thanks for the last two questions this was also the important facts that nobody mentioned them . to do a successful attack to A5/1 enabled GSM you need to capture signal on a wide-band style meaning you need to capture all the bands that may have carrier on them . this is highly depended on the network configuration specially the design on BTS .
real world BTSs are offering services on different bands and calls are always get handover between the bands due to radio resource management . for a sucsessful GSM interception you at least need to capture Downlink . considering the current opensource and cheap hardware you can simple forget to capture both uplink and downlink , that's just not possible . to capture Downlink of a BTS that offers GSM1800 you need to capture at least 75 MB of the spectrum space . this is far more than USRP and also beyond USRP2 yes its possible to do this on GSM900 but you have to first find a BTS that only offers downlink on GSM900 and this is not going to be easy the idea of being able to build the RF part of a GSM interceptor that works on real world BTSs across the world using cheap stuff like USRP is just delusional . never gonna happen . this is another truth about this work . giving ourselves promises that's just not technically possible is not going to go far what is possible to do ? it is possible to build a GSM900-only capture system using at least two USRP2 and still it depends on the number of TRXs that's installed on the BTS . if we want to go out there and really capture data from a real BTS we need to consider these things before getting ahead of ourselves . a two-unit USRP2 system might be able to fully capture the downlink of a real BTS operating in GSM900 only in a not so crowded area i saw people are fantasizing this work to put it on some hacker CD like Wifi and WEP stuff . i'm going to go out and say it : people , this is far more complicated and more expensive than that . this is all just because of the expensive and close nature of cellular network business and RF problems , not just because of the cryptography like i said before A5/1 is just a part of the problem . even if we can prove we can crack A5/1 which is not happened yet next step is the real pain in the ass regards On Mon, Jan 4, 2010 at 1:58 PM, Gregory Maxwell <[email protected]> wrote: > [Please don't send HTML mail to mailing lists] > On Mon, Jan 4, 2010 at 4:31 AM, p q <[email protected]> wrote: > > > > USRP even in a two-unit configuration is no good since it can not handle > GSM1800 > > I was under the impression that provider allocations are still no more > than 10mhz wide in the 1800mhz band, are they not? >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
