Hi Kar@mba,
in other forum we talking about it.
In some book and web pages show this authenticate secuence:
BTS
send Rand number ---------------> Card Ki = f (IMSI)
Ki -> A3A8 -> SRes & Kc
Make the same
of SIM phone <--------------- Send SRes
uhmmmm..... If this is true.....
Some questions to start to investigate:
* The Ki is calculated all times that the BTS send Rand number
or only the first time? (by the manufactured: Gemplus, ect...)
You can check this if you can change the value of IMSI in original card.
*If you make this.... Changed the operative Ki of this card?
(File 7F20:6F07 of the SIM Card, you can see with XSim)
But You canīt change the PIN of original card because are protected with the administrative PIN.... (normaly PIN4)
*Is there any method to obtain the Administrative PIN?
I think It is one way to work.....
Best Regards,
Sir Graham.