tea2adt is a command-line utility for Chat, Remote Shell, Remote AI Prompt and File Transfer, that reads and writes encrypted data across peer-to-peer or broadcast audio connections, using minimodem and gpg.
It is a powerful tool that can be combined with any audio infrastructure (like PSTN, cellular network, internet, radio, walkie-talkies) to provide a secure communication channel through an audio tunnel.
The audio interfaces behave like data-diodes, each allowing unidirectional data transmission only, thus preventing data-leaks and malware-injection.
This enables an "enhanced"-end-to-end encryption (E-E2EE) which notably increases security and privacy, especially when the end devices are completely offline (air-gapped-system), thus providing an effective barrier against "legal or illegal" client-side-scanning!
See also https://www.codeproject.com/Articles/5295970/Audio-Chat-for-Quite-Good-Privacy-AC4QGP
pip install tea2adt
or with git:
git clone https://github.com/ClarkFieseln/tea2adt.git
cd tea2adt_source
chmod +x tea2adt
chmod +x *.sh
during first execution you will be asked to install dependencies: minimodem, gpg, bc, tmux, ...
but you can also install them yourself with:
sudo apt install minimodem
sudo apt install gpg
sudo apt install bc
sudo apt install tmux
...
tea2adt -c
enter and confirm password
On the other device a chat or a remote shell can be started.
tea2adt -s
then enter and confirm password
On the other device a chat shall be started to command the remote shell.
Note that this is technically a "reverse shell" which gives access to your system!
tea2adt -l
then enter and confirm password
On the other device a chat shall be started to interact with the remote AI prompt.
With this option you may remotely access your local, secure, and self-hosted AI (like ollama) in a secure way!
tea2adt -f
enter and confirm password
On the other device a file transfer shall be started.
To check connectivity and adjust volumes if required.
tea2adt -p
In addition, a separate terminal will be opened to read unencrypted probe messages being sent by the other side.
Adapt the configuration as required using the 'terminal GUI' with:
tea2adt -g
Alternatively, you may change the configuration by editing the files in the cfg folder directly. The 'Location' can be found with:
tea2adt -d
The most important settings are:
- baud
- keepalive_time_sec
- retransmission_timeout_sec
- split_tx_lines
- volume_microphone
- volume_speaker_left
- volume_speaker_right
- llm_cmd
- text_to_speech
When installed with git, tea2adt may be called with:
python3 tea2adt.py -c
# or
./tea2adt -c
This is an example to start a chat, but this is the same for any other option.
For more information check the documentation.
on top of the audio modem provided by minimodem and encryption provided by GPG, tea2adt offers a reliable transport layer and many other features:
-
modes: chat, remote-shell, remote-AI-prompt, file transfer (future: sniffer)
-
text-to-speech (TTS): synthesize speech from the text received in the chat
-
full-duplex communication
-
retransmit messages automatically after communication errors
-
split big messages into smaller data chunks in order to increase the probability of reception, thus reducing retransmissions
-
[keepalive] messages
-
redundant transmission of "data-messages"
-
composition of piped commands hidden to the user
-
tmp folder located in a configurable path beneath $HOME, independent of the current path.
-
probe, to check volume on receiver and adjust manually if needed
(very high and very low volumes may produce signal distortions)
-
"braodcast" transmissions also possible, e.g. when ACKs are deactivated
use-case: walkie-talkie, Radio station, ...
-
several configuration options: preamble, trailer, delays, cipher algorithm, confidence, log to file, verbose, etc.
please don't do the following if you are not allowed (it might be illegal!):
-
exfiltrate data over the air or cable to a nearby or remote computer
-
remote control over the air or cable from a nearby or remote computer
-
exfiltrate data from a computer evading classical auditing
(be aware that if you do this on your employer's computer you might be infringing the law!)
-
use the tool as a "side-channel" for covert communication e.g. to spread or inject malware,
even worse when combined with steganography (e.g. low volumes, data hidden in noise)
A: tea2adt in offline PC (Alice)
D: tea2adt in offline PC (Bob)
B, C: smartphone with call session (mobile, messenger app, etc.)
diodes: audio connections (sink/speaker -> source/microphone)
A: tea2adt in offline PC (Alice)
D: tea2adt in offline PC (Bob)
B, C: smartphone with Linphone call session
A: tea2adt in offline smartphone with Termux (Alice)
D: tea2adt in offline smartphone with Termux (Bob)
B, C: PC with qTox call session
A: tea2adt in offline PC (Alice)
D: tea2adt in offline PC (Bob)
B1, B2, C1, C2: waklie-talkie
The text received in the chat is synthesized to speech and output to a separate audio interface.
Text-to-speech demo video: https://www.youtube.com/watch?v=-ikTdBzhCSw&list=PLX24fhcibpHUx7ej_Tp4neobJUqOkqliN&index=10
With this option you may remotely access your local, secure, and self-hosted AI (like ollama) in a secure way!
Remote AI prompt, demo video: https://www.youtube.com/watch?v=6jYEBNAay64&list=PLX24fhcibpHXllvUgFUw6Ly9cwQcTcKac&index=1&pp=gAQBiAQB
The data transfer is usually done at low rates, typical of audio systems. Therefore, this tool is not adequate to transmit big files which may take a long time to complete.
Avoid using tools like PulseEffects, they may produce glitches!
In PuseEffects you may check the 'Add to Block List' option for minimodem and qtox.
https://pypi.org/project/tea2adt
https://github.com/ClarkFieseln/tea2adt
https://github.com/ClarkFieseln/tea2adt/blob/main/doc/documentation.md
https://github.com/ClarkFieseln/tea2adt/tree/main/screenshots
https://www.youtube.com/playlist?list=PLX24fhcibpHXllvUgFUw6Ly9cwQcTcKac
(c) 2025 Clark Fieseln
This repository is licensed under the MIT license. See LICENSE for details.