Hi I've tried cloning sim card It's ok ;)
But I wanna understand a little more... :confused:
Iwant to Know what's the KI
what's his job

If it's the provider who send it
And if it's the case :
-why don't you use a season2 like interface wich can be inserted in the sim slot to get it ???????????? :confused:
-Can we do as if the ki accepted to connect with a false card

and if it's not the case (the card send it the provider ) normally we can get with ease ??????


I'm reading the GSM 11.11 norm
Is it enougth to understand
please give me some links where i can read some interresting stuff

Thank for your help
And excuse me if my questions are little stupid cose i'm a little newbie

Hi,

Your three questions:

- No. You can´t see the ki because this key don´t out of the SIM.
- No. The Ki must be exact because you autenthication don´t work. You can´t call.

The Ki is a special key into the card. The SIM use this key to make a funcion (A3/A8) COMP128 and get a result. Only the result is sent to operator. You can´t obtain the ki spy with season the output/input of the SIM....

Regards,
Sir Graham.

Thank you for your precisions

After i have understanding that i other questions :

As we know the A3 algorithm

we can send the RAND word to the sim so that it will generate the SRES word

after that we execute a brute force task on the computer that run the A3 algorithm with the RAND & a variable KI that goes from 0 to fff....fff and we save each ki that generate the same SRES if many are possible

and we redo the same thing with another RAND until only one KI is selected

the interest is that this task will run on the computer CPU and it's much faster

i dont know how for exemple xsim work to extract the KI
so can any one tell me how

and thank you

Hi,

There is a explanation of the Collision System in the EndoraSoft Forum (in spanish). This algorimt is too long to explain here.

Yours first steps are right. You must be obtain the SRes + Kc for the same Ki. This a collission...

Regards,
Sir Graham.

So what's the defference beteween a v1 sim and a v2 sim cose if what i've said is true it should be working with both
and if what i've said is true normally there is no so many access to the sim card
????

and please give some links that explain the algorithm used
and if there is a documentation about collision in frensh or english

Regards

Hi,

The COMP128 v2 isn´t public. I know that this HASH function haven´t got collissions. The operators works with two kind of cards in the same networks. (I don´t know how they works because the AuC send triplets of one kind).

Sorry but I haven´t this document in english or french. I wrote in spanish.

Regards,
Sir Graham.

http://www.endorasoft.es/avatars/Logo.jpg (http://www.endorasoft.es)

WEB: http://www.endorasoft.es
FORO: http://www.endorasoft.es/forum
FTP: ftp://endorasoft.es Login: public Password: public

(I don´t know how they works because the AuC send triplets of one kind).

AuC sends triplets of that kind which the card IS - isn't it obvious? There's no problem to Auc - what version of COMP128 is embedded in considered SIM - this is just a field in its database.

All this stuff is disscussed (even "overdiscussed") at the kievsat.com forum. i mean new forum. Certainly in russian.

Hi,

uhhmmmm. I afraid this is not obvius. I explain me:

The AuC send triplets (triplets = Rand, SRes and Kc) to HLR. Normaly 2 or 3 triplets. Ok?

Well I make this try:

Use a special SIM Card with COMP128 v2. This SIM COMP128 v2 is special because I can change the Ki.
Put in this (special) card the Ki of one of COMP128 v1. and the card conected without problems (yes... yes... with the IMSI and Ki of one card of COMP128 v1)

For this I think that the operador don´t know what COMP128 version uses the card, and calcule part of the triplets in COMP128 v1 and part in V2. If one of them are correct the conexion is authentificated.

I like comments this situations/trys in kievsat.com forum. But I don´t know russian :(
language. If we accepts change of info in english, perhaphs we disscussed about this themes.

Regards,
Sir Graham.

Thanks for explanation

Regards

Well I make this try:

Use a special SIM Card with COMP128 v2. This SIM COMP128 v2 is special because I can change the Ki.
I think our misunderstanding has its roots right here. If you have a SIM with COMP128 v2 algorithm - this means that the software you've used to make it contains a program module of v2. Ghm.. Then the source text of v2 would be easily available as v1 is (f.e. cf. http://www.mirrors.wiretapped.net/security/cryptography/algorithms/gsm/a3a8.txt). But this is not the case (probably i simply lazy if have not found yet?).

So you can set such a test: send the same APDU series "Run GSM-Algorithm"
A0 A4 00 00 02 7F 20
A0 C0 00 00 1D
A0 88 00 00 10 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
A0 C0 00 00 0C
to this "v2" SIM card and to original "v1" one with the same RAND (say 00 01 02..0F). Compare responces from them.

