trunking

3 Articles

Pi 5 And SDR Team Up For A Digital Scanner You Can Actually Afford

February 10, 2024 by 27 Comments

Listening to police and fire calls used to be a pretty simple proposition: buy a scanner, punch in some frequencies — or if you’re old enough, buy the right crystals — and you’re off to the races. It was a pretty cheap and easy hobby, all things considered. But progress marches on, and with it came things like trunking radio and digital modulation, requiring ever more sophisticated scanners, often commanding eye-watering prices.

Having had enough of that, [Top DNG] decided to roll his own digital trunking scanner on the cheap. The first video below is a brief intro to the receiver based on the combination of an RTL-SDR dongle and a Raspberry Pi 5. The Pi is set up in headless mode and runs sdrtrunk, which monitors the control channels and frequency channels of trunking radio systems, as well as decoding the P25 digital modulation — as long as it’s not encrypted; don’t even get us started on that pet peeve. The receiver also sports a small HDMI touchscreen display, and everything can be powered over USB, so it should be pretty portable. The best part? Everything can be had for about $250, considerably cheaper than the $600 or so needed to get into a purpose-built digital trunking scanner — we’re looking at our Bearcat BCD996P2 right now and shedding a few tears.

The second video below has complete details and a walkthrough of a build, from start to finish. [Top DNG] notes that sdrtrunk runs the Pi pretty hard, so a heat sink and fan are a must. We’d probably go with an enclosure too, just to keep the SBC safe. A better antenna is a good idea, too, although it seems like [Top DNG] is in the thick of things in Los Angeles, where LAPD radio towers abound. The setup could probably support multiple SDR dongles, opening up a host of possibilities. It might even be nice to team this up with a Boondock Echo. We’ve had deep dives into trunking before if you want more details.

Continue reading “Pi 5 And SDR Team Up For A Digital Scanner You Can Actually Afford”

Serious Vulnerability In European Trunked Radio System

July 26, 2023 by 40 Comments

Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.

One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.

Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.

Thanks to [cfacer] and [ToniSoft] who sent these tips!

Photo via Wikimedia Commons.

Triple Threat RTL-SDR System Reads Trunked Radio

March 7, 2016 by 20 Comments

In the old days, if you wanted to listen to police, fire, or other two-way radio users, you didn’t need much more than a simple receiver. Today, you are more likely to need something a little more exotic thanks to the adoption of trunked radio systems. To pick up the control channels and all the threads of a talk group conversation, you might need a wide bandwidth receiver.

[Luke Berndt] found he needed 6 MHz to monitor the stations he wanted to hear. This is easily in the reach of dedicated software defined radios (SDR). However, [Luke] wanted to use cheap RTL-SDRs and their bandwidth is about 2 MHz. The obvious hacker solution? Use three of them!

If you haven’t looked at a trunked system before, it essentially allows a large number of users to share a relatively small number of channels. When someone wants to talk, they move to an unused channel just for that transmission. Suppose Alice asks Bob a question that happens to be on channel 12. Bob’s reply might be on channel 4. A follow up from Alice could be on channel 3.

In practice, this means that receiving the signal isn’t difficult to decode. It is just difficult to find (and follow as it jumps around). This is an excellent job for multiple SDRs and the approach even reduces the burden on the CPU, which doesn’t have to decode signals that aren’t essential to the conversation.

[Luke] includes source code and also notes how to change the serial numbers of the dongles since each has to be unique. We have seen so many great projects with the RTL-SDR that it is hard to choose our favorite. It is especially great knowing that the dongle was only meant to receive television, and all these projects are hacks in the best sense of the word.

Thanks [WA5RRior] for the tip.