Batboard

I HAVE A MOTOROLA MAXTRAC TYPE 1 TRUNKED RADIO AND I CANT PROGRAM THE RADIO WITH OUT
THE SYSTEM KEY. I HAVE NO WAY TO CONTACT THE PERSON WHO HAD THE RADIO BEFOUR ME.
IS THERE ANY WAY I CAN FIND OUT WHAT THE SYSTEM KEY IS SO I CAN PROGRAM THE RADIO. THE RADIO HAS 2 SYSTEM AND 2 SUBFLEET. THE MODEL NUMBER READS, D35MQA5GB5BK HUF1069.




<font size=-1>[ This Message was edited by: Mercenary on 2001-12-27 04:50 ]</font>

<font size=-1>[ This Message was edited by: Mercenary on 2001-12-27 04:57 ]</font>

read the radio with the maxtrac rss and in the system options it will show you the system key number.

I thought you were able to delete systems without the use of the system key...? I can't remember.

You can delete trunked personalities without a system key, but you must leave at least one trunked personality in the Maxtrac, even with a system key. It won't let you delete the last one no matter what.
Mercenary, I believe you press "f4", "f6" from the main menu to view the personality, the system ID should be in plain view on the left hand side of the screen.

Todd

Unfortunately the maxtrac trunk program will only display the last two digits of the system ID when reading the radio. The only way to know is if you have a newer radio to read or can find out what the System ID is from someone. If you can get the System ID, I know where you can get a system key.

heres some interesting info for you, i read a while ago that trunked motorola radios dont care about the first 2 digits of the system key, in otherwords, if there is a system in your area of AA3B, any system key ending in 3B will be able to program for that system, a key of 183B,053B,A33B..etc etc. so in reality there are not thousands of different system keys, only about 40-80. the highest number you will see is 3F the 3rd digit doesnt go above 3. and the last digit only goes up to F. i thought that was very interesting when i read that.

On 2001-12-27 12:37, wazzzzzzzzup wrote:
heres some interesting info for you, i read a while ago that trunked motorola radios dont care about the first 2 digits of the system key, in otherwords, if there is a system in your area of AA3B, any system key ending in 3B will be able to program for that system, a key of 183B,053B,A33B..etc etc. so in reality there are not thousands of different system keys, only about 40-80. the highest number you will see is 3F the 3rd digit doesnt go above 3. and the last digit only goes up to F. i thought that was very interesting when i read that.

I believe that's the case for Maxtracs & older portables like the MTX800, but I've never actually tried it on newer style radios. I'm gonna try that very soon...

I believe that you are both partially right.
If you look at a sys key file name it is 6 characters long eg.. 003d74 If you look at what the radio displays in rss it is
the last 4 eg. 3d74 That is where the statement is coming from that the first 2 chatacters dont do any thing. I have never been able to prog a radio with less that the last 4 with even "special software".

A couple of years ago, I reverse engineered a few system keys out of sheer desperation to get a visarPP to listen to the state trunk (0D14) here in Mass. I found that only the last 8 or so charachters in the system key modify the displayed sysID in the rss. I didn't explore the earlier bits, I just got it to work. There is a difference, however in what a mtx800 and a jedi view as a valid syskey. I've never been able to get a genesis series to recognize the keys I'd generated, but my MTS2000 and MTX8000 recognized them without a problem along with the Visar. Maybe there was some kind of checksum valiation in the mtx810 software, I didn't bother exploring much further. Interestingly, the hex changes are inverse to the displayed syskey values. Hope this amuses/informs/helps. Thanks, Will

<font size=-1>[ This Message was edited by: willbartlett on 2001-12-27 16:36 ]</font>

thank you for all the replys, i'll try to get the radio programed.

Further information on system keys: The option that makes the software ignore the first two digits of the system key is the field called 'system aliasing' in the RSS. Enable that, and any key having the right values in the last two digits will work.

System keys are between 31 and 33 bytes long and have a filename format that is exactly like this: sys01234.key where 01234 is always a 0 followed by the four digit identifier.

