Found them..turns out the 3rd burst in the LAPDm UI gave results.
LAPDm UI Unencrypted P1 862210 1331352: 1000000100011101010100000000101000000001111111010100000010100001000101110101 00000000101000010000010101010100000010 P0 862211 1331385: 1010101111111111010000001010101011111111111101000000001000101111111111110101 01000000001010101011011101010000001000 -- > P0 862212 1331392: 0000000111110101010100001000000100010101110101010000101000010100011111010100 01000010000000000101110101010100000010 P0 862213 1331425: 0001000010101010101111011101010100000000101011101111110101000100000010101010 11011101010001000010001011101111010101 LAPDm UI Encrypted P1 862567 1331345: 0000000101001110010000010000101101001111110110110001000110010011111011010110 11010001010001100111010110110101001010 /1 P0 862568 1331378: 1010001100111110110000000110100010110100011111011000100101110010110010100000 10101100101101101110111000101110010011 /2 -- > P0 862569 1331411: 1101111000010101100000110110001000000011101000010010010111101111110011111111 00101011101010110111100000000000000010 /3 P0 862570 1331444: 0011000011011001001000110110011010101010101011010001010100011010111110110100 01100111100111011000010100001011011000 P0 862212 1331392: 0000000111110101010100001000000100010101110101010000101000010100011111010100 01000010000000000101110101010100000010 P0 862569 1331411: 1101111000010101100000110110001000000011101000010010010111101111110011111111 00101011101010110111100000000000000010 ./xor.py 0000000111110101010100001000000100010101110101010000101000010100011111010100 01000010000000000101110101010100000010 1101111000010101100000110110001000000011101000010010010111101111110011111111 00101011101010110111100000000000000010 XOR Output : 1101111111100000110100111110001100010110011101000010111111111011101100101011 01101001101010110010010101010100000000 Kraken> crack 1101111111100000110100111110001100010110011101000010111111111011101100101011 01101001101010110010010101010100000000 Cracking 1101111111100000110100111110001100010110011101000010111111111011101100101011 01101001101010110010010101010100000000 Found 34fa3974588953fc @ 8 #42 (table:164) crack #42 took 59855 msec ./find_kc 34fa3974588953fc 8 1331411 1331378 0000100011000001100000001100001001001011100010011000101101011101001101010101 11101100100111000101100101111110011011 #### Found potential key (bits: 8)#### 2d8fc3bd32e138c8 -> 2d8fc3bd32e138c8 Framecount is 1331411 KC(0): 57 a3 44 dc 69 45 71 ed mismatch KC(1): 1e f0 0b ab 3b ac 70 02 *** MATCHED *** KC(2): b4 57 3e eb 11 55 77 12 mismatch KC(3): 0f 7e 5e 02 fa 53 86 8e mismatch KC(4): 60 b8 8e 14 6f b9 2c 23 mismatch Van: g0tcha [mailto:g0t...@3gp.za.net] Verzonden: maandag 24 januari 2011 12:28 Aan: 'Jasper Kanbier' Onderwerp: RE: [A51] Which Burst are XOR-ed in SRLABS test capture?? Hi Trying to figure the same thing for a while now. If you make any progress I will be glad to pay for the info also. I don't know what else to do. From: a51-boun...@lists.reflextor.com [mailto:a51-boun...@lists.reflextor.com] On Behalf Of Jasper Kanbier Sent: Monday, January 24, 2011 1:25 PM To: a51@lists.reflextor.com Subject: [A51] Which Burst are XOR-ed in SRLABS test capture?? Hi, Trying to get some feeling which bursts to xor in order to get some correct keystreams. I thought a good place to start was the vf_call test capture from the srlabs site. But I fail to figure out which burst are xor'ed in order to obtain a match in find_kc Anyone managed to extract de Kc form the capture?? Gr Jasper
_______________________________________________ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
