Welcome to the GSM-Forum forums. |
You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact contact us.
| ||LinkBack||Thread Tools||Display Modes|
|01-20-2011, 17:04||#1 (permalink)|
Join Date: Jan 2011
Thanked 2 Times in 2 Posts
How to read SIM-cards with Comp 2 and 3 encryption algorithm
How to read SIM-cards with Comp 2 and 3 encryption algorithm
Some SIM cannot be cloned by usual reader. They use advanced algorithm, called "Comp version 2 (or 3) with 128 bit encoding", shortly "Comp2". For a long time it was impossible to extract keys from such cards. Now GSM operators are implementing this new encryption standard, some of them already introduced it. This conversion began after the case when operators got to know about the serious bug in SIM with Comp 1. Then new SIM with Comp 2 and 3 algorithm came into the world.For SIM reading and fully functional work of the device, a special program, SmartScan, was developed. The program assembled on basis of the best programs for keys extracting. It uses the best optimized algorithms. We took better ideas from Woron_Scan 1.09, SIM-Scan 2.01, xSIM, CARDinal and other similar programs. This version of SmartScan also supports the usual reading devices. The program allows:
When clone such new SIM, it often becomes blocked after ~64000 authentication attempts. Or cloning may takes infinitely time without results. The blocked SIM never registers in GSM network.
Not long ago a group of independent developers of smart-cards (Smartcard Developer Association) in cooperation with American scientists of Intel Company have successfully cloned such crypto steady SIM. Finally it happens. The process took 5 hours. Their method was based on analyze of energy consumption of smart cards in reading process. A new extended algorithms for reading SIM was used. They have discovered some changes in frequency of electromagnetic radiation of card in various work modes. The scientists published the report in Internet and presented results to World GSM Association and American Committee for Mobile Communication.
But mobile operators are still inertly react on this research. A statistic research shows: operators will invest money in modern systems when volume of illegal calls comes up to 3-5%. From the other part, it is easy to understand the position of mobile operators. New security systems cost much money and it is problematically to introduce the new equipment in real life.
After conversion to crypto steady SIM, during several years, cloning as business gradually became reducing. But Russian specialists could duplicate this new technology. They started up to life the cloning of new SIM with Comp 2 algorithm. All European and American engineers, numerous fraud-managers, and other specialists have lost a simple fact. Above all, SIM-card is an electrical microchip, which needs some electrical energy for its work. And as any electrical microchip, it also radiate electromagnetic waves. Such energy consumption and radiation changes. It depends of working of specific areas at SIM card. We were interested in the area of SIM, which responsible for Key Identification (KI). Yes, these electric changes are very little, imperceptible. They could be measured in parts of microamperes. Nevertheless, the tracing is possible. Furthermore, it is possible to detect the small electromagnetic waves (radiation) from microchip. Any electrical device radiates waves and SIM in not exception. The clock frequency of processor of SIM cannot be stable on various modes of work. In case with SIM, some changes have observed on 10-20 KHz during accepting of some pair of KI. Using this method, we were succeed in access to most protected areas of SIM: PIN1, PIN2, PUK1, PUK2. The first model of the device for reading SIM v2 was assembled enough complex, large. Some time later, we have done a big lot of work in this sphere.
As a result, the special device, Card Reader "ESR" for SIM (Energy Sensitive Reader) has been created. We used in the scheme several microcontrollers; they work under control their own micro program and it is copy-protected. The scheme is finished as real, effective, working and inexpensive (in comparison with the first models).
- To work with ESR devices under any Windows operating system
- Extends functionality of usual SIM-Readers, allows reading of registration keys of SIM cards of transitional models, which are Comp 1, but the usual readers cannot read them already.
- Allows reading of security codes of SIM: PIN1, PIN2, PUK1, PUK2, using ESR device.
- Contains additional algorithms for processing your IMSI and KI.
- Provides friendly English interface.
However, there is a little risk of SIM-card blocking during cloning. Only ESR allows minimize such risk to zero for any kind of cards. Besides, there are a lot of various programs for card reading, each one has its own advantages and imperfection. SIM-Scan, CARDinal, xSIM, Woron_Scan etc. But only SmartScan contains the best algorithms of scanning.Reading IMSI and KI from SIM with the comp2 data encryption algorithm
Okay so where can i get the Card Reader "ESR" for SIM (Energy Sensitive Reader) It says that there is zero risk and its made to crack KI on comp2 and 3
With my 2010 sim ive tried smart sim and sim scan 2.01 abd 2.02 and left it for hours on each but i got nothing. I need that device in large writing. If anyone has a place where to get this i would be happy to purchase if its under $90USD thanks
|thread||Thread Starter||Forum||Replies||Last Post|
|How to add a language in 51xx/61xx||tati||Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )||7||12-10-2012 04:46|
|IR between 6150 and IBM TP 600||favdijck||Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )||3||11-15-2011 12:08|
|Help with 6110||paulomt1||Nokia Legacy Phones ( DCT-1 , DCT-2 , DCT-3 , DCT-L )||3||05-25-2009 16:29|