Or maybe everything much easier - you have a flash and an eeprom files of such a "v2" card for PIC16F877? Would be great to receive those at my_nick at nwgsm ru.

Hi,

I said that I have this card but I don´t say that I have COM128 v2. :D

Some comercial multinumbers card have the posibility to configurate what function do you use (the card have two functions).
I can´t extract the COMP128 v2 funtion for this card and also of course the card haven´t got a PIC. (it´s a Gemplus manufactured like originals) :(

Of course I try the autentificacion function with the APDU function. I try with the SAME Ki and the SAME rand and the SRes and Kc are diferent. :p

(I can try this because I am the author of XSim. The XSim have a function to make vector test of COMP128. It calls to a card APDU (A0 88) autentificate and It internaly have the COMP128 v1 implemented and compare the results. You also can use this opcion with XSim: http://www.endorasoft.es/dowload/XSim.zip)

I am sure of my steps are correct:
(I try some times, because I am surprised of the results)

1.- Extract the IMSI & Ki of COMP128 v1. (Normal method, collision method)
2.- Try this values in a card with SIMEMU. All correct. Connected and can make calls.
3.- Now, I put this values (IMSI & Ki) in this special multinumber card.
4.- Configure this multinumber card to work with COMP128 v1 (I use a special APDU to make this).
5.- Obtain for one Rand (00 01 02....) the SRes and Kc.
6.- Put the card in a terminal. And conected. Ok. I make a call (to provocate a authentication). With Netmonitor I see that the TMSI change.
7.- Configure the multinumber car to COMP128 v2 (I don´t change the Ki or IMSI).
8.- Obtain (for the same Rand 00 01...) the SRes and Kc. (They are diferent to step 4). The COMP128 v2 for the same Rand and Ki generate diferent SRes and Kc. This is normal because the tables of the hash fuction are changed (v1 us v2)
9.- Put the card in a terminal. Also ..... it conected!!!!.
I make a call (to provocate a authentication). All Ok. The TMSI changed....

surprise, surprise....!!!!!

If there a park of SIM with COMP128 v1 and V2 there is two possibilitys:
- The operator knows what COMP128 version have one card. (Your theory)
- The operator send for the AuC triples in COMP128 v1 and V2 (some in V1 and other calculated with V2). If some of them are valid the conexion are ok.
(My theory)


Who we can confirmated this?

- Check what info use the AuC to generate the SRAnd and SRes + Kc... Of course It have the Ki but how they knows what ki they must be use.
Send the HLR the IMSI? the ICCID or What send? if the operator knows this for this numbers we also can be know if a card is COMP128 v1 or V2 for the same way....isn´t?

- If anybody knows the Ki of one card of COMP128 v2, can be make the opposite operation than me. Put this IMSI & Ki of COMP128 v2 in the SIMEMU (COMP128 v1) and see if this card will connect. If the operator don´t know if the card have COMP128 v1 or v2 the SIM will conect like in my try.

¿? Any questions? this thread is open....!!!! What is your theory?

Anyboy can complemented this info or knows more about this?

Regards,
Sir Graham.

PD: @sbog . I am not Lazy. :) I have also this documentation A3/A8 COMP128 v1 in my web page http://www.endorasoft.com
Also I am implemented the COMP128 v1 in C++... I think that I know of this a little...

Hi,
i applied the word "lazy" to myself, not to you. Sorry if abused.
Anyway - nobody has pointed yet to the sources of v2.

As for the steps described above:
- after the step 5 (obtaining Kc/SRES in the "v1" mode) it is neccessary (for the sake of correctnes) to compare with the responce of the original card with the same RAND;
- after the step 8: what about the last 10 bits in 96-bit response - were they all zeros as in both "v1" and "v2" modes should be?
- step 9: is it well known that a terminal after switching on do not reset such cards to v1? How can we make us sure that such a switching is not a fake? After taking off the terminal - this SIM responses as in the step 8?

Sorry, but i have not caught the following:
- Check what info use the AuC to generate the SRAnd and SRes + Kc... Of course It have the Ki but how they knows what ki they must be use.
Send the HLR the IMSI? the ICCID or What send? if the operator knows this for this numbers we also can be know if a card is COMP128 v1 or V2 for the same way....isn´t?
When a MS switches on and asks a network for a service it sends its IMSI, so when finally request reaches HLR - it definitely knows which AuC (v1, v2 or v3) should be used to generate a set of triplets. If you asked of something different - please ask it in other words - i can't realize.

