CDMA hash function posted
Andrew Shepherd
utility, interest, or understanding. But I know that there are at
least a few regulars out there who might appreciate this. After much
toil & trouble, including more Boolean IF operands than I care to
mention, I have authored an Excel spreadsheet algorithm that
synthesizes the CDMA mobile channel selection hash function according
to MIN & number of deployed channels in the network CDMA channel list.
Please take a look...
http://people.ku.edu/~cinema/wireless/hash_function.xls
Andrew
--
Andrew Shepherd
cin...@ku.edu
cin...@sprintpcs.com
http://www.ku.edu/home/cinema/
Sprintposter
pa...@wren.cc.kux.edu
wrote:
>Whats the purpose of that? To hack into cell calls?
No, it's to calculate which carrier frequency in a multi-carrier cell
you'll get initially assigned to (assuming that some carriers aren't
reserved for cdma2000 subscribers only).
PHil_Real
pa...@wren.cc.kux.edu wrote:
And one needs that info because?
skrubol
From his disclaimer, most likely if you had use for the info, you'd
know.
--
Posted at SprintUsers.com - Your place for everything Sprint PCS
Free wireless access @ www.SprintUsers.com/wap
Msea
> For the vast majority of the group, this may be of very limited
> utility, interest, or understanding. But I know that there are at
> least a few regulars out there who might appreciate this. After much
> toil & trouble, including more Boolean IF operands than I care to
> mention, I have authored an Excel spreadsheet algorithm that
> synthesizes the CDMA mobile channel selection hash function according
> to MIN & number of deployed channels in the network CDMA channel list.
How about according to ESN? :)
FYI, I hope you didn't toil too terribly much....there are other Excel
spreadsheets floating around on the Internet that do the same
calculation. Of course, the other ones I've seen effectively hide the
calculations... so yours is more educational I suppose.
Sprintposter
> if you had use for the info, you'd know.
Hacking into cell phone calls.
pa...@wren.cc.kux.edu
wrote:
>> From his disclaimer, most likely
>> if you had use for the info, you'd know.
>
>Hacking into cell phone calls.
Nope.
Hopper
"Msea" <redre...@SPAM-yahoo.com> wrote in message
news:BJcab.376666$Oz4.157244@rwcrnsc54...
> How about according to ESN? :)
> FYI, I hope you didn't toil too terribly much....there are other Excel
> spreadsheets floating around on the Internet that do the same
> calculation. Of course, the other ones I've seen effectively hide the
> calculations... so yours is more educational I suppose.
There is the possibility of it being an academic exercise as well.
PHil_Real
"Hopper" <crapfro...@meetmyattorney.com> wrote:
>
> There is the possibility of it being an academic exercise as well.
Nice try.
PHil_Real
Andrew Shepherd
One does not *need* that info.
If one can simply be content as a passive user, one who is completely
oblivious to the underlying functions that enable the success of
wireless communications, one who is thoroughly flummoxed when one's
wireless link fails for any reason, for whom wireless is apathetically
expected to be an omnipresent & transparent utility like running
water, for whom wireless is just "a phone," one does not *need* that
info.
Or one can elect to be an active user, one who curiously &
auto-didactically pursues greater understanding of the myriad
technologies that make wireless communications possible, one who is
equally appreciative of the knowledge gained when a wireless link
transparently succeeds or spectacularly fails, for whom wireless
represents a philosophy of learning in general. One may still not
*need* that info. But one can certainly *appreciate* the
enlightenment.
Thus, one can choose to be smarter & better informed than his/her
wireless phone & wireless network. Or one can choose not to. I
simply provide a resource for the former. The choice is yours...
Andrew Shepherd
An emphatic nope. Straight from the horse's mouth. Directly from the
author of the IS-95 hash function emulator in question.
To reiterate the function of my Excel algorithm, and I could not have
expressed it myself more accurately or succinctly than did Craig Paul:
"...it's to calculate which carrier frequency in a multi-carrier cell
you'll get initially assigned to (assuming that some carriers aren't
reserved for cdma2000 subscribers only)."
PHil_Real, for someone who claims not to understand the utility or
intent of my exceedingly benign resource, you certainly seem to be
repeatedly asserting "definitive" answers.
P.
cin...@ku.edu (Andrew Shepherd) wrote:
> PHil_Real <phil...@email.org> wrote in message
> news:<phil_tape-43751...@news02.west.earthlink.net>...
> > In article <tbdjmvcdr776igc9r...@4ax.com>,
> > pa...@wren.cc.kux.edu wrote:
> >
> > > On 18 Sep 2003 09:59:22 GMT, sprint...@aol.com (Sprintposter)
> > > wrote:
> > >
> > > >> From his disclaimer, most likely
> > > >> if you had use for the info, you'd know.
> > > >
> > > >Hacking into cell phone calls.
> > >
> > > Nope.
