Results 16 to 24 of 24
- 09-18-2003, 03:36 PM #16Andrew ShepherdGuest
Re: CDMA hash function posted
Msea <[email protected]> wrote in message news:<BJcab.376666$Oz4.157244@rwcrnsc54>...
> Andrew Shepherd wrote:
> > For the vast majority of the group, this may be of very limited
> > utility, interest, or understanding. But I know that there are at
> > least a few regulars out there who might appreciate this. After much
> > toil & trouble, including more Boolean IF operands than I care to
> > mention, I have authored an Excel spreadsheet algorithm that
> > synthesizes the CDMA mobile channel selection hash function according
> > to MIN & number of deployed channels in the network CDMA channel list.
>
> How about according to ESN?
Altering the algorithm to perform hashing via ESN would actually be a
simple modification, even reducing the total number of operations, as
the 32-bit binary ESN directly translates to the HASH_KEY parameter.
No extraction of the MIN from the IMSI nor digit rotation nor binary
conversion nor serial juxtaposition nor MSB truncation is required.
According to my understanding of the ESN hashing process, the 32-bit
ESN simply becomes the 32-bit HASH_KEY, which would allow one to omit
steps one & two in my MIN-based algorithm.
Unfortunately, at least for my handset, the ESN is expressed as either
or both a decimal or hexadecimal number. While I already include a
decimal to 10-bit binary process in the current MIN version, and while
I could relatively easily create a hexadecimal to decimal or binary
conversion utility, sadly Excel balks at working w/ such large numbers
as the ESN, 2^31, et al., that would be required for a decimal to
32-bit process. However, if one were to already have the ESN in
binary, or if one were to manually convert the ESN to binary, one
could simply input that 32-bit number into step 3 in the algorithm,
such that the output of the algorithm would reflect ESN hashing
instead of MIN hashing.
FYI, I have temporarily removed the hash function emulator from my
site. I discovered an issue w/ my IMSI digit rotation logic, such
that MINs containing leading zeros could prove problematic, producing
negative numbers for the IMSI_S parameter. Most MINs were unaffected,
and I will repost the algorithm once I have universally corrected the
digit rotation logic.
Andrew
--
Andrew Shepherd
[email protected]
[email protected]
http://www.ku.edu/home/cinema/
› See More: CDMA hash function posted
- 09-18-2003, 10:13 PM #17Bad_Monkey!Guest
Re: CDMA hash function posted
why would one want to know that?
just curious.
On Wed, 17 Sep 2003 08:59:54 -0500, [email protected] wrote:
>On 17 Sep 2003 10:37:04 GMT, [email protected] (Sprintposter)
>wrote:
>
>>Whats the purpose of that? To hack into cell calls?
>
>No, it's to calculate which carrier frequency in a multi-carrier cell
>you'll get initially assigned to (assuming that some carriers aren't
>reserved for cdma2000 subscribers only).
>
- 09-18-2003, 10:55 PM #18Andrew ShepherdGuest
Re: CDMA hash function posted
"P." <[email protected]> wrote in message news:<[email protected]>...
> In article <[email protected]>,
> [email protected] (Andrew Shepherd) wrote:
>
> > PHil_Real <[email protected]> wrote in message
> > news:<[email protected]>...
> > > In article <[email protected]>,
> > > [email protected] wrote:
> > >
> > > > On 18 Sep 2003 09:59:22 GMT, [email protected] (Sprintposter)
> > > > wrote:
> > > >
> > > > >> From his disclaimer, most likely
> > > > >> if you had use for the info, you'd know.
> > > > >
> > > > >Hacking into cell phone calls.
> > > >
> > > > Nope.
> > >
> > > yup
> >
> > An emphatic nope. Straight from the horse's mouth. Directly from the
> > author of the IS-95 hash function emulator in question.
> >
> > To reiterate the function of my Excel algorithm, and I could not have
> > expressed it myself more accurately or succinctly than did Craig Paul:
> >
> > "...it's to calculate which carrier frequency in a multi-carrier cell
> > you'll get initially assigned to (assuming that some carriers aren't
> > reserved for cdma2000 subscribers only)."
>
>
> AGAIN. You need to know an exact frequency because?
>
>
> To hack into phone calls.
Oh, drat! You got me. You figured out my diabolical plan. I was
going to hack into CDMA phone calls. Specifically, I was going to
hack into your phone calls. How hard could it possibly be w/ my
so-called magical hacking device?
No matter that my algorithm indicates only the hierarchical order of
the channel (e.g. F1, F2, etc.) in the CDMA channel list to which your
MIN will hash, not the ARFCN (absolute radio frequency channel number)
CDMA channel nor the center frequency of the CDMA channel. But those
numbers are not difficult to come by either. After all, there are
only 42 full plus five provisional 1.2288 MHz CDMA channel assignments
in the PCS band (ARFCNs PCS 0025 - PCS 1175). And Sprint PCS has no
PCS C or PCS F spectrum, which rules out 16 of those 47 possible
channels, leaving only 31 potential distinct CDMA carriers for Sprint
PCS. Then, the center frequency of any of those 31 SPCS CDMA channels
(PCS 0025 - PCS 0775) can be defined from the ARFCN by the following
equations:
0.05(ARFCN) + 1850 = reverse-link center-frequency (MHz)
0.05(ARFCN) + 1930 = forward-link center-frequency (MHz)
Ooh, I am getting sooo warm. I am going to hack into your phone
calls!
