TETRA (The dreaded Airwave!)

v6vitanic · Sep 7, 2003

Guys,

Having seen www.tetrascanner.com , and have a suitably modified PRO-60 (ok, but I didnt want to mess up anything that was expensive!), with an abundance of Airwave signals buzzing through my speaker, How and where do I lay my hands on decoding software?

There are links on tetrascanner.com, but all the SW links are dead.

I have used PDW and similar trunked stuff, but struggling to find some for Airwave...... apparently it HAS been cracked!

J

ianw · Sep 7, 2003

The Tetra Scanner site

Hello J

Sadly TETRA hasn't been cracked (and I very much doubt it ever will be as it is encrypted by default). The TETRA scanner site was created by a guy (Contra) who is trying to create a receiver that will detect TETRA and TETRAPOL transmissions.

He says the discriminator output can be used by anyone developing a decoder. But many people claim that due to the complexity of the PI/4 DQPSK modulation scheme used by TETRA mean a discriminator output would be no good anyway (a baseband output would be best it is thought).

There has been much discussion about this on the Yahoogroups TETRAUK list recently.

Sorry about this.

Ian

v6vitanic · Sep 7, 2003

I am getting conflicting reports, depending on where I look!

On the subject of acpo25 (or whatever it's called!), I know that has been done, and it mentions something on www.tetrascanner.com about tetrapol too.... but half the site is dead links. There are certainly some Audio Clips there, and they are asking for Audio to be submitted to them to faff with. Just as soon as i can find my lead, I will record some off air and send to them, just to see if they are as good as they make out to be! I know what the local plod sound like on Airwave (I was dealing with one this AM in the course of my job!), and see if they come up with anything recognizable.

A friend of mine is a software developer, and has asked for some data to be sent to him, for him to play with. Again, when I find my lead, I will send him some audio and see what he can do. He is good..... he managed to crack the encryption in Rover engine management units (made by Sagem, for Lucas), and then was able to tweak the settings.....

As soon as I get any results, I will let everybody know..... eventually somebody is going to crack it. I was looking at a Dutch site (the name of which escapes me), and there was a link to WinTetra 2000 (whatever that may be), I couldnt read too much as it was in Dutch, but suffice to say, the website had been taken down. Likewise with a lot of the Trunking Software that was advertised there, so what it was, lord above only knows. If anybody knows, drop me a line eh?

Laters,

J

rdale · Sep 7, 2003

APCO25 has nothing to do with Tetra. You cannot monitor encrypted APCO25 signals and never will... You cannot monitor encrypted Tetra (which as I understand is all Tetra) and never will. Encryption on radios is not just a little password protection, it cannot be broken.

- Rob

ianw · Sep 7, 2003

Hello

As rdale mentioned APCO25 is something completely different to TETRA. Technically it isn't as complex as TETRA and doesn't have encryption by default. Thanks to this the folks on the other side of the Atlantic can monitor their Police using APCO25.

I wouldn't bother recording any TETRA signals unless you have modified your scanner so it has a 25 KHz IF filter. If you haven't then your scanner will distort the signal so much it will be useless. Also the full TETRA specifications can be downloaded for free from the web so anyone building a decoder wouldn't need sound samples. However knowing a systems specifications won't help you if it is encrypted.

The Dutch site with the mention of the WinTetra software (and a GSM decoder) has been on the web for years but this software has never appeared. If you look carefully at the GSM decoder page he says that this is a product he thinks should exist rather than one he is selling.

All the best.

Ian

glen282001 · Sep 7, 2003

tetra nearfield receiver/ iDEN detection?

Hi all.
I read through the tetrascanner site and was wondering
if somehow,the same logic could be applied to using a modified scanner
to detect nearfield iDEN transmissions.

My local PD (Durham Region) uses iDEN from Telus Mobility (canadian version of NEXTEL)
and due to the nature of the signals which are TDMA, you cant monitor the input freqs, as they are just pulses like in TETRA.
With other digital systems like MOTO ASTRO, even if you couldn't
decipher the comms, you still at least hear the buzz on the repeater input frequencies, and you'd know if a nearby unit was
TX'ing.
It would be nice to have a detector like this in this neck of the woods.

Regards,
GH
Ontario, Canada

ianw · Sep 7, 2003

Near field receivers

Hi Glen

You could always build one of the near field receivers a few of us on the ScanProma list (a British scanner group) have built. They are very good with pulsed transmissions and work beyond 2 GHz. I can detect a TETRA base station a mile away and a low powered GSM phone several metres away so it should be OK for iden. Best of all they cost less than 10 UK pounds to build.

The circuit diagram is here ..

http://borg.shef.ac.uk/~ianw/all_band.png

Note that schematic is an old version and a 1nf capacitor should be added between the diodes anode and ground. I will be updating the schematic tomorrow though.

Regards

Ian

mikewazowski · Oct 18, 2003

ianw said:
Hello

The Dutch site with the mention of the WinTetra software (and a GSM decoder) has been on the web for years but this software has never appeared. If you look carefully at the GSM decoder page he says that this is a product he thinks should exist rather than one he is selling.

