I'm trying something new:
I have a Nokia 7650 and made a software "intercept and copy" to a file all the signals sent and recieved by the phone (writing them to a text file).
I can read when the GSM cell changes, I can read all the codes it sends and recieves when sending an recieving SMS or multimedia messages or when sending an recieving VCARDS and a lot of other stuff.
So... Maybe i can use this to intercept the data it sends when logging on to the network and get the ki (encrypted or NOT?). This software wors within the operating system so if someone can help to know the system better maybe we can find a way to "read" the info that is needed...

I forgot to say that Nokia does not give much info on the system or the phone and i can't find any of value...
It would be helpfull to know the inner workings bettwen the phone and the system...

I don't think this is a good idea, because phone doesn't send KI to network. Encrypted KI is stored in SIM and never "goes" out of it.

Hi,

You can access in symbian to some parameters of the phone, with the APIs. But you can access to KI because this key don´t out of the SIM.

The Terminal (phone) never have this number. It only send and received data. The SRes response (authentication response) is calculated into the SIM (with the Ki).

However, if you are interested in developed to Symbian, we also working with S.O. We think this have more interested oportunities...

Regards,
Sir Graham.

http://www.endorasoft.es/avatars/Logo.jpg (http://www.endorasoft.es)

WEB: http://www.endorasoft.es
FORO: http://www.endorasoft.es/forum
FTP: ftp://endorasoft.es Login: public Password: public

SirGraham,

"But you can access to KI"
or
"But you can't access to KI" ? ;)

Sorry,

But you can't access to KI.....


Regards,
Sir Graham.

I don't know what i can access...
KI encrypted or not must be stored some where... Them sim can be smart but it's not a computer, it's just a processor and some memory it must respond to commands... I still don't have enough info about it to know al the commands... I can get contacts from the SIM by sending the same command the phone sends and by asking the phone to send the command... So i can send commands directly to the SIM and read the response in the phone buffer...

Question: If KI is nowhere and goes nowhere, what is it for? This makes no sense...
Is it in the SIM Crypted or Not?
It must be validated at some point...
I can intercept the keystrokes in the phone when i input my SIM pin, so if the Phone sends Ki (at some point) to the operator i can be intercepted (Crypted or Not)...
Is KI crypted in the SIM Or is it encrypted before sending???

For now all i have are Questions...
Sorry...

Has i said before i don't know much about SMs but, i know alot about magnetic cards (i work in banking) and computers...
If you copy a Magnetic card stip into another you get the same card with the same bank, account, pin, etc... If you know the pin you can use this card and the computers can't know about it... You just cant use both cards at the same time...

Is it possible to copy the info on a Sim to another the same way??
If so, can we have a programable Sim with several copied Sims in it and tell it the one we want to use??

Thanks...

Hi,

Well I try to explain.

Yes. The SIM is just a little processor and you can send APDU commands. The APDU command that you can send to standard SIM are documented in protocol GSM 11.11 (you have a document with all info in Endorasoft Web Page section "Documentos").

There isn´t any command to get the Ki. The SIM are autentificated in the next steps:

- The operator send a rand number. This is catch by telefone and send to SIM.
- The SIM makes with this Rand number and His Ki number a HASH function called COMP128 (internal). The result of this operation is send to the operator by the phone.
- The operators knows the rand number and the Ki of the card (because they have a data base with all cards).
- The operatos makes the same operation that the SIM and if the result in the two cases are the same the KI are the same.

The Ki always are in the SIM. Never go by air. And you can´t ask to the SIM for this.

Some programs (like SimScan, Cardinal or XSim) extract this Ki of the SIM used a bug in the first version of COMP128 (v1). But this operartions spend memory (about 4Mb) and time because It needs make a 150.000 APDU commands (more less).

Sorry, It´s more easy obtain the SIM phoenbook, ect... or the Cell ID in symbian / Nokia. But the Ki key in the SIM is other question.

If you like knows about this, you can go to the EndoraSoft Forum.

Regards,
Sir Graham.


http://www.endorasoft.es/avatars/Logo.jpg (http://www.endorasoft.es)

WEB: http://www.endorasoft.es
FORO: http://www.endorasoft.es/forum
FTP: ftp://endorasoft.es Login: public Password: public

Can we send the rand number and get the result???

Does any one know where to get the algorithm defeniton for comp128v2?
I've built several encryption / decryption programs based in DES, ENIGMA, Etc...
Perhaps i could build something from this....