Now that I have created this amazing hacking device, I imagine that
all I have to do is hang around my local cell site. And, of course, I
also need to know the offset in the PN short-code of the cell sector
which I choose to monitor. I could just simply guess an integer
between 0-511, but PN offset information is not hard to come by
either.
Then I only need select one of the up to 11 CDMA channels deployed on
that sector. And I already know the center frequencies of those
channels thanks to my astonishing hacking device & the above
equations. After that, I only have to choose one of 64 Walsh codes to
monitor. Actually, that is not quite true, as at least W0, W1, & W32
are dedicated to control channels. So, my odds are going up! My
chances are fully one in 61 now.
Finally, I need to select a PN long-code mask that corresponds to your
ESN. I have absolutely no idea what is your ESN, but there are only
2^42 - 1 chips in the PN long-code, merely a period of about 41 days,
and only every 1024th chip is a valid offset. That leaves only 2^32 -
1 possibilities.
I am on to you like glue. I am going to hack into your phone calls!
Gosh, I just know that the 32-bit ESN that I selected at random is
your ESN. I hope it does not belong to a CDMA handset in Canada or
Korea or Australia, et al. Of course, I do not know where you live.
But, I figure now that I have this clairvoyant hacking device, sooner
or later you will wander into my local cell sector. And I will be
there monitoring exactly the correct CDMA channel w/ precisely the
correct PN offset on the very Walsh code to which you are assigned w/
absolutely the right PN long-code mask. Heck, the chances of that
happening are only 1 in 31*511*11*61*2^32, or about 1 in
45,000,000,000,000,000.
Man oh man, I am going to hack into your phone calls!
Andrew
--
Andrew Shepherd
[email protected]
[email protected]
http://www.ku.edu/home/cinema/
- 09-19-2003, 04:10 AM #19Phill.Guest
Re: CDMA hash function posted
In article <[email protected]>,
[email protected] (Andrew Shepherd) wrote:
>
> Andrew
> --
> Andrew Shepherd
> [email protected]
> [email protected]
> http://www.ku.edu/home/cinema/
All that double talk, and earthly reason for discerning actual cell call
frequencies other than hacking. As that is illegal, of course you want
to obfuscate things.
- 09-19-2003, 08:47 AM #20Eric RogersGuest
Re: CDMA hash function posted
Andrew, I tried send email to let you know that the map at (http://people.ku.edu/~cinema/wireless/crystalball.html) is missing, but mail to both email addresses listed on your web site bounces back. It looks you are forwarding mail to a Yahoo account tha
t is over quota.
- 09-19-2003, 11:45 AM #21John R. CopelandGuest
Re: CDMA hash function posted
LOL, Andrew!
But I fear the irony will blow past your respondents.
---JRC---
"Andrew Shepherd" <[email protected]> wrote in message =
news:[email protected]...
> "P." <[email protected]> wrote in message =
news:<[email protected]>...
> >=20
> >=20
> > To hack into phone calls.
>=20
> Oh, drat! You got me. You figured out my diabolical plan. I was
> going to hack into CDMA phone calls. Specifically, I was going to
> hack into your phone calls. How hard could it possibly be w/ my
> so-called magical hacking device?
>=20
> -snipped the best stuff-
>=20
>=20
> Andrew
- 09-19-2003, 12:49 PM #22Guest
Re: CDMA hash function posted
On 18 Sep 2003 14:36:17 -0700, [email protected] (Andrew Shepherd) wrote:
>Msea <[email protected]> wrote in message news:<BJcab.376666$Oz4.157244@rwcrnsc54>...
>> Andrew Shepherd wrote:
>> > For the vast majority of the group, this may be of very limited
>> > utility, interest, or understanding. But I know that there are at
>> > least a few regulars out there who might appreciate this. After much
>> > toil & trouble, including more Boolean IF operands than I care to
>> > mention, I have authored an Excel spreadsheet algorithm that
>> > synthesizes the CDMA mobile channel selection hash function according
>> > to MIN & number of deployed channels in the network CDMA channel list.
>>
>> How about according to ESN?
>
>Altering the algorithm to perform hashing via ESN would actually be a
>simple modification, even reducing the total number of operations, as
>the 32-bit binary ESN directly translates to the HASH_KEY parameter.
>No extraction of the MIN from the IMSI nor digit rotation nor binary
>conversion nor serial juxtaposition nor MSB truncation is required.
