High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
cracking a5 - THC Wiki
http://wiki.thc.org/cracking_a5
1 di 19
01/01/2008 11.12
cracking a5
The A5 Cracking Project
NEWS: We have created a PRIVATE A5 mailinglist. If you feel you have something to contribute to the project please contact steve [at] segfault.net. The reason for this has been explained on the public mailinglist a5 [at] lists.segfault.net.
NEW: The CCC Camp07 GSM Software Project and A5 Cracking Talk video is available. The final attack and a live demonstration will be given at a selected security conference in March 2008.
Powered byEFF.
Contenuti
LICENSE
1.
About
2.
How you can help
3.
TODO
4.
Requirements
5.
A5 weakness
6.
A5/GSM encryption example
7.
Misc Ideas
FPGA Ideas
Brute Force
1.
Brute Force II
2.
possible boards
3.
1.
8.
cracking a5 - THC Wiki
http://wiki.thc.org/cracking_a5
2 di 19
01/01/2008 11.12
Rainbow Table
Idea I
1.
Idea II
2.
Idea III
3.
Idea IV
4.
Idea V
5.
Idea VI
6.
2.
TMTO modified for A5/1
Verbal Description
1.
C Reference Implementation
2.
Pseudocode
3.
3.
Resources
List of used encryption around the World
1.
How to check if A5/1 is used
2.
HD Random Access Time
3.
9.
Links
10.
1. LI CENSE
GSM Software Project License
Version 1, January 2007
All code, information or data [from now on "data"]
available from the GSM Software Project or any other
project linked from this or other pages is owned by the
creator who created the data. The copyright, license
right, distribution right and any other rights lies with
the creator.
It is prohibitied to use the data without the written agreement of the creator. This included using ideas in other projects (commercial or not commercial).
Where data was created by more than 1 creator a written
agreement from each of the creators has to be obtained.
Please contact steve [at] segfault.net for any questions.
2. About
We are security enthusiasts. Our goal is to implement a system that can crack A5/1. Our
results will be used with the GSM Software Project to demonstrate weaknesses in GSM.
The A5 algorithm has been broken (in theory) in 1998 but it's still widely used. The
mobile operators still insist that the GSM customers (that's you and me!) are protected and
that our data is safe.
We want to bring together all the folks who worked on the theory of cracking A5/1.
Subscribe to our mailinglist by sending an email to a5-subscribe [at] lists.segfault.net
cracking a5 - THC Wiki
http://wiki.thc.org/cracking_a5
3 di 19
01/01/2008 11.12
3. How you can help
Add links and information to this page or send them to steve at segfault.net
1.
Sponsor us! We need hardware, books and coffee!
2.
Come up with smart ideas.
3.
4. TODO
Come up with example data (e.g. first encrypted burst from BTS to MS and first
burst from MS to BTS).
1.
Enhance the attack on A5/1
2.
Implement a A5/2 crack.
3.
5. Requirements
The project comes in stages.
Understand current state of A5/1 cracking (THAT'S WHERE WE ARE IN NOW!)
1.
Implement A5/2 crack (the weaker of both algorithms)
2.
Implement one of the many A5/1 cracks from the academic papers
3.
Research and Implement new ways to crack A5/1
4.
Our ultimate goal is to crack A5/1:
by only intercepting data (passiv)
1.
require less than 4Terabyte HD.
2.
able to decrypt short encrypted bursts (like SMS, last less than 0.1 seconds).
3.
Cracking time less than 1 day.
4.
6. A5 w eakness
A5 is weak. That's A5/1 and A5/2. When you look at the algorithm it just gives you a bad
feeling.
The registers are to small
1.
The trap registers are all on one side
2.
The 3 LSFRs do not mix results amoung each other
3.
Protocol implementation is faulty: An attacker can record all encrypted traffic. If the
attacker gains access to the sim at any point in the future he can decrypt all traffic
sniffed in the past. This works by putting the sim card into a sim reader and running
the gsm_runalgorithm() function on the sim. The sim will decode any traffic without
us knowing the Ki. This attack requires access to the sim for 30 seconds and can
decode any GSM converstation that happened in the past.
4.
etc etc etc
5.
I did a quick example to visualize the entroypy. Crypto people love entropy. An easy way
to visualize the entropy is to generate a picture of the relationship between two, three or
four successive numbers generated by the algorithm. Ideally we should not see any
structure. All pixels should be distributed randomly. lcamtufs ISN analyzsis explains more
details about this method.
I use a matlab script to generate the graphics.x.txt contains the output of the a5/1 key
Add a Comment