Can we send the rand number and get the result???

Yes, but pointless.

Can we send the rand number and get the result???


Hi,

With the XSim have this posibility. Test vectors opcion you can send any rand and get the results. (Kc + SRes).

It´s also chekc the result with the COMP128 v1 and the Ki search implementated internaly.

Regards,
Sir Graham.

http://www.endorasoft.es/avatars/Logo.jpg (http://www.endorasoft.es)

WEB: http://www.endorasoft.es
FORO: http://www.endorasoft.es/forum
FTP: ftp://endorasoft.es Login: public Password: public

So if one can send a rand number and receive the result ,wich is calculated with comp128v2, it is possible to bactrack and get the ki from the result, if you have the algorithm... This can be done in several ways, evan brute force, without damaging the sim. If i send the same number to, lets say 10 diferent sims, i can calculate the KIs by comparison or brute force from the result using only the data on any computer(?)... So i ask again: Does anyone have the comp128v2 algorithm or knows were it can be found? This algorithms must be registered for copyright porpuoses and therefore must become accessible...

Hi,

Not is possible. The property of HASH function if this: You can obtain the Input with the output. First because part of the info are lost.

You also can´t calcule by brute force because the 2^128 are too much combinations.... only 2^32 have 3 days and the calcule are exponential.

This function are created for this. You can download the COMP128 v1 (implemented in C) from EndoraSoft Web Page and try this. You can see that your ways are wrong....


Regards,
Sir Graham.

So i ask again: Does anyone have the comp128v2 algorithm or knows were it can be found? This algorithms must be registered for copyright porpuoses and therefore must become accessible...

- Ask James Moran from GSM MoU www.gsmworld.com for official copy, sign NDA and pay some money :).

So if one can send a rand number and receive the result ,wich is calculated with comp128v2, it is possible to bactrack and get the ki from the result, if you have the algorithm... This can be done in several ways, evan brute force, without damaging the sim. If i send the same number to, lets say 10 diferent sims, i can calculate the KIs by comparison or brute force from the result using only the data on any computer(?)...

- There's no sense to test multiple cards. They store different keys (Ki).
Frankly speaking, - I think it's possible to try another technique of reversing COMP128, not based on collisions. First this concerns COMP128v1, then later v2.

Not is possible. The property of HASH function if this: You can obtain the Input with the output. First because part of the info are lost.

- We are not going to calculate "root of the equation" for one HASH value. We can get as much HASH values as we need (in reliable time) in order to have more equations for calculating Ki.

What do we need first for plain reversing of COMP128v1, - is to estimate Solutions tuple size on each calculation round. There are a lot of limitations on each round of substitutions. The task is to make screening of solution tuples to minimize the set of possible Ki values for a given SRES, Kc. Take in mind that Ki is being reloaded 8 times in major loop. I guess we'll suit only the last one. We need to make PLAIN COMP128v1 REVERSING FOR THE LAST 5 SUBSTITUTION ROUNDS. I've done some estimations and found a lot of useful limitations for vector X[] values. I think the DIRECT REVERSING TECHNIQUE for COMP128v1 algorithm could employ SOLUTION TUPLES SCREENING FOR MULTIPLE (SRES, Kc). I guess, there's even no need to use RAND! RAND undergoes too much transformations untill the last loop.

What we are going to do is to make a precalculation of possible values for Ki (they may be named as a huge Ki SOLUTIONS TUPLE) that results in a given (SRES, Kc) pair. Then we'll get another (SRES,Kc) pair and precalculate another huge Ki SOLUTION TUPLE. Then we need to compare these TUPLES and make screening for Ki values. And so on for several (SRES, Kc) pairs.

...this is just to understand the technique... In real, we need not calculate complete huge SOLUTIONS TUPLES, we'll go sequentially backward calculating Ki byte by byte for several (SRES, Kc) pairs.

Are there anone who wants to estimate the TUPLES size and possible calculations time? I'll give more guidelines for numerology fans :) Currently, I have no much time for this part of the task and need some experienced partners.

root@modul.spb.ru

Hi Ivan,

I send you some emails ¿Do you received some?

Respect your answer:

Is correct, but this is the technich of SIMSCan Isn´t It?

I think the optimizations of COMP128 v1 by collission are good, but better is find a way to extract the Ki in COMP128 v2....

Regards,
Sir Graham.