> >
> > yup
>
> An emphatic nope. Straight from the horse's mouth. Directly from the
> author of the IS-95 hash function emulator in question.
>
> To reiterate the function of my Excel algorithm, and I could not have
> expressed it myself more accurately or succinctly than did Craig Paul:
>
> "...it's to calculate which carrier frequency in a multi-carrier cell
> you'll get initially assigned to (assuming that some carriers aren't
> reserved for cdma2000 subscribers only)."
AGAIN. You need to know an exact frequency because?
To hack into phone calls.
P.
cin...@ku.edu (Andrew Shepherd) wrote:
Translation: you need to know the exact frequency to hack into cell
phone calls.
Andrew Shepherd
> > For the vast majority of the group, this may be of very limited
> > utility, interest, or understanding. But I know that there are at
> > least a few regulars out there who might appreciate this. After much
> > toil & trouble, including more Boolean IF operands than I care to
> > mention, I have authored an Excel spreadsheet algorithm that
> > synthesizes the CDMA mobile channel selection hash function according
> > to MIN & number of deployed channels in the network CDMA channel list.
>
> How about according to ESN? :)
Altering the algorithm to perform hashing via ESN would actually be a
simple modification, even reducing the total number of operations, as
the 32-bit binary ESN directly translates to the HASH_KEY parameter.
No extraction of the MIN from the IMSI nor digit rotation nor binary
conversion nor serial juxtaposition nor MSB truncation is required.
According to my understanding of the ESN hashing process, the 32-bit
ESN simply becomes the 32-bit HASH_KEY, which would allow one to omit
steps one & two in my MIN-based algorithm.
Unfortunately, at least for my handset, the ESN is expressed as either
or both a decimal or hexadecimal number. While I already include a
decimal to 10-bit binary process in the current MIN version, and while
I could relatively easily create a hexadecimal to decimal or binary
conversion utility, sadly Excel balks at working w/ such large numbers
as the ESN, 2^31, et al., that would be required for a decimal to
32-bit process. However, if one were to already have the ESN in
binary, or if one were to manually convert the ESN to binary, one
could simply input that 32-bit number into step 3 in the algorithm,
such that the output of the algorithm would reflect ESN hashing
instead of MIN hashing.
FYI, I have temporarily removed the hash function emulator from my
site. I discovered an issue w/ my IMSI digit rotation logic, such
that MINs containing leading zeros could prove problematic, producing
negative numbers for the IMSI_S parameter. Most MINs were unaffected,
and I will repost the algorithm once I have universally corrected the
digit rotation logic.
Josue Martinez
MIN}; please educate me.
cin...@ku.edu (Andrew Shepherd) wrote in article
<33e89561.03091...@posting.google.com>:
[posted via phonescoop.com]
Bad_Monkey!
just curious.
Andrew Shepherd
Oh, drat! You got me. You figured out my diabolical plan. I was
going to hack into CDMA phone calls. Specifically, I was going to
hack into your phone calls. How hard could it possibly be w/ my
so-called magical hacking device?
No matter that my algorithm indicates only the hierarchical order of
the channel (e.g. F1, F2, etc.) in the CDMA channel list to which your
MIN will hash, not the ARFCN (absolute radio frequency channel number)
CDMA channel nor the center frequency of the CDMA channel. But those
numbers are not difficult to come by either. After all, there are
only 42 full plus five provisional 1.2288 MHz CDMA channel assignments
in the PCS band (ARFCNs PCS 0025 - PCS 1175). And Sprint PCS has no
PCS C or PCS F spectrum, which rules out 16 of those 47 possible
channels, leaving only 31 potential distinct CDMA carriers for Sprint
PCS. Then, the center frequency of any of those 31 SPCS CDMA channels
(PCS 0025 - PCS 0775) can be defined from the ARFCN by the following
equations:
0.05(ARFCN) + 1850 = reverse-link center-frequency (MHz)
0.05(ARFCN) + 1930 = forward-link center-frequency (MHz)
Ooh, I am getting sooo warm. I am going to hack into your phone
calls!
Now that I have created this amazing hacking device, I imagine that
all I have to do is hang around my local cell site. And, of course, I
also need to know the offset in the PN short-code of the cell sector
which I choose to monitor. I could just simply guess an integer
between 0-511, but PN offset information is not hard to come by
either.
Then I only need select one of the up to 11 CDMA channels deployed on
that sector. And I already know the center frequencies of those
channels thanks to my astonishing hacking device & the above
equations. After that, I only have to choose one of 64 Walsh codes to
monitor. Actually, that is not quite true, as at least W0, W1, & W32
are dedicated to control channels. So, my odds are going up! My
chances are fully one in 61 now.
Finally, I need to select a PN long-code mask that corresponds to your
ESN. I have absolutely no idea what is your ESN, but there are only
2^42 - 1 chips in the PN long-code, merely a period of about 41 days,
and only every 1024th chip is a valid offset. That leaves only 2^32 -
1 possibilities.
