How to clone a SIM

[Redfinn]

Does anyone know where I can find a German Manual about cloning a SIM card ? And what kind a Hardware do I need for this ? Is it also possible to unlock locked SIM cards by reading PUK???<br /> <img src="confused.gif" border="0">

[dr.motorola]

i can teach you in french;english or spanish sorry <img src="frown.gif" border="0"> <br />i try to learn german later <img src="smile.gif" border="0"> <br />i 'am very tired <img src="mad.gif" border="0">

[Alf]

About the manual? no idea.<br />The software to get IMSI/KI? Sim_scan.<br />The software to put in the card? Depends on the card. Gold-&gt;Simpic (more stable) Silver -&gt; Dejan's gsm_sim (perhaps with my mods)<br />Hardware? You need a Phoenix interface to scan the KI/IMSI and to set the programmed card to use these. To program the code in the card you need ludipipo and a phoenix interfaces.<br />It's not possible to read the PUK of a card.

The idea is:<br />1 - Get a programmed card (gold or silver, silver is better)<br />2 - Program that card with soft that will emulate a GSM card (SIMPic, GSM_SIM). You need a ludipipo interface to program the PIC and a phoenix interface to program the external eeprom.<br />3 - Scan the original(s) for their IMSI/KI with Dejan's sim_scan. You need a phoenix interface for this.<br />4 - Program the IMSI(s)/KI(s) into the new card. You need a phoenix interface for this (in the case of a SIMPIC gold card it can be done by editing the phonebook - soon I'll also make it possible on Dejan's gsm_sim by editing an SMS)

Aditional remark. German operator D2 uses proprietary cypher. Their cards are hard to clone (I saw some software for Linux, I think).

<br />Hope that helped.

[baumgarten]

Hallo Redfinn,<br />also auf Deutsch, na gut. <br />Zum herausfinden der IMSI kann man SIN_SCAN oder CARDINAL_68 nehmen. In Deutschland geht nur D2. Bei mir hat nur CARDINAL die KI gefunden. Ich benutze das MAKInterface Pro im Phoenix Mode und einen alten P200, hat ca. 5 Stunden gedauert. Meine D2-Karte ist ca. 3 Jahre alt, bei neueren Karten soll es Probleme geben.<br />Nachdem ich dann noch die IMSI mit SimCard Editor for Kids ausgelesen habe (FILE 7F20:6F07) konnte ich mir einen Gold- und Silberwafer herstellen.<br />Für den Goldwafer habe ich TwinSim genommen und für den Silberwafer nahm ich Dejan's gsm_sim mit den Änderungen von ALF.<br />Mit einem HEX-Editor habe ich meine IMSI und KI in die HEX und BIN Files von gsm_sim eingetragen. Das geht bei TwinSim direkt über das Programm.<br />Zum programmieren der Wafer habe ich zuerst einen Loader mit IC-Prog oder mit PonyProg in den PIC geschrieben (LUDIPIPO Mode). Dann brauche ich wieder den Phoenix Mode um die EEprom-BIN-Files zu schreiben. Dafür benutze ich WinPhoenix oder IC-Prog im Smartcard Modus. Dann zurück in den LUDIPIPO Mode und das SimPic-HEX-File drauf.<br />Jetzt bist Du fast fertig, nur noch die Karte zurecht schneiden. Dazu nehme ich meine große Karten und den gerausgebrochnen SIM, füge die beiden zusammen, das hält einigermassen. Dann legen ich diese Karte auf den Wafer und zeichne mit Edding die umrisse auf den Wafer. Ich nehme ein Linial um mit einem Messen die Konturen einzuritzen. Jetzt noch schnell mit einer Schere ausschneiden, die Kanten etwas abschleifen, FERTIG.<br />Ich hoffe das war ausführlich genug, sonst scheibe einfach wieder.

[Alf]

I don-t understand german but PLEASE don't use Cardinal (or the brute-force option of sim_scan).<br />It'll ruin all cards issued after 2001 after finding 2 of the 16bytes of the KI.

You'll end up with a broken card whose key you don't know.

Trust me on this.

