Hello time goes...
What I did want to say. I was messy last time. Was talking about multiple subjects at a
time
1-Impersonnation ? (not new attack)
Can it ever be done ?? I mean we have four burst
genuine MS < - > genuine BTS
genuine MS < - > evil BTS
evil MS < - > genuine BTS
evil MS < - > evil BTS
instead of one
genuine MS < - > genuine BTS
2- My "work"
I did with a reader and a Motorola : read rand from genuine BTS catch SRes from the sim to
a fake BB which forward the SRes in response the rand asked by a fake TRX forwarded by my
evil OSMOCom-BB to genuine BTS
I used SoftSim but not like SoftSim do normaly. I have took the kc in SoftSim and pushed
it in OSMOCom-BB phone and get a connection with a genuine BTS with pushing only that from
the reader (I have cheat) but the RAND and SRES should be forwarded.
https://www.youtube.com/watch?v=rSGA4oFsFrQ&t=53s
3- What i intent to do
Like Harald Welte said I miss the kc and my question is what frame to take we have 4 in
this case instead of 1 and the number of the frame to take for find_kc tool ??
4- What I was trying to say :
If we control the rand sent to target is there a way to retrieve the Ki of the target with
such attacks I mean with sending multiple rand choosen and retrieve Ki
https://github.com/bbaranoff/Comp128/blob/master/COMP128-R3.txt