Good afternoon!
I with my friends-students got a task to investigate ciphering algorithm GEA3, using in
GPRS/EDGE.
While communication MS and Osmocom base station (BS) we've got the LLC-message:
LLC MESSAGE (ciphered): 01C00F1840623297A594EE196714A2653D23D5A2AC52792F0434
with the following parameters:
Cipher Algorithm: GEA3
Kc_GPRS: A8FC3A996A80D000
SAPI: 1
NU: 3
IOV_UI: 0
OC: 0
After applying algorithm GEA3 we've got deciphered LLC-message:
LLC MESSAGE (deciphered): 01C00F0802012A0452F00300010017161805F4D7BF04CA 26176B
We get, calculated FCS (6B1726) using deciphered LLC-message and contained in LLC-message
FCS (6B1726) are equal.
While communication MS and the real BS we've got the following LLC-message:
LLC MESSAGE (ciphered)
41C00B9299A1EB51A1AD1FE71633786B23CBD8E6D41C9F658C89C9544AF2BAAC35
with the following parameters:
Cipher Algorithm: GEA3
KC_GPRS: 8f94a69c3d9bdf48
SAPI: 1
NU: 2
IOV_UI: 0x10000000 (got from XID)
OC: from 0 to 8388608
So we tried to apply the OC parameter from 0 to 8388608 to decipher the message (other
parameters were not been changed).
In every step, we calculated FCS and compared it with contained in LLC-message FCS and had
no success.
Finally the question:
Can the value of IOV_UI (Osmocom BS: 0, real BS: 0x10000000) affect the deciphering, and
if yes then how??
With regards, students of the telecommunication department.
Thank you for your attention!
Best regards, Sergei
----------------------------------------------------------------------
Show replies by date