the message you are refering to is sent on uplink . its always hard near to impossible to capture uplink since we truly dont know where the users are located and they can be moving too which makes the capture even harder . the practical solution is to capture as much as uplink and downlink that's possible but relay on downlink for encryption breaking . now , what's the best solution ? anyone from Airprobe reads here ?
From: sascha <[email protected]> > > Date: Wed, Dec 9, 2009 at 2:19 PM > Subject: Re: [A51] Capture > To: [email protected] > > > On Wed, Dec 09, 2009 at 12:32:42PM +0330, p q wrote: > > the source of known plain text has been discussed before but its not > clear > > to me how many GSM frames we can certainly obtain on every single call . > we > > will capture it from Downlink , right ? how many frames are guaranteed to > be > > always there ? > > the folks at airprobe.org can give a better answer to that. But last time > i asked them they all had the 'not sure bout that' syndrome. > I am quite optimistic about the cipher mode complete message since it > is sent from the mobile where a software update is not as easily done as > in a BTS. I also doubt that the BTSs can be software-updated to insert > random bits instead of known padding bytes, since the handset may rely > on the padding to have that particular value. > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
