Results 1 to 6 of 6

Thread: Special

  1. #1
    Standard RSP member gessle's Avatar
    Join Date
    31 Jan 2007
    Location
    tg ocna;jud. BACAU
    Posts
    723
    Post Thanks / Like

    Default Special

    In cele ce urmeaza a fi descrise in acest topic nu se doresc a fi un indemn la actiuni de interceptare ilegala a comunicatiilor. Doresc doar sa atrag atentia asupra riscurilor de securitate din aceast domeniu si deasemeni sa arat cat de simpla (sau nu) este procurarea unor mijloace tehnice care pot fi utilizate in actiuni de interceptare ilegala a comunicatiilor.
    -se gasesc in cartile de specialitate
    si...

    Retelele gsm au din ce in ce mai multe dificultati in a pastra comunicatiile criptate... criptate. Doar cu cateva saptamani in urma criptarea 3G (criptare denumita A5/3) a fost sparta, astfel incat de acum inainte nici aceste retele nu mai sunt sigure. Tranzitia la retelele 3G si algoritmul lor superior de criptare a sporit interesul celor interesati in actiunile de decriptare.

    Este cunoscut faptul ca pentru aproximativ 30.000$ se poate achizitiona la liber echipament care permite interceptarea comunicatiilor gsm in timp real. Daca nu este necesara interceptarea in timp real, costurile scad vertiginos, pana la cateva mii de dolari.
    Desigur, orice fel de interceptare a comunicatiilor este ilegala in majoritatea statelor. Aceasta este ca si cum s-ar sustine ca nu poate fi achizitionat un autoturism care depaseste viteza de 50 Km/ora pentru ca ar depasi viteza legala.

    Initial, algoritmul utilizat pentru criptarea comunicatiilor UMTS a fost denumit MISTY1. Datorita faptului ca acest algoritm solicita o mare putere de calcul (retea si terminale), a fost inlocuit rapid cu o versiune revizuita numita KASUMI (in japoneza "ceata"). Noul algoritm este suportat cu usurinta de echipamentele hardware, facand insa rabat la gradul de securitate.
    Un atac de decriptare a algoritmului KASUMI necesita doar cateva ore pe un computer obisnuit pentru aflarea cheii de criptare si decriptarea informatiilor.
    Metoda nu permite (inca) decriptarea in timp real - cel putin nu prin utilizarea unui singur computer clasic - insa dezvoltatorii metodei sustin ca este posibila o imbunatatire a performantelor, putandu-se ajunge la decriptarea in timp real a comunicatiilor UMTS/3G.

    Artizanii demonstrarii vulnerabilitatii algoritmului KASUMI sunt Orr Dunkelman, Nathan Keller si Adi Shamir de la Facultatea de Matematica si Stiinte ale Computerului a Institutului Weizmann din Rehovot, Israel.

    Iata schema imaginata de cercetatori:


    Cercetatorii au combinat doua metode mai vechi de decriptare: metoda bumerang (boomerang attack) si metoda sandwich (“sandwich attack").

    De ce avem nevoie? Pe langa un computer si aplicatia de decriptare, mai este necesar doar un receiver digital programat in banda 1920 - 1980 2110 - 2170 MHz (in functie de tara) si un set de antene precum cele din link

    http://www.amateur-radio-antenna.com...nnas/index.php

    -dld despre CDMA:
    http://www.easysurf.ro/tbsdgg38742h/CDMA_Attack.rar.htm

    Atacul initial nu a avut succes asupra criptarii cu algoritmul MISTY1.

    Pana a se ajunge la decriptare este cale lunga. Partea fizica a interceptarii pare ceva sofisticat si scump in acelasi timp. Insa lucrurile nu stau chiar asa. Vor trebui mai intai interceptate si inregistrate comunicatiile gsm/cdma, in forma criptata (bruta) pe ambele canale de comunicare.
    Nota: in cazul comunicatiilor militare criptate, saltul in frecventa (hopping-ul) se realizeaza de cateva sute de ori pe secunda. In aceste conditii este foarte dificil - cateodata imposibil - de monitorizat si capturat intregul vector de comunicare. In reteaua gsm lucrurile stau mult mai relaxat: saltul in frecventa este mult mai lent, astfel incat cu ajutorul unui software relativ simplu se poate trece peste acest neajuns. Dealtfel in gsm/cdma saltul in frecventa nu este conceput ca o metoda de securitate ci este utilizat pentru minimizarea unor probleme de propagare a semnalului, cauzate de exemplu de interferentele pe un anumit canal.
    ==va urma==

    FOCUS SAT-UPC;RCS-digital cablu;ADSL;BAYERN MUNCHEN&AC MILAN;
    .de

  2. #2
    Standard RSP member gessle's Avatar
    Join Date
    31 Jan 2007
    Location
    tg ocna;jud. BACAU
    Posts
    723
    Post Thanks / Like

    Default

    In ultimii 20 de ani este posibila ascultarea ambelor canale de comunicatii (Tx - Rx) prin achizitionarea libera a unor echipamente radio denumite Radio Tests Sets (unitati de testare radio) si care sunt folosite si de tehnicienii/inginerii retelelor gsm pentru optimizarea retelei, detectarea si indepartarea disfunctiilor tehnice, cat si pentru dezvoltarea si testarea ultimelor modele de telefoane. Aceasta aparatura poate fi cumparata second-hand (reconditionata) pentru mai putin de 4000 $, fara a fi pusa nici o intrebare,
    mai mult,modele moderne de aparatura si avansata poate fi inchiriata la cateva sute de $/luna,merge si on line.O companie din multe altele care se ocupa de acest fel de echipamente este http://tm.livingston.co.uk/a_gsm/


    Nethawk GSM/GPRS Protocol Analyzer 4xE1

    • Extensive support for GSM. GPRS. EDGE. SS7 and GSM-R protocols according to 3GPP Release 5/4/99 baseline
    • Correlated multi-interface Call Trace for tracing and filtering calls and sessions at GERAN interfaces.
    • Most detailed decoding capability for effective root-cause analysis.
    • Capacity from one to two links up to 20 E1/T1s.



      • Real-time monitoring and analysis of GERAN and core network interfaces.
      • Real-time Gb deciphering.
      • Real-time data filtering capabilities to limit the amount of data for analysis.
      • Automatic configuration for dynamic Abis interfaces.
      • Free use of the standard Nethawk GSM software in offline mode for data post-processing.



