或者usim卡使用2G手机接入3G网络
从 XRES (3G USIM response) 生成 SRES (2G handset response)
参考 3GPP TS 33.102 version 14.1.0 Release 14 , 也就是ETSI TS 133 102 V14.1.0 (2017-03)
Interoperation and handover between UMTS and GSM
RAND [GSM] = RAND
SRES [GSM] = XRES* 1 xor XRES* 2 xor XRES* 3 xor XRES* 4
Kc [GSM] = CK 1 xor CK 2 xor IK 1 xor IK 2
改成Java版本
public static byte[] genKc(byte[] ck, byte[]ik) { byte[] kc = new byte[8]; for(int i=0; i<8; i++) { kc[i] = (byte)(ck[i] ^ ck[i+8] ^ ik[i] ^ ik[i+8]); } return kc; } public static byte[] genSRES(byte[] xres) { byte[] sres = new byte[4]; byte[] pad = new byte[] {0, 0, 0, 0, 0, 0, 0, 0}; for(int i=0; i<4; i++) { sres[i] = (byte)(xres[i] ^ xres[i+4] ^ pad[i] ^ pad[i+4]); } return sres; }
Python版本
# Kc (2G handset ciphering key) from CK / IK (3G USIM keys) def conv_C3(CK=16*'\x00', IK=16*'\x00'): if len(CK) != 16 or len(IK) != 16: _log('Your CK / IK are not the right length [16]') return return xor_string(xor_string(xor_string(CK[0:8], CK[8:16]), \ IK[0:8]), \ IK[8:16]) def conv_C2(XRES=16*b'\x00'): # adapt XRES length len_xres = len(XRES) if len_xres < 4: _log('Your XRES is damned too short [<4]') return elif 4 <= len_xres < 16: XRES += (16-len_xres)*b'\x00' elif len_xres > 16: XRES = XRES[:16] # xor the 4 parts of 4 bytes each #sres[i] = res[i] ^ res[i + 4] return xor_string(xor_string(xor_string(XRES[:4], XRES[4:8]), XRES[8:12]), XRES[12:16])