Setool3 - emulator

[Lead]

....................................

[Lead]

Here is a snippet of my communication with laser about his new smartcard protection:

Code:

the_laser  3/16/2005 20:55:47
so, we have only 32kb... well, big enough.
now what to put inside.
key for flash decrypting, for sure.
license information.
what else ?
as for new semc we all used holes which are unprotectable

Lead 3/16/2005 20:55:48
what card manufacturer do you prefer?

the_laser  3/16/2005 20:56:14
i have a set of testcards (eval kits)

One month later, it was officially claimed that setool2 has been cracked.
It was not released as a free crack, but they stopped the support completely and asked their customers to pay more money afterwards...
So standalone setool2 support lasted for less than 3 months.
How long will setool3 support last for?

Now, back to laser's protection:

1. There is no SEMC-related algo in the setool3 smartcard.
2. Licence info is stored in the card. That is obvious.
3. Key for decrypting flash files is stored in the flash.

Only the 3rd item may cause some problems to an unexperienced cracker.
Well - note that laser bought cards from Narry.
These cards come from early e-gate batches that exhibit a known vulnerability which can be used to read entire smartcard content.
Zulea is able to utilize this vulnerability, so he is able to read the whole smartcard content and therefore he is able to fully emulate the smartcard.
He has enough money already to have no profit from it, to release setool3 completely for free, just for fun.

The question is - "How much will the next setool4 upgrade cost?"

[MRXSG]

Lucky I have cancel my order for the Setools upgrade..

[Narry]

FIRST I HAVE NOT SOLD ANY CARD TO LASER BUT I CAN OFFER THIS SERVICE TO PROGRAMERS

Services => GSM Unlocking Software Protection Services

1. Introduction

As time goes by, cracking/cloning GSM software becomes a business. That's why more and more GSM software developers want to protect their products better and better. Almost all known types of protection now can be cracked/cloned starting from the easiest ones (software protectors only, like Armadillo) and ending with complex hardware solutions based on some kind of microprocessors + software protection. The reason is simple. Almost all kinds of memory can be easily read and almost all kinds of electronic boards can be easily examined and cloned. And all software protectors can be removed from software. The only question here is time needs for cracking.
But still exists at least one type of protection, that can not be cracked. This type is Schlumberger Smart-Cards.
What is smart-card

Smart-card is a small card, of the size like usual GSM SIM cards. Inside this card exists some kind of microcomputer with it's own processor, small amount of memory. A computer, that was created to keep your secrets... Smart card is connected to PC via small simple USB device called Smart-Card Reader. This reader is like a bridge between smart-card and computer.
Smart-Card Architecture
As said above, smart-card is a microcomputer. Microcomputer with 32Kb memory on-board and cryptographic co-processor, accelerating execution of encryption and decryption blocks of data. Smart-card has in-built support for various cryptographic algos like various CRCs, DES, RSA, secure random numbers generator etc.
Smart-card can have several programs inside, that are called applets. These programs can be written in one of the variants of Java language, that is very easy to learn. Applets can communicate with software from PC using in-out buffer, that allows you to pass commands to your applet and to get results from your applet with few lines of code.
You can easily put your applets to your card if you know access codes, but nobody including you even knowing codes can't read applets from card. Under any condition applet source can't be read from smart-card. This makes your card some kind of safe for your know-how technologies.
Smart card reliability
Reliability of Schlumberger Smart-Cards is confirmed by such a giants in business like Visa, MasterCard and many others. Smart-cards are used as authentication marks, digital signature containers, digital wallets and other holders of VERY important data. There was never a precedent of successful reading applet's code or applet's internal data from smart-card in whole world.

2. Protecting GSM software with Smart-Cards
How to?
In process of unlocking/flashing almost any phone there is some algo of processing information (for example, calculating IMEI checksums, various CRCs calculation, decrypting small blocks of data, etc.) This algo can be simply converted to smart-card applet. And after that your software will read some data from phone, that needs to be processed, send it to your applet and then receive back already processed. That’s all!
Algo’s, that should never been put to card
Of course, any protection, even the most powerful, should be correctly applied. Simply checking smart-card presence from software will not make your protection strong. So, there are several kinds of algos, putting which to smart-card will not improve protection:
Decryption of static (constant) data blocks, that come from software (PC) (for example, loaders decryption)
Very easy-to-guess algos (like CRC32 calculations or XOR FFh decryption)
Static data itself (table of software versions for example)

