Am 20.09.2010 17:27, schrieb luca bongiorni: > Could you gently explain which phone/hardware you used to get that infos > (Kc) in live?! > You used AT Commands?
For now I only used SMS via non-hopping SDCCH using that setup. But that makes no difference whether decrypting SDCCH or TCH. I run my replay on my main computer. The SIM card is accessed in my laptop (because it has my only card reader) Using some network link in my tools, upon a AUTH request in the dumped traffic, the laptop runs the GSM ALGO in the SIM card (see GSM-11.11 9.2.16) using the RAND sent by network and reads back the Kc. Thats the way how mobile phones do their work. For GSM network security this means, there is no forward secrecy. But thanks to the tables, its (a lot) easier now to just brute force Kc. BR, Georg _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
