Could you elaborate, what do you mean "can not handle GSM1800". It can work in all bands - 850, 900 and 1800, 1900.
On Mon, Jan 4, 2010 at 10:31, p q <[email protected]> wrote: > USRP even in a two-unit configuration is no good since it can not handle > GSM1800 > > > >> >> ---------- Forwarded message ---------- >> From: Sylv1 <[email protected]> >> Date: Mon, Jan 4, 2010 at 12:58 PM >> Subject: Re: [A51] Truth about this work >> To: Alexander Chemeris <[email protected]> >> Cc: A51 A51list <[email protected]> >> >> >> Hello, >> yes this is a solution but you have to double the cost of the attack >> buying a second USRP. >> >> The other thing is that you then need to synchronize your two different >> stream in order to deal with the time slot allocation and be sure to get the >> uplink timeslot with respect to the corresponding downlink one. >> >> Regards >> Sylvain >> >> --- On *Mon, 1/4/10, Alexander Chemeris <[email protected]>*wrote: >> >> >> From: Alexander Chemeris <[email protected]> >> >> Subject: Re: [A51] Truth about this work >> To: "Sylv1" <[email protected]> >> Cc: "p q" <[email protected]>, "A51 A51list" <[email protected]> >> Date: Monday, January 4, 2010, 6:41 AM >> >> Hi Sylvain, >> >> What if you use two USRPs? >> >> Also I recall that someone at CCC (Dejkstra?) said he succeeded >> decoding real GSM conversation, but I don't recall exactly, I was not >> that interested in the topic. >> >> On Sun, Jan 3, 2010 at 22:28, Sylv1 >> <[email protected]<http://mc/[email protected]> >> > wrote: >> >>> Hi all, >>> i agree with p q for all the presented points. I just would like that >>> someone contradicts me with an example. >>> Is anybody abble to listen and record his own GSM conversation up and >>> downlink? >>> >>> I'm trying to do that with the USRP and airprobe stuff but im stuck with >>> some problems. >>> Just forget about frequency hopping to simplify. >>> Im trying to eavesdrop with 2 RFX900 DB on for each frequencies of the >>> ARFCN and i want to record it in two cfile in order to use gsmreceiver and >>> gsmdecode and get at least the not encrypted information. But im stuck for >>> the moment. >>> >>> Getting two raw streams directly from the USRP leads to the USB >>> bottleneck problem. >>> >>> Is anyone really able at that day to eavesdrop and record his own >>> conversation? >>> it is the required step to run the attack on A5/1 and finally proove that >>> we did the job. >>> >>> Any input please. >>> >>> Regards, >>> sylvain >>> >>> --- On *Sat, 1/2/10, p q >>> <[email protected]<http://mc/[email protected]> >>> >* wrote: >>> >>> >>> From: p q <[email protected]<http://mc/[email protected]> >>> > >>> >>> Subject: Re: [A51] Truth about this work >>> To: "javier falbo" >>> <[email protected]<http://mc/[email protected]> >>> > >>> >>> Cc: [email protected]<http://mc/[email protected]> >>> Date: Saturday, January 2, 2010, 3:26 PM >>> >>> Thanks for the first practical answer . so , would you please capture one >>> of your own conversations and upload it somewhere until we see if there is >>> anybody out there can decode it ? i'd like to see that . see , that's the >>> whole point of my first email . its just all talk and talks only interests >>> people who dont already know about it . what do we have besides that ? >>> >>> if there us anybody who can decode real world A5/1 protected conversation >>> out there please answer to this thread and make it clear how to make a real >>> air interface capture and give it you i'd do it and that's gonna be fun . >>> right ? ;) >>> >>> On Sat, Jan 2, 2010 at 6:50 PM, javier falbo >>> <[email protected]>wrote: >>> >>>> p q: Decoding third parties calls is an illegal activity. >>>> >>>> As you notice on CCC, there was a workshop that you could bring your own >>>> GSM stream to be decoded. :) >>>> Or just capture your own GSM Live Conversation, uploaded somewhere on >>>> internet, and maybe someone from here, decoded and send you the audio in >>>> mp3 >>>> format. >>>> >>>> What you are requesting is illegal. :) >>>> >>>> Javier >>>> >>>> ------------------------------ >>>> Date: Sat, 2 Jan 2010 18:44:48 +0330 >>>> Subject: Re: [A51] Truth about this work >>>> From: [email protected] >>>> >>>> To: [email protected] >>>> CC: [email protected] >>>> >>>> thanks Javier , how do you do ? ;) >>>> do you notice you didnt do but talking ? you stated the very facts that >>>> i already stated in my first emails that they are known to be out there . >>>> its certain . so what are we doing here ? just