Hi Ivan,
I send you some emails ¿Do you received some?
Respect your answer:


I've got messages sent:
7.02.2004 12:02 - replied the same day from home
10.02.2004 9:48
10.02.2004 9:51

I guess, three may be some global mail troubles due to I-worms activity.


Is correct, but this is the technich of SIMSCan Isn´t It?
I think the optimizations of COMP128 v1 by collission are good, but better is find a way to extract the Ki in COMP128 v2....
Regards,
Sir Graham.

- Nothing common. SimScan, Cardinal, FKI etc. utilize the same technique called BGW-attack (Briceno, Goldberg, Wagner) based on birthday paradox where testing some bytes in RAND gives the same results.

http://www.isaac.cs.berkeley.edu/isaac/gsm-faq.html

I suggested another way, - plain reversing for COMP128v1, using only the last 5 rounds of substitutions of the last major loop. Take in account that transformed RAND on the first round of last major loop (the 8-th) is limited by one nibble per byte and the Ki is being reloaded as is again. So we need to backtrace only 5 last rounds of vector X[] substitutions. Of course, bits are partially lost. But we can utilize additional (SRES, Kc) pairs.

Bit permutatiions are not performed on the last major loop, but they are performed on the previous loops. The core is that after the permutation in 5-th round of each major loop, resulting byte values are still represented by nibbles (4-bits, <= F )! So, on the first substitution round of the last major loop source values for substitutions are represented by 16-byte Ki and 16-bytes of transformed RAND, each byte is <=F

Now more hints... :) so called "compression tables" contain each element value exactly twise! Simple sorting in Excel gives a reverse-substitution function which has exactly two solutions per input.

If anybody likes to participate in the project, I can explain some more evident conditions for reversing the COMP128v1

And the last. COMP128v2 is just a patch for v1. And it woudn't be ever cracked by collision-based technique. Development of non-collision reversing technique for v1 is a must.

Hi Ivan,

I understand now. aaaaoooohh!!!

I like participate in this proyect!!!!!!
I you explain more about this, I can implemented this new algoritm and make the trys.
Of course, XSim is open to include this new method. We can comparated both (collisions and reverse)....

I waiting you news and If you don´t have my email yo can write to: grahamsir@terra.es

Regards,
Sir Graham.

i would like to join this project, but i have little knowledge about gsm.
if u have anything that i can help, feel free email to me ( jsompis@hotmail.com) or post it here.

JSompis

I assume that if you send the same rand number to the sim several times you would receive the same response fo from it... So it is possible to create an algorithm to reverse the original one if i have it... If i know the response to a certain KI and a few numbers i can reverse it... and i can get some KIs for some sims from a friend that works in one of the operators ans has access to this info...

The attached file is rar archive of comp128-eng.xls . Please download and rename it back to comp128-eng.rar (the forum do not permit required extensions). The file contains an example of how one can calculate vector X[] values for the previous round (see Sheet3)

You'll need to enable \Tools\Add-ins\Analysis ToolPak in your Excel

I think the best way (the quickest) is to present reverse substitution functions as precalculated lookup tables.

The reverse function is calculated back from main substitution equations system:
Y=(X[m] + 2*X[n]) MOD 32 (mod 32 - is for the last round where j=4)
Z=(X[n] + 2*X[m]) MOD 32
------------------
Thus:

X[n]= (2*Y - Z)/3
X[m]= (2*Z - Y)/3

... here we can decide that X[n] and X[] (both!) should be integer, positive, Y as well as Z shouldn't be greater than 3*[max value of the table].
Screen out all the false solutions in the matrix 6x6 and you'll see exactly 4 possible parent values of the X[] (values of X[] elements used to calculate given result. See the conditions given in Excel cells of the example.

Next step is to screen out false solutions basing on combinations of pairs for first selected value. More details next time....

I assume that if you send the same rand number to the sim several times you would receive the same response fo from it...
...
- Definitely YES! :)

So it is possible to create an algorithm to reverse the original one if i have it...

- Nope, if the algorithm is unknown... :( You'll just get a table of corresponding (SRES,Kc) for a given RAND values, chosen for your tests.
You 'll be unable to precalculate correct SIM responce for untested RAND.

If i know the response to a certain KI and a few numbers i can reverse it... and i can get some KIs for some sims from a friend that works in one of the operators ans has access to this info...

