Hello time goes... What I did want to say. I was messy last time. Was talking about multiple subjects at a time 1-Impersonnation ? (not new attack) Can it ever be done ?? I mean we have four burst genuine MS < - > genuine BTS genuine MS < - > evil BTS evil MS < - > genuine BTS evil MS < - > evil BTS
instead of one genuine MS < - > genuine BTS
2- My "work" I did with a reader and a Motorola : read rand from genuine BTS catch SRes from the sim to a fake BB which forward the SRes in response the rand asked by a fake TRX forwarded by my evil OSMOCom-BB to genuine BTS I used SoftSim but not like SoftSim do normaly. I have took the kc in SoftSim and pushed it in OSMOCom-BB phone and get a connection with a genuine BTS with pushing only that from the reader (I have cheat) but the RAND and SRES should be forwarded.
https://www.youtube.com/watch?v=rSGA4oFsFrQ&t=53s
3- What i intent to do Like Harald Welte said I miss the kc and my question is what frame to take we have 4 in this case instead of 1 and the number of the frame to take for find_kc tool ??
4- What I was trying to say : If we control the rand sent to target is there a way to retrieve the Ki of the target with such attacks I mean with sending multiple rand choosen and retrieve Ki
https://github.com/bbaranoff/Comp128/blob/master/COMP128-R3.txt