mrb's blog

A5/1 Cracker Using the Berlin Rainbow Tables

Keywords: attack gpu gsm security

In a message to the A51 mailing list, Frank A. Stevenson announced the release of an A5/1 cracker called the Kraken, capable of using the Berlin set of rainbow tables to decrypt GSM traffic.

A5/1 has been cracked many times already, but tools to do so have never been released to the public. Most recently, in February 2008, David "h1kari" Hulton and Steve Muller presented at Black Hat their A5/1 rainbow tables built with FPGAs. They were planning to release them publicly, but never did so for unknown reasons. I have met David in person and asked him but his response was evasive. Perhaps they preferred to simply recolt the fruits of their work by selling commercial A5/1 cracking products.

Because of the lack of public A5/1 cracking tools, the GSM Association was claiming until very recently that it is not practical to attack A5/1 and that A5/1 is "still" secure enough.

It is in this context that the A5/1 Security Project was started by Karsten Nohl. They wrote code to compute A5/1 rainbow tables, went through multiple iterations. The last version of the code is very well optimized to run on ATI GPU cards. They built with it what is known as the Berlin A5/1 rainbow table set (see this post about the story behind the name), which is about 2TB in size. The Kraken is the first tool able to perform successful lookups in the tables.

From now on, we can expect the project to focus more on intercepting GSM frames off the air. People have been intercepting individual frames for a while with devices like the USRP, but some hurdles remain to be solved, such as channel hopping.