Currently we have COMP128v1 code and its software implementations in C, VB6, smartcards with programmable Ki (SimDoctor) we can get a lot of test vectors. (RAND, Ki ---> SRES, Kc)

As for COMP128v2, currently we have no algorithm (patch) description. Though we can also get a lot of test vectors (with SimDoctor), this hardly could help to find out algorithm contents... :( I hope to find some keys for the v2 in WfSC code... Need more time.

To discuss vector X transformations, tuples contents and size, we need to set up some naming coventions for the COMP128 plain reverse alghorithm. There are 5 rounds of vector X[] substitutions in the last major loop. So, we can consider 6 states of vector X[] elements, assuming before and after substitutions. For example, -


_____subst._____ subst.____subst._____subst.____subst.
______j=0________j=1_______j=2_______j=3_______j=4

X000 ----> X100 ----> X200 ----> X300 ----> X400 ----> X500
X001 ----> X101 ----> X201 ----> X301 ----> X401 ----> X501
X002 ----> X102 ----> X202 ----> X302 ----> X402 ----> X502
X003 ----> X103 ----> X203 ----> X303 ----> X403 ----> X503
...

X031 ----> X131 ----> X231 ----> X331 ----> X431 ----> X531

If there exists 4 sets of possible parent elements of vector X[], we can put them in a tuples together with entity number. For ex.:

(X400, X401, 0) |
(X400, X401, 1) |
(X400, X401, 2) |
(X400, X401, 3) |-----> (500, 501)

(X402, X403, 0) |
(X402, X403, 1) |
(X402, X403, 2) |
(X402, X403, 3) |-----> (502, 503)

The attached file contains reversed compression tables of the COMP128.
Rename it back to comp128-rtab.rar

The tables are made by simple sorting in the Excel.

The attached file contains rar archive of xls Template useful for COMP128v1 reversing.

read this !!!


http://sim-emu3.narod.ru/

read this !!!
http://sim-emu3.narod.ru/

- Spoofing for Russian-speaking dummies... See the discussion
http://www.kievsat.com/phpBB/viewtopic.php?t=669

The author claims that his device makes COMP128v2 cards DPA (Differential Power Analysis) to find out their Ki, but he even do not know that a card, supporting COMP128v2 required to use the v2 Ki. At least, there are no any references to any multinumber cards supporting COMP128v2... I guess, the same guy with no address and WebMoney account busily offered modified GSM-phone for free calls. This tale looks similar... :)

DO NOT USE SIMSCAN v3 !!! It will send your Ki and IMSI data to a sertain e-mail adress....

Hi,

More details more about this people:

- They says that this DPA is created by INTEL technicals. ¿? The original documents of DPA are of IBM technicals. :D

- They can be read of all card but need you put the ICCID by keyboard :D
¿They don´t know the ICCID of the card? , je,je,je... if this data is more easy to read...

- The SIMSCAN3 use the Winsock DLL library. ¿? For What?.... :D je,je,je....

I think that Linkfor are correct. The SIMSCAN3 only uses the SIMSCAN 2.01 to intercept the IMSI and KI and send by internet/email.

You can spend your money (167$) to normal reader and also when you use his program to obtain the IMSI & Ki, it send this data to internet. 2 Hoax in 1.

but... they can think that all people are stupid....

Regards,
Sir Graham.

http://www.endorasoft.es/avatars/Logo.jpg (http://www.endorasoft.es)

WEB: http://www.endorasoft.es
FORO: http://www.endorasoft.es/forum
FTP: ftp://endorasoft.es Login: public Password: public

what about status of this method for comp128v2???

Regarcs

Sorry Guys dont know which thread to ask my Question. :D

Been reading this thread and found interesting idea's :eek:

Was able to extract my Ki for my SIM but only until the 3rd pair then my sim
is destroyed (prepaid) :(

got Ki: B9 A9 F4 ?? ?? ?? ?? ?? DA 6E 28 ?? ?? ?? ?? ??

question is , will it still be possible to get my Ki by computation or any idea on how to fill in the ??.. :(

Regards to all.

As I understood you used Cardinal for that and kill you card..
information to less for computation...

How many GSM steps you spent untill to kill card?

Im not sure , coz I am upset when it happens probably near 63000 steps I guess :)
and time I spent more than 2 Hours. For the next card I use Woron :) tooks me less than 2 Hours ... Thanks for your Sw :)

I think it doesn't. I run a 1.02 and 1.05 are the same result - it's stack. :confused:

I don't know the complete GSM protection squeme, based on Ki stored in carrier owned databases, for comparing decrypting with MS sended encryption key.