[Redfinn]

Ok thank you very much i will Try this!<br />Ok vielen Dank werde das mal versuchen!<br />Sicher das nur D2 geht müsste eigentlich D1 Klonen ? <img src="frown.gif" border="0">

[baumgarten]

@Alf<br />yes, I know that I can kill my sim, but I have a sim from 1998 and all works fine ;-) My german answer is like your answer, but with more details and in german.<br />Did you have a solution for my idea disscript in my e-mail ?

[yclin99]

To : Alf<br />If the SIM Card bought on 2001, will not be cloned ? We just can clone the SIM Card bought<br />before 2001. Is that right ?

[j2000]

Hiiii...to all who have experience for clone SimCard..can give me an advice?<br /> Please see this site <a href="http://www.motorolaunlocker.com" target="_blank">www.motorolaunlocker.com</a><br />selling about Mastera II Programer,it really can effective for cloning card? especially for SimCard? Coz this hardware is very good capability,and this site can trusting for buy from this site?<br /> Thanks very much.....

[amber]

Hi Mr. Frank_Baumgarten ,

<br /> You write veri interesting. Please translate to english you post.

regards,<br />amber

[baumgarten]

@ amber<br />OK, let me try to wirte in english.<br />I'm german and at germany only OLD D2-Mannesmann/Voodoophone-Card can be cloned.<br />You need two number form yout card. First the IMSI number, this can read form file 7F20:6F07 with e.g. "SimCard Editor for Kids", but you need the PIN1. The other number is the KI and this can only be found on cards with COMP128 algo. (this algo. has a bug). I used CARDINAL_68 but you can SIm_SCAN too. I used my MAKInterface Pro at Phoenix mode and it takes 5h with my P1 at 200 MHz. Now you can take a GOLD_WAFER and use TwinSim or SimPic 2.4/5.7/6.5 or can take a SILVER_WAFER and use SimPic 9.4 or Dejan's gsm_sim with the modifications from ALF.<br />I prefer SILVER_WAFER and gam_sim form ALF.<br />You use a HEX editor the wirte the KI and the IMSI to the pic.hex and/or to the eeprom.bin(hex).<br />Now you have to program the PIC and the EEprom.<br />First you write a LOADER to the PIC with a LUDIPIPO Interface with PonyProg or ICProg.<br />Than you use a Phoenix Interface to write the EEProm data with WinPhoenix or ICProg.<br />Last you write the sim emulator to the PIC with a LIDIPIPO Interface with PonyProg or ICProg.<br />Ready, you have a copy form your SIM.<br />RU Frank

[bigman10]

Hi,

Can anybody mail me sim cloning soft, and hardware's schematics? <img src="biggrin.gif" border="0">

bigman<br />[email protected]

[baumgarten]

@Bigman10<br />You can find all this soft at the internet<br />cardinal: <a href="http://www.id2.cz/sw_tested.htm" target="_blank">http://www.id2.cz/sw_tested.htm</a><br />sim_scan: <a href="http://www.net.yu/~dejan/" target="_blank">http://www.net.yu/~dejan/</a><br />sim_pic for gold and silver: <a href="http://www.net.yu/~dejan/" target="_blank">http://www.net.yu/~dejan/</a><br />sim_pic from ALF: <a href="http://alf.di.fct.unl.pt/Nokia/gsm_sim/" target="_blank">http://alf.di.fct.unl.pt/Nokia/gsm_sim/</a><br />IC-Prog: <a href="http://www.ic-prog.net/" target="_blank">http://www.ic-prog.net/</a><br />PonyProg: <a href="http://www.lancos.com/prog.html" target="_blank">http://www.lancos.com/prog.html</a>

RU Frank

[baumgarten]

@ALF<br />I found a way to have more char. for phonebook names. At file info _3a last byte (HEXADR 0795) you have 1C = 28 =&gt; 28 - 14 (fix for number in BCD) = 14 char. for name. If you want to have 20 chars you have to calculate 20+14=34 = 22h. Change 1C to 22 and you will have 174 phonebook names with 20 chars. At the begin you can see that you have 1730h bytes for phonebook 5936/34 = 174 names + 20 unused bytes.<br />R(ead)U Frank

[amber]

Hi Frank_Baumgarten,

Thanks for help.

regards,<br />amber