There’s a section of our community who concern themselves with the technological aspects of preparing for an uncertain future, and for them a significant proportion of effort goes in to communication. This has always included amateur radio, but in more recent years it has been extended to LoRa. To that end, [Bertrand Selva] has created a LoRa communicator, one which uses a Pi Pico, and delivers secure messaging.
The hardware is a rather-nice looking 3D printed case with a color screen and a USB A port for a keyboard, but perhaps the way it works is more interesting. It takes a one-time pad approach to encryption, using a key the same length as the message. This means that an intercepted message is in effect undecryptable without the key, but we are curious about the keys themselves.
They’re a generated list of keys stored on an SD card with a copy present in each terminal on a particular net of devices, and each key is time-specific to a GPS derived time. Old keys are destroyed, but we’re interested in how the keys are generated as well as how such a system could be made to survive the loss of one of those SD cards. We’re guessing that just as when a Cold War spy had his one-time pad captured, that would mean game over for the security.
So if Meshtastic isn’t quite the thing for you then it’s possible that this could be an alternative. As an aside we’re interested to note that it’s using a 433 MHz LoRa module, revealing the different frequency preferences that exist between enthusiasts in different countries.
Different frequency preferences may be due to legal requirements
868 MHz is EU
433 MHz is part of the old global ISM
915 MHz is USA
Part of why LORA on 433 MHz is sold is better wall penetration for smart meters
Indeed, that’s a key point. 433 MHz is attractive for its ability to penetrate buildings.
Be discovered performing non-standard emissions by guys doing ECM and then you’ll be priority target for drone-dropped gifts.
Btw. by ECM I also meant all sorts of ELINT.
You mean SIGINT
Oh boy, a free grenade!
So glad we had this discussion.
Efficient Corn Mastication
Embalming Collectible Mammals
Enticing Corruptible Minors
Exotic Cattle Markets
Existentially Cromulent Memes
Electronic Counter Measures
Electronic CounterMeasures
That’s true… but it applies to any radio system. Any emission can be traced if the opposing side has the technical means.
One possible way to reduce detectability is to use high-gain antennas (and thus narrow beamwidth), combined with higher frequencies — which helps keep the antenna or antenna array reasonably compact.
Fruitloops.
Mind you, there’s provision in JS8Call for preppers so they can make a nuisance of themselves on HF and all other bands too.
Encrypted communications are explicitly prohibited for my Ham license except for controlling satellites(!!). Unless this is well below power requirements or otherwise no license needed, this may be illegal. I haven’t messed with LORA yet. Some jurisdictions may or may not care.
Based on the creators website/youtube video, it looks like they are in France. I wouldn’t claim to even be moderately versed in EU Radio Law (or Bird Law), it looks like in 433 they are restricted to +10 dBm.
Judging from that video, it looks like the creator has it configured at +33. Whether it’s actually pushing that is another story entirely, I suspect.
I know meshtastic has really grown legs in EU, and they seem to favor 868 MHz (which EU allows amateur +27 dBm), so perhaps the choice to go with 433 was related to congestion, or just BOM cost/availability.
14 dBm and 10% duty cycle limit on 433.050–434.790 MHz in Finland for license-exempt use, not sure if EU-harmonized
You’re right — I’m based in France, and the 433 MHz ISM band here is indeed limited to +10 dBm ERP. During tests, transmission conditions are controlled using a dummy load or a -20 dB attenuator to stay compliant.
The modem is capable of transmitting at +33 dBm — which would of course be illegal under EU regulations in normal operation. That power level is strictly reserved for “end-of-the-world scenarios”
.
That said, 433 MHz performs better for transmission than higher frequencies at equal power. So for range and penetration, 433 MHz remains a solid choice.
Meant to add / ask:
Isn’t the encryption restriction limited to >30 dBm?
It would definitely be illegal in the US unless the encryption was turned off. You can’t transmit with any useful amount of power on 70cm without a ham license. The only exceptions to the power limit are for intermittent control signals such as keyfobs and periodic transmissions such as alarm or temperature sensors. Even then, the range is pretty short.
It would have to use 915MHz in the US. Up to 1 watt is allowed for spread spectrum transmissions without a license there. 2.4GHz can be used as well, but the range will be shorter.