But, what happens when a MS get into a new network zone, and needs to make roaming phone calls ?

The phone encrypts RAND with its own Ki, but the local carrier doesn't know the roaming MS Ki to be compared.

...But, what happens when a MS get into a new network zone, and needs to make roaming phone calls ?

The phone encrypts RAND with its own Ki, but the local carrier doesn't know the roaming MS Ki to be compared.


I think the query RAND comes from the home carrier, not the visited carrier. The visited carrier gets a confirmation from the home carrier.

From gsmworld.com: (http://www.gsmworld.com/using/algorithms/index.shtml) A per-copy fee of EUR2,000 is chargeable to non-members of the GSM Association wishing to receive these algorithm specifications

2,000/100= 20€

There are other 99 guys that whould pay with me??? :D :D :D

Hi,

I participe in this possiblity....

You only need serach 98 persons now...

Regards,
Sir Graham.

The following example A3/A8 algorithm specifications are available to qualified industry parties (GSM network operators and manufacturers of eligible GSM equipment) on application to the GSM Association:
COMP128

COMP128-2

COMP128-3

So I dont think this is a feasible approach...

From gsmworld.com: (http://www.gsmworld.com/using/algorithms/index.shtml) A per-copy fee of EUR2,000 is chargeable to non-members of the GSM Association wishing to receive these algorithm specifications

2,000/100= 20€

There are other 99 guys that whould pay with me??? :D :D :D

If we have compv2 spects, what will we have? What will change?
If any change about decoding comvp2 , i can pay too, so need 97 more.

And who will sign NDA?

http://www.dia.unisa.it/professori/ads/corso-security/www/CORSO-9900/a5/Netsec/netsec.html

http://www.dia.unisa.it/professori/ads/corso-security/www/CORSO-9900/a5/Netsec/netsec.html

nice!!! In this document Lauri says "The authentication works in other countries as well, because the local network asks the HLR of the subscriber's home network for the five triples. Thus, the local network does not have to know anything about the A3 and A8 algorithms used"

So it doesn't need to have a CompV2 sim (in another post SirGraham confirm the same) becouse the network does not know anything about algo used!!!

We need Comp128-2 algo!!!!

As I posted above -->

"The following example A3/A8 algorithm specifications are available to qualified industry parties (GSM network operators and manufacturers of eligible GSM equipment) on application to the GSM Association"

So we CANNOT get these algos unless we qualify...

Well, I don't know much about the GSM system and about the way that it transmit and recive the informations, but i was thinking....
Is it possible to introduce a sniffer between the SIM and the mobile. This way, we can read all the information that the operator and the mobile send to the SIM, and if some one knows wich informations is of the phone, all that is need is to divide the correct informations and filter them, then we'll have the code that operator send to the sim to verify the Ki, and maybe make something to calculate it!!!

Hi, searching in the web I've seen a software for managing SIM/USIM, this software is built by axalto (VIEWS CARD EXPLORER), and the goal of this is manage ALL contents in a SIM/USIM, including IMSI, Ki, Kc, etc.

Until now we have searched a method to extract data from a sim forcing it, but why we don't try to READ data written in the sim???

If exist a program for developers (more, exist also GEMXPLORE of GEMPLUS) why don't try this way????

Hi,

I afraid this software can "extract" the Ki. The IMSI & Kc and more data is easy to extract and view. The XSim can show this data, but the Ki is the problem.... :eek:

The SIM is like a little "computer". It isn´t a pasive component. You can´t "read" a file. You ask to the SIM one FILE. :(

The Ki NEVER go out of the SIM. This Key only is used intern for autentication algorimt. You only can check the results of this proccess.

The posible solution for this is if the manufactured implemented this Ki like other file more in the SIM.

- What is this FILE?
- How I can access at this file? (possible they use admin PINs)

If you use the Complete Scan of XSIM you can see Hidden files.... curiosus... ;)

Regards,
Sir Graham.

http://www.endorasoft.es/avatars/Logo.jpg (http://www.endorasoft.es)

WEB http://www.endorasoft.es
FOROS http://foros.endorasoft.es

[QUOTE=SirGraham]Hi,

... ;)

Regards,
Sir Graham.

http://www.endorasoft.es/avatars/Logo.jpg (http://www.endorasoft.es)

WEB http://www.endorasoft.es


¡ Atencion !
"Pagina en reformas.... en unos dias estaremos otra vez con vosotros...
Perdonad las molestias..."


