Hi Sylvain,
Am 23.09.2010 19:58, schrieb Sylvain Munaut:
> Even if not in use everywhere, I've heard the argument that "all" that
> would be needed would just be to use hopping everywhere. Of course we
> all know that despite what the GSMA says/pretends, hopping is _not_ a
> security feature. But that doesn't mean it doesn't pose a practical
> problem.
Oh errh yes. Channel hopping is really a hurdle.
Not everyone knows how to multiply with a sin/cos and how to filter
afterwards ;) (kidding)
I think to implement crude channel hopping would take max. 5 working
days, 8 hours each.
Day 1: setting up signal path including channel separation.
Day 2: making framework capable of tracking multiple ARFCNs
updating L3<->L1 interaction (setting up bursts, following comm)
Day 3: checks with different scenarios to be aware of bugs/limitations
Day 4+5: fine tuning, improve usability
Okay - you will loose realtime processing with most machines.
Separating several ARFCNs, demodulating, brute force and decoding on the
same machine may be kind of problem :)
But there is room for optimization. e.g. freq xlat in channel separator
only for "used" ARFCNs after they were assigned by the channel assignments.
For portable realtime processing one just would have to take two laptops
like the dell precision or XPS series with a decent GPU. Let the one
preprocess the USRP signal, demodulate and feed the L1 bitstream to the
second which buffers this stream and decodes the communication.
So a demonstration in a studio or on symposia is still possible.
But the most "interesting" part for criminals would be SMS communication
(intercepting homebanking TANs and such stuff).
And in my hopping cells, I haven't seen a hopping SDCCH yet. Did anyone?
Not sure if they are possible at all :)
Best regards and a nice weekend,
Georg
_______________________________________________
A51 mailing list
[email protected]
http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
