Hi,
I've released an experimental version of telive, osmo-tetra-sq5bpf etc... to allow voice decryption if you know the key (or can crack it in case of TEA1).
As far as i know this is the first publicly available software that will enable listening to encrypted calls (if you know the key).
Looking for testers that are already proficient with using linux, telive, and have access to a tetra network with encryption.
## If someone wants to test, then please do this:
- get permission if this is not your network
- install the telive software from here: GitHub - sq5bpf/telive-2: Tetra live monitor - experimental version using the script in scripts/install_telive.sh . best use a cleanly installed Debian 12
- try it with an rtl-sdr dongle on an unencrypted network, verify that it works with a 1 channel receiver
- obtain the encryption key (see below)
- in osmo-tetra-sq5bpf-2/src copy the sample_keyfile to test_keyfile, modify test_keyfile to put your network parameters and keys in it
- modify receiver1udp to add -k test_keyfile
- run telive again and see if you can listen to decrypted voice traffic
## How to get the tetra key?
Try to get it from the network operators (note: for many of them the key will be in some keyloader device and it will be hard to extract it).
The TEA1 algorithm has been intentionally weakened, so it is possible to recover the key. For TEA1 you can record the standard output from receiver1udp. In the output lines with "key recovery candidate" can be plugged into some software that will attempt to recover the short 32bit key for this particular frequency.
One such software is TEAtime: GitHub - sq5bpf/teatime: TEAtime - TEA1 short key recovery , please read the comments in README.md on how to use it.
## FAQ
Always get the necessary permission (this is not a question btw).
Does it run on xxxx (something other that debian 12)?
- probably not but i will try to add support for other distriutions in the future
I don't know how to compile/run this?
- touch luck, this is aimed at experienced users only. In the future i might write some documentation.
Do i have TEA1 in the networks around me?
- you probably don't. TEA1 has publicly known vulnerabilities since 2023, so every network that cares about security even a little bit has been upgraded long ago.
Please read the README.md comments in GitHub - sq5bpf/teatime: TEAtime - TEA1 short key recovery
You will have to ask the network operator to turn it on and provide sample traffic.
So why was this released?
- it was released to get feedback from users who are already profficient with linux, telive and tetra, and preferably are testing this on their own network (which they can reconfigure to test different scenarios)
VY 73
Jacek / SQ5BPF
I've released an experimental version of telive, osmo-tetra-sq5bpf etc... to allow voice decryption if you know the key (or can crack it in case of TEA1).
As far as i know this is the first publicly available software that will enable listening to encrypted calls (if you know the key).
Looking for testers that are already proficient with using linux, telive, and have access to a tetra network with encryption.
## If someone wants to test, then please do this:
- get permission if this is not your network
- install the telive software from here: GitHub - sq5bpf/telive-2: Tetra live monitor - experimental version using the script in scripts/install_telive.sh . best use a cleanly installed Debian 12
- try it with an rtl-sdr dongle on an unencrypted network, verify that it works with a 1 channel receiver
- obtain the encryption key (see below)
- in osmo-tetra-sq5bpf-2/src copy the sample_keyfile to test_keyfile, modify test_keyfile to put your network parameters and keys in it
- modify receiver1udp to add -k test_keyfile
- run telive again and see if you can listen to decrypted voice traffic
## How to get the tetra key?
Try to get it from the network operators (note: for many of them the key will be in some keyloader device and it will be hard to extract it).
The TEA1 algorithm has been intentionally weakened, so it is possible to recover the key. For TEA1 you can record the standard output from receiver1udp. In the output lines with "key recovery candidate" can be plugged into some software that will attempt to recover the short 32bit key for this particular frequency.
One such software is TEAtime: GitHub - sq5bpf/teatime: TEAtime - TEA1 short key recovery , please read the comments in README.md on how to use it.
## FAQ
Always get the necessary permission (this is not a question btw).
Does it run on xxxx (something other that debian 12)?
- probably not but i will try to add support for other distriutions in the future
I don't know how to compile/run this?
- touch luck, this is aimed at experienced users only. In the future i might write some documentation.
Do i have TEA1 in the networks around me?
- you probably don't. TEA1 has publicly known vulnerabilities since 2023, so every network that cares about security even a little bit has been upgraded long ago.
Please read the README.md comments in GitHub - sq5bpf/teatime: TEAtime - TEA1 short key recovery
You will have to ask the network operator to turn it on and provide sample traffic.
So why was this released?
- it was released to get feedback from users who are already profficient with linux, telive and tetra, and preferably are testing this on their own network (which they can reconfigure to test different scenarios)
VY 73
Jacek / SQ5BPF
