Александр Воронков
2014-10-05 10:41:39 UTC
Hi to all.
Who can help?
I sent myself an SMS and got cfile.
wireshark:
.......................................................................................................................
415 20.954860000 127.0.0.1 127.0.0.1 LAPDm 81 U,
func=UI(DTAP) (RR) System Information Type 5
416 20.992233000 127.0.0.1 127.0.0.1 LAPDm 81 U F,
func=UA(DTAP) (MM) CM Service Request
417 21.002196000 127.0.0.1 127.0.0.1 LAPDm 81 U,
func=Unknown(DTAP) (SS)
418 21.091181000 127.0.0.1 127.0.0.1 LAPDm 81 I, N(R)=1,
N(S)=0(DTAP) (RR) Ciphering Mode Command
.......................................................................................................................
Kc received from the card reader and the program SIMspyII:
wireshark:
............................................................................................................................
572 36.754553000 127.0.0.1 127.0.0.1 LAPDm 81 I, N(R)=2,
N(S)=1(DTAP) (SMS) CP-DATA (RP) RP-ACK (Network to MS)
579 36.816737000 127.0.0.1 127.0.0.1 LAPDm 81 U,
func=UI(DTAP) (RR) System Information Type 5
581 36.861220000 127.0.0.1 127.0.0.1 LAPDm 81 I, N(R)=3,
N(S)=2 (Fragment)
582 36.963894000 127.0.0.1 127.0.0.1 GSM SMS 81 I,
N(R)=3, N(S)=3(DTAP) (SMS) CP-DATA (RP) RP-DATA (Network to MS)
583 37.029014000 127.0.0.1 127.0.0.1 LAPDm 81 U,
func=UI(DTAP) (RR) System Information Type 6
..........................................................................................................................
TP-User-Data
SMS text: Test
All is well. OK
Then try to get Kc using the Kraken.
For sending SMS
System Information Type 5 message:
......................................................
540741 1: 05 02 03 03 49 06 1d 08 00 00 00 10 14 00 00 00 00 00 00 00 51 84
00
./gsmframecoder 05 02 03 03 49 06 1d 08 00 00 00 10 14 00 00 00 00 00 00 00
51 84 00
....................................................................................
xor.py with + 204 to the Frame Number
For incoming SMS
System Information Type 5 message:
.........................................................................
544829 1: 05 01 03 03 49 06 1d 08 00 00 00 10 14 00 00 00 00 00 00 00 51 84
00
./gsmframecoder 05 01 03 03 49 06 1d 08 00 00 00 10 14 00 00 00 00 00 00 00
51 84 00
--------------------------------------------------------------------------
xor.py with + 204 to the Frame Number
Worked with different combinations. Kraken not finds Kc.
P.S. Example vf_call6_a725_d174_g5_Kc1EF00BAB3BAC7002.cfile - OK
Who can help?
I sent myself an SMS and got cfile.
wireshark:
.......................................................................................................................
415 20.954860000 127.0.0.1 127.0.0.1 LAPDm 81 U,
func=UI(DTAP) (RR) System Information Type 5
416 20.992233000 127.0.0.1 127.0.0.1 LAPDm 81 U F,
func=UA(DTAP) (MM) CM Service Request
417 21.002196000 127.0.0.1 127.0.0.1 LAPDm 81 U,
func=Unknown(DTAP) (SS)
418 21.091181000 127.0.0.1 127.0.0.1 LAPDm 81 I, N(R)=1,
N(S)=0(DTAP) (RR) Ciphering Mode Command
.......................................................................................................................
Kc received from the card reader and the program SIMspyII:
wireshark:
............................................................................................................................
572 36.754553000 127.0.0.1 127.0.0.1 LAPDm 81 I, N(R)=2,
N(S)=1(DTAP) (SMS) CP-DATA (RP) RP-ACK (Network to MS)
579 36.816737000 127.0.0.1 127.0.0.1 LAPDm 81 U,
func=UI(DTAP) (RR) System Information Type 5
581 36.861220000 127.0.0.1 127.0.0.1 LAPDm 81 I, N(R)=3,
N(S)=2 (Fragment)
582 36.963894000 127.0.0.1 127.0.0.1 GSM SMS 81 I,
N(R)=3, N(S)=3(DTAP) (SMS) CP-DATA (RP) RP-DATA (Network to MS)
583 37.029014000 127.0.0.1 127.0.0.1 LAPDm 81 U,
func=UI(DTAP) (RR) System Information Type 6
..........................................................................................................................
TP-User-Data
SMS text: Test
All is well. OK
Then try to get Kc using the Kraken.
For sending SMS
System Information Type 5 message:
......................................................
540741 1: 05 02 03 03 49 06 1d 08 00 00 00 10 14 00 00 00 00 00 00 00 51 84
00
./gsmframecoder 05 02 03 03 49 06 1d 08 00 00 00 10 14 00 00 00 00 00 00 00
51 84 00
....................................................................................
xor.py with + 204 to the Frame Number
For incoming SMS
System Information Type 5 message:
.........................................................................
544829 1: 05 01 03 03 49 06 1d 08 00 00 00 10 14 00 00 00 00 00 00 00 51 84
00
./gsmframecoder 05 01 03 03 49 06 1d 08 00 00 00 10 14 00 00 00 00 00 00 00
51 84 00
--------------------------------------------------------------------------
xor.py with + 204 to the Frame Number
Worked with different combinations. Kraken not finds Kc.
P.S. Example vf_call6_a725_d174_g5_Kc1EF00BAB3BAC7002.cfile - OK