    Alte detalii tehnice gasiti http://www.livingston-products.com/p...30730_1_en.pdf


    Tektronix - K1297




    Protocol Tester with Simulation. Monitoring & Emulation Software
    Various options available:
    • Please contact your local Livingston office for configuration
    • Flexible and reliable signalling testing in the core network
    • Efficient protocol analysis of the core network
    • Call trace and call sequence monitoring in the signalling system No. 7 (SS7)/Intelligent Network (IN) network using the K1297-G20
    • Connect up to 8 signalling links and up to 16 timeslots for SS7/IN
    • Support for standard interface boards
    • E1 or DS1 for SS7/IN network
    • E1/DS1. E3/DS3. STM-1 Electrical. STM-1 Optical and STM-4 for ATM NNI
    • Processing of almost all worldwide basic SS7 protocols (ITU-T (White Book. Blue Book). ANSI/Bellcore. ETSI. MOU)

    documentatie mai multa : http://www.livingston-products.com/p...14581_1_en.pdf

    Nemo Technologies - Multi Cradle





    • For use with the Nemo Outdoor Drive Test System
    • Allows for the simultaneous connection of up to four test mobiles
    • Includes case for transporting



    Dispozitivul simuleaza un BTS (releu gsm) pe care se pot testa pana la partu telefoane mobile in paralel. Permite si testarea unui dispozitiv gps.

    Iata ca nici reteaua TETRA din Romania (administrata de STS) nu pare a fi chiar sigura. Cateva dispozitive pot fi inchiriate:
    Aeroflex - 2968



    TETRA BTS Test Set

    • Frequency Coverage 10 MHz to 1 GHz
    • Supports TETRA mobile Standard
    • Multiple Measurement functions including full span spectrum analyser and tracking generator
    • Stand alone system
    • GPIB, RS-232 and Parallel Interfaces



    Este destinat testarii BTS-urilor din reteaua TETRA.


    Si mai interesante (si periculoase in acelasi timp) sunt dispozitivele care prin emiterea unor semnale puternice pot bruia transmisiunile TETRA pentru o zona relativ intinsa:
    BV Systems - 0040-25A-C



    Gator Transmitter 450-470 MHz 25 Watt Class A

    • 450 - 470 MHZ
    • 25/50/200 kHz channel steps
    • 25 Watts
    • Pure spectrum Class A power amplifier
    • Power amplifier with continuous adjustable power output ñ 0.1dB over 32 dB range
    • Water resistant, rugged 18" x 15" x 6" ABS plastic case
    • Microprocessor-controlled with front panel soft-keys or remotely controlled with an internal modem for user programmable modulation schemes, power levels, channels, and frequencies.
    • 240 x 64 LCD with vacuum fluorescent backlighting
    • Calibration/Usage intergrated hours meter
    • VSWR antenna protection and internal forward and reverse measurement
    • All parameters can be adjusted remotely via RS-232 or the internal modem or DTMF signaling tones



    Sistemul are o putere de 25W si poate fi comandat si de la distanta gratie unui modem intern sau telefonic, prin tonuri DTMF.


    Cu ajutorul scanerelor digitale care au operate mici modificari hardware sau software, se pot scana frecventele gsm/cdma.

    Iata unul dintre ele:




    Icom PCR1500 este un receiver de banda larga, pentru computer. Are o incredibila acoperire: de la 10 kHz la 3300 MHz.
    25 de canale pot fi scanate si observate simultan pe un monitor multi-canal. Este si foarte simplu de utilizat: se da click pe un canal ocupat (cu trafic) si se asculta direct comunicatiile.
    Cu acest scaner pot fi lesne interceptate telefoanele wireless (mai putin cele DECT despre care vom vorbi in alta postare). Pentru retelele gsm este necesara decriptarea comunicatiilor, descrisa in postarea anterioara.

    Last edited by gessle; 22-04-10 at 20:26.
    FOCUS SAT-UPC;RCS-digital cablu;ADSL;BAYERN MUNCHEN&AC MILAN;
    .de

  3. #3
    Standard RSP member gessle's Avatar
    Join Date
    31 Jan 2007
    Location
    tg ocna;jud. BACAU
    Posts
    723
    Post Thanks / Like

    Default crypt

    Platforma unica de radiocomunicatii TETRA

    TETRA (Terrestrial Trunked Radio) este un standard dezvoltat de European Telecommunications Standards Institute (ETSI). Este o platforma comuna de radiocomunicatii utilizata de S.T.S. ( Serviciul de Telecomunicatii Speciale) in asigurarea telecomunicatiilor guvernamentale si ale altor organisme statale.

    Definitii prealabile:

    -algoritm de criptare: o functie matematica ce cripteaza si decripteaza date.

    -Block codes: cele mai raspandite algoritme de criptare, care cripteaza datele prin utilizarea de pachete (blocuri) de anumite marimi si transforma datele cu chei in blocuri de aceeasi marime.

    -Blowfish: unul dintre cei mai puternici algoritmi de criptare, dezvoltat de guru criptografiei Bruce Schneier. Marimea blocurilor este de 64 biti iar marimea cheii de criptare pana la 448 biti.

    -CAST: un algoritm dependent de o cheie de 64 biti. A fost dezvoltat de .M. Adams si S.E. Tavares ca un competitor pentru criptarea AES.

    -DES: algoritm de criptare standard, folosit in SUA. Acest standard a fost compromis ( poate fi decriptat de orice computer modern in doua zile), a fost inlocuit cu algoritmul AES. A fost dezvoltat de National Institute of Standards and Technology (NIST).

    -GOST: algoritm de criptare sovietic, creat de KGB la sfarsitul anilor 70. Functioneaza cu blocuri de 64 biti iar marimea cheii este de maxim 256 biti. In ciuda catorva "gauri" de securitate, este considerat a fi inca functional. Este algoritmul standard de criptare al Federatiei Ruse.

    -Rijndael: algoritm de criptare dezvoltat de oan Daemen si Vincent Rijmen. Intruneste standardele AES (Advanced Encryption Standard). Foloseste chei de diferite marimi (128, 192 si 256 biti) si blocuri de marime egala.

    -Twofish: algoritm care a inlocuit Blowfish. Dezvoltat de Bruce Schneier si predecesorii sai. Este considerat a fi hack-proof (nu au fost raportate spargeri ale algoritmului).

    -3DES: utilizeaza algoritmul DES, la sunt aplicate de trei ori chei diferite, ceea ce ii creste nivelul de securitate in comparatie cu DES, dar care este totusi vulnerabil.

    -RC4: algoritm de criptare stream, utilizat in criptarea retelelor ( de exemplu protocolul SSL utilizat la criptarea parolelor in Netscape si Windows NT). Avantaje: viteza foarte mare de criptare/decriptare si marimea ajustabila a cheilor. Algoritmul a fost dezvoltat de Ronald Rivest. RC vine de la "Ron's Code" ori "Rivest Cipher".

    -Serpent: dezvoltat de faimosul criptograf si criptoanalist Lars Ramkilde Knudsen (in prezent profesor de matematica la Denmark's Technical University). Algoritmul este faimos pentru succesul unor cripto-atacuri reusite prin cateva coduri populare.

    -Tea: algoritm puternic de criptare (Tiny Encryption Algorithm). Caracteristica cea mai importanta: marimea foarte mica. Tea este foarte simplu pentru ca nu utilizeaza tabele valorice si este optimizat pentru procesoare cu arhitectura de 32 biti, ceea ce face posibila utilizarea unui ASSEMBLER chiar si atunci cand marimea codului este extrem de mica. Neajunsuri: viteza mica de lucru si necesitatea utilizarii unor solutii "data scrambling" din moment ce nu sunt utilizate nici un fel de tabele criptografice.

    Dictionary attack: o metoda de cripto-atac care utilizeaza dictionare digitale obisnuite care contin cuvinte populare. Aceasta metoda este ineficienta atunci cand sunt utilizate chei fara inteles.

    -BruteForce: cea mai utilizata metoda de cripto-atac. A fost numita "brute force" deoarece atacatorul incearca sa descifreze cheia de criptare prin combinarea diferitelor simboluri, litere si cifre. Operatiunea este efectuata de computere. Pentru a afla o cheie de criptare de 128 biti cu ajutorul acestei metode sunt necesari cativa ani. Cu cat in parola/cheie vor fi utilizate mai multe caractere, cu atat mai lunga va fi perioada necesara decriptarii (sute de ani).

    S.T.S.(SERVICIUL de TELECOMUNICATII SPECIALE ) foloseste platforma integrara de radiocomunicatii TETRA(http://www.tetramou.com/) . Acest sistem foloseste criptarea XXTea (Tea2). Metoda de criptare Tea a fost imaginata de David Wheeler si Roger Needham de la Cambridge Computer Laboratory si prezentata pentru prima data la un workshop (Fast Software Encryption) in Leuven in anul 1994.

    Terminale certificate de S.T.S pentru uzul in cadrul platformei TETRA:
    -Motorola MTH 500
    -Motorola MTH 800
    -Motorola MTH 800L
    -Motorola MTP 850
    -Motorola MTM 800
    -Motorola MTM 800 ENH
    -Motorola MTC 100

    -SEPURA SRG3500
    -SEPURA SRH3500 MODEL sGPS TN
    -SEPURA SRM3500
    -SEPURA SRH3800 sGPS
    -SEPURA SRC3300 sGPS
    -SEPURA SERIA STP8000 MODEL STP 8038 PSNTW201T300P0001

    -EADS THR880i MODEL RC-2
    -EADS THR880i MODEL RC-7
    -EADS THR880i MODEL RC-9

    -TELTRONIC HTT-500
    -TELTRONIC MDT 400

    NOTA: sunt functionale si in exploatare si Tea3 si Tea4. Tea2 a fost creat pentru utilizatorii din cadrul sistemelor de siguranta nationala din spatiul Schengen si tarile europene. Conform producatorilor, Tea2 este imbatabil atat impotriva incercarilor de interceptare, cat si a incercarilor de monitorizare si analizare a traficului radio. Tea3 si Tea4 au o plaja mare de utilizare, de la utilizari comerciale la cele care implica securitatea nationala.

    Proprietati Tea:
    Tea opereaza cu blocuri de 64 de biti si utilizeaza chei de 128 biti. Are o structura Feistel cu 64 de runde implementate in perechi numite cicluri. Programul de chei Tea este extrem de simplu, mixand toate cheile in exact acelasi fel pentru fiecare ciclu. Este utilizata o "constanta magica" in generarea cheilor multiple, pentru prevenirea cripto-atacurilor bazate pe simetria rundelor. Constanta magica este 2654435769 sau este alasa prin metoda ratiei de aur.

    Tea are insa o serie de slabiciuni. Cea mai importanta este aceea ca Tea este vulnerabil din cauza echivalentei cheilor de criptare: fiecare cheie este echivalenta cu alte trei chei, ceea ce inseamna ca marimea efectiva a cheii de criptare este 126 biti. Rezultatul este ca Tea este vulnerabil la capitolul functiei criptografice hash. De exemplu, aceasta slabiciune a dus la hacking-ul consolei de jocuri Xbox, unde cheia utilizata a fost functie hash.
    Marimea neobisnuit de mica a algoritmului Tea il face o optiune viabila pentru situatiile in care hardware-ul dispune de un RAM minim.
    Vectori de test pentru algoritmul Tea:
    ================================================

    Test Vectors for TEA and XTEA

    tean values
    These are made by starting with a vector of 6 zeroes,
    data followed by key, and coding with one cycle then
    moving the six cyclically so that n becomes n-1 modulo 6.

    We repeat with 2-64 cycles printing at powers of 2 in
    hexadecimal. The process is reversed decoding back
    to the original zeroes which are printed.

    1 0 9e3779b9 0 0 0 0
    2 ec01a1de aaa0256d 0 0 0 0
    4 bc3a7de2 4e238eb9 0 0 ec01a1de 114f6d74
    8 31c5fa6c 241756d6 bc3a7de2 845846cf 2794a127 6b8ea8b8
    16 1d8e6992 9a478905 6a1d78c8 8c86d67 2a65bfbe b4bd6e46
    32 d26428af a202283 27f917b1 c1da8993 60e2acaa a6eb923d
    64 7a01cbc9 b03d6068 62ee209f 69b7afc 376a8936 cdc9e923
    1 0 0 0 0 0 0

    tea does the same but the number of iterations
    is constant at 32

    1 41ea3a0a 94baa940 0 0 0 0
    2 4e8e7829 7d8236d8 0 0 0 41ea3a0a
    4 b84e28af b6b62088 0 41ea3a0a 4e8e7829 c88ba95e
    8 5ddf75d9 7a4ce68f b84e28af a0a47295 ed650698 1024eea0
    16 4ec5d2e2 5ada1d89 a9c3801a 32a1e654 8b63bb9 21410574
    32 7d2c6c57 7a6adb4d 69c53e0f 60388ada df70a1f5 d9cb4e09
    64 2bb0f1b3 c023ed11 5c60bff2 7072d01c 4513c5eb 8f3a38ab
    1 0 0 0 0 0 0


    The program used follows.

    .................................................. ..............

    /* make test vectors for tea xtea */

    void code(long *v, long *k);

    void decode(long *v, long *k);

    #include
    #include
    #include

    main(long argc, long *argv[])
    { static long pz[1024], n, m;

    repeat:

    for (n = 1; n < 65; n++)
    { if (m)
    code(pz + n, pz + n + 2);
    else
    tean(pz + n, pz + n + 2, n);

    if (n == (n & -n)) /* if n power of 2 */
    printf("\n%3d %8x %8x %8x %8x %8x %8x",
    n, pz[n], pz[n + 1], pz[n + 2],
    pz[n + 3], pz[n + 4], pz[n + 5]);

    pz[n + 6] = pz[n];
    }

    for (n = 64; n > 0; n--)
    { pz[n] = pz[n + 6];

    if (m == 0)
    tean(pz + n, pz + n + 2, -n);
    else
    decode(pz + n, pz + n + 2);
    }

    n = 1;

    printf("\n%3d %8x %8x %8x %8x %8x %8x\n",
    n, pz[n], pz[n + 1], pz[n + 2],
    pz[n + 3], pz[n + 4], pz[n + 5]);

    if (m++ == 0) goto repeat;

    exit(0);
    }


    /* TEA code and decode given below */

    void code(long *v, long *k)
    { unsigned long y = v[0],
    z = v[1],
    sum = 0, /* set up */
    delta = 0x9e3779b9,
    n = 32,
    a = k[0],
    b = k[1],
    c = k[2],
    d = k[3];

    while (n-- > 0) /* basic cycle start */
    { sum += delta;
    y += (z << 4) + a ^ z + sum ^ (z >> 5) + b;
    z += (y << 4) + c ^ y + sum ^ (y >> 5) + d; /* end cycle */
    }

    v[0] = y;
    v[1] = z;
    }


    void decode(long *v, long *k)
    { unsigned long n = 32,
    sum,
    y = v[0],
    z = v[1],
    delta = 0x9e3779b9,
    a = k[0],
    b = k[1],
    c = k[2],
    d = k[3];

    sum = delta << 5;
    /* start cycle */
    while (n-- > 0)
    { z -= (y << 4) + c ^ y + sum ^ (y >> 5) + d;
    y -= (z << 4) + a ^ z + sum ^ (z >> 5) + b;
    sum -= delta;
    }
    /* end cycle */
    v[0] = y;
    v[1] = z;
    }



