Everything regarding unocking/reverse engeeing please post here!!!

[coolvenom]

A SIM lock, simlock, network lock or subsidy lock is a capability built into GSM phones by mobile phone
manufacturers. Network providers use this capability to restrict the use of these phones to specific countries and
network providers. Generally, phones can be locked to accept only SIM cards based on the International Mobile
Subscriber Identity, which has elements of:
Mobile country code (MCC; e.g., will only work with SIMs issued in one country)
Mobile network code (MNC; e.g., AT&T Mobility, T-Mobile, Vodafone, Bell Mobility etc.)
Mobile station identification number (MSIN; i.e., only one SIM can be used with the phone)

The unlock code is verified by the phone itself, and this code is calculated by the network provider, typically by
a complex mathematical algorithm that involves the IMEI of the phone in question. The algorithms used in earlier
Nokia brand phones (based on IMEI and MCC code) have been reverse-engineered, stolen or leaked, resulting in many
people offering Nokia unlock codes for free or for a fee.
Many other manufacturers have taken a more cautious approach, and embed a random number in the handset's firmware
that is only retained by the network on whose behalf the lock was applied. Such phones can often still be
unlocked, but need to be connected to special unlocking boxes, such as UFS or JAF and the Universal Box that will
rewrite that part of its firmware where the lock status is kept, and often even recover a phone that is "bricked"
or completely damaged in the software sense. Common characteristics of such phones include no response from the
phone on attempting to switch it on, though in some cases it can be recovered or "unbricked" merely by holding
some keys down while switching on the phone.
Most phones have security measures built into their software that prevent users from entering the unlock code too
many times. After that the phone becomes "hard-locked" and a special unlocking box (mentioned above) has to be
used in order to unlock it.

