Request info about COMP128-2! - GSM-Forum

Shibby86 · 04-23-2003, 20:03

Hello guys,

I was wondering.
How long is it been that the COMP128 v2 SIMs were introduced?
I have my own SIM for about 2 years and it is COMP128-2 (year 2000).

but why is it still impossible to crack this algorithm

is it the programmer who can't read this kind of cards or is it the SIM?

I live in the Netherlands and I know if you buy a new phone you can ask to the shop if they want to make a clone of it for your new phone so you will hold you own number on 2 phones. In a few seconds they have a clone for you!

So I think the technology is there to make full copy's of the COMP128-2 cards. Is anybody out there who could explain this?

is it impossible for a few bunch of high skilled crackers to crack this algorithm? because after a while from now everybody have a COMP128-2 SIM and there will no use anymore to clone something.

Also we had some SIM attacks here in Netherlands for a while.
Somebody sends you a SMS which asks you to call back. When you call back to that number they could copy the IMSI and Ki from your card and make a new SIM with YOUR SIM info. is there a (wireless) device which can LOG the IMSI and Ki when you call it with you GSM?

I'm wondering if anybody knows anything about this strange stuff.

greetings Shibby

SirGraham · 04-24-2003, 08:41

hi Shibby86,

It´s different to CLONE card and COPY card.

It the shop can make a COPY of the card because they change the IMSI and Ki of you card with a new card.

All original card have you own IMSI and Ki. When you ask for a COPY of yout card they send a new card (with new IMSI & KI) and change this IMSI & Ki in the operator data base.

They don´t extract the Ki of COMP128 v2.....

For the moment, It´s not possible extract the ki of COMP128 v2 because this function havent got collissions. Collissions is the method uses for all program to extract the Ki in the card.

We must fint other method... We are working in this...

Best Regards,
Sir Graham.

samspade · 04-24-2003, 14:24

@Shibby86
I would like to add (in reply to the second part of your post) that I don't believe possible that someone could possibly find your ki by just intercepting your call. The ki in fact is never ever sent over the air neither in clear or crypted.

Shibby86 · 04-24-2003, 14:46

@samspade
I already thought about that, this is my theory about the over-the-air cloning:

when you make a call your "login" data is send to your own provider. If this is correct you can make the call to whoever. But the point is that the "login" data (Ki & IMSI?) is stored in the database of your provider and won't be send when you make the call to the receiver (the one you make the call to). But then the question stays....how they could clone your SIM over-the-air? It really happened to some guys here in the Netherlands (probarly it were COMP128-1 SIMS). It is still a mystery for me

SirGraham · 04-24-2003, 18:03

hi Shibby86,

Sorry... but bad teory....

When you conect with the operator you send the IMSI. But when you make a call the operator authentify the card.

How?

They check the Ki with the next method:

* They (operator) send a random number (16 Bytes)
* The card "mixed" this numer with the Ki (16 Bytes). For this use the COMP128 function. Al input of COMP128 are 32 Bytes (16+16)
* The result of COMP128 are 12 Bytes (4 Bytes) SRes are send to operator. 8 Bytes (Kc) are use like Key of the voice cipher algorimt.
* The operator knows the random number, the Ki (they have a data base with the all IMSI Ki pars), and the SRes sent by card.
* They makes the same operation COMP128 with the Random number and Ki. If the SRes calculated now is the same of the SRes sent by card, the card are authentificate...

Well.. You can see that the Ki don´t send by air....

How can get this number by scanner?

You can get the rand number and the SRes, but what do you do with this? nothing....

Best Regards,
Sir Graham.

Shibby86 · 04-24-2003, 18:39

@SirGraham

nice info, but does the COMP128-2 SIMS also working this way?
what have the collision to do while extracting the Ki from the SIM? what are the technical differences between COMP128-1 and COMP128-2 SIMS?

I found a technical explenation about the COMP128-1 algorithm.
but is there also a technical document about the COMP128-2 algorithm? for us crackers it could help.

many thnx to all people who want to share there knowledge about this.

Shibby

IvanKrasnyj · 04-24-2003, 19:30

@Shibby86
If the guys, you are talking about, do really exist... also if they're close to the local GSM operator... there might be another way of cloning SIM-cards, - a specially made SIM-toolkit application downloaded to the victim's phone on-the-air (OTA). The application should be aware of the particular card operating system details, as well as administrators passwords, required for OTA software downloading. The application may utilize alternative ways of reading Ki, comparing to the card-OS. It may ignore file attributes, forbidding sending of the Ki for card-OS.

SirGraham · 04-24-2003, 19:51

Hi Shibby86,

( Hi Ivan, I am working in the theme yet ;-) your documentation were very interesting....)

I think this way is possible but very complicated. I think that shibby86 only speak about a normal change in a distribuitor of the SIM. Not of the clone of the SIM. (change the IMSI and KI in a a new SIM card)....

For Shibby86:

COMP128 v2 and v1 have the same input and output (in size).
Sorry, but the collission system is more complicated to explain in one email. In few words are a bug into COMP128 v1. The COMP128 v2 haven´t got collissions (haven´t got this bug).

... and there isn´t any documentation about COMP128 v2. It´s not public. :-(

Best Regards,
Sir Graham.

