Codeplug Password Protection

From MOTOTRBO
Jump to navigation Jump to search
The location of the TLS PSK settings in CPS2

Codeplug Password prevents an unauthorized technician accessing the radio configuration by reading the radio with the CPS. It however won’t prevent a lost or stolen radio from being used elsewhere or being sold onto someone else. Since it is possible to overwrite another configuration thereby allowing the radio to be used on another radio system.

Useful Information

  • Sensitive configuration information such as encryption keys are write-only so will never be revealed should the password be correctly guessed and the radio read.
  • It is not possible to bypass a forgotten password. If the password cannot be found, the radio can be reconfigured from scratch. It therefore makes sense to keep a backup of the password(s) in a safe location.
  • DP and DM3000 series radios with firmware older than R01.08.00, had a flaw that allowed the password to be determined by observing the IP traffic between the device and PC when trying to read a password-protected radio/repeater. This was fixed and only requires such radios to be firmware-upgraded if security was of concern. All current models or models produced since then, do not have this flaw.
  • Between firmware release R02.01.00 and R02.02.00, it was possible to configure the radio with a Write Password. If the password is forgotten for such a radio, it has to be returned to Motorla to have the data erased and password reset.

Deprecation

In early 2021, it was announced that support for codeplug password would be deprecated in software release M2021.01.[1] Instead TLS-PSK would be used to protect the codeplug data in the radio and while in motion.

This means that in order to read a radio, the 128-bit pre-shared key will need to be available (by entering or being saved) in the CPS or Radio Management. The radio (or repeater) in turn, also needs to have the Security Mode set to Enhanced. If the Security Mode set to Standard, the radio can be read and written without the need for a matching key.

If a radio or repeater is read on a different computer, the CPS will prompt the user to select a key and a list of saved keys is presented. Without a matching key, the device cannot be read. If the key is a match, the data transfer between CPS or Radio Management is encrypted using this key. This improves data security especially when remotely programming repeaters via IP or radios on a remote Device Programmer.

It is still possible to specify a password but this is only applicable to codeplugs saved on the PC.

All MOTOTRBO radios on R2.10.5 firmware or later will support TLS-PSK.

See Also

TLS-PSK

References

  1. P@$$w0rds ar3 g0!ng, well sort of. (Retrieved 09.06.21)
Retrieved from "https://cwh050.mywikis.wiki/w139/index.php?title=Codeplug_Password_Protection&oldid=397"