National codes
Code (MCC) ISO 3166-1 Country
412 AF Afghanistan
276 AL Albania
603 DZ Algeria
544 AS American Samoa (US)
213 AD Andorra
631 AO Angola
365 AI Anguilla
344 AG Antigua and Barbuda
722 AR Argentine Republic
283 AM Armenia
363 AW Aruba (Netherlands)
505 AU Australia
232 AT Austria
400 AZ Azerbaijani Republic
364 BS Bahamas
426 BH Bahrain
470 BD Bangladesh
342 BB Barbados
257 BY Belarus
206 BE Belgium
702 BZ Belize
616 BJ Benin
350 BM Bermuda (UK)
402 BT Bhutan
736 BO Bolivia
218 BA Bosnia and Herzegovina
652 BW Botswana
724 BR Brazil
348 VG British Virgin Islands (UK)
528 BN Brunei Darussalam
284 BG Bulgaria
613 BF Burkina Faso
642 BI Burundi
456 KH Cambodia
624 CM Cameroon
302 CA Canada
625 CV Cape Verde
346 KY Cayman Islands (UK)
623 CF Central African Republic
622 TD Chad
730 CL Chile
460 CN China
461 CN China
732 CO Colombia
654 KM Comoros
629 CG Republic of the Congo
548 CK Cook Islands (NZ)
712 CR Costa Rica
612 CI Côte d'Ivoire
219 HR Croatia
368 CU Cuba
280 CY Cyprus
230 CZ Czech Republic
630 CD Democratic Republic of the Congo
238 DK Denmark
638 DJ Djibouti
366 DM Dominica
370 DO Dominican Republic
514 TL East Timor
740 EC Ecuador
602 EG Egypt
706 SV El Salvador
627 GQ Equatorial Guinea
657 ER Eritrea
248 EE Estonia
636 ET Ethiopia
750 FK Falkland Islands (Malvinas)
288 FO Faroe Islands (Denmark)
542 FJ Fiji
244 FI Finland
208 FR France
742 GF French Guiana (France)
547 PF French Polynesia (France)
628 GA Gabonese Republic
607 GM Gambia
282 GE Georgia
262 DE Germany
620 GH Ghana
266 GI Gibraltar (UK)
202 GR Greece
290 GL Greenland (Denmark)
352 GD Grenada
340 GP Guadeloupe (France)
535 GU Guam (US)
704 GT Guatemala
611 GN Guinea
632 GW Guinea-Bissau
738 GY Guyana
372 HT Haiti
708 HN Honduras
454 HK Hong Kong (PRC)
216 HU Hungary
274 IS Iceland
404 IN India
405 IN India
510 ID Indonesia
432 IR Iran
418 IQ Iraq
272 IE Ireland
425 IL Israel
222 IT Italy
338 JM Jamaica
441 JP Japan
440 JP Japan
416 JO ******
401 KZ Kazakhstan
639 KE Kenya
545 KI Kiribati
467 KP Korea, North
450 KR Korea, South
419 KW Kuwait
437 KG Kyrgyz Republic
457 LA Laos
247 LV Latvia
415 LB Lebanon
651 LS Lesotho
618 LR Liberia
606 LY Libya
295 LI Liechtenstein
246 LT Lithuania
270 LU Luxembourg
455 MO Macau (PRC)
294 MK Republic of Macedonia
646 MG Madagascar
650 MW Malawi
502 MY Malaysia
472 MV Maldives
610 ML Mali
278 MT Malta
551 MH Marshall Islands
340 MQ Martinique (France)
609 MR Mauritania
617 MU Mauritius
334 MX Mexico
550 FM Federated States of Micronesia
259 MD Moldova
212 MC Monaco
428 MN Mongolia
297 ME Montenegro (Republic of)
354 MS Montserrat (UK)
604 MA Morocco
643 MZ Mozambique
414 MM Myanmar
649 NA Namibia
536 NR Nauru
429 NP Nepal
204 NL Netherlands
362 AN Netherlands Antilles (Netherlands)
546 NC New Caledonia (France)
530 NZ New Zealand
710 NI Nicaragua
614 NE Niger
621 NG Nigeria
534 MP Northern Mariana Islands (US)
242 NO Norway
422 OM Oman
410 PK Pakistan
552 PW Palau
423 PS Palestine
714 PA Panama
537 PG Papua New Guinea
744 PY Paraguay
716 PE Perú
515 PH Philippines
260 PL Poland
268 PT Portugal
330 PR Puerto Rico (US)
427 QA Qatar
647 RE Réunion (France)
226 RO Romania
250 RU Russian Federation
635 RW Rwandese Republic
356 KN Saint Kitts and Nevis
358 LC Saint Lucia
308 PM Saint Pierre and Miquelon (France)
360 VC Saint Vincent and the Grenadines
549 WS Samoa
292 SM San Marino
626 ST São Tomé and Príncipe
420 SA Saudi Arabia
608 SN Senegal
220 RS Serbia (Republic of)
633 SC Seychelles
619 SL Sierra Leone
525 SG Singapore
231 SK Slovakia
293 SI Slovenia
540 SB Solomon Islands
637 SO Somalia
655 ZA South Africa
214 ES Spain
413 LK Sri Lanka
634 SD Sudan
746 SR Suriname
653 SZ Swaziland
240 SE Sweden
228 CH Switzerland
417 SY Syria
466 TW Taiwan
436 TJ Tajikistan
640 TZ Tanzania
520 TH Thailand
615 TG Togolese Republic
539 TO Tonga
374 TT Trinidad and Tobago
605 TN Tunisia
286 TR Turkey
438 TM Turkmenistan
376 TC Turks and Caicos Islands (UK)
641 UG Uganda
255 UA Ukraine
424 AE United Arab Emirates
430 AE United Arab Emirates (Abu Dhabi)
431 AE United Arab Emirates (Dubai)
235 GB United Kingdom
234 GB United Kingdom
310 US United States of America
311 US United States of America
312 US United States of America
313 US United States of America
314 US United States of America
315 US United States of America
316 US United States of America
332 VI United States Virgin Islands (US)
748 UY Uruguay
434 UZ Uzbekistan
541 VU Vanuatu
225 VA Vatican City State
734 VE Venezuela
452 VN Viet Nam
543 WF Wallis and Futuna (France)
421 YE Yemen
645 ZM Zambia
648 ZW Zimbabwe

The International Mobile Equipment Identity or IMEI (pronounced /aɪˈmiː/) is a number, usually unique,[1][2] to
identify GSM, WCDMA, and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside
the battery compartment of the phone. It can also be displayed on the screen of the phone by entering *#06# into
the keypad on most phones.
The IMEI number is used by the GSM network to identify valid devices and therefore can be used for stopping a
stolen phone from accessing the network in that country. For example, if a mobile phone is stolen, the owner can
call his or her network provider and instruct them to "ban" the phone using its IMEI number. This renders the
phone useless in that country, whether or not the phone's SIM is changed. However, the phone can be used abroad

As of 2004[update], the format of the IMEI is AA-BBBBBB-CCCCCC-D, although it may not always be displayed this
way. The IMEISV drops the Luhn check digit in favour of an additional two digits for the Software Version Number
(SVN), making the format AA-BBBBBB-CCCCCC-EE

SHADAB/ANGEL PLEASE POST HERE!!!WE ALL NEED THE SAME THING!!!

