philpem · @philpem
394 followers · 975 posts · Server digipres.club

Practically speaking, you get a 2x8-bit additive checksum of the answer, which is 48 bits compressed into 16. So there are 2^32 RESULT values which would give the same SRES.

I'll leave it as an exercise to someone with better cryptography and maths skills than me to figure out how many challenge/response pairs you'd have to grab off the air to break the SAK.
And after that, you have to derive the number dialling key (K4,K5,K6).

#osmocom #NMT450

Last updated 2 years ago

philpem · @philpem
394 followers · 974 posts · Server digipres.club

Answer is ... yes, if we knew the value of RESULT for a given AUTH challenge. But RESULT isn't transmitted over the air. The mobile transmits the value SRES instead:
SR1 = (R1+R2+R3) mod 256
SR2 = (R4+R5+R6) mod 256
SRES = (R1 || R2)

So the problem boils down to: you have to brute-force a 96-bit key with 3 known bits. On a GPU, this might be feasible, each operation is a pair of big-integer exponentiations and a modulo.

#osmocom #NMT450

Last updated 2 years ago

philpem · @philpem
394 followers · 973 posts · Server digipres.club

This is useful because the algorithm imposes some constraints:
- MSBit of K1, K2 and K3 must be set (reduces keyspace to 16+32+48 - 3 = 93 bits (down from 96)
- K4, K5 and K6 are used to encrypt the dialled number (not authentication)
- K3 must be greater than or equal to RESULT

So we can break NMT SIS really easily, right?

#osmocom #NMT450

Last updated 2 years ago

philpem · @philpem
394 followers · 972 posts · Server digipres.club

Well then, that's a good find. Been staring at Analog and the code, did a deep dive... and found what may be the NMT SIS authentication algorithm: groups.google.com/g/fido7.ru.p

Looks like the "120 bit" SAK (subscriber auth key) is really six subkeys: K1 (16 bits). K2 (32 bits). K3 (48 bits). K4,5,6 (8 bits each).

The BS generates a random number RAND, which consists of two parts: RD1 (16 bits), RD2 (12 bits).

RESULT = ((RD1**K1) + (K2**RD2)) mod K3

#NMT450 #osmocom

Last updated 2 years ago

philpem · @philpem
382 followers · 888 posts · Server digipres.club

oh dear I've bought yet another silly thing. a Benefon TDP40/Delta phone, with charger. Hopefully it'll work with NMT. Either way, the service pod (Localbox) turns out to be a programmed 24LC16 EEPROM soldered into a charge/handsfree/car-kit connector, so programming the IDs and frequencies should be possible. web.archive.org/web/2004061117

#osmocom #NMT450

Last updated 2 years ago