Hi Sylvain, What if you use two USRPs?
Also I recall that someone at CCC (Dejkstra?) said he succeeded decoding real GSM conversation, but I don't recall exactly, I was not that interested in the topic. On Sun, Jan 3, 2010 at 22:28, Sylv1 <[email protected]> wrote: > Hi all, > i agree with p q for all the presented points. I just would like that > someone contradicts me with an example. > Is anybody abble to listen and record his own GSM conversation up and > downlink? > > I'm trying to do that with the USRP and airprobe stuff but im stuck with > some problems. > Just forget about frequency hopping to simplify. > Im trying to eavesdrop with 2 RFX900 DB on for each frequencies of the > ARFCN and i want to record it in two cfile in order to use gsmreceiver and > gsmdecode and get at least the not encrypted information. But im stuck for > the moment. > > Getting two raw streams directly from the USRP leads to the USB bottleneck > problem. > > Is anyone really able at that day to eavesdrop and record his own > conversation? > it is the required step to run the attack on A5/1 and finally proove that > we did the job. > > Any input please. > > Regards, > sylvain > > --- On *Sat, 1/2/10, p q <[email protected]>* wrote: > > > From: p q <[email protected]> > > Subject: Re: [A51] Truth about this work > To: "javier falbo" <[email protected]> > > Cc: [email protected] > Date: Saturday, January 2, 2010, 3:26 PM > > Thanks for the first practical answer . so , would you please capture one > of your own conversations and upload it somewhere until we see if there is > anybody out there can decode it ? i'd like to see that . see , that's the > whole point of my first email . its just all talk and talks only interests > people who dont already know about it . what do we have besides that ? > > if there us anybody who can decode real world A5/1 protected conversation > out there please answer to this thread and make it clear how to make a real > air interface capture and give it you i'd do it and that's gonna be fun . > right ? ;) > > On Sat, Jan 2, 2010 at 6:50 PM, javier falbo <[email protected]>wrote: > >> p q: Decoding third parties calls is an illegal activity. >> >> As you notice on CCC, there was a workshop that you could bring your own >> GSM stream to be decoded. :) >> Or just capture your own GSM Live Conversation, uploaded somewhere on >> internet, and maybe someone from here, decoded and send you the audio in mp3 >> format. >> >> What you are requesting is illegal. :) >> >> Javier >> >> ------------------------------ >> Date: Sat, 2 Jan 2010 18:44:48 +0330 >> Subject: Re: [A51] Truth about this work >> From: [email protected] >> >> To: [email protected] >> CC: [email protected] >> >> thanks Javier , how do you do ? ;) >> do you notice you didnt do but talking ? you stated the very facts that i >> already stated in my first emails that they are known to be out there . its >> certain . so what are we doing here ? just republishing what's known ? you >> just did it again in your email . i KNOW all these things are >> either theoretically possible or are being used by law enforcement . you >> know that too ? good . so we are just exchanging obvious things here , right >> ? ;) >> >> >> On Sat, Jan 2, 2010 at 6:40 PM, javier falbo <[email protected]>wrote: >> >> p q: Are you ok?? :) >> >> Encryption is the core of digital radio transceivers nowadays. Breaking >> the algorythm is 90% of the actual mobile structure. >> I have personally seen in real-time how GSM Voice Conversation are listen >> in 2-3 seconds. (Since 2003, in my case) >> >> Frequency hoping is not a problem. I remember my first project on channels >> hoping on Analog radios, where a BURST that increase the power from Base to >> Moble, advice PREVIOUSLY the next channel. >> More info, and updates here: >> >> http://wireless.agilent.com/rfcomms/refdocs/gsmgprs/egprsla_gen_bse_fhopping.php >> (or use google). Frequency hoping is not a problem for the USRP, it is >> SOFTWARE BASED!!! >> >> Tables are out there since 1998. Also THC project has finished his table, >> but they do not want to distributed. (or maybe they are interested in $$$). >> >> A53 is useless nowadays, as KASUMI is academically broken (and computer >> simulated). >> >> I heard that next February 2010, GSMA (Association) will call for an >> immediately security update and check for a new stronger algorythm. >> >> My comments: NOWADAYS, it is IMPOSSIBLE to be secured. There are NO >> algorythms capable of defending against a multiple CUDA distributed attack >> with more than 150 CUDA MACHINES in a network. >> Keep in mind, that the algorythm must have particularities: FAST, no power >> consumption, easy to code, etc. >> >> Javier >> >> >> >> >> >> ------------------------------ >> Date: Sat, 2 Jan 2010 18:18:09 +0330 >> From: [email protected] >> To: [email protected] >> Subject: [A51] Truth about this work >> >> >> happy new year people >> as much as i like this project i need to publish my comments and let >> others think about them too : >> >> 1- its claimed that "we are cracking A5/1 so the industry can replace it >> with the newer A5/3" . this is wrong . industry can not change A5/1 with >> A5/1 because we cracked A5/1 . to utilize A5/3 we need a UMTS network . most >> networks around the world are 2G based , usually 2.75 . changes in operators >> needs highly expensive procedure , law , regulations and alike . i know >> people with academic only background dont get this but that's their fault . >> this is