[coolvenom]

Hash tree

A binary hash treeIn cryptography and computer science Hash trees or Merkle trees are a type of data structure which contains a tree of summary information about a larger piece of data – for instance a file – used to verify its contents. Hash trees are an extension of hash lists, which in turn are an extension of hashing. Hash trees in which the underlying hash function is Tiger are often called Tiger trees or Tiger tree hashes.

Contents [hide]
1 Uses
2 How hash trees work
3 Tiger tree hash
4 See also
5 References
6 External links

[edit] Uses
Hash trees can be used to protect any kind of data stored, handled and transferred in and between computers. Currently the main use of hash trees is to make sure that data blocks received from other peers in a peer-to-peer network are received undamaged and unaltered, and even to check that the other peers do not lie and send fake blocks. Suggestions have been made to use hash trees in trusted computing systems. Sun Microsystems has used Hash Trees in the ZFS filesystem.[1] Hash Trees are used in Google Wave protocol[2] and in tarsnap backup system.

Hash trees were invented in 1979 by ***** Merkle.[3] The original purpose was to make it possible to efficiently handle many Lamport one-time signatures. Lamport signatures are believed to still be secure in the event that quantum computers become reality. Unfortunately each Lamport key can only be used to sign a single message. But combined with hash trees they can be used for many messages and then become a fairly efficient digital signature scheme.

[edit] How hash trees work
A hash tree is a tree of hashes in which the leaves are hashes of data blocks in, for instance, a file or set of files. Nodes further up in the tree are the hashes of their respective children. For example, in the picture hash 0 is the result of hashing hash 0-0 and then hash 0-1. That is, hash 0 = hash( hash 0-0 + hash 0-1 ) where + denotes concatenation.

Most hash tree implementations are binary (two child nodes under each node) but they can just as well use many more child nodes under each node.

Usually, a cryptographic hash function such as SHA-1, Whirlpool, or Tiger is used for the hashing. If the hash tree only needs to protect against unintentional damage, much less secure checksums such as CRCs can be used.

In the top of a hash tree there is a top hash (or root hash or master hash). Before downloading a file on a p2p network, in most cases the top hash is acquired from a trusted source, for instance a friend or a web site that is known to have good recommendations of files to download. When the top hash is available, the hash tree can be received from any non-trusted source, like any peer in the p2p network. Then, the received hash tree is checked against the trusted top hash, and if the hash tree is damaged or fake, another hash tree from another source will be tried until the program finds one that matches the top hash.

The main difference from a hash list is that one branch of the hash tree can be downloaded at a time and the integrity of each branch can be checked immediately, even though the whole tree is not available yet. This can be an advantage since it is efficient to split files up in very small data blocks so that only small blocks have to be redownloaded if they get damaged. If the hashed file is very big, such a hash tree or hash list becomes fairly big. But if it is a tree, one small branch can be downloaded quickly, the integrity of the branch can be checked, and then the downloading of data blocks can start.

There are several additional tricks, benefits and details regarding hash trees. See the references and external links below for more in-depth information.

[edit] Tiger tree hash
The Tiger tree hash is a widely used form of hash tree. It uses a binary hash tree (two child nodes under each node), usually has a data block size of 1024-bytes and uses the cryptographically secure Tiger hash.

Tiger tree hashes are used in the Gnutella, Gnutella2, and Direct Connect P2P file sharing protocols and in file sharing applications such as Phex, BearShare, LimeWire, Shareaza, DC++[4] and Valknut.[citation needed]

[coolvenom]

POSTED ORIGINALLY BY ANGEL...I AM COPYING IT HERE TO MAKE THINGS EASY


Nokia Permanent Memory..!

--------------------------------------------------------------------------------

Hi,

Here is little discription about Nokia PM file..!



Quote:
PM field [1] - RF tunning

Protected pm field for phone RF tunning, callibration data



Quote:
PM field [4,3] - Production SN

[4]
3=4D564834383034393300 - MVH480493

convert this hex data to ascii and cut null char.

4D = M
56 = V
48 = H
34 = 4
38 = 8
30 = 0
34 = 4
39 = 9
33 = 3



Quote:
PM field [4,4] - Product code.

