Ask Your Question

Decoding NAS-5GS with 5G-EA0

asked 2020-12-04 14:37:11 +0000

dandreye gravatar image

updated 2020-12-04 14:56:56 +0000

Hi All,

Some of my NAS-5GS messages such as UE response to the Security Mode Cmd that AMF sends right after successful UE authentication, followed by a few more messages before AMF sends ICSReq back to the UE are still displayed as encrypted even though I use 5G-EA0 (alone) at each end of my N2:

Here's a pcap with that message (amended - was a wrong one before):

Does Wireshark have any problems decoding NAS-5GS in it assuming it's in a valid 5G-EA0 format? As per 3GPP 24.501 4.4.5 this is "null ciphering algorithm".

I'm seeing it with the current stable WS version 3.4.0 (v3.4.0-0-g9733f173ea5e). Before this one I had 3.2.2, which couldn't decode even the Security Mode Cmd from the AMF immediately preceding the one in question. This 3.4.0 one does decode it but none of the next 4 messages exchanged in NGAP DL/UL NAS Transport (both 3.2.2 and 3.4.0 seem to decode all subsequent messages exhanged afterwards though, starting with ICSReq).

Many thanks in advance!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-12-04 14:48:45 +0000

Anders gravatar image

Hi, Works for me on a development version, have you checked the protocol preferences, there is setting there for EA0 algorithms.

edit flag offensive delete link more


Anders: sorry my bad as I inserted the pcap with Security Mode Cmd itself (which 3.4.0 does decode for me too unlike 3.2.2) and not UE response to it (which even 3.4.0 does not decode). Could you please try decoding this one with your dev version? I'll amend my OP with it meanwhile:

dandreye gravatar imagedandreye ( 2020-12-04 14:55:57 +0000 )edit

It does work with that "Try to detect and decrypt EA0" option indeed (thank you!) but... why is such option even needed? Are there different variations of EA0 or something like that?

dandreye gravatar imagedandreye ( 2020-12-04 15:03:35 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-12-04 14:37:11 +0000

Seen: 2,715 times

Last updated: Dec 04 '20