Batboard

Hey guys I have a very unique situation, but some of you might be in the same boat as I am. It involves the use of advanced system keys and who has the control over a radio. There are several scenarios that I can think of where I think ASK are great, and some where they are horrible, like mine. Just to give a little disclaimer here what I am discussing does not involve un-athorized use of anything or 123ABC radios. I have, for several years had an interest in radios but only in the last 8 months have I been given the opportunity to manage a fleet to Astro 25 radios both VHF conventional and type II P25 trunked. In that time frame I have been viciously reading everything their is to read about how Motorola's XTS series radios work (and picking at a few members brains ). Currently our county radios system is VHF conventional so no problem there. The problem is with the state wide 800 Type II hybrid trunked system that our department uses for administrative communications. With the release of the APX family radios which require a ASK, I think it would be naive to think ASK will not be shoved down our throats in the near future. Especially with the plan to upgrade this system to Astro 25 in the next 2 years. Well this would be fine if my department or county owned the astro 25 system. They control their system and they control their radios. Well what about when a private company owns the trunked system and a local volunteer fire department owns the radios? Please correct me if I am wrong but from what I have been reading as soon as you program a radio with a ASK that "master key" holder can do what ever they want with that radio. Say our county decides to purchased there own trunked system and we no longer want our radios on the private companies system. We currently pay a subscription fee on a per radio basis, and if that company is "loosing" business what keeps them from essentially keeping these radios locked down. Now I know that probably would not happen but they don't need that kind of control if their is not someway for the original owner to flash the radios back to a non-ASKed state. Obviously I will never program my current astro fleet with an ASK but what happens when FEMA decides to buy us a few APXs? What do you guys think?
David

Another similar question:
What if you are a self-maintained user, but you also have several other nearby systems in your radio that get programmed by the various departments' radio shops? If one radio shop uses an ASK that totally locks the radio down unless you have their ASK, then what?

Well, the admin of the system has the full control.

They have the ability to:

1) Write Protect the radio so that no data (even conventional) can be written to the radio.
2) Issue you a daughter key with an "allowed id range" and proper permissions.

ASK pretty much will let you restrict or allow anything to the radio. This causes all sorts of issues when it comes to mutual radio programming, disaster response programming, and a whole host of scenarios that make people love the old "key file" way of doing it. Admins want everyday security on their system and this is Motorola's answer (although I've heard through the grape vine that even they think it "sucks").

My suggestion would be to approach the managing body of the system and come up with some sort of MOU with respect to radio programming or how to handle this issue. They should be aware that they can issue a daughter button with a restricted ID range which would allow you to do what they allow on the system and program the conventional side without a problem. Having an agreement in place puts an individual in charge of programming the system and someone who they can go - hey listen, this happened, it's in your ID range, explain yourself.

I know one agency local to me who owns a statewide system is returning radios programmed - but write blocked to agency's who now can't program the radios with other channels.

This is always going to be an issue but it's a matter of figuring out what the middle ground is.

Motorola is STILL trying to convince the folks who run this system that ASK is the way to go - and only a few are buying in to it while the majority may get forced into it or buy subscriber units from another vendor.

-Alex

Well, all current CPS supports the ability to configure and use ASKs that have the write protect feature turned off. So, to begin with, I would make sure that you codify in writing that anyone programming your radios will use ASKs without that feature turned on. As long as they don't write protect the radio, you should always be able to change conventional systems, and remove trunking information from the radio (but not change it, of course, unless you yourself have the appropriate system key). If they're not willing to do that, then don't use their system.

Worse comes to worst, if you're the legitimate original owner of the radio you should be able to ship the radio to the factory and have it wiped of all ASK write protect info. What that would cost you or how exactly you'd go about it, I don't know.

One of the biggest falsehoods about the security provided by the ASK system is that it does nothing to prevent a character with a little bit of knowledge from buying a properly flashed radio off of the internet, obtaining the software, creating a system key file (like that's hard to do) and then building a working template with information from internet sources & programming it into a radio with a cloned ID. All it really does is prevent someone from making unauthorized changes to a legit radio.

I really don't see what the big advantage of using an advanced system key. Most folks that work for our agency don't want to monitor our own talkgroups, much less anyone elses. Seems like it causes more heartburn than it prevents.