5=3035373530363900 - 0569445



Quote:
PM field [4,5] - Basic production code

3035373530363900 - 0575069



Quote:
PM field [4,6] - Module code

6=3032303431393700 - 0204197



Quote:
PM field [4,9] - HardWare ID

9=3330303000 - 3000

Quote:
PM field [4,18] - Phone oryginal IMEI

18=33353135343130343035323331393100555555555555555 55555555555555555555555555555555555555555555555555 55555555555555555555555555555555555555555555555555 5555555555555

351541040523191 - 55 55 55 are useless, when convert to ascii its UUU and two 00 are null char.

Quote:
PM [58, 59, 60, 61] - Phonebook contacts, old saved contacts will be in PM 58 and recently added contacts will be saved to rest fields.
if PM 58 has 250 entires mean it has 250 contacts stored.



Quote:
PM [88,0] - life timer is stored here



Quote:
PM field [120] - Phone SIMLock data and SIMLock data key are stored here

Quote:
PM [239] - Phone MCU version, MCU release date, and all other details are stored here

[239]
1=0D001D52303478524D343431303130303931323031303930 30303030312E584608001A00000000000000002F0000520478 09000000010CD907010009020900AC00080030003315450104 251319FFFFFFFFFFFFFFFF0000007076010001000156203130 2E31300A31382D31312D30390A524D2D3434330A286329204E 6F6B696120003A

2031302E31300A31382D31312D30390A - ' 10.10.18-11-09' and 524D2D3434330A286329204E6F6B6961 - RM-443.(c) Nokia



Quote:
PM [302] - MMC lock code

Quote:
PM [308,1] - Old BB5 Phone SIMLock, Superdongel, MCU, DSP signatures and phone code in newer rapido phone!



Quote:
PM [308,5] - Phone security code, old one :d

32323232320000000000 - 22222

Quote:
PM [309] - battery callibration



Quote:
PM field [355,1] - Dynamic camera configratoin - back Camera

[355]
1=00000014000007EC4E494D4D494949495252464630413032 3130303100000000000000000000000007D80C113030320030 30370000000000000000013FFFFFFF3FFFFFFF3FFFFFFF3FFF FFFF 3FFFFFFF3FFFFFFF3FFFFFFF3FFFFFFF3FFFFFFF3FFFFFFF00 0000000000000000000000000000003FFFFFFF3FFFFFFF3FFF FFFF3FFFFFFF3FFFFFFF3FFFFFFF3FFFFFFF3FFFFFFF3FFFFF FF3FFFFFFF3FFFFFFF3FFFFFFF3

4E494D4D494949495252464630413032313030310000000000 0000000000000007D80C1130303200303037 - NIMMIIIIRRFF0A021001_002007

4E = M
49 = I
4D = M

And.... just convert them and you will get DCC file name and version.

Quote:
PM field [355,0] - Dynamic camera configratoin - front Camera

In DCT4 phone PM fields are almost same. Just some fields are change.

Hope this helps to users. And sorry for the long post

BR

[coolvenom]

What is SIM-LOCK?

Sim-lock, SP-lock, “coding” - all these words have similar meaning: a programmed limit in the phone to work with a single network. A sim lock allows a network provider to prevent handsets from being used on other GSM networks. Usually those handsets are sold with a discount, and the provider covers the price difference. The handset stays inside the same network and within a year pays back the expenses of the service provider.

SIM-LOCK could be installed by the manufacturing or distributing company. The network provider orders some quantity of handsets from manufacturer. The producing company supplies the phones along with the SIM-LOCK removing codes. The physical sense of Sim-lock: there is a unique MCC/NCC code of the country and network saved in the SIM-Card. Phone detects those codes when it's powered on. If they have coincided, the telephone works normally, other ways on display appears the following massage: “Invalid SIM” or “Enter the SIM-Lock code”. There are some other methods of coding the handsets, but the considered above – is the most widespread.