    /* XTEA is a version of slightly improved tea.
    The plain or cypher text is in v[0], v[1].
    The key is in k[n], where n = 0 - 3,
    The number of coding cycles is given by N and
    the number of decoding cycles given by -N */

    tean(long *v, long *k, long N) /* replaces TEA's code and decode */
    { unsigned long y = v[0],
    z = v[1],
    DELTA = 0x9e3779b9,
    limit,
    sum;

    if (N > 0) /* coding */
    { limit = DELTA * N;
    sum = 0;

    while (sum != limit)
    { y += (z << 4 ^ z >> 5) + z ^ sum + k[sum & 3];
    sum += DELTA;
    z += (y << 4 ^ y >> 5) + y ^ sum + k[sum >> 11 & 3];
    }
    else /* decoding */
    { sum = DELTA * (-N);

    while (sum)
    { z -= (y << 4 ^ y >> 5) + y ^ sum + k[sum >> 11 & 3];
    sum -= DELTA;
    y -= (z << 4 ^ z >> 5) + z ^ sum + k[sum & 3];
    }
    }

    v[0] = y;
    v[1] = z;

    return;
    }
    ================================================== ===============

    ==va urma==

    FOCUS SAT-UPC;RCS-digital cablu;ADSL;BAYERN MUNCHEN&AC MILAN;
    .de

  4. #4
    Standard RSP member gessle's Avatar
    Join Date
    31 Jan 2007
    Location
    tg ocna;jud. BACAU
    Posts
    723
    Post Thanks / Like

    Default

    Coduri sursa pt algoritmul TEA:

    ================================================== ===


    ANSI C



    void encipher(unsigned long *const v,unsigned long *const w,
    const unsigned long *const k)
    {
    register unsigned long y=v[0],z=v[1],sum=0,delta=0x9E3779B9,
    a=k[0],b=k[1],c=k[2],d=k[3],n=32;

    while(n-->0)
    {
    sum += delta;
    y += (z ~~ 4)+a ^ z+sum ^ (z >> 5)+b;
    z += (y ~~ 4)+c ^ y+sum ^ (y >> 5)+d;
    }

    w[0]=y; w[1]=z;
    }

    void decipher(unsigned long *const v,unsigned long *const w,
    const unsigned long *const k)
    {
    register unsigned long y=v[0],z=v[1],sum=0xC6EF3720,
    delta=0x9E3779B9,a=k[0],b=k[1],
    c=k[2],d=k[3],n=32;

    /* sum = delta~~5, in general sum = delta * n */

    while(n-->0)
    {
    z -= (y ~~ 4)+c ^ y+sum ^ (y >> 5)+d;
    y -= (z ~~ 4)+a ^ z+sum ^ (z >> 5)+b;
    sum -= delta;
    }

    w[0]=y; w[1]=z;
    }

    Motorola PowerPC (Metrowerks CodeWarrior Style)



    asm void encipher(register const unsigned long * const v,
    register unsigned long * const w,
    register const unsigned long * const k)
    {
    // On entry, v = r3, w = r4, k = r5
    // use r3 and r5 as scratch

    // r0 = v[0]
    // r6 = v[1]
    // r7 - r10 = k[0] - k[3]
    // r11 = sum
    // r12 = delta

    li r11,0 // sum = 0

    li r12,0x79B9 // delta =0x9E3779B9
    addis r12,r12,0x9E37

    li r0,16 // loop counter into count register
    mtctr r0

    lwz r0,0(r3) // put the contents of v and k into the registers
    lwz r6,4(r3)
    lwz r7,0(r5)
    lwz r8,4(r5)
    lwz r9,8(r5)
    lwz r10,12(r5)

    loop: add r11,r11,r12 // sum += delta
    slwi r5,r6,4 // z ~~ 4
    add r5,r5,r7 // (z ~~ 4) + a
    add r3,r6,r11 // z + sum
    xor r3,r5,r3 // ((z ~~ 4) + a) ^ (z + sum)
    srwi r5,r6,5 // z >> 5
    add r5,r5,r8 // (z >> 5) + b
    xor r3,r5,r3 // ((z ~~ 4)+a)^(z+sum)^((z >> 5)+b);
    add r0,r0,r3 // y += result

    slwi r5,r0,4 // y ~~ 4
    add r5,r5,r9 // (y ~~ 4) +c
    add r3,r0,r11 // y + sum
    xor r3,r5,r3 // ((y ~~ 4) +c) ^ (y + sum)
    srwi r5,r0,5 // y >> 5
    add r5,r5,r10 // (y >> 5) + d
    xor r3,r5,r3 // ((y ~~ 4)+c)^(y+sum)^((y >> 5)+d);
    add r6,r6,r3 // z += result

    bdnz+ loop // decrement CTR and branch

    stw r0,0(r4) // store result back in w
    stw r6,4(r4)

    blr
    }

    asm void decipher(register const unsigned long * const v,
    register unsigned long * const w,
    register const unsigned long * const k)
    {
    // On entry, v = r3, w = r4, k = r5
    // use r3 and r5 as scratch

