SIM-Max Tech's Super-SIM

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.

Henk henk.vergonet at gmail.com
Wed Mar 9 20:38:32 UTC 2011


On Tue, Mar 8, 2011 at 4:31 PM, Alfonso De Gregorio wrote:
> On Tue, Mar 8, 2011 at 3:28 PM, Henk wrote:
>> Actually comp128-2 has a 54bit Kc it seems.
>
> Have you observed a COMP128-2 implementation returning a 54bit long
> Kc?, or have you heard about this from somebody else?
> Can you please disclose more about the SIM model and the operator
> running this A3/A8 implementation?
>

I found it in a some vendor related 3G spec some while ago, can't
remember which one.

After some googling I found the reference below, which also confirm a
Kc of 54 bits, unfortunately I don't have access to the algorithm.
This seems to indicate a completely new algorithm, some others suggest
its a "patched" version of comp128.

- henk

"Quirke (2004). Security in the GSM system."
...
Implementations of A3, A8

Although the design of the GSM system allows an operator to choose any
algorithm they
like for A3 & A8, many decided on the one that was developed in secret
by the GSM
association, COMP128.

COMP128 eventually ended up in public knowledge due to a combination
of reverse engineering and leaked documents, and serious flaws were
discovered (as discussed below).

Some GSM operators have moved to a newer A3/A8 implementation, COMP128-2, a
completely new algorithm which was also developed in secret. This
algorithm for now
seems to have addressed the faults of the COMP128 algorithm, although
since it has yet
to come under public scrutiny it may potentially be discovered via
reverse-engineering
and any possible flaws could be learned.

Finally, the COMP128-3 algorithm can also be used, it is simply the COMP128-2
algorithm, however all 64-bits of the Kc are generated, allowing
maximal possible
strength from the A5 ciphering algorithm (COMP128-2 still sets the 10
rightmost bits of
the Kc to 0), deliberately weakening the A5 ciphering.
…




More information about the baseband-devel mailing list