[coolvenom]

/* An implementation of the GSM A3A8 algorithm. (Specifically, COMP128.)
*
* Copyright 1998, Marc Briceno, Ian Goldberg, and David Wagner.
* All rights reserved.
*
* For expository purposes only. Coded in C merely because C is a much
* more precise, concise form of expression for these purposes. See Judge
* Patel if you have any problems with this...
* Of course, it's only authentication, so it should be exportable for the
* usual boring reasons.
*
*
* This software is free for commercial and non-commercial use as long as
* the following conditions are aheared to.
* Copyright remains the authors' and as such any Copyright notices in
* the code are not to be removed.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The license and distribution terms for any publicly available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution license
* [including the GNU Public License.]
*/

typedef unsigned char Byte;

#include <stdio.h>
/* #define TEST */

/*
* rand[0..15]: the challenge from the base station
* key[0..15]: the SIM's A3/A8 long-term key Ki
* simoutput[0..11]: what you'd get back if you fed rand and key to a real
* SIM.
*
* The GSM spec states that simoutput[0..3] is SRES,
* and simoutput[4..11] is Kc (the A5 session key).
* (See GSM 11.11, Section 8.16. See also the leaked document
* referenced below.)
* Note that Kc is bits 74..127 of the COMP128 output, followed by 10
* zeros.
* In other words, A5 is keyed with only 54 bits of entropy. This
* represents a deliberate weakening of the key used for voice privacy
* by a factor of over 1000.
*
* Verified with a Pacific Bell Schlumberger SIM. Your mileage may vary.
*
* Marc Briceno <[email protected]>, Ian Goldberg <[email protected]>,
* and David Wagner <[email protected]>
*/

void A3A8(/* in */ Byte rand[16], /* in */ Byte key[16],
/* out */ Byte simoutput[12]);