Thing is, if the world went into SHTF territory i doubt anybody would give a flying. ;)
It’s true, 433 MHz is not an ISM band in the US; it’s part of the 70 cm amateur radio band. So yes, any meaningful transmission there would require a ham license, and encryption would be prohibited under FCC rules for amateur bands.
This prototype was developed and tested in France, where 433 MHz is part of the ISM band (limited to +10 dBm ERP). For US use, I’d adapt the design to 915 MHz, the local ISM band, which allows up to 1 W for spread spectrum without a license – perfect for LoRa.
As you pointed out, 2.4 GHz is also license-free, but propagation is significantly worse. So 915 MHz would definitely be the best choice for a US-compliant version.
And yes — when it comes to encryption, it’s perfectly legal on ISM bands for things like temperature sensors, short messages, or control signals. The ban on encryption only applies to amateur radio, not ISM.
An amateur license doesn’t forbid you from using any encryption at all anywhere. You are probably using encryption to access this site (https). You just can’t use encryption on amateur licensed equipment and frequencies.
This is a great! I’ve been working on a similar thing for quite a while. But where’s the design? Is this just a show off project that gives us nothing?
A few other things. The encryption is not unbreakable!
1. AES-256 may be secure but it is not unbreakable. Only pure OTP (one time pad) encryption is truely unbreakable, even with unlimited resources. Maybe there’s a special case where a message shorter than 256 bits is identical to OTP but I didn’t see any justification for that.
OTP is only perfectly secure if the keys are perfectly random. This is much more complicated than it sounds. Random number generators can have weaknesses just like encryption algorithms. It is even possible to sabotage the keys in a way that is mathematically impossible to detect. This is a real risk if you are generating the keys on a compromised computer!
You can not be sure that the files have been deleted from the SD card. The blocks you see when accessing the card are not the physical blocks. The SD card manages those transparently for wear leveling and error correction. It CAN AND WILL “delete” a block by simply pointing the address to a new, blank location. The data is still there. If the card is large and your usage is small it may not be overwritten for years. Getting this data may not even be hard. Big governments have full access to the SD card manufacturers and their internal software.
An additional attack which I did not see discussed is the know plaintext attack. This attack allows the modification of a message or portion thereof if that part is already know to the attacker. Additional protection is required for it, even if you have perfect encryption.
My take on this is that a device of this sort is “safety critical” just like a pacemaker or the avionics on an aircraft. Therefore the design must be created and audited with EXTREME care. I’ve been trying to do it for years and it is much harder than it initially seems.
Thank you for the very thoughtful feedback. I agree with many of your points.
If I were to take this project further, I would aim to build a true hardware random number generator, based on analog electronics (e.g. thermal noise from a diode), connected to a very simple microcontroller. The idea would be to generate and store keys directly onto two identical SD cards, each on a separate SPI port, without using a PC, no software RNG, and keeping the entire process isolated from any potentially compromised system.
The microcontroller could also be used to clone one SD card onto the other.
As you rightly pointed out, OTP (one-time pad) is only unbreakable if the keys are truly random, used only once, and securely destroyed, which is a real challenge with consumer-grade SD cards. You’re absolutely right that wear leveling and internal block management can leave “deleted” data physically intact for years.
One possible countermeasure would be to overwrite each target block many times before considering it deleted ?
Your comment on known-plaintext attacks is also spot on : padding, authentication, and even traffic shaping would need to be implemented if such a system were to be deployed seriously. But for now this is just a proof of concept.
Check out the 915 mhz North American version of LoRa – Meshtastic. Totally legit to use encryption. Here in Denver Colorado I see about 400+ nodes in use at any given time and the range is awesome as a result.
Relying on GPS time for “end of the world” communications seems dodgy
Agreed! Break out the compass and sextant!
Fun thought experiment to determine time of all electronics went out. I’ve been only moderately successful with sextant and Lunar Distance method, maaaaybe within 30 seconds of the “actual” GMT at very best and that’s getting really lucky probably. I think to get within seconds maybe a transit telescope?
It also works with a cheap DS3231 RTC if GPS is unavailable.
One way to get around the clock requirement is to send a sequence number with every message. Sending 42 at the start of the message is like saying, “Use key number 42 for this message.”
Yeah, that’s a valid concern — if GPS is gone, things are already pretty bad.
