Hi...

I Use Sim Doctor & I Use Card Reader V2, when i calculate KI from SIM i get 2 KI Real KI and KI after Curection.

I keep in text file the IMSI and the KI how can I enter the IMSI and KI manualy to the 10 in 1 SIM???

When i do it i Don't get Signal... but when I Recalcolate and i enter the 10 in 1 SIM the program write the IMSI and the same KI as in the text file and I have signal...

Why??

and how can i enter manualy IMSI and KI in 10 in 1 sim????

Hi ....

i don't now about this program but if you can give me the program and i will try it ...





thanks ...

http://myweb.hinet.net/home3/simtool/6303FULL.ZIP

Use this software. All previous software versions show fake Ki and make false input.If the Ki was calculated with SimDoctor it works correct, but shows falke Ki. The SimDoctor 6.3.0.3 shows and receipts Ki input correctly.

Hi Ivan,

You can´t make this. The API of the SimDoctor use a encriptation to make this. :evil:

You can analizate the APDU instruccions (with Season2) to see what APDU commands send to this device.

If you need more about this yo can contact me....

Regards,
Sir Graham.
PD: Good your theory about the reverse of COMP128 v1. I make some code in C++ to try it.

Hi Ivan,

You can´t make this. The API of the SimDoctor use a encriptation to make this. :evil:
You can analizate the APDU instruccions (with Season2) to see what APDU commands send to this device.
If you need more about this yo can contact me....
Regards,
Sir Graham.
PD: Good your theory about the reverse of COMP128 v1. I make some code