On Mon, Jun 14, 2010 at 08:39:23AM -0700, MIHAITA ADELA wrote: > Hello, > > I realized I have a very simple question because things are not very clear > for me: what is the connection between the intercepted ciphertext (suppose I > can intercept a GSM call and obtain some frames of ciphertext) and the table > look-up this project built? Once I have the ciphertext, how do I use the > table in order to obtain the plain text? > >
You have to be able to guess some plaintext bits to extract the keystream bits out of the ciphertext. The A5/1 cipher is a one-way function. With the tables, this one way function is reversed. read: http://en.wikipedia.org/wiki/Rainbow_table the one way mapping is: contents of A5/1 registers R1,R2,R3 => keystream The most common use for a rainbow table is password => hash, but you can reverse any one way function with it, for example you can factor primes if you have a few aeons to generate the tables. So A5/1 registers are the "password" and the keystream is the "hash". once you have reversed the keystream back to the A5/1 register state with the table, you can rewind the key setup process of A5/1 to arrive at Kc, with which you can decrypt any frame of the GSM connection. The rewinding of an A5/1 state is not computationally complex. Hope this helps. _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
