@manawyrm @q let me guess: Those were used for #Osmocom / #OpenGSM devs that tended to use #ChaosCommunicationCongress as testing grounds for their Software...

Sadly the bands have been allocated and AFAIK all regular multi-band #GSM bands have veen allocated and the only Sub - 700MHz bands unused are extremely uncommon (GSM-400 for example) and @BNetzA won't issue even experimental useage licenses for events in said bands...

Circuit Switched Data (CSD) in GSM (osmodevcall)

about this event: https://c3voc.de
https://media.ccc.de/v/osmodevcall-20230315-laforge-csd #ccc #osmodevcall #osmocom #Berlin #2023 #31

Our next #osmocom #OsmoDevCall on March 15, 20:00 CET will feature a presentation about #GSM Circuit Switched Data (CSD). See https://osmocom.org/news/210 for details. Attendance free/open to any interested party. #retronetworking

Long-range Telecommunications in HF band (osmodevcall)

about this event: https://c3voc.de
https://media.ccc.de/v/osmodevcall-20230215-rafael2k-long-range-hf-comm #ccc #osmodevcall #osmocom #Berlin #2023 #30

RT @LaF0rge
I've last played with XOR-2G (test GSM auth algorithm ) in 2008-2010 timeframe. In #osmocom we've had COMP128v1/2/3, MILENAGE and XOR-3G support, but somehow never bothered to implement XOR-2G. Changing that in https://gerrit.osmocom.org/c/libosmocore/+/31451

iCE40-usbtrace: Full-Speed USB tracer (osmodevcall)

about this event: https://c3voc.de
https://media.ccc.de/v/osmodevcall-20230118-tnt-ice40-usbtrace #ccc #osmodevcall #osmocom #Berlin #2023 #29

USB Hub for Device Testing (osmodevcall)

about this event: https://c3voc.de
https://media.ccc.de/v/osmodevcall-20221221-tsaitgaist-usb-hub-for-device-testing #ccc #osmodevcall #osmocom #Berlin #2022 #28

Practically speaking, you get a 2x8-bit additive checksum of the answer, which is 48 bits compressed into 16. So there are 2^32 RESULT values which would give the same SRES.

I'll leave it as an exercise to someone with better cryptography and maths skills than me to figure out how many challenge/response pairs you'd have to grab off the air to break the SAK.
And after that, you have to derive the number dialling key (K4,K5,K6). #NMT450 #Osmocom

Answer is ... yes, if we knew the value of RESULT for a given AUTH challenge. But RESULT isn't transmitted over the air. The mobile transmits the value SRES instead:
SR1 = (R1+R2+R3) mod 256
SR2 = (R4+R5+R6) mod 256
SRES = (R1 || R2)

So the problem boils down to: you have to brute-force a 96-bit key with 3 known bits. On a GPU, this might be feasible, each operation is a pair of big-integer exponentiations and a modulo. #NMT450 #Osmocom

This is useful because the algorithm imposes some constraints:
- MSBit of K1, K2 and K3 must be set (reduces keyspace to 16+32+48 - 3 = 93 bits (down from 96)
- K4, K5 and K6 are used to encrypt the dialled number (not authentication)
- K3 must be greater than or equal to RESULT

So we can break NMT SIS really easily, right? #NMT450 #Osmocom

Well then, that's a good find. Been staring at #Osmocom Analog and the #NMT450 code, did a deep dive... and found what may be the NMT SIS authentication algorithm: https://groups.google.com/g/fido7.ru.phreaks/c/mC7BuLIpK1s/m/RmSeSo5d8jYJ

Looks like the "120 bit" SAK (subscriber auth key) is really six subkeys: K1 (16 bits). K2 (32 bits). K3 (48 bits). K4,5,6 (8 bits each).

The BS generates a random number RAND, which consists of two parts: RD1 (16 bits), RD2 (12 bits).

RESULT = ((RD1**K1) + (K2**RD2)) mod K3

oh dear I've bought yet another silly thing. a Benefon TDP40/Delta #NMT450 phone, with charger. Hopefully it'll work with #Osmocom NMT. Either way, the service pod (Localbox) turns out to be a programmed 24LC16 EEPROM soldered into a charge/handsfree/car-kit connector, so programming the IDs and frequencies should be possible. http://web.archive.org/web/20040611171005/http://nmt.btv.ru/index.php?page=adap

My Debian Activities in November 2022
FTP master
This month I accepted 292 and rejected 43 packages. The overall number of packages that got accepted was 295.
Debian LTS
This was my hundred-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. 

This month my all in all workload has been 1
http://blog.alteholz.eu/2022/12/my-debian-activities-in-november-2022/
#Uncategorized #Debian #ELTS #en #ftpmaster #LTS #osmocom #package #planetdebian

MS/BS Power Control in OsmoBSC and OsmoBTS (osmodevcall)

about this event: https://c3voc.de
https://media.ccc.de/v/osmodevcall-20221116-fixeria-gsm-power-control #ccc #osmodevcall #osmocom #Berlin #2022 #27

MS/BS Power Control in OsmoBSC and OsmoBTS (osmodevcall)

about this event: https://c3voc.de
https://media.ccc.de/v/osmodevcall-20221116-fixeria-gsm-power-control #ccc #osmodevcall #osmocom #Berlin #2022 #27

Osmocom SIMtrace2 Tutorial - SIM protocol tracing: how & why (osmodevcall)

about this event: https://c3voc.de
https://media.ccc.de/v/osmodevcall-20221019-laforge-simtrace2-tutorial #ccc #osmodevcall #osmocom #Berlin #2022 #26

It just went public: @OpenTechFund has awarded us funding for the improvement of #osmocom mainly in areas related to better integration of 2G+4G networks, including supporting @rhizomatica in Mexico. https://www.opentech.fund/results/supported-projects/osmocom-cellular-network-infrastructure/

My Debian Activities in October 2022
FTP master
This month I accepted 484 and rejected 55 packages. The overall number of packages that got accepted was 492.
Debian LTS
This was my hundredth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.  Woohoo, There is a party. (yes I am o
http://blog.alteholz.eu/2022/11/my-debian-activities-in-october-2022/
#Uncategorized #Debian #debian-astro #ELTS #en #ftpmaster #LTS #osmocom #package #planetdebian

Well, apart from that both seem to use the same kind of 1 cable as attack vector, I'm watching

“GSM-R and how it differs from GSM”
https://media.ccc.de/v/osmodevcall-20210813-laforge-gsm-r

#gsmr #gsm #osmodevcall #Berlin #osmocom

#ccc https://media.ccc.de/v/osmodevcall-20220429-laforge-octoi Osmocom Community TDMoIP (OCTOI) (osmodevcall): about this event: https://c3voc.de #osmodevcall #osmocom #Berlin #2022 #25