Kraken-win32

Kraken-win32 is a customized version of the GSM A5 cipher cracker. (see http://reflextor.com/trac/a51)
This is a GSM A5/1 cipher cracker that requires some rainbow tables (~2 TiB) and some keystream bits to crack the cipher session key Kc.

I ported this tool to run on win32 (whilst still runing on linux) and redesigned the “user interface” a little bit.

Linux build running in a VirtualBox VM. No ATI support tested yet.
Console messages after startup.

Instead of developer-oriented debug output, kraken-win32 prints some mode user-friendly output and has some neat multi-client, multi-job network service.

A telnet session showing a job being processed.

General changes:

  • improved ServerCore to allow console + remote connection
  • new network protocol
  • ATI CAL kernels in extra files
  • Support some ATI Radeon HD3xxx models (uses slower GPU code then!)
  • config file allows to specify a sector offset (required for win32)
  • merged find_kc into Kraken for calculating Kc directly
  • startup speedup using cached table indexes stored on index-disk (~40 Mib per .idx file)
  • will release memory (from ~1.6 GiB) when idle for 30 minutes (down to ~40 Mib)
  • fixed some rare crash situations
  • introduced some new random crash situations ;)

Config file:

  1. execute “wmic diskdrive list” on your windows console to get the \\.\PhysicalDrive-name of your data disks
  2. use some fdisk tool to get the start sector of the data partition on your disks (e.g. sector 63)
  3. specify above information in your tables.conf: ‘Device: \\.\PhysicalDrive1+63 40’

Network connection:

  • please specify your tcp port if you don’t want to have port 8866
  • every command will return a status code from the list below
  • for every queued request, you will receive an ID
  • results will get printed out with the ID of the request

Commands:

(<parm> are required parameters, [parm] are optional)
  • crack <bits1> [<COUNT1> <bits2> <COUNT2>]

    will try to find the Kc if bitsx and COUNTx are given.
    if just the bits are given and no COUNT etc, kraken will report the intermediate result as usual, but with some other formatting.

  • status

    show some server details and its status.

  • idle

    just like a NOP or IDLE command known from other protocols

  • test
    start the key search as known from original kraken
  • cancel

    cancel currently processed request

  • fake

    successfully finish current request immediately with a faked result key. its mainly for testing network clients.

  • perf disk [reads]

    queue random block reads to test disk speed. without parameter [reads] it will queue 2000 reads.
    retrieve results with ‘stats’ command.

  • stats

    get details about the hard disks. i.e. blocks read, acess time etc

  • quit (console only)

    will quit the client

  • wnd_hide / wnd_show

    will hide/show the console window on windows.

  • suspend

    will release the table indexes from memory. they will be automatically reloaded upon the next crack command.

Example communication:

  • > crack 101010101…1101 122332 111001010…1101 122351
  • < 100 Queuing request (0 already in queue)
  • < 101 277 Request queued
  • < 102 277 Processing your request now
  • < 103 277 ABCDEF0123445 23 (found a table hit)
  • < 200 277 DEADBEEFDEADBEEF Key found (search took 395 seconds)
  • > crack 101010101…1101 122333 111001010…1101 122352
  • < 100 Queuing request (0 already in queue)
  • < 101 278 Request queued
  • < 102 278 Processing your request now
  • < 103 278 ABCDEF0123445 23 (found a table hit)
  • < 404 278 Key not found (search took 395 seconds)

old style syntax:

  • > crack 101010101000…0001010101
  • < 100 Queuing request (0 already in queue)
  • < 101 279 Request queued
  • < 102 279 Processing your request now
  • < 103 279 ABCDEF0123445 23 (found a table hit) (your candidate for find_kc)
  • < 404 279 Key not found (search took 395 seconds)

Download:

http://g3gg0.de/projects/Kraken/Kraken-win32.zip

Source:

https://github.com/g3gg0/kraken-win32/

License:

(ToDo: define license)

Leave a Reply