Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
  1. #16
    Andrew Shepherd
    Guest

    Re: CDMA hash function posted

    Msea <[email protected]> wrote in message news:<BJcab.376666$Oz4.157244@rwcrnsc54>...
    > Andrew Shepherd wrote:
    > > For the vast majority of the group, this may be of very limited
    > > utility, interest, or understanding. But I know that there are at
    > > least a few regulars out there who might appreciate this. After much
    > > toil & trouble, including more Boolean IF operands than I care to
    > > mention, I have authored an Excel spreadsheet algorithm that
    > > synthesizes the CDMA mobile channel selection hash function according
    > > to MIN & number of deployed channels in the network CDMA channel list.

    >
    > How about according to ESN?


    Altering the algorithm to perform hashing via ESN would actually be a
    simple modification, even reducing the total number of operations, as
    the 32-bit binary ESN directly translates to the HASH_KEY parameter.
    No extraction of the MIN from the IMSI nor digit rotation nor binary
    conversion nor serial juxtaposition nor MSB truncation is required.
    According to my understanding of the ESN hashing process, the 32-bit
    ESN simply becomes the 32-bit HASH_KEY, which would allow one to omit
    steps one & two in my MIN-based algorithm.

    Unfortunately, at least for my handset, the ESN is expressed as either
    or both a decimal or hexadecimal number. While I already include a
    decimal to 10-bit binary process in the current MIN version, and while
    I could relatively easily create a hexadecimal to decimal or binary
    conversion utility, sadly Excel balks at working w/ such large numbers
    as the ESN, 2^31, et al., that would be required for a decimal to
    32-bit process. However, if one were to already have the ESN in
    binary, or if one were to manually convert the ESN to binary, one
    could simply input that 32-bit number into step 3 in the algorithm,
    such that the output of the algorithm would reflect ESN hashing
    instead of MIN hashing.

    FYI, I have temporarily removed the hash function emulator from my
    site. I discovered an issue w/ my IMSI digit rotation logic, such
    that MINs containing leading zeros could prove problematic, producing
    negative numbers for the IMSI_S parameter. Most MINs were unaffected,
    and I will repost the algorithm once I have universally corrected the
    digit rotation logic.

    Andrew
    --
    Andrew Shepherd
    [email protected]
    [email protected]
    http://www.ku.edu/home/cinema/



    See More: CDMA hash function posted




  2. #17
    Bad_Monkey!
    Guest

    Re: CDMA hash function posted

    why would one want to know that?
    just curious.

    On Wed, 17 Sep 2003 08:59:54 -0500, [email protected] wrote:

    >On 17 Sep 2003 10:37:04 GMT, [email protected] (Sprintposter)
    >wrote:
    >
    >>Whats the purpose of that? To hack into cell calls?

    >
    >No, it's to calculate which carrier frequency in a multi-carrier cell
    >you'll get initially assigned to (assuming that some carriers aren't
    >reserved for cdma2000 subscribers only).
    >





  3. #18
    Andrew Shepherd
    Guest

    Re: CDMA hash function posted

    "P." <[email protected]> wrote in message news:<[email protected]>...
    > In article <[email protected]>,
    > [email protected] (Andrew Shepherd) wrote:
    >
    > > PHil_Real <[email protected]> wrote in message
    > > news:<[email protected]>...
    > > > In article <[email protected]>,
    > > > [email protected] wrote:
    > > >
    > > > > On 18 Sep 2003 09:59:22 GMT, [email protected] (Sprintposter)
    > > > > wrote:
    > > > >
    > > > > >> From his disclaimer, most likely
    > > > > >> if you had use for the info, you'd know.
    > > > > >
    > > > > >Hacking into cell phone calls.
    > > > >
    > > > > Nope.
    > > >
    > > > yup

    > >
    > > An emphatic nope. Straight from the horse's mouth. Directly from the
    > > author of the IS-95 hash function emulator in question.
    > >
    > > To reiterate the function of my Excel algorithm, and I could not have
    > > expressed it myself more accurately or succinctly than did Craig Paul:
    > >
    > > "...it's to calculate which carrier frequency in a multi-carrier cell
    > > you'll get initially assigned to (assuming that some carriers aren't
    > > reserved for cdma2000 subscribers only)."

    >
    >
    > AGAIN. You need to know an exact frequency because?
    >
    >
    > To hack into phone calls.


    Oh, drat! You got me. You figured out my diabolical plan. I was
    going to hack into CDMA phone calls. Specifically, I was going to
    hack into your phone calls. How hard could it possibly be w/ my
    so-called magical hacking device?

    No matter that my algorithm indicates only the hierarchical order of
    the channel (e.g. F1, F2, etc.) in the CDMA channel list to which your
    MIN will hash, not the ARFCN (absolute radio frequency channel number)
    CDMA channel nor the center frequency of the CDMA channel. But those
    numbers are not difficult to come by either. After all, there are
    only 42 full plus five provisional 1.2288 MHz CDMA channel assignments
    in the PCS band (ARFCNs PCS 0025 - PCS 1175). And Sprint PCS has no
    PCS C or PCS F spectrum, which rules out 16 of those 47 possible
    channels, leaving only 31 potential distinct CDMA carriers for Sprint
    PCS. Then, the center frequency of any of those 31 SPCS CDMA channels
    (PCS 0025 - PCS 0775) can be defined from the ARFCN by the following
    equations:

    0.05(ARFCN) + 1850 = reverse-link center-frequency (MHz)
    0.05(ARFCN) + 1930 = forward-link center-frequency (MHz)

    Ooh, I am getting sooo warm. I am going to hack into your phone
    calls!