republishing what's known ? >>>> you just did it again in your email . i KNOW all these things are >>>> either theoretically possible or are being used by law enforcement . you >>>> know that too ? good . so we are just exchanging obvious things here , >>>> right >>>> ? ;) >>>> >>>> >>>> On Sat, Jan 2, 2010 at 6:40 PM, javier falbo >>>> <[email protected]>wrote: >>>> >>>> p q: Are you ok?? :) >>>> >>>> Encryption is the core of digital radio transceivers nowadays. Breaking >>>> the algorythm is 90% of the actual mobile structure. >>>> I have personally seen in real-time how GSM Voice Conversation are >>>> listen in 2-3 seconds. (Since 2003, in my case) >>>> >>>> Frequency hoping is not a problem. I remember my first project on >>>> channels hoping on Analog radios, where a BURST that increase the power >>>> from >>>> Base to Moble, advice PREVIOUSLY the next channel. >>>> More info, and updates here: >>>> >>>> http://wireless.agilent.com/rfcomms/refdocs/gsmgprs/egprsla_gen_bse_fhopping.php >>>> (or use google). Frequency hoping is not a problem for the USRP, it is >>>> SOFTWARE BASED!!! >>>> >>>> Tables are out there since 1998. Also THC project has finished his >>>> table, but they do not want to distributed. (or maybe they are interested >>>> in >>>> $$$). >>>> >>>> A53 is useless nowadays, as KASUMI is academically broken (and computer >>>> simulated). >>>> >>>> I heard that next February 2010, GSMA (Association) will call for an >>>> immediately security update and check for a new stronger algorythm. >>>> >>>> My comments: NOWADAYS, it is IMPOSSIBLE to be secured. There are NO >>>> algorythms capable of defending against a multiple CUDA distributed attack >>>> with more than 150 CUDA MACHINES in a network. >>>> Keep in mind, that the algorythm must have particularities: FAST, no >>>> power consumption, easy to code, etc. >>>> >>>> Javier >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------ >>>> Date: Sat, 2 Jan 2010 18:18:09 +0330 >>>> From: [email protected] >>>> To: [email protected] >>>> Subject: [A51] Truth about this work >>>> >>>> >>>> happy new year people >>>> as much as i like this project i need to publish my comments and let >>>> others think about them too : >>>> >>>> 1- its claimed that "we are cracking A5/1 so the industry can replace it >>>> with the newer A5/3" . this is wrong . industry can not change A5/1 with >>>> A5/1 because we cracked A5/1 . to utilize A5/3 we need a UMTS network . >>>> most >>>> networks around the world are 2G based , usually 2.75 . changes in >>>> operators >>>> needs highly expensive procedure , law , regulations and alike . i know >>>> people with academic only background dont get this but that's their fault . >>>> this is not just about industrial profit , its also about people expenses >>>> and the general wireless regulation and condition in a country . dont >>>> bullshit people . phones that are made for 2G can not simply upgrade to >>>> offer A5/3 as well . its not just possible . we can stand and cluelesslly >>>> talk about it but its not possible . so the whole idea to present the >>>> danger >>>> to shift the technology at operators side is just garbage >>>> >>>> 2- its claimed that GSM is now broken . GSM is broken but it does not >>>> have anything to do with this project . this project is about A5/1 . A5/1 >>>> is >>>> not GSM . GSM contains RF and Radio management and spectrum budget too . >>>> this project didnt and in my opinion is never going to break GSM . at best >>>> we can expect to break A5/1 . these are different things people . dont get >>>> yourself fooled . its the same with Kasumi . maybe Kasumi is broken maybe >>>> not , i'm not sure but i'm sure UMTS is not broken . GSM and UMTS are >>>> complicated systems . its not just about the cryptography >>>> >>>> 3- its claimed finally somebody did it and now A5/1 is broken . this is >>>> also wrong . this project never proved it has broken A5/1 . where is the >>>> proof ? we have generated our tables , which they are partial and they are >>>> shared . that's what happened . the presentation and all the media coverage >>>> , while i respect them , dont offer anything new to the tables . seriously >>>> , >>>> how its been proved A5/1 can be broken with the Tables that this project >>>> has >>>> been generated and is going to be generated ? its all talks , speculations >>>> and ideas . nobody even decoded a real GSM conversation with anything >>>> produced by this project . i'd be more than happy if somebody can show i am >>>> wrong , not with idea and speculations but with a real GSM capture and a >>>> real decode procedure filmed on youtube ! that's proof . the rest is just >>>> talk . so , why we are so excited about it ? because its wide now and most >>>> people who didnt know a thing about GSM before know are hearing cool things >>>> about the possibility of listening to ATM traffic for example . we all knew >>>> its possible . its out there for years . but as for this project what have >>>> we done ? we have reproduced THC's content and ideas on different site , >>>> different names and some tables that are just claimed to be true are >>>> published . so what ? >>>> >>>> 4- its claimed this project will generate the tables fully then Airprobe >>>> will build an interceptor using open or cheap hardware and this all >>>> together >>>> will prove GSM is broken . >>>> ok , so , until now we dont have all the tables we are not even sure the >>>> ones that are generated are Ok and no one has proved it , we just talked >>>> about it . great ! >>>> on Airprobe , we have some ideas its possible to capture GSM with USRP >>>> but we didnt actually solve the Hopping problem , so in reality we dont >>>> have >>>> even correct ideas how to capture real world GSM traffic and given the >>>> facts >>>> i think that's not gonna happen anytime soon . if i am wrong please give me >>>> a link to a page that filed the real GSM traffic has captured with USRP and >>>> can be analyzed . anything else is just talk and talk is cheap >>>> >>>> i will be more than glad to see people prove me wrong on these 4 items >>>> but i think nobody can . what happened here was just a bunch of >>>> republications and getting the information to a wider audience . nohl's >>>> work >>>> is good but i'm also as an ex academic and current convict of industry can >>>> not just stand up and applause for something i clearly see is half truth , >>>> in doubt , unproved or maybe even wrong . >>>> >>>> people are attacking GSMA . i think they have every right to do that but >>>> i believe they are right on one thing . " the team >>>> has underestimated the..." >>>> >>>> by the way there was another presentation at CCC about playing with RF >>>> interface of cellphones . what a load of crap . i had high hopes and i saw >>>> just a bunch of republications of THC work and some general knowledge . >>>> nothing more . he said its possible to play around TI's calypso and control >>>> it . so what ? you guessed that alone all by yourself that's possible ? >>>> good >>>> job ! in A5/1 presentation its been said its possible to build an IMSI >>>> catcher using open source stuff . how it is possible ? why would we lie >>>> about this ? openbts and openbsc and USRP alltogether can not do what IMSI >>>> catchers do , not now and not in near future . so why would we publish some >>>> general information we have on IMSI catchers ( widely available in >>>> law enforcement and old articles like Barkan and biham also explained it ) >>>> and add some misinformation to it to make it legit ? that's not called >>>> honest Academic work people >>>> >>>> even if in another world all these were theoretically possible , we >>>> havent done them yet . so ? its just all talk . how is talking about >>>> something is equal to doing it ? i'm looking for people who can explain >>>> this >>>> to me >>>> >>>> no offence intended >>>> all the bests >>>> >>>> >>>> >>>> ------------------------------ >>>> ¿Cansado de borrar spam de tu bandea de entrada? ¡Ganá tiempo con el >>>> nuevo filtro anti spam de Hotmail! <http://mail.live.com> >>>> >>>> >>>> >>>> ------------------------------ >>>> ¿Te llegan demasiados emails? Organizate con Hotmail. ¡Creá carpetas >>>> para todos tus correos! <http://mail.live.com/> >>>> >>> >>> >>> -----Inline Attachment Follows----- >>> >>> >>> _______________________________________________ >>> A51 mailing list >>> [email protected] >>> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >>> >>> >>> >>> _______________________________________________ >>> A51 mailing list >>> [email protected] <http://mc/[email protected]> >>> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >>> >>> >> >> >> -- >> Regards, >> Alexander Chemeris. >> >> >> >> _______________________________________________ >> A51 mailing list >> [email protected] >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >> >> >> > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > -- Regards, Alexander Chemeris.
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
