Results 1 to 16 of 16

Thread: Thales 25 enabling AES

  1. #1
    Join Date
    Aug 31, 2015
    Posts
    414
    Thanks
    502
    Thanked 438 Times in 185 Posts
    Country: United States

    Default Thales 25 enabling AES

    Finally got my programming cable in and performed the updates on both radios, the one I am keeping and the one I listed for sale.
    Both radios I upgraded the features before updating to 8.3.3, one I updated step-by-step and the other (the one I am keeping) just jumped straight to 8.3.3 from 8.0
    Neither one shows AES as a feature but I do have P25 DES now. Did I miss a step or were these radios just not optioned for it from the factory?


  2. #2
    Join Date
    Jun 25, 2013
    Posts
    761
    Thanks
    382
    Thanked 173 Times in 116 Posts
    Country: Belarus

    Default

    Posted here feature enabler will not enable P25 AES. It can't do that at all.
    [I][FONT=times new roman][COLOR=#696969]Everyone who loves RadioReference get into the hell. [U]Especially those[/U] who also love PL-259 connectors.[/COLOR][/FONT][/I]

  3. #3
    Join Date
    Aug 31, 2015
    Posts
    414
    Thanks
    502
    Thanked 438 Times in 185 Posts
    Country: United States

    Default

    Quote Originally Posted by MotFAN View Post
    Posted here feature enabler will not enable P25 AES. It can't do that at all.
    Had a feeling - looked like it was one of those “either you have it or you don’t” type features.

    If I can find a Hirose adapter I’d grab my radio and bring it to a friend with a KVL4000 and try to shove an AES key into it. There’s talk that a radio previously without AES optioned will “inherit” the option if loaded with an AES key or OTAR pushed.

  4. #4
    Join Date
    May 30, 2012
    Posts
    32
    Thanks
    2
    Thanked 5 Times in 4 Posts

    Default

    I have a cloning cable on the way which I'm going to try and make a KVL cable with. I can squirt an AES key in it and let you know.

  5. The Following User Says Thank You to Vette86 For This Useful Post:

    Navy_BOFH (Jul 20, 2018)

  6. #5
    Join Date
    Jun 25, 2013
    Posts
    761
    Thanks
    382
    Thanked 173 Times in 116 Posts
    Country: Belarus

    Default

    Why not to load AES keys with PC programmer? Why all you need KVL for it?
    [I][FONT=times new roman][COLOR=#696969]Everyone who loves RadioReference get into the hell. [U]Especially those[/U] who also love PL-259 connectors.[/COLOR][/FONT][/I]

  7. #6
    Join Date
    Jun 25, 2013
    Posts
    761
    Thanks
    382
    Thanked 173 Times in 116 Posts
    Country: Belarus

    Default

    I show you where problem with P25 AES is. We just have outdated Enabler that can't do P25 AES. This is from what I found out (I can be wrong, but I just sharing my expirience). Here is picture that clearly shows it:

    T25-AES.png

    And P25 key load doesn't allow you to TX in P25 AES. Because option has missed. I tried on a few radios.

    There’s talk that a radio previously without AES optioned will “inherit” the option if loaded with an AES key or OTAR pushed.
    Of course I tried to load AES keys via software, but unfortunately P25 AES option doesn't appear. And radios with no such option still can't use P25 AES. Other radios with this feature factory enabled - can!
    [I][FONT=times new roman][COLOR=#696969]Everyone who loves RadioReference get into the hell. [U]Especially those[/U] who also love PL-259 connectors.[/COLOR][/FONT][/I]

  8. #7
    Join Date
    May 30, 2012
    Posts
    32
    Thanks
    2
    Thanked 5 Times in 4 Posts

    Default

    Interesting, what does the enabler text file do? How do you apply it to the radio? It's my understanding that the serial number and features for the radio is in this file.

