Where to Enter Ras Key in Motorola Cps

• #1

I figured I would spin-off what has been posted about RAS in the "Understanding Capacity Plus" thread into its own thread where we fanny continue discussion. I don't have a lot to bestow heretofore since I don't think I've come crossways any RAS enabled systems, but I've been really interested in RAS as well - particularly in its ramifications to using DMRDecode and DSD. Like Forts, I suspected it was similar to EDACS ESK.

The applicable posts from the "Understanding Capacity Plus" wind are below:

TampaTyron said:

I frame-up the duplicate equipment for another consequence previously, when I worked at this specific radio browse. I have noninheritable one of their portables and read it besides. No privacy, but has RAS enabled. RAS is a weird animal because DMR decode displays the proper system details, but the headers or packets must be divers because half a dozen TRBO radios cant decode IT. Can't wait until someone figures out how to figure information technology dead ......TT

IanWraith said:

Hi All

Another board member who I believe wants to remain anonymous fresh sent me some logs from a few RAS 'fortified' systems. The common element in both of them was this PDU ..

11:28:17 DMR Data Frame
CACH : TACT Ch 1 First fragment of LC
Slot Type : Colour Code 3 Terminator with LC
Unknown Full Link Control LC : FLCO=36 + FID=16 00000000000000000000001110100101000000000000011100 101011

My guess is that RAS is a simple system of rules. The base sends a hashed (au fon a type of encryption) value of the Reticular activating system password every so often. The Moto radios compare this with a hash they receive created of the RAS countersign they have been disposed and if they are different they won't do anything. That will Be programmed into the microcode of the Moto sets and unless you phantasy rewriting the firmware (which leave probably be stored in an encrypted take form inside the radio) at that place isn't much you can do I'm frightened. One reason I would keep away from high-ticket patented hardware and bond open informant software.

Regards

Ian

Forts said:

I suppose if one could lick the hash past you might be able to determine the RAS password from that. Which of course of action opens improving some other fire of worms. Is RAS considered encryption, devising IT a no-no to mess with, operating theater is it more on the lines of EDACS ESK which was put-upon to 'cypher' the command canalize?

kmoe said:

RAS is akin to a system ID (care on Privacy Plus and Smartnet trunked systems) and is non corresponding encryption in any way. The TRBO "control channel" information can standing be decoded with DMR decrypt.

Forts said:

I suppose information technology coule be viewed like a system I.D., but I agree information technology's not encryption. Just.. it is obviously a method to restrain self-appointed users out, and so it is a security department feature as considerably. If anyone has any hopes of determining how it works you would really need a log from a system with a known key.

TampaTyron said:

On the LCP scheme that I am monitoring, I get the following:
CSBKO=59 + FID=16 11100111000110110001001000100010010000110000000000 00000000000000
and
CSBKO=59 + FID=16 11000111000110110001001000100010010000110000000000 00000000000000
as a pair every 15 seconds. Then both repeat severally every 10-15 seconds. TT

IanWraith aforementioned:

Hi All

My apologies for the rushed post sooner I had meant to enunciat that the CSBKO=59 PDUs as seen away TampaTyron possibly contain a hashed (or encrypted) version of the RAS key.

As I said in front I think that mobiles on a RAS system of rules listen prohibited for this PDU. They compare a hashed version of the RAS key they have been sent to the contents of the CSBKO=59. If they match then they proceed arsenic normal.

Regards

Ian

TampaTyron said:

Per Mototrbo CPS , Reticular activating system Gem State is 6-24 unicode characters including 0-9, A-Z, a-z, hyphen, underscore, dollar, and pound sign on. Ephemeris tim

I consider that's everything. Hopefully we can continue discussing RAS in this thread!

• #2

Just to add, I but learned about RAS a couple of months ago in this thread (about a Capacity Plus system installed at the Squaw Valley Ski Resort near Lake Tahoe in California):
http://forums.radioreference.com/calcium...53-trying-listen-ski-police-squaw-valley.html

The following posts are relevant:

com501 said:

Good luck. Trbo requires a Motorola MotoTrbo radio programmed happening their scheme with the correct trunking info. Squaw is running syswatch so if your ID doesn't match an authorized radio on the arrangement, bye-bye bye. IT's also going to have RAS before the ski season starts, which will pretty much engage everything unfashionable. PS - syswatch will drink dow Some radios if a duplicate ID pops dormy simultaneously with another radio when they register on the arrangement.

You could just join the ski patrol....

com501 aforesaid:

Squaw Valley is jetting Enhanced Encryption with RAS. They purchased RAS at the start of the year for their system. Encryption will prevent DSD and DMRDecode. RAS wish completely overreach even a properly programmed two way tuner, unless you suffer the correct and matching RAS key and a valid ID.

Really, you should just become an authorized user.

Exsmokey said:

It would be gripping to hear why a ski surface area would need to encrypt their communication theory. I've lived close to a wide one for 25 eld and have monitored their radio system for all of that. I haven't heard anything that would need to remain confidential.

com501 said:

Because its free. And because it keeps people from listening and protects their business operations.

Oh, and because they can.

Every energy system I install, I code if it has the capability.

I distrust com501 was concerned with the install, given his knowledge of the details. But I conceive he is wrong about motoTRBO Enhanced Encryption being able to block DMRDecode. Yes it encrypts the voice traffic, but not the DMR data packets. I was originally concerned RAS could be a way to encrypt the information also (similar to how TETRA and Opensky systems encrypt their control channels), just that's clearly not the case supported what we've seen so far.

Last edited: Nov 30, 2013

• #4

Ooh, TRBO enhanced encoding - 40 snatch (a la ADP) - yeah, that's promised...

Hehe!

• #12

Consumption a mototrbo radio receiver and input the tx freq in the rx freq, then you monitor in input channel. As you are getting the data before IT hits the repeater. Colour codes and groups etc are still required

As the two posts above yours have mentioned, information technology's almost a foregone conclusion that it will non oeuvre.

Where to Enter Ras Key in Motorola Cps

Source: http://forums.radioreference.com/threads/mototrbo-restricted-access-to-system-ras.279062/

Share this post