I'm having a problem reading Imsi+ki (F5) using Sim Scan 1.21.

I can get ATR, and also get files using my elvis (adteknik multiprogrammer) programmer in pheonix mode @ 3.57MHz, I know they work cos when I view the log of the files I can see the text from SMS messages on the simcard in the log.

I start it up and press f5 - my pc then locks up totally (including the date/time clock) for about 40 mins and then It comes back to life with a message saying FFFF, unable to find C:\sim_scan\par2.bin then something along the lines of the first time you run simscan this file will be automatically created. This process takes about 1 hour on a PII 715 MHz.

Thats as far as it gets - no file is created and I can go no further.

Any ideas anyone?

Regards,

SteveH

i have the same prob with the elvis<br />but i have use a phoenix 3.57 <br />it's work good<br />regards<br />Diablo22

This is because you're running it in a Window and the display isn't refreshed because the program is making the CPU work hard.

This is what actually happens:

Program does not find par2.bin and starts generating. By this time the message about generation starting is not yet refreshed on the screen and CPU is very intensely used to calc par2.bin... Then the program fails to generate par2.bin and CPU is freed and Window is refreshed and you see what happened.

If you pressed Alt+Enter before F5 and put the program in full-screen you'd see this.

So.. par2.bin generation fails for you... It happens on lots of computers.

This file is 2.6Mb (compressing it won't help much in size). The file is computer/sim independant.

If you want it, drop me a mail.

Hi Alf,

Thanks for the reply - would it help If I ran the program from Dos instead of from windows? I haven't tried yet cos I'm running Windoze ME and it's a bit of a pain to get into dos but I could do it with a Floppy as a boot disc and do it from there. if it would help.

I'll drop you a line with an e-mail address if you wouldn't mind sending me a copy of the par2.bin you have,

Best Regards,

SteveH

sim_scan runs better for me under DOS but with a DOS extender (cwsdpmi), or else it'll fail to run.

Drop a mail to pa@netcabo.pt and I'll send you the par2.bin file.

Be aware... this file is 2.6MB in size... that's why it isn't included in the distribution...

Many Thanks Alf,

File Received, and a 5 star rating from me to you for your invaluable explanations and assistance

Best Regards,

SteveH

Please do share with us...

Did you make it work? How...

Everybody can learn from your experience... <img src="smile.gif" border="0">

haven't tried it yet - going to leave it running when i go the pub in a little while and see how it goes. I'll be sure to post the results here. Have also been searching out dos extenders so if that works as well i'll post it here,

Regards,

Steve H

The best DOS extender I've seen for sim_scan (and also runs Dejan flasher) is cwsdpmi.

I think it's included in DarkFlasher shell.

If you need one, drop me a mail.

Glad to help...

Alf send it to me pls if it not a hard for you.

Thanks Alf, thats the one I have (not the dark flasher one - found it elsewhere on the net).

Sim-scan appears to be running ok (i think) now. It's taking a while as predicted. I'm using F5 then F3 and leaving the start address as the default of F800 is this correct?

Regards,

SteveH

ive been trying to extrat KI from a 121 sim<br />its about 3 years old, and a PAYG sim

and well it seems indestuctable !! .. <br />BUT to boot impossible to extract KI ! Grrrr

cardinal after about 12 or more hours says KI can not be extracted<br />and Simscan is still churning away after a day or more !!

Grrrrr... Mick

Yup - I tried 2 one2one sims in earlier experiments with cardinal and it destryed them both - just came up Insert Simcard when put into the phone.

I've had simscan running now for over 26 hours on a BT cellnet Sim and no joy. <br />I get 16 red numbers (bytes) on the screen and bytes 1 and 2 and 8 and 9 increase at varying rates 1 is fastest and 9 is slowest (all other bytes remain at 00. I guess from watching it that it increases byte 9 then runs through all possible combinations of numbers of bytes 1,2 and8 before incrementing byte 9 and repeating the process. After just over 18 hours byte 9 rolled over from FF to 00 and byte 10 incremented from 00 to 01, The sequence continues.........

