Cloning V2

[Hyna]

Hi all.
In our country I cloned SIM card. But in 2002 our three operators change SIM card on V2. So, I ended with this bussines. Now elapsed 3 years, it´s long time to invent how clone V2 Sim card.
I read this forum, we write: It´s impossible.
My question is: Is there enybody who experimenting a with cloning V2 card?

PS. Sorry for my English.

Hyna, Czech Republic

[CH@IN]

Hyna, they Ki authentication for V1 and V2 cards as you know is THE SAME... it is just better protected inside the card. The A3A8 protocol leaked and was the reason to allow the extraction of the Ki with brute forcing on V1.

Network Providers that never used this standart protocol (like Vodafone) never had a problem with protecting their cards, although they were V1.

The cloned card will run as a V2 card without the need for a change in the current software. This means, our problem remains just to get these Ki.

About doing experiments,... it won't help without having access to some secret information about the V2 cards. Like always, somehow, something has to leak to the public to enable further investigation. Without that kind of help you will never succeed.
I am pretty sure there are people who have the knowledge to make a clone of a V2 card, they just don't want/are allowed to spread that info.

History repeats all the time and starts over again from the begining When the new USIM cards will cover the market by 80-90 percent... the V2 cards will be clonable.

Best solution remains still to buy the old V1 cards from your friends and clone them for your personal use. (Or changing old prepaid cards into subscription cards through your provider.)

Ch@in

[Hyna]

Thanks for reply

I know It´s better protected...
I´m not sure how translated this sentence
Network Providers that never used this standart protocol (like Vodafone) never had a problem with protecting their cards, although they were V1.
I learned english, but...

It means: Most of providers uses V1 and ther are contented?

[CH@IN]

Quote:

Originally Posted by Hyna

Thanks for reply
I´m not sure how translated this sentence
Network Providers that never used this standart protocol (like Vodafone) never had a problem with protecting their cards, although they were V1.
I learned english, but...

It means: Most of providers uses V1 and ther are contented?

Don't worry Hyna, my English is worse than yours. I wanted to tell you, that Vodafone cards never have been cloned. They never used the GSM standard Comp128-V1 but a modified version.

Quote:

Originally Posted by Security in the GSM System

Implementations of A3, A8

Although the design of the GSM system allows an operator to choose any algorithm they like for A3 & A8, many decided on the one that was developed in secret by the GSM association, COMP128.

You can read the full document by Jeremy Quirke in the attachment about the attacks and the possible experiments It is interesting for people like you who want to know more about "experimenting", you can read in it about things like after how many seconds the Telephone needs to reply with the encrypted SRES (12 seconds max).

(attachment too large 256kb to fit), use the link instead:

http://www.ausmobile.com/downloads/t...2001052004.pdf

[HONGXING]

What about that: We all put our money together and send one V2 card to the nice guys from www.semiresearch.com

I'm sure they can help in such "cloning" problems, because they are experts of cloning ;-)

I think, GSM SIM cards are not so heavily protected against invasive attacks like other smartcards.

[faro]

Hi all,

In my opinion comp128v2 same as v1, not hidden anywhere,comp128v2 is different from v1 just by, they use special characters in the place of digits like in v1,and our old scanners are unable to read those special characters.

All we have to do is find out these new special characters and add them in scanners scripts.

Hopefully I am right.
Faro

[sven.soltermann]

Quote:

Originally Posted by PROTOBUYER

What about that: We all put our money together and send one V2 card to the nice guys from www.semiresearch.com

I'm sure they can help in such "cloning" problems, because they are experts of cloning ;-)

I think, GSM SIM cards are not so heavily protected against invasive attacks like other smartcards.

Hello,

I find that this is a very good idea... Do you have some informations about the price?

Greets Sven

[MeMoCan]

Quote:

Originally Posted by CH@IN

Hyna, they Ki authentication for V1 and V2 cards as you know is THE SAME... it is just better protected inside the card. The A3A8 protocol leaked and was the reason to allow the extraction of the Ki with brute forcing on V1.

The cloned card will run as a V2 card without the need for a change in the current software. This means, our problem remains just to get these Ki.

