GSM-Forum - View Single Post - New project for FINDING Ki-function ?

SirGraham · 02-14-2003, 10:12

Hi Kar@mba,

in other forum we talking about it.

In some book and web pages show this authenticate secuence:

BTS
send Rand number ---------------> Card Ki = f (IMSI)
Ki -> A3A8 -> SRes & Kc

Make the same
of SIM phone <--------------- Send SRes

uhmmmm..... If this is true.....

Some questions to start to investigate:

* The Ki is calculated all times that the BTS send Rand number
or only the first time? (by the manufactured: Gemplus, ect...)

You can check this if you can change the value of IMSI in original card.

*If you make this.... Changed the operative Ki of this card?
(File 7F20:6F07 of the SIM Card, you can see with XSim)

But You can´t change the PIN of original card because are protected with the administrative PIN.... (normaly PIN4)

*Is there any method to obtain the Administrative PIN?

I think It is one way to work.....

Best Regards,
Sir Graham.

02-14-2003, 10:12	#4 (permalink)
SirGraham No Life Poster Join Date: Aug 2002 Posts: 628 Member: 15073 Status: Offline Thanks Meter: 12	Hi Kar@mba, in other forum we talking about it. In some book and web pages show this authenticate secuence: BTS send Rand number ---------------> Card Ki = f (IMSI) Ki -> A3A8 -> SRes & Kc Make the same of SIM phone <--------------- Send SRes uhmmmm..... If this is true..... Some questions to start to investigate: * The Ki is calculated all times that the BTS send Rand number or only the first time? (by the manufactured: Gemplus, ect...) You can check this if you can change the value of IMSI in original card. If you make this.... Changed the operative Ki of this card? (File 7F20:6F07 of the SIM Card, you can see with XSim) But You can´t change the PIN of original card because are protected with the administrative PIN.... (normaly PIN4) Is there any method to obtain the Administrative PIN? I think It is one way to work..... Best Regards, Sir Graham.