Comon! let us work as a team. we can't accept, all this unknown about V2 everyone who know anything about the system, give us some fakts.
As I read it on different webpages, The big differens betwean comp128 and comp128 V2 is, that V2 depends on the provider. Meening: a part of the algorythm is induvidual for the provider.

Are you sure about that? This would mean no breaking chance whithout someone inside the operator who can help us givin the part of code.

Seems weird. Probably i've misunderstood sthg, as always. :)

if we can't get the information from the inside, we need someone outsite to crack every provider. We have alot of vork to do..
we need a brain-storm we need someone who know much about algorythms, someone who know alot about programming, I guess we can use the same readers.. maby we need to destroy some cards

This is a real deal. I'm studying information engineering and know something about algorythms. Reverse engineering on encryption algorythms is probably the hardest deal in information engineering.
Looking for some vulnerability in the algorythm is probably more accessible than workin on reversion. I would like to have more time to spend on it.
Unfortunately i've lot of work to do to get grades. :P
If i can be of any help, however, i will :)
SirGraham is an expert on this, you should work with him. :)

This is nice to know. To get started, you can tell us, what the problem is, in a way so "normal" peaple can follow you (some basics abaut algorythms) and how one is starting "reverse engineering on encryption algorythms".
ofcourse, SirGraham is allways more then wellcome to join us, and tell us, what we don't know. things like: what the exact differrens is between V1 and V2, why it is so hard to crack V2 and what can be done to get closer to it. Now we know one person, who know something about algorythms and one who know somthing about the GSM-system. now we need a someone, who know something about programming and can help us to collect the different parts. if you know someone: tell him/her about this projekt.

like open source project , sounds great ..

there were some rumours before that but still no solution ..

take a look at this (http://forum.gsmhosting.com/vbb/showthread.php?t=153084)

Of course there are somebody who has enough knowledge about this..

But i don't know why they don't make it commercial , why they don't lead us here to make it solution ( together ) like a other fields They Do DCT-4 (http://forum.gsmhosting.com/vbb/showthread.php?t=181358)

Oz..

i think the answer is : they like competition and there is no body to competite in this field..

That's Why i think..

Here are some explanation of algorithums

http://www.networkpunk.com/?q=node/view/424&PHPSESSID=fc70227281bdb23f40fee3b52b12027d

This one is bether then the first one..

http://www.informit.com/articles/article.asp?p=353553&seqNum=2

can we clone comp128v2 cards? İf it is possible, please tell can we do it with simscan 2.0?
regards

@tukelme
Man , if you read the thread carefully you can easily understand
what we are trying to discuss..

tukelme!
if you read the previous, you can see, that we are trying to collect the right peaple to work as a team and find a way to crack comp128 V2. As we know, no one have made it yet..

And probably we won't too.... :P
Electro i'm trying collecting some docs about reverse engineering on encryption algorithm. If i can understand something i will post it here ok?
Cheers...

Pk

verry much OK :)
Cheers!

ef

here we have a Datasheet (http://www.semiconductors.philips.com/acrobat_download/datasheets/TDA8003TS_3.pdf) for the communication interface on the sim-card. maybe someone can use this for something..

this thready going well better than doing nothing ..
why don't any body join this thread who has skill on Gsm Sim Cards like Dejan , SirGraham ,Woron , or other why no producer here , which is available on market like sim Doctor and other products , we have to get their attention on this thread to work together , as far as i see only 4 ppl joined..

five :)

as I ve discussed in past with dejan that he sais no commercial solution for v2 cards !!!

he said that it may be possible with some special equipment.

regards.

Now I have comunication between a sim card and the hyper terminal. so far I only get echo..
can anyone tell me what I can get from the card without the ki? and how? how do the phone communicate with the card?

do ki work as an acces key?

