Hello all,

I'm a GSM researcher like you. I read a lot about how to crack GSM via Um air interface. But there are still some unkown puzzles to me! If you share your knowledge I will be appreciated. 

- After "Immediate Assignment" message sent by the network, other messages such as "CM service request", after the assignment, will be sent on the SDCCH, so, how could one determine where is the exact start frame number (DL) and start timeslot (if we assume there is no hopping) of the link?

- Is there any way to classify different data positions within the received signal with respect to each users i.e. is it possible to separate data of different users (again with the assumption of no hopping and in encrypted form)?

 

Thanks in advance,

M. A.