Sorry when i had the idea i thought it clever which is not the case yet.

But i may think that which choosen rand we may downgrade from 256 bits to 128 bits

but for old sims and even 128 bits are unbreackable. Sorry again and please forget it and forgive me for it.

For those interested we can execute the attack flow like that research (soory for the french ... google trnaslate)

https://blogs.univ-poitiers.fr/f-launay/2021/06/23/la-securite-sur-les-reseaux-de-mobiles-part-3/

which your fellow has predate with https://www.youtube.com/watch?v=XSN9oDS5TqI.

The poitiers 's research was ahead me cause i didin't get the kc. But they have MS kept busy when connecting

to legit BTS to get rid out of this have fun with Nico Golde' paging attack.

But I wanted to go further by overkilling 2G with Ki cracking by using a3a8 algorithm

https://github.com/bbaranoff/testa3a8/ with a testcase condition of ki|RAND<=>SRES|kc

but i had made a confusion with 128 and 64 bits for dimensionnement of the attack ;) a little big error

which if it was possible make it impossible (at least in this state of art). Yes I meaned 128bits and not 256 at least

up to compv3 cause with ciphering mode completed attack you forward the rand legit bts so in the same idea you can

set a "static" rand (lol) and if the ki was 64 bits generate rainbows but little cufion of 64bits which made the attack from

few minuts to billions years. Hope you have enjoyed the reading. And Thank You OsmoCom(munity)

Le mar. 1 mars 2022 à 20:17, Mychaela Falconia <mychaela.falconia@gmail.com> a écrit :

Bastien Baranoff wrote:

> Hello all, the attack : you generate the rainbow tables for each possibles ki
> with a given rand set, send this rand (which is not random ;) the phone
> respond with sres you make the operation for 3 or 4 rand and meaningly
> decrease the possibility of ki. Do you think it is realisable ?

Someone please correct me if I'm wrong on this detail, but it is my
understanding that no mainstream commercial operator today (outside of
personal enthusiast tinkerers in Osmocom and similar communities)
issues native 2G SIM cards any more - instead all of their current SIM
cards are actually USIM/ISIM, and if GSM 11.11 SIM operation is
supported at all, it is only provided as a backward compatibility
mode. I reason that these "modern" SIMs must be using Milenage in
their native 3G/4G mode, thus their secret key material is not classic
Ki, but K/Ki (128 bits) plus OPc (another 128 bits), for a total of
256 bits of secret key material.

What happens when these "modern" SIMs are accessed via GSM 11.11 SIM
protocol, or when 2G authentication is requested in a USIM session?
I find it doubtful that they switch to COMP128 (any version) in this
mode, instead I reason that they use 2G mode of Milenage, which still
uses both K/Ki and OPc - thus the secret key material used even for 2G
Kc and SRES generation from RAND is still 256 bits rather than 128.

Again, someone please correct me if my reasoning is wrong here.

M~