GSM A5 Cracking topic is started to be public material since The Hacker Choice disclosed their research. Many open source materials related to GSM are released to the public on Osmocomm. Now, tool called Kraken is freely distributed on internet to crack GSM A5.
I am pleased to announce the first release of a A5/1 cracker capable using the full Berlin set of rainbow tables for lookups. I have named this beast Kraken, after a Norse mythological creature capable of eating many things for breakfast. Kraken feeds of an exclusive diet of A5/1 encrypted data. Currently only a bare bone functionality is present, but the UI will be improved, with the specific goal of providing an easy to use tool for cracking GSM intercepts. But setting up this Leviathan can a bit cumbersome, so I will give a short howto here: Prerequisites: * Linux machine, multicore min 3GB RAM * 1.7 - 2TB of HD partitions without filsystem ( ex Samsung spinpoint F3s, with 4k aligned start of partition ) * The Berlin A5/1 Rainbow table set * GPU support will be added for ATI Radeon HD Setup: Find out how many tables you want on each partition, (usually roughly equal on each) and make the initial configuration file. An example configuration folder can be found in tinkering/A5Util/indexes. This folder should contain a tables.conf file. The example files shows a setup of 4 disk having 10 tables each. The index files for the various tables will be added to the index folder as they are written to disk. The first section of the config file needs to be set up with the list of available partitions, and the number of tables that each partition should hold. A single table needs 42GB of space. (Do NOT change the order of this section) For safety reasons it is best not to build the tables running as root. The you will then have to make your table partitions user accessible. Add a file such as 10-disk.rules in /etc/udev/rules.d with one line for each partition: KERNEL=="sda1", OWNER="frank" Then manually change the ownership of the device nodes with chown. Take care when doing this, as you do not want to nuke any of your system partitions. Add tables to your disk array: First build and make a symlink from your index folder to the TableConvert tool. It is assumed that the Berlin tables are available in either SSD or index free delta format. The python script Behemoth.py will recursively search for tables, and add them to the disk array and configuration file as needed. (Duplicates will not be added) - This operation(s) will take some hours to complete, but when done you should end up with a tables.conf file listing ~40 tables, their advance parameter (id), which device they reside on, and a block offset into the device. Build and fire up Kraken: ./kraken path_to_index_folder Currently it will only load up all tables, and crack TDMA burst 998 for the challenge data. This takes 1.5 minutes on a 4 core Phenom II using only CPU power, and the output should look like: Cracking 0011011100110000000010000011000110001001101101100110110100111100011010 10100100101111111010111100000110101001101011 Found de6bb5e60617f95c @ 12 Found 6fb7905579e28bfc @ 23 A more interactive UI with appropriate data formats (representations) will be added for easy interfacing with airprobe. Optional GPU support will also be added for faster cracking time. cheers, Frank Source : http://lists.lists.reflextor.com/pipermail/a51/2010-July/000683.html
Well the article form http://computerworld.com is really nice to read!
Read more »
