[A51] Rainbow Tables

Jan Hrach jenda at yakumo.hrach.eu
Thu Aug 27 16:48:27 CEST 2015


Hi,
kr02_mergebits is a part of ApplyIndexFunc hashing function. The function takes 34bit input and produces 64bit output. It is used to compress the tables - so instead of a full 64bit starting point you need only 34bit input to the function.

You can find more info in Attack Implementation https://brmlab.cz/project/gsm/deka/attack-implementation#table_encoding

On 27.8.2015 08:45, Snehasish Kar wrote:
> 
> Dear Jan
> 
> Can you please explain the significance of kr02_mergebits, actually why it is required.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> From: snehasish.cse at live.com
> To: jenda at yakumo.hrach.eu
> Date: Wed, 26 Aug 2015 18:30:28 +0530
> CC: a51 at lists.srlabs.de
> Subject: Re: [A51] Rainbow Tables
> 
> Thanks Jan, and will let you know the results. Moreover it was important for as I wanted to make a FPGA version of it.
> 
> 
> 
>> Subject: Re: [A51] Rainbow Tables
>> To: snehasish.cse at live.com
>> CC: a51 at lists.srlabs.de
>> From: jenda at yakumo.hrach.eu
>> Date: Wed, 26 Aug 2015 12:41:35 +0200
>>
>> Hello,
>>
>> > But since
>> > for lookup I would require exactly the same round functions and I don't know
>> > exactly what round functions they have used for generation of the a51
>> > tables. So is there any way to know what round functions they have used, so
>> > that I can directly purchase the HDD from the site and integrate it to my
>> > lookup source code.
>>
>> if this is still needed, you can find the extracted RFs from original Kraken at http://jenda.hrach.eu/gitweb/?p=deka;a=blob;f=tables.h;h=58babbb9bb3508a109751c842a9ef23a0146820c;hb=9d97e2152fcc5b2f5fb80ecf3af839976304f2b9 The first one is for table 100 and they go on up to 999 (yes, they repeat. I will compact it in the future)
>>
>> Have a look at the rest of the source, for example libvankus.c, to see how they are used.
>>
>> (by the way they can be generated algorithmically, it's somewhere in the Kraken source)
>>
>>
>> ...speaking of which, the above header file is a part of deka, a portable A5/1 cracker written in OpenCL, designed as a drop-in replacement of Kraken which depends on unsupported Brook and runs only on ATI HD4/5/6xxx cards. There is still some work to do as I finished it today's night, but I have already cracked real GSM keys with it.
>> https://brmlab.cz/project/gsm/deka/start
>>
>> > Whats the efficiency of the rainbow tables that you have provided..i mean suppose out of 100 calls hpw many should get detected?
>>
>> I don't know the efficiency of Kraken's rainbow tables either! Better run some tests...
>>
>> On 26.8.2015 11:39, Snehasish Kar wrote:
>> > hello Dean
>> >
>> > Whats the efficiency of the rainbow tables that you have provided..i mean suppose out of 100 calls hpw many should get detected?
>> >
>> >> Date: Wed, 15 Jul 2015 13:35:44 -0700
>> >> Subject: Re: [A51] Rainbow Tables
>> >> From: pierce403 at gmail.com
>> >> To: snehasish.cse at live.com
>> >> CC: yaniv.sharon at gmail.com; a51 at lists.srlabs.de
>> >>
>> >> I've never messed with generating my own tables, and I'm not sure what
>> >> settings were used to generate the tables found in the torrent. I
>> >> know that when I run kraken, I don't have to put in any special
>> >> parameters or anything.
>> >>
>> >> - DEAN
>> >>
>> >> On Wed, Jul 15, 2015 at 1:22 PM, Snehasish Kar <snehasish.cse at live.com> wrote:
>> >> > Dear Dean
>> >> >
>> >> > Actually I was trying to generate the tables by myself using the references
>> >> > of Dr. Nohl, but I dont have much computational power to generate the entire
>> >> > 1.8 TB rainbow table. I do have most of the parameters of kraken, like no of
>> >> > round function: 8, sub chain length: 2^12 and DP: last 12 bits 0. But since
