Hi Neels, > I see that you only have one Location Updating with A5/1. It should work to switch to A5/3 on-the-fly, but just for curiosity, you could try to detach and re-attach the phone after switching to A5/3.
I just tested that. It does not change the behavior. As soon as I switch to A5/3 the BTS never receives a Ciphering Mode Complete, after having sent the Ciphering Mode Command for A5/3 to the MS. This happens for SMS as well as the whole Location Update/Authentication/TMSI-Relocation procedure. Trying to attach the MS after enabling A5/3, the MS is not able to attach successfully and continuously tries to attach until it gives up. Similar to how it keeps trying to send an SMS with A5/3 enabled. I have attached another trace of the attach and detach with A5/0 (works), then A5/1 (works) and finally A5/3 (fails, tried several times). For the A5/3 attach, there is no Authentication Request/Reply. But also in cases where the Authentication is performed the following A5/3 ciphering fails in the same way. > You write that you are using osmo-nitb. Does the problem persist if you use osmo-bsc + osmo-msc + osmo-hlr instead? See: https://osmocom.org/projects/cellular-infrastructure/wiki/Osmocom_Network_In _The_Box I will try to test that setup and let you know if it helps. > If you switch back and forth between A5/3 and /1, do the results remain stable? So it's not your SDR coincidentally clock-unsyncing in the wrong moment by coincidence? I tested it many times, switching between A5/3,1 and 0 and using different phones. A5/1 (and 0 of course) works every single time. A5/3 did not work a single time. I'd say it's safe to assume that it's not the SDR failing in some way. Jan
Description: Binary data
Description: S/MIME cryptographic signature