- If anybody knows the Ki of one card of COMP128 v2,
thats right - IF! :)

Hi,

:) Yes, Anybofy except the members of GSM association have access to the COMP128 v2.

Your questions:

- Yes. The COMP128 v2 have the last 10 bits of Kc to zeros. You also can check this in a original card. For the papers of GSM association only the COMP128 v3 have the Kc with 64 bits (2^64).

- It can´t because the APDU to change are indocumented (haven´t in GSM 11.11). To know this APDU I must be use a season 2. Only the program (PC) to control this multinumber card use this special APDU... well.... this program and now I also !!!

The card works equal with COMP128 v1 or v2. With a IMSI & Ki of COMP128 v1. However, The response SRes + Kc is diferent (with conts RAND and Ki).


When a MS switches on and asks a network for a service it sends its IMSI, so when finally request reaches HLR - it definitely knows which AuC (v1, v2 or v3) should be used to generate a set of triplets. If you asked of something different - please ask it in other words - i can't realize.


Well, we suppose that the operator knows the function used in the card (v1, v2.. ect).

How the operator knows that one card are V1,v2,v3? This info is inplicited in the ICCID? in the IMSI? How?

The AuC is a independient part of the HLR. How the HLR ask to AuC the tripleps? Send the HLR something to AuC?

The idea is: It´s good to search a method to know if one card is COMP128 v1 or V2. Now to know this it´s necessary search the first par by collisions. If this info are inpliceted in the card, we can know easy the kind of card.


Regards,
Sir Graham.

I think operator recive IMSI and detects which algoritm to use.

Hi,

Yes of course in the comunication, the operator received the IMSI.
But send this IMSI to the AuC?
Use the IMSI or have other field in the data base to know this?

Some people say me that the data base of HLR is diferent to data base of Ki (AuC). This last are encripted....

Anybody knows something about this?

Regards,
Sir Graham.

Why necessarily "sends IMSI to AuC"? Why not vice versa - having obtained the request-for-service from the SIM with the given IMSI - operator (MSC, HLR management soft or what-so-ever) depending of the card type (v1, v2..) invokes the corresponding authentification procedure in his AuCv1 or AuCv2..
? :)

Hi,

Yes, But anybody knows What info send the HLR to AuC?

If somebody answer this question we can know more about this....

Regards,
Sir Graham.

HLR send IMSI to AuC.

Hi,

Are You sure?

uhmmm... The AuC knows if a card is COMP128 v1 or v2 with the IMSI?


Regards,
Sir Graham.

I think so.
What another values can HLR send to AuC??
And I don't undestand how it'll help us?

Hi,

Perhasp.... the kind of COMP128 that the Auc must be use to calculate the SRes?

Regards,
Sir Graham.

I think HLR don't know the kind... or HLR determines it by IMSI. It's not big difference

Hi,

Yes There is diference. If The IMSI determine the Kind/version of COMP128 that the AuC use, we also can use this info to determinate quick the kind of card what we can clone...

This is a step.

Regards,
Sir Graham.

SirGraham! The operator has a DATABASE with info - which IMSI is V2, and wich - V1. We haven't it!

Hi,

Yes If this is correct, How I can use a COMP128 v2 card with Ki & IMSI of one of Card of COMP128 v1?

Regards,
Sir Graham.

I think your card is working as V1.

Well,

What try do you want I make to demostrate that this card work on COMP128 v2?

Test vectors? What? I make in this posts the try.

Why do you think that works in COMP128 v1?

Regards,
Sir Graham.

I can not find another explanation..
MS send IMSI/TIMSI to the network and nothing more. And the network generates triplet. Correct triplet. That's why i think so.

Well,

What try do you want I make to demostrate that this card work on COMP128 v2?

Test vectors? What? I make in this posts the try.

Why do you think that works in COMP128 v1?

Regards,
Sir Graham.


If it is working as compv1 , why cant i make call on compv2 mode? after switching to v1, can make calls....

Hi,

That´s it.... ;)
I am sure of my trys. I conect a COMP128 v2 card with IMSI and Ki of COMP128 v1 (I haven´t got other :( )

We don´t know some things. I think some pieces of puzzle are missing...

Well, There is someboy that knows how works the AuC exactly? (protocols, database compose, ect...)

Regards,
Sir Graham.