pysbo
17-04-2003, 10:31 PM
Just unlocked an Orange UK 8310 but now does the blah bloo bleep trick (call barring) on T-Mob - The SIM in question is registered with T-Mob and Orange say phone is NOT Blacklisted so been hunting.
I've found an interesting document on GSM security. Although written in 1999 for UCTS terminals and GPRS it talks about 3 proposals to add IMEI security to DCT3 for something called phase 2+ (maybe became DCT4?)
One of the additions the doc. talks about is IMEI certificates - 32 bit key that's authenticated by network along with IMEI, does anyone know if this was implemented in DCT4????
Wouldn't it be possible to replace the authentication routines within the MCU of a normally DCT4 phone with those of a DCT3 phone (and it's IMEI say an old 5110) or is some of the authentication algo hardware based?
thought someone might be interested?
I've found an interesting document on GSM security. Although written in 1999 for UCTS terminals and GPRS it talks about 3 proposals to add IMEI security to DCT3 for something called phase 2+ (maybe became DCT4?)
One of the additions the doc. talks about is IMEI certificates - 32 bit key that's authenticated by network along with IMEI, does anyone know if this was implemented in DCT4????
Wouldn't it be possible to replace the authentication routines within the MCU of a normally DCT4 phone with those of a DCT3 phone (and it's IMEI say an old 5110) or is some of the authentication algo hardware based?
thought someone might be interested?