[A51] Kraken Cracking

Alex a.interrantegrant at gmail.com
Thu Mar 7 00:22:09 CET 2013


Hello,

I'm having some trouble knowing which bursts to run through Kraken to try to 
discover the key. I have the rainbow tables written to HD and everything seems 
to be working. I tried this tutorial: http://lists.srlabs.de/pipermail/a51/2010-
July/000688.html and everything worked nicely but when I try to run kraken on my 
own bursts I can't seem to get them to crack no matter which burst I pick. 
Here's what I'm doing:

1) Use airprobe to decode unencrypted SACCH packets to a text file and view them 
in wireshark

Exported packets look like this (System Information Type 5):
C1 862242 1332356: 
00100000000111000010000000110010001100000110000011000000011010100100000010101001
0001001000110100000000101000000110
P1 862242 1332356: 
00100000000111000010000000110010001100000110000011000000011010100100000010101001
0001001000110100000000101000000110
S1 862242 1332356: 
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000
C0 862243 1332389: 
00000000010100100010000000000010100000000110101101000010101000010100001000110100
0010000000000101000010101100010100
P0 862243 1332389: 
00000000010100100010000000000010100000000110101101000010101000010100001000110100
0010000000000101000010101100010100
S0 862243 1332389: 
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000
C0 862244 1332422: 
10000001010010100000000111100000000001010000010001000000000101000011000000000100
1000000001000010101000010100110010
P0 862244 1332422: 
10000001010010100000000111100000000001010000010001000000000101000011000000000100
1000000001000010101000010100110010
S0 862244 1332422: 
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000
C0 862245 1332455: 
11000000010010010000010100001101010100100000010000010000000001011000101001000010
1010100001010100000001000000001000
P0 862245 1332455: 
11000000010010010000010100001101010100100000010000010000000001011000101001000010
1010100001010100000001000000001000
S0 862245 1332455: 
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000
862245 1: 00 01 03 03 49 06 1d 9f 6d 18 10 80 00 00 00 00 00 00 00 00 00 00 00

2) Find a System Information Type 5 packet in wireshark and look at the frame 
number in the GSM Tap Header (in this case 862245)

3) Find the corresponding burst in the text file:
11000000010010010000010100001101010100100000010000010000000001011000101001000010
1010100001010100000001000000001000

4) Try and run the following in Kraken:
crack 
11000000010010010000010100001101010100100000010000010000000001011000101001000010
1010100001010100000001000000001000

Which returns:
Cracking 
11000000010010010000010100001101010100100000010000010000000001011000101001000010
1010100001010100000001000000001000
crack #13 took 125975 msec

With no potential keys found. Can anyone let me know what I am doing wrong and 
point me in the right direction?

Thanks,
Alex




More information about the A51 mailing list