The other day, I had my monthly meeting with my small hackers group. We smoked down some seriously good Gino's Pizza and stubbed out some well aged Cohiba Siglo II's and of course washed it all down with plenty of Newcastle. We get together and trade techniques, info and swap lies.
I was asked by one of the Dudes, if I have been hacking GSM lately. I told them, no, I not really interested in cell phone technology plus the equipment to monitor 850MHz and 1800MHz to gather enough info to be useful to find a hole to exploit is too much for me to expense and much more then I wife would notice missing.
This Dude is a seriously good math geek that looks at all things with a mathematical eye. I have seen folks that enjoy math (like me) and folks that love math, but this Dude is hardcore. I just bet he sees the world like a Matrix screen saver. As a matter of fact he can look at a Matrix screen saver and laugh at the various mistakes in computation.
Anyway, he told me, no gear is required to find a hole, just use a pencil. He started going over the hole discovered in 1998 where there are 64 bit keys with 200 overlapping segments. Yeah, yeah, I have heard that one before but because of empty passes in a table I am back to using expensive gear and a few months to build out a table. Back to square one.
But what IF someone took the time, built the gear and compiled the tables? Hmmm... That would be something. All I need to do is crack one segment and I can decode a full SMS message. The odds are on the hackers side in finding just one of 200 segment values in even a incomplete table.
He went on to show me the work done by the GSM Cracking Project, http://wiki.thc.org/gsm in building tables for both the A5/1 (Euro standard) and the weaker A5/2 (United States standard...figures...) Impressive, but still, just data on a API to me. Show me Dude!
He broke out his USRP (Universal Software Radio Peripheral) http://www.ettus.com/ plugged into his hacktop and started capturing a GSM message from his phone. (It is illegal to capture GSM from a phone other then your own.) I was very impressed and amazed at how fast it was to grab and decode this entire message string. Is GSM the WAP equivalent to cell phones? Can you hear me now?
Jimmy Ray Purser
Trivia File Transfer Protocol
The Han Dynasty is so darn central to China's history that the word for Chinese Person is literally translated as; "A Man of Han"
Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.
Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering.