RS0RS
2022-03-27, 02:12 AM
Hi all !
Not TETRA or DMR I know, but I don't know where I could put this topic... It is still about radio so here it is...
I'm seeking some rare stuff, and I figured here would be the best place to ask, given the esoteric softwares some members manage to provide ^^ !
I'm after the so-called Crypto-Management-Unit Software package (it was on Floppy of course...) from Marconi/********/Philips which will turn a standard (DOS, think 386/486) PC into the MASC Crypto Management Unit. (Warning, wall of text !)
With that CMU, you can either keyload/fill a fillgun, or a radio directly (at least for the Philips PRP74, should be the same for other handhelds like the ******** MT6000e)
MASC (Marconi Advanced Scrambler) was an analog voice encryption system used by the British Police between approx 1992 to 2002 (before TETRA Airwave).
It was a 38-bits key frequency-domain scrambler based on rolling bandsplitting (5 bands, swapped approx 10 time per sec)
There was also an Authentication Key in addition to the Traffic Key (TEK) for stunning and remote zeroising...
Both keys were entered via the CMU or a standalone fillgun...
I have a fillgun, (well I'm lucky and have two, but only one is really "fully operational") but I also need the CMU software.
Why ?
Because "Keyloader" is an incorrect terminology.
These good ol' Psion Organizer II LZ (with special 16k datapak and SES RO rugged case with built-in Comms-Link) are fillguns and labelled as such !
they aren't "true" Keyloaders like a ******** T3011 KVL would be, but just merely Fillguns so they can't generate a CryptoVariable by themselves !
My old a** forgot that at those time, infinite key retention was not popular, and so both my MASC keyloaders have now lost their fill content after sitting for some years in a storage box... The MASC firmware is in UVPROM, but the keys are in RAM...
[BTW : I recently learned that the Psion can last a long time (years) on a 9V batt when sleeping, but is never truly "Off" and will wake up for a sec every 34 minutes to update the µP RTC ! look it up here ! https://www.jaapsch.net/psion/]
I know you can clone keys between MT6000e radios due to a MAJOR security glitch, but I'm looking for the software for an academic approach, as an amateur historian.
I intend to document my finding (reverse-engineering) for the CryptoMuseum when I finally find that software and got that full hardware working, so everybody with a Psion LZ (plentiful and cheap on eBay) and a DOS 486 PC (not so plentiful & cheap nowadays, but everybody playing with Jedi/MT6000e should already have one for the RSS programming) can recreate a genuine fillgun and play with keyloading on MASC enabled hardware ! (a bit like PA5DOF did for the Racal Cougar fillgun, but with genuine Psion instead of an Arduino...)
[For those who still haven't heard of the CryptoMuseum, look it up, it's an excellent site ! https://www.cryptomuseum.com/crypto/voice.htm]
I have collected a lot of documentation about this MASC system over the years, I still have the academic publication of the scrambler inventor, because Marconi was just the builder, it was an University that designed the scrambling algo...
Interesting read, like the use of a 31bits sync word with BCH FEC...
FYI the MASC system had two versions : the "standard" UK Police version (HO) and an export version (CO)
IIRC the DSP (containing the scrambling routine) used was a TMS320C17. The prototype PCB was built inside a Pye PFX Remote Speaker-Mic
Only 2 chips formed the heart of this scrambling system : the TMS320C17 DSP (can also be TMS320E17 & TMS320P17) and a ******** MC145480 CoDec.
Oddly enough, contrary to most analog scramblers (with internal digital "shuffling") which used CVSD for the A-D then D-A conversion, MASC used a PCM "wavecoder" ...
(I don't like to use the term vocoder for CVSD and PCM, I reserve that for LPC/CELP/AMBE...)
Interestingly, the French had a similar system (codenamed MICA) for their police UHF handheld at approx the same era, but it was Time-Domain instead of Frequency-Domain Scrambling.
(I got lucky and found one too ^^, but of course zeroised and I've heard their fillguns were all destroyed...)
I'm also seeking data on that one but it is even more scarse than for MASC !
Thanks a lot for any answers about the CMU you may provide ! IMHO it's important to safeguard old techs, and to sometime lend that stuff to Museums, just to see how it was before...
I already posted this topic on Austech, but I thought it wouldn't hurt to post it here too "just in case"...
For those of you who are extra curious, here's a video made by a British Ham who specializes in historical subjects :
https://www.youtube.com/watch?v=TAmdW1SCcco
PS : If you have a keyloaded working MASC radio or more infos about MASC & MICA, don't hesitate to PM me...
Thanks !
Not TETRA or DMR I know, but I don't know where I could put this topic... It is still about radio so here it is...
I'm seeking some rare stuff, and I figured here would be the best place to ask, given the esoteric softwares some members manage to provide ^^ !
I'm after the so-called Crypto-Management-Unit Software package (it was on Floppy of course...) from Marconi/********/Philips which will turn a standard (DOS, think 386/486) PC into the MASC Crypto Management Unit. (Warning, wall of text !)
With that CMU, you can either keyload/fill a fillgun, or a radio directly (at least for the Philips PRP74, should be the same for other handhelds like the ******** MT6000e)
MASC (Marconi Advanced Scrambler) was an analog voice encryption system used by the British Police between approx 1992 to 2002 (before TETRA Airwave).
It was a 38-bits key frequency-domain scrambler based on rolling bandsplitting (5 bands, swapped approx 10 time per sec)
There was also an Authentication Key in addition to the Traffic Key (TEK) for stunning and remote zeroising...
Both keys were entered via the CMU or a standalone fillgun...
I have a fillgun, (well I'm lucky and have two, but only one is really "fully operational") but I also need the CMU software.
Why ?
Because "Keyloader" is an incorrect terminology.
These good ol' Psion Organizer II LZ (with special 16k datapak and SES RO rugged case with built-in Comms-Link) are fillguns and labelled as such !
they aren't "true" Keyloaders like a ******** T3011 KVL would be, but just merely Fillguns so they can't generate a CryptoVariable by themselves !
My old a** forgot that at those time, infinite key retention was not popular, and so both my MASC keyloaders have now lost their fill content after sitting for some years in a storage box... The MASC firmware is in UVPROM, but the keys are in RAM...
[BTW : I recently learned that the Psion can last a long time (years) on a 9V batt when sleeping, but is never truly "Off" and will wake up for a sec every 34 minutes to update the µP RTC ! look it up here ! https://www.jaapsch.net/psion/]
I know you can clone keys between MT6000e radios due to a MAJOR security glitch, but I'm looking for the software for an academic approach, as an amateur historian.
I intend to document my finding (reverse-engineering) for the CryptoMuseum when I finally find that software and got that full hardware working, so everybody with a Psion LZ (plentiful and cheap on eBay) and a DOS 486 PC (not so plentiful & cheap nowadays, but everybody playing with Jedi/MT6000e should already have one for the RSS programming) can recreate a genuine fillgun and play with keyloading on MASC enabled hardware ! (a bit like PA5DOF did for the Racal Cougar fillgun, but with genuine Psion instead of an Arduino...)
[For those who still haven't heard of the CryptoMuseum, look it up, it's an excellent site ! https://www.cryptomuseum.com/crypto/voice.htm]
I have collected a lot of documentation about this MASC system over the years, I still have the academic publication of the scrambler inventor, because Marconi was just the builder, it was an University that designed the scrambling algo...
Interesting read, like the use of a 31bits sync word with BCH FEC...
FYI the MASC system had two versions : the "standard" UK Police version (HO) and an export version (CO)
IIRC the DSP (containing the scrambling routine) used was a TMS320C17. The prototype PCB was built inside a Pye PFX Remote Speaker-Mic
Only 2 chips formed the heart of this scrambling system : the TMS320C17 DSP (can also be TMS320E17 & TMS320P17) and a ******** MC145480 CoDec.
Oddly enough, contrary to most analog scramblers (with internal digital "shuffling") which used CVSD for the A-D then D-A conversion, MASC used a PCM "wavecoder" ...
(I don't like to use the term vocoder for CVSD and PCM, I reserve that for LPC/CELP/AMBE...)
Interestingly, the French had a similar system (codenamed MICA) for their police UHF handheld at approx the same era, but it was Time-Domain instead of Frequency-Domain Scrambling.
(I got lucky and found one too ^^, but of course zeroised and I've heard their fillguns were all destroyed...)
I'm also seeking data on that one but it is even more scarse than for MASC !
Thanks a lot for any answers about the CMU you may provide ! IMHO it's important to safeguard old techs, and to sometime lend that stuff to Museums, just to see how it was before...
I already posted this topic on Austech, but I thought it wouldn't hurt to post it here too "just in case"...
For those of you who are extra curious, here's a video made by a British Ham who specializes in historical subjects :
https://www.youtube.com/watch?v=TAmdW1SCcco
PS : If you have a keyloaded working MASC radio or more infos about MASC & MICA, don't hesitate to PM me...
Thanks !