any body knows how to use file browser in usefull tools in the
program? and what the benfit? can i chgne any properties of sim
like sing in prohebted network for eg.?

Hi,

In you have the correct PINS you can change a lot of files of you card.

XSim have a file browser also of the files of the SIM.
You can see the propertys of this files (MF, DF & EF). If you have got then Adminstrative PINS (normaly >2) you can change the file content.

¿How can you extract this PINS?
I don´t know...:( for the moment...:D In the future is possible we have a method to calculate the PINs....

Best regards,
Sir Graham.

thanx SirGraham

but i need the meaning of some words like u mensioned (MF, DF & EF). any web site give explantion ? or could u plz tell me it?
and what u means by the pins? coz i have pin1,2 and puk 1,2

hi ][ No _Way,

Yes. I can.

The card have files like a normal operaty system. There is three kinds of files:

MF (Master File) Like a Root Directory (first directory)
DF (Dedicated file) Like a Directory
EF (Elementary File) Like a normal File.

Every file (EF) and Directory (DF, MF) have an "propertys". In this "propertys" there are a fields what show the limits of this file. That´s it: Read, Write, Show, ect... (Like a normal O.S.)

The PINS control this propertys... (like a user password). There are more than 2 PINS in the card (normaly from 6 to 8).
Then PINS > 2 are administrative and Only Knows the operator and/or manufacturer...

I you knows this PINS you can (for example) read some files or change some files. All directory and files (MF,DF,EF) have a number (like a name in normal O.S.)

For Example The IMSI is the file (EF) 6F07 in the directory (MF) (7F20) ...

You can try this with XSim. If you scan your SIM with the Standard option you can see the Standard (MF, DF & EF) and in the Head the propertys...

Do you understand?

Best Regards,
Sir Graham.

Hej,
you say you found way to extract pin..
of course I'm not going to ask how.
but just some small questions about it :)
Did you do it with hardware.. (like cutting of TOTAL power suply, not only via VPP, so sim can not be written.. and so create brute force attack. I think you know what I mean.. I have forgotten the correct values but 0.37 miliVolt then it write at 0.37 milivolt card turns off and 0.34 milivolt it reads (something like this)
This method is an idea which is born at nkfree... or is it something totally different?
And when will it be available?

WBR

Salami1_1

Hi Salami1_1,


Well,

yes... but.... not...

If you "reduced" the Power supply the card don´t work.
The card have two status working or not working.... :(
If you need mantain the Power supply :D .....

But... i think is very interested way.... ;)

sorry...I don´t know when is hardware is avaible...

Best regards,
Sir Graham.

To SirGraham:
As I understand you are going to try some kind of "side channel attack" against comp v2 simcard? Of course I will not ask you about details, but have you already found some way to circumvent hardware countermaesures?
BTW: Have you read this:
http://www.crypto.ruhr-uni-bochum.de/Abschlussarbeiten/texte/documents/da_schramm.pdf
- I think there is some interesting informations about "side channel attack". Not much of course, but...

Hi drzonca,

Thanks for you doc. It´s very interesting. I see other documentation about this and the DOC of IBM.

When I have results (good or bad) about my idea, I put a message in this forum...

Best Regards,
Sir Graham.