Tetra decoding

[sq5bpf]

In my area there is a tetra system with 3 frequencies, 394.7375 , 395.2375 , 395.7375 . Using Telive monitor, I found that the three frequencies have the same MNC and the same downlink frequency ( 394.7375 ) . which frequency should use to monitor all traffic?. or should use the 3-channel system telive_3ch. If the second option, this work with only 1 USB RTL?

the frequencies are within the range that can be covered with one dongle, so i would use only one dongle (unless you have a reason to use multiple dongles, for example 3 dongles, each with its own directional antenna aimed in a different direction).

also check if this is the same colourcode (but most probably is).



launch in separate windows:
./receiver1 1
./receiver1 2
./receiver1 3

launch the 3 channel grc receiver and set baseband to 395M, and use offsets -262.5k, 237.5k and 737.5k, and this will give you the right frequencies.

launch telive, tetrad etc

this will let you monitor all of the 3 channels, as if it were one system. you might see two of these frequencies being turned off periodically when there is low traffic.

 

[sq5bpf]

Hi, folks!
What changes in the blocks have to do that instead of RTL- SDR earned USRP B210? When connecting the USRP, GNU Radio recognizes it immediately loads the driver and UHD firmware, but when the GRC is no reception ;-(
Any ideas?

if send me an usrp i will gladly help you debug this problem

look at the osmo-sdr source block, maybe you need to specify some additional parameters, or change sampling rate. other than that this should work just as with rtl-sdr (or funcube dongle, osmosdr supports all of these)

 

[grahampaull]

Had telive running for a few hours tonight and got some excellent comms for the Fire Service here; I was listening to 1-1 comms between the onsite commander and a fireman in a burning building.

Another good thing is, they still use the same callsigns as they did back in the analogue days.

Next thing for me to try is Multiple freqs.

Am I right in thinking that If I see the same MNC and Colour code on multiple freqs then these are part of the same network ?


Sent from my iPhone using Tapatalk

 

[ltd_nova]

If exist 3 frequency in a tetra system, same MNC, colour code, that means could be so 12 TX at same time? a kind of 12 slots?

 

[sq5bpf]

If exist 3 frequency in a tetra system, same MNC, colour code, that means could be so 12 TX at same time? a kind of 12 slots?

yes

but i think is the respondents use different frequencies, then 2 slots are used (but i might be mistaken)

 

[sq5bpf]

https://vimeo.com/114220631

i see you got something (maybe SDS?) in the status window (the bottom right red on green window), could you copy this here?


btw is there anyone here, who has tetra equipment, and could send a 7-bit SDS between terminals, and send me telive.log? best would be something like AAAAAAABBBBBBBCCCCCCC

 

[grosminet]

Try kali 1.0.9

Try kali 1.0.9 . Based on Debian . Completly root on file system . Gnuradio 3.6.1 already installed

Tetra installed in 10 minutes

 

[grahampaull]

i see you got something (maybe SDS?) in the status window (the bottom right red on green window), could you copy this here?





btw is there anyone here, who has tetra equipment, and could send a 7-bit SDS between terminals, and send me telive.log? best would be something like AAAAAAABBBBBBBCCCCCCC

Yes, I get quite a lot of SDS.

If I use terminal, I am able to see /telive/tetra and recordings etc but when I use the file manager I cannot get to this dir, any ideas ? Once I get in there I can send you all the logs I have.

The SDS are appearing in the bottom left screen rather than the right.


Sent from my iPhone using Tapatalk

 

[grahampaull]

Yes, I get quite a lot of SDS.

If I use terminal, I am able to see /telive/tetra and recordings etc but when I use the file manager I cannot get to this dir, any ideas ? Once I get in there I can send you all the logs I have.

The SDS are appearing in the bottom left screen rather than the right.


Sent from my iPhone using Tapatalk

Also, SDS appear to be like 110010110010110001101111000000011011100110 rather that AAAAABBBBBBBCCCCCC



Sent from my iPhone using Tapatalk

 

[sq5bpf]

Also, SDS appear to be like 110010110010110001101111000000011011100110 rather that AAAAABBBBBBBCCCCCC

telive.log would be best (enable logging with l), because there will be the raw form (the 1010101...), and the decoded form, and i can see if the decoder works ok. i linke to look at telive.log from different sites, because often they have much more interesting traffic than what i can observe (and if you send them, please do it via pm or email, and check if you can do it legally first - different countries have different laws regarding this)


regarding AAAAABBBBBBBCCCCCC i was asking is someone could send a 7-bit SDS containing this string and decode it via telive (and send me telive.log). i think the 7-bit decoding might be broken, but need some samples with known content.

 

[sq5bpf]

The SDS are appearing in the bottom left screen rather than the right.

this is probably from a location protocol (LIP or something similar), which is interesting too.


in recent telive versions, decoded text SDS will appear in the right window

 

[sammy3418]

I left it on 392.8375 for a few hours, kind of quiet at the start then it just seemed to spring into life with constant comms.

