[A51] Next Encrypted SI 5 - Timing Advance - FPC

Basse Ang b4ss3k at gmail.com
Mon Apr 11 14:31:08 CEST 2016

Hi All,

I just finished my own PoC of decrypting a5/1 by following practical
exercise from
https://lists.srlabs.de/pipermail/a51/2011-February/001068.html. Thank you
for Konrad Meier provided that sheet. but I still have some questions here.
I tried also in my own GSM signal (with my own HP, specific TMSI) seems
some new things here I needed to know more.

1. in practical_exercise_sheet, it was said that to the get next encrypted
SI5 frame number is just by adding 204 to un-encrypted fn. in my some cases
I found that next +204 was already un-encrypted also. so, what method
actually was used to found next encrypted system information 5?
    related to my number 1 question, in this video:
https://www.youtube.com/watch?v=TOl4Q4lyJTI, number of encrypted frames :
5, still could not figure out, where the "5" comes from?

2. if the parameter FPC is active (timing advance section), will it effects
in gsmframecoder (Johann Betz) step? which is used to get bitstream.

thank you,

Best Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/a51/attachments/20160411/b970d4fc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rsz_screenshot_from_2016-04-11_130152.png
Type: image/png
Size: 129008 bytes
Desc: not available
URL: <http://lists.srlabs.de/pipermail/a51/attachments/20160411/b970d4fc/attachment.png>

More information about the A51 mailing list