Ian

Interesting. The GSM system I'm on has encryption turned on by default as I understand most GSM systems do. I'm not sure anybody will come up with a GSM decoder for this reason.

ianw · Oct 18, 2003

Unencrypted GSM

Hello

Mike_Oxlong said:
Interesting. The GSM system I'm on has encryption turned on by default as I understand most GSM systems do. I'm not sure anybody will come up with a GSM decoder for this reason.

Yes exactly , I think the only unencrypted GSM systems in the world will be those sold to the "axis of evil" countries.

ianw · Oct 18, 2003

Unencrypted GSM (again)

Hello

Whoops I pressed the return key to early in my last message

I was going to add that some models of Nokia phones can be put in engineering mode which will tell you the type of encryption the network is using. They also tell you the base station you are using , GSM channel and even timeslot number. Sadly my Motrola GSM phone doesn't have these features.

Regards

Ian

mikewazowski · Oct 18, 2003

Most of the older Nokia phones had some not so secret key combination that would do that. The newer phones need a programming dongle to enable it.

You can view all the network parameters available. I'm a network tech so my phones come with field test mode already enabled. The Cipher is usually A51 which I believe is strong encryption. A52 is a weaker encryption.

ianw · Oct 18, 2003

Hello

Mike_Oxlong said:
Most of the older Nokia phones had some not so secret key combination that would do that. The newer phones need a programming dongle to enable it.

You can view all the network parameters available. I'm a network tech so my phones come with field test mode already enabled. The Cipher is usually A51 which I believe is strong encryption. A52 is a weaker encryption.

Yes A51 is the strong encryption which was NATO countries only with A52 used elsewhere. There is is also the new A53 used on the latest GPRS GSM phones.

I saw an oldish Nokia GSM phone in engineering mode. A student was using it as part of a project to map all the GSM base stations in the city centre here. As one company seems to have bases every half mile there were quite a lot to map !

Regards

Ian

Raccon · Mar 1, 2005

You cannot monitor encrypted Tetra (which as I understand is all Tetra)

Most commercial TETRA systems are not encrypted. Most PSS (Public Saftey and Security) system are.
Encryption (which requires Authentication) is an optional and expensive feature.

N_Jay · Mar 1, 2005

Re: tetra nearfield receiver/ iDEN detection?

glen282001 said:
Hi all.
I read through the tetrascanner site and was wondering
if somehow,the same logic could be applied to using a modified scanner
to detect nearfield iDEN transmissions.

My local PD (Durham Region) uses iDEN from Telus Mobility (canadian version of NEXTEL)
and due to the nature of the signals which are TDMA, you cant monitor the input freqs, as they are just pulses like in TETRA.
With other digital systems like MOTO ASTRO, even if you couldn't
decipher the comms, you still at least hear the buzz on the repeater input frequencies, and you'd know if a nearby unit was
TX'ing.
It would be nice to have a detector like this in this neck of the woods.

Regards,
GH
Ontario, Canada

You are not going to be able to receive iDEN with an FM receiver.

You need to be able to get the baseband signal to a DSP without going through an FM descriminator or AM detector.

As others have said, even if you could get teh data to decode you are going to come up against the encryption in the system.

poltergeisty · May 25, 2005

Ah, hog wash. Just decode it and brute force the hell out of the code. Could a modifield phone work? :lol:

Does Tetra sport over the air re keying. Hmmmm.Boo!-Poltergeisty :-0

Raccon · May 26, 2005

Does Tetra sport over the air re keying. Hmmmm.

Yes.

poltergeisty · May 26, 2005

Thanks I wasn't sure if it did or not?:wink:

So if someone where to crack any implemented encryption and program a receiver or radio with the key I wonder if it would follow the re keying?Boo!-Poltergeisty :-0

Raccon · May 27, 2005

poltergeisty said:
Thanks I wasn't sure if it did or not?:wink:

So if someone where to crack any implemented encryption and program a receiver or radio with the key I wonder if it would follow the re keying?Boo!-Poltergeisty :-0

You wouldn't get that far in the first place: Because if encryption is used TETRA makes authentication mandatory. So even you have the right key, your radio will not be allowed to register with the system because there is no valid ID programmed in the system to match your key.
What you need to do is clone an existing ID and its key (not any key), but there are measures against that, too.

poltergeisty · May 31, 2005

I'm just thinking outside the box here. I am referring to just an ordinary radio thats taped before the demodulation and then using Tetra programing equipment to hack the key and follow the re keying. This is just a synopsis to the idea. It would take an engineering degree in electronics and good computer programing skills to accomplish this. Anything is possible, takes time, knowledge and money for most things to work. :wink:Boo!-Poltergeisty :-0

kendomat · Mar 20, 2006

Tetra..

From using Tetra on the Doplhin (crap I know) Dolphin, TETRA seemed to alow a cloned radio work on the system, as I had two of the same radios working at the same time. but it would only let 1 TX. Usually the one that was turned on last.
Not sure if this is any help.

TETRA (The dreaded Airwave!)

Member

Member

Member

Completely Banned for the Greater Good

Member

Member

Member

Forums Manager/Global DB Admin

Member

Member

Forums Manager/Global DB Admin

Member

Member

N_Jay

Guest

Truth is a force of nature

Member

Truth is a force of nature

Member

Truth is a force of nature

Member