Dear Alex,
>From the sound of it, you may be trying to crack an unencrypted frame. If
>that's the case: There is nothing to crack.
Instead of finding an SI5 message in Wireshark, you'd have to _guess_ which
encrypted frame could be an SI5, then XOR the SI5 burst with the suspected
encrypted SI5 burst, and then run the result of that (=pure A5/1 key stream if
you guessed right) through Kraken
One more complication: Even if you did all of this correctly, Kraken only finds
the key in some cases, so you may have to try several times with different
correct guesses/locations until you find a key.
Cheers,
-Karsten
On Mar 7, 2013, at 24:22 , Alex <[email protected]> wrote:
> Hello,
>
> I'm having some trouble knowing which bursts to run through Kraken to try to
> discover the key. I have the rainbow tables written to HD and everything
> seems
> to be working. I tried this tutorial:
> http://lists.srlabs.de/pipermail/a51/2010-
> July/000688.html and everything worked nicely but when I try to run kraken on
> my
> own bursts I can't seem to get them to crack no matter which burst I pick.
> Here's what I'm doing:
>
> 1) Use airprobe to decode unencrypted SACCH packets to a text file and view
> them
> in wireshark
>
> Exported packets look like this (System Information Type 5):
> C1 862242 1332356:
> 00100000000111000010000000110010001100000110000011000000011010100100000010101001
> 0001001000110100000000101000000110
> P1 862242 1332356:
> 00100000000111000010000000110010001100000110000011000000011010100100000010101001
> 0001001000110100000000101000000110
> S1 862242 1332356:
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000
> 0000000000000000000000000000000000
> C0 862243 1332389:
> 00000000010100100010000000000010100000000110101101000010101000010100001000110100
> 0010000000000101000010101100010100
> P0 862243 1332389:
> 00000000010100100010000000000010100000000110101101000010101000010100001000110100
> 0010000000000101000010101100010100
> S0 862243 1332389:
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000
> 0000000000000000000000000000000000
> C0 862244 1332422:
> 10000001010010100000000111100000000001010000010001000000000101000011000000000100
> 1000000001000010101000010100110010
> P0 862244 1332422:
> 10000001010010100000000111100000000001010000010001000000000101000011000000000100
> 1000000001000010101000010100110010
> S0 862244 1332422:
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000
> 0000000000000000000000000000000000
> C0 862245 1332455:
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
> 1010100001010100000001000000001000
> P0 862245 1332455:
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
> 1010100001010100000001000000001000
> S0 862245 1332455:
> 00000000000000000000000000000000000000000000000000000000000000000000000000000000
> 0000000000000000000000000000000000
> 862245 1: 00 01 03 03 49 06 1d 9f 6d 18 10 80 00 00 00 00 00 00 00 00 00 00 00
>
> 2) Find a System Information Type 5 packet in wireshark and look at the frame
> number in the GSM Tap Header (in this case 862245)
>
> 3) Find the corresponding burst in the text file:
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
> 1010100001010100000001000000001000
>
> 4) Try and run the following in Kraken:
> crack
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
> 1010100001010100000001000000001000
>
> Which returns:
> Cracking
> 11000000010010010000010100001101010100100000010000010000000001011000101001000010
> 1010100001010100000001000000001000
> crack #13 took 125975 msec
>
> With no potential keys found. Can anyone let me know what I am doing wrong
> and
> point me in the right direction?
>
> Thanks,
> Alex
>
> _______________________________________________
> A51 mailing list
> [email protected]
> http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51
_______________________________________________
A51 mailing list
[email protected]
http://lists.srlabs.de/cgi-bin/mailman/listinfo/a51
