V2 Project & Unlooper

[Casssimir]

Dear All,

I want to begin tests on v2 cards.

Somebody has done tests before or want to participate with me .?

I need some help to identify the good win explorer script, etc...

Regards

Casss Imir

[GsmFunny]

Hi Cassimir,

do you think it's possible to extract KI on compV2 card with an unlooper?

Wich unlooper can be good for this? and wich software, perhaps a winexplorer script?

If you have more informations I would be interested

[Casssimir]

Hi GSMFUNNY

Thank you for your interests.. If I compared with SAT TV, they do reverse on the smart card like this so I think there is perhaps a way for Sim cards.

Who never test will never know..

If you want to send me some cards, contact me in PV.

[GsmFunny]

I already have some cards from some providers, and i have hardware too. The real question is: KI could be extract from simcard with glitch method?

First, is the KI contained in clear in Eeprom or ROM?

Second, wich processor is contained in these cards?


After lot's of questions are important to manage a glitch attack. Here is an example for beginning a winexplorer script with unlooper:

sc.write("B0 69") ; Fixer voltage DAC pour 2,05v - (5,0*&H69/256)
sc.write("06 20 0C 00 0B 01.00"), où :
06.6 bytes de longueur de l'instruction
20 delay xx xx cycles d'horloge
0C 00 quantité du delay dans des cycles d'horloge...
0B glitch vcc
01 reset de la carte

We need to know the voltage, delay etc

Perhaps Guru's like Ch@in or another in this board can help us.


Thanks.

[platforms]

I smell a rat here, Am intrested to test with you Mr, Contact me via PM.

[uaepast]

hi to all,

i've been AWAY for a while, but one of my freinds gave me some cards with pin1 and puk 1 locked, am not sure if i can clone them, though i've done it few years ago, with cardinal and simscan, it didint ask me for pin clode, just cloned them, but i tried some other cards with pin blocked which didnt work and couldnt find ki , anyways, that made me to today to read more about comp 128v2 , as i was away for long time as i told u, and i found this articl that i wanted to share with u all. please tell me what do u think of it. specially to sir graham, as i remember.


" i tried to attach the file was a lil big.doc but here is the link"
http://www.free.prohosting.com/clonesim/


cheers

[CH@IN]

Quote:

Originally Posted by uaepast

hi to all,

i've been AWAY for a while, but one of my freinds gave me some cards with pin1 and puk 1 locked, am not sure if i can clone them, though i've done it few years ago, with cardinal and simscan, it didint ask me for pin clode, just cloned them, but i tried some other cards with pin blocked which didnt work and couldnt find ki , anyways, that made me to today to read more about comp 128v2 , as i was away for long time as i told u, and i found this articl that i wanted to share with u all. please tell me what do u think of it. specially to sir graham, as i remember.


" i tried to attach the file was a lil big.doc but here is the link"
http://www.free.prohosting.com/clonesim/


cheers

fake! we have discussed this several times... If you install this smart-scan software, you will even risk sending your Ki's (from old sim cards) through the internet. There is no ESR device... search old post for "ESR" and "clone" and "TROJAN" and you will find the relevant topics. BR

[Casssimir]

@CHAIN

Just a question, did you tested in the past this way (unlooper) ?

THANK'S A LOT TO GSMFUNNY AND GSMDREAMS

[CH@IN]

No, I haven't tested this.
I am not interessted in doing a research how to "break" the comp128V2 algo, I am satisfied with good old comp128V1. Sooner or later all algo's will move to open-source crypto's, ...just a matter of time.
There might be already people who found their way through to comp128V2 cloning... we will hear about their success after all gsm-cards will have already been replaced by something new... Most probably Phone companies will release the "sourcecode" to make us buy new devices.
Anyway, good luck with YOUR research.
B R
CH@IN

[v11]

what's Unlooper for decripted key for dvb-sat...?

[SirGraham]

Hi,

I like participate in this proyect....

We can use this forum or ********** forum for this...

Regards,
Sir Graham.


[img]http://www.**********.es/avatars/Logo.jpg[/img]

WEB http://www.**********.es
FOROS http://foros.**********.es

[platforms]

So whats the next move? Do we need to buy new scaning devices or our old can work?

[uaepast]

Quote:

Originally Posted by CH@IN

fake! we have discussed this several times... If you install this smart-scan software, you will even risk sending your Ki's (from old sim cards) through the internet. There is no ESR device... search old post for "ESR" and "clone" and "TROJAN" and you will find the relevant topics. BR

you are sooo right!!
all my old ki's stored in my pc have been stolen!!
my line is been charged 2,000 USD up to now, and i got it d/ctd just yestrday, we r celebrating an occasion, so when phone keep disconnecting the operator said its rush time on the netowrk, i switched it off and here i am, been hacked!! a M.F*** FROM GORGIA was using my line, but he seemed know nothing about cloning, i think he just bought the card for cheep price in his city!

i feel so bad to say that, but i think i have to share it with u guys.
my question is: if smart scan is sending ki's to someone, who that would be?
and what is the method of finding my ki's in my pc? is it searching for ki extentions or reading txt files??
if someone knows plz shsre it,

thanks

[atiato]

if you need C++ code for Ki extraction , kindly call me on +9613001294 atiato , it uses round 2 collision ...

[atiato]

t=166 , n=255
?ound collision
randhash1: 34000000000000008600000000000000B451707B6558B5753E 8D3800
randhash2: A600000000000000B700000000000000B451707B6558B5753E 8D3800
Found Ki
Key1: C700000000000000E500000000000000
t=79 , n=2555
?ound collision
randhash1: 000020000000000000004E00000000001512B629A5861AF385 D52400
randhash2: 00004F000000000000001000000000001512B629A5861AF385 D52400
Found Ki
Key1: C700490000000000E5003C0000000000
t=91 , n=255
?ound collision
randhash1: 00000050000000000000003C00000000690F5A005BC11DC523 A76000
randhash2: 0000005B000000000000007A00000000690F5A005BC11DC523 A76000
Found Ki
Key1: C70049DE00000000E5003CD200000000
t=79 , n=255
?ound collision
randhash1: 000000001400000000000000F500000036A2455A9AB522DC02 E4C400
randhash2: 000000004F00000000000000CE00000036A2455A9AB522DC02 E4C400
Found Ki
Key1: C70049DEBF000000E5003CD21A000000
t=77 , n=255
?ound collision
randhash1: 00000000003D00000000000000E1000090EFD41C41841D6540 E02400
randhash2: 00000000004D0000000000000033000090EFD41C41841D6540 E02400
Found Ki
Key1: C70049DEBF3E0000E5003CD21AD10000
t=209 , n=255
?ound collision
randhash1: 0000000000009200000000000000B9006ED2D5C0A7160AA47B 9FBC00
randhash2: 000000000000D100000000000000F0006ED2D5C0A7160AA47B 9FBC00
Found Ki
Key1: C70049DEBF3E6F00E5003CD21AD12600
t=68 , n=255
?ound collision
randhash1: 000000000000003300000000000000599004A545466614C752 912C00
randhash2: 000000000000004400000000000000209004A545466614C752 912C00
Found Ki
Key1: C70049DEBF3E6FDCE5003CD21AD126E8

it is missing 1 byte ( no collision occurs) , and it started at 10:24 AM ended at 1:25 AM (from morning till after midnight).


if needed to contact call me o n +9613001294 ....