I am on to you like glue. I am going to hack into your phone calls!
Gosh, I just know that the 32-bit ESN that I selected at random is
your ESN. I hope it does not belong to a CDMA handset in Canada or
Korea or Australia, et al. Of course, I do not know where you live.
But, I figure now that I have this clairvoyant hacking device, sooner
or later you will wander into my local cell sector. And I will be
there monitoring exactly the correct CDMA channel w/ precisely the
correct PN offset on the very Walsh code to which you are assigned w/
absolutely the right PN long-code mask. Heck, the chances of that
happening are only 1 in 31*511*11*61*2^32, or about 1 in
45,000,000,000,000,000.
Man oh man, I am going to hack into your phone calls!
Phill.
cin...@ku.edu (Andrew Shepherd) wrote:
All that double talk, and earthly reason for discerning actual cell call
frequencies other than hacking. As that is illegal, of course you want
to obfuscate things.
Eric Rogers
John R. Copeland
But I fear the irony will blow past your respondents.
---JRC---
"Andrew Shepherd" <cin...@ku.edu> wrote in message news:33e89561.03091...@posting.google.com...
> "P." <Slu...@juice.org> wrote in message news:<Sluice-3F042C....@news02.west.earthlink.net>...
> >
> >
> > To hack into phone calls.
>
> Oh, drat! You got me. You figured out my diabolical plan. I was
> going to hack into CDMA phone calls. Specifically, I was going to
> hack into your phone calls. How hard could it possibly be w/ my
> so-called magical hacking device?
>
> -snipped the best stuff-
>
>
> Andrew
psy...@here.there
It's simply too bad that some people are so simple minded that they
never wonder WHY things work. I have no interest in this current
formula but as a computer networking professional I have spent a bit
of time researching how things (including wireless such as 802.11b)
work. Much of this goes beyond what one really NEEDS to know and is
driven by curiousity. Some of that extra knowledge has helped me when
it comes to things like network security.
As for hacking, wake up. Hackers don't need all this shit. They have
thier own ways of doing what they do.
Andrew Shepherd
> Andrew, I tried send email to let you know that the map at
Thanks, Eric.
For the record, the "Sprint PCS future coverage crystal ball..."
document & its included GIF map do load properly in IE6.
Unfortunately, the image just will not load in Netscape 6.2. I
authored the document using MS Excel, subsequently converted to HTML.
I have tried using Dreamweaver to tweak the document for equal access
for both IE & Netscape. However, any successful result is always
accompanied by an unacceptable loss of formatting when displayed in
Netscape &/or IE.
For those of you who may have previously viewed this document w/o the
accompanying map, please try again w/ IE. Or please follow the URL
below directly to the image. I am not trying to exhibit browser
favoritism; this is merely an unintended consequence of having
originally authored the document as a spreadsheet in Excel.
http://people.ku.edu/~cinema/wireless/crystalball.gif
If any HTML gurus out there would like to tinker w/ the coding for
equivalent browser access, please feel free. Thanks...
Andrew Shepherd
>
> FYI, I have temporarily removed the hash function emulator from my
> site. I discovered an issue w/ my IMSI digit rotation logic, such
> that MINs containing leading zeros could prove problematic, producing
> negative numbers for the IMSI_S parameter. Most MINs were unaffected,
> and I will repost the algorithm once I have universally corrected the
> digit rotation logic.
The IS-95 hash function algorithm is once again posted to my site.
Back & better than ever.
I fixed the issue of leading zeros in the IMSI digit rotation logic,
which unfortunately required separating the MIN digits into fully 10
separate cells rather than just area code, prefix, & number.
Additionally, I have added the ability to hash by *either* binary ESN
*or* MIN into the algorithm. The ESN 32-bit binary conversion, if
necessary, must be supplied by the user, as Excel is incapable of
calculations w/ the large exponents of two required to convert a
decimal or hexadecimal ESN to 32-bit binary.
For those select few of you who share my fascination w/ the
operational details of CDMA, please take a look, for the first time or
yet again.
http://people.ku.edu/~cinema/wireless/hash_function.xls
And for the ineducable he or she who masquerades under the names PHil
Real, P., or Phill., who seems to think that Cellular/PCS channel
frequencies are highly-classified information, who seems to think that
eavesdropping on a 1.2288 MHz bandwidth spread-spectrum CDMA signal is
as simple as just tuning a narrowband FM receiver to some
closely-guarded secret frequency, you go w/ your irrational paranoia.
Because me & my astounding psychic time-traveling cold-fusion hacking
device are right on your tail. I am going to hack into your phone
calls! :)
Josue Martinez
educatd person {i read up on alot of Quantum Physics and Neurochemistry
and other fields} So please educate me.
cin...@ku.edu (Andrew Shepherd) wrote in article
<33e89561.03091...@posting.google.com>:
[posted via phonescoop.com]