Our TRS provider applied the ASK to all our radios (without prior notification) during the reband project and then would not release an ASK to our radio shop until significant policial pressure was applied. Even still, if our agency went somewhere for mutual aid and needed to have changes made during that deployment, those radios that were involved in the reband project would not be able to be reprogrammed without that key - no changes trunked or conventional. As we are retiring our radios, the replacements are not being programmed with the ASK. There are some hard feelings about this on both sides...

option 2 is to have Motorola provide you with an ASK (either master or daughter) for system 001 since there are no systems deployed with 001 and that is the default system number in the radios.

ai4ui wrote:One of the biggest falsehoods about the security provided by the ASK system is that it does nothing to prevent a character with a little bit of knowledge from buying a properly flashed radio off of the internet, obtaining the software, creating a system key file (like that's hard to do) and then building a working template with information from internet sources & programming it into a radio with a cloned ID. All it really does is prevent someone from making unauthorized changes to a legit radio.

I really don't see what the big advantage of using an advanced system key. Most folks that work for our agency don't want to monitor our own talkgroups, much less anyone elses. Seems like it causes more heartburn than it prevents.

Our TRS provider applied the ASK to all our radios (without prior notification) during the reband project and then would not release an ASK to our radio shop until significant policial pressure was applied. Even still, if our agency went somewhere for mutual aid and needed to have changes made during that deployment, those radios that were involved in the reband project would not be able to be reprogrammed without that key - no changes trunked or conventional. As we are retiring our radios, the replacements are not being programmed with the ASK. There are some hard feelings about this on both sides...

I believe the "CHARACTER" would have to have a Master System Key from M to access the TRS.

Not at all. A person who is familiar with the structure of a trunking template can take a trunking capable radio and create a template for a system from scratch using information that is all over the internet. Need a system key file, batlabs.com will tell you how to make one. Need a system id, control channels, connect tone, and talkgroup id's - see radioreference.com. What a ASKed radio won't let you do is read it and then clone that template back into another radio without the key. Even the depot syskeygen program is out in the wild somewhere and it will make a key file for even an APCO25 system.

If you didn't know beans about a trunking template but were familiar with programming and had access to a legit radio, CPS, etc. you could always just read the ASKed radio in one pane of CPS and the rouge radio in another and drag-n-drop or just look and type. The ASK does nothing to prevent this.

It's not completely worthless. It does keep people from getting someone to put talkgroups they are not authorized to have in their radios and it keeps people from making changes to their radios making them inconsistent with other radios in the same fleet. You could pretty much do the same thing by passwording the codeplug - put that can be defeated too.

What would stop someone from getting a non-ASKed trunked radio from Ebay that was Smartnet ready and just plugging in the talkgroup IDs from the internet?

Sooomoney wrote:What would stop someone from getting a non-ASKed trunked radio from Ebay that was Smartnet ready and just plugging in the talkgroup IDs from the internet?

Absolutely nothing. If they know how to build the template, the information (all of it) is freely available on the net.

My whole gripe with the ASK is that it doesn't do anything to prevent this, but it does create another hoop to jump through when trying to make authorized changes to a radio. In our case we have a mix of ASK'ed & non-ASK'ed so we really have to keep an eye on which is which so we don't create more ASK'ed radios, or try and work with a radio that is ASK'ed, but don't have the key (the only one we have issued to us) with us. Not to mention, in the help files it tells you not to have the ASK & the software key of the same system loaded into the CPS at the same time because there will be a conflict. Again, extra steps, another hoop.

Nothing I think or say about this will change anything, probably should just shut up about it...

Sooomoney wrote:What would stop someone from getting a non-ASKed trunked radio from Ebay that was Smartnet ready and just plugging in the talkgroup IDs from the internet?

Nothing at all. However, you'd still have to have a software system key in order to program the radio. Developing and deploying the ASK architecture is a step in the right direction, but it won't be 100% effective at preventing unauthorized programming (without hacking) until all current CPS products require an ASK and will not accept software system keys anymore. The APX CPS is already like this, but there's enough legacy (MTSX, Astro, Astro25) stuff floating around out there that it will be some time before the ASK monoculture is the only option.

Just to make sure I understand what you're saying: if I buy APX7000s for my department, I won't have to worry about people talking on our TRS unless they have an ASK? Does that mean even if they were to start a template from scratch? They would have to hack one of our radios or have access to ASKs?! Thanks.

Sooomoney wrote:Just to make sure I understand what you're saying: if I buy APX7000s for my department, I won't have to worry about people talking on our TRS unless they have an ASK? Does that mean even if they were to start a template from scratch? They would have to hack one of our radios or have access to ASKs?! Thanks.

