Hi, I am new to this list and project. I have for some weeks now been
intrigued by the computational powers of the latest ATI cards, and
couldn't resist buying a card late last week (ATI Radeon HD 5850). As a
first project, I decided to write the A5/1 ATI implementation for this
project.
I
sascha wrote:
Regarding CPU implementations:
I have attached a 64 wide SIMD implementation (single instruction 64
bits of data)
that does 8 million a5/1 rounds per second on a single core
of a 2ghz core2duo. I am not sure whether -O3 uses SSE automagically,
so i assume not.
I use 64 64bit
Frank A. Stevenson wrote:
I wrote a table sorting function, ...
Tarball is available for inspection at: http://traxme.net/a5/ (native
endianness is assumed when reading the tables)
F
I have done more research on efficient table storage. My initial
suggestion of using 1 million distict
I just supplemented my computer with a second 5850 card, and I am now
computing 2 tables at once. The instruction for doing this is rather
easy.
1) Make a new folder with gen_table.py and A5Brook.so
2) Download new table parameters to a51id.cgi
3) Write export BRT_ADAPTER=1 before running
Please take note that the reflextor.com web site is not up to date with
respect to the recommended table size. Both the fornt page, and the
table parameter script gives a size of 380M - this should be 270M .
Please ensure that tables are generated to the correct size.
Also the ATI gen_table.py
On Sat, 2010-01-09 at 19:30 +0100, sascha wrote:
Also note that the great majority of values in a table are never looked up
but exist only as a link between the state we are interested in and the
end value that is looked up in the data base. A false positive that does
not pass the
On Sat, 2010-01-09 at 23:39 +0100, sascha wrote:
Another question is whether it is possible to convert an illegal state
that produces the correct keystream to a legal state
that produces the same keystream. When i generated some chains with
a simple increment function generating the start
On Sun, 2010-01-10 at 22:41 +0100, sascha wrote:
On Sun, Jan 10, 2010 at 09:36:51PM +0100, Frank A. Stevenson wrote:
I think it is should be compared with what you get from purely random
states, it could be that our round function has a propensity for
generating invalid states
On Mon, 2010-01-11 at 05:09 +0100, sascha wrote:
due to the bitslicing none of those optimizations are applicable.
I was expecting a smaller penalty also, due to the fact that i could
avoid DRAM access.
If there are real increases in efficiency to be had here, we could move
away from the
On Sun, 2010-02-07 at 23:31 -0800, Sylv1 wrote:
Hey,
can anyone tell me more about the issues for the lookup stage with the
new design?
I would like to develop a lookup tool for the table on my local
computer and would like to no more about what i should take care
about.
Thanks for
On Mon, 2010-02-22 at 07:11 +0100, sascha wrote:
The access time for 4 usb sticks is already 0.3ms. Their combined size is
64GB. Take 32 of these groups and you get down to 0.01ms (if it scales
indeed).
What i was able to test was that it scales up to 16 devices. I got 0.08ms
access time
I would like to give a short update on what goes on a little behind the
scene. Eagle eyed participants may have noticed some clues in the SVN
repository and source tree.
Firstly a lot of though and discussions have taken place around MvdS's
post to the list about applying extra clockings in the
Another 'quick and easy' question perhaps.
The SDCCH has a fixed bit burst rate, but because L3 messages are
mostly processed in synchronous manner, there will be idle time when no
messages need be sent. The BST is supposed to work at a constant power
level, therefore these TDMA frames are
On Wed, 2010-06-02 at 12:56 +0200, M vd S wrote:
at night you actually see them flying around by the hundreds, in clear
text. This pattern, as well as other defined marker patterns, are
defined in this spec:
http://www.3gpp.org/ftp/Specs/html-info/0502.htm
This document specifies that
) at Schiphol airport.
regards,
Frank A. Stevenson
___
A51 mailing list
A51@lists.reflextor.com
http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
On Thu, 2010-06-17 at 11:38 +0200, Sylvain Munaut wrote:
39-40 tables have been computed, in what we have dubbed the Berlin
A5/1
rainbow table set.
