SDR# TETRA Demodulator Trunk Tracking Demonstration

[vselic]

I know it's not supposed to, but the thing is, few years ago - around two (when i did not work with rtl-sdr) - until a year ago, when they started to update our tetra system, it was not encrypted, so i was not shure, if it's encryption or just not the right configuration... now i can hear scrambled voice, so figured out, it's encrpted transmision and as i said, it's dead end... But the fact is, that some parts may still not be encrypted at all, so i'll continue to search.

If you check closely, few posts away, i have posted a link, where some student proved, that it was not encrypted. Hope you understand .

 

[hamradionl]

Radios needs to properly received the encryption key information after they have affiliated to the system so MNC and LA and frequencies
and those kind of traffic information are never encrypted.

That is good point

 

[Ubbe]

If you check closely, few posts away, i have posted a link, where some student proved, that it was not encrypted. Hope you understand .

I looked at the document and it seems that the system use TEA1 and are configured to allow clear speech if a mobile/portable do not use the encryption key. They explain a lot how it is possible to monitor unencrypted conversations, that you also do with the tetra SDR# plugin, but says nothing about being able to listen to TEA1 encrypted conversations. For some reason the slovenian police seems to use this system and some of their tetraradios transmit in the clear, and TEA1 are ment for commercial use with low security demands and public safety in any other country in EU use TEA2 and do not permit any unencrypted calls in their systems.

They also said something about monitoring the microwave links that where unencrypted, but those are always set to encrypt mode in any other country. I do not know if it is only a test system that only have unimportant calls as so many security issues exists that have not been taken care of by the security officer of the system. The authentification database in public safety are normally set to also use the radios serial number to stop any cloning attempts of ISSI numbers, and serial numbers can only be changed at certain service depots that has a computer and a security dongle that are online live with the main distributors user database.

/Ubbe

 

[hamradionl]

For some reason the slovenian police seems to use this system and some of their tetraradios transmit in the clear, and TEA1 are ment for commercial use with low security demands and public safety in any other country in EU use TEA2 and do not permit any unencrypted calls in their systems.
/Ubbe

The new network released in 2020, rumours telling using TEA3 or higher

 

[Erik40]

The new network released in 2020, rumours telling using TEA3 or higher

in witch country

 

[thewraith2008]

If you check closely, few posts away, i have posted a link, where some student proved, that it was not encrypted. Hope you understand .

The document linked is over 5 years old, networks can change despite our wishes in that time.
Maybe because of that document, that's why it's fully encrypted now.

Document talks about possible security problems but makes no mention of been able to 'crack' the encryption or that it has ever been done.
While I'm sure it will possible to do in the far future, TETRA will be dead and gone when it happens, and so the encryption has served it's purpose.

When:
- 'Air interface encryption service' = 1
- 'Security Call 1 supported on cell' = 0
- 'Security Call 3 supported on cell' = 1
then according to the standards, all signalling and traffic will be encrypted. That means no clear speech is carried on cell.



Latest version (v1.6.3.4) can be found here: Release post
- Please download 'TTT_1.6.3.4_release.7z' and install.
- Also download 'TTT_hotfix_v1.6.3.8.7z' and copy and replace the two files into the above install.

 

[hamradionl]

Just curious, as always
TEA1 is encr, some rumours discuss going to use 3 in future?
Seem 1 or 2 not that secure?
Or in 3 there be new functionality implemented?
Or is 3 just being same as 2 using some new or extended functionality?
The rumours stated not be clear, waiting end summer 2020 when or if this new network be on the air.

 

[vselic]

Just curious, as always
TEA1 is encr, some rumours discuss going to use 3 in future?
Seem 1 or 2 not that secure?
Or in 3 there be new functionality implemented?
Or is 3 just being same as 2 using some new or extended functionality?
The rumours stated not be clear, waiting end summer 2020 when or if this new network be on the air.

which country? Tea3 has just extended bit code as far as i know, so nothing new.

 

[thewraith2008]

TEA (TETRA Encryption Algorithm) is only the algorithm.
Any "functionality implemented" would only be how the algorithm goes about encrypting data.
Don't know if each TEA# offer different bit strengths, which would make encryption stronger I guess.

TETRA by the way of 'KSG Number' states that there can be 16 algorithms used:
- TEA1 to TEA7 for 'TETRA Standard Algorithm' with only 4 defined. (4 for future expansion)
- The remaining 8 are for Proprietary TETRA Algorithms. These could be user specified algorithms for the paranoid user.



