I read somewhere that USRP1 has only 1 channel and USRP2 has more The speed is very important (especially for demoing)
So a USRP2, I guess the WBX is a TX and RX module? Has anyone here set this combo up on a ubuntu 10.04 LTS? On 7/19/2010 12:38 PM, Abdalaleem Andy James Potter wrote: > Well the USRP2 is gigabit ethernet vs USB for USRP1. > > If you want to do more advanced things in the future I would go for > the USRP2... > > If you just want to demonstrate then go for USRP1... > > > On 19 Jul 2010, at 10:36, Dino Pastos wrote: > >> Yes but what cant I do with USRP1 in regards to USRP 2 ? >> >> On >> >> 7/19/2010 12:31 PM, Abdalaleem Andy James Potter wrote: >>> Double check my maths ! >>> >>> I haven't yet tested this set-up but I would suggest: >>> >>> - USRP2 $1400 >>> - WBX $450 >>> - Antenna for GSM frequencies... $35 >>> >>> $1885 >>> >>> >>> Or you could go for a less expensive option: >>> >>> - USRP 1 $700 >>> - DBSRX $150 >>> - Antenna for GSM frequencies... $35 >>> >>> $885 >>> >>> >>> >>> On 18 Jul 2010, at 12:57, Dinos Pastos wrote: >>> >>>> it will only be buried correctly if the media is informed. >>>> I am attempting to build a wokring USRP 1 or 2 setup in order to >>>> demonstrate it in Cyprus >>>> >>>> I need some assistance in selecting the right stuff to save time. >>>> >>>> Please post your tested setup if you have time. >>>> >>>> Regards >>>> >>>> dinopio >>>> >>>> On Sun, Jul 18, 2010 at 12:25 PM, Frank A. Stevenson >>>> <fr...@hvitehus.no> wrote: >>>>> I made a very simple command line interface to Kraken, which has >>>>> only 1 >>>>> useful command (crack). Once fired up, you can then try to crack >>>>> multiple bursts without reloading the tables every time. >>>>> >>>>> If you have some bursts that you want to crack such as: >>>>> >>>>> 3811417: >>>>> 011100101011101011101111110101101001110111110111010110111001111100101100010110000110100011010110010101110111101111 >>>>> >>>>> >>>>> >>>>> 3811424: >>>>> 111000110011110100011100001000100001011111010101110001101001111010011000010111110001110000101110111000111100111101 >>>>> >>>>> >>>>> >>>>> The first number is the frame COUNT used for mixing into A5/1 - it >>>>> can >>>>> be derived from the frame number in the following way: >>>>> >>>>> unsigned int fn2count(unsigned int fn) { >>>>> unsigned int t1 = fn/1326; >>>>> unsigned int t2 = fn % 26; >>>>> unsigned int t3 = fn % 51; >>>>> return (t1<<11)|(t3<<5)|t2; >>>>> } >>>>> >>>>> >>>>> The second burst can be cracked, and the command to and output from >>>>> Kraken looks like this: >>>>> >>>>> Kraken> crack >>>>> 111000110011110100011100001000100001011111010101110001101001111010011000010111110001110000101110111000111100111101 >>>>> >>>>> >>>>> >>>>> Cracking >>>>> 111000110011110100011100001000100001011111010101110001101001111010011000010111110001110000101110111000111100111101 >>>>> >>>>> >>>>> Found a56290409b507d75 @ 37 >>>>> >>>>> Kraken> >>>>> >>>>> This means a56290409b507d75 is the key that produces the output at >>>>> postion 37 after 100 clockings. These numbers can then be fed into my >>>>> latest tool: find_kc. This program will perform the backclocking, >>>>> reverses the frame count mix, and the key setup mixing (based on some >>>>> earlier programs that I wrote) - finally it can as an option take a >>>>> second frame count together with the burst data as input, and use >>>>> that >>>>> to eliminate the wrong candidate Kcs from the backclocking. Example: >>>>> >>>>> fr...@quant:~/gsm/tmto-svn/tinkering/A5Util$ ./find_kc >>>>> a56290409b507d75 >>>>> 37 3811424 3811417 >>>>> 011100101011101011101111110101101001110111110111010110111001111100101100010110000110100011010110010101110111101111 >>>>> >>>>> >>>>> #### Found potential key (bits: 37)#### >>>>> db18a071e4d1f057 -> db18a071e4d1f057 >>>>> Framecount is 3811424 >>>>> KC(0): 2e 61 10 5e 80 93 5e 1c *** MATCHED *** >>>>> KC(1): bc 44 48 ed 03 04 02 53 mismatch >>>>> KC(2): d4 37 41 cf 3d 04 05 a5 mismatch >>>>> KC(3): da 74 09 51 60 07 7b c7 mismatch >>>>> KC(4): f3 f7 a8 3b f6 76 e6 5a mismatch >>>>> >>>>> The correct Kc is here: 2e 61 10 5e 80 93 5e 1c , and will produce >>>>> both >>>>> cipherstreams correctly, as well as all other cipherstreams, and can >>>>> consequently be used to decrypt the entire call or SMS. (Byte >>>>> order may >>>>> have to be changed, depending on your other tools) >>>>> >>>>> How many more nails are needed for A5/1s coffin? :-) >>>>> >>>>> Frank >>>>> >>>>> >>>>> _______________________________________________ >>>>> A51 mailing list >>>>> A51@lists.reflextor.com >>>>> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >>>>> >>>> _______________________________________________ >>>> A51 mailing list >>>> A51@lists.reflextor.com >>>> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >>> >> > _______________________________________________ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51