Ask Your Question
0

Decoding NAS-5GS with 5G-EA0

asked 2020-12-04 14:37:11 +0000

dandreye gravatar image

updated 2020-12-04 14:56:56 +0000

Hi All,

Some of my NAS-5GS messages such as UE response to the Security Mode Cmd that AMF sends right after successful UE authentication, followed by a few more messages before AMF sends ICSReq back to the UE are still displayed as encrypted even though I use 5G-EA0 (alone) at each end of my N2: http://drive.google.com/file/d/1SThy_...

Here's a pcap with that message (amended - was a wrong one before): https://drive.google.com/file/d/1FfUE...

Does Wireshark have any problems decoding NAS-5GS in it assuming it's in a valid 5G-EA0 format? As per 3GPP 24.501 4.4.5 this is "null ciphering algorithm".

I'm seeing it with the current stable WS version 3.4.0 (v3.4.0-0-g9733f173ea5e). Before this one I had 3.2.2, which couldn't decode even the Security Mode Cmd from the AMF immediately preceding the one in question. This 3.4.0 one does decode it but none of the next 4 messages exchanged in NGAP DL/UL NAS Transport (both 3.2.2 and 3.4.0 seem to decode all subsequent messages exhanged afterwards though, starting with ICSReq).

Many thanks in advance!

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2020-12-04 14:48:45 +0000

Anders gravatar image

Hi, Works for me on a development version, have you checked the protocol preferences, there is setting there for EA0 algorithms.

edit flag offensive delete link more

Comments

Anders: sorry my bad as I inserted the pcap with Security Mode Cmd itself (which 3.4.0 does decode for me too unlike 3.2.2) and not UE response to it (which even 3.4.0 does not decode). Could you please try decoding this one with your dev version? I'll amend my OP with it meanwhile: https://drive.google.com/file/d/1FfUE...

dandreye gravatar imagedandreye ( 2020-12-04 14:55:57 +0000 )edit

It does work with that "Try to detect and decrypt EA0" option indeed (thank you!) but... why is such option even needed? Are there different variations of EA0 or something like that?

dandreye gravatar imagedandreye ( 2020-12-04 15:03:35 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-12-04 14:37:11 +0000

Seen: 3,852 times

Last updated: Dec 04 '20

Related questions

Issue with decoding NGAP messages

NGAP AllowedNSSAI IE not decoded correctly.

NGAP is not decoded how can i see details of message?

Is 5G NGAP/NAS Registration decode broken in 2.9.1.x versions

NGAP handover request message malformed

Which version of Wireshark to use to decode NGAP ( 38.413 version 15.3.0) messages ?

Does pyshark support NGAP message? [closed]

tshark how to enable nas-5gs EEA0 decrypt

Will there be an NAS-5GS over UDP dissector?

NAS-PDU confusion