dectmon deciphering

Patrick McHardy kaber at
Sat Nov 13 16:55:18 UTC 2010

On 13.11.2010 17:44, Erik Tews wrote:
> Hi
> Do you know if there is a convention for the cipher key number and the uak number? Usually i assume that they are 0 or 8, but i don't know a way to guess them except eavesdrooping on the key exchange.

The key numbers are contained in the authentication and cipher
request messages (see below, 8 means key 0 associated with the
current IPUI/PARK pair).

I've so far not seen any phone using anything else but key
number 0 and especially for the cipher key that also doesn't
seem to make much sense since ideally its generated directly
before its used. In case of the authentication key I don't
think its even possible for a normal phone to have more than
one since you can't derive it from an existing UAK, so it
would have to pair multiple times. Its probably intended
for using foreign keys like GSM or a DAM.

Anyways, what you could do to get the authentication key number
instead of eavesdropping is to send a message to the FP that
will trigger authentication using the IPUI of the phone you're
interested in.

>>  IE: <<AUTH-TYPE>> id: a len: 5 dst: 0x60c2e0
>> 	authentication algorithm: DSAA (1)
>> 	authentication key type: User authentication key (1)
>> 	authentication key number: 8
>> 	cipher key number: 8
>> 	INC: 0 DEF: 0 TXC: 0 UPC: 1

>> {MM-CIPHER-REQUEST} message:
>>  IE: <<CIPHER-INFO>> id: 19 len: 4 dst: 0x60c2b0
>> 	enable: 1
>> 	cipher algorithm: DECT Standard Cipher 1 (1)
>> 	cipher key type: derived (9)
>> 	cipher key num: 8

More information about the linux-dect mailing list