Ch@in

You are WRONG, we wrote it several times, V2 and V1 are not same.
We put v1 codes to V2 cards (simdoctor has this option) and it wont work...
vectors are not same, sir graham did some tests on v2, read old posts.
This means, software is not same (sim-emu explained it before, it you have compv2 or 3 solution, you have to describe algoritm to sim-emu for new version of emulator).

[CH@IN]

Thank you for pointing that out. Indeed there are differences between v1 and v2.

[jayachandran]

i want to have
good reader (com/usb)
sim (gold/silver/blank)
sw
tell me the best Mr.ch@in
thanks

jai
+91 98427 01540

[sbog]

Quote:

Originally Posted by MeMoCan

You are WRONG, we wrote it several times, V2 and V1 are not same.
We put v1 codes to V2 cards (simdoctor has this option) and it wont work...
vectors are not same, sir graham did some tests on v2, read old posts.
This means, software is not same (sim-emu explained it before, it you have compv2 or 3 solution, you have to describe algoritm to sim-emu for new version of emulator).

IMO this is the subject of terminology. We say 'v2' when encounter that an algo is not v1 and returns 86 significant bits of 96-bits response. Obviously those could be rather different algos.

Now let us consider that we are an GSM-operator that have been using for some (long) time classic v1-algo, and for some reason decided to improve the anti-clone protection of its SIMcards.. Which way would be the cheapest one?
1. For sure - not to exchange existed v1-cards;
2. Minimize the changes in the AuC software;
3. Make to fail all existing routines of finding Ki.

The simplest way to fulfil the plan is:
1. New SIMcards (say v2 - alas, how else? perfom calculation of some function of incoming RAND (say B(RAND)), and the result of this calculation is added (not neccessary added but for example) to SRES/Kc of succeded comp128-v1 (before zeroing the last 10 bits). All collision methods of our Famous GrandMasters obviously fail. don't they?
2. AuC does not know which type (v1 or v2) the certain card is - but does not worry. Since it sends not random RANDs, but special precomputed ones, namely - the roots of B(), i.e. those x that satisfy B(x)=0. This results in calculating old v1-algo by both AuC and the SIMcard not depending on it's type (v1 or 'v2').

I beleive that i'm not the first who introduce this idea, but i'm too lazy to search whose copyright could it be. Let's say - this idea is copyright of Corresponding People.

Probably comrade Ch@ne spoke of something similar, comrade PIC-ador definitely spoke at kievsat.com about this idea, but i missed this post (and can't find up to now), yo mismo siempre cuento de esto and so on..

If this is the case - the best way to make a clone is to hack a guy who inputs Ki's into AuC's database. Dixi

[stylius]

Daes they can help clone v2 sim card type? http://www.semiresearch.com/

[SirGraham]

Hi,
It´s easy. A3A8 is the same in V1 and V2, the problems is the implementacion in COMP128.
The V2 eliminated the colision problem found in V1 and for this razon the software must be changed to use other method to extract the Ki.....

Regards,
Sir Graham.

[img]http://www.**********.es/avatars/Logo.jpg[/img] [img]http://www.**********.es/avatars/bluehack.jpg[/img]
WEB http://www.**********.es
FOROS http://foros.**********.es

[invision]

@SirGraham, you say that there's removed colision problem in V2, I would just like to know what this guy thought when he wrote that he cloned some cards with "...Colission search..." (sorry, but I don't understand him )
http://forum.gsmhosting.com/vbb/show...5&postcount=45

Anyway, is there any progress on cloning v2, if there's any way to help, just tell me!

p.s. Sorry for bad english

Best Regards, Igor

[SirGraham]

Hi,

I am explain me:

The Cards With COMP128 v1 (old card) you can extract the Ki because this version of COMP128 (v1) have collisions. This is a problem in a hash function (and more in this) because you can know (with collisions) the input of the function (Ki).

Of course this person used the collission search. For the moment is te unique method to extract the Ki. But only the SIM with COMP128 v1 have collisions and YOU CAN USE THIS....

Regards,
Sir Graham.


[img]http://www.**********.es/avatars/Logo.jpg[/img] [img]http://www.**********.es/avatars/bluehack.jpg[/img]

WEB http://www.**********.es
FOROS http://foros.**********.es