Bug #3043

A5/3 encryption fails

Added by jbruckner 14 days ago.

Target version:
Start date:
Due date:
% Done:


Spec Reference:


This was discussed a bit on the mailing list already:

I'm attaching the Wireshark traces from the mails. Please see the respective mail from the archive for a description of what has been recorded there.

Here's my initial mail:
I’m having trouble using the A5/3 encryption in my setup. A5/1 works perfectly fine [attachment a5_1.pcapng]. As soon as I switch to A5/3 and e.g. send an SMS, the last valid message I see in the Wireshark traces of the GSMTAP of osmo-bts-trx is the Ciphering Mode Command requesting A5/3. After that, several messages arrive at the bts, but it seems like it can’t make any sense of them. The MS repeatedly tries to send the SMS but never succeeds [attachment a5_3.pcapng]. Both MSs are connected to the same bts.

According to the Classmarks of all MSs, A5/1 as well as A5/3 are supported.
This is my Setup:
- USRP N210
- osmo-trx
- osmo-bts-trx
- osmo-nitb
- osmo-pcu
- osmo-sgsn
- osmo-ggsn
I’m using a Debian 9 VM and tried both the packages from osmocom-latest as well as osmocom-nightly.
The MSs I’ve tested are two Nexus 6 and one Samsung Galaxy S I9000. All three with sysmocom nano USIMs.

Could the decryption at the bts be incorrect? Has anyone tested/used it recently?
I’ll be happy to provide additional information if needed.

a5_1.pcapng - (11.4 KB) jbruckner, 03/08/2018 10:12 AM

a5_1_3_with_LU_Auth.pcapng - (94.1 KB) jbruckner, 03/08/2018 10:12 AM

a5_3.pcapng - (68 KB) jbruckner, 03/08/2018 10:12 AM

attach_a5_0_1_3.pcapng - (85.6 KB) jbruckner, 03/08/2018 10:12 AM

Also available in: Atom PDF