SIM-Max Tech's Super-SIM
Mad
mad at auth.se
Tue Mar 8 18:01:43 CET 2011
On Tue, 8 Mar 2011 16:31:47 +0100, Alfonso De Gregorio wrote:
>> Actually comp128-2 has a 54bit Kc it seems.
>
> Have you observed a COMP128-2 implementation returning a 54bit long
> Kc?, or have you heard about this from somebody else?
> Can you please disclose more about the SIM model and the operator
> running this A3/A8 implementation?
Interesting question, how do we know if it's comp128-2 what is being
used by a specific operator?
They can use whatever algo they want - or their equipment vendor
provides
- in their sims and auth infrastructure producing deliberately weakened
Kcs.
>
> One more weakened key derivation function (after the first version)
> would be interesting per se. Still, it would be even more interesting
> to give a closer look at this obscure cipher we carry in our
> pockets...
>
No question, there still are given out sims weakening the anyway broken
a5/1.
Interestingly I observed that operators have mixed occurrence of weak
for
one and non-weak Kcs for another sim.
Another possibility is that they are able to determine that for all
sims
by choice of the RAND the network sends. So some people, contract-wise,
phone-wise or regions could be easier tapped than others.
But it's just speculation...
The most promising approach after (really) good cryptologists looking
at
in- and output is to open up and grinding down a sim chip and taking
pictures to reconstruct its logic, as it has been done with mifare etc.
Aren't there people reading this who are experienced in the latter?
Regards,
Mad
More information about the baseband-devel
mailing list