
Jailbreak firmware turns cheap digital walkie-talkie into DMR scanning receiver - wolframio
http://phasenoise.livejournal.com/1142.html
======
joezydeco
I'm instantly in love with the International Journal of PoC||GTFO. How did I
not know about this before? It feels like the old Apple ][ hack/phreak days
again.

[http://www.sultanik.com/pocorgtfo/](http://www.sultanik.com/pocorgtfo/)

~~~
mutagen
OK I'm in love too now:

>>Technical Note: The polyglot file pocorgtfo10.pdf is valid as a PDF, as a
ZIP file, and as an LSMV recording of a Tool Assisted Speedrun (TAS) that
exploits Pok´emon Red in a Super GameBoy on a Super NES. The result of the
exploit is a chat room that plays the text of PoCkGTFO 10:3. Run it in LSNES
with the Gambatte plugin, the Japanese version of the Super Game Boy ROM and
the USA/Europe version of Pok´emon Red.

~~~
semi-extrinsic
Then there's the articles by Natalie Silvanovich, who's specialised in hacking
different versions of Tamagotchis. I mean... they're Tamagotchis, for crying
out loud. A tiny plastic box with a 16x32 pixel monochrome screen, a speaker
and three buttons. But this awesome hacker goes out of her way to pwn that
6502 and run her own code on it...

~~~
morcheeba
You've got to see her CCC video! [https://media.ccc.de/v/29c3-5088-en-
many_tamagotchis_were_ha...](https://media.ccc.de/v/29c3-5088-en-
many_tamagotchis_were_harmed_in_the_making_of_this_presentation_h264)

------
jdalgetty
So does this mean you could listen to police/fire radio and such like back in
the old days?

~~~
runjake
Depends on the city/county. Most in the US are on P25, which has been
listenable by clued members of the populace, but many (most?) are now
encrypting traffic (usually w/ AES, iirc).

~~~
jlgaddis
Unencrypted transmissions are easily received by scanners (note, though, that
older scanners can't pick up P25) -- they aren't cheap, though (I think mine
was ~$450 USD). In my area, one local police department is the only agency
that has chosen to encrypt their communications.

It is, supposedly, also possible to pick up P25 using RTL-SDRs, though I've
never tried so I can't say for certain.

~~~
viraptor
If the wikipedia information is right (6.25kHz signal at ~700MHz), then it
should be trivial on RTL-SDR. Just need the right antenna.

~~~
gbin
From my experience: You usually need 2 dongles and the software under Linux to
do it is barely existing unfortunately.

~~~
viraptor
So is wiki not correct, or am I reading it wrong? Is the channel bandwidth
larger than 6kHz?

------
throwaway_xx9
When police use encrypted radio channels, they can't interoperate with EMS,
other agencies or in disaster zones. So becomes a problem.

~~~
throwaway7767
> When police use encrypted radio channels, they can't interoperate with EMS,
> other agencies or in disaster zones. So becomes a problem.

Depends on the system. TETRA (used in europe) can be optionally encrypted, so
the police can have radios with encryption for their talk groups, but still do
unencrypted communications with the medical or fire services.

Around here, they run it with encryption off though, because apparently the
key management is a pain in the ass and I guess the criminals they mostly
interact with aren't the types to sit around with RTL-SDR dongles capturing
their voice comms.

------
mitchtbaum
What might potentially come from this ground-level work? How wide ranging
could hacks for this radio support custom software, custom audio and data
encoding/decoding, custom modulation, etc etc?

------
jandrese
The server appears to be down?

~~~
mmastrac
Works for me -- video URLs here
[https://youtu.be/QSq_bVX2to8](https://youtu.be/QSq_bVX2to8) and here
[https://youtu.be/_6s9IP8hY0k](https://youtu.be/_6s9IP8hY0k).