  9. #8
    Join Date
    Jun 25, 2013
    Posts
    761
    Thanks
    382
    Thanked 173 Times in 116 Posts
    Country: Belarus

    Default

    Quote Originally Posted by Vette86 View Post
    Interesting, what does the enabler text file do? How do you apply it to the radio? It's my understanding that the serial number and features for the radio is in this file.
    Enabler (Upgrade.exe, turquoise arrow icon) doesn't have a text file. It's directly writes and reads radio. No local database is created, IIRC.

    EnablerNew.txt is part of firmware updater (Update.exe, yellow arrow icon). It's a database with S/N or it's checksum, you're right. But probably packed by some way. It's applied automatically when software gets S/N. I haven't found a way to manipulate with .txt file data. BTW, updater is also writes features, but only was read from radio at the procedure start. Features selection is grayed out.
    [I][FONT=times new roman][COLOR=#696969]Everyone who loves RadioReference get into the hell. [U]Especially those[/U] who also love PL-259 connectors.[/COLOR][/FONT][/I]

  10. #9
    Join Date
    Aug 31, 2015
    Posts
    414
    Thanks
    502
    Thanked 438 Times in 185 Posts
    Country: United States

    Default

    Looks like the updater is the answer I’ve been missing. I wonder if there is a newer version hiding out somewhere with the AES option packed away.

    I did get to stuff a DES key in with the software and confirm the radio transmits in P25 digital. I also picked a ham frequency and enabled the same DES key and transmitted into a dummy load and saw the correct results. So DES seems to work just fine. Shame AES hasn’t found its way though.

  11. #10
    Join Date
    Jun 25, 2013
    Posts
    761
    Thanks
    382
    Thanked 173 Times in 116 Posts
    Country: Belarus

    Default

    Quote Originally Posted by Navy_BOFH View Post
    I wonder if there is a newer version hiding out somewhere with the AES option packed away.
    Same here.
    [I][FONT=times new roman][COLOR=#696969]Everyone who loves RadioReference get into the hell. [U]Especially those[/U] who also love PL-259 connectors.[/COLOR][/FONT][/I]

  12. #11
    Join Date
    Jun 27, 2019
    Location
    Australia
    Posts
    30
    Thanks
    20
    Thanked 33 Times in 8 Posts
    Country: Australia

    Default

    Hi all,

    Can someone with working P25 AES and a programming cable please connect to their T25 via a terminal emulator (9600 8N1) and post the output of the '/ver' command?

    Feel free to omit the ESN, Factory Serial and Radio serial lines for your privacy. ;-).

    Here is the sample output from my radio:

    Boot : P6725-27-01-02.00.000 V4.0 Control compatible
    Control : P6725-27-02-08.03.000 TCI Thales25 Software (OTAR)
    DSP : P6725-27-03-08.03.000 UNDEFINED
    Keypad : P6725-27-04-02.06.000 Relm AVR build
    Radio Config : 0x00010507
    Regards,
    Phil

  13. #12
    Join Date
    Nov 23, 2012
    Posts
    112
    Thanks
    21
    Thanked 59 Times in 31 Posts
    Country: United States

    Default

    From a -503 version radio with AES, serial 05xxx:

    Boot : P6725-27-01-02.00.000 V4.0 Control compatible
    Control : P6725-27-02-08.03.000 TCI Thales25 Software (OTAR)
    DSP : P6725-27-03-08.03.000 UNDEFINED
    Keypad : P6725-27-04-02.06.000 Relm AVR build
    Radio Config : 0x0001050F

  14. The Following User Says Thank You to tbiggums For This Useful Post:

    Phil (Aug 10, 2019)

  15. #13
    Join Date
    Jun 27, 2019
    Location
    Australia
    Posts
    30
    Thanks
    20
    Thanked 33 Times in 8 Posts
    Country: Australia

    Default

    Hi tbiggums,

    Thanks for the additional info on the radio version. I forgot to ask for that. ;-)

    Regards,
    Phil

  16. #14
    Join Date
    Aug 15, 2019
    Posts
    129
    Thanks
    92
    Thanked 302 Times in 109 Posts
    Country: Australia

    Default

    Phil and tbiggums,

    Any chance you could post a list of all of the "optional" features known to be enabled in your radios? CVSD DES, P25 DES, P25 AES, KVL interface, OTAR, Fire Features, GPS etc. The whole lot.