Anyone got any idea if it's running correctly? I'd guess it can't extract the KI as it got the the point where byte 9 went up past FF which i think means that it hadn't been able to brute force the first 4 bytes.

Alf/anyone can you confirm this please - is it running ok?

Regards

Steve H

PS I'm going to try an Orange sim next as i've seen a few reports of KI's being extracted from them

well at last something happerened !! some of the 00 went red !!!!

so i have two sets of 00 thats red .. <br />*** knows wot that eans anf if its good ???

Mick

o sim card still works 100% ??!!

Looks like you have both got Sim Scan working as it should (I need to boot to safe mode).However, once you start to get red zero's it means it is failing to get the information. Eventually you will see nearly all red zeros, but the program continues to run for weeks. It never gives up, but it will not succeed.

When it is able to read the Ki, the white zeros change to white numbers in pairs and you know it will succeed. To see this happen, just try an Orange card.

nothernbloke:

It's working fine... wait 22 hours on a PIII-750 <img src="tongue.gif" border="0">

Thanks Alf, I've seen various figures quoted for times - I'm running an Athlon Thunderbird 1.4Ghz system - so shouldn't have too many problems on the processing side <img src="smile.gif" border="0"> but doesn't seem to be very quick - I guess it is limited on any system by the baud rate at the com port (9600 for elvis).

I've found a very reliable method (to get sim_scan121 to work using my elvis programmer) using a Floppy to boot to dos.

1 - Copy CWSDPMI.exe and the MPSET.exe files into the sim_scan folder.<br />2 - Boot to Dos using the floppy<br />3 - Change directory to Sim_Scan<br />4 - Run MPset.exe and select option1 (phoenix emulation)<br />5 - run CWSDPMI.exe<br />6 - Run Setup.bat to execute Sim_Scan

The above steps work for me every time. But if you want to run simscan again you must power off the PC totally for 30secs before rebooting to DOS. CTRL+ALT+DEL to reset does not work - simscan will fail with an error and debug parameters listed.

Regards,

Steve H

ello there northern bloke .. <br />would it be poss to send us a copy of 'CWSDPMI.exe ' ??

micklong@barrysworld.com

well ive gien up on mine <img src="frown.gif" border="0"> <br />got al the way to the limit .. and had 4 sets of 00 in read by that time ..<br />now i think its in the brute force stage ?? .. <br />all numbers red, and the 4 sets of mumbers that was red, are now rapidly changing numbers/letters<br />i kept this going for about another 12 hours rougly and still doing the same !!<br />im now thining of giving up and getting a 'replacment' sim from 121 then try it on that instead ..<br />whats uor thougths ?

<br />oo and Alf, not sure if ya just didnt get my email, or have'nt had the time to reply ??<br />i understand about the time factor !!

Cheer for ya help peeps, MIck ..

Finally Done it!!!!!!!!!!!

Cloned my Orange sim onto a GoldCard using my Elvis Programmer. Original sim is a 2001 card and using SimScan121 options F5 and F1 I got the KI + IMSI in just over 4 hours. (it also took more than FFFFh cyphers so I guess I was lucky and have a card that doesn't have the limited running of the KI.

Couldn't get Dejans gold hex to write to the card (only found 1 hex file - i thought there needs to be 2???) and had heard of a bug in TwinSim so I used the Kissme Hex Generator and it created hexes for Pic and Eeprom. Burned both files onto a gold card using MP6 and it works <img src="smile.gif" border="0"> <img src="smile.gif" border="0"> <img src="smile.gif" border="0"> <img src="smile.gif" border="0"> <img src="smile.gif" border="0">

Gonna Try a Silver next using Alf's files.

@ALF - Am I correct in thinking that I can burn your hex+bin files to the Silver card in the usual manner and then use the F6 option of simscan to write the KI+IMSI?