And how do we make use of them ?
The tables that currently reside in Norway can be used with the
demonstration program found here:
I would suggest that you check out the OsmocomBB project, unfortunatly
interception of encrypted data us normally not possible on commodity
phone HW. The reason for this is that decryption happens before error
correction, and is therefore handled in the DSP at a level that normally
is inaccessible
I made a very simple command line interface to Kraken, which has only 1
useful command (crack). Once fired up, you can then try to crack
multiple bursts without reloading the tables every time.
If you have some bursts that you want to crack such as:
3811417:
I just finished a major overhaul of the ATI shared library, and Kraken
is now able to take advantage of the speed that is offered by the GPU.
The work is not finished yet, as I want to further reduce latency by
cracking several bursts in parallel, this will better utilize the GPU
pipeline.
At any
On Mon, 2010-07-26 at 18:00 +0100, Cal Leeming [Simplicity Media Ltd]
wrote:
This might be a silly question but..
If there was a miscalculation due to hardware, would you be able to
detect such an occurrence, and re-process that calc again?
One of the big advantages with Tesla is the
Rather than fighting with torrent creation tools, I spent my time
writing a TCP/IP server core and bolted it on to Kraken. This means that
you can specify a port when starting Kraken, and the program will the go
into server mode, and accept incoming connections on the port.
I have set an initial
On Wed, 2010-07-28 at 19:20 +0200, Fabio Pietrosanti (naif) wrote:
1) Airprobe dump the phone call traffic
- We know that it require important improvement for demodulation of
real signals
- We have to see which is the best pratical approach to do it, to
detect the call, to follow it
On Thu, 2010-07-29 at 15:10 +0200, Axel Walsleben wrote:
Can you give me some IDs/advance parameter that have not yet computed ?
Its better i make some, that are not already there. ;)
thanks
Table IDs 600,610,620...,690 are available.
Frank
___
On Thu, 2010-07-29 at 17:19 +0200, Axel Walsleben wrote:
my genTable selftest runs only on 1 GPU.
This is the Output from Dmesg:
[6.441438] fglrx: module license 'Proprietary. (C) 2002 - ATI
Technologies, Starnberg, GERMANY' taints kernel.
[6.441443] Disabling lock debugging due
On Wed, 2010-08-11 at 15:48 +0200, moongaboonga moongaboonga wrote:
Where can I find hashes for tables?
39GB per table is a lot and should be checked after download.
Thank you!
MD5 sums have been posted here:
http://lists.lists.reflextor.com/pipermail/a51/2010-June/000675.html
284
For those who haven't noticed, Kraken code has found a new home in git,
and the latest version can be gotten by:
git clone git://git.srlabs.de/kraken.git
The latest version can handle multiple requests simultaneously, and
these are identified by a unique job number.
I have written some
It was brought to my attention that Behemoth.py generates a ValueError
if you try to run it on the set of files that are distributed by
torrent.
This is caused by the torrent files having been renamed. The immediate
quick fix is to create a set of symbolic links with the just the table
id as
Hi list,
I'm trying to write the tables (.dlt format) to a disk. The whole
process goes fine with Behemoth.py, but when I call kraken afterwards, a
bunch of them load fine and then for 116.idx I get this:
kraken: DeltaLookup.cpp:70: DeltaLookup::DeltaLookup(NcqDevice*,
std::string):
Over the last months I have been working on an improved low-latency
version of Kraken. This work has been carried out more or less in secret,
and has not been announced until now. The point of this version is to
determine how quickly a well funded attacker can break A5/1. The code is
reasonable
Hi Frank,
Great to hear that we can crack A5/1 in near real-time. But I had some
problems
Does the test chain generator produce any output ? This should be the
first step to verify if the new kernel is working.
Such as:
./a5il_test
Initialized CAL
CAL Runtime version 1.4.736
Running on 2 GPUs
30 matches
Mail list logo