>According to my understanding of the ESN hashing process, the 32-bit
>ESN simply becomes the 32-bit HASH_KEY, which would allow one to omit
>steps one & two in my MIN-based algorithm.
>
>Unfortunately, at least for my handset, the ESN is expressed as either
>or both a decimal or hexadecimal number. While I already include a
>decimal to 10-bit binary process in the current MIN version, and while
>I could relatively easily create a hexadecimal to decimal or binary
>conversion utility, sadly Excel balks at working w/ such large numbers
>as the ESN, 2^31, et al., that would be required for a decimal to
>32-bit process. However, if one were to already have the ESN in
>binary, or if one were to manually convert the ESN to binary, one
>could simply input that 32-bit number into step 3 in the algorithm,
>such that the output of the algorithm would reflect ESN hashing
>instead of MIN hashing.
>
>FYI, I have temporarily removed the hash function emulator from my
>site. I discovered an issue w/ my IMSI digit rotation logic, such
>that MINs containing leading zeros could prove problematic, producing
>negative numbers for the IMSI_S parameter. Most MINs were unaffected,
>and I will repost the algorithm once I have universally corrected the
>digit rotation logic.
>
>Andrew
It's simply too bad that some people are so simple minded that they
never wonder WHY things work. I have no interest in this current
formula but as a computer networking professional I have spent a bit
of time researching how things (including wireless such as 802.11b)
work. Much of this goes beyond what one really NEEDS to know and is
driven by curiousity. Some of that extra knowledge has helped me when
it comes to things like network security.
As for hacking, wake up. Hackers don't need all this ****. They have
thier own ways of doing what they do.
- 09-19-2003, 04:39 PM #23Andrew ShepherdGuest
Re: CDMA hash function posted
"Eric Rogers" <[email protected]> wrote in message news:<[email protected]>...
> Andrew, I tried send email to let you know that the map at
> (http://people.ku.edu/~cinema/wireless/crystalball.html) is missing...<snip>
Thanks, Eric.
For the record, the "Sprint PCS future coverage crystal ball..."
document & its included GIF map do load properly in IE6.
Unfortunately, the image just will not load in Netscape 6.2. I
authored the document using MS Excel, subsequently converted to HTML.
I have tried using Dreamweaver to tweak the document for equal access
for both IE & Netscape. However, any successful result is always
accompanied by an unacceptable loss of formatting when displayed in
Netscape &/or IE.
For those of you who may have previously viewed this document w/o the
accompanying map, please try again w/ IE. Or please follow the URL
below directly to the image. I am not trying to exhibit browser
favoritism; this is merely an unintended consequence of having
originally authored the document as a spreadsheet in Excel.
http://people.ku.edu/~cinema/wireless/crystalball.gif
If any HTML gurus out there would like to tinker w/ the coding for
equivalent browser access, please feel free. Thanks...
Andrew
--
Andrew Shepherd
[email protected]
[email protected]
http://www.ku.edu/home/cinema/
- 09-19-2003, 05:06 PM #24Andrew ShepherdGuest
Re: CDMA hash function posted
[email protected] (Andrew Shepherd) wrote in message news:<[email protected]>...
>
> FYI, I have temporarily removed the hash function emulator from my
> site. I discovered an issue w/ my IMSI digit rotation logic, such
> that MINs containing leading zeros could prove problematic, producing
> negative numbers for the IMSI_S parameter. Most MINs were unaffected,
> and I will repost the algorithm once I have universally corrected the
> digit rotation logic.
The IS-95 hash function algorithm is once again posted to my site.
Back & better than ever.
I fixed the issue of leading zeros in the IMSI digit rotation logic,
which unfortunately required separating the MIN digits into fully 10
separate cells rather than just area code, prefix, & number.
Additionally, I have added the ability to hash by *either* binary ESN
*or* MIN into the algorithm. The ESN 32-bit binary conversion, if
necessary, must be supplied by the user, as Excel is incapable of
calculations w/ the large exponents of two required to convert a
decimal or hexadecimal ESN to 32-bit binary.
For those select few of you who share my fascination w/ the
operational details of CDMA, please take a look, for the first time or
yet again.
http://people.ku.edu/~cinema/wireless/hash_function.xls
And for the ineducable he or she who masquerades under the names PHil
Real, P., or Phill., who seems to think that Cellular/PCS channel
frequencies are highly-classified information, who seems to think that
eavesdropping on a 1.2288 MHz bandwidth spread-spectrum CDMA signal is
as simple as just tuning a narrowband FM receiver to some
closely-guarded secret frequency, you go w/ your irrational paranoia.
Because me & my astounding psychic time-traveling cold-fusion hacking
device are right on your tail. I am going to hack into your phone
calls!
Andrew
--
Andrew Shepherd
[email protected]
[email protected]
http://www.ku.edu/home/cinema/
Similar Threads
- General Cell Phone Forum
- alt.cellular.verizon
- alt.cellular.verizon
Ask fayed hacker to your recover stolen crypto currency
in New Member Introductions