This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decoding NAS-EPS

0

Dear All,

I would like to know the prodedure to decode the NAS-EPS messages. Thanks.

asked 03 Nov '15, 02:32

smehra24's gravatar image

smehra24
6112
accept rate: 0%

What's the format of your input file? Are you having a pcap file? A text file with the hex dump of the message? Without this basic information it's not possible to answer you. Could you post an example of your NAS EPS message format?

(03 Nov '15, 10:59) Pascal Quantin

One Answer:

0

Hi! Can wireshark decrypt NAS-EPS messages (encrypted with either AES128 or SNOW3G) if K and OP are provided? Thanks

answered 13 Nov '15, 13:20

savannah's gravatar image

savannah
61
accept rate: 0%

No this is not implemented. SNOW3G will most probably not happen due to the patents associated. EEA2 (AES256) could eventually be implemented if someone feels motivated enough (not many people have access to the K and OP keys though, so it limits its usage).

(13 Nov '15, 13:35) Pascal Quantin

NAS decryption is a somewhat popular feature for telecom-tailored probe systems, and really one of the main things I'd use them for (ie: one of the main things I can't do with just Wireshark).

For NAS-EPS, if you're a network operator most MME platforms I know of support the ability to selectively negotiate down to null encryption for a given SIM through configuration if you want to do an ad-hoc trace of the NAS signalling also.

(14 Nov '15, 14:16) Quadratic