Latest version (v1.6.3.4) can be found here: Release post
- Please download 'TTT_1.6.3.4_release.7z' and install.
- Also download 'TTT_hotfix_v1.6.3.8.7z' and copy and replace the two files into the above install.

 

[vselic]

When:
- 'Air interface encryption service' = 1
- 'Security Call 1 supported on cell' = 0
- 'Security Call 3 supported on cell' = 1
then according to the standards, all signalling and traffic will be encrypted. That means no clear speech is carried on cell.

FACT!

 

[vselic]

While I'm sure it will possible to do in the far future, TETRA will be dead and gone when it happens, and so the encryption has served it's purpose.

People believed ENIGMA cannot be cracked voila… But on the other hand the truth is, that enigma was cracked for war purposes while tetra can be cracked only for piracy benefits

BR

 

[thewraith2008]

FACT!

No, I just said it because I've got nothing better to do.

Read EN 300-392-02 and EN_300-392-07 and see for yourself.

People believed ENIGMA cannot be cracked voila… But on the other hand the truth is, that enigma was cracked for war purposes while tetra can be cracked only for piracy benefits

BR

End of the day, TETRA has not been broken.

 

[slicerwizard]

People believed ENIGMA cannot be cracked

Tired, broken argument is tired. And broken.

 

[syscodec]

Clear & encrypted can exist in same network

 

[hamradionl]

Clear & encrypted can exist in same network

I notice the same in my area all these used 1 commercial private network, not being any government
No Security
Security_Class_1
Security_Class_2
Security_Class_3

 

[Ubbe]

TEA3 are used by those that are not allowed to use TEA2. Probably can not comply with the security demands neccesary to get a TEA2 license, that the students report also seemed to indicate.

/Ubbe

 

[hamradionl]

TEA3 are used by those that are not allowed to use TEA2. Probably can not comply with the security demands neccesary to get a TEA2 license, that the students report also seemed to indicate.
/Ubbe

Nationwide network show
Security_Class_0
Security_Class_1

Government public safety used by fire, medic, pol show
Security_Class_2
Security_Class_3
some others on same network show only
Security_Class_2

 

[thewraith2008]

Clear & encrypted can exist in same network

Yes clear speech and encrypted speech on same cell when:
- 'Air interface encryption service' = 1
- 'Security Class 1 supported on cell' =1
and
- 'Security Class 3 supported on cell' = is either 0 or 1


NOTE to all: 'Security_Class_3_supported_on_cell' in the 'Network Info' > 'Current cell' indicates either Security Class 2 or Class 3 usage:
Security_Class_3_supported_on_cell = 0 for Security Class 2
Security_Class_3_supported_on_cell = 1 for Security Class 3
Even though the comment field indicates this, For next release I have changed this element to display as: "Security_Class_2_or_3_supported_on_cell"

I notice the same in my area all these used 1 commercial private network, not being any government
No Security
Security_Class_1
Security_Class_2
Security_Class_3

Security_Class_1 = No Security

Nationwide network show
Security_Class_0
Security_Class_1

Government public safety used by fire, medic, pol show
Security_Class_2
Security_Class_3
some others on same network show only
Security_Class_2

Security_Class_0 does not exist
Security_Class_2 and Security_Class_3 can not exist at same time.
- The 1 bit element in SYSINFO sets usage to either Class 2 (=0) or Class 3 (=1)

Each cell supports at any one time one of the following options: (EN300-392-07 - 4.0 Security classes)
Class 1 only
Class 2 only
Class 3 only
Class 2 and Class 1
Class 3 and Class 1
Class 2 and class 3 are not permitted to be supported at the same time in any cell.

 

[hamradionl]

i whas looking in older tetra version
This in newer TTT copy the full line txt this time

Security_Class_1_supported_on_cell	1	Supported = Clear speech can be on cell
Security_Class_3_supported_on_cell	1	Only security class 3 supported

Or this

Security_Class_1_supported_on_cell	1	Supported = Clear speech can be on cell
Security_Class_3_supported_on_cell	0	Only security class 2 supported

This:

SDS_TL_addressing_method

2

Never use service centre addressing

Some showing and some showing not

Hyperframe

Filler_bits

4

 

[FERRAINAELENA]

HERE IN MY AREA IN ITALY EVERYTHING IS ENCRYPTED, I HAVE BEEN MONITORING THEM FOR MORE THAN 2 YEARS, I HAVE NEVER HEARD ANYONE IN CLEAR SLO ENCRYPTION.