[A51] odd problems with kraken
Thank you for answers and samples. Kraken cracked them all. find_kc mismatched all, but you send Kc:) I dont do programing (and tight with time) and know all about Kraken just from mailing list, not from code. Are there anything that summarize important thing about how Kraken works? I have nvidia GTX 285watercooled, i720, 4raid0 system disk with w7 and linux (ubuntu,BackTrack4). If I can help somehow just say. But need detailed instructions:( BR! > 6-Nov-10 01:28, Georg Hofstetter wrote: > > > > Hello 'moongaboonga', > > > > AFAIK this might be because not all A5 the states are present in the > > tables. Try some other bursts. > > > > With ~700 tried bursts i achieved a success rate of 17.5%. > > Not sure how many are because of wrongly guessed bits. > > I know, this should be no deal to check this. But didnt have time for > > this yet :) > > > > > > Tyke some of my samples: > > > > > Bits__11010100100100001100010010001111010110010001001101011110110011101010100011101011100010 > > > > COUNT_1979178 > > Kc8E7B6C78C031995 > > > > > Bits__10001011100100101001010111111110111010111001010111001000100101001010011011 > > > > COUNT_1987569 > > KcB26C3B4D2CF691C > > > > > Bits__0001100001001110111010101110100011101000100100100101101010110111000110110111010110010101101101 > > COUNT_2005811 > > KcD9AEE14845BB05DD > > > > > Bits__0110100010110100111011101101100111001110101111100101010011100111011001110010010001001000100001 > > COUNT_2013271 > > KcFDFE856BB9EB5C00 > > > > > > BR, > > Georg > > > > > > Am 05.11.2010 15:38, schrieb moongaboonga moongaboonga: > >> Hi! > >> > >> I downloaded 40 tables via torrents, put them on 2 1TB disk, then use 2 > >> another one 1TB disks to put tables using Behemoth.py (all extern usb, > >> 20 tables on each). > >> > >> Then compiled kraken, older and now newer version. All goes without > problem. > >> > >> But when try to crack bit strings different then test or one of streams > >> from mail list > >> > >> kraken didnt crack them, just print how time it took. > >> > >> I tried *many* combination and nothing. No errors just no results. > >> > >> Then I try to change bits from begining and end of test stream: > >> > >> When put *first 32 bits or 11 last bits to 0 or 1* the kraken return the > >> same result, from table *412*, like for test stream. > >> > >> Why cant be cracked anything else except test stream and another one > >> what was like example in the mailing list? > >> > >> Thank you in advance! > >> > >> > >> > >> > >> ___ > >> A51 mailing list > >> A51@lists.reflextor.com > >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > > ___ > > A51 mailing list > > A51@lists.reflextor.com > > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > -- > > Message: 2 > Date: Sat, 06 Nov 2010 23:24:17 +0100 > From: Georg Hofstetter > Subject: Re: [A51] odd problems with kraken > To: a51@lists.reflextor.com > Message-ID: <4cd5d591.4080...@g3gg0.de> > Content-Type: text/plain; charset=UTF-8 > > > Another thing - you are sure you guessed the correct key stream bits? > Kraken does accept key stream bits only - not the data bits. > > BR, > Georg > > > Am 05.11.2010 15:38, schrieb moongaboonga moongaboonga: > > Hi! > > > > I downloaded 40 tables via torrents, put them on 2 1TB disk, then use 2 > > another one 1TB disks to put tables using Behemoth.py (all extern usb, > > 20 tables on each). > > > > Then compiled kraken, older and now newer version. All goes without > problem. > > > > But when try to crack bit strings different then test or one of streams > > from mail list > > > > kraken didnt crack them, just print how time it took. > > > > I tried *many* combination and nothing. No errors just no results. > > > > Then I try to change bits from begining and end of test stream: > > > > When put *first 32 bits or 11 last bits to 0 or 1* the kraken return the > > same result, from table *412*, like for test stream. > > > > Why cant be cracked anything else
[A51] odd problems with kraken
Hi! I downloaded 40 tables via torrents, put them on 2 1TB disk, then use 2 another one 1TB disks to put tables using Behemoth.py (all extern usb, 20 tables on each). Then compiled kraken, older and now newer version. All goes without problem. But when try to crack bit strings different then test or one of streams from mail list kraken didnt crack them, just print how time it took. I tried *many* combination and nothing. No errors just no results. Then I try to change bits from begining and end of test stream: When put *first 32 bits or 11 last bits to 0 or 1* the kraken return the same result, from table *412*, like for test stream. Why cant be cracked anything else except test stream and another one what was like example in the mailing list? Thank you in advance! ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] A51 Digest, Vol 16, Issue 8
