USRP even in a two-unit configuration is no good since it can not handle GSM1800
> > ---------- Forwarded message ---------- > From: Sylv1 <[email protected]> > Date: Mon, Jan 4, 2010 at 12:58 PM > Subject: Re: [A51] Truth about this work > To: Alexander Chemeris <[email protected]> > Cc: A51 A51list <[email protected]> > > > Hello, > yes this is a solution but you have to double the cost of the attack buying > a second USRP. > > The other thing is that you then need to synchronize your two different > stream in order to deal with the time slot allocation and be sure to get the > uplink timeslot with respect to the corresponding downlink one. > > Regards > Sylvain > > --- On *Mon, 1/4/10, Alexander Chemeris <[email protected]>*wrote: > > > From: Alexander Chemeris <[email protected]> > > Subject: Re: [A51] Truth about this work > To: "Sylv1" <[email protected]> > Cc: "p q" <[email protected]>, "A51 A51list" <[email protected]> > Date: Monday, January 4, 2010, 6:41 AM > > Hi Sylvain, > > What if you use two USRPs? > > Also I recall that someone at CCC (Dejkstra?) said he succeeded > decoding real GSM conversation, but I don't recall exactly, I was not > that interested in the topic. > > On Sun, Jan 3, 2010 at 22:28, Sylv1 > <[email protected]<http://mc/[email protected]> > > wrote: > >> Hi all, >> i agree with p q for all the presented points. I just would like that >> someone contradicts me with an example. >> Is anybody abble to listen and record his own GSM conversation up and >> downlink? >> >> I'm trying to do that with the USRP and airprobe stuff but im stuck with >> some problems. >> Just forget about frequency hopping to simplify. >> Im trying to eavesdrop with 2 RFX900 DB on for each frequencies of the >> ARFCN and i want to record it in two cfile in order to use gsmreceiver and >> gsmdecode and get at least the not encrypted information. But im stuck for >> the moment. >> >> Getting two raw streams directly from the USRP leads to the USB bottleneck >> problem. >> >> Is anyone really able at that day to eavesdrop and record his own >> conversation? >> it is the required step to run the attack on A5/1 and finally proove that >> we did the job. >> >> Any input please. >> >> Regards, >> sylvain >> >> --- On *Sat, 1/2/10, p q >> <[email protected]<http://mc/[email protected]> >> >* wrote: >> >> >> From: p q <[email protected]<http://mc/[email protected]> >> > >> >> Subject: Re: [A51] Truth about this work >> To: "javier falbo" >> <[email protected]<http://mc/[email protected]> >> > >> >> Cc: [email protected]<http://mc/[email protected]> >> Date: Saturday, January 2, 2010, 3:26 PM >> >> Thanks for the first practical answer . so , would you please capture one >> of your own conversations and upload it somewhere until we see if there is >> anybody out there can decode it ? i'd like to see that . see , that's the >> whole point of my first email . its just all talk and talks only interests >> people who dont already know about it . what do we have besides that ? >> >> if there us anybody who can decode real world A5/1 protected conversation >> out there please answer to this thread and make it clear how to make a real >> air interface capture and give it you i'd do it and that's gonna be fun . >> right ? ;) >> >> On Sat, Jan 2, 2010 at 6:50 PM, javier falbo <[email protected]>wrote: >> >>> p q: Decoding third parties calls is an illegal activity. >>> >>> As you notice on CCC, there was a workshop that you could bring your own >>> GSM stream to be decoded. :) >>> Or just capture your own GSM Live Conversation, uploaded somewhere on >>> internet, and maybe someone from here, decoded and send you the audio in mp3 >>> format. >>> >>> What you are requesting is illegal. :) >>> >>> Javier >>> >>> ------------------------------ >>> Date: Sat, 2 Jan 2010 18:44:48 +0330 >>> Subject: Re: [A51] Truth about this work >>> From: [email protected] >>> >>> To: [email protected] >>> CC: [email protected] >>> >>> thanks Javier , how do you do ? ;) >>> do you notice you didnt do but talking ? you stated the very facts that i >>> already stated in my first emails that they are known to be out there . its >>> certain . so what are we doing here ? just republishing what's known ? you >>> just did it