SDR# TETRA Demodulator Trunk Tracking Demonstration

lynzoid

Member
Joined
Feb 27, 2009
Messages
127
Location
LA
You mean you can't eavesdrop on encrypted comms? You are not supposed to, fake state dweller.
 

vselic

Member
Joined
Jan 9, 2020
Messages
14
I know it's not supposed to, but the thing is, few years ago - around two (when i did not work with rtl-sdr) - until a year ago, when they started to update our tetra system, it was not encrypted, so i was not shure, if it's encryption or just not the right configuration... now i can hear scrambled voice, so figured out, it's encrpted transmision and as i said, it's dead end... But the fact is, that some parts may still not be encrypted at all, so i'll continue to search.

If you check closely, few posts away, i have posted a link, where some student proved, that it was not encrypted. Hope you understand .
 

hamradionl

Member
Joined
Mar 23, 2014
Messages
427
Radios needs to properly received the encryption key information after they have affiliated to the system so MNC and LA and frequencies
and those kind of traffic information are never encrypted.
That is good point
 

Ubbe

Member
Joined
Sep 8, 2006
Messages
3,712
Location
Stockholm, Sweden
If you check closely, few posts away, i have posted a link, where some student proved, that it was not encrypted. Hope you understand .
I looked at the document and it seems that the system use TEA1 and are configured to allow clear speech if a mobile/portable do not use the encryption key. They explain a lot how it is possible to monitor unencrypted conversations, that you also do with the tetra SDR# plugin, but says nothing about being able to listen to TEA1 encrypted conversations. For some reason the slovenian police seems to use this system and some of their tetraradios transmit in the clear, and TEA1 are ment for commercial use with low security demands and public safety in any other country in EU use TEA2 and do not permit any unencrypted calls in their systems.

They also said something about monitoring the microwave links that where unencrypted, but those are always set to encrypt mode in any other country. I do not know if it is only a test system that only have unimportant calls as so many security issues exists that have not been taken care of by the security officer of the system. The authentification database in public safety are normally set to also use the radios serial number to stop any cloning attempts of ISSI numbers, and serial numbers can only be changed at certain service depots that has a computer and a security dongle that are online live with the main distributors user database.

/Ubbe
 

hamradionl

Member
Joined
Mar 23, 2014
Messages
427
For some reason the slovenian police seems to use this system and some of their tetraradios transmit in the clear, and TEA1 are ment for commercial use with low security demands and public safety in any other country in EU use TEA2 and do not permit any unencrypted calls in their systems.
/Ubbe
The new network released in 2020, rumours telling using TEA3 or higher
 

thewraith2008

Member
Joined
Nov 22, 2016
Messages
879
If you check closely, few posts away, i have posted a link, where some student proved, that it was not encrypted. Hope you understand .
The document linked is over 5 years old, networks can change despite our wishes in that time.
Maybe because of that document, that's why it's fully encrypted now.

Document talks about possible security problems but makes no mention of been able to 'crack' the encryption or that it has ever been done.
While I'm sure it will possible to do in the far future, TETRA will be dead and gone when it happens, and so the encryption has served it's purpose.

When:
- 'Air interface encryption service' = 1
-
'Security Call 1 supported on cell' = 0
-
'Security Call 3 supported on cell' = 1
then according to the standards, all signalling and traffic will be encrypted. That means no clear speech is carried on cell.



Latest version (v1.6.3.4) can be found here: Release post
- Please download 'TTT_1.6.3.4_release.7z' and install.
- Also download 'TTT_hotfix_v1.6.3.8.7z' and copy and replace the two files into the above install.
 

hamradionl

Member
Joined
Mar 23, 2014
Messages
427
Just curious, as always :)
TEA1 is encr, some rumours discuss going to use 3 in future?
Seem 1 or 2 not that secure?
Or in 3 there be new functionality implemented?
Or is 3 just being same as 2 using some new or extended functionality?
The rumours stated not be clear, waiting end summer 2020 when or if this new network be on the air.
 

vselic

Member
Joined
Jan 9, 2020
Messages
14
Just curious, as always :)
TEA1 is encr, some rumours discuss going to use 3 in future?
Seem 1 or 2 not that secure?
Or in 3 there be new functionality implemented?
Or is 3 just being same as 2 using some new or extended functionality?
The rumours stated not be clear, waiting end summer 2020 when or if this new network be on the air.

which country? Tea3 has just extended bit code as far as i know, so nothing new.
 

thewraith2008

Member
Joined
Nov 22, 2016
Messages
879
TEA (TETRA Encryption Algorithm) is only the algorithm.
Any "functionality implemented" would only be how the algorithm goes about encrypting data.
Don't know if each TEA# offer different bit strengths, which would make encryption stronger I guess.