/* The compression tables. */
static const Byte table_0[512] = {
102,177,186,162, 2,156,112, 75, 55, 25, 8, 12,251,193,246,188,
109,213,151, 53, 42, 79,191,115,233,242,164,223,209,148,108,161,
252, 37,244, 47, 64,211, 6,237,185,160,139,113, 76,138, 59, 70,
67, 26, 13,157, 63,179,221, 30,214, 36,166, 69,152,124,207,116,
247,194, 41, 84, 71, 1, 49, 14, 95, 35,169, 21, 96, 78,215,225,
182,243, 28, 92,201,118, 4, 74,248,128, 17, 11,146,132,245, 48,
149, 90,120, 39, 87,230,106,232,175, 19,126,190,202,141,137,176,
250, 27,101, 40,219,227, 58, 20, 51,178, 98,216,140, 22, 32,121,
61,103,203, 72, 29,110, 85,212,180,204,150,183, 15, 66,172,196,
56,197,158, 0,100, 45,153, 7,144,222,163,167, 60,135,210,231,
174,165, 38,249,224, 34,220,229,217,208,241, 68,206,189,125,255,
239, 54,168, 89,123,122, 73,145,117,234,143, 99,129,200,192, 82,
104,170,136,235, 93, 81,205,173,236, 94,105, 52, 46,228,198, 5,
57,254, 97,155,142,133,199,171,187, 50, 65,181,127,107,147,226,
184,218,131, 33, 77, 86, 31, 44, 88, 62,238, 18, 24, 43,154, 23,
80,159,134,111, 9,114, 3, 91, 16,130, 83, 10,195,240,253,119,
177,102,162,186,156, 2, 75,112, 25, 55, 12, 8,193,251,188,246,
213,109, 53,151, 79, 42,115,191,242,233,223,164,148,209,161,108,
37,252, 47,244,211, 64,237, 6,160,185,113,139,138, 76, 70, 59,
26, 67,157, 13,179, 63, 30,221, 36,214, 69,166,124,152,116,207,
194,247, 84, 41, 1, 71, 14, 49, 35, 95, 21,169, 78, 96,225,215,
243,182, 92, 28,118,201, 74, 4,128,248, 11, 17,132,146, 48,245,
90,149, 39,120,230, 87,232,106, 19,175,190,126,141,202,176,137,
27,250, 40,101,227,219, 20, 58,178, 51,216, 98, 22,140,121, 32,
103, 61, 72,203,110, 29,212, 85,204,180,183,150, 66, 15,196,172,
197, 56, 0,158, 45,100, 7,153,222,144,167,163,135, 60,231,210,
165,174,249, 38, 34,224,229,220,208,217, 68,241,189,206,255,125,
54,239, 89,168,122,123,145, 73,234,117, 99,143,200,129, 82,192,
170,104,235,136, 81, 93,173,205, 94,236, 52,105,228, 46, 5,198,
254, 57,155, 97,133,142,171,199, 50,187,181, 65,107,127,226,147,
218,184, 33,131, 86, 77, 44, 31, 62, 88, 18,238, 43, 24, 23,154,
159, 80,111,134,114, 9, 91, 3,130, 16, 10, 83,240,195,119,253
}, table_1[256] = {
19, 11, 80,114, 43, 1, 69, 94, 39, 18,127,117, 97, 3, 85, 43,
27,124, 70, 83, 47, 71, 63, 10, 47, 89, 79, 4, 14, 59, 11, 5,
35,107,103, 68, 21, 86, 36, 91, 85,126, 32, 50,109, 94,120, 6,
53, 79, 28, 45, 99, 95, 41, 34, 88, 68, 93, 55,110,125,105, 20,
90, 80, 76, 96, 23, 60, 89, 64,121, 56, 14, 74,101, 8, 19, 78,
76, 66,104, 46,111, 50, 32, 3, 39, 0, 58, 25, 92, 22, 18, 51,
57, 65,119,116, 22,109, 7, 86, 59, 93, 62,110, 78, 99, 77, 67,
12,113, 87, 98,102, 5, 88, 33, 38, 56, 23, 8, 75, 45, 13, 75,
95, 63, 28, 49,123,120, 20,112, 44, 30, 15, 98,106, 2,103, 29,
82,107, 42,124, 24, 30, 41, 16,108,100,117, 40, 73, 40, 7,114,
82,115, 36,112, 12,102,100, 84, 92, 48, 72, 97, 9, 54, 55, 74,
113,123, 17, 26, 53, 58, 4, 9, 69,122, 21,118, 42, 60, 27, 73,
118,125, 34, 15, 65,115, 84, 64, 62, 81, 70, 1, 24,111,121, 83,
104, 81, 49,127, 48,105, 31, 10, 6, 91, 87, 37, 16, 54,116,126,
31, 38, 13, 0, 72,106, 77, 61, 26, 67, 46, 29, 96, 37, 61, 52,
101, 17, 44,108, 71, 52, 66, 57, 33, 51, 25, 90, 2,119,122, 35
}, table_2[128] = {
52, 50, 44, 6, 21, 49, 41, 59, 39, 51, 25, 32, 51, 47, 52, 43,
37, 4, 40, 34, 61, 12, 28, 4, 58, 23, 8, 15, 12, 22, 9, 18,
55, 10, 33, 35, 50, 1, 43, 3, 57, 13, 62, 14, 7, 42, 44, 59,
62, 57, 27, 6, 8, 31, 26, 54, 41, 22, 45, 20, 39, 3, 16, 56,
48, 2, 21, 28, 36, 42, 60, 33, 34, 18, 0, 11, 24, 10, 17, 61,
29, 14, 45, 26, 55, 46, 11, 17, 54, 46, 9, 24, 30, 60, 32, 0,
20, 38, 2, 30, 58, 35, 1, 16, 56, 40, 23, 48, 13, 19, 19, 27,
31, 53, 47, 38, 63, 15, 49, 5, 37, 53, 25, 36, 63, 29, 5, 7
}, table_3[64] = {
1, 5, 29, 6, 25, 1, 18, 23, 17, 19, 0, 9, 24, 25, 6, 31,
28, 20, 24, 30, 4, 27, 3, 13, 15, 16, 14, 18, 4, 3, 8, 9,
20, 0, 12, 26, 21, 8, 28, 2, 29, 2, 15, 7, 11, 22, 14, 10,
17, 21, 12, 30, 26, 27, 16, 31, 11, 7, 13, 23, 10, 5, 22, 19
}, table_4[32] = {
15, 12, 10, 4, 1, 14, 11, 7, 5, 0, 14, 7, 1, 2, 13, 8,
10, 3, 4, 9, 6, 0, 3, 2, 5, 6, 8, 9, 11, 13, 15, 12
}, *table[5] = { table_0, table_1, table_2, table_3, table_4 };

/*
* This code derived from a leaked document from the GSM standards.
* Some missing pieces were filled in by reverse-engineering a working SIM.
* We have verified that this is the correct COMP128 algorithm.
*
* The first page of the document identifies it as
* _Technical Information: GSM System Security Study_.
* 10-1617-01, 10th June 1988.
* The bottom of the title page is marked
* Racal Research Ltd.
* Worton Drive, Worton Grange Industrial Estate,
* Reading, Berks. RG2 0SB, England.
* Telephone: Reading (0734) 868601 Telex: 847152
* The relevant bits are in Part I, Section 20 (pages 66--67). Enjoy!
*
* Note: There are three typos in the spec (discovered by
* reverse-engineering).
* First, "z = (2 * x[n] + x[n]) mod 2^(9-j)" should clearly read
* "z = (2 * x[m] + x[n]) mod 2^(9-j)".
* Second, the "k" loop in the "Form bits from bytes" section is severely
* botched: the k index should run only from 0 to 3, and clearly the range
* on "the (8-k)th bit of byte j" is also off (should be 0..7, not 1..8,
* to be consistent with the subsequent section).
* Third, SRES is taken from the first 8 nibbles of x[], not the last 8 as
* claimed in the document. (And the document doesn't specify how Kc is
* derived, but that was also easily discovered with reverse engineering.)
* All of these typos have been corrected in the following code.
*/