Hi! I tried TableConvert on tables downloaded with bitorrent (one of them). When make partition without file system and run ./TableConvert ds 100.dlt /dev/sdb2 index.dat I get message: /dev/sdb2 allready exist, will not overwrite. Can anybody help? Thanks in advance! On Wed, Sep 15, 2010 at 12:00 PM, wrote: > Send A51 mailing list submissions to >a51@lists.reflextor.com > > To subscribe or unsubscribe via the World Wide Web, visit >http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > or, via email, send a message with subject or body 'help' to >a51-requ...@lists.reflextor.com > > You can reach the person managing the list at >a51-ow...@lists.reflextor.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of A51 digest..." > > > Today's Topics: > > 1. Several ARFCNs at once ? (??? ) > 2. Re: Please seed tables (Konrad Meier) > 3. Re: Several ARFCNs at once ? (sascha) > 4. Re: Traffic dump (Georg Hofstetter) > 5. Re: Traffic dump (Karsten Nohl) > 6. Re: Traffic dump (Harald Welte) > 7. Re: Traffic dump (Sylvain Munaut) > 8. Re: Several ARFCNs at once ? (Fabio Pietrosanti (naif)) > > > -- > > Message: 1 > Date: Tue, 14 Sep 2010 12:49:29 +0200 > From: ??? > Subject: [A51] Several ARFCNs at once ? > To: a51@lists.reflextor.com > Message-ID: > > Content-Type: text/plain; charset="iso-8859-1" > > Hello people, > > Is it possible to record several ARFCNs at once? Or record some narrow band > (5 - 10 Mhz wide) and extract offline data for specific frequency from > band? > > I'm reading about frequency hopping and USRP/USRP2, and everybody speaks > about following up a MAIO and HSN parameters in real time. My question is, > if BST publicly says that it serves certain ARFCNs (for example 40 of > them), > is there a chance to record a traffic from all of them and reconstruct > hopping and traffic data offline? > > Cheers, > LjubeX > -- next part -- > An HTML attachment was scrubbed... > URL: > http://lists.lists.reflextor.com/pipermail/a51/attachments/20100914/ed24f8ba/attachment.html > > -- > > Message: 2 > Date: Tue, 14 Sep 2010 16:10:04 +0200 > From: Konrad Meier > Subject: Re: [A51] Please seed tables > To: a51@lists.reflextor.com > Message-ID: <4c8f823c.5090...@informatik.uni-freiburg.de> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Am 12.09.2010 10:52, schrieb Karsten Nohl: > > Hallo list, > > > > Many of you have received copies of the 'Berlin set' of rainbow tables > > in the mail. We would appreciate if you would contribute to the spread > > of the data through seeding the data in Bittorrent. To do that, please > > open the .torrent files available on the disk with any Bittorrent > > client, 'rtorrent' for instance if you are on a Linux command line. > > Hello Karsten, > > I added a machine to seed the torrents at the University of Freiburg > Germany. Uplink is 1GBit. I hope this helps. > > Regards > Konrad > > > -- > > Message: 3 > Date: Tue, 14 Sep 2010 16:15:13 +0200 > From: sascha > Subject: Re: [A51] Several ARFCNs at once ? > To: a51@lists.reflextor.com > Message-ID: <20100914141513.gc4...@test> > Content-Type: text/plain; charset=utf-8 > > On Tue, Sep 14, 2010 at 12:49:29PM +0200, ??? wrote: > > Hello people, > > > > Is it possible to record several ARFCNs at once? Or record some narrow > band > > (5 - 10 Mhz wide) and extract offline data for specific frequency from > band? > > yes its possible but airprobe currently does not support hopping. It is > on the todo list, though. > > > > > I'm reading about frequency hopping and USRP/USRP2, and everybody speaks > > about following up a MAIO and HSN parameters in real time. My question > is, > > if BST publicly says that it serves certain ARFCNs (for example 40 of > them), > > is there a chance to record a traffic from all of them and reconstruct > > hopping and traffic data offline? > > Yes, as long as they are confined to an 8Mhz or 25 Mhz band (for USRP and > USRP2 respectively). Or if you have many USRPs, then you can of course > scan a wider band. The amount of data is quite large: 32mbyte/sek for USRP1 > with 16bit I/Q samples. A real time demodulator is on the TODO list, and > it would reduce that by a factor of ~ 32. > > > > > -- > > Message: 4 > Date: Wed, 15 Sep 2010 01:49:24 +0200 > From: Georg Hofstetter > Subject: Re: [A51] Traffic dump > Cc: a51@lists.reflextor.com > Message-ID: <4c900a04.3050...@g3gg0.de> > Content-Type: text/plain; charset=UTF-8 > > Am 13.09.2010 18:12, schrieb sascha: > > reflextor.com/galileo1_a725_d174_g5_KcC07D6E4269C70BB3.cfile.gz > > reflextor.com/vf_call6_a725_d174_g5_Kc1EF00BAB3BAC7002.cfile.gz > > > Hey, thanks a lot! > > I am sure, Veshna and Tim in the gal
