SQ5BPF notes – radio, electronics, security, silly hacks

2026-01-23

Listening to TETRA encrypted communications

In 2014 i have released the first publicly available software that could monitor unencrypted voice calls on a TETRA network (and also some data: SDS, status etc). This software was called telive.

Previously the network operators intentionally did bother with encryption. This pushed network operators to use it. The world got more secure.

While better than nothing, this encryption was proprietary. The public could not audit it. Historically when the algorithm was not disclosed it was often found to be weak (such as A5/1 in GSM).

In 2023 Midnight Blue released their fantastic work on reverse engineering the TETRA encryption algorithms. They published an implementation of TEA1-4 and also found deliberate weakening of the TEA1 protocol.

So at the turn of 2025/2026 i have released an experimental version of my software which can monitor encrypted calls on a TETRA network. This is of course only if you know the encryption keys (see below on how to obtain them). Also i added support for the reduced keys for TEA1. And also released software to recover the reduced key from on-air traffic.

Hope this will further push operators to step up their security.

Continue reading “Listening to TETRA encrypted communications”

2025-06-02

Youpot

Youpot is a novel proxy-back honeypot for catching worms, that uses the attacker IP as a pure honeypot.

No need to implement any service emulation, we just redirect the connection back to the attacker’s IP on the same port he connected to us, sit back and enjoy the show 🙂

More info here:

Youpot

https://github.com/sq5bpf/youpot

2024-12-282024-12-28

Altoids tin bandpass filter for 868MHz Meshtastic

LoRA mesh networking is gaining a lot of popularity, especially Meshtastic.

The available modules have very lax bandpass filtering. This can be fixed by a simple filter from a tinned still can and some semirigid coax. The construction is based upon the W1GHZ Altoids Tin Filters publication for 901MHz, but tuned a bit lower.

Continue reading “Altoids tin bandpass filter for 868MHz Meshtastic”

2024-11-282024-12-17

uSDX+ simple modifications

The uSDX+ is a nice little transceiver from china based on the uSDX project. It is cheap, works on 8 bands, is based on opensource software, and has enough place inside the case to do some modifications. And if it breaks, it is easy to fix (probably easier than many analog radios).

So let’s see what we can modify in this radio.

The following modifications will be for the uSDX+ (uSDX plus), with the board marked Ver 3.0, but other radios may be similar and similar modifications may apply.

Continue reading “uSDX+ simple modifications”

2024-11-192024-11-19

Adding an INA219 power monitor to a chinese USDX+ transceiver

The (tr)uSDX has hardware to measure the power amplifier voltage/current/input power. Since the output power is also measured, it can calculate and show efficiency. This is very useful for tuning the class-E output stage, and is also useful in the field to see battery voltage and other parameters.

I have an uSDX+ transceiver from China. Let’s add the power monitor to it too. This description should apply to other radios based on the uSDX.

Continue reading “Adding an INA219 power monitor to a chinese USDX+ transceiver”

2024-11-192024-11-19

Adding an SWR meter to a chinese uSDX+ transceiver

The (tr)uSDX transceiver has a builtin SWR meter. It will measure SWR and forward/reflected power. This is very useful in the field, because there is one less device to carry.

I have an uSDX+ transceiver from China. Let’s add the SWR meter to it too.

Continue reading “Adding an SWR meter to a chinese uSDX+ transceiver”

2022-12-022022-12-02

Demo of a working replica of the Great Seal Bug on the 23cm band

This is a demo of a working replica of the Great Seal Bug.

As far as i know this is the only attempt to make a working replica, not only a nicely looking prop.

I am a licensed radio amateur (callsign SQ5BPF), therefore the device dimensions were scaled to make it operate on the amateur radio 23cm band (1240-1300 MHz). Please see my other articles about this device.

2022-10-062022-12-02

The Great Seal Bug. Part 3: Building a working copy of The Thing

This is the third part of articles about the Great Seal Bug (also called “The Thing”). These articles will cover: history, theory of operation and a practical reconstruction of this device. This part is about building a working copy of the Great Seal Bug

To my knowledge this is the only publication about making a wirking replica of the Sreat Seal Bug. https://www.vintagespycraft.com/ shows a beautifully looking model, however the emphasis was on making it a nice looking exhibit, and not on making it work (but look at this site anyway, the model is a work of art).

In 1945 this was super-secret, ultra-novel military technology. Building and operating it required special materials and access to ultra-secret hardware. So is it possible to do this in 2022 on an amateur budget? Surely not.

But radio amateurs have a long history of doing “impossible” things, part because of their ingenuity, and part because of their ignorance (they simply don’t know something can’t be done). So lets try anyway 🙂

Continue reading “The Great Seal Bug. Part 3: Building a working copy of The Thing”

2022-10-052022-12-02

The Great Seal Bug. Part 2: theory of operation

This is the second part of articles about the Great Seal Bug (also called “The Thing”). These articles will cover: history, theory of operation and a practical reconstruction of this device.

This part is a short explanation the theory of operation.

Continue reading “The Great Seal Bug. Part 2: theory of operation”

2022-10-032023-10-07

The Great Seal Bug. Part 1: history

This is the first part of articles about the Great Seal Bug (also called “The Thing”). These articles will cover: history, theory of operation , a practical reconstruction of this device and a working demo.

This device, even 75 years later, is still often mentioned at security publications and conferences.

Continue reading “The Great Seal Bug. Part 1: history”