    // r0 = v[0]
    // r6 = v[1]
    // r7 - r10 = k[0] - k[3]
    // r11 = sum
    // r12 = delta

    li r11,0x9B90; // sum =0xE3779B90
    addis r11,r11,0xE378;

    li r12,0x79B9 // delta =0x9E3779B9
    addis r12,r12,0x9E37

    li r0,16 // loop counter into count register
    mtctr r0

    lwz r0,0(r3) // put the contents of v and k into the registers
    lwz r6,4(r3)
    lwz r7,0(r5)
    lwz r8,4(r5)
    lwz r9,8(r5)
    lwz r10,12(r5)

    loop: slwi r5,r0,4 // y ~~ 4
    add r5,r5,r9 // (y ~~ 4) + c
    add r3,r0,r11 // y + sum
    xor r3,r5,r3 // ((y ~~ 4) + c) ^ (y + sum)
    srwi r5,r0,5 // y >> 5
    add r5,r5,r10 // (y >> 5) + d
    xor r3,r5,r3 // ((y ~~ 4)+c)^(y+sum)^((y >> 5)+d)
    sub r6,r6,r3 // z -= result

    slwi r5,r6,4 // z ~~ 4
    add r5,r5,r7 // (z ~~ 4) + a
    add r3,r6,r11 // z + sum
    xor r3,r5,r3 // ((z ~~ 4) + a) ^ (z + sum)
    srwi r5,r6,5 // z >> 5
    add r5,r5,r8 // (z >> 5) + b
    xor r3,r5,r3 // ((z ~~ 4)+a)^(z+sum)^((z >> 5)+b);
    sub r0,r0,r3 // y -= result

    sub r11,r11,r12 // sum -= delta

    bdnz+ loop // decrement CTR and branch

    stw r0,0(r4) // store result back in w
    stw r6,4(r4)

    blr
    }

    Motorola 680x0 (Metrowerks CodeWarrior style):



    asm void encipher(const unsigned long* const v,unsigned long* const w,
    const unsigned long* const k)
    {
    fralloc
    movem.l d3-d7/a2,-(a7)

    /* load initial registers
    d0: y = v[0]
    d1: z = v[1]
    d2: a = k[0]
    d3: b = k[1]
    d4: c = k[2]
    d5: loop counter (k[3] in a2)
    d6: scratch register 1
    d7: scratch register 2
    a0: sum
    a1: delta = 0x9E3779B9;
    a2: d = k[3] */

    move.l v,a0
    move.l (a0),d0
    move.l 4(a0),d1

    move.l k,a0
    move.l (a0),d2
    move.l 4(a0),d3
    move.l 8(a0),d4
    move.l 12(a0),a2

    move.l #0x9E3779B9,a0
    move.l #0x9E3779B9,a1

    moveq.l #15,d5 // sixteen rounds

    // d6 = (z<<4)+a
    loop: move.l d1,d6
    lsl.l #4,d6
    add.l d2,d6

    // d7 = z+sum
    move.l d1,d7
    add.l a0,d7

    // d7 = ((z<<4)+a)^(z+sum)
    eor.l d6,d7

    // d6 = (z>>5)+b
    move.l d1,d6
    lsr.l #5,d6
    add.l d3,d6

    // d7 = ((z<<4)+a)^(z+sum)^((z>>5)+b)
    eor.l d6,d7

    // add back into y
    add.l d7,d0

    // d6 = (y<<4)+c
    move.l d0,d6
    lsl.l #4,d6
    add.l d4,d6

    // d7 = y+sum
    move.l d0,d7
    add.l a0,d7

    // d7 = ((y<<4)+c)^(y+sum)
    eor.l d6,d7

    // d6 = (y>>5)+d
    move.l d0,d6
    lsr.l #5,d6
    add.l a2,d6

    // d7 = ((y<<4)+c)^(y+sum)^((y>>5)+d)
    eor.l d6,d7

    // add back into z
    add.l d7,d1

    // sum+=delta
    adda.l a1,a0

    // branch back and do it again
    dbra d5,loop

    // place the result back into w
    move.l w,a0
    move.l d0,(a0)
    move.l d1,4(a0)

    movem.l (a7)+,d3-d7/a2

    frfree
    rts
    }

    asm void decipher(const unsigned long *const v,unsigned long *const w,
    const unsigned long *const k)
    {
    fralloc
    movem.l d3-d7/a2,-(a7)

    /* load initial registers
    d0: y = v[0]
    d1: z = v[1]
    d2: a = k[0]
    d3: b = k[1]
    d4: c = k[2]
    d5: loop counter (k[3] in a2)
    d6: scratch register 1
    d7: scratch register 2
    a0: sum = 0xE3779B90 (delta * 16)
    a1: delta = 0x9E3779B9;
    a2: d = k[3] */

    move.l v,a0
    move.l (a0),d0
    move.l 4(a0),d1

    move.l k,a0
    move.l (a0),d2
    move.l 4(a0),d3
    move.l 8(a0),d4
    move.l 12(a0),a2

    move.l #0xE3779B90,a0
    move.l #0x9E3779B9,a1

    moveq.l #15,d5 // sixteen rounds

    // d6 = (y<<4)+c
    loop: move.l d0,d6
    lsl.l #4,d6
    add.l d4,d6

    // d7 = y+sum
    move.l d0,d7
    add.l a0,d7

    // d7 = ((y<<4)+c)^(y+sum)
    eor.l d6,d7

    // d6 = (y>>5)+d
    move.l d0,d6
    lsr.l #5,d6
    add.l a2,d6

    // d7 = ((y<<4)+c)^(y+sum)^((y>>5)+d)
    eor.l d6,d7

    // subtract from z
    sub.l d7,d1

    // d6 = (z<<4)+a
    move.l d1,d6
    lsl.l #4,d6
    add.l d2,d6

    // d7 = z+sum
    move.l d1,d7
    add.l a0,d7

    // d7 = ((z<<4)+a)^(z+sum)
    eor.l d6,d7

    // d6 = (z>>5)+b
    move.l d1,d6
    lsr.l #5,d6
    add.l d3,d6

    // d7 = ((z<<4)+a)^(z+sum)^((z>>5)+b)
    eor.l d6,d7

    // subtract from y
    sub.l d7,d0

    // sum-=delta
    suba.l a1,a0

    // branch back and do it again
    dbra d5,loop

    // place the result back into w
    move.l w,a0
    move.l d0,(a0)
    move.l d1,4(a0)

    movem.l (a7)+,d3-d7/a2

    frfree
    rts
    }

    ANSI C (New Variant)



    void encipher(const unsigned long *const v,unsigned long *const w,
    const unsigned long * const k)
    {
    register unsigned long y=v[0],z=v[1],sum=0,delta=0x9E3779B9,n=32;

    while(n-->0)
    {
    y += (z << 4 ^ z >> 5) + z ^ sum + k[sum&3];
    sum += delta;
    z += (y << 4 ^ y >> 5) + y ^ sum + k[sum>>11 & 3];
    }

    w[0]=y; w[1]=z;
    }

    void decipher(const unsigned long *const v,unsigned long *const w,
    const unsigned long * const k)
    {
    register unsigned long y=v[0],z=v[1],sum=0xC6EF3720,
    delta=0x9E3779B9,n=32;

    /* sum = delta<<5, in general sum = delta * n */

    while(n-->0)
    {
    z -= (y << 4 ^ y >> 5) + y ^ sum + k[sum>>11 & 3];
    sum -= delta;
    y -= (z << 4 ^ z >> 5) + z ^ sum + k[sum&3];
    }

    w[0]=y; w[1]=z;
    }

    16-bit x86 (New Variant)

    -Rafael R Sevilla a contribuit la aceasta versiune(implementarea algoritmului XTEA in 16-bit 80x86 )



