[A51] Kraken Cracking

Karsten Nohl nohl at virginia.edu
Fri Mar 8 00:11:01 CET 2013


Hi Alex,

> Any 
> tips on how to find a known plain-text candidate? Or do I just have to xor every 
> encrypted burst with a SI5 one and try those as keystreams?

The SI5 messages are a good candidate. SI messages can only appear in very specific positions, so you would not have to try very many different places.

Another good candidate are empty frame (0303012b2b...). These often appear at the beginning and/or end of SDCCH traces.

It would probably be best if you looked at a few decrypted transactions first -- some phone disclose the key, as do SIM card proxies. This will give you a better planning grounds for your guessing strategy.

Cheers,

     -Karsten

On Mar 7, 2013, at 23:48 , Alex <a.interrantegrant at gmail.com> wrote:

> Karsten Nohl <nohl at ...> writes:
> 
>> 
>> Dear Alex,
>> 
>> From the sound of it, you may be trying to crack an unencrypted frame. If 
> that's the case: There is nothing to crack.
>> 
>> Instead of finding an SI5 message in Wireshark, you'd have to _guess_ which 
> encrypted frame could be an SI5,
>> then XOR the SI5 burst with the suspected encrypted SI5 burst, and then run 
> the result of that (=pure A5/1
>> key stream if you guessed right) through Kraken
>> 
>> One more complication: Even if you did all of this correctly, Kraken only 
> finds the key in some cases, so you
>> may have to try several times with different correct guesses/locations until 
> you find a key.
>> 
>> Cheers,
>> 
>>     -Karsten
>> 
>> On Mar 7, 2013, at 24:22 , Alex <a.interrantegrant at ...> wrote:
>> 
>>> Hello,
>>> 
>>> I'm having some trouble knowing which bursts to run through Kraken to try to 
>>> discover the key. I have the rainbow tables written to HD and everything 
> seems 
>>> to be working. I tried this tutorial: 
> http://lists.srlabs.de/pipermail/a51/2010-
>>> July/000688.html and everything worked nicely but when I try to run kraken 
> on my 
>>> own bursts I can't seem to get them to crack no matter which burst I pick. 
>>> Here's what I'm doing:
>>> 
>>> 1) Use airprobe to decode unencrypted SACCH packets to a text file and view 
> them 
>>> in wireshark
>>> 
>>> Exported packets look like this (System Information Type 5):
>>> C1 862242 1332356: 
>>> 
> 00100000000111000010000000110010001100000110000011000000011010100100000010101001
>>> 0001001000110100000000101000000110
>>> P1 862242 1332356: 
>>> 
> 00100000000111000010000000110010001100000110000011000000011010100100000010101001
>>> 0001001000110100000000101000000110
>>> S1 862242 1332356: 
>>> 
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000
>>> 0000000000000000000000000000000000
>>> C0 862243 1332389: 
>>> 
> 00000000010100100010000000000010100000000110101101000010101000010100001000110100
>>> 0010000000000101000010101100010100
>>> P0 862243 1332389: 
>>> 
> 00000000010100100010000000000010100000000110101101000010101000010100001000110100
>>> 0010000000000101000010101100010100
>>> S0 862243 1332389: 
>>> 
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000
>>> 0000000000000000000000000000000000
>>> C0 862244 1332422: 
>>> 
> 10000001010010100000000111100000000001010000010001000000000101000011000000000100
>>> 1000000001000010101000010100110010
>>> P0 862244 1332422: 
>>> 
> 10000001010010100000000111100000000001010000010001000000000101000011000000000100
>>> 1000000001000010101000010100110010
>>> S0 862244 1332422: 
>>> 
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000
>>> 0000000000000000000000000000000000
>>> C0 862245 1332455: 
>>> 
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
>>> 1010100001010100000001000000001000
>>> P0 862245 1332455: 
>>> 
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
>>> 1010100001010100000001000000001000
>>> S0 862245 1332455: 
>>> 
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000
>>> 0000000000000000000000000000000000
>>> 862245 1: 00 01 03 03 49 06 1d 9f 6d 18 10 80 00 00 00 00 00 00 00 00 00 00 
> 00
>>> 
>>> 2) Find a System Information Type 5 packet in wireshark and look at the 
> frame 
>>> number in the GSM Tap Header (in this case 862245)
>>> 
>>> 3) Find the corresponding burst in the text file:
>>> 
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
>>> 1010100001010100000001000000001000
>>> 
>>> 4) Try and run the following in Kraken:
>>> crack 
>>> 
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
>>> 1010100001010100000001000000001000
>>> 
>>> Which returns:
>>> Cracking 
>>> 
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
>>> 1010100001010100000001000000001000
>>> crack #13 took 125975 msec
>>> 
>>> With no potential keys found. Can anyone let me know what I am doing wrong 
> and 
>>> point me in the right direction?
>>> 
>>> Thanks,
>>> Alex
>>> 
>>> _______________________________________________
>>> A51 mailing list
>>> A51 at ...
>>> http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51
>> 
> 
> Karsten,
> 
> Thanks for your help, I think I have a better idea of how Kraken works now. Any 
> tips on how to find a known plain-text candidate? Or do I just have to xor every 
> encrypted burst with a SI5 one and try those as keystreams?
> 
> Thanks again,
> Alex
> 
> _______________________________________________
> A51 mailing list
> A51 at lists.srlabs.de
> http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51




More information about the A51 mailing list