@electroboys
you are so right: why are no producers here?

here (http://www.decodesystems.com/smartcards.html) are some standards for smart-card-communication. I have tryed some of the comands, but no replay.. I have no idea witch commands shoud give respons :confused:

something (http://www.wrankl.de/UThings/SIM-ME-Communication.pdf) more for you, who wont to read alot about sim-communication

Good job Man ,
Actually point is why are we able to read ki from Comp128V1 , as far as i know there were some bugs That's why we can get the ki Codes from V1 But in V2 That Bugs fixed So we can not reach anymore ! but i think it's not impossible , i think we will see the solution before we dead :) anyway i saw this (http://www.simcon.no/) This guys has done good job about sim Cards ,

Still not enough attention on thread .. i think time to sleep for sim card cloning business after the winter, springs comes.. ;)


Oz..

those guys had a referance to this (http://www.ijde.org/docs/03_spring_art1.pdf) document, which explain what the ki is used for. it look like, they are working on the same security, wich we are trying to braeke.. so it can be hard to get them to help us :rolleyes:
Actually point is why are we able to read ki from Comp128V1 , as far as i know there were some bugs That's why we can get the ki Codes from V1 But in V2 That Bugs fixed So we can not reach anymore ! but i think it's not impossible
I can be wrong, but as far as I know the main differens between V1 and V2 is the algorithem it self. in V2 a part of the algorritem depends on the opperator..

Yeah the simcon work very fine!

in section 4.8 in the document it says something about a weakness in V1, witch make it possible to get the ki. since the document is written in spring 2003 (before V2) it don't say anything about the changes/differenses..

@Colin
when you say work, do you meen look good or have you tryed it?

in section 4.8 in the document it says something about a weakness in V1, witch make it possible to get the ki. since the document is written in spring 2003 (before V2) it don't say anything about the changes/differenses..

@Colin
when you say work, do you meen look good or have you tryed it?

AFAIK, v2 came before spring 2003.... Since many cards from 2001 and 2002
is v2 and cannot be cloned, like movistar es...

@flodis79

thanks for correcting me.. than, thare must be an ather reason, for why they don't say anything about it..
anyway, we still need to know what the exact differens is between V1 and V2..

those guys had a referance to
in V2 a part of the algorritem depends on the opperator..


Exactly Not like this.. , v2 Cards also Work Standalone ..

@electroboys
can/will you please explane "work standalone" are you talking about roaming or cracking? insulated sim-cards can't do nothing.
The following is from the same document, and say something about the function of the sim-card

3.8 GSM Security
GSM provides authentication of users and encryption of the traffic across the air interface. This is accomplished by giving the user and network a shared secret, kalled Ki. This 128-bit number is stored on the SIM-card, and is not directly accessible to the user. Each time the mobile connects to the network, the network authenticates the user by sending a random number (challenge) to the mobile. The SIM then uses an authentication algorithm to compute a authentication token SRES using the random number and Ki. The mobile sends the SRES back to the network which compares the value with an independently computed SRES. At the same time, an encryption key Kc is computed. This key is used for encryption of subsequent traffic across the air interface. Thus, even if an attacker listening to the air traffic could crack the encryption key Kc, the attack would be of little value, since this key changes each time the authentication procedure is performed.

what I tryed to say was: I think: The authentication algorithm for V2 is different for different providers. which give us one challange pr. provider but I am apsolutly not shore..

v2 is completely different from v1, that is, v2 is a newly designed algo. for authentication in GSM system. so we just need to do reverse-engineering (like for v1 in 1998) anf then try to find the weakness.

Hi,
it's my first attempt to clone my 4 sim cards into one. I have all the software
i need, but all my tentatives to clone my cards failed. I used SIM SCAN,
XSIM, ecc... but i didn't reached my objective. I can't find the KI of my
sim cards!!!!! Where can I wrong????
How can find if my sim cards have COMP128V1 - V2 or V3 algorithm? I don't
remember in which date i have taken these cards.
Is the COMP128Vx algorithm the only reason for which i can't find the KI???
PLEASE... HELP ME!!!!
Thanks in advance....
Cerberus

Hi,

I think ur SIM card is not used comp128-1 algorithm, and u can't determine the exact used algorithm because u don't know the Ki.

there is a lot of potential to make money in this field , problem is those who have great knowlage to take sim cloning to next level dont have the will to do so maybe because they fill there is no marked in their countries

any way thats how i see it.
regards

lets hope for better respond, maybe ufter reading these post they will change their minds
regads

why we don't try a bruteforce to a cell,
in one place we will see 2-3 antena or more, maybe can parallel bruteforce all antena we see...
we need to make change to phone
we need new ideeas....