Cradicle Explorer
UA-8295-NSA
/ README.md
README.md
 1  # Reverse-engineering of the NSA backdoored firmware of the UA-8295 Short-Burst Message Terminal
 2  
 3  This project contains a fully reverse-engineered and re-implemented version of
 4  the NSA backdoored encryption algorithm of the UA-8295 Short-Burst Message
 5  Terminal. It comes also with possibility to run the original crypto algorithm
 6  in two different emulators.
 7  
 8  > The UA-8295 was an Electronic Message Unit (EMU) 1 with built-in encryption, developed by Nokia in Finland and marketed from 1984 onwards by Philips Usfa in Eindhoven (Netherlands). It can be used with telephone and radio equipment, and is based on the Nokia DA-8520 message terminal; in the Finnish Army known as the Sanomalaite m/90 (SANLA). The intial version uses DES, but some versions use an encryption algorithm developed by the US National Security Agency (NSA).
 9  
10  src: https://www.cryptomuseum.com/crypto/philips/ua8295/
11  
12  ![ua-2895 terminal](ua8295.jpg)
13  
14  The firmware that this reverse-engineering was based on were kindly published
15  by the fine people of the https://www.cryptomuseum.com/ as were all kind of
16  manuals and [https://www.cryptomuseum.com/crypto/philips/ua8295/sbt.htm](preliminary analysis of the backdoored algorithm).
17  
18  This code is available on radicle: rad:z46AkAERuXAzqZcDRKvE7byRbkga1
19  
20  ## Contents
21  
22   - `writeup.org` and `writeup.pdf`: an analysis of the algorithm and the
23     implementation itself, start here for a top down view on the whole of it.
24   - `src/`: re-implementation in C as close as possible to the original
25     FW, some is (abandoned) WIP.
26   - `ROM.hex` and `SBT.rom`: the original firmware in Intel HEX and binary formats.
27   - `ghidra_project.gpr`, `ghidra_project.rep` and `fixprint.py`: a Ghidra project
28     containing the annotated firmware.
29   - `sbt.[ch]` a slightly optimized version of the crypto algorithm,
30     for use in analysis and attacks.
31   - `mcu.py`: a simple 8051 emulator written purely in python, adapted from
32     https://github.com/estarq/i8051emu (c) Paul Lloyd - MIT license
33   - `emu-decrypt.py` & `emu-encrypt.py` two simple
34     scripts using the python-based emulator running the firmware to encrypt and
35     decrypt.
36   - `analysis/`: a directory containing a lot of tools and experiments to
37     understand the firmware.
38   - `attacks/`: a directory containing a few (failed) attempts at an algebraic
39     attack against the algorithm.
40   - `emu8051-3102.py`: emulation using an alternative emulator by Hugo
41     Villeneuve, get the headless fork from radicle: `rad:zRr7zaEsJMgoVsF3qYtsfRbadECa`
42     or you can get the patched emu8051 sources from
43     https://rad.ctrlc.hu/nodes/rad.ctrlc.hu/rad:zRr7zaEsJMgoVsF3qYtsfRbadECa
44     using git or a zip download.
45   - `des-variant/`: the firmware for the original DES variant, only for comparison,
46     not actively used in this project.
47   - `notes.org`: random notes