Cradicle Explorer
UA-8295-NSA
UA-8295-NSA
This project contains a fully reverse-engineered and re-implemented version of the NSA backdoored encryption algorithm of the UA-8295 Short-Burst Message Terminal.
rad:z46AkAERuXAzqZcDRKvE7byRbkga1
Visibility
public
Delegates
did:key:z6Mkp4xT755Ur1aYRGFymiKLbeoyZtJ7pQetERAppc9h2yD1
Default branch
master → 7a27b7a350ccadadc2d1bd776747a06393fb50ab (Sun Feb 15 18:32:42 2026)
Threshold
1
README.md
# Reverse-engineering of the NSA backdoored firmware of the UA-8295 Short-Burst Message Terminal

This project contains a fully reverse-engineered and re-implemented version of
the NSA backdoored encryption algorithm of the UA-8295 Short-Burst Message
Terminal. It comes also with possibility to run the original crypto algorithm
in two different emulators.

> The UA-8295 was an Electronic Message Unit (EMU) 1 with built-in encryption, developed by Nokia in Finland and marketed from 1984 onwards by Philips Usfa in Eindhoven (Netherlands). It can be used with telephone and radio equipment, and is based on the Nokia DA-8520 message terminal; in the Finnish Army known as the Sanomalaite m/90 (SANLA). The intial version uses DES, but some versions use an encryption algorithm developed by the US National Security Agency (NSA).

src: https://www.cryptomuseum.com/crypto/philips/ua8295/

![ua-2895 terminal](ua8295.jpg)

The firmware that this reverse-engineering was based on were kindly published
by the fine people of the https://www.cryptomuseum.com/ as were all kind of
manuals and [https://www.cryptomuseum.com/crypto/philips/ua8295/sbt.htm](preliminary analysis of the backdoored algorithm).

This code is available on radicle: rad:z46AkAERuXAzqZcDRKvE7byRbkga1

## Contents

 - `writeup.org` and `writeup.pdf`: an analysis of the algorithm and the
   implementation itself, start here for a top down view on the whole of it.
 - `src/`: re-implementation in C as close as possible to the original
   FW, some is (abandoned) WIP.
 - `ROM.hex` and `SBT.rom`: the original firmware in Intel HEX and binary formats.
 - `ghidra_project.gpr`, `ghidra_project.rep` and `fixprint.py`: a Ghidra project
   containing the annotated firmware.
 - `sbt.[ch]` a slightly optimized version of the crypto algorithm,
   for use in analysis and attacks.
 - `mcu.py`: a simple 8051 emulator written purely in python, adapted from
   https://github.com/estarq/i8051emu (c) Paul Lloyd - MIT license
 - `emu-decrypt.py` & `emu-encrypt.py` two simple
   scripts using the python-based emulator running the firmware to encrypt and
   decrypt.
 - `analysis/`: a directory containing a lot of tools and experiments to
   understand the firmware.
 - `attacks/`: a directory containing a few (failed) attempts at an algebraic
   attack against the algorithm.
 - `emu8051-3102.py`: emulation using an alternative emulator by Hugo
   Villeneuve, get the headless fork from radicle: `rad:zRr7zaEsJMgoVsF3qYtsfRbadECa`
   or you can get the patched emu8051 sources from
   https://rad.ctrlc.hu/nodes/rad.ctrlc.hu/rad:zRr7zaEsJMgoVsF3qYtsfRbadECa
   using git or a zip download.
 - `des-variant/`: the firmware for the original DES variant, only for comparison,
   not actively used in this project.
 - `notes.org`: random notes