lecture: Reversing P25 Radio Scanners
With the ongoing conversion of radio systems from traditional to digital P25 around the world the race is on to find out how to monitor, listen and abuse this technology. Some projects such as OP25 from Osmocom made very good progress enabling users to tune in and listen to them using software defined radios. However, many of the P25 features such as trunking remains to be understood and implemented. Many radio scanners made by Uniden or Grecom licensed the technologies behind P25 some years ago and produced convincing implementation. Up until now their secrets stayed protected under firmware encryption and, probably unwillingly, obscure cpu's.
This talk is a story about the process of reversing such a radio, it covers:
- Hardware analysis
- Firmware file analysis
- Format definition
- Firmware updater reversing
- Firmware encryption bypass (in a clever and utterly lazy way)
- Firmware Flash protocol definition
- Scanner code analysis
- Running custom code (yes, it works)
Info
Day:
2013-06-21
Start time:
15:00
Duration:
00:30
Track:
Main
Files
| Slides |
Speakers
 |
Gabriel Tremblay |