Cheers

Steve H

@Insp_Gadget - you have mail <img src="wink.gif" border="0">

Only Sim's I've had any joy with are Orange so far (done 2 of them - one was an old disconnected one so i used it first to practise on. (juas for the record I used F5 then F1 to get the info out of them - i know it's advised against it but I can say that 2 out of 2 (ORange Sims) using this method worked for me. I tried the other methods F2 or F£ on the other cards and had no joy. Think I may risk my BT card later and try it on F5/F1.

My old 121 sim didn't give any joy and neither did my cellnet one. Haven't tried any Vodafone ones as I've seen loads of reports they have a different protection on their cards and no-one has successfully got the KI or IMSI out of one yet.

Regards,

Steve H

@alf

I can't get your updated versions of the Silvercard hex 1.06c to write to my card.

Not sure where the fault is - i know it's not a hardware fault as I can write silvercards for DigitalTV use etc.

As u see from the posts above I'm using an Ad-Teknik Multiprogrammer v3.5 (more commonly known as Elvis)

Any chance you could send me seperate files for the silvercard (Pic16f876 + 24C64)in Hex format please - (ie not .hex for pic and .bin for exteep)<br />That way should hopefully work with my setup.

Regards,

Steve H

thanks for that m8 .. <br />did mail ya back with some deatails <img src="smile.gif" border="0"> <br />my mail server is playing up at the min so ive pasted it in <img src="smile.gif" border="0">

hello m8, thanks for the swift reply much appreciated .. <br />if it not too much trouble would it be possible to send 'Kissme Hex Generator ' <br />as i have not heard about this before ??<br /> <br />you are correct that twin sim, does have its problems, <br />basicly its just the checksums in the hex are all wrong...<br />u can fix them but after all; its just simpic5.7 which is just as easy to use your gen, or winexplorer and hex<br /> <br />as for gsm_sim, i have now recived the slip eeprom file from alf.. <br />so if ya interested i can that too...<br />as the Single hex file that u have is sopposed to be programed with dejans programmer, and therefore the pic, and eeprom are in a single file .. (as his soft reads it like that !!!)<br /> <br />and finally to silver pic ... not sure if alf got back to u on this one ??<br />but i have got these files too .. so just reply and i will send away <img src="smile.gif" border="0"> <br /> <br />as for 121 sim, i think im gonna give up !! .. and alf thinks 121 sims are not comp128 ??<br /> <br /> <br />thanks again m8... Mick

You have more mail Insp_Gadget <img src="smile.gif" border="0">

Haven't had anything from alf re silver hexes<br />could you reply to my mail and send me the silver hexes you have please

Cheers m8,

Steve H

northernbloke:

Hmmm... I can try to convert bin2hex but I don't know what kind of hex does your programming software want for the eeprom...

The hex file can program the PIC ok... are you using the correct loader for the eeprom? doesn't your programming software support .bin files?

<br />Insp_Gadget:

What's a "Kissme Hex Generator" ?

The problems I mentioned about twin sim and simpic 5.7 weren't about the .hex but about the simpic itself... it has bad data regarding sizes of files inside the sim...

Now I'm a bit out of time but tomorrow I'll answer all your mails. Sorry for the delay...

Alf,

I'm using the software supplied with my programmer called Dosprog v2.8 mad by Ad-Teknik.

It does support bin files (allegedly according to the manual but i've only ever used hex files on it so far) for the eeprom but the program won't accept the pic file - says it's for a different processor. I've also tried card writer v1.81 with the same results.

I've read lots of messages on the net about the silver files only working with programmers like dejans where only 1 file is used (pic+eep in same file).

very puzzling, Is there any prog's out there which can check hex files and show what type they are (intel/motorola/hex8/hex16 etc... and possibly even convert between them?)

As I said I have no probs programming silvers with it for other uses. Guess I just keep trying different ideas till I solve it,

<br />Cheers,

Steve H

hello there,

can someone tel me where I can get a new version of sim_scan because I only have a old version.....

thanks,

greetz, Iwan

get it from dejans own site

<a href="http://users.net.yu/~dejan/" target="_blank">Dejans Download Page</a>

latest version is V1.21

Regards

Steve H

Northern Bloke,

I have just got simscan running this morning by pressing f5 and it was creating par2.bin, it tehn completed but has not created par2.bin.

