Quote:
Originally Posted by Bph&co Hi,
I can't be sure 100%, but i did some analysis on unlocked SL3 phones by DM3 and
to me it seems that he either have SX5 card connected to the server or access
to high level Salo account.
My original thought was that he is brute forcing the code, as it is no problem for
him to read the hashes from the phone. I also remembered our old conversation
that he gave me that idea for reading hashes and using powerful clusters to
bruteforce the code (back then was for dct4+).
But then i did simple tests on the data after DM3 unlock, results were:
1. Code entered by DM3 box is not the same as the Network will make, maybe
we can assume the SX5 SN is used as part of the calculation and the obvious
collision in the SL3 algo is not carelessness by Nokia but a feature to detect
who made the codes and probably blacklist SX5 codes in future firmware.
(if you remember dct4 codes, you will know what i am talking about)
2. The code DM3 box is calculating is not the first available one in the large
non-collision free keyspace, so bruteforce is maybe not what is used(Offcourse
he can just use different search algorithm)
Anyway all is assumptions because we don't have large enough data to
analyse.
Feel free to send me the last key of PM120 of unlocked phones by DM3 or
network codes, with large enough subset of data, all will be clear soon.
Regards, Alex
B-phreaks |
Is this means that some SX5 card for designated operator (mcc_mnc) can be distinguished from other one by codes it generates, and any of codes generated will work the same ?
Let's say for example that Nokia produced 10 sx5 card for Orange UK - each of them can generate unlock codes trough winlock, and each code will be DIFFERENT but it will work. ?!
Uff... Guys aren't bad at all....
BR
Haltec