    Haven't got my radios yet but I've taken a quick look at the enabler tool in Ghidra and based on this, I think it will be a straightforward exercise to write an autopimp tool that enables everything.

    I have a good handle on how the tool communicates with the radio, but I'm trying to get a better idea of how the bits are mapped in the radio's feature mask.

  17. The Following User Says Thank You to syntrx For This Useful Post:

    AD0JA (Aug 27, 2019)

  18. #15
    Join Date
    Jun 26, 2018
    Posts
    61
    Thanks
    192
    Thanked 33 Times in 19 Posts
    Country: United States

    Default

    Here is a 505 I have access to one more if needed. The more I would imagine the merrier......

    Racal 25 505 ser# 136xx

    Thales 25 Radio - Thales Communications Inc.
    ESN : A014540000013978
    Factory Serial : 700600303DA549D1
    Boot : P6725-27-01-02.00.000 V4.0 Control compatible
    Control : P6725-27-02-00.10.001 TCI Thales25 Software (OTAR - DEBUG)
    DSP : P6725-27-03-08.03.003 UNDEFINED
    Keypad : P6725-27-04-02.06.000 Relm AVR build
    Radio Serial : 136xx
    Radio Config : 0x00010507

    Debug Version Number: 0x00080000

    X - CVSD DES
    X - P25 DES
    O - P25 AES
    X - KVL
    X - OTAR
    X - Fire Features
    X - GPS
    Last edited by splinter34; Aug 26, 2019 at 05:19 AM. Reason: additional info

  19. The Following User Says Thank You to splinter34 For This Useful Post:

    syntrx (Aug 26, 2019)

  20. #16
    Join Date
    Nov 23, 2012
    Posts
    112
    Thanks
    21
    Thanked 59 Times in 31 Posts
    Country: United States

    Default

    So according to Upgrade.exe version 2.0.0.0 (copyright 2001), it says my radio is fully loaded. Not sure if this is the newest Upgrade.exe version, but it does have the Thales logo on it, which wasn't associated with these radios in 2001. So maybe it is newer than 2001...
    Is there a debug command to have it show the features?

    Upgrade.exe shows the following features enabled:
    Analogue Encryption (I assume they mean the 12 kpbs CVSD DES)
    P25 Encryption
    KVL Interface
    OTAR
    Fire Features
    GPS

    AES encryption is definitely functional on this radio.

    My radio's versions are:
    Boot : P6725-27-01-02.00.000 V4.0 Control compatible
    Control : P6725-27-02-08.03.000 TCI Thales25 Software (OTAR)
    DSP : P6725-27-03-08.03.000 UNDEFINED
    Keypad : P6725-27-04-02.06.000 Relm AVR build
    Radio Config : 0x0001050F
    Radio Serial : 15647
    Radio Config : 0x0001050F



    It's been several years since I messed with it, but I remember this radio didn't have AES enabled when I obtained it. The serial number shown by the upgrade.exe is 15647, which is different than the what the sticker on the side of the radio shows. I vaguely remember the trick for getting AES enabled in the radio was to change the serial number to one that the Upgrade.exe program thought had AES. Supposedly the high serial numbers (roughly 15xxx and beyond) mostly had AES enabled.

    I don't recall doing any hex editing or anything to change the serial number. Seems like it was all done within Upgrade.exe.

    For what it's worth, I worked with a lot of these radios in a previous job of mine, and never ran across one that didn't at least have CVSD DES and the KVL Interface enabled. Pretty sure those were "standard" options that they didn't charge extra for. I know AES requires a hardware version -503 or newer, though.

  21. The Following 4 Users Say Thank You to tbiggums For This Useful Post:

    AD0JA (Aug 27, 2019),Phil (Aug 27, 2019),splinter34 (Aug 27, 2019),syntrx (Aug 27, 2019)