The Anatomy Of GSM Encryption Hack

After Karsten Nohl hacked the GSM encryption, I thought to Digg this a bit in more detail. So i have written this whole guide in favor of it. So lets start.

Karsten Nohl, A Germen Hacker have claimed that he have successfully cracked the GSM mobiles security algorithm. That we all know but the question that arises here is what he did to crack the GSM encryption which have been for years, actually from 1987.

There was a conference know as 26th Chaos Communication Congress (26C3) , as we all know which is indeed the most respected and one of the most seeable conferences in Europe.

3842740300_213911ed38_o

It takes place from December 27th to December 30th 2009 at the bcc Berliner Congress Center in Berlin, Germany. which is quite recent and what was special this time on it was the GSM encryption crack details which were going to be demoed in the conference.

The 26C3s slogan is "Here Be Dragons".

As a matter of fact i was not there in the conference and thus missed all the stuff going on there. but some of my twitter friends helped me out with this. When twitters started to tweet with the hash tag of #26C3 all was going clear about it...

Basics

Ok lets began with the basic of the attack and what can be done with, what we need, what he cracked etc

Karsten Nohl GSM Crack 26C3

Here is the presentation or you can say the slides, which Nohl presented during the 26C3 which gives all the detail regarding the whole GSM encryption hack.

“… the GSM call has to be identified and recorded from the radio interface. […] we strongly suspect the team developing the intercept approach has underestimated its practical complexity.

A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data.”

–GSMA, Aug.„09

What a Hacker Need

As written in the document a hacker would need a radio receive system and also a signal processing software which is necessary to produce the raw data to decrypt it.

A Radio Receiver System -

A Signal processing software -

Ok this might explain you a bit about what a hacked need. Actually its not the kind of hack which you can perform with a laptop. you would need to decrypt which the Nohl have used the rainbow tables which were not explained in the previous hacks between 1995 to 2008 which were not quite successful.

There are various different setting you would need to do in the radio and OpenBTS. and other configuration, mods. Its pretty complicated stuff there.

Rainbow Tables

The main reason why this crack with A5/1 attacks were not done in the previous years is because of the rainbow tables which the Nohl introduced in the cracking procedure.

Previously the crack used some big system to decrypt but it was too expensive that it any hacked would not be able to crack it and that's why the hack was also not released in the internet.

rainbow-table-bundle-medium

But there come Nohl with his rainbow tables. They planned to do a workshop today, where you could bring your GSM data and they wanted to try to decrypt it. However, due to legal reasons they had to cancel it.

http://events.ccc.de/congress/2009/wiki/The_demonstration_is

The next step would be for someone to package the attack in the form of a script-kiddie-usable utility that would perform interception/decryption using an off-the-shelf GSM USB modem.

That seems to be how these things go; they'll drag their feet as long as possible, until the public pressure becomes unbearable.

So i guess most of you have to wait for the script-kiddies bundle to release so you can use it.

Get a working copy of the table generator rainbow tables by either :

A) Downloading binaries

1. Linux 32bit

2. Linux 64bit

3. windows 32bit

4. windows 64bit

revision 58 from October 25 2009

B) Compiling The Program

Then, Running The Program