    Now that I have created this amazing hacking device, I imagine that
    all I have to do is hang around my local cell site. And, of course, I
    also need to know the offset in the PN short-code of the cell sector
    which I choose to monitor. I could just simply guess an integer
    between 0-511, but PN offset information is not hard to come by
    either.

    Then I only need select one of the up to 11 CDMA channels deployed on
    that sector. And I already know the center frequencies of those
    channels thanks to my astonishing hacking device & the above
    equations. After that, I only have to choose one of 64 Walsh codes to
    monitor. Actually, that is not quite true, as at least W0, W1, & W32
    are dedicated to control channels. So, my odds are going up! My
    chances are fully one in 61 now.

    Finally, I need to select a PN long-code mask that corresponds to your
    ESN. I have absolutely no idea what is your ESN, but there are only
    2^42 - 1 chips in the PN long-code, merely a period of about 41 days,
    and only every 1024th chip is a valid offset. That leaves only 2^32 -
    1 possibilities.

    I am on to you like glue. I am going to hack into your phone calls!

    Gosh, I just know that the 32-bit ESN that I selected at random is
    your ESN. I hope it does not belong to a CDMA handset in Canada or
    Korea or Australia, et al. Of course, I do not know where you live.
    But, I figure now that I have this clairvoyant hacking device, sooner
    or later you will wander into my local cell sector. And I will be
    there monitoring exactly the correct CDMA channel w/ precisely the
    correct PN offset on the very Walsh code to which you are assigned w/
    absolutely the right PN long-code mask. Heck, the chances of that
    happening are only 1 in 31*511*11*61*2^32, or about 1 in
    45,000,000,000,000,000.

    Man oh man, I am going to hack into your phone calls!

    Andrew
    --
    Andrew Shepherd
    [email protected]
    [email protected]
    http://www.ku.edu/home/cinema/



  4. #19
    Phill.
    Guest

    Re: CDMA hash function posted

    In article <[email protected]>,
    [email protected] (Andrew Shepherd) wrote:

    >
    > Andrew
    > --
    > Andrew Shepherd
    > [email protected]
    > [email protected]
    > http://www.ku.edu/home/cinema/



    All that double talk, and earthly reason for discerning actual cell call
    frequencies other than hacking. As that is illegal, of course you want
    to obfuscate things.



  5. #20
    Eric Rogers
    Guest

    Re: CDMA hash function posted

    Andrew, I tried send email to let you know that the map at (http://people.ku.edu/~cinema/wireless/crystalball.html) is missing, but mail to both email addresses listed on your web site bounces back. It looks you are forwarding mail to a Yahoo account tha
    t is over quota.



  6. #21
    John R. Copeland
    Guest

    Re: CDMA hash function posted

    LOL, Andrew!
    But I fear the irony will blow past your respondents.
    ---JRC---

    "Andrew Shepherd" <[email protected]> wrote in message =
    news:[email protected]...
    > "P." <[email protected]> wrote in message =

    news:<[email protected]>...
    > >=20
    > >=20
    > > To hack into phone calls.

    >=20
    > Oh, drat! You got me. You figured out my diabolical plan. I was
    > going to hack into CDMA phone calls. Specifically, I was going to
    > hack into your phone calls. How hard could it possibly be w/ my
    > so-called magical hacking device?
    >=20
    > -snipped the best stuff-
    >=20
    >=20
    > Andrew





  7. #22

    Re: CDMA hash function posted

    On 18 Sep 2003 14:36:17 -0700, [email protected] (Andrew Shepherd) wrote:

    >Msea <[email protected]> wrote in message news:<BJcab.376666$Oz4.157244@rwcrnsc54>...
    >> Andrew Shepherd wrote:
    >> > For the vast majority of the group, this may be of very limited
    >> > utility, interest, or understanding. But I know that there are at
    >> > least a few regulars out there who might appreciate this. After much
    >> > toil & trouble, including more Boolean IF operands than I care to
    >> > mention, I have authored an Excel spreadsheet algorithm that
    >> > synthesizes the CDMA mobile channel selection hash function according
    >> > to MIN & number of deployed channels in the network CDMA channel list.

    >>
    >> How about according to ESN?

