Hi,
- Issue our own SIM cards to permit Authentication + Encryption. This is
the perfect way how we can have a A5/1 based network that people can use to play with airprobe + Kraken - without violating any laws.
I was planning to enhance pySim to allow more batch programming and support for pc/sc reader (so you just have to insert, wait, remove, insert, wait, ...).
I will probably do that soon, after DeepSec.
I would suggest we simply sell them (as opposed to providing them for a deposit, as we then would have to take back a lot of cards and return money, which is a lot of overhead).
Definitely. I don't see any people having a problem with paying a few EUR for a SIM.
Should : - Personal SIM with IMSI/KI/algo specified - Personal/official SIM with just known IMSI be allowed as well ?
- Consider putting all BTS in the same location area
I didn't see the logs / analysis from last year, but : - Was the 'location' feature really exploited for something ? - Was paging a limit ? (if all are in the same area, the number of paging request would triple I guess). - What was the usage of sdcch/8 / TCH ?
Would TCH/H with AMR be useful ? (i.e. was tch a limit ?)
- User registration
So we sell SIM cards with a pre-programmed IMSI + Ki, but how do we enable users to assign a phone number to them? Ideally I would want them to simply register a phone number at the eventphone.de GURU web interface ahead of the event. But how do we match the IMSI and the phone number? Ask users to simply state the phone number they registered? How do we get some kind of authentication?
Well, I guess SMS is the easier.
What kind of control can you have on the eventphone.de interface ?
Each SIM has a 'default' number, and if they want to instead use a number they pre-registred, have them text a 'token' (long enough not to guess a valid one, but not too long as to be annoying). That token is just displayed on eventphone.de when they register a number as 'GSM' without an IMSI.
Other option is IMEI. They put the IMEI on evenphone.de and when we get a registration we know who to link.
Cheers,
Sylvain