Wow.. Okay, I think I'm going to bring myself up to speed again before asking any more questions :P
Thank you for the detailed response! On Fri, Jul 23, 2010 at 2:20 PM, Sylvain Munaut <[email protected]> wrote: > On Fri, Jul 23, 2010 at 3:11 PM, Cal Leeming [Simplicity Media Ltd] > <[email protected]> wrote: > > Silly question but, when a new tmsi is issued by the vlr, how does the > > handset get told what its new TMSI is (or does it never know itself?) > > New TMSI are only issue during "LOCATION UPDATE REQUEST" procedures > which are at the request of the phone. > > > Also, > > the handset has to be told by the (bsc/bss?) what channel it needs to use > > for the phone call, and updates it when this channel changes right? so if > > you caught a call just as it was initiated, does this mean you could > track > > which channels its hopping between by decrypting what the bss/bsc is > telling > > the handset to use, or does it not work like that? > > It doesn't work like that. > > When the phone receives a call: > - The phones monitors a broadcast channel and see there is a phone > call waiting for it. > - The phone xmit a packet on RACH requesting a channel (this packet > has _no_ information allowing to identify what phone is doing this > request) > - The BTS answers on a broadcast channel with an IMMEDIATE ASSIGNMENT > (or variant thereof) to go on a dedicated channel. (again, this > assignment has _no_ information to identify which one it is, it just > references which RACH request it responds to. So the _phone_ knows > it's for him, but everybody else has no way to know for who it is ...) > - TMSI identity will be exchanged in clear on the dedicated channel > - All private identity and phone numbers will be ciphered on the > dedicated channel > > When the phone makes a call, same thing except you skip the first step > and the phone requests a channel directly. > > So when you see an IMMEDIATE ASSIGNMENT you don't know who it's for > and you can follow it to discover it, but you'll loose a bunch of > other IMMEDIATE ASSIGNMENT in the mean time while you're not on the > control channel anymore. > > Cheers, > > Sylvain > -- Cal Leeming Operational Security & Support Team *Out of Hours: *+44 (07534) 971120 | *Support Tickets: * [email protected] *Fax: *+44 (02476) 578987 | *Email: *[email protected] © 2010 Simplicity Media Ltd. All rights reserved. Registered company number 7143564
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
