Friday, July 23, 2010

GSM Cracking Tool. Yes it's open source

Hey Folks,
this morning I am pleased to introduce the following open source framework named A5/1.

This project aims at publicizing cryptographic weaknesses found in today's cellular networks. We are not advocating to exploit these weaknesses but rather want to inform about the fact that GSM calls are already being intercepted and decrypted using commercial tools.

Some words from Frank A. Stevenson about his project:

I am pleased to announce the first release of a A5/1 cracker capable using the full Berlin set of rainbow tables for lookups. I have named this beast Kraken, after a Norse mythological creature capable of eating many things for breakfast. Kraken feeds of an exclusive diet of A5/1 encrypted data. Currently only a bare bone functionality is present, but the UI will be improved, with the specific goal of providing an easy to use tool for cracking GSM intercepts. But setting up this Leviathan can a bit cumbersome, so I will give a short howto here:
Prerequisites:

* Linux machine, multicore min 3GB RAM

* 1.7 - 2TB of HD partitions without filsystem ( ex Samsung spinpoint
F3s, with 4k aligned start of partition )

* The Berlin A5/1 Rainbow table set

* GPU support will be added for ATI Radeon HD


Setup:

Find out how many tables you want on each partition, (usually roughly
equal on each) and make the initial configuration file. An example
configuration folder can be found in tinkering/A5Util/indexes. This
folder should contain a tables.conf file. The example files shows a
setup of 4 disk having 10 tables each. The index files for the various
tables will be added to the index folder as they are written to disk.
The first section of the config file needs to be set up with the list of
available partitions, and the number of tables that each partition
should hold. A single table needs 42GB of space. (Do NOT change the
order of this section)

For safety reasons it is best not to build the tables running as root.
The you will then have to make your table partitions user accessible.
Add a file such as 10-disk.rules in /etc/udev/rules.d with one line for
each partition:

KERNEL=="sda1", OWNER="frank"

Then manually change the ownership of the device nodes with chown. Take
care when doing this, as you do not want to nuke any of your system
partitions.


Add tables to your disk array:

First build and make a symlink from your index folder to the
TableConvert tool. It is assumed that the Berlin tables are available in
either SSD or index free delta format. The python script Behemoth.py
will recursively search for tables, and add them to the disk array and
configuration file as needed. (Duplicates will not be added) - This
operation(s) will take some hours to complete, but when done you should
end up with a tables.conf file listing ~40 tables, their advance
parameter (id), which device they reside on, and a block offset into the
device.


Build and fire up Kraken:

./kraken path_to_index_folder

Currently it will only load up all tables, and crack TDMA burst 998 for
the challenge data. This takes 1.5 minutes on a 4 core Phenom II using
only CPU power, and the output should look like:

Cracking
00110111001100000000100000110001100010011011011001101101001111000
1101010100100101111111010111100000110101001101011

Found de6bb5e60617f95c @ 12

Found 6fb7905579e28bfc @ 23


A more interactive UI with appropriate data formats (representations)
will be added for easy interfacing with airprobe. Optional GPU support
will also be added for faster cracking time.

2 comments:

Zoff said...

I had no doubt you would be on top of this news ;D

Anonymous said...

I would like to exchange links with your site marcoramilli.blogspot.com
Is this possible?