again in your email . i KNOW all these things are >>> either theoretically possible or are being used by law enforcement . you >>> know that too ? good . so we are just exchanging obvious things here , right >>> ? ;) >>> >>> >>> On Sat, Jan 2, 2010 at 6:40 PM, javier falbo >>> <[email protected]>wrote: >>> >>> p q: Are you ok?? :) >>> >>> Encryption is the core of digital radio transceivers nowadays. Breaking >>> the algorythm is 90% of the actual mobile structure. >>> I have personally seen in real-time how GSM Voice Conversation are listen >>> in 2-3 seconds. (Since 2003, in my case) >>> >>> Frequency hoping is not a problem. I remember my first project on >>> channels hoping on Analog radios, where a BURST that increase the power from >>> Base to Moble, advice PREVIOUSLY the next channel. >>> More info, and updates here: >>> >>> http://wireless.agilent.com/rfcomms/refdocs/gsmgprs/egprsla_gen_bse_fhopping.php >>> (or use google). Frequency hoping is not a problem for the USRP, it is >>> SOFTWARE BASED!!! >>> >>> Tables are out there since 1998. Also THC project has finished his table, >>> but they do not want to distributed. (or maybe they are interested in $$$). >>> >>> A53 is useless nowadays, as KASUMI is academically broken (and computer >>> simulated). >>> >>> I heard that next February 2010, GSMA (Association) will call for an >>> immediately security update and check for a new stronger algorythm. >>> >>> My comments: NOWADAYS, it is IMPOSSIBLE to be secured. There are NO >>> algorythms capable of defending against a multiple CUDA distributed attack >>> with more than 150 CUDA MACHINES in a network. >>> Keep in mind, that the algorythm must have particularities: FAST, no >>> power consumption, easy to code, etc. >>> >>> Javier >>> >>> >>> >>> >>> >>> ------------------------------ >>> Date: Sat, 2 Jan 2010 18:18:09 +0330 >>> From: [email protected] >>> To: [email protected] >>> Subject: [A51] Truth about this work >>> >>> >>> happy new year people >>> as much as i like this project i need to publish my comments and let >>> others think about them too : >>> >>> 1- its claimed that "we are cracking A5/1 so the industry can replace it >>> with the newer A5/3" . this is wrong . industry can not change A5/1 with >>> A5/1 because we cracked A5/1 . to utilize A5/3 we need a UMTS network . most >>> networks around the world are 2G based , usually 2.75 . changes in operators >>> needs highly expensive procedure , law , regulations and alike . i know >>> people with academic only background dont get this but that's their fault . >>> this is not just about industrial profit , its also about people expenses >>> and the general wireless regulation and condition in a country . dont >>> bullshit people . phones that are made for 2G can not simply upgrade to >>> offer A5/3 as well . its not just possible . we can stand and cluelesslly >>> talk about it but its not possible . so the whole idea to present the danger >>> to shift the technology at operators side is just garbage >>> >>> 2- its claimed that GSM is now broken . GSM is broken but it does not >>> have anything to do with this project . this project is about A5/1 . A5/1 is >>> not GSM . GSM contains RF and Radio management and spectrum budget too . >>> this project didnt and in my opinion is never going to break GSM . at best >>> we can expect to break A5/1 . these are different things people . dont get >>> yourself fooled . its the same with Kasumi . maybe Kasumi is broken maybe >>> not , i'm not sure but i'm sure UMTS is not broken . GSM and UMTS are >>> complicated systems . its not just about the cryptography >>> >>> 3- its claimed finally somebody did it and now A5/1 is broken . this is >>> also wrong . this project never proved it has broken A5/1 . where is the >>> proof ? we have generated our tables , which they are partial and they are >>> shared . that's what happened . the presentation and all the media coverage >>> , while i respect them , dont offer anything new to the tables . seriously , >>> how its been proved A5/1 can be broken with the Tables that this project has >>> been generated and is going to be generated ? its all talks , speculations >>> and ideas . nobody even decoded a real GSM conversation with anything >>> produced by this project . i'd be more than happy if somebody can show i am >>> wrong , not with idea and speculations but with a real GSM capture and a >>> real decode procedure filmed on youtube ! that's proof . the rest is just >>> talk . so , why we are so excited about it ? because its wide now and most >>> people who didnt know a thing about GSM before know are hearing cool things >>> about the possibility of listening to ATM traffic for example . we all knew >>> its possible . its out there for years . but as for this project what have >>> we done ? we have reproduced THC's content and ideas on different site , >>> different names and some tables that are just claimed to be true are >>> published . so what ? >>> >>> 4- its claimed this project will generate the tables fully then Airprobe >>> will build an interceptor using open or cheap hardware and this all together >>> will prove GSM is broken . >>> ok , so , until now we dont have all the tables we are not even sure the >>> ones that are generated are Ok and no one has proved it , we just talked >>> about it . great ! >>> on Airprobe , we have some ideas its possible to capture GSM with USRP >>> but we didnt actually solve the Hopping problem , so in reality we dont have >>> even correct ideas how to capture real world GSM traffic and given the facts >>> i think that's not gonna happen anytime soon . if i am wrong please give me >>> a link to a page that filed the real GSM traffic has captured with USRP and >>> can be analyzed . anything else is just talk and talk is cheap >>> >>> i will be more than glad to see people prove me wrong on these 4 items >>> but i think nobody can . what happened here was just a bunch of >>> republications and getting the information to a wider audience . nohl's work >>> is good but i'm also as an ex academic and current convict of industry can >>> not just stand up and applause for something i clearly see is half truth , >>> in doubt , unproved or maybe even wrong . >>> >>> people are attacking GSMA . i think they have every right to do that but >>> i believe they are right on one thing . " the team >>> has underestimated the..." >>> >>> by the way there was another presentation at CCC about playing with RF >>> interface of cellphones . what a load of crap . i had high hopes and i saw >>> just a bunch of republications of THC work and some general knowledge . >>> nothing more . he said its possible to play around TI's calypso and control >>> it . so what ? you guessed that alone all by yourself that's possible ? good >>> job ! in A5/1 presentation its been said its possible to build an IMSI >>> catcher using open source stuff . how it is possible ? why would we lie >>> about this ? openbts and openbsc and USRP alltogether can not do what IMSI >>> catchers do , not now and not in near future . so why would we publish some >>> general information we have on IMSI catchers ( widely available in >>> law enforcement and old articles like Barkan and biham also explained it ) >>> and add some misinformation to it to make it legit ? that's not called >>> honest Academic work people >>> >>> even if in another world all these were theoretically possible , we >>> havent done them yet . so ? its just all talk . how is talking about >>> something is equal to doing it ? i'm looking for people who can explain this >>> to me >>> >>> no offence intended >>> all the bests >>> >>> >>> >>> ------------------------------ >>> ¿Cansado de borrar spam de tu bandea de entrada? ¡Ganá tiempo con el >>> nuevo filtro anti spam de Hotmail! <http://mail.live.com> >>> >>> >>> >>> ------------------------------ >>> ¿Te llegan demasiados emails? Organizate con Hotmail. ¡Creá carpetas >>> para todos tus correos! <http://mail.live.com/> >>> >> >> >> -----Inline Attachment Follows----- >> >> >> _______________________________________________ >> A51 mailing list >> [email protected] >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >> >> >> >> _______________________________________________ >> A51 mailing list >> [email protected] <http://mc/[email protected]> >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >> >> > > > -- > Regards, > Alexander Chemeris. > > > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