void A3A8(/* in */ Byte rand[16], /* in */ Byte key[16],
/* out */ Byte simoutput[12])
{
Byte x[32], bit[128];
int i, j, k, l, m, n, y, z, next_bit;

/* ( Load RAND into last 16 bytes of input ) */
for (i=16; i<32; i++)
x[i] = rand[i-16];

/* ( Loop eight times ) */
for (i=1; i<9; i++) {
/* ( Load key into first 16 bytes of input ) */
for (j=0; j<16; j++)
x[j] = key[j];
/* ( Perform substitutions ) */
for (j=0; j<5; j++)
for (k=0; k<(1<<j); k++)
for (l=0; l<(1<<(4-j)); l++) {
m = l + k*(1<<(5-j));
n = m + (1<<(4-j));
y = (x[m]+2*x[n]) % (1<<(9-j));
z = (2*x[m]+x[n]) % (1<<(9-j));
x[m] = table[j][y];
x[n] = table[j][z];
}
/* ( Form bits from bytes ) */
for (j=0; j<32; j++)
for (k=0; k<4; k++)
bit[4*j+k] = (x[j]>>(3-k)) & 1;
/* ( Permutation but not on the last loop ) */
if (i < 8)
for (j=0; j<16; j++) {
x[j+16] = 0;
for (k=0; k<8; k++) {
next_bit = ((8*j + k)*17) % 128;
x[j+16] |= bit[next_bit] << (7-k);
}
}
}

/*
* ( At this stage the vector x[] consists of 32 nibbles.
* The first 8 of these are taken as the output SRES. )
*/

/* The remainder of the code is not given explicitly in the
* standard, but was derived by reverse-engineering.
*/

for (i=0; i<4; i++)
simoutput[i] = (x[2*i]<<4) | x[2*i+1];
for (i=0; i<6; i++)
simoutput[4+i] = (x[2*i+18]<<6) | (x[2*i+18+1]<<2)
| (x[2*i+18+2]>>2);
simoutput[4+6] = (x[2*6+18]<<6) | (x[2*6+18+1]<<2);
simoutput[4+7] = 0;
}


#ifdef TEST
int hextoint(char x)
{
x = toupper(x);
if (x >= 'A' && x <= 'F')
return x-'A'+10;
else if (x >= '0' && x <= '9')
return x-'0';
fprintf(stderr, "bad input.\n");
exit(1);
}

int main(int argc, char **argv)
{
Byte rand[16], key [16], simoutput[12];
int i;

if (argc != 3 || strlen(argv[1]) != 34 || strlen(argv[2]) != 34
|| strncmp(argv[1], "0x", 2) != 0
|| strncmp(argv[2], "0x", 2) != 0) {
fprintf(stderr, "Usage: %s 0x<key> 0x<rand>\n", argv[0]);
exit(1);
}

for (i=0; i<16; i++)
key[i] = (hextoint(argv[1][2*i+2])<<4)
| hextoint(argv[1][2*i+3]);
for (i=0; i<16; i++)
rand[i] = (hextoint(argv[2][2*i+2])<<4)
| hextoint(argv[2][2*i+3]);
A3A8(key, rand, simoutput);
printf("simoutput: ");
for (i=0; i<12; i++)
printf("%02X", simoutput[i]);
printf("\n");
return 0;
}
#endif

[coolvenom]

Terms

AIK

CA

CEK

CI

CMLA

CRTM

CRTV

DAA

DCF

DMP

DoS

DRM

EMV

ETSI SPC

EU

GSM

HW

IC card

IMEI

IMSI

ME

MeT

MLTM

MNO

MRTM

MTM

MPWG

NFC

OEM

OMA

OS

Description

Attestation Identity Key

Certification Authority

Content Encryption Key

Content Issuer

Content Management License Administrator CMLA Home

Core Root of Trust for Measuring

Core Root of Trust for Verification

Direct Anonymous Attestation

DRM Content Format

Digital Media Project

Denial of Service

Digital Rights Management

Europay Mastercard Visa

European Telecommunications Standards Institute – Smart Card Platform

European Union

Global System Mobile

Hardware

Integrated Circuit card or smart card

International Mobile Equipment Identity

International Mobile Subscriber Identity

Mobile Equipment

Mobile Electronic Transactions organization. See Mobile Transactions - SMS Payment for Your Web Site.

