sim Ki, how many times can i challange it

[Zianna]

hi there

i have seen quiet a few new ways to challenge the key, most sims can handle no more than 65535 (or summing like that), is that number in it lifetime or in one connection,,,,,meaning can i challange a card 50 thousand or so times today, then anouther 50 thousand times tomorro and so on, or when it reaches this 65535 limmit in total?

cause i have a a card here that no brute force is decyphering .... just wanted to kno how many chances i get..

thanks<br />Zianna

[ 04 September 2001: Message edited by: Zianna ]</p>

[lotfi17]

Note that the Ki is never <br />transmitted by air or otherwise. The SIM is designed in such a way that the customer cannot read the Ki from the SIM under any condition.

The SIM has just an interface for running the A3 and A8 algorithms and getting the response back. So now when the mobile needs service from the<br />network(like a location update or a call) he identifies himself with his number. The network<br />challenges it with a 128 challenge (RAND). This RAND is given to the SIM. The SIM runs the A3 and A8 algorithm and gives back SRES (a 32-bit response) and Kc(the 64-bit ciphering key). The SRES is returned to the network over the air <br />to the network.<br />&gt; <br />&gt; RAND Ki<br />&gt; | |<br />&gt; | |<br />&gt; -------------------<br />&gt; | |<br />&gt; | |<br />&gt; | A3 |<br />&gt; | |<br />&gt; -------------------<br />&gt; |<br />&gt; |<br />&gt; SRES<br />&gt; <br />&gt; <br />&gt; <br />&gt; RAND Ki<br />&gt; | |<br />&gt; | |<br />&gt; -------------------<br />&gt; | |<br />&gt; | |<br />&gt; | A8 |<br />&gt; | |<br />&gt; -------------------<br />&gt; |<br />&gt; |<br />&gt; Kc<br />&gt; <br />The network performs the same calculation and compares the SRES fromthe mobile and its own value.If both are the same the mobile is<br />who it claims and is successfully authenticated. This is fairly foolproof as the A3 and A8 is not known to anyone as also the Ki (the cornerstone of all security in GSM). Hope this helps.

Regards

[Zianna]

hi there,<br />yes that makes sence, but why then or rather where does the limit of 65535 come in, what does this affect if i i go over this limit....

why i ask this acording to Dejan his simscan using option f5-f3 results in around 50 thousand <br />brut force combinations, i have run this once on my card and it found 6 values, then i stoped it

i dont want to restart it incase it uses up say anouther 20 thousand brut force attacks, making the card unuasable........

but i dont understand what would make the card not work ..., or like on pre paid cards for instance running cardinal does not retrieve the Ki,could i then after that run dejan on that card, or would i excced this limit,

Bi the Way Lofti... i used ure Twinsim to make a pic hex file 16f84, i burnt that to a pic16f84a-04<br />physical pic, works kewl on that pic kewl...

and your hex file on that pic also allows me to use winexplorer by dexter 1.3 to upload .xpl files without any errors, easy way for ppl that are having problems with winphoenix to load the eeprrom 24lc16b with data, and .xpl files are human readable so its easy to change on the fly...

anyhow this post is getting long enuff,, hope u can help

Zianna

[pau]

I have problems to get the KI of my sim.

I used cardinal software to get it, because sim scan does not work on my computer.

I got the Ki of the first sim I tried, it took 15 hours! but with this second sim, after 8 hours the program says it cannot find the KI.

Any advise?

Regards,<br />pau

[pau]

to Zianna

You said that cardinal does not work to get the KI in some cards, and sim_scan does?

Because it happened to me that cardinal cannot find the KI.

How many times can I challenge the KI without destroing the card?

Regards,<br />pau

[Zianna]

hmm i dont know the answer to this myself yet sorry, hoping lofti or dejan or sum1 else that help us ...

[ 06 September 2001: Message edited by: Zianna ]</p>