(January 1, 2011 at 5:40 pm)Chuck Wrote: How would the attacker get hold of 2 known plain text messages needed to crack the encryption key? Text you and hope you reply with a preformed message?The researchers posted this tutorial: http://srlabs.de/uncategorized/airprobe-how-to/
There is a section on how to find the plaintext/ciphertext pairings:
Quote:Usually capture some calls of your own phone where you know the Kc (it can be read from the SIM or displayed by the Engineering Mode Screen of some phones) and look for known-plain-text candidates. An example are "SYSTEM INFORMATION 5/6/5ter" in the SACCH or "LAPDM U, func=UI" frames. Also keep in mind that there could be wrong bits in a burst due to distortion.
