Bastien Baranoff wrote:
> Hello all, the attack : you generate the rainbow tables for each possibles ki
> with a given rand set, send this rand (which is not random ;) the phone
> respond with sres you make the operation for 3 or 4 rand and meaningly
> decrease the possibility of ki. Do you think it is realisable ?
Someone please correct me if I'm wrong on this detail, but it is my
understanding that no mainstream commercial operator today (outside of
personal enthusiast tinkerers in Osmocom and similar communities)
issues native 2G SIM cards any more - instead all of their current SIM
cards are actually USIM/ISIM, and if GSM 11.11 SIM operation is
supported at all, it is only provided as a backward compatibility
mode. I reason that these "modern" SIMs must be using Milenage in
their native 3G/4G mode, thus their secret key material is not classic
Ki, but K/Ki (128 bits) plus OPc (another 128 bits), for a total of
256 bits of secret key material.
What happens when these "modern" SIMs are accessed via GSM 11.11 SIM
protocol, or when 2G authentication is requested in a USIM session?
I find it doubtful that they switch to COMP128 (any version) in this
mode, instead I reason that they use 2G mode of Milenage, which still
uses both K/Ki and OPc - thus the secret key material used even for 2G
Kc and SRES generation from RAND is still 256 bits rather than 128.
Again, someone please correct me if my reasoning is wrong here.
M~
Hello,
I am new to this Project and I am having a Problem with running the
Transceiver. I hope you can help me out.
When i start the Transceiver on 2 Phones with this commands
./osmocon -p /dev/ttyUSB1 -m c123xor -s /tmp/osmocom_l2 -c
/root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/trx.highram.bin
./osmocon -p /dev/ttyUSB2 -m c123xor -s /tmp/osmocom_l2.2 -c
/root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/trx.highram.bin
and
sudo ./transceiver -e 1 -2 -a 47 -r 99
it throws an error which i can not solve. Maybe i am blind or something,
but it doesn't work. I tried to kill the process but i can't find anything.
The CLI gave me this error:
~/osmocom/osmocom-bb/src/host/layer23/src/transceiver# sudo
./transceiver -e 1 -2 -a 47 -r 99
47
41
1
<000c> l1ctl.c:77 Tx Reset Req (1)
<000c> l1ctl_link.c:171 Sending: '0d 00 00 00 01 00 00 00 '
<000c> l1ctl.c:77 Tx Reset Req (1)
<000c> l1ctl_link.c:171 Sending: '0d 00 00 00 01 00 00 00 '
Aborted
Even when i try to start it with only 1 Phone, it doesn't run. There is
a Problem, but i can't figure out what it is...
I hope you can help me out for running my Transceiver or give me some hints.
Thank you very much
Sally
Hi guys,
First of all, I want to reassure all the ML members that this is an
isolated pseudo spam post and I asked in advance for permission from Harald
to post it.
Said that... I just wanted to let you know that ZTE is opening a
CyberSecurity Lab in Germany and they are looking for Security Engineers
passionate about Telco Security.
*Position: *
Cybersecurity Engineer
*Location:*
Düsseldorf, Germany
*Responsibilities**:*
1. Testing the the security performance (at least but not limited to
penetration testing) of ZTE products. Drafting documents and reporting
testing results to stakeholders.
2. Participating in security research activities and projects in the
Telecommunication field. Study and use cutting-edge security
technology/tools for test and research.
3. Participating in product security risk analysis and security
requirements collection.
4. Participating in lab operations.
5. Participate in the product security incident response, trace the
attack, and give rectification plans.
6. Assisting in security certifications, support security vulnerability
verification and rectification of products.
7. Assisting in communicating security-related matters on products
across multiple departments
*Link for applications:*
https://www.linkedin.com/jobs/view/3361789707/
In case of questions, feel free to ping me here or reach me on LinkedIn [1]
Cheers
Luca
[1] https://www.linkedin.com/in/lucabongiorni/
Hello,
i'm stucking at running my transceiver. it should be working, but it
doesn`t.
if i am trying to run both transceivers with:
root:~/osmocom/osmocom-bb/src/host/osmocon #? $ ./osmocon -p
/dev/ttyUSB1 -m c123xor -s /tmp/osmocom_l2 -c
/root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/trx.highram.bin
root:~/osmocom/osmocom-bb/src/host/osmocon #? $ ./osmocon -p
/dev/ttyUSB2 -m c123xor -s /tmp/osmocom_l2.2 -c
/root/osmocom/osmocom-bb/src/target/firmware/board/compal_e88/trx.highram.bin
this one here doesn`t work like it did before. It shows me this Error
here. What can ido to get rid of this Error? Can i kill the Process of
the TRX or restart it?
root:~/osmocom/osmocom-bb/src/host/layer23/src/transceiver #? $ sudo
./transceiver -e 1 -2 -a 47 -r 99
47
41
1
<000c> l1ctl.c:77 Tx Reset Req (1)
<000c> l1ctl_link.c:171 Sending: '0d 00 00 00 01 00 00 00 '
<000c> l1ctl.c:77 Tx Reset Req (1)
<000c> l1ctl_link.c:171 Sending: '0d 00 00 00 01 00 00 00 '
Aborted
it would be nice to hear from you. thanks
msfu777
Hello,
I found 3x C155, 1x C116 while cleaning out my attic.
I there is somebody interested in this devices? I would be happy to give
them to the community.
muebau