An important point to make (if not remake). The ASK does *NOTHING* on the system side to prevent a subscriber from affiliating and pressing the PTT. The System does not know how the radio is programmed, only that the radio is programmed, has a valid ID, and just asked for a channel grant/sign on/sign off what have you.

The only thing that a system key (be it ASK or Software) does is unlock the software so that you can enter in the information. Bypass the ASK,Software key, or the software entirely and the radio or the system does not know the difference.

All of the information about your system(s) can be gleamed over the air using a scanner with a 30 minute modification and some software. You do not even need sites like Radio Reference to help you get this information. They just make it easier to get what is already out there and freely available to anyone with some basic knowledge. This has been the case for years.

-Alex

Sooomoney wrote:Just to make sure I understand what you're saying: if I buy APX7000s for my department, I won't have to worry about people talking on our TRS unless they have an ASK? Does that mean even if they were to start a template from scratch? They would have to hack one of our radios or have access to ASKs?! Thanks.

ASK protects the subscribers, not the system. This is the case with all ASK capable products. If you have a system that a non-ASK subscriber will work on (read: anything other than P25x2 TDMA), then you are still vulnerable. You still need to do regular audits with Genwatch or a comparable product. If you want full control over your system, then it will have to wait until subscriber authentication comes around.

Thank you that makes sense now.

Sooomoney wrote:Thank you that makes sense now.

I need help with my problem. We purchased several APX mobiles and handhelds, dual band UHF, 800. We are on two different trunking systems, A UHF Type II and a 800 P25 and several UHF conventional systems. The 800P25 system was programmed first and we are not able to program the other system into the radio because the radio is write protected due to an ASK. The admin of the 800 system will not allow us to get a slave key, stating that it is their policy not to allow programming of the radio once it's on their system. They state that they will program the other systems and conventional channels for a fee and another fee every time we need something changed. That would be fine, but they can't program their own system radios right so I don't. Thanks in advance.

You must have an advanced system key. You have to use advanced system keys with the APX, software keys no longer work. If that system admins policy is to only program the radios themselves, then I guess your stuck.

Well whats going to happen if the sys admin of the vhf trunk has the same policy?

Get them together and I'm sure they can work it out. They cannot alter each others systems, so it should not be an issue. They probably don't realize how secure the ASK is.

First off, and this is pure, unadulterated sleepy-me opinion, but the people masquerating as traineed monkey-techs who programmed your APX with a write-protect enabled system key are morons. Since the APX CPS won't use anything but an ASK, the chances of you being able to modify their trunking info is about 0.

Now, having said that, also in my opinion you have a couple options. If they refuse to at least un-write protect the radio (or are unable to do so), get your department or agency brass involved. Kick it all the way upstairs and say (truthfully) that these brand new mega-bucks radios are essentially useless because of what the P25 system bozos did to 'em. If your dept/agency is part of a municipality, get the lawyers involved. There's really no excuse for them to have done that (or to have that policy for that matter) other than they be power trippin. Have the powers that be hammer out a MOU that says "thy shall not write protect our radios". I'm assuming that they're programmed with multiple systems for mutual aid - if they're useless for that purpose, questions from on high are going to start getting asked. Amazing what can happen when you get the Chief involved...

Get your Motorola rep (if you have one) involved too. This might help grease the skids if you need to have 'em sent back to the depot to have them un-ASK'd.

To answer the most recent post more directly, well, that's gonna be a funny turf war...

This situation is retarded! They have completely locked you out of making any changes to your radios without their ASK that they won't give you. Oh yeah, and just how are they supposed to program the UHF Type II system? Is it theirs, are they authorized to program it, or do they have a clandestine key for it?

What happens if you get deployed to The City of Somewhere Else and need to have a local system put into your radios for that particular incident? Are you supposed to swing by their radio shop at 3 AM (while it's closed, because these calls always come in the middle of the night) and have their techs SWAG at what might be needed where you are going?

All they should have done is write protect their portion of the codeplug and left the other parts alone. I would talk softly, and then progressively louder until someone listens. Apply private pressure, political pressure, public pressure, and maybe even pressure to their privates if need be, but never surrender because they have ruined your investment in what appears to be a real nice radio.

Send the radios back to THAT agency, have them REMOVE their system, program in whatever you need, then send the radio back to be programmed by them. If not, make noises about no interoperability, get the Chiefs involved. Sounds more like a power trip by the radio shop, and someone that doesn't know what their doing when it comes to programming radios.