Any way we can get the last Kc from SIM card after last authentication ...the issue is in how to decrypt the GSM voice encrypted channel ? in airprobe they sniff the gsm packets only using USRP ?
Let us say we are using OpenBSC network not to do illegal things ? OpenBSC uses A5/0 or A5/1 or A5/2 ? Can we have example how to decrypt the encrypted voice channel stream ? using software on linux not CUDA hardware? Thanks, -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Georg Hofstetter Sent: Tuesday, January 04, 2011 7:38 PM To: [email protected] Subject: Re: [A51] I'm new to A5/1 Hi. > By keyspace you mean Kc with 56 bits as approx. the last 8 bits are zeroes > right ? This depends on your provider. Kc - per definition - has 64 bit width and is being calculated by the providers private A3A8 algorithm. Since the A3A8 implementation is up to the providers choice, it may be any suitable algorithm. But in the early phase most providers chose the recommended COMP128 algorithm which zeroes the last byte of Kc. This algorithm got leaked in the late 90's and many providers seem to have chosen some alternative (COMP128v2 and others). Nevertheless I've seen about 30% of the Kc having the last byte zeroed, which does *not* mean that they are using the vanilla COMP128. BR, Georg _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