I'm not sure about the mainland but I don't see why it wouldn't be the same as NI.

https://vimeo.com/114220631


Sent from my iPhone using Tapatalk

Excellent

 

[grahampaull]

Try kali 1.0.9 . Based on Debian . Completly root on file system . Gnuradio 3.6.1 already installed



Tetra installed in 10 minutes

Thought I would run this on Kali as well as there are some other nice tools on there.

I downloaded Kali 1.0.9 VM Image, am I right in thinking I don't need to run the following:

cd ~ wget http://www.sbrac.org/files/build-gnuradio && chmod a+x ./build-gnuradio && ./build-gnuradio -o

I skipped that above and went straight to:

cd ~ git clone https://github.com/sq5bpf/libosmocore-sq5bpf cd libosmocore-sq5bpf autoreconf -i ./configure make sudo make install sudo ldconfig

But when I type autoreconf -i i get a Command Not Found message, any ideas ?




Sent from my iPhone using Tapatalk

 

[AZScanner]

Thought I would run this on Kali as well as there are some other nice tools on there.

I downloaded Kali 1.0.9 VM Image, am I right in thinking I don't need to run the following:

cd ~ wget http://www.sbrac.org/files/build-gnuradio && chmod a+x ./build-gnuradio && ./build-gnuradio -o

I skipped that above and went straight to:

cd ~ git clone https://github.com/sq5bpf/libosmocore-sq5bpf cd libosmocore-sq5bpf autoreconf -i ./configure make sudo make install sudo ldconfig

But when I type autoreconf -i i get a Command Not Found message, any ideas ?




Sent from my iPhone using Tapatalk

I thought the same thing but Kali gave me nothing but grief for days when trying to install GNURadio. I finally trashed that install and switched over to the latest version of Mint. HUGE difference. GNURadio installed without a single hitch in about an hour.

Go into the SDR forum and find my thread about running OP25 in a VM. About halfway down the first page you'll see detailed instructions from PiccoIntegra on using pybombs to install - by far, the easiest way to set up GNURadio. Even a complete Linux noob like me was able to do it. Good luck!

-AZ

 

[seecster]

TETRA decoding help

early christmas present

https://github.com/sq5bpf/telive
(and you will also need https://github.com/sq5bpf/libosmocore-sq5bpf and https://github.com/sq5bpf/osmo-tetra-sq5bpf and gnuradio 3.6 with dvb dongle support)

Please read all documentation before asking any questions.
If you can't compile this software, then it's not intended for you.
Runs under linux only, please don't ask about other OSes.

I hope i've put everything in the repositories.

Also please note that this software is written for my personal pleasure, and does not adhere to software quality standards

Dear all i want to know if it is possible to capture and Decode TETRA communication using my BladeRF device. Is there any help available to do that????

Thanks

 

[sq5bpf]

But when I type autoreconf -i i get a Command Not Found message, any ideas ?

apt-get install autoconf

and maybe also some other packages.

 

[giannit]

giannit, i'd like to help you, but i'm afraid i don't understand everything you wrote. the documentation might not be 100% correct when translated via google translate.

please do this:

- run the software, including tetrad
- enable mutessi
- enable record
- enable logging
- if you want enable mute
- wait at least a few hours (even better a few days)
- play the ogg files in /tetra/out , see if any contain speech
- look at telive.log

maybe your network is 100% encrypted and you will not hear anything or see much in the logs

Hello , I tried these days to enable recording and mutessi but in my area is all under tea2 . Too bad , I hope that in the future it is possible to decode this .
I still go back on GQRX or SDR # , if any of you can or know how to use even one of these two software without ruining installing Telive . I tried to install but GQRX telive stops working . Someone give me some advice on how to get them both to work on Mint ? Thanks .

 

[sq5bpf]

Hello , I tried these days to enable recording and mutessi but in my area is all under tea2 . Too bad , I hope that in the future it is possible to decode this

this is easy:

- get someone to reverse enginner or leak the cipher specifications (preferably to a list like cypherpunks)
- get some cryptographers to find holes in the ciphers (which there may be, because the specification was not open to public scrutiny)
- publish a ready to use attack that is easy to use for normal users (preferably with precomputed rainbow tables if any are used)


please note that this has been already done with A5/1, so i'm only half kidding

 

[yo4tnv]

Earlier on a post, I made a confusion about TEA which is TetraEncryptionAlgorithm NOT TinyEncryptionAlgorithm (Tiny Encryption Algorithm - Wikipedia, the free encyclopedia).
My bad , sorry.
SQ5BPF is right, gsm A5/1 has been "done" for a while now..there we may expect solution for TEA too. Though, keep in mind that TETRA targets security-critical comms, and might not be so easy.

 

[sq5bpf]

Dear all i want to know if it is possible to capture and Decode TETRA communication using my BladeRF device. Is there any help available to do that????

send me a bladerf and i will look into it

you can capture using bladerf and decode on the pc. i'm sure there is a bladerf source for gnuradio 3.6, so this would be a very simple modification.

while decoding on the bladerf could be probably possible too, it would require to rewrite the code to use the builtin arm cpu and fpga, and this is beyond my abilities right now

but why would you like to do it? the bladerf is such a nice device, that it should be doing more interesting things, and leave simple monitoring to a $10 dvb dongle