:confused: :(

@ SirGraham

I'de like you see this file (the help file of CARD EXPLORER), and then you could determine if this program could (or could not) READ Ki from a card.

It seems it can!!!

U can download the file here: http://cesconoa.interfree.it/KeyExplorer.zip

Regards

Hi,

uhhhmmm... Can you send me all program? I can make trys with some cards. Only with the SIM Is very complicated to determinate this.

email: grahamsir@terra.es

Regards,
Sir Graham.

Hmmmmm, Card explorer cost 3000 bucks :eek:

VIEWS Card Explorer is designed by engineers, for engineers. It provides a powerful, performant and highly versatile environment for viewing, updating, testing, and debugging the contents of any mobile phone smart card, from any manufacturer - that's all SIMs and USIMs, and roaming cards including our own Simera Airflex and Simera GAIT.

regards
Seth

Hi,

I only offer the possibility of to throw a look to this program and his possibilities (If is true that It can extract the Ki in all kind of cards).

I know the system of the smartcard and I developed a program (XSim) that makes this kind of operations........ I think I know something about this. By the way the XSim is free.

If cesconoa can send me this to try, I make trys with COMP128 v2 and v1... and special SIM cards.

Regards,
Sir Graham.

@SirGraham

sorry, I am not insulting you, I only copy description from VIEWS pages so everybody can understand in this discussion. Hope somebody have this proggie and will share it.

Regards

Seth

Hi,

Don´t worry, ;) I don´t think you Insulting me....

I only explain that this forum there is level to understand this tool. This is not a problem.

Regards.
Sir Graham.

Hi, I'm sorry but today I can't share the program...

You can download the trial version (30 days) from Axalto

It's needed the registration!

This is the page: DOWNLOAD (http://www.simagine.org/resrc/resrc_detail.asp?mode=download&DID=36)

your link has been expaired and site is ask for login :eek:

It's needed the registration!

The registration is free! Then you can log-in and access the download section, bye.

your link has been expaired

The session has expired, not the link!!!

"Sorry, you have so sufficient permission to access Resouce Downloads
Only Active User Can Visit Resource Download Page."

I registered there but an error message accured. Please upload it somewhere if it is possible.

REGARDS.

"Sorry, you have so sufficient permission to access Resouce Downloads
Only Active User Can Visit Resource Download Page."

I registered there but an error message accured. Please upload it somewhere if it is possible.

REGARDS.after register you must activate your membership friend.and then it works ok.i downloaded but its over 50 mb.so its not possible to upload .try activation from your email then download it.

Houston, we have a problem!!!

I'm just explorating 3GPP secifications, and I've seen that GSM world is changed: with the 3rd generation of mobile comunication all mobile authentication will be established using the MILENAGE or the KATSUMI algorithm.

Milenage works in a dual mode 2G/3G Mobile comunication
Katsumi works in a 3G Mobile comunication

Finding a way to brake compV2 algorithm is important only to know IMSI and Ki in the card between 2002 and 2004.
The new SIM are USIM and has new keys and new ways to authenticate, it's necessary to build an USIM_emulator to access the new generation!!!

Within the mobile communication system UMTS specified by 3GPP there is a need to provide security features. These
security features are realised with the use of cryptographic functions and algorithms. In total 3GPP identified the need
for 9 cryptographic algorithms and functions (ref. [1]). Two of these, f8 and f9, for cipher and integrity protection of the
3GPP radio interface have already been developed and are now part of the 3GPP standard specifications.
It was decided that the algorithms for authentication and key generation should not be standardised as they can well be
proprietary to each operator and by his own choice (just like in GSM). The context for these algorithms, called f1, f1*,
f2, f3, f4, f5, f5*, are described in ref. [1]. The generic requirements for these algorithms are specified in ref. [2].
It was discussed in 3GPP SA 3 if an example set of these algorithms should be produced and offered to the UMTS
operators, to utilise instead of developing their own. A need for such an example set was identified with the additional
requirement that operators should have a means to personalise their own algorithms. ETSI SAGE was asked to design
the algorithms. To carry out this work SAGE set up a Task Force (SAGE 3GPP AF TF) based on SAGE and enlarged
with cryptographers form UMTS manufacturers.

