Let me thank everybody who contributed and keeps contributing to phase
one of our journey towards a public GSM cracking PoC -- computing the
rainbow tables. It's exciting that we can now move into phase two --
putting the tables to use.
The table verification that will be released soon is -- as every other
part of the project -- distributed and anonymous. We appreciate
feedback on the coverage of your tables (and a copy of the same
eventually) but the tools can be used just as well for a private set
of tables.
Two notes on the expressiveness of the measurement:
A) They are optimistic in that we assume no bit errors for the key
stream segments.
B) They are pessimistic in that we haven't yet included information on
known plaintext that is being send periodically during a call.
This second effect will outweigh the first if a call lasts for several
seconds or longer. In the third and final phase of the project, we
will create tools to capture calls despite frequency hoping to make
the additional key stream available.
Thanks again to all the contributors! It was great meeting some of you
at various events around the world.
Cheers,
-Karsten
On Nov 22, 2009, at 9:38 AM, Frank A. Stevenson wrote:
> Here is a small update on what I am currently working on in
> collaboration with other list members.
>
> A A5Utility package is almost complete, with the following functions.
> a) Forwards & backwards stepping of A5/1
> b) A5 GSM frame generator - makes 114 data with random key
> c) Key cracking code (CPU at the moment) - capable of cracking frames
> made using the generator.
> d) Table sorter for the cracking code.
>
> These tools are text based, and can produce output like
> fr...@quant:~/gsm/A5Util$ ./cracker easy.bin 146944 /media/disk/tables
> Table id is 146944
> Looking at 3d47267f9d0476d0
> Looking at 7a8e4cff3a08eda1
> [....]
> Looking at 8e4cff3a08eda126
> Looking at 1c99fe7411db424d
> #### Found potential key ####
> 3ec5e907335f2884
> #### Stepping back to mix ####
> 3ec5e907335f2884 -> 3ec5e907335f2884
> Candidate: f5a472fcfa67c694
> ### Frame is 10 ###
>
> Currently it only list candidate keys prior to the 100 warming up
> clockings, an extra verification step will be added.
>
> Where are we going with all this then ? The point is to accurately
> estimate / demonstrate the strength & coverage of the produced tables.
> And it is envisioned that a fixed set of challenge blocks be created
> in
> a manner where we provably do not have the keys to the GSM frames. A
> set
> of 1000 such frames has been proposed. Then as in parallel with table
> generation, the tables are tested on the challenge set. The percentage
> of frames cracked in the challenge set will then reflect the
> probability
> with which a random frame can be cracked. All of this needs to be
> automated & integrated into the main tool, and the various file
> formats
> for compressed tables and challenge data (especially partial frames
> with
> error correction codes) needs to be standardized etc.
>
> I have created a testset of 1000 frames, with completely unknown keys
> taken from /dev/random, and a few minutes ago I managed to do my first
> crack - 435 frames into the set. This took ~20 hours without GPU
> acceleration, obviously this needs to be speeded up. In fact searching
> can be done at the same time as the tables are computed, by keeping a
> precomputed map of interesting end points to look for.
>
> But here is my questions for the list:
>
> How can we generate a trusted set of challenge frames that can be used
> to prove the weakness of A5/1 ? Who could be willing to generate the
> challenge, and certify that the key are random & unknown to any
> party ?
> I am thinking along the lines of asking a some recognized institution,
> and getting a court certification of the md5sum to the challenge set.
> Any better ideas ?
>
> f
>
>
>
>
>
>
>
>
> _______________________________________________
> A51 mailing list
> [email protected]
> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
_______________________________________________
A51 mailing list
[email protected]
http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
