
and the radio's an empty slate. The next owner of it can get a new SIM card for it, programmed with the features he wants,
needs, and is willing to pay for. The old owner's original SIM card can be reassigned to a new radio and reused.

Welcome to GSM and TETRA.

Yes. Most cell phones work that way these days. If I come across an interesting used cell phone that's better than the one I'm using now,
I test it by putting my SIM card into it and seeing if it's compatible with my service provider and if it's functional.

A sufficiently well thought-out SIM card based approach would greatly simplify the whole business. All radios would be identical,
all the system proprietary information would be on the SIM card. Since a SIM card programmer is a standard product, the rest
is just software.

And of course, this also would provide for the creation of SIM cards that are for radio test and alignment only. The technician doesn't even
need access to the customer's SIM card, as long as he has his test card.


Elroy

mr.syntrx wrote:Welcome to GSM and TETRA.

That's closer than you think. We were discussing this at work, in the context of designing APCO-25 test software. One of my fellow engineers used to work at Motorola before he came to Aeroflex, and worked on a great deal of the back-end of the APCO-25 gear. We were discussing the process of a radio registering/affiliating/requesting a call, and how the system tracks that across multiple sites. Another engineer commented upon how this sounded much like cellular (GSM/AMPS/et. al.), to which the ex-Moto engineer said "Wrong - cellular is much like trunking: we had those features long before the cellular guys were around, and they took the ideas from us!"

For many years I've been saying "Cellular is just another type of trunked radio - it's just less functional so that it can be sold to the masses."

And considering how cell companies are adding PTT, state messages, paging, and so on... cellular is looking MORE like PMR every day.

The next generation radios will also have a voice announce feature to give an auditory indication of the mode the radio is operating in. Not just channel,
zone, and other information like the current channel announce feature on XTS5000s, but one that adds messages like:


"Receiving i-call."
"Receiving page."
"Receiving alert."
"Sending I-call."
"Sending page."
"Out of range"
"System in failsoft."
"Emergency activation."


Most any system level function that requires the radio user to be aware of the change in status or that requires him to take action
could use this feature. Or any other function you chose.

There might be times when voices would be preferrable to a sometimes cryptic series of beeps and tones.


Elroy