Scribd
Upload
187 views10 pages

Comp128 Out

This document describes how to simulate a GSM SIM card using Python code. It includes descriptions of the COMP128 and Milenage algorithms used for authentication, as well as examples of converting between hexadecimal, integer, and ASCII string representations of keys and random numbers used in the authentication process. Functions are provided to convert between hexadecimal, integer arrays, and ASCII string formats.

Uploaded by

canbruce
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
187 views10 pages

Comp128 Out

This document describes how to simulate a GSM SIM card using Python code. It includes descriptions of the COMP128 and Milenage algorithms used for authentication, as well as examples of converting between hexadecimal, integer, and ASCII string representations of keys and random numbers used in the authentication process. Functions are provided to convert between hexadecimal, integer arrays, and ASCII string formats.

Uploaded by

canbruce
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

This

rand[0..15]: the challenge from the base station


* key[0..15]: the SIM's A3/A8 long-term key Ki

* simoutput[0..11]: what you'd get back if you fed rand and key to a
real
* SIM.

The GSM spec states that simoutput[0..3] is SRES,


* and simoutput[4..11] is Kc (the A5 session key).
* (See GSM 11.11, Section 8.16.

Note that Kc is bits 74..127 of the COMP128 output, followed by 10


* zeros.
The session keys produced by COMP128-1 and COMP128-2
intentionally have only 54 bits of entropy.
So
SRES=A268BB40
Kc= 8D6BAB7E83DEA055

CMAC mode of operation


from CryptoMobile.CMAC import CMAC
from Crypto.Cipher import AES
key='AGILENT TECHNO\x00\x00'
key='\x41\x47\x49\x4c\x45\x4e\x54\x20\x54\x45\x43\
x48\x4e\x4f\x00\x00'
rand=16*'\x00'

//COMP128
//This is the Python wrapper over the COMP128 v1, v2 and v3
algorithms. The C code has been taken from the FreeRADIUS project.
from pycomp128 import *
key='AGILENT TECHNO\x00\x00'
key='\x41\x47\x49\x4c\x45\x4e\x54\x20\x54\x45\x43\x48\x4e\x4f\x
00\x00'
rand=16*'\x00'
comp128v1(key, rand)
comp128v2(key, rand)
comp128v3(key, rand)
Milenage.c1
Milenage
This is Python wrapper over the Milenage algorithm. The mode of
operation is written in Python, and makes use of the AES function
from the pycrypto package.
c1 to c5 and r1 to r5 constants are implemented as class attribute.
The class must be instantiated with the OP parameter.
Here is an example on how to use it:
for x in key:
... x.encode('hex')
...
'41'
'47'
'49'
'4c'
'45'
'4e'
'54'
'20'
'54'
'45'
'43'
'48'
'4e'
'4f'
'00'
'00'

key='4147494c454e5420544543484e4f0000'
rand=ʼ00000000000000000000000000000000ʼ
rand=16*'\x00'

def ascii2hex(input):
return hex(ord("c"))

codecs.encode(b"c", "hex")

format(ord("c"), "x")
"c".encode("hex")

import binascii

x = b'test'
x = binascii.hexlify(x)
y = str(x,'ascii')

print(x) # Outputs b'74657374' (hex encoding of "test")


print(y) # Outputs 74657374
x_unhexed = binascii.unhexlify(x)
print(x_unhexed) # Outputs b'test'

x_ascii = str(x_unhexed,'ascii')
print(x_ascii) # Outputs test

with open('Hello.DAT','rb') as f:
data = f.read()
print(" ".join("{:02x}".format(c) for c in data))

def hex2intarr(input):
"""converts hex string to an array of integers
"""
return map(lambda a: int(a.encode('hex'),16), (a for a in
input.decode('hex')))

def intarr2hex(input):
"""converts array of integers to hex strings
"""
return ''.join('{:02x}'.format(x) for x in input).upper()

https://web.archive.org/web/20141210145440/http://
bb.osmocom.org/trac/wiki/SIMtrace#no1

You might also like