Will Bartlett, please forward the key hack(s) you've discovered to Batwing, if you are inclined to do so. That is VERY good information to have and is much appreciated by all. But it needs to go into Bat's archives.

Interestingly, system keys themselves are NOT copyrighted, being codeplug fragments. Once you have them, you can do whatever the heck you want with them in terms of things like hacking them, copying them, and modifying them. Note that they do NOT carry any copyright info.

Getting a key is more difficult. In short, unless you know somebody who is authorized to have the key, there is no way to get one legally. The software that generates these keys is known to have escaped and is at large in the radio hacker's world, but I would consider this to be the single piece of software by Motorola that I would LEAST want to be caught with. M might not bother to call the police, they might just bury you alive and pour a concrete slab over your grave, if they caught you with that one.

If you did have it, it would be best kept on an unmarked floppy stored over a magnetic bulk eraser with a suicide switch.

Elroy

Elroy,

I think it would be prudent to refrain from making absolute statements such as: "the system key is NOT copyrighted". I am not a lawyer, but before I made any such statement I would check with one. Certainly copyright law allows an artist such as a photographer to produce a "work" which does not contain a copyright notice within the item itself and yet still be protected by law.

In the specific case of the Motorola system key, the distribution disk that Motorola provides to the customer (trunked system owner) is clearly labeled as follows: "PROGRAMMING ACCESS KEY SOFTWARE" "Copyright(c) 199X MOTOROLA, INC." "ALL RIGHTS RESERVED" "SYS:XXXX"

Furthermore, the media itself is marked :"PROPERTY OF MOTOROLA , INC"

These facts indicate that Motorola has identified the system key as 'software' and that they are serious about protecting their intellectual property rights.

I agree that THAT PARTICULAR DISC and its contents may be as you say but this situation has been in court already and the actual 31 to 33 character long string of random values is just that. on an unmarked
unlabeled and unidentified storage media it is just that. a string of random values.
The fact that it happens to be the same as
a string of values that someone uses for some other purpose involving radios in some form is , well, coincidental. Now I would
NOT want to be the one found with a labeled
identifiable disc that came from // or even less a way to generate it that used
an algorithm exactly like they use, but if in playing with a radio I discovered a way to make it hear something I wanted by trying a bunch of numbers than that is mine and I can do with it as I wish within the fcc guidelines of non divulgence of info obtained
etc, etc, etc, ad nausem. my $0.014372 worth. Phrawg

The "jailhouse lawyers" in this group are
absolutely amazing ! You would all be wise
to take "xmo"s advice. Unless you are a JD,
and specialize in copyright/IP law. No one
here is qualified to be mouthing off legal
opinions.

Please cite case law/precedent regarding the
court decision that was mentioned. If it was
so cut and dry, then why doesn't someone here
go ahead and post a system key - don't forget
to include your real identity with it.

Any of you jailhouse lawyers care to step
up to the plate ?

To address tinkering with software, hardware,
what have you - on your own. Another term for
that might be called "reverse engineering"...

Which the copyright specifically prohibits!

Okay, so someone gives you a copy of this
string of bits. What then ? Ever hear of
posession of stolen property ? (in this case
Intellectual Property).

Play jailhouse lawyer at your own risk. Odds
of prevailing as a defendant against Moto's
legal dept., are slim to none. They own the
rights to their intellectual property. Pure
and simple.

If someone cares to counter this, then the
acid test is what I mentioned earlier - put
your money (and butt) where your mouth is.
POST a public safety system key here - and
include your real identity with it.

Otherwise, 'xmo' is totally on target. Tread
cautiously, you are all dealing with stolen
property. As it's seriously doubtful that the
system owners would be providing syskeys to
anyone who has to ask about them.

Personally I think it's foolish to be giving
out any intel regarding the topic. As the few
people who have a documented "need to know"
already have access to it. The people who
don't, (ie. the original poster), have no
legit reason to have the key. On the other
hand, if you've been in the 'circle's long
enough, you're "known" (and trusted), so I
think that prevents any possible loose
cannons from becoming a factor.