Mobile Local-Owner Trusted Module

Mobile Network Operator

Mobile Remote-Owner Trusted Module

Mobile Trusted Module

Mobile Phone Workgroup

Near Field Communication

Original Equipment Manufacturer

Open Mobile Alliance

Operating System

[coolvenom]

I see no one is contributing hence i give a hint and slip away


Attack the NON VOLATILE MEMORY

[[Shadab_M]]

Bro, you have nicely posted many valuable informations here.

Thanks for them.

I am currently looking behind chinese phones but if i get something worth posting in this yhread, i will surely do.

Br,
Shadab Ahmad

[coolvenom]

DCT-4 Algo

In cryptography, SHA-1 is a cryptographic hash function designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash function.

SHA-1 is the most widely used of the existing SHA hash functions,.

[coolvenom]

In cryptography, SAFER (Secure And Fast Encryption Routine) is the name of a family of block ciphers designed primarily by James Massey (one of the designers of IDEA) on behalf of Cylink Corporation. The early SAFER K and SAFER SK designs share the same encryption function, but differ in the number of rounds and the key schedule. More recent versions — SAFER+ and SAFER++ — were submitted as candidates to the AES process and the NESSIE project respectively. All of the algorithms in the SAFER family are unpatented and available for unrestricted use.

[coolvenom]

The BNF below shows how a SHA1 digest is encoded in a Resource Reference Information Extension.

resinfo-data ::= '(' HashAlgoURL resource-hash hash-date*1 ')'
HashAlgoURL ::= '"http://www.w3.org/PICS/DSig/SHA1_1_0.html"'
resource-hash ::= '"base64-string encoding of 160 bit SHA1 message
digest of the information resource."'
hash-date ::= quoted-ISO-date
quoted-ISO-date ::= '"'YYYY'.'MM'.'DD'T'hh':'mmStz'"'
based on the ISO 8601:1988 date and time standard, restricted
to the specific form described here:
YYYY ::= four-digit year
MM ::= two-digit month (01=January, etc.)
DD ::= two-digit day of month (01 through 31)
hh ::= two digits of hour (00 through 23) (am/pm NOT allowed)
mm ::= two digits of minute (00 through 59)
S ::= sign of time zone offset from UTC ('+' or '-')
tz ::= four digit amount of offset from UTC
(e.g., 1512 means 15 hours and 12 minutes)
For example, "1994.11.05T08:15-0500" is a valid quoted-ISO-date
denoting November 5, 1994, 8:15 am, US Eastern Standard Time
Note: The ISO standard allows considerably greater
flexibility than that described here. PICS requires precisely
the syntax described here -- neither the time nor the time zone may
be omitted, none of the alternate formats are permitted, and
the punctuation must be as specified here.
base64-string ::= as defined in RFC-1521.hash-date is optional. There may be zero or one dates included here at the signer's behest.

The following example shows a valid DSig 1.0 SHA1 resinfo extension with two SHA1 hashes of the referenced information resource. The first without a date, the second with a date.

extension
( optional "http://www.w3.org/PICS/DSig/resinfo-1_0.html"
( "http://www.w3.org/PICS/DSig/SHA1_1_0.html" "base64-hash" )
( "http://www.w3.org/PICS/DSig/SHA1_1_0.html" "base64-hash"
"1997.02.05T08:15-0500" ) )
--------------------------------------------------------------------------------

I SEE NO ONE IS CONTRIBUTING...REALLY SAD...

[coolvenom]

I just decompiled a file and it is same as Cracking a pc software same hex jumps Viola

Some stupid commented its different...

[fattmeeney]

Wow, That is really impressive, I wish I was able to contribute something other then admiration.
Awesome.

[mbegino]

can you give sample code how to generate sl3 sha1 data from imei & mastercode in vb.net

thanks

[mbegino]

can you give sample code how to generate sl3 sha1 data from imei & mastercode in vb.net

thanks