********* Emeralda Engine
What is this?
Of course, simply putting algos to dongle is not enough. Time passes, new phone models appear, algos inside the dongle should be updated, because, if you will put algo for a new model only to soft – software can be easily cracked. So you need dongle upgrade system. But, you can’t simply provide file with applet’s source to every user, because he can easily extract your algos from it. Also, you need control over all dongle upgrade process (for example, you may need to disable upgrade for some dongle, grant your resellers access their users’ accounts etc.). All this can be easily done with a help of Emeralda.
Emeralda uses advantages of built-in smart-card secure communication protocol to make dongle upgrades safe, so you can be sure, that nobody will be able to extract your applets from any part of traffic, sent to client, or sent by client to smart-card. Emeralda server generates encrypted and signed stream of data, that is transmitted to upgrade client. Client sends stream in encrypted and singed untouched form directly to smart-card and only smart-card itself decrypts and verifies that stream, accepts applets and run internal commands, that are contained inside. So, nobody have access to command source.
Emeralda Engine
Emeralda engine is a set of software components, that provides ability to securely and remotely update user dongles, control upgrade process, control user accounts etc. Here are main features of Emeralda:
Remote secure update of Schlumberger smart-cards – client and server applications
Three-level control system (author, distributor, reseller) for controlling user accounts on server
IP and dongle black list
Logging of security violations
Logging whole process of dongle upgrade for each user

Emeralda server requirements
Usual PC, preferably not slower than PIII-700.
128Mb (better 256Mb) of memory
Any type of Internet connection with static or dynamic (in this case no-ip.com services can be used) IP with speed preferably not slower than 10-15Kb/sec (maximum amount of traffic per client session is about 34Kb)
Minimum 150Mb (500Mb or more is recommended) free space available on HDD
Windows 2000/XP/2003 (Windows 98 is probably supported too, but not tested)

***************

***************

***************

Nice hidden sales posts, some sections cencored. You know you have to posts this in Main Sales Section, No exeptions.

[MACKIE]

@ Lead
What do you think is it possible that Zulea find way for emulate this Lasers "old" vulnerable e-gate ?
Are you want to say that Laser made another mistake with Setool protection ?

About cruiser.... is SEMC-related algo in the smartcard....and what kind of smartcards are in cruiser....is there way that same thing/if it's true/happend with cruiser...?

What do you think then about Saras HWK wich is here soon..?

Regards
Mackie

[Victor]

hey Lead ... Improove your protecttion first!

Fighter/Cruiser CAN BE UNPACKED WITH PEID 0.93 with 2 click's on mouse!!!

link to peid: www.peid****



Regards: Victor!!!

[mobileland]

Quote:

Originally Posted by Lead

Here is a snippet of my communication with laser about his new smartcard protection:

Code:

the_laser 3/16/2005 20:55:47
so, we have only 32kb... well, big enough.
now what to put inside.
key for flash decrypting, for sure.
license information.
what else ?
as for new semc we all used holes which are unprotectable
 
Lead 3/16/2005 20:55:48
what card manufacturer do you prefer?
 
the_laser 3/16/2005 20:56:14
i have a set of testcards (eval kits)

One month later, it was officially claimed that setool2 has been cracked.
It was not released as a free crack, but they stopped the support completely and asked their customers to pay more money afterwards...
So standalone setool2 support lasted for less than 3 months.
How long will setool3 support last for?

Now, back to laser's protection:

1. There is no SEMC-related algo in the setool3 smartcard.
2. Licence info is stored in the card. That is obvious.
3. Key for decrypting flash files is stored in the flash.

Only the 3rd item may cause some problems to an unexperienced cracker.
Well - note that laser bought cards from Narry.
These cards come from early e-gate batches that exhibit a known vulnerability which can be used to read entire smartcard content.
Zulea is able to utilize this vulnerability, so he is able to read the whole smartcard content and therefore he is able to fully emulate the smartcard.
He has enough money already to have no profit from it, to release setool3 completely for free, just for fun.

The question is - "How much will the next setool4 upgrade cost?"

@******* (Lead)
1) setool4 will not be released even in case if emulator exists because we have a possibility to improve protection in the future versions ,

2) how can you said about support if everyone remember how you cheat all your customers fighter ---> cruiser procedures ,

3) you are just mad because you understand that you are number last... your customers can`t expect something new from you you are always number 2 .. check news setion at setool support area and you will see cruiser IMPROVEMNTS with 2 days delay(in best case) .

Everyone know that customers want to be always first in all!
Firmware files, fast reaction to every bug found, supported models and not for 1 month "resize button" upgrade like you always do .

