On Wed, 2010-07-28 at 19:20 +0200, Fabio Pietrosanti (naif) wrote: > 1) Airprobe dump the phone call traffic > - We know that it require important improvement for demodulation of > real signals > - We have to see which is the best pratical approach to do it, to > detect the call, to follow it and which procedure must be implemented > > 2) Kraken crack the call a5/1 Kc key (that's the most important piece) > > 3) Some piece of sw decrypt the a5/1 encrypted dump generated by > Airprobe with the Kc cracked by Kraken. >
There is a intermediate step here which one shouldn't forget. One needs to find and identify known plaintext, which can be different from network to network. So for initial decryption one will gave to find a way to get Kc from ones SIM card, and use that to decrypt and analyze call setup (on own conversations). This item is probably already made, but should be on the list. An alternative may be to use a straight dump from a Nokia phone. Frank _______________________________________________ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51