BIRDWATCH program: Treasure and tragedy with Eleron-3

Published on:
2022-09-09 06:43:36 +0000 UTC
Last modified:
2022-09-13 00:00:00 +0000 UTC


Subreption’s research and development team, for the past few months, has been dedicating manpower and resources to investigate and analyze military and paramilitary drone platforms operating in Asia and Europe. Our background is primarily vulnerability research and reverse engineering, enabling us to understand these platforms for both offensive and defensive purposes, including but not limited to detection, forensics data acquisition and active countermeasures.

Eleron 3: adventures in signal classification and decoding


From May 2022 onwards, Subreption and volunteers provided access to a prototype for detecting and decoding Eleron 3 signals to a specific group in Ukraine. This group later on disseminated the prototype without due credit.

Following an investigation of those involved, their employment, motivations, affiliations and registration information for companies (in some cases, registered as “NGOs” and as such benefiting from tax deductions similar to non-profit organizations), as well as credible reports from multiple sources, it was determined that the prototype and code for Eleron 3 detection and decoding was circulated beyond the boundaries of the altruistic collaboration that originally led to its development and completion.

Unfortunately, seeing how this situation deprives the general public of wide access to the tool while benefiting a select few (both Ukrainian and foreign businesses and individuals with personal interests), and how the ethical, legal and moral principles of our collaboration had been violated, a decision was reached to disclose (in the coming days and weeks) all information related to this specific system, in order to negate the unethical exploitation of the work involved.

In the public interest

As such, we have decided to pursue publication and disclosure of materials under a non-commercial dual licensing scheme, leveraging the SUDL and AGPL licenses to ensure that the general public can still benefit from the completed work, but barring businesses from pursuing their financial agendas and interests at our expense (or that of true volunteers, who deserve the credit and appreciation for all their altruistic efforts). We have also fenced with loaded claims and insinuations that “releasing the work” would “aid the enemy”: to that, all we can say is that our work is beyond politics and financial agendas, and that those among you pursuing the conflict in Ukraine for profit are “aiding the enemy” perfectly fine on your own.

The truth that resonates from all this is that a group of volunteers and a world-class vulnerability research team have worked for six months for free, dedicating time and treasure while others pursue commercial ventures. While we might pursue financing of our efforts to keep the project alive, we are above all else dedicated to the original principles of our collaboration. The very nature of a free market implies that someone, somewhere, might be doing your job better and even choosing to do it for free, regardless of how this might frustrate those who confuse antitrust and corrupt practices with classical liberalism economics.

This should serve as a warning to those who need it that, regardless of how rare it might be nowadays, some people do keep their word and follow course with their promises. We promised to help with the expectation of providing a positive impact, and we also promised to react and respond swiftly to any violations of our principles of operation. Today, we honor both promises.

Planned disclosures

As the situation evolves, a technical report will soon follow, along commentary of how different circumstances played a part in leading to this decision.

We are also kindly requesting any business entity with access to the prototype to eliminate any and all derivatives or related capabilities developed directly or indirectly through access to said prototype, and to those who circulated it, to adequately credit past, present and future contributions, and cease immediately any further circulation of misattributed third-party work. We reserve the right to expose or explicitly address violators publicly.

We will distribute functional copies to third-parties that can enter non-disclosure, non-compete agreements limiting use under the terms of the SUDL. Any members of the Armed Forces in Ukraine are eligible, so as long as proper accountability and background verification can be done through volunteers and officials. Members of organizations with prior or present employment with SIGINT or counter-drone vendors, or any commercial, for-profit or practical “for profit” entities are also not eligible. Transfer of the technology and research to third-parties involved in commercial exploitation might lead to legal action and/or the complete disclosure of all research.

We will only consider private sector organizations under extremely exceptional circumstances, as our experience with the private sector in this particular area so far has been unsatisfactory, and the program is transitioning towards a permanently non-commercial nature limiting disclosure to non-profit and state-related entities.

The GPG encrypted prototype, pending release of the password, can be found at:

To all those nameless people volunteering somewhere, thank you for all you’ve done. Especially the resident DSP wizard :-)

the Subreption team and volunteers.


The following disclosures have already been made to the public related to this announcement:

  • September 13th 2022: el3dec (Github)
  • September 9th 2022: original announcement (this page).


Released on September 13th 2022, el3dec (Github) is a high-performance C++ reference implementation for Eleron 3 payload decoding, currently limited in its public release to telemetry (passive) C2 information beacons. An example asynchronous network server is provided that can produce JSON output for raw hex-encoded input directly fed from a signal classifier and frame decoder, as well as unit testing for the library itself. The library can operate in fault tolerant or intolerant modes, performing validation of the untrusted input data and maximizing the amount of information extracted.

The build system is fully GNU/Linux and Windows compatible via the CMake toolkit.

Conflicts of interest

All research related to military drone platforms until September 2022 has been provided free of charge, as part of the BIRDWATCH program, to select partners involved in conflicts where such platforms are currently operating.

Subreption is providing pro bono consulting and research to multiple institutions in Europe and Asia, as well as volunteer organizations, in the context of information security (defensive and offensive).



Any updates and amendments to this press release will be listed in this section.


Press and media can reach us at regarding this announcement or any other inquiries.

Feel welcome to use PGP if you have sensitive information or special confidentiality needs.