TETRA by the way of 'KSG Number' states that there can be 16 algorithms used:
- TEA1 to TEA7 for 'TETRA Standard Algorithm' with only 4 defined. (4 for future expansion)
- The remaining 8 are for Proprietary TETRA Algorithms. These could be user specified algorithms for the paranoid user.



Latest version (v1.6.3.4) can be found here: Release post
- Please download 'TTT_1.6.3.4_release.7z' and install.
- Also download 'TTT_hotfix_v1.6.3.8.7z' and copy and replace the two files into the above install.
 

vselic

Member
Joined
Jan 9, 2020
Messages
14
When:
- 'Air interface encryption service' = 1
-
'Security Call 1 supported on cell' = 0
-
'Security Call 3 supported on cell' = 1
then according to the standards, all signalling and traffic will be encrypted. That means no clear speech is carried on cell.
FACT!
 

vselic

Member
Joined
Jan 9, 2020
Messages
14
While I'm sure it will possible to do in the far future, TETRA will be dead and gone when it happens, and so the encryption has served it's purpose.
People believed ENIGMA cannot be cracked :) voila… But on the other hand the truth is, that enigma was cracked for war purposes while tetra can be cracked only for piracy benefits :)

BR
 

Ubbe

Member
Joined
Sep 8, 2006
Messages
3,712
Location
Stockholm, Sweden
TEA3 are used by those that are not allowed to use TEA2. Probably can not comply with the security demands neccesary to get a TEA2 license, that the students report also seemed to indicate.

/Ubbe
 

hamradionl

Member
Joined
Mar 23, 2014
Messages
427
TEA3 are used by those that are not allowed to use TEA2. Probably can not comply with the security demands neccesary to get a TEA2 license, that the students report also seemed to indicate.
/Ubbe
Nationwide network show
Security_Class_0
Security_Class_1

Government public safety used by fire, medic, pol show
Security_Class_2
Security_Class_3
some others on same network show only
Security_Class_2
 

thewraith2008

Member
Joined
Nov 22, 2016
Messages
879
Clear & encrypted can exist in same network
Yes clear speech and encrypted speech on same cell when:
- 'Air interface encryption service' = 1
-
'Security Class 1 supported on cell' =1
and
-
'Security Class 3 supported on cell' = is either 0 or 1


NOTE to all: 'Security_Class_3_supported_on_cell' in the 'Network Info' > 'Current cell' indicates either Security Class 2 or Class 3 usage:
Security_Class_3_supported_on_cell = 0 for Security Class 2
Security_Class_3_supported_on_cell = 1
for Security Class 3
Even though the comment field indicates this, For next release I have changed this element to display as: "Security_Class_2_or_3_supported_on_cell"


I notice the same in my area all these used 1 commercial private network, not being any government
No Security
Security_Class_1

Security_Class_2
Security_Class_3
Security_Class_1 = No Security

Nationwide network show
Security_Class_0
Security_Class_1

Government public safety used by fire, medic, pol show
Security_Class_2
Security_Class_3
some others on same network show only
Security_Class_2
Security_Class_0 does not exist
Security_Class_2 and Security_Class_3 can not exist at same time.
- The 1 bit element in SYSINFO sets usage to either Class 2 (=0) or Class 3 (=1)

Each cell supports at any one time one of the following options: (EN300-392-07 - 4.0 Security classes)
Class 1 only
Class 2 only
Class 3 only
Class 2 and Class 1
Class 3 and Class 1
Class 2 and class 3 are not permitted to be supported at the same time in any cell.
 

hamradionl

Member
Joined
Mar 23, 2014
Messages
427
i whas looking in older tetra version
This in newer TTT copy the full line txt this time ;)

Security_Class_1_supported_on_cell1Supported = Clear speech can be on cell
Security_Class_3_supported_on_cell1Only security class 3 supported

Or this
Security_Class_1_supported_on_cell1Supported = Clear speech can be on cell
Security_Class_3_supported_on_cell0Only security class 2 supported

This:
SDS_TL_addressing_method2Never use service centre addressing

Some showing and some showing not
Hyperframe

Filler_bits4
 
Top