PDA

View Full Version : breaking throught PUK



nonu_don
27-01-2003, 06:29 PM
hi,, today i met some guy and he offered me one deal.

he was charging some money and told me that he could tell the puk for any pin locked sim.

when i asked him, that how will he go thru, he said that it is done thorugh internet (like unlock throught internet). he will attach the computer to the net and then the other party will tell him the puk.

plz give ur comments on this. is it possible. if u guys dont have any idea then should i proceed??? and give him a try.

Naman

SirGraham
28-01-2003, 03:23 PM
Hi nonu_don,

The PIN are local, if you change the PIN only a person who can access your card, can say whatīs is?

The PUK is local but You can not Change. The manufacturer makes a list with the cards with Serial card, ICCD, Ki and PUKs...

This list (database) send to the operator when they buy this cards.

If you can access to this list you can be knows the PUNks of the card...

How? :confused: I donīt know. I suposse this person works in the operator...

Best Regards,
Sir Graham.

nonu_don
11-02-2003, 03:34 PM
this guy dont works for any operator. "FOR SURE"

well as we all know PUK is stored in sim itself, then why the hell is this difficutl if people like dejan can break thru Ki.

Naman

SirGraham
11-02-2003, 04:10 PM
Hi Naman,



well as we all know PUK is stored in sim itself, then why the hell is this difficutl if people like dejan can break thru Ki.


well ... I can fly... because the pilots can fly ....

A little question:

The method that uses Dejan (SIMSCAN) to extract the Ki are document and Itīs well know.

He only uses a "Collission method" developed for Marc Briceno, Ian Goldberg, and David Wagner. This "Collision method" works only with COMP128 v1. He donīt Break COMP128 v2.

I also developed an applicaction to extract KI called "XSim" like Cardinal or SIM SCAN. I know this method and itīs easy to implemented.

but...

The PUK is a TOTALY DIFFERENT question. Every manufactured store the PUK number in DIFFERENT way... And There isnīt any interface to get it.

However, your friend are more intelligent and he developed "alone" a method to extract any PUK in all kind of SIM.... :rolleyes:

Sorry. but... for the moment I donīt belive it.

Can he show or explain more about it?
How? When? Something more.... (I like to belive it)

Best Regards,
Sir Graham.

uaepast
18-02-2003, 03:28 PM
Hi all,

I agree with you totaly SirGraham.
but lets c this:!!

u knew the method of the keys "ki and imsi"
when u make new card it asks u to set the " pin code" and the " puk code" using the simemu50 or even the simemu410 when u counfiguer a new possion.

what i'm saying if u r the one who sets the pin and puk codes, can't u locate their location in the simcard??!! either interneal memory of external!!

at lest we need to know where is it in the simcard, whats its location, its all bits and byts 0,1..!!

donno i'm just talking to my self:)

i mean there should be a method for sure, and genus people like u maybe find it one day, so keep searching sir:)

oh by the way what does " ki, imsi" stand for plz??

and plz i need to read the "ki" in less time, as am reading it now using the cernal68 and multiprogramer and it takes me about 6 to 9 hours:(

plz help

best regards

[email protected]

SirGraham
18-02-2003, 03:38 PM
Hi uaepast,

Sorry... for the moment I only know the collision method.... :(
... and this method need 150.000 (more less) authentications to search the Ki. Every authentication is a call to SIM. The SIM is slow and 150.000 operations are a lot.

The people reduced the time of this search, because they make "overclocking" at the SIM (changed the clock crystal of phoenix). If the SIM is more faster the search is more quick also.

I working in a new method, but for the moment donīt work. I hope in the future can be the solution.

Best Regards,
Sir Graham.

uaepast
18-02-2003, 03:51 PM
Hi Sir,

thanx for your kind and super fast reply.

i've heard so too, but i only could find the original phonix reader here in my county" UAE"

So do u have it there and modified? and how much would that cost me if yes?

how fast wuold it be , as i'm using mine now on 6.12mhz??

how long will it take to read the ki?? now about 6 hours:(

is it garanted??

best regards

UAEPAST

SirGraham
18-02-2003, 04:07 PM
Hi uaepast,

Only depends of the manufactured of the SIM.

There is SIM that supports more than 6Mhz and others donīt work with 4Mhz....

Some manufactured put chips into SIM more faster than others....

You only need change the Crystal for other with must be calculated with the possible baud rate of PC UART.

For this need to know the divisor of the SIM. This divisor are in the ATR. You can use my web page to analyze the ATR (section docs)

For example this is the calculed to 9600 baud:

9600 * 372 = 3.571.200 Hz (3.57Mhz)

If you use a big crystal is probably the card donīt work. Itīs like "overcloking" in the computers...

Best Regards,
Sir Graham.

uaepast
18-02-2003, 04:16 PM
Hi SirGraham,


I apreciate your answers again, thank you very much..and good luck.


i'm not very experience in those things , but at least i got some info today:)

i hope u find new method soon, good luck brother.

and if hear of a device that can do it, plz update me:)

by the way one of my freinds bought a device called " sim doctor" its written on it that u can clone 5in1 and u can read its info withen 2 hours!!

well we've treid it and i was there, it couldn't catch the super speed choice when u put it on the auto mode, only the slow speed mode!!,well, i guess after ur explanation i understand why!! maybe as u said coz of the original simcard type which i don't know!!


anyhow, good luck and thanx

best regads,

UAEPAST

SirGraham
18-02-2003, 04:23 PM
Hi uaepast,


Yes, there is other possible way to "accelerated" the search. Itīs the reduction mode. The SIMSCAN use this method to reduced the number of authentications sent to the card.
This method is about search more than one collision.

Marek (MfG) author of cardinal is working about it, but all this methods only works with COMP128 v1.

I work in other methods independient odf collisions...

Best Regards,
Sir Graham.

uaepast
18-02-2003, 06:42 PM
Hi SirGraham,


what is the idea of your method Sir??

and will it be faster if succeded?

good luck


regards,

uaepast

SirGraham
19-02-2003, 02:56 PM
Hi uaepast,

Sorry. I working in this method now and I can say more.... :p

If I have more result, send a message to this forum...

Best regards,
Sir Graham.