Discussing the topic here circumvents all
those built in checks and balances among the
few who are responsible enough to stay low &
not do any thing stupid.

ok put YOUR BUTT where from YOU speak and
plain and simple SHUT UP ! Look who is playing jailhouse lawyer. WE have all so noted that we are simply expressing opinions.
You have a delete key also if you do not wish to read our posts and as for identifying
yourself look at your profile compared to
a lot of ours. If you have a problem with something someone says then the best thing to do is ignore it and let it go away.
Dont jump our case for being jailhouse lawyers then dive right into the arena
yourself. Go read your post then think about it a bit.

On 2001-12-28 12:58, phrawg wrote:
ok put YOUR BUTT where from YOU speak and
plain and simple SHUT UP ! Look who is playing jailhouse lawyer. WE have all so noted that we are simply expressing opinions.
You have a delete key also if you do not wish to read our posts and as for identifying
yourself look at your profile compared to
a lot of ours. If you have a problem with something someone says then the best thing to do is ignore it and let it go away.
Dont jump our case for being jailhouse lawyers then dive right into the arena
yourself. Go read your post then think about it a bit.

My aren't we sensitive ? What is it, that
time of month for you ? Anyway - what are
you talking about - "opinions" ? hardly -
you and other jailhouse lawyers are making
all kinds of statements regarding matters of
law, as if they were defacto truths.

This is misleading to newbies and could get
them in serious hot water. I'm not dispensing
legal opinions. Reverse engineering is pretty
straightforward, (and in fact someone here
even admits they've done it). So that is not
a legal opinion, it is a fact. Quite a big
difference between that - and - your outright
absurd assertions of a defense you may mount
to counter any lawsuit brought against you by
the IP owner (Motherola). Posession of stolen
property is a factual matter, not a matter of
opinion.

If you're so confident you'll prevail with
your dubious position, again - step up to
the plate, and prove us (who counsel caution
and respect for others property) - go ahead,
prove us wrong. Prove to us that hacking a
system key won't get someone in trouble, we
want you to lead us and set us free!

Some of us are not eager to be a legal test
case, because we don't want to participate
in setting precedent (or for that matter,
poison any business relationships).

So in short, follow your own advice, if you
don't like what others have to say - "SHUT
UP!" comprende amigo ? If you are a man of
your word, you'll do just that.

<font size=-1>[ This Message was edited by: Salem The Cat on 2001-12-28 17:39 ]</font>

not worth a reply

Keep it civil, guys, or I'll have to use my moderator functions, which I definitely don't like to do, but I will if it's warranted. Bat didn't just arbitrarily hand me that key, and he expects me to use when and if it's necessary.

Fact is, if you had this 31 to 33 byte long string of data, and it could not be shown to carry its own internal copyright notice OR be PROVEN to be a bit-for-bit clipping out of a copyrighted piece of software, then no copyright exists in the legal definition. This comes directly from a lawyer friend of mine who has worked with a copyright law specialist.

The DMCA and other copyright laws as applied to computer software pretty much made it an absolute necessity to place your copyrights somewhere in EACH individual file that is to be protected under copyright. In the case of data that functions as an access key, the copyright is usually applied in the header or footer. System keys have no readable copyright, not in the header, not in the footer, and nowhere in between. No jury in the world would convict you.

Of course, we're talking about something that nobody but authorized people can get, anyway, so it's all a moot point anyway, right?

Elroy

Re: ignoring system id digits

Time for a history lesson kids...

The original Motorola trunked systems (Which were Type I only on 800MHz) identified over the control channel with only part of the system id. The only part used was the two rightmost digits. The value was put into the range $1FC0 to $1FFF to identify the system (Some trunker users will recognize that range). That also put constraints on system id generation by Motorola. If you'll notice most system ids issued have the second digit from the right never exceeding 0x3 (because of that range).

