Сергей Егоров serge1991drum at
Fri Sep 18 07:48:03 UTC 2020

Good afternoon!
I with my friends-students got a task to investigate ciphering algorithm GEA3, using in GPRS/EDGE.
While communication MS and Osmocom base station (BS) we've got the LLC-message:
LLC MESSAGE (ciphered): 01C00F1840623297A594EE196714A2653D23D5A2AC52792F0434
with the following parameters:
Cipher Algorithm:  GEA3
Kc_GPRS: A8FC3A996A80D000
SAPI: 1 
NU: 3 
IOV_UI: 0 
OC: 0 
After applying algorithm GEA3 we've got deciphered LLC-message:
LLC MESSAGE (deciphered): 01C00F0802012A0452F00300010017161805F4D7BF04CA 26176B
We get, calculated FCS (6B1726) using deciphered LLC-message and contained in LLC-message FCS (6B1726) are equal.
While communication MS and the real BS we've got the following LLC-message:
LLC MESSAGE (ciphered)  41C00B9299A1EB51A1AD1FE71633786B23CBD8E6D41C9F658C89C9544AF2BAAC35
with the following parameters:
Cipher Algorithm:  GEA3
KC_GPRS: 8f94a69c3d9bdf48
NU:  2
IOV_UI: 0x10000000 (got from XID)
OC: from 0 to  8388608
So we tried to apply the OC parameter from 0 to  8388608 to decipher the message (other parameters were not been changed).
In every step, we calculated FCS and compared it with contained in LLC-message FCS and had no success.
Finally the question:
Can the value of IOV_UI (Osmocom BS: 0, real BS: 0x10000000) affect the deciphering, and if yes then how??
With regards, students of the telecommunication department.

Thank you for your attention!
Best regards, Sergei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the osmocom-net-gprs mailing list