SETOOL, simply, is much better.
Setool team have all existing flashfiles for supported models exactly as they are written .
Laser seems to be more wise and faster than you .Will not mention 'flexibility' .

Once more about the 'payed card update' .
SETOOL dongles costs old users only 55e.
We are not hungry like you ***********.
You took from your old customers 350e man.What a cheating-stealing-blackmailing...

Shut your 'big *****s' and try to do some solution first.


Best Regards !

No Insults, keep the language clean.

[Mizar]

Quote:

Originally Posted by Victor

hey Lead ... Improove your protecttion first!

Fighter/Cruiser CAN BE UNPACKED WITH PEID 0.93 with 2 click's on mouse!!!

link to peid: www.peid****



Regards: Victor!!!

Victor, this is really nothing to worry about. Even unpacking the exefile will not help since real security is somewhere else. Also not just in smartcard. But also in the way of implementation.

Mizar

[MACKIE]

The fact is that upgrade of SEtool to a smartcard version is not expensive and everyone can afford it.....and that Setool is most powerfull and supported tool for SEMC at the market.. ....Laser made very good tool and support it almost every day....but this Zuki's word shaked many new customers....

Never mind every proffesional customer will buy original because it's always better supported than cracked or whatever....

But it's not good to have Laser as enemy....because that mean new WAR and war's are not good for anyone....

Regards
Mackie

[Mizar]

Quote:

Originally Posted by mobileland

@******* (Lead)

1) setool4 will not be released even in case if emulator exists because we have a possibility to improve protection in the future versions ,

Yes, only via exchanging the cards. How much it will cost?

Quote:

Originally Posted by mobileland

2) how can you said about support if everyone remember how you cheat all your customers fighter ---> cruiser procedures ,

3) you are just mad because you understand that you are number last... your customers can`t expect something new from you you are always number 2 .. check news setion at setool support area and you will see cruiser IMPROVEMNTS with 2 days delay(in best case) .

When arguments are at the finish, mis-informations are here.. Nice try ! Maybe you should check the history and dates. Or maybe someone objective who has more time than me will write here all feature release dates for Cruiser and SETool2/3 so all will see.. Btw. you like like to manipulate the facts - for example also via censorship at your forum... So what do you expect people to think now about your posts here where you can't delete ours ? Don't be childish again..

Quote:

Originally Posted by mobileland

Everyone know that customers want to be always first in all!
Firmware files, fast reaction to every bug found, supported models and not for 1 month "resize button" upgrade like you always do .

SETOOL, simply, is much better.
Setool team have all existing flashfiles for supported models exactly as they are written .
Laser seems to be more wise and faster than you .Will not mention 'flexibility' .

Nice advert, but too late. Fact is that SETool3 card was with the biggest probability hacked and emulated. And the only thing you can do now is to replace cards, algorithms within and don't let users pay for it..

Cheers ,

Mizar

[mind]

Quote:

Originally Posted by mobileland

@smartass

Once more about the 'payed card update' .
SETOOL dongles costs old users only 55e.
We are not hungry like you **********.
You took from your old customers 350e man.What a cheating-stealing-blackmailing...

Shut your 'big *****s' and try to do some solution first.


Best Regards !

It is ****** because many old se-tool2 user cant upgrade to dongle version. Because all reseller is very hungry, and sold all dongle to new users. I am waiting for my ******** dongle, ago 1,5 month.

[tools4gsm]

From me no more money for SETOOL, any version any protection.
From me no more money for ZULEA tools.

Every time we (customers) are f......d and pay for their wars.
Who is the best for customers this is the question?
It does not mether how much this cost, but protecting customers is important.


Sorry for my bad english

[Boss]

Quote:

Originally Posted by Lead

Here is a snippet of my communication with laser about his new smartcard protection:

Code:

the_laser  3/16/2005 20:55:47
so, we have only 32kb... well, big enough.
now what to put inside.
key for flash decrypting, for sure.
license information.
what else ?
as for new semc we all used holes which are unprotectable

Lead 3/16/2005 20:55:48
what card manufacturer do you prefer?

the_laser  3/16/2005 20:56:14
i have a set of testcards (eval kits)

One month later, it was officially claimed that setool2 has been cracked.
It was not released as a free crack, but they stopped the support completely and asked their customers to pay more money afterwards...
So standalone setool2 support lasted for less than 3 months.
How long will setool3 support last for?

Now, back to laser's protection:

1. There is no SEMC-related algo in the setool3 smartcard.
2. Licence info is stored in the card. That is obvious.
3. Key for decrypting flash files is stored in the flash.

