
A determined 'hacker' decrypts RDS-TMC - emhart
http://windytan.blogspot.fi/2013/05/a-determined-hacker-decrypts-rds-tmc.html
======
waterlesscloud
Man, her blog is full of awesomeness. All kinds of cool little projects on
there.

~~~
rwg
I get a seriously bittersweet feeling reading her blog since some of the
things she's doing are eerily similar to little "just for the hell of it"
projects I did in college many, many moons ago. (Transmitting data with IR
LEDs driven by my sound card, using audio tapes to store data, playing with
signal processing using audio from FM radio stations captured with my WinTV
card, writing everything in Perl [5.005], ...)

I wish I still had the desire to just play around with such things again...
:-\

~~~
eksith
Getting back into a hobby to get away from another frustration doesn't always
work, cause then your heart's not in it. That's just escapism.

Sometimes the desire is just a matter of achieving momentum. I've let my hobby
desk collect dust (figuratively speaking; my OCD wouldn't allow it) until I
come across something that piques my interest and I plug in Ye Olde soldering
iron and fiddle around. Might do that a few days, fall into a lull and then
suddenly pick up and follow through.

------
andrewcooke
the coolest bit by far is _RDS was decoded from intermodulation distortion in
the radio's Line Out audio caused by the stereo demuxer circuitry._ :o)

~~~
sillysaurus
_decoded from intermodulation distortion in the radio's Line Out audio_

I wonder if this is a fairly common side channel attack? The most common in
the domain of digital crypto is time (e.g. all password inputs must take equal
time to check vs a given password, otherwise you leak info about the password)
but distortion seems an obvious attack vector against analog crypto. Though I
don't know if it's merely obvious in hindsight, as are most things.

~~~
jrockway
This isn't an attack, it's just using the cheap FM radio and a sound card like
a software-defined radio.

~~~
cachvico
It's an attack on the 'system' (i.e. the money making system) ;)

~~~
mikeash
Not this part. The system doesn't attempt to make it difficult to obtain that
data. The monetization part is done with an unrelated encryption scheme.

------
simcop2387
As simple of an operation as this is, I wonder how hard it would be to brute
force this without knowing the location. If you assume that the location
values must all be within some distance of each other, I suspect you could
iterate though all 65k keys fairly quickly and find the tightest group of them
and it would likely be the right one. This makes me want to get some kind of
thing going to decode them and try it myself.

------
jimktrains2
[http://www.phrack.org/issues.html?issue=64&id=5](http://www.phrack.org/issues.html?issue=64&id=5)
is another hacker going at it as well, from 2007. It includes a little more
information about the protocol, but doesn't touch on listening to encrypted
versions.

------
ck2
Whew, she is in Finland.

In the USA, Carmen Ortiz would be sending in cops to shoot their dog and seize
their computer.

~~~
veeti
You're talking about the same Finland where the police force:

\- writes its own search warrants

\- raids gardening stores because their equipment "could be used" to grow
illegal drugs

\- tries to charge people with wiretapping for recording them during a home
visit

\- conducts body & home searches in the middle of the streets based on
inaccurate drug dog detections

\- falsely blocks informative sites about our internet blocklist for years
without any accountability or response

\- and raids 8-year olds for downloading a couple of songs

It's just as shit here as it is there.

~~~
ck2
Wow. Has it always been that way or did it change in recent history?

I guess I am thinking of Norway with the 20-year maximum murder sentence.

~~~
runeb
That is a bit misunderstood. Norway does indeed have a maximum prison sentence
of 21 years, which is called "life in prison", but preventive detention can be
used to effectively keep convicts incarcerated for the rest of their lives if
deemed necessary for the safety of the public.

------
cantankerous
Super cool post. I'm glad there are people in the world working on these
things, at least in a hobby capacity and sharing with the rest of us. I worry
that doing something like this might get one in all kinds of stupid trouble
with _somebody_ in a hot minute (especially in the US). Can't say my fears are
well-founded, if only so through the various hyped up horror stories you hear
about hackers getting in legal trouble for unforeseen reasons.

Regardless, I wish her all the best!

------
joyeuse6701
No doubt about it, that is awesome. I wish I had the time... correction I
probably always have the time, but none of the patience to do something like
this alone on the side. I'll definitely bookmark her blog.

------
L0j1k
I have been in love with her since the modem image. <3

------
rdl
It was funny/sad that people commenting on her blog assumed she was male due
to the topic.

~~~
ars
Or people did not know, and were indifferent to, her gender and used the male
pronoun because that is the correct grammatical structure when the gender is
unknown.

I certainly never pay the slightest bit of attention to the gender of people I
read. Does it make any difference?

~~~
rdl
On someone's personal blog, if you're going to comment, and the person's name
and photo is right there, it's about the same as addressing a female in person
as "Sir" (or in this case, "dude")

~~~
Fargren
"Dude" works for women. How else are you going to call a female person in her
late twenties? "Woman" is way too formal for many settings, "girl" can imply
that you think she's not mature, and "gal" is just... no.

If anyone has a better alternative, do tell. I'm not too pleased with "dude"
either.

~~~
rdl
Either be more specific (you, hacker, engineer, etc) or less specific (person,
or leave off the pronoun?)? I mean, I don't think any of this is that
important, and saying things like "the elevator has a 10 man capacity" is
fine, but there is no reason not to try to be accurate when it costs little.