Re: [A51] A51 Digest, Vol 15, Issue 6
Where can I find hashes for tables? 39GB per table is a lot and should be checked after download. Thank you! On Tue, Aug 10, 2010 at 12:00 PM, wrote: > Send A51 mailing list submissions to >a51@lists.reflextor.com > > To subscribe or unsubscribe via the World Wide Web, visit >http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > or, via email, send a message with subject or body 'help' to >a51-requ...@lists.reflextor.com > > You can reach the person managing the list at >a51-ow...@lists.reflextor.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of A51 digest..." > > > Today's Topics: > > 1. Just question (Milinko Isakovic) > > > -- > > Message: 1 > Date: Mon, 9 Aug 2010 17:01:34 +0200 > From: Milinko Isakovic > Subject: [A51] Just question > To: a51@lists.reflextor.com > Message-ID: > > Content-Type: text/plain; charset="iso-8859-1" > > If I get USRP2, how many daughter boards, and which ones I need? > > Regards > Milinko > -- next part -- > An HTML attachment was scrubbed... > URL: > http://lists.lists.reflextor.com/pipermail/a51/attachments/20100809/907f96fd/attachment.html > > -- > > ___ > A51 mailing list > A51@lists.reflextor.com > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > > > End of A51 Digest, Vol 15, Issue 6 > ** > ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
[A51] Subject: Re: Trying to decipher burst "off the air" From: Sylvain Munaut
Message: 1 Date: Thu, 8 Jul 2010 19:40:13 +0200 From: Sylvain Munaut <246...@gmail.com> Subject: Re: [A51] Trying to decipher burst "off the air" To: a51 Message-ID: Content-Type: text/plain; charset=UTF-8 Hi again, A little follow up to my earlier problems, for the archives. What I wanted to do is simply decipher a burst for which Ihad the key. Sounds simple right ? Well turns out there were two complications (for me at least :) * The key byte order you must feed the algorithm is not the same as the one stored in the SIM or returned by GSM algo of the SIM. * The "22 bits frame number" you must feed is not very detailled in a lot of 'quick a5 intros'. Turns out it is ((T1 << 11) | (T3 << 5) | T2) Once I fixed that, it all worked out fine :) Cheers, Sylvain -- Hi! I try to feed A *pedagogical implementation* of A5/1 with Kc and 22 bits frame number byte by byte in the way you give it, but I didn't get the same stream like you? Can you please explain order of bytes(bits) for Kc and 22 bits frame number you gave? Thank you very much! ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
[A51] wireshark and immediate assignment
Hello! Does anybody knows why wireshark in message immediate assignment calculate T2 and T3 like this: TDMA Frame 2568732 T1' = 17 T2 = 15 T3 = 45 RFN 22791. I tried version 1.2.2 and 1.2.7 and different captured files - from internet an from my nokia 3110. T1' is calculated good ( (FN/1326)mod32 ), but T2 and T3 arent FNmod26 and FNmod51. -- T2 should be 10 (FNmod26) and T3(FNmod51) should be 15. Thanks in advance ! ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
Re: [A51] A51 Digest, Vol 13, Issue 9
Re: old gsm 900 phone GA628 (Karsten Nohl) From: Karsten Nohl Subject: Re: [A51] old gsm 900 phone GA628 To: a51@lists.reflextor.com Message-ID: <4c1a27f6.9090...@virginia.edu > > > > Content-Type: text/plain; charset=ISO-8859-1 > > Hi there, > > Access to phone functions is crucial for researching the phone networks. > A research project around the idea of reverse-engineering an entire > phone and implementing an open source firmware: > http://bb.osmocom.org/trac/ > > Considering how far the OsmoconBB project has already progressed, it > probably makes sense to focus on their TI Calypso phone first. > > Cheers, > > -Karsten > Ok. Thank you! > > ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
[A51] old gsm 900 phone GA628
I have an old Z80 based phone and a lot of data about it, including electrical scheme, firmware, tools for disassemble flash code, memory maps, etc. It is very simple from hardware point of view, but there is a lot code to disassemble. The good thing is if someone can accomplish that he has all what needs to listen traffic, gather gsm algorithms and everything what phone must have on the plate and what can be used in any way, like for this project for example. But this is too much for one man to accomplish. Is there any chance that someone is interested? Or at least opinion is that a job that is good way to dive in details about real gsm, for the price of time it consume? Best regards! ___ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