Only the 3rd item may cause some problems to an unexperienced cracker.
Well - note that laser bought cards from Narry.
These cards come from early e-gate batches that exhibit a known vulnerability which can be used to read entire smartcard content.
Zulea is able to utilize this vulnerability, so he is able to read the whole smartcard content and therefore he is able to fully emulate the smartcard.
He has enough money already to have no profit from it, to release setool3 completely for free, just for fun.

The question is - "How much will the next setool4 upgrade cost?"

::::: [email protected]

Hi,

Cloned SE-Fighter dongles (e-gate smartcards) available for sale at low prices. All dongles work well with latest software version 2.00a and comes with 2 CD's. Also all support area (files) mirror available.



SE Fighter - still the only solution for security zone rebuild!



SonyEricsson Fighter is ultimate and most advance device for maintaince of all exist Ericsson and SonyEricsson phones.



RIGHT NOW THE SE FIGHTER IS THE ONLY SOFTWARE ON THE MARKET THAT CAN CREATE NEW SECURITY ZONE FOR SE PHONES.



YOU CAN REPAIR ANY SOFTWARE PROBLEM OR REPAIR PHONES AFTER FLASH IC REPLACE.



SE Fighter STANDARD

- unlock/flash of most SE phones on the market (94 phone types supported) - empty board flashing

- complete rebuild of security zone (IMEI, SP data, etc.)

for more see list of supported phones and features



Prices:

1-4 pcs. - 200$ each

5-9 pcs. - 150$ each

10-24 pcs. - 120$ each

25-... pcs. - 100$ each



All kits comes complete with:

- USB e-gate smartcard dongle

- USB special data cable

- 2 pcs. CD's with latest software (v2.00a) and flash files



More details about original SE-Fighter can be find at: www.se-fighter.com
If you are interested can contact us at:



[email protected]
[email protected]
Tel: +40744315315



Regards,

DIV

-----------------------

remember this ?

[r3tired]

@Lead, Mizar
How come you cant remember the story about Fighter > Cruiser, upgrade option ?
You have forgot that you charged your customers, a few bucks ~350EUR and they were crying ?, and suddenly after SETool release ~130 EUR, what a loss ?

About cracking and patching, and relasing for free or non-free, its allways good to correct the author in meanwhile of any restrictions, you correct him and he correct his faults.
We all learn by our mistakes, NONE is perfect or correct made, everybody has or make his mistakes soon or later, and im sure zulea, lead, mizar and the_laser and so on are having this.

In point of view i think that this ''blablla'' from Zulea, just a ridicolous move so the_laser crack his SE PBB 4.2 or Alcatel or maybe FLS-4 emulator and put free and make once again a ordinary kill of market.
To people who say market is dead and other talks, this is not true.
Where you can find LG flasher, or unlocker for U-series, or maybe EB flasher for K600 ?

Im sure again, every unvariable protection can be cracked so as our old Armadillo, and our new Execryptor, or even our hardware protections nowadays, all is based on the mean time and how long this procedures take, and for sure is not imprec or peid job not even dump job.
Experienced level is required with atleast a few years behind this bridge.

So, point of view - even if setool is cracked by words and not evidence, who is really sure that it is cracked ?
Seeing is belivieing then what is reading ?

According to my post im not targeting to anybody or any product, just pointing out that until now this is unbelivable bs from the king of toilet Daniel ********.

[FractalizeR]

Quote:

Originally Posted by Mizar

Yes, only via exchanging the cards. How much it will cost?
Mizar

I don't want to advertise something here, but to change algos inside the card there is no need in card exchange... Smart card communication protocol is secured enought to perform remote update. I implemented it's features of the protocol in my Emeralda engine (ThunderStorm software uses my engine for some months already). Now I'm working on improved version of Emeralda (to increase scalability and extensibility) for another project.

Of course, security wholes may exist in old cards (CodeShield technology can be implemented not only to force users to buy SDK from Schlumberger, but also to patch some security wholes in cards), nobody knows the truth except Schlumberger, but... These cards were created not for unlocking softwares authors, but for being digital signature holders, digital wallets etc. So, if there is a simple whole in card, and Zulea found this whole, it means, that all people in the world, who are using these cards by those needs should be nervous.... And for Zulea is more profitable to sell this technology to somebody, to clone wallets, make fake signatures etc.

Thus, I don't think, cards really has some security backdoor.... I even suspect, all Zulea messages and offers about this SE-Tool emulator is fake as was that message a long time ago, that he is selling Fighter clones (it was fake of course).

No need to worry about SE-Tool I think. I don't think, author is going to stop development.