not just about industrial profit , its also about people expenses >> and the general wireless regulation and condition in a country . dont >> bullshit people . phones that are made for 2G can not simply upgrade to >> offer A5/3 as well . its not just possible . we can stand and cluelesslly >> talk about it but its not possible . so the whole idea to present the danger >> to shift the technology at operators side is just garbage >> >> 2- its claimed that GSM is now broken . GSM is broken but it does not have >> anything to do with this project . this project is about A5/1 . A5/1 is not >> GSM . GSM contains RF and Radio management and spectrum budget too . this >> project didnt and in my opinion is never going to break GSM . at best we can >> expect to break A5/1 . these are different things people . dont get yourself >> fooled . its the same with Kasumi . maybe Kasumi is broken maybe not , i'm >> not sure but i'm sure UMTS is not broken . GSM and UMTS are complicated >> systems . its not just about the cryptography >> >> 3- its claimed finally somebody did it and now A5/1 is broken . this is >> also wrong . this project never proved it has broken A5/1 . where is the >> proof ? we have generated our tables , which they are partial and they are >> shared . that's what happened . the presentation and all the media coverage >> , while i respect them , dont offer anything new to the tables . seriously , >> how its been proved A5/1 can be broken with the Tables that this project has >> been generated and is going to be generated ? its all talks , speculations >> and ideas . nobody even decoded a real GSM conversation with anything >> produced by this project . i'd be more than happy if somebody can show i am >> wrong , not with idea and speculations but with a real GSM capture and a >> real decode procedure filmed on youtube ! that's proof . the rest is just >> talk . so , why we are so excited about it ? because its wide now and most >> people who didnt know a thing about GSM before know are hearing cool things >> about the possibility of listening to ATM traffic for example . we all knew >> its possible . its out there for years . but as for this project what have >> we done ? we have reproduced THC's content and ideas on different site , >> different names and some tables that are just claimed to be true are >> published . so what ? >> >> 4- its claimed this project will generate the tables fully then Airprobe >> will build an interceptor using open or cheap hardware and this all together >> will prove GSM is broken . >> ok , so , until now we dont have all the tables we are not even sure the >> ones that are generated are Ok and no one has proved it , we just talked >> about it . great ! >> on Airprobe , we have some ideas its possible to capture GSM with USRP but >> we didnt actually solve the Hopping problem , so in reality we dont have >> even correct ideas how to capture real world GSM traffic and given the facts >> i think that's not gonna happen anytime soon . if i am wrong please give me >> a link to a page that filed the real GSM traffic has captured with USRP and >> can be analyzed . anything else is just talk and talk is cheap >> >> i will be more than glad to see people prove me wrong on these 4 items but >> i think nobody can . what happened here was just a bunch of republications >> and getting the information to a wider audience . nohl's work is good but >> i'm also as an ex academic and current convict of industry can not just >> stand up and applause for something i clearly see is half truth , in doubt , >> unproved or maybe even wrong . >> >> people are attacking GSMA . i think they have every right to do that but i >> believe they are right on one thing . " the team has underestimated the..." >> >> by the way there was another presentation at CCC about playing with RF >> interface of cellphones . what a load of crap . i had high hopes and i saw >> just a bunch of republications of THC work and some general knowledge . >> nothing more . he said its possible to play around TI's calypso and control >> it . so what ? you guessed that alone all by yourself that's possible ? good >> job ! in A5/1 presentation its been said its possible to build an IMSI >> catcher using open source stuff . how it is possible ? why would we lie >> about this ? openbts and openbsc and USRP alltogether can not do what IMSI >> catchers do , not now and not in near future . so why would we publish some >> general information we have on IMSI catchers ( widely available in >> law enforcement and old articles like Barkan and biham also explained it ) >> and add some misinformation to it to make it legit ? that's not called >> honest Academic work people >> >> even if in another world all these were theoretically possible , we havent >> done them yet . so ? its just all talk . how is talking about something is >> equal to doing it ? i'm looking for people who can explain this to me >> >> no offence intended >> all the bests >> >> >> >> ------------------------------ >> ¿Cansado de borrar spam de tu bandea de entrada? ¡Ganá tiempo con el >> nuevo filtro anti spam de Hotmail! <http://mail.live.com> >> >> >> >> ------------------------------ >> ¿Te llegan demasiados emails? Organizate con Hotmail. ¡Creá carpetas para >> todos tus correos! <http://mail.live.com/> >> > > > -----Inline Attachment Follows----- > > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > -- Regards, Alexander Chemeris.
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
