I read somewhere that USRP1 has only 1 channel and USRP2 has more
The speed is very important (especially for demoing)
So a USRP2,
I guess the WBX is a TX and RX module?
Has anyone here set this combo up on a ubuntu 10.04 LTS?
On 7/19/2010 12:38 PM, Abdalaleem Andy James Potter wrote:
> Well the USRP2 is gigabit ethernet vs USB for USRP1.
>
> If you want to do more advanced things in the future I would go for
> the USRP2...
>
> If you just want to demonstrate then go for USRP1...
>
>
> On 19 Jul 2010, at 10:36, Dino Pastos wrote:
>
>> Yes but what cant I do with USRP1 in regards to USRP 2 ?
>>
>> On
>>
>> 7/19/2010 12:31 PM, Abdalaleem Andy James Potter wrote:
>>> Double check my maths !
>>>
>>> I haven't yet tested this set-up but I would suggest:
>>>
>>> - USRP2 $1400
>>> - WBX $450
>>> - Antenna for GSM frequencies... $35
>>>
>>> $1885
>>>
>>>
>>> Or you could go for a less expensive option:
>>>
>>> - USRP 1 $700
>>> - DBSRX $150
>>> - Antenna for GSM frequencies... $35
>>>
>>> $885
>>>
>>>
>>>
>>> On 18 Jul 2010, at 12:57, Dinos Pastos wrote:
>>>
>>>> it will only be buried correctly if the media is informed.
>>>> I am attempting to build a wokring USRP 1 or 2 setup in order to
>>>> demonstrate it in Cyprus
>>>>
>>>> I need some assistance in selecting the right stuff to save time.
>>>>
>>>> Please post your tested setup if you have time.
>>>>
>>>> Regards
>>>>
>>>> dinopio
>>>>
>>>> On Sun, Jul 18, 2010 at 12:25 PM, Frank A. Stevenson
>>>> <fr...@hvitehus.no> wrote:
>>>>> I made a very simple command line interface to Kraken, which has
>>>>> only 1
>>>>> useful command (crack). Once fired up, you can then try to crack
>>>>> multiple bursts without reloading the tables every time.
>>>>>
>>>>> If you have some bursts that you want to crack such as:
>>>>>
>>>>> 3811417:
>>>>> 011100101011101011101111110101101001110111110111010110111001111100101100010110000110100011010110010101110111101111
>>>>>
>>>>>
>>>>>
>>>>> 3811424:
>>>>> 111000110011110100011100001000100001011111010101110001101001111010011000010111110001110000101110111000111100111101
>>>>>
>>>>>
>>>>>
>>>>> The first number is the frame COUNT used for mixing into A5/1 - it
>>>>> can
>>>>> be derived from the frame number in the following way:
>>>>>
>>>>> unsigned int fn2count(unsigned int fn) {
>>>>> unsigned int t1 = fn/1326;
>>>>> unsigned int t2 = fn % 26;
>>>>> unsigned int t3 = fn % 51;
>>>>> return (t1<<11)|(t3<<5)|t2;
>>>>> }
>>>>>
>>>>>
>>>>> The second burst can be cracked, and the command to and output from
>>>>> Kraken looks like this:
>>>>>
>>>>> Kraken> crack
>>>>> 111000110011110100011100001000100001011111010101110001101001111010011000010111110001110000101110111000111100111101
>>>>>
>>>>>
>>>>>
>>>>> Cracking
>>>>> 111000110011110100011100001000100001011111010101110001101001111010011000010111110001110000101110111000111100111101
>>>>>
>>>>>
>>>>> Found a56290409b507d75 @ 37
>>>>>
>>>>> Kraken>
>>>>>
>>>>> This means a56290409b507d75 is the key that produces the output at
>>>>> postion 37 after 100 clockings. These numbers can then be fed into my
>>>>> latest tool: find_kc. This program will perform the backclocking,
>>>>> reverses the frame count mix, and the key setup mixing (based on some
>>>>> earlier programs that I wrote) - finally it can as an option take a
>>>>> second frame count together with the burst data as input, and use
>>>>> that
>>>>> to eliminate the wrong candidate Kcs from the backclocking. Example:
>>>>>
>>>>> fr...@quant:~/gsm/tmto-svn/tinkering/A5Util$ ./find_kc
>>>>> a56290409b507d75
>>>>> 37 3811424 3811417
>>>>> 011100101011101011101111110101101001110111110111010110111001111100101100010110000110100011010110010101110111101111
>>>>>
>>>>>
>>>>> #### Found potential key (bits: 37)####
>>>>> db18a071e4d1f057 -> db18a071e4d1f057
>>>>> Framecount is 3811424
>>>>> KC(0): 2e 61 10 5e 80 93 5e 1c *** MATCHED ***
>>>>> KC(1): bc 44 48 ed 03 04 02 53 mismatch
>>>>> KC(2): d4 37 41 cf 3d 04 05 a5 mismatch
>>>>> KC(3): da 74 09 51 60 07 7b c7 mismatch
>>>>> KC(4): f3 f7 a8 3b f6 76 e6 5a mismatch
>>>>>
>>>>> The correct Kc is here: 2e 61 10 5e 80 93 5e 1c , and will produce
>>>>> both
>>>>> cipherstreams correctly, as well as all other cipherstreams, and can
>>>>> consequently be used to decrypt the entire call or SMS. (Byte
>>>>> order may
>>>>> have to be changed, depending on your other tools)
>>>>>
>>>>> How many more nails are needed for A5/1s coffin? :-)
>>>>>
>>>>> Frank
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> A51 mailing list
>>>>> A51@lists.reflextor.com
>>>>> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
>>>>>
>>>> _______________________________________________
>>>> A51 mailing list
>>>> A51@lists.reflextor.com
>>>> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
>>>
>>
>
_______________________________________________
A51 mailing list
A51@lists.reflextor.com
http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