>> >> > for lookup I would require exactly the same round functions and I don't know
>> >> > exactly what round functions they have used for generation of the a51
>> >> > tables. So is there any way to know what round functions they have used, so
>> >> > that I can directly purchase the HDD from the site and integrate it to my
>> >> > lookup source code.
>> >> >
>> >> >> Date: Wed, 15 Jul 2015 12:54:58 -0700
>> >> >> Subject: Re: [A51] Rainbow Tables
>> >> >> From: pierce403 at gmail.com
>> >> >> To: snehasish.cse at live.com
>> >> >> CC: yaniv.sharon at gmail.com; a51 at lists.srlabs.de
>> >> >
>> >> >>
>> >> >> So the scripts I wrote assume you have a 2 TB WD Passport target drive
>> >> >> plugged in, then it partitions it such that you have a 5 gig partition
>> >> >> up front (/dev/sdb1), and creates a blank partition behind that
>> >> >> (/dev/sdb2), where it injects the tables (as downloaded from the
>> >> >> torrent). The place_tables.sh script pretty much replaces Behemoth,
>> >> >> and uses TableConvert to place the tables directly, not even
>> >> >> generating the indexes (I just re-use the same indexes that I
>> >> >> generated the first time I ran the tool). It then moves over a
>> >> >> precompiled kraken binary which works on Kali, and instructions for
>> >> >> use.
>> >> >>
>> >> >> I wrote these scripts when I needed to make like 15 of these rainbow
>> >> >> table drives as quickly as possible (It took about 10 hours per
>> >> >> drive), which I sold (for the cost of the drive) at DEFCON last year
>> >> >> as part of the NSA Playset work we've been doing.
>> >> >>
>> >> >> - DEAN
>> >> >>
>> >> >> On Wed, Jul 15, 2015 at 11:52 AM, Snehasish Kar <snehasish.cse at live.com>
>> >> >> wrote:
>> >> >> > Hi Dean
>> >> >> >
>> >> >> > Do they provide support with the table parameters like, what is the
>> >> >> > chain-length,no of round functions and what round functions n are they
>> >> >> > using, so that I can integrate it with my own lookup code.
>> >> >> >
>> >> >> >> Date: Wed, 15 Jul 2015 11:26:49 -0700
>> >> >> >> From: pierce403 at gmail.com
>> >> >> >> To: yaniv.sharon at gmail.com
>> >> >> >> CC: A51 at lists.srlabs.de
>> >> >> >> Subject: Re: [A51] Rainbow Tables
>> >> >> >
>> >> >> >>
>> >> >> >> Hacker Warehouse sells a harddrive with the A5/1 tables and a set of
>> >> >> >> scripts I wrote to inject the tables and the required tools onto
>> >> >> >> another drive.
>> >> >> >>
>> >> >> >> http://hackerwarehouse.com/product/rainbow-tables-hdd/
>> >> >> >>
>> >> >> >> - DEAN
>> >> >> >>
>> >> >> >> On Wed, Jul 15, 2015 at 7:21 AM, Yaniv Sharon <yaniv.sharon at gmail.com>
>> >> >> >> wrote:
>> >> >> >> > Hello all…!
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Who can help me to get the Rainbow Tables [A5/1]
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > ?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Thnx
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > A51 mailing list
>> >> >> >> > A51 at lists.srlabs.de
>> >> >> >> > https://lists.srlabs.de/cgi-bin/mailman/listinfo/a51
>> >> >> >> >
>> >> >> >> _______________________________________________
>> >> >> >> A51 mailing list
>> >> >> >> A51 at lists.srlabs.de
>> >> >> >> https://lists.srlabs.de/cgi-bin/mailman/listinfo/a51
>> >
>> >
>> > _______________________________________________
>> > A51 mailing list
>> > A51 at lists.srlabs.de
>> > https://lists.srlabs.de/cgi-bin/mailman/listinfo/a51
>> >
>>
>>
>> --
>> Jan Hrach, http://jenda.hrach.eu/
>> GPG CD98 5440 4372 0C6D 164D A24D F019 2F8E 6527 282E
> 
> _______________________________________________ A51 mailing list A51 at lists.srlabs.de https://lists.srlabs.de/cgi-bin/mailman/listinfo/a51


-- 
Jan Hrach, http://jenda.hrach.eu/
GPG CD98 5440 4372 0C6D 164D A24D F019 2F8E 6527 282E



More information about the A51 mailing list