First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Decoding NAS-5GS with 5G-EA0

Hi All,

Some of my NAS-5GS messages such as UE response to the Security Mode Cmd that AMF sends right after successful UE authentication, followed by a few more messages before AMF sends ICSReq back to the UE are still displayed as encrypted even though I use 5G-EA0 (alone) at each end of my N2: http://drive.google.com/file/d/1SThy_...

Here's a pcap with that message (amended - was a wrong one before): https://drive.google.com/file/d/1FfUE...

Does Wireshark have any problems decoding NAS-5GS in it assuming it's in a valid 5G-EA0 format? As per 3GPP 24.501 4.4.5 this is "null ciphering algorithm".

I'm seeing it with the current stable WS version 3.4.0 (v3.4.0-0-g9733f173ea5e). Before this one I had 3.2.2, which couldn't decode even the Security Mode Cmd from the AMF immediately preceding the one in question. This 3.4.0 one does decode it but none of the next 4 messages exchanged in NGAP DL/UL NAS Transport (both 3.2.2 and 3.4.0 seem to decode all subsequent messages exhanged afterwards though, starting with ICSReq).

Many thanks in advance!

dandreye's avatar
23
dandreye
asked 2020-12-04 14:37:11 +0000, updated 2020-12-04 14:56:56 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

1

Hi, Works for me on a development version, have you checked the protocol preferences, there is setting there for EA0 algorithms.

Anders's avatar
5k
Anders
answered 2020-12-04 14:48:45 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Anders: sorry my bad as I inserted the pcap with Security Mode Cmd itself (which 3.4.0 does decode for me too unlike 3.2.2) and not UE response to it (which even 3.4.0 does not decode). Could you please try decoding this one with your dev version? I'll amend my OP with it meanwhile: https://drive.google.com/file/d/1FfUE...

dandreye's avatar dandreye (2020-12-04 14:55:57 +0000) edit
more
  • delete

It does work with that "Try to detect and decrypt EA0" option indeed (thank you!) but... why is such option even needed? Are there different variations of EA0 or something like that?

dandreye's avatar dandreye (2020-12-04 15:03:35 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer