&gt; Nope I didn&#39;t miss that. Chosen Ciphertext or Known Plaintext attacks<br />&gt; might still proof some valueable points. Actually otherwise this would be<br />&gt; less interesting.<br /><br />Well, yeah but how would you get chosen / known plaintext ?<br /><br />You can&#39;t really buy equipment that has TEA support in theory, its distribution is limited.<br />Finding TETRA stuff is already not trivial, but finding some that has TEA is even harder.<br /><br />It&#39;s sometime possible to find just the FW files from some &quot;shady connections&quot;, but it&#39;s unclear if they&#39;d work or if they depend on some HW feature and at &gt; 200 eur per handset not many people are ready to risk bricking them for experiments :p<br /><br />And even then you often don&#39;t control enough to know / choose what it sends.<br /><br />Definitely quite a challenge :) But yeah can be fun if you can afford it.<br /><br />Cheers,<br /><br />    Sylvain