But the system falls back to a DS3231 RTC, which keeps the clocks in sync well enough for key alignment if GPS drops out.
And , in many scenarios GPS would still be available — it’s a high-resilience system, even if the internet or infrastructure goes down.
…Would the satellites stop transmitting timecodes anytime soon? They are about as remote an independent as any infrastructure can be
In case “world burns” don’t you want to have more open communication rather than secured. You would expect someone to hear you.
These guys into encryption are preppers and paranoid people, I suppose.
Who’re afraid of being spied on by goverment and such.
Or just fans of encryption because.. internet.
Funny that this is in France, though.
Amateur radio always was being open, it was the whole point.
Call signs with name and address used to be available in call books (phone books of amateur radio).
Hams knew (and hoped) that SWLs would listen to their conversation.
That’s how new hams had been introduced to the hobby/service.
They started out as unlicensed SWLs or CBers.
As a prepper myself there is utility in both open and encrypted systems; Open, for making unknown contacts, and encrypted for pre-shared team communications. I have both.
Afraid, no. Angry? Yes. My conversations/communications are none of anyone’s business but my own. You may think it’s just peachy to live in a surveillance state, but, one day you may regret it.
Agree 100%!
If I were designing a covert encrypted communication device, I’d make make the radio signature match a cordless electric drill with worn out brushes. Plenty of random crap that would make a wonderful one time key, and the bursts of noise would be what you would expect from a drill.
And boy howdy are some of those drills noisy.
Imitating a car with solid copper spark plug wires would be another option. There was a taxi fleet in NYC in the 80s that made am radio reception really difficult if you were near a heavily traveled street.
Covert and you want to create a noise pattern EMF that will randomly blast across half the spectrum?
Make triangulation as easy as possible lol
Hello everyone,
Thanks for your comments, feedback, and discussion — this is exactly the kind of exchange I was hoping for when sharing this project.
Regarding the legal aspects: in France, and more generally across Europe, the 433 MHz band (433.050 to 434.790 MHz) is license-free, provided you stay under 10 dBm of output power and respect a maximum duty cycle of 10%. The device shown here has only ever been used for educational and test purposes — never in real-world communication. All tests were conducted either with 50-ohm terminators or with a 20 dB attenuator, ensuring actual emissions stayed well below the legal threshold. In short, this project is designed with the mindset of a hypothetical, severely degraded situation, where agencies like the ANFR are no longer a day-to-day concern for survivors 😉 — but we’re obviously not in that world today.
As for encryption, it is not prohibited on ISM bands. It is prohibited on amateur radio bands, but that doesn’t apply here. Most devices operating on ISM (smart meters, remote sensors, key fobs, etc.) already use encryption. My project uses a one-time pad (OTP) approach (+ AES256 bits), with keys as long as the message itself. This means that any intercepted transmission is undecipherable without the exact key, even with significant resources.
The issue of device capture has been considered. When a message is sent, its associated key is flagged as expired. If the system is not busy transmitting, it dedicates idle time to securely erasing past keys, starting from the most recent and working backward. The full cleanup takes about seven hours to wipe the entire key space used so far. A persistent marker is used to track progress and avoid rewriting already-cleaned sectors. So if a unit is captured, there is no risk of leaking past messages, even if the traffic had been intercepted. The future may be uncertain — but the past is erased.
As for the choice of 433 MHz: it’s legal in France under the conditions mentioned above, and it offers better building penetration and less “line-of-sight” dependency than higher frequencies at the same power. With a 70 cm wavelength, it’s also still manageable to build decent directional antennas with some gain — even in DIY conditions (https://hackaday.io/project/203137-358-pmr-antenna-clean-matched-3d-printable). At one point I considered repurposing smart meter modems and even looked into 169 MHz FSK modules like Radiocrafts’ RC1701HP-WIZE, which can transmit up to 500 mW in some European countries, offering excellent range in rural areas. I bought a pair, but the idea never went further. The advantage of the module used in this project is its low cost, especially considering its performance.
And finally, to address those who mentioned paranoia: no, I’m not paranoid. I just value my privacy and don’t like the idea of being listened to without my knowledge. I find it unfortunate that this concern has become suspect. This device is a technical challenge, a personal experiment in seeing how far one can go to secure communication for regular individuals, using readily available tools. Nothing more.
Thanks again for reading and for your feedback.