Hi Neels,

> I see that you only have one Location Updating with A5/1. It should work
to switch to A5/3 on-the-fly, but just for curiosity, you could try to
detach and re-attach the phone after switching to A5/3.

I just tested that. It does not change the behavior. As soon as I switch to
A5/3 the BTS never receives a Ciphering Mode Complete, after having sent the
Ciphering Mode Command for A5/3 to the MS. This happens for SMS as well as
the whole Location Update/Authentication/TMSI-Relocation procedure. Trying
to attach the MS after enabling A5/3, the MS is not able to attach
successfully and continuously tries to attach until it gives up. Similar to
how it keeps trying to send an SMS with A5/3 enabled.

I have attached another trace of the attach and detach with A5/0 (works),
then A5/1 (works) and finally A5/3 (fails, tried several times). For the
A5/3 attach, there is no Authentication Request/Reply. But also in cases
where the Authentication is performed the following A5/3 ciphering fails in
the same way.

> You write that you are using osmo-nitb. Does the problem persist if you
use osmo-bsc + osmo-msc + osmo-hlr instead? See:
https://osmocom.org/projects/cellular-infrastructure/wiki/Osmocom_Network_In
_The_Box

I will try to test that setup and let you know if it helps.

> If you switch back and forth between A5/3 and /1, do the results remain
stable? So it's not your SDR coincidentally clock-unsyncing in the wrong
moment by coincidence?

I tested it many times, switching between A5/3,1 and 0 and using different
phones. A5/1 (and 0 of course) works every single time. A5/3 did not work a
single time. I'd say it's safe to assume that it's not the SDR failing in
some way.

Jan

Attachment: attach_a5_0_1_3.pcapng
Description: Binary data

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to