Play is the principle technical phone SIM card hack

d1knddsw

We generally use the mobile phone sim card, there are three key values: IMSI, ICCID and ki, with these three values, and your sim card can be copied. Market to sell more than one card is actually a sim card by reading the value of the three groups, write them on a special card, so as to achieve the purpose of reproduction. IMSI and ICCID can be read directly, ki is encrypted. Following is a brief talk about the GSM encryption
0 ?) g6 d$ ?! o9 O5 }: GSM's encryption system which mainly involve the three algorithms, A3, A5, A8, which does not refer to any particular algorithm, the algorithm is given input and output specification, and the algorithm requirements, GSM have an example for each algorithm to achieve, in theory, does not limit you to use which algorithm. But the world of equipment manufacturers and operators are too lazy to communicate, see the examples have since been achieved, they all make use of them, so break the world's SIM card the same way.
Here a brief introduction on the SIM card can not,tory burch boots sale, SIM card is a smart card, which has a very simple CPU and a bit of NVRAM, you can store and read data, you can also carry out some operations. Cards there are a lot of content, but only introduced and encryption related. Each SIM card is usually kept inside the only sign of a number, called IMSI, this is used to uniquely identify your SIM card, phone card at boot time which will be read out from the number issued to mobile networks, mobile There are a large database that describes the IMSI and the corresponding relationship between mobile phone number, so the network will know your mobile number (if you lose phone card to fill, fill to the new and the original card IMSI different and the mobile database, where the phone number of your original point to the new IMSI, the old cards can no longer be used) in addition to IMSI, there are 16 bytes of key data, the data can not be read by SIM card interface out, often referred to as Ki, Ki stored in the mobile network there is also a.
# k0 V. N/ S3 E/ ]  l0 l$ ] mobile network in the phone log on when mobile networks will have a 16 bytes of random data (often referred to as RAND) sent to mobile phones, mobile phone SIM card will be sent to the data, SIM card and use their own key Ki RAND to do after the operation, to generate a 4-byte response (SRES) back to the phone, and transmitted to the mobile network, at the same time, mobile network operators for the same algorithm, the mobile network will compare these two results are the same, the same to show that the card is issued to me, allowing it to log on. The authentication algorithm in the GSM specification which is called the A3, m = 128 bit, k = 128 bit, c = 32 bit, it is clear that this algorithm requires known m and k can be simply calculated c, m and c are known but difficult to calculate k. A3 algorithm is done in the SIM card inside, so if the operators want to change the encryption algorithm, as long as he issued his own SIM card, so that their base stations and SIM cards can use the same algorithm, the mobile phone is no need to change. RAND
  U. {0 l  h% [9 o9 ] sent over the mobile network when the mobile phone SIM card will allow calculated on the RAND and Ki another communication encryption key for full use, the key length is 64 bits, often called Kc, Kc generated The algorithm is A8, A3 and A8 as an input to accept the same, so who stole a lazy implementation, using an algorithm to generate both SRES and Kc.
$ K* o. X- z) Y. k) Z" O6 r encryption in the communication process is to use Kc, this algorithm called A5, A5 encryption because the amount is huge, and the SIM card is very slow, so all communications are encrypted in the process of completion of the phone above, Thus, unless all the world to support a GSM mobile phone at least the same A5 algorithm, otherwise it can not roam, and this time operators and equipment manufacturers lazy and manifested in the world at present only a general algorithm A5 no other, this algorithm is 8-byte sequence, and Kc simple cycle XOR, and packet sequence number and then make a subtraction.
now talk about why phone cards can be copied. Introduction from the front which we know to complete a logon process,2010 jimmy choo shoes, IMSI and Ki is essential, A3 algorithm also needs to know, which is directly readable IMSI,5 stories teach you life, but the A3 algorithm and the presence of the card inside your data are not know, simply phone SIM card to the RAND, SIM card,asics nimbus shoes, the operator returned good data. The actual equipment used in the A3 algorithm is as a senior trade secrets protected. But there is no wall, not to take the air in 1998 or 1999, someone stole from a few pages where the relevant documents, and then enter the computer this document. Later the document fell into the hands of California Berkeley Professor few inside. This document which is missing some things, but also the wrong place, these professors get a SIM card for a while than to fill the missing, and wrong also fixed, so this algorithm becomes well known secret. This algorithm has been called Comp128, he generates SRES and Kc. With the algorithm
$ ^& N" a" A. F( g; N" u/ ^2 I+ g light or not can be saved in the SIM card inside Ki, the above theory is SIM card can be removed and then put the chip receiving special equipment to read the above Ki, but this sounds like a knife carved in the hard disk operating systems do not fly. So many people with lofty ideals to begin the attack on Comp128 algorithm, at first we thought must be exhaustive, but the designers have thought of GSM, SIM card, which has a logical query is a total of only 2 ^ 16 so, after the card will be suicide, so consequently not crackers. So the researchers tried to be acceptable within the number of explicit and analysis by constructing a specific text to analyze the output of the Secretary Ki value, the results really were some of us found out. IBM and even a team with 6 queries can completely solve Ki, of course, sold out now is certainly not the kind of machine so cows.
over time, to break the algorithm for Comp128 more mature, SIM copy device more and more operators are finally sit still. Many operators have started to issue Comp128 v2 encryption algorithm card. Comp128 v2 v1 algorithm is compromised in the GSM Association, after the top of the rapid changes in v1 the results obtained, it is said a better solution to the weaknesses in the v1 algorithm, of course, as this algorithm as the v1, or not available to the public, and until now no one came out. In this way, the basic can not understanding.
3 |" K- i2 D6 }( s, Z" J Chinese operators have encountered the same SIM card is being copied, here I mainly talk about China Mobile. From about 2005 began the second half of cards issued has not directly read out by simscan software such as ki, however, this is not really v2 card. Sources pointed out that,hogan shoes buy, v2 card, although the copy of the vulnerabilities can be resolved,教你在自己的QQ上直接查询活跃天数, but the compatibility and stability desired. China Mobile's certainly not smart no matter the problem, it is based on the mature v1 card, own a small change, clever and so avoid the simscan scanning software to achieve the purpose of being copied. The card we have called v0 card. v0 card is out of China Mobile's own design, is said to change the laws of the original pairing ki, so that the scan can not read conventional ki.