04-23-2003, 20:03	#1 (permalink)
Shibby86 Freak Poster Join Date: Apr 2003 Location: the Netherlands Posts: 126 Member: 26889 Status: Offline Thanks Meter: 1	Request info about COMP128-2! Hello guys, I was wondering. How long is it been that the COMP128 v2 SIMs were introduced? I have my own SIM for about 2 years and it is COMP128-2 (year 2000). but why is it still impossible to crack this algorithm is it the programmer who can't read this kind of cards or is it the SIM? I live in the Netherlands and I know if you buy a new phone you can ask to the shop if they want to make a clone of it for your new phone so you will hold you own number on 2 phones. In a few seconds they have a clone for you! So I think the technology is there to make full copy's of the COMP128-2 cards. Is anybody out there who could explain this? is it impossible for a few bunch of high skilled crackers to crack this algorithm? because after a while from now everybody have a COMP128-2 SIM and there will no use anymore to clone something. Also we had some SIM attacks here in Netherlands for a while. Somebody sends you a SMS which asks you to call back. When you call back to that number they could copy the IMSI and Ki from your card and make a new SIM with YOUR SIM info. is there a (wireless) device which can LOG the IMSI and Ki when you call it with you GSM? I'm wondering if anybody knows anything about this strange stuff. greetings Shibby

04-24-2003, 08:41	#2 (permalink)
SirGraham No Life Poster Join Date: Aug 2002 Posts: 628 Member: 15073 Status: Offline Thanks Meter: 12	hi Shibby86, It´s different to CLONE card and COPY card. It the shop can make a COPY of the card because they change the IMSI and Ki of you card with a new card. All original card have you own IMSI and Ki. When you ask for a COPY of yout card they send a new card (with new IMSI & KI) and change this IMSI & Ki in the operator data base. They don´t extract the Ki of COMP128 v2..... For the moment, It´s not possible extract the ki of COMP128 v2 because this function havent got collissions. Collissions is the method uses for all program to extract the Ki in the card. We must fint other method... We are working in this... Best Regards, Sir Graham.

04-24-2003, 14:24	#3 (permalink)
samspade Crazy Poster Join Date: Nov 2002 Posts: 59 Member: 17439 Status: Offline Thanks Meter: 0	@Shibby86 I would like to add (in reply to the second part of your post) that I don't believe possible that someone could possibly find your ki by just intercepting your call. The ki in fact is never ever sent over the air neither in clear or crypted.

04-24-2003, 14:46	#4 (permalink)
Shibby86 Freak Poster Join Date: Apr 2003 Location: the Netherlands Posts: 126 Member: 26889 Status: Offline Thanks Meter: 1	@samspade I already thought about that, this is my theory about the over-the-air cloning: when you make a call your "login" data is send to your own provider. If this is correct you can make the call to whoever. But the point is that the "login" data (Ki & IMSI?) is stored in the database of your provider and won't be send when you make the call to the receiver (the one you make the call to). But then the question stays....how they could clone your SIM over-the-air? It really happened to some guys here in the Netherlands (probarly it were COMP128-1 SIMS). It is still a mystery for me

04-24-2003, 18:03	#5 (permalink)
SirGraham No Life Poster Join Date: Aug 2002 Posts: 628 Member: 15073 Status: Offline Thanks Meter: 12	hi Shibby86, Sorry... but bad teory.... When you conect with the operator you send the IMSI. But when you make a call the operator authentify the card. How? They check the Ki with the next method: * They (operator) send a random number (16 Bytes) * The card "mixed" this numer with the Ki (16 Bytes). For this use the COMP128 function. Al input of COMP128 are 32 Bytes (16+16) * The result of COMP128 are 12 Bytes (4 Bytes) SRes are send to operator. 8 Bytes (Kc) are use like Key of the voice cipher algorimt. * The operator knows the random number, the Ki (they have a data base with the all IMSI Ki pars), and the SRes sent by card. * They makes the same operation COMP128 with the Random number and Ki. If the SRes calculated now is the same of the SRes sent by card, the card are authentificate... Well.. You can see that the Ki don´t send by air.... How can get this number by scanner? You can get the rand number and the SRes, but what do you do with this? nothing.... Best Regards, Sir Graham.

04-24-2003, 18:39	#6 (permalink)
Shibby86 Freak Poster Join Date: Apr 2003 Location: the Netherlands Posts: 126 Member: 26889 Status: Offline Thanks Meter: 1	@SirGraham nice info, but does the COMP128-2 SIMS also working this way? what have the collision to do while extracting the Ki from the SIM? what are the technical differences between COMP128-1 and COMP128-2 SIMS? I found a technical explenation about the COMP128-1 algorithm. but is there also a technical document about the COMP128-2 algorithm? for us crackers it could help. many thnx to all people who want to share there knowledge about this. Shibby

04-24-2003, 19:30	#7 (permalink)
IvanKrasnyj Insane Poster Join Date: Apr 2002 Location: St.Petersburg, Russia Posts: 72 Member: 11297 Status: Offline Thanks Meter: 0	@Shibby86 If the guys, you are talking about, do really exist... also if they're close to the local GSM operator... there might be another way of cloning SIM-cards, - a specially made SIM-toolkit application downloaded to the victim's phone on-the-air (OTA). The application should be aware of the particular card operating system details, as well as administrators passwords, required for OTA software downloading. The application may utilize alternative ways of reading Ki, comparing to the card-OS. It may ignore file attributes, forbidding sending of the Ki for card-OS.

04-24-2003, 19:51	#8 (permalink)
SirGraham No Life Poster Join Date: Aug 2002 Posts: 628 Member: 15073 Status: Offline Thanks Meter: 12	Hi Shibby86, ( Hi Ivan, I am working in the theme yet ;-) your documentation were very interesting....) I think this way is possible but very complicated. I think that shibby86 only speak about a normal change in a distribuitor of the SIM. Not of the clone of the SIM. (change the IMSI and KI in a a new SIM card).... For Shibby86: COMP128 v2 and v1 have the same input and output (in size). Sorry, but the collission system is more complicated to explain in one email. In few words are a bug into COMP128 v1. The COMP128 v2 haven´t got collissions (haven´t got this bug). ... and there isn´t any documentation about COMP128 v2. It´s not public. :-( Best Regards, Sir Graham.