    .text

    export _xtea_encipher_asm
    _xtea_encipher_asm:
    push bp
    mov bp,sp
    sub sp,#14 ; space for y, z, sum, and n
    push si
    push di
    ;; bp+8 = pointer to key information
    ;; bp+6 = pointer to ciphertext to return to caller
    ;; bp+4 = pointer to plaintext
    ;; bp+2 = return address from caller
    ;; bp = pushed bp
    ;; bp-2 = y high word
    ;; bp-4 = y low word
    ;; bp-6 = z high word
    ;; bp-8 = z low word
    ;; bp-10 = sum high word
    ;; bp-12 = sum low word
    ;; bp-14 = n
    ;; bp-16 = pushed si
    ;; bp-18 = pushed di
    mov bx,[bp+4] ; get address of plaintext
    mov ax,[bx] ; low word of first dword of plaintext
    mov [bp-4],ax
    mov ax,[bx+2] ; high word
    mov [bp-2],ax
    mov ax,[bx+4] ; second dword of plaintext (low)
    mov [bp-8],ax
    mov ax,[bx+6] ; (high)
    mov [bp-6],ax
    xor ax,ax ; zero the sum initially
    mov [bp-10],ax
    mov [bp-12],ax
    mov byte ptr [bp-14],#32 ; set n (just 8 bits), # rounds
    ;; begin encryption
    encipher_rounds:
    ;; compute new y
    mov ax,[bp-8] ; low word z
    mov bx,[bp-6] ; high word z
    mov cx,ax ; copy to the rest of the registers
    mov dx,bx
    mov si,ax
    mov di,bx
    ;; (z~~4) ^ (z>>5)
    shl ax,#1 ; shift left once
    rcl bx,#1
    shl ax,#1 ; shift twice
    rcl bx,#1
    shl ax,#1 ; shift three times
    rcl bx,#1
    shl ax,#1 ; shift four times
    rcl bx,#1
    shr dx,#1 ; shift right once
    rcr cx,#1
    shr dx,#1 ; shift right twice
    rcr cx,#1
    shr dx,#1 ; shift right three times
    rcr cx,#1
    shr dx,#1 ; shift right four times
    rcr cx,#1
    shr dx,#1 ; shift right five times
    rcr cx,#1
    xor ax,cx ; combine
    xor dx,bx ; dx:ax has result
    xor si,[bp-12] ; combine to sum
    xor di,[bp-10]
    add ax,si ; add them together
    adc dx,di
    mov bx,[bp-12] ; get low word of sum (all we need for this)
    and bx,#3 ; get low two bits (modulo 4)
    shl bx,#1 ; convert to dword offset
    shl bx,#1
    add bx,[bp+8] ; add to base address of key info
    add ax,[bx] ; low word of key
    adc dx,[bx+2] ; high word of key
    add [bp-4],ax ; add back to y
    adc [bp-2],dx
    ;; update sum
    mov ax,#0x79b9 ; low word of delta
    add [bp-12],ax
    mov ax,#0x9e37 ; high word of delta
    adc [bp-10],ax
    ;; compute new z
    mov ax,[bp-4] ; low word of y
    mov bx,[bp-2] ; high word of y
    mov cx,ax ; copy to the rest of the registers
    mov dx,bx
    mov si,ax
    mov di,bx
    ;; (y~~4) ^ (y>>5)
    shl ax,#1 ; shift left once
    rcl bx,#1
    shl ax,#1 ; shift twice
    rcl bx,#1
    shl ax,#1 ; shift three times
    rcl bx,#1
    shl ax,#1 ; shift four times
    rcl bx,#1
    shr dx,#1 ; shift right once
    rcr cx,#1
    shr dx,#1 ; shift right twice
    rcr cx,#1
    shr dx,#1 ; shift right three times
    rcr cx,#1
    shr dx,#1 ; shift right four times
    rcr cx,#1
    shr dx,#1 ; shift right five times
    rcr cx,#1
    xor ax,cx ; combine
    xor dx,bx ; dx:ax has result
    xor si,[bp-12] ; combine to sum
    xor di,[bp-10]
    add ax,si ; add them together
    adc dx,di
    mov bx,[bp-12] ; get sum low word
    mov cx,[bp-10] ; get sum high word
    shr cx,#1 ; shift right once
    rcr bx,#1
    shr cx,#1 ; shift right twice
    rcr bx,#1
    shr cx,#1 ; shift right three times
    rcr bx,#1
    shr cx,#1 ; shift right four times
    rcr bx,#1
    shr cx,#1 ; shift right five times
    rcr bx,#1
    shr cx,#1 ; shift right six times
    rcr bx,#1
    shr cx,#1 ; shift right seven times
    rcr bx,#1
    shr cx,#1 ; shift right eight times
    rcr bx,#1
    shr cx,#1 ; shift right nine times
    rcr bx,#1
    shr cx,#1 ; shift right ten times
    rcr bx,#1
    shr cx,#1 ; shift right eleven times
    rcr bx,#1
    and bx,#3
    shl bx,#1 ; convert to dword offset
    shl bx,#1
    add bx,[bp+8] ; add to base address of key
    add ax,[bx] ; low word of key
    adc dx,[bx+2] ; high word of key
    add [bp-8],ax ; add back to z
    adc [bp-6],dx
    dec byte ptr [bp-14] ; decrement rounds counter
    jz finish_encipher
    jmp near encipher_rounds
    finish_encipher:
    mov bx,[bp+6] ; get address of ciphertext storage
    mov ax,[bp-4] ; y, low word
    mov [bx],ax
    mov ax,[bp-2] ; y, high word
    mov [bx+2],ax
    mov ax,[bp-8] ; z, low word
    mov [bx+4],ax
    mov ax,[bp-6] ; z, high word
    mov [bx+6],ax
    pop di
    pop si
    add sp,#14 ; discard local vars
    pop bp
    ret

