Hi Karsten, Thanks for the answer. So it means that 90% probability is the probability of finding at least one keystream burst that produces a state out of 8 possible bursts (2 known packets) and not the probability of cracking one correctly guessed keystream burst, am I correctly understand you?
Vadim. 2010/11/23 Karsten Nohl <[email protected]> > Hi Vadim, > > the average success probability of 90+% was calculated from cracking 8 > bursts (ie, two known packets). In all networks I've analyzed, there > were at least 5 predictable packets in every call setup. > > Cheers, > > -Karsten > > > On 23-Nov-10 11:49, Vadim Uvin wrote: > > Hello list, > > > > I'm rinning the Berlin set of rainbow tables. All 40 tables can be > > loaded with Kraken: > > > > sudo ./kraken ../indexes/ > > > > Device: /dev/sda6 10 > > /dev/sda6 > > Device: /dev/sda7 10 > > /dev/sda7 > > Device: /dev/sdb1 10 > > /dev/sdb1 > > Device: /dev/sdb5 10 > > /dev/sdb5 > > Allocated 41259888 bytes: ../indexes//324.idx > > ... > > Tables: > > > 324,292,340,268,108,372,276,332,260,380,100,420,428,436,396,500,404,388,412, > > > 492,188,164,132,156,140,180,172,148,116,124,196,230,348,204,238,212,356,250,220,364 > > > > I am able to perform the cracking of test burst. > > > > Now I am trying to crack some capture I've made. The channel is strong, > > I see no errors when decode it with Airprobe. After some trying I > > finally correctly quess the keystream which gives the state in the > > tables, then I use the find_kc utility to find the ciphering key. I am > > able to use the found key to decode the rest of SDCCH after ciphering > > command. > > > > I want to check the probability of successful cracking, so I save the > > output of Airprobe to some file and try to crack the rest of the > > keystreams which were used for ciphering the UI, SI5/6 messages. I take > > them from the lines of the Airprobe output that are started with "S0" or > > "S1", e.g. these are the keystreams of UI frame: > > > > S1 1850457 2857739: > > > 110101111011111100001001100111110011000110001010100011101010001100100000110011110111111101111100111001000010001101 > > > > S0 1850458 2857772: > > > 110000111011111111110011110001000001101101110000110011011010100111100110100110101110110011101001001111100111011101 > > <- produces the state 2da68ebda80e149f > > S0 1850459 2857805: > > > 110001110000011010000111110010010001000001111011010001011110000010111110101010010001011000101101111000110110111101 > > S0 1850460 2857838: > > > 111100101001101101100110100001110111111100100001000011101001111000011111100100101111000001010001101100000101100100 > > <- produces the state 8c1b5baf6279735c > > 1850460 1: 03 03 01 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b > > 2b 2b 2b > > > > I've tried 13 keystreams, but only 3 of them have produced states. This > > is far beyond the 90% probability of successful cracking, as it stated > > here: http://srlabs.de/research/decrypting_gsm/. I have another 2 > > captures made at different time, but the situation is the same. I can > > only crack around 20-30% of keystreams. > > > > Does anybody have any idea why this happens? Or am I just doing > > something wrong? > > > > I also would like to ask somebody to try to crack some of these > > keystreams, especially those where no state was found: > > > > Kraken> crack > > > 000010110010111001011101110010110001010110010101101000101000110101010011010101001001000110001100011000000010010010 > > Kraken> crack > > > 110101011111000101110110001101011000101111011011011101100010011010110110001011011010100110100010110011111001111111 > > Found 7de2f0f8f8559552 @ 34 #2 (table:164) > > Kraken> crack > > > 110101111011111100001001100111110011000110001010100011101010001100100000110011110111111101111100111001000010001101 > > Kraken> crack > > > 110000111011111111110011110001000001101101110000110011011010100111100110100110101110110011101001001111100111011101 > > Found 2da68ebda80e149f @ 4 #4 (table:132) > > Kraken> crack > > > 110001110000011010000111110010010001000001111011010001011110000010111110101010010001011000101101111000110110111101 > > Kraken> crack > > > 111100101001101101100110100001110111111100100001000011101001111000011111100100101111000001010001101100000101100100 > > Found 8c1b5baf6279735c @ 4 #6 (table:100) > > Kraken> crack > > > 010110101101100111110111000001101010111101101000110101010011101100110100000110001101111010110101110000000001000111 > > Kraken> crack > > > 011111010001111111100001111110000101111000110001000101001011100111011001111100101100010011010110011101101010110011 > > Kraken> crack > > > 011010101101001110100110001000010011001101101101011001001101011110111000101111011011000011011110010101101100001100 > > Kraken> crack > > > 000110110011100100001100100011001011111001001010111101010001101011100001010110000011011101001010000000010010110000 > > Kraken> crack > > > 111011100001110101000001110001000110001001001110001010000101010110011101100100111000001000110110010111000110111001 > > Kraken> crack > > > 111100111010110011100100000000000111111110000100100001101000111011110101011001111100000111111010101001110100010001 > > Kraken> crack > > > 000100101001111010010100010101110101011101001001100010100100000011101101110110111111101101111110111111100101101000 > > Kraken> crack > > > 011111000111110110110000000000010111100000110011001000110001111000111010101010010111011110110001101100111100111000 > > > > Thanks. > > > > Vadim. > > > > > > > > _______________________________________________ > > A51 mailing list > > [email protected] > > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
