[A51] guesing frames

Karsten Nohl nohl at virginia.edu
Thu Dec 27 11:08:08 CET 2012


On Dec 27, 2012, at 10:31 , g.roelant at telenet.be wrote:

> can you elaborate a bit more about the topic of guessing the right frame?
> 
> i'm trying to find all  possible combinations of SI6 frames (Power level = 5, power level = 8, TA=0, TA= 1)
> at offsets of 102,204,306 frames.
> the question is: from where is this offset taken? from the last SI5 (or si5ter) frame ? of from the start encryption command?
> 
> am i on the right track? or am i just doing stupid things?

Sounds right so far.

We instead use empty frames and guess that there are some empty frames somewhere in the transaction.

Cheers,

     -Karsten


> i want to demonstrate to audience what you guys did at 27c3... but i am far from it... :(
> 
> 
> ----- Oorspronkelijk e-mail -----
> Van: "Karsten Nohl" <nohl at virginia.edu>
> Aan: "A51 List" <a51 at lists.reflextor.com>
> Verzonden: Donderdag 27 december 2012 10:06:02
> Onderwerp: Re: [A51] guesing frames
> 
> On Dec 26, 2012, at 17:04 , g.roelant at telenet.be wrote:
>> what is the most easy and succesful: guess a downlink frame or an uplink frame?
> 
> Kraken requires 64 continuos bits of error-free key stream. Uplink frames are typically received at a lower quality than downlink frames, consequently having a lower chances of yielding 'crackable' segments.
> 
> Cheers,
> 
>     -Karsten
> 
> _______________________________________________
> A51 mailing list
> A51 at lists.reflextor.com
> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51




More information about the A51 mailing list