Help with silent call

Snehasish Kar snehasish.cse at
Fri Nov 16 13:36:41 UTC 2018


The APDU that you are referring here is the one used with binary SMS. If so, is then we consider the SMS-PP envelope or the SMS-Deliver approach, in both the cases, we require to know the Ki, Kc and TAR for successful execution of the command(packed in the APDU). How to predict these or any alternative to by-pass this, exists?



From: Neels Hofmeyr <nhofmeyr at>
Sent: Monday, November 5, 2018 12:46:23 AM
To: Snehasish Kar
Cc: openbsc at
Subject: Re: Help with silent call

On Sat, Nov 03, 2018 at 12:06:33PM +0000, Snehasish Kar wrote:
> I have read that silent-calls in GSM can be used to make a call to a target
> MS and listen to it

Not listen to it in terms of audio. You can't eavesdrop on an MS with a slient

You *can* open a channel and receive measurement reports from it, so that you
see which other cells it sees at which receive levels, and how far it is from
the current cell (TA). From that you could derive its position.

The silent call has been one of the earliest features in Osmocom, but until
recently has been broken in osmo-msc. IIUC it is now fixed again in current
master, but might not be in a release yet.

There's also the APDU a.k.a. the RR App Info (I hope I got the names right),
which may or may not contain GPS positioning data that the MS is sending to the
core net.

In both cases the owner of the MS has no explicit idea that they are sharing
any details on their position.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the OpenBSC mailing list