Any advice,

I don't know why this happens - but seems to happen to most folks trying sim-scan. For some reason it fails to create the par2.bin file and as you have just discovered it don't work without it.

You need some kind soul to mail it to you.<br />I would but my upload speeds are painfully slow. I'm also trying to find a spot to upload it to the web where anyone who needs it will be able to access it. I'll let you know when i get it sorted.

Regards,

Nice one man,

I keep my eye on the sat page for the upload,

Thanks.

Par2.bin file - zipped and posted here if you want it

<a href="http://briefcase.yahoo.com/bc/northernbloke/lst?.dir=/Shared&.view=l" target="_blank">Par2.bin file here</a>

Regards

Steve H

@Insp_Gadget

Any chance of emailing me the silver files you offered?

Regards,

Steve H

u have mail <img src="smile.gif" border="0">

as for the hex files not being compatible !!<br />if u still have probs gimmie a bell ... as i haves a elvis too<br />and have played about abit with getting it to program hex's that it didnt before !! lol<br />its all to do with checksums, and the blanking method)

EDIT - just had a look at the kissmi program .. <br />i see that its got a option for creating the silver hexes too ??<br />have u tried this option too ??<br />hmm unlikly to be Alfs version <img src="frown.gif" border="0">

but looks a very good prog if it works <img src="biggrin.gif" border="0">

Mick ...

<FONT COLOR="#ffff00" SIZE="1">[ 02 February 2002 00:43: Message edited by: Insp_Gadget ]</font>

@ Insp_Gadget<br />Thanks for the files mate - i'll looke them over tomorrow when i'm a little bit more sober (good night down the pub tonight).

I have been playing around with the files i ahve for silvers and have discovered that with a little bit of playing around in picprog I can fill the gaps in the files (pic program ends around 082Chex )and by doing so increase the size of the file so the pic writes ok to my cards. but still shows insert sim

1 thing led to another and i took a look and the unassembled code from dejan and discovered in the first few lines that it is for a Pic 16F84 chip. The silvercards I have are Silvercard II's and have a Pic 16F876/877 chip plus a 24C64 eeprom

Wonder if I'm using the wrong type of silvers????

Will do some more research tomorrow

Nite Nite

Steve H

Hmm - more confused than ever - but dejans own doc's for silver hex indicate that it is indeed for the silvercards I'm using (pic16f877+24LC64)

I've tried Dejans Hex+Bin, Alf's Hex and Bin, silver hex generated by Kissme, something called SimEmu2.1 I found on the net.

Can't get any of them working - can get them onto my card ok now but nothing more <img src="frown.gif" border="0"> <img src="frown.gif" border="0"> <img src="frown.gif" border="0">

well i got a orange card donated to me <img src="smile.gif" border="0"> <br />so i have been using simscan on that .. <br />and its good <img src="smile.gif" border="0"> <br />its up to the 4 bute force bytes now ..

<br />what does it say when its in ya phone ??<br />as i have been p[laying with the gold Gsm_sim<br />and it seems again the eeprom hex/data int right <br />as one the pic programmed it will answer to reset etc ... and phone will boot ask for pin etc <br />just dont get network etc etc ..

Mick ..

Had no trouble at all using the Kissme generator I sent you. Just put PUK/PIN/IMSI/KI in the obvious places create the hex. Program the hex to the card in the normal way. When you put the card in the phone it will ask for PIN - enter it and phone works as normal - finds network. you will have a message received icon lit - open the message inbox and you wil see 1 text message there saying it's based on Simpic5.7 etc. Delete this as there is only space on a goldcard for 1 message.<br />Only other issue is that they don't store SMS message centre numbers so it's a bit tricky to send SMS - what I did was save the Orange SMSC number in the first simcard location and rename it to "1" - then it's quickly found when you want to send an SMS.