With the Maxtrac and older doorstops when the system key was read in by RSS it displayed the two right-most digits and only concerned itself with them since it is under the impression they will be the only part sent out over the control channel. So a type I Maxtrac would work on a system id of F02F, 572F, or 102F as though they were all the same system. With the Type II and SmartNet models I'm unsure. Regardless you can still use a Type I Maxtrac on a Type II system if you use a certain sizecode (Though only to receive unless the system uses message trunking where you could grab the conversation tail). I don't recall which sizecode but it's the one which uses 16 radio ids per. You would use a radio id of 0 and calculate out a fleet/subfleet that equated to the raw hex for the talk group (ie., 3050, 1E10). I have a program that does this on my website under the downloads area called H2F. With the MTSX radios you can probably cheat and enable system aliasing though I have no idea if it will work. If it could you could use a radio on a system with a partially wrong system id.

Anyway, back to topic, 800MHz systems still send out the 1Fxx for backwards compatibility and therefore make the range invalid for assigning talk groups and radio ids (Anyone managing SAC databases will know what I'm talking about). Basically, you should never see a radio id between the above range nor a talk group between 1FC-1FF. Though any freq band outside allows it (Some older controllers may not allow it). With the decreasing size of system ids Motorola will now issue a system id with the second digit from the right higher than 0x3 but it will only be for a system outside of the 800MHz band. A recently installed system local to me has a sysid of 8420 on UHF. This is the first I have seen but I doubt the last.

In regards to Phrawg's post, please do not get upset & flame me, as i'm only stating my "opinion" here as well.
Your argument would not hold up in court, as ANY computer program, if broken down into machine code, would appear to be a random string of 1's & 0's. This does not appear to hinder people & companies from copyrighting their works.
I think the kicker would be that, in all likely-hood, not only would you be caught with a random string of 31-33 bytes of data on a disk, you would also be caught with another software program which can use this seemingly random string of data to perform a certain function. This would likely be put forward as "probable cause","guilt by association", or comparable legal jargon for the courts.
If my defense for possessing this string of data centered on the fact that "someone on some website named Elroy Jetson, or Phrawg, told me it was OK", then I'm sure I would have an uphill battle on my hands, right or wrong.
Bottom line, Motorola can afford the best lawyers, most other people can't - you lose.
Prudence would appear to be the equivalent of common sense in this case, don't make a blanket statement like this unless you're willing to go to court for it.
Speaking of that I'd love to see the transcripts for the case in question...anyone have any further info??

Todd

I think this whole issue of system keys will go away soon anyway. Let's just say you are a big company making public safety radio systems. You see all the passing around of system keys, radios sold on ebay, hacks to monitor systems without the system administrator's permission. How do you react??

You start by changing the RSS so it won't re-enable a disabled radio (already a fact). Next you look at inexpensive software encryption (Coming soon). Then you look for more ideas to protect vital public safety systems. Now let's take this to the next level:

System keys - no copyright? - OK we'll fix that - make it bigger - put in a copyright to make Elroy happy - then we'll encrypt the key. Oh, hey - now that we have 32 bit processors and 8 MB memory in radios what else can we do? Let's put that key in the radio! While we're at it why not tweedle the OSW format and send the key over the air? Now unless the radio has the right key - no workie! Bye-bye trunk trackers! Say - we can even send out new encrypted keys whenever we feel like it with OTAR!

Oh, but what about unauthorized users programming their own radios?? Well, let's see - how about we come up with a hardware key for the programming software? Not just a dongle like an FTR key - maybe a card & a reader. Now you have to sign the license agreement (and be authorized by the system administrator) to get a card with keys to operate the programming software as well as to get the system key file. Sell the programming software? Heck - give it away! What do we care? It's worthless without the hardware key!

Now just because you have a card that lets you run the program software for customer X, you still won't be able to program radios on system Y. Not only that, since the radio has the key as well - you won't even be able to READ the radio without the right key!

You might say - hey xmo - don't give anybody ideas! Let's just say these aren't MY ideas.

Now we will hear from all those who say - Freedom of Information Act violation! Won't hold up in court! Yeah, right. Remember September, 11???