Dear List, One of my Students (Johann Betz) wrote a small program to calculate layer 1 bursts out of a logical packet. This step is sometimes useful if you know that for example the SACCH L1 header of a system information packet has changed (e.g. changed timing advance). Using this tool you can calculate the resulting bursts of the modified logical packet.
The tool can be found here: http://www.ks.uni-freiburg.de/download/misc/gsmframecoder.tar.gz Example: system information type 5: 00 01 03 03 49 06 1d 9f 6d 18 10 80 00 00 00 00 00 00 00 00 00 00 00 Here you can see that the timing advance is 1 (second byte). If you like to find the Kc with this logical packet it may be the case that the encrypted packet has a different timing advance parameter. The changed logical packet can be used as input to gsmframecoder: ./gsmframecoder 00 00 03 03 49 06 1d 9f 6d 18 10 80 00 00 00 0 .... Decoding 0000030349061d9f6d1810800000000000000000000000 Encoded Frame, Burst1: 001000000001010000100000001100100010000011000000100000... Encoded Frame, Burst2: 000000000111101000110000100000101100000011101010000000... Encoded Frame, Burst3: 100100010100101000000001011000010000010100000001010000... Encoded Frame, Burst4: 110000001100100100000101000010010101000000000000000100... A practical example will be given in my next mail. Best Regards Konrad Meier _______________________________________________ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51