Have you got any silver files that work on an elvis using Dosprog to program them? I cant get any silvercards at all to work - i've tried all the ones listed 2 posts up and no joy at all <img src="frown.gif" border="0"> <img src="frown.gif" border="0"> <img src="frown.gif" border="0"> <img src="frown.gif" border="0"> <img src="frown.gif" border="0"> <img src="frown.gif" border="0">

16f876/7 + 24lc64 is a Silver card<br />16f84 + 24lc16 is a Gold card

What you have spotted is a typo or left over from the Gold version.

Really think the problem is that you are unable to programme Alf’s pic hex to the card without it being changed in some way. You need to use ICProg to do this, and use the file as it comes. If it is not possible to get the Elvis into a mode that works with ICProg, think you will need to use a different programmer or get the card programmed by a friend first then add you Ki etc later using Simscan.

I know the differences between the cards m8<br />there is also a wafer card with pic16f84 and 24LC64 eeprom on board - thats the card I was wondering if I needed to use.

I can't get alfs or dejans files to program using elvis - icprog doesnt support it and I'm not going to buy another programmer - elvis is one of the best on the market and programs everything I need it too - including silver cards for digital TV. It can do them just needs the files to be correct in order to program them

Both alfs and dejans hex crash during writing the pic - eeprom programming is fine. I aways get input time out at 082Ch. I'm sure it's something in the way the hex is formatted thats preventing it being programmed and thats what I need sorting out.

ello there m8 again .. <br />i see ya still havin probs with the silver programming ..<br />ok i have some options for u to try <br />and yes im with u on this one, its just that the hex is'nt valid for the mode/program u are using for ya elvis ..

<br />ok .. <br />now i had LOTS of problems with dosprog higher versions than 2.1 crashinf, timouts, runtime errors etc etc <br />if ya want i will email it o ya .. fixed a few probs that other people had <img src="smile.gif" border="0">

another way would be to use a more commen progam like icprog, and put ya elvis into Phenix/Smartmouse so it soopports it ??

if not i belive that thers other program for elvis (made for them) that also sopports the silver type chips ?&gt;??<br />might be worth a trip to there website and having a read ??

Mick ...

ps the friggin brute force on the last 4 bytes takes friggin ages <img src="frown.gif" border="0"> only took about 3-4 =hours to get all the others taking 8 already on the brute force poxy thing !!!

Can u send me an early Dosprog please Mick - I'm using V2.7 and 2.8 - same problems on both versions with the input timeout.

I've looked on the ad-teknik (elvis makers) site all the soft on there is their own (or it's not relevant for silvers).

Elvis is pretty versatile and had good phoenix/smartmouse modes but I can't find a way of getting it to work with ICprog (but as ICprog isn't used to prog the pic - only the eeprom - i guess it's not necessary to use that cos I'm having no problems writing the eeep - just the pic.

Failing that I guess its time to start looking at learning more about assembly programming and see if I can modify any of the source files to make it work for me.

Cheers

SteveH

moved to <a href="http://www.gsmcity.de/ubb/ultimatebb.php?ubb=forum&f=57" target="_blank">sim cloning</a>

Hello.

Could you pleas send me this two files. CWSDPMI.exe, MPSET.exe. I found CWSDPMI.exe on net, while I cant find MPSET.exe, but send me also CWSDPMI.exe, just in case.

Thanks

kihkosi@email.si

I am new to this site and I would like to know more about cloning an "Orange Contract Sim". Please can someone tell me what I would need. I have an Elvis programmer and also a Super GSM reader.What software would I need and where do I get it.

i need mpset.exe plz

Are you sure you need it, i have the phoenix programer and don't need it, and by the away buy a 10,24 mhz cristal and you be able to backup imsi and ki in about one hour with sim scan 1.21/1.33

m8's i would like to do my sim, where do i start & where do i get the required software & which hardware can i use? thanx :) :) :)