This is the section 5 of TS 35.205 (Background to the 3GPP Authentication and Key Generation algorithms)

Later says:
The functions should be designed with a view to its continued use for a period of at least 20 years. Successful attacks with a workload significantly less than exhaustive key search through the effective key space should be impossible.

and then:
1. Without knowledge of secret keys, the functions f1, f1*, f2, f3, f4, f5 and f5* should be practically indistinguishable from independent random functions of their inputs (RAND||SQN||AMF) and RAND.
2. It should be practically impossible to determine any part of the secret key K, or the operator variant algorithm configuration field, OP, by manipulation of the inputs and examination of the outputs to the algorithm.
3. Events tending to violate criteria 1 and 2 should be regarded as insignificant if they occur with probability approximately 2^128 (or require approximately 2128 operations) or less.
Oh my G*d!!!

Hi,

I only offer the possibility of to throw a look to this program and his possibilities (If is true that It can extract the Ki in all kind of cards).

I know the system of the smartcard and I developed a program (XSim) that makes this kind of operations........ I think I know something about this. By the way the XSim is free.

If cesconoa can send me this to try, I make trys with COMP128 v2 and v1... and special SIM cards.

Regards,
Sir Graham.
hey we have the link now any progress ? if someone could post an account that works logon mine keeps saying same eror message even after i posted on there site or if someone has an ftp they could share with us

eMule can save our sole

eMule can save our sole
quick update the site fixed the issue with the access for me.... please elaborate on this statement i assume no one knows of a keygen for this prog ? or has a way to trick the registration? for that matter wether we are any closer to cracking comp v2 ???? anyone know what we would need to do this? anything special i mean ... is it computer power? software? or is it that someone just needs to sit down and pick at it?... anyone actively working on this? after the comp128 v2 there is a v3 right? so thats 2 things to work on...........

Hi,

Sorry. But I make the trys. This software isn´t the solution of V2.

Regards,
Sir Graham.

Wrong way!!!

I've tried the "axalto views professional" and "quantaq usim explorer", but all can't read data without administative permissions.

The first is very good, but not usable for this goal....

* * *
*
*
*
* *
* *

Merry Christmas!

how to try ki? :confused:

Impossible find ki in comp128 V2....

Nothing is impossible.

lol, if it were sooo easy, you wouldnt be the first erhm hackers who find it out ;)

to Preco,can you explain to me how to find KI, on the 3 ?

Where can we get source code of COMPv2 ? ( C or Assembler )
Tks kindly

to Preco,can you explain to me how to find KI, on the 3 ?

On V1 with SimScan (DEJAN),on V2 for now doesent exist any program

How can I know if my 3 usim is v1 or v2?

Hi,

The real UMTS SIM use a new Authentication scheme. The "milage" algorimt.

...but actually, the 3G phones use the normal SIM. 3G phones are compatible with the "actual" SIM and with the new...

Regards,
Sir Graham.

would anyone test this new application?

http://www.quantaq.com/images/sr_screen1.png

30days tryout, sim/usim support
http://www.quantaq.com/simregistrar.htm

i read features of the program, maybe it will not fit our purpose but i'll give a try

would anyone test this new application?
http://www.quantaq.com/images/sr_screen1.png
30days tryout, sim/usim support
http://www.quantaq.com/simregistrar.htm
Hi all, I'm newbie here and this is my 1st post.

From what I've read about the SIM Registrar : You only need to input the last digits of ICCID, and the application will search the IMSI,KI,PIN1,etc from Output Files/Return Files, this application does not read/'extract' anything from the SIM.
This application will only useful if you have the Output Files (i.e you're working for GSM Provider). Personally,I haven't tried this app.

If this thread is still allive, I would like to participate. I am thinking to write a SIM application, but it's much more complicated then I have expected. Actually my problem is how to store my application on the SIM ...

I have a Nokia 7650 and made a software "intercept and copy" to a file all the signals sent and recieved by the phone (writing them to a text file).


Hello ALFelix,

Are you still working with that? I have a similar problem and what I could need is a little bit help in how to check what my cell is doing.

Guenther
Davao City, Philippines, Planet Earth

After all those years, still no progres.......

thank you it is very gooooooooooood job





M \ ma7mod soft

After all those years, still no progres.......
Is that means the algorithms is getting harder to crack ?
Not to mention that we are moving to 3G (at least in my country) which I assume should have an even harder algorithm to crack.

..::http://java.free.bg/javaBase1.gif (http://java.free.bg)::..
........:::::http://java.free.bg good site for free java game for all gsm:::::.........