Hi! I with my friends-students got a task to investigate ciphering algorithm GEA3, using in GPRS/EDGE. While communication MS and Osmocom base station (BS) we've got the LLC-message: LLC MESSAGE (ciphered): 01C00F1840623297A594EE196714A2653D23D5A2AC52792F0434 with the following parameters: Cipher Algorithm:  GEA3 Kc_GPRS: A8FC3A996A80D000 SAPI: 1  NU: 3  IOV_UI: 0  OC: 0  After applying algorithm GEA3 we've got deciphered LLC-message: LLC MESSAGE (deciphered): 01C00F0802012A0452F00300010017161805F4D7BF04CA 26176B                                        We get, calculated FCS (6B1726) using deciphered LLC-message and contained in LLC-message FCS (6B1726) are equal.   While communication MS and the real BS we've got the following LLC-message: LLC MESSAGE (ciphered)  41C00B9299A1EB51A1AD1FE71633786B23CBD8E6D41C9F658C89C9544AF2BAAC35 with the following parameters: Cipher Algorithm:  GEA3 KC_GPRS: 8f94a69c3d9bdf48 SAPI: 1 NU:  2 IOV_UI: 0x10000000 (got from XID) OC: from 0 to 8388608 So we tried to apply the OC parameter from 0 to 8388608 to decipher the message (other parameters were not been changed). In every step, we calculated FCS and compared it with contained in LLC-message FCS and had no success. Finally the question: Can the value of IOV_UI (Osmocom BS: 0, real BS: 0x10000000) affect the deciphering, and if yes then how?? With regards, students of the telecommunication department.

Thank you for your attention!   Best regards, Sergei   ----------------------------------------------------------------------