so, how could one determine where is the exact start frame number (DL) and start timeslot (if we assume there is no hopping) of the link?
No idea, but ccch_scan can work it out, so it is probably in its source. I would think it is in the assignment message and GSM specification somewhere.
i.e. is it possible to separate data of different users
You can see TMSI and rarely IMSI and IMEI. Other possibilities? Probably not.
On 8.10.2015 14:08, alizadeh wrote:
Hello all,
I'm a GSM researcher like you. I read a lot about how to crack GSM via Um air interface. But there are still some unkown puzzles to me! If you share your knowledge I will be appreciated.
- After "Immediate Assignment" message sent by the network, other
messages such as "CM service request", after the assignment, will be sent on the SDCCH, so, how could one determine where is the exact start frame number (DL) and start timeslot (if we assume there is no hopping) of the link?
- Is there any way to classify different data positions within the
received signal with respect to each users i.e. is it possible to separate data of different users (again with the assumption of no hopping and in encrypted form)?
Thanks in advance,
M. A.
_______________________________________________ Brmlab mailing list Brmlab@brmlab.cz https://brmlab.cz/cgi-bin/mailman/listinfo/brmlab