    export _xtea_decipher_asm
    _xtea_decipher_asm:
    push bp
    mov bp,sp
    sub sp,#14 ; space for y, z, sum, and n
    push si
    push di
    ;; bp+8 = pointer to key information
    ;; bp+6 = pointer to plaintext to return to caller
    ;; bp+4 = pointer to ciphertext
    ;; bp+2 = return address from caller
    ;; bp = pushed bp
    ;; bp-2 = y high word
    ;; bp-4 = y low word
    ;; bp-6 = z high word
    ;; bp-8 = z low word
    ;; bp-10 = sum high word
    ;; bp-12 = sum low word
    ;; bp-14 = n
    ;; bp-16 = pushed si
    ;; bp-18 = pushed di
    mov bx,[bp+4] ; get address of ciphertext
    mov ax,[bx] ; low word of first dword of ciphertext
    mov [bp-4],ax
    mov ax,[bx+2] ; high word
    mov [bp-2],ax
    mov ax,[bx+4] ; second dword of ciphertext (low)
    mov [bp-8],ax
    mov ax,[bx+6] ; (high)
    mov [bp-6],ax
    mov ax,#0x3720 ; low word of initial sum
    mov [bp-12],ax
    mov ax,#0xc6ef
    mov [bp-10],ax
    mov byte ptr [bp-14],#32 ; set n (just 8 bits), # rounds
    ;; begin decryption
    decipher_rounds:
    mov ax,[bp-4] ; low word of y
    mov bx,[bp-2] ; high word of y
    mov cx,ax ; copy to the rest of the registers
    mov dx,bx
    mov si,ax
    mov di,bx
    ;; (y~~4) ^ (y>>5)
    shl ax,#1 ; shift left once
    rcl bx,#1
    shl ax,#1 ; shift twice
    rcl bx,#1
    shl ax,#1 ; shift three times
    rcl bx,#1
    shl ax,#1 ; shift four times
    rcl bx,#1
    shr dx,#1 ; shift right once
    rcr cx,#1
    shr dx,#1 ; shift right twice
    rcr cx,#1
    shr dx,#1 ; shift right three times
    rcr cx,#1
    shr dx,#1 ; shift right four times
    rcr cx,#1
    shr dx,#1 ; shift right five times
    rcr cx,#1
    xor ax,cx ; combine
    xor dx,bx ; dx:ax has result
    xor si,[bp-12] ; combine to sum
    xor di,[bp-10]
    add ax,si ; add them together
    adc dx,di
    mov bx,[bp-12] ; get sum low word
    mov cx,[bp-10] ; get sum high word
    shr cx,#1 ; shift right once
    rcr bx,#1
    shr cx,#1 ; shift right twice
    rcr bx,#1
    shr cx,#1 ; shift right three times
    rcr bx,#1
    shr cx,#1 ; shift right four times
    rcr bx,#1
    shr cx,#1 ; shift right five times
    rcr bx,#1
    shr cx,#1 ; shift right six times
    rcr bx,#1
    shr cx,#1 ; shift right seven times
    rcr bx,#1
    shr cx,#1 ; shift right eight times
    rcr bx,#1
    shr cx,#1 ; shift right nine times
    rcr bx,#1
    shr cx,#1 ; shift right ten times
    rcr bx,#1
    shr cx,#1 ; shift right eleven times
    rcr bx,#1
    and bx,#3
    shl bx,#1 ; convert to dword offset
    shl bx,#1
    add bx,[bp+8] ; add to base address of key
    add ax,[bx] ; low word of key
    adc dx,[bx+2] ; high word of key
    sub [bp-8],ax ; subtract from z
    sbb [bp-6],dx
    ;; update sum
    mov ax,#0x79b9 ; low word of delta
    sub [bp-12],ax
    mov ax,#0x9e37 ; high word of delta
    sbb [bp-10],ax
    ;; compute new y
    mov ax,[bp-8] ; low word z
    mov bx,[bp-6] ; high word z
    mov cx,ax ; copy to the rest of the registers
    mov dx,bx
    mov si,ax
    mov di,bx
    ;; (z~~4) ^ (z>>5)
    shl ax,#1 ; shift left once
    rcl bx,#1
    shl ax,#1 ; shift twice
    rcl bx,#1
    shl ax,#1 ; shift three times
    rcl bx,#1
    shl ax,#1 ; shift four times
    rcl bx,#1
    shr dx,#1 ; shift right once
    rcr cx,#1
    shr dx,#1 ; shift right twice
    rcr cx,#1
    shr dx,#1 ; shift right three times
    rcr cx,#1
    shr dx,#1 ; shift right four times
    rcr cx,#1
    shr dx,#1 ; shift right five times
    rcr cx,#1
    xor ax,cx ; combine
    xor dx,bx ; dx:ax has result
    xor si,[bp-12] ; combine to sum
    xor di,[bp-10]
    add ax,si ; add them together
    adc dx,di
    mov bx,[bp-12] ; get low word of sum (all we need for this)
    and bx,#3 ; get low two bits (modulo 4)
    shl bx,#1 ; convert to dword offset
    shl bx,#1
    add bx,[bp+8] ; add to base address of key info
    add ax,[bx] ; low word of key
    adc dx,[bx+2] ; high word of key
    sub [bp-4],ax ; subtract from y
    sbb [bp-2],dx
    dec byte ptr [bp-14] ; decrement rounds counter
    jz finish_decipher
    jmp near decipher_rounds
    finish_decipher:
    mov bx,[bp+6] ; get address of ciphertext storage
    mov ax,[bp-4] ; y, low word
    mov [bx],ax
    mov ax,[bp-2] ; y, high word
    mov [bx+2],ax
    mov ax,[bp-8] ; z, low word
    mov [bx+4],ax
    mov ax,[bp-6] ; z, high word
    mov [bx+6],ax
    pop di
    pop si
    add sp,#14 ; discard local vars
    pop bp
    ret

    ================================================== ==========

    Iata si o serie de utilizatori ai algoritmului Tea:

    -Serviciul de Telecomunicatii Speciale
    -Austrian Ministry of Interior
    -Basque Government, Department of the Interior
    -BDBOS National Government Body (Germany)
    -Belgian Armed Forces
    -Belgian Federal Police DGS/DST/DTRC
    -Copenhagen Fire Brigade
    -Danish National Police
    -Dansk Beredskabskommunikation
    -Directorate for Emergency Communications (Norway)
    -EADS Secure Networks Oy
    -Hong Kong Police Force
    -Insta DefSec
    -Ministry Of The Interior, Republic Of Serbia
    -Rheinmetall Defence Electronics GmbH
    -Rohde & Schwarz Professional Mobile Radio GmbH (reputat producator de tehnologie de interceptare gsm)
    -Sectra Communications AB
    -Swedish Coast Guard
    -Swedish Emergency Management Agency
    -Swedish National Police Board


    NOTA FINALA: algoritmul Tea este suficient de fezabil incat sa se preteze uzului guvernamental. Este dealtfel si algoritmul folosit de Departamentul Apararii al USA.

    ==va urma==
    Last edited by gessle; 06-05-10 at 13:55.
    FOCUS SAT-UPC;RCS-digital cablu;ADSL;BAYERN MUNCHEN&AC MILAN;
    .de

  5. #5
    Standard RSP member gessle's Avatar
    Join Date
    31 Jan 2007
    Location
    tg ocna;jud. BACAU
    Posts
    723
    Post Thanks / Like

    Default

    CrackSymmetricKey

    Aceasta este denumirea unei metode de spargere a algoritmului Tea. Acesta este folosit la spargerea cheilor simetrice utilizate la criptarea Tea.

    In C++, algoritmul de criptare Tea arata atfel:

    union myMsgType{
    unsigned long textConverted[2];
    char text[9];
    };

    class TEA_Algorithm
    {
    public:
    void CrackSymmetricKey(union myMsgType plaintext, union myMsgType ciphertext);
    void Decrypt(unsigned long k[], unsigned long ciphertext[], unsigned long plaintext[]);
    void Encrypt(unsigned long k[], unsigned long plaintext[], unsigned long ciphertext[]);
    TEA_Algorithm() {};
    virtual ~TEA_Algorithm() {};

    };

    NOTA: caracterele speciale si culorile liniilor de comanda sunt diferite in C++.

    Ca imput, este dat ciphertext-ul de mai jos. Este necesar a se afla cheia de criptare folosita la obtinerea acestui ciphertext, iar de aici deducerea textului in clar.

    // myCiphertext.textConverted[0] = 2022673309;
    // myCiphertext.textConverted[1] = 3810199360;

    In C++ va arata asa:

    #include "stdafx.h"
    #include <iostream>
    #include <string.h>
    using namespace std;

    #include "TEA_Algorithm.h"

    void TEA_Algorithm::Encrypt(unsigned long k[], unsigned long plaintext[], unsigned long ciphertext[])
    {
    unsigned long y = plaintext[0], z = plaintext[1];
    unsigned long delta = 0x9e3779b9, sum = 0; int n;
    for (n= 0; n < 32; n++) {
    sum += delta;
    y += ((z << 4) + k[0]) ^ (z+sum) ^ ((z >> 5) + k[1]);
    z += ((y << 4) + k[2]) ^ (y+sum) ^ ((y >> 5) + k[3]);
    }
    ciphertext[0] = y; ciphertext[1] = z;

    }

    void TEA_Algorithm: decrypt(unsigned long k[], unsigned long ciphertext[], unsigned long plaintext[])
    {
    unsigned long y = ciphertext[0], z = ciphertext[1];
    unsigned long delta = 0x9e3779b9, sum = delta << 5; int n;
    for (n= 0; n < 32; n++) {
    z -= ((y << 4) + k[2]) ^ (y + sum) ^ ((y >> 5) + k[3]);
    y -= ((z << 4) + k[0]) ^ (z + sum) ^ ((z >> 5) + k[1]);
    sum -= delta;
    }
    plaintext[0] = y; plaintext[1] = z;
    }

    void TEA_Algorithm::CrackSymmetricKey(union myMsgType plaintext, union myMsgType ciphertext)
    {
    /*
    Ce ar trebui scris aici, daca sunt date urmatoarele:
    Textul in clar:= security
    textul cifrat:
    myCiphertext.textConverted[0] = 2022673309;
    myCiphertext.textConverted[1] = 3810199360;

    Informatii aditionale: key[0]=key[1]=k[2]=k[3]
    Determinati care este cheia folosita la criptarea textului in clar.
    */

    }
    - trebuie executat un "loop" (o bucla) care va determina aflarea cheii de criptare.
    Nici unul dintre algoritmele amintite mai sus nu este folost de GCHQ (UK Government Communications Head Quarters). Inegalabilul GCHQ foloseste algoritmul RSA.
    FOCUS SAT-UPC;RCS-digital cablu;ADSL;BAYERN MUNCHEN&AC MILAN;
    .de

  6. #6
    Standard RSP member gessle's Avatar
    Join Date
    31 Jan 2007
    Location
    tg ocna;jud. BACAU
    Posts
    723
    Post Thanks / Like

    Default

    Retelele de telecomunicatii gsm sunt protejate impotriva interceptrilor ilegale sau accidentale prin criptarea cu ajutorul unor algoritmi de criptare cu cheie simetrica, denumit stream cipher sau symmetric key cipher. Pe scurt, A5.
    Acest algoritm de criptare are diferite ranguri. Algoritmul A5/1, utilizat in comunicatiile gsm din Europa si USA reprezinta cel mai raspandit si utiizat algoritm. In acest moment protejeaza comunicatiile gsm a peste 130 milioane de utilizatori gsm.
    Algoritmul A5/2 (dezvoltat in 1992) a fost imaginat pentru uzul in afara Europei si este mai slab decat A5/1, ceea ce permite decriptarea mai rapida a unui streaming de date.

    Echipamentele destinate interceptarii gsm sunt clasificate in functie de capabilitatea de a decripta acest algoritm si in functie de metoda utilizata pentru decriptare.

    Astfel, echipamentele destinate decriptarii A5/2 sunt mai ieftine: in jur de 50.000 - 70.000 euro pentru unul basic, care poate intercepta full-duplex (ambele telefoane implicate in convorbire) un numar de maxim patru terminale gsm in paralel.
    Alte slabiciuni ale acestor echipamente:
    - distanta maxima de utilizare fata de telefonul interceptat este de 100-150 metri, iar in mediul urban chiar mai mica. Apropierea de tinta este riscanta si poate conduce usor la deconspirare;
    - sunt in general echipamente active, adica presupun utilizarea unui complex care imita din punct de vedere tehnic un BTS (un releu gsm), creind o falsa celula gsm in apropierea telefonului tinta. Datorita semnalului mai puternic decat al releului original, telefonul este fortat sa comunice cu falsul BTS (interceptorul gsm), care va elimina sau va reduce criptarea. In cursul acestui atac, vor fi culese IMEI-ul, IMSI-ul, TMSI-ul, Ki-ul si Kc-ul. Numarul de telefon nu are mare importanta in acest proces. Elementele asfel culese vor fi utilizate in decriptarea ulterioara in timp real a comunicatiilor acelui terminal gsm.
    Fiind echipamente active, acestea pot fi usor sesizate de operatorii gsm si de catre posesorii telefoanelor din zona de atac.
    S-a testat o astfel de aplicatie aflata in stadiul experimental la FSpy Labs. Telefonul pe care ruleaza aplicatia detecteaza un astfel de intercetor gsm, fara drept de apel.

    Interceptoarele gsm destinate interceptarii comunicatiilor gsm din Europa si UAS (algoritmul de criptare A5/1) se prezinta si ele sub forma activa sau pasiva. Cele active au preturi de baza care pornesc de la 100.000 euro si sunt grevate de aceleasi neajunsuri precum cele descrise mai sus.
    Interceptoarele pasive insa pot ajunge la preturi de peste 1 milion $, pot fi utilizate pana la distanta de 20 mile fata de telefonul tinta si sunt absolut indetectabile de catre operatorul gsm sau de catre posesorul telefonului mobil. Acestea folosesc puterea de calcul penru decriptarea in timp real a algoritmului A5/1.

    Sa presupunem ca cineva doreste sa achizitioneze un echipament destinat interceptarii gsm. Daca nu dispune de suficiente cunostinte tehnice, va cade usor prada companiilor sau persoanelor fizice care comercializeaza online astfel de echipamente.
    Cum functioneaza de regula aceasta schema?
    Cum nimeni nu va plati 50.000 euro pe un echipament fara a-l testa in prealabil, doritorul este invitat intr-o tara localizata geografic in Africa, Asia sau unele state CSI. Acolo ii va fi prezentat ehipamentul, vor fi efectuate teste edificatoare si chiar va fi organizat un mic training de utilizare. Totul functioneaza ireprosabil. Astfel increderea cumparatorului este captata, la fel ca si banii lui.
    Oata ajuns insa in tara, echipamentul se dovedeste complet inutil datorita faptului ca nu este compatibil cu sistemul european de criptare A5/1. Vina, evident apartine cumparatorului si lipsei sale de informare.
    == va urma ==
    FOCUS SAT-UPC;RCS-digital cablu;ADSL;BAYERN MUNCHEN&AC MILAN;
    .de

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •