Sniffing » History » Version 7
keith, 08/22/2018 11:30 AM
Link to "Sylvains explanations" at ML archive was invalid.
| 1 | 5 | *The _burst_ind_ branch ONLY WORKS WITH FTDI OR [[HardwareCP210xTutorial|CP210x]] BASED SERIAL CONVERTERS.* |
|
|---|---|---|---|
| 2 | 2 | laforge | |
| 3 | 7 | keith | The [[OsmocomBB]] git repository contains a branch called @sylvain/burst_ind@. Using this branch, you can dump the burst sequences from the network by running @layer1.bin@ and @ccch_scan@. However, this is only useful if you know what you are doing or if you are sniffing on your own network. See "Sylvains explanations":http://lists.osmocom.org/pipermail/baseband-devel/2010-December/001076.html about his sniffing attack. Also have a look at his and Karsten Nohl's presentation that they held at 27c3 ("MP4 video":http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4208-en-wideband_gsm_sniffing.mp4). |
| 4 | 1 | ||
| 5 | 5 | In case you want to decrypt your own phone calls without knowing the Kc (which is stored e.g. on the SIM and can be read from there), you need to have Kraken and a guesser (as Sylvain explains in the mail above) that guesses the key stream that you need as input for Kraken. See "Sylvain's hints":http://lists.lists.reflextor.com/pipermail/a51/2010-July/000804.html for known plaintext vulnerabilities in the GSM framework. |
|
| 6 | 2 | laforge | |
| 7 | 6 | msuraev | *The _burst_ind_ branch ONLY WORKS WITH FTDI OR [[HardwareCP210xTutorial|CP210x]] BASED SERIAL CONVERTERS:* |
| 8 | |||
| 9 | You'll need to add the following define in osmocon.c: |
||
| 10 | <pre> |
||
| 11 | #define I_HAVE_A_CP210x |
||
| 12 | </pre> |
