I recently copied two sim cards Orange, both the very recent ones. I used simmax 12in1. Both working witout any problems only I had to disable PIN before scanning. It was supposed to work anyway because software asked PIN number. But it did not work properly.

Then I wanted to clone Tmobile but soft could not find Ki, no matter what setting was selected. I tried no limit for A3A8 also strong Ki. It finisked always with 0000000000000000000000000... as Ki.

My question is: Does Tmobile uses different algorithmus? If yes, how is it possible when I am abroad I can log-in in every network? With both Orange and Tmobile? Do the networks support more algorithmuses?

Or algorithum is really the same only Ki can not be found for some reason?

I managed to find 8yrs old pre-paid card of Tmobile operator. It was possible to clone it.

Question: can one operator use different A3A8 algorythmuses? Or the new card uses the same algorythm just is is "impossible" to find Ki for another reason?

If I go abroad (let us say Australia) wit old and new sim catd of Tmobile, both would work. How is it possible? Every provider around the world uses all algoryhmuses? Or during the "log-in" the respons of the sim card is sent back to "mother provider" to be verified the respons from sim card? But logging in is so fast even on other side of the world that this seems to be improbable.

RESULT? : for me it results that the A3A8 alghoritmus is still the same only new cards have some prevention to be cloned?

If I do millions attempts and save responses from SIM, I can then find in stupid way (trying all possible combinations for Ki) the correct Ki number? These days we have PC computers that this task might be executed in few days?

Your opinion?

NEWER GSM Sim Cards deactivating A3/A8 alghorithm (0x88 INS) after 50k calculations (impossible in "normal" use, possible when trying to bruteforce card Ki)

Br

If I do millions attempts and save responses from SIM, I can then find in stupid way (trying all possible combinations for Ki) the correct Ki number? These days we have PC computers that this task might be executed in few days?

Your opinion?

read this thread about some numbers of your "million attempts" ;) http://forum.gsmhosting.com/vbb/showpost.php?p=1691129&postcount=57

I downloaded not remember where woroscan 2.10. It claimed to be able to find Ki also for new algorithmuses. Here is the truth:

- there is no viris in it, at least not known so far
- it did want to go somwhere (internet?) because it created unpredictible
error with scansw.exe application in windowsXP
- what is more the length is almost double comparing to woroscan 1.09

I tested it without internet connected and it did not succeed finding Ki for
sim card :):):)

What is mor the HELP info said it was version 1.09 and not 2.10!

I think someone added code to woronscan 1.09 hoping Ki numbers would be send to him allowing him to do roaming calls stealing money....

If someone knows him, please, kill him. Thank you very much!

Question: can one operator use different A3A8 algorythmuses?Why not? Can you have two cars that use different types of fuel (gasoline and diesel f.e.)?

If I go abroad (let us say Australia) wit old and new sim catd of Tmobile, both would work. How is it possible?The only who cares and realy authorise SIM-cards in this case is T-Mobile. It's he who sends pairs (RAND,SRES) to the australian provider.

But logging in is so fast even on other side of the world that this seems to be improbable.NO! The very first authorisation (logging-in) takes much time (much more than next ones). T-Mobile sends ~5 pairs (RAND,SRES) in order to create such a cache for user's comfort in future. Australian provider requests extra pairs before they actually needed (to put in cache by the same reason)

As for Woron-scan - the last version is 1.09.
I promise to advertise here when and if the following would appear. ;-)

Sbog,

thanx! I was re-thinking about logging-in in roaming and it is possible what you write.

So Tmobite must keep the database of all sim cards (it is normal:-) as to distinguish between the old ones and new ones? Or simply sends random number and verifies against two possible replies: one from old and one from new card? In this case the probability of finding Ki decreases from infinity to infinity divided 2 which is still infinity :-)) ??

But I think as they know Ki number to verify reply from sim they would probably also go for old/new card reply....

So it seems the old sims are "precious" and we should keep them for ever?

sbog,

you are right! this is the only way to be responsible not to log-in someone without payment! If Tmobile confirms someone in Australia he becomes responsible that all calls would be paid for!

On the other hand if Australian operator allowed someone to log-in in name of Tmobile, then Tmobile could have said "you should not log him in!" also australian operator would have to know Ki of Tmobile sim card!

you are right! Tmobile send rand to australian operator.

So Tmobite must keep the database of all sim cards (it is normal:-) as to distinguish between the old ones and new ones?Yes. Each line of "users table" has a column "A38-AlgoVersion" - 1, 2, 3, 4..

Or simply sends random number and verifies against two possible repliesOnly respectful Sir Graham reported on such a strange behaviour of one provider. All others including tecnicians of well-known west-european providers confirm the first scheme (with a column).

On the other hand if Australian operator allowed someone to log-in in name of Tmobile, then Tmobile could have said "you should not log him in!" also australian operator would have to know Ki of Tmobile sim card!Again once more:
All authorisations (calculatings of SRES depending on the subscriber's Ki and random RAND) take place in T-Mobile's AuC. About 5 results of such calculations T-Mobile sends to the australian provider who asked T-Mobile the possibility of serving of a T-Mobile subscriber (roamer). By the way - T-Mobile sends some extra info (subscriber profile - what services are allowed, which - not), but the important part of authorisation is that T-Mobile sends pairs of (RAND,SRES) - and NOT sends Ki. These pairs are fixed in the interproviders log-file, and both providers have signed to trust the loggings in this log-file. ;-)
Then australian provider sends one of the obtained from T-Mpbile RANDs to the T-Mobile subscriber (roamer) and COMPARES received SRESes from T-Mobile and from the roamer (just received). The result of this comparison is logged to the above mentioned log-file and the roamer either gets services specified in his profile (if comparison ok) or is rejected (if comparison fails).

Come on GUYS

http://www.gsmhosting.com/vbb/showthread.php?t=356559 (http://www.gsmhosting.com/vbb/showthread.php?t=356559)