    >
    >Altering the algorithm to perform hashing via ESN would actually be a
    >simple modification, even reducing the total number of operations, as
    >the 32-bit binary ESN directly translates to the HASH_KEY parameter.
    >No extraction of the MIN from the IMSI nor digit rotation nor binary
    >conversion nor serial juxtaposition nor MSB truncation is required.
    >According to my understanding of the ESN hashing process, the 32-bit
    >ESN simply becomes the 32-bit HASH_KEY, which would allow one to omit
    >steps one & two in my MIN-based algorithm.
    >
    >Unfortunately, at least for my handset, the ESN is expressed as either
    >or both a decimal or hexadecimal number. While I already include a
    >decimal to 10-bit binary process in the current MIN version, and while
    >I could relatively easily create a hexadecimal to decimal or binary
    >conversion utility, sadly Excel balks at working w/ such large numbers
    >as the ESN, 2^31, et al., that would be required for a decimal to
    >32-bit process. However, if one were to already have the ESN in
    >binary, or if one were to manually convert the ESN to binary, one
    >could simply input that 32-bit number into step 3 in the algorithm,
    >such that the output of the algorithm would reflect ESN hashing
    >instead of MIN hashing.
    >
    >FYI, I have temporarily removed the hash function emulator from my
    >site. I discovered an issue w/ my IMSI digit rotation logic, such
    >that MINs containing leading zeros could prove problematic, producing
    >negative numbers for the IMSI_S parameter. Most MINs were unaffected,
    >and I will repost the algorithm once I have universally corrected the
    >digit rotation logic.
    >
    >Andrew


    It's simply too bad that some people are so simple minded that they
    never wonder WHY things work. I have no interest in this current
    formula but as a computer networking professional I have spent a bit
    of time researching how things (including wireless such as 802.11b)
    work. Much of this goes beyond what one really NEEDS to know and is
    driven by curiousity. Some of that extra knowledge has helped me when
    it comes to things like network security.

    As for hacking, wake up. Hackers don't need all this ****. They have
    thier own ways of doing what they do.



  8. #23
    Andrew Shepherd
    Guest

    Re: CDMA hash function posted

    "Eric Rogers" <[email protected]> wrote in message news:<[email protected]>...
    > Andrew, I tried send email to let you know that the map at
    > (http://people.ku.edu/~cinema/wireless/crystalball.html) is missing...<snip>


    Thanks, Eric.

    For the record, the "Sprint PCS future coverage crystal ball..."
    document & its included GIF map do load properly in IE6.
    Unfortunately, the image just will not load in Netscape 6.2. I
    authored the document using MS Excel, subsequently converted to HTML.
    I have tried using Dreamweaver to tweak the document for equal access
    for both IE & Netscape. However, any successful result is always
    accompanied by an unacceptable loss of formatting when displayed in
    Netscape &/or IE.

    For those of you who may have previously viewed this document w/o the
    accompanying map, please try again w/ IE. Or please follow the URL
    below directly to the image. I am not trying to exhibit browser
    favoritism; this is merely an unintended consequence of having
    originally authored the document as a spreadsheet in Excel.

    http://people.ku.edu/~cinema/wireless/crystalball.gif

    If any HTML gurus out there would like to tinker w/ the coding for
    equivalent browser access, please feel free. Thanks...

    Andrew
    --
    Andrew Shepherd
    [email protected]
    [email protected]
    http://www.ku.edu/home/cinema/



  9. #24
    Andrew Shepherd
    Guest

    Re: CDMA hash function posted

    [email protected] (Andrew Shepherd) wrote in message news:<[email protected]>...
    >
    > FYI, I have temporarily removed the hash function emulator from my
    > site. I discovered an issue w/ my IMSI digit rotation logic, such
    > that MINs containing leading zeros could prove problematic, producing
    > negative numbers for the IMSI_S parameter. Most MINs were unaffected,
    > and I will repost the algorithm once I have universally corrected the
    > digit rotation logic.


    The IS-95 hash function algorithm is once again posted to my site.
    Back & better than ever.

    I fixed the issue of leading zeros in the IMSI digit rotation logic,
    which unfortunately required separating the MIN digits into fully 10
    separate cells rather than just area code, prefix, & number.

    Additionally, I have added the ability to hash by *either* binary ESN
    *or* MIN into the algorithm. The ESN 32-bit binary conversion, if
    necessary, must be supplied by the user, as Excel is incapable of
    calculations w/ the large exponents of two required to convert a
    decimal or hexadecimal ESN to 32-bit binary.

    For those select few of you who share my fascination w/ the
    operational details of CDMA, please take a look, for the first time or
    yet again.

    http://people.ku.edu/~cinema/wireless/hash_function.xls

    And for the ineducable he or she who masquerades under the names PHil
    Real, P., or Phill., who seems to think that Cellular/PCS channel
    frequencies are highly-classified information, who seems to think that
    eavesdropping on a 1.2288 MHz bandwidth spread-spectrum CDMA signal is
    as simple as just tuning a narrowband FM receiver to some
    closely-guarded secret frequency, you go w/ your irrational paranoia.
    Because me & my astounding psychic time-traveling cold-fusion hacking
    device are right on your tail. I am going to hack into your phone
    calls!

    Andrew
    --
    Andrew Shepherd
    [email protected]
    [email protected]
    http://www.ku.edu/home/cinema/



  • Similar Threads

    1. General Cell Phone Forum
    2. alt.cellular.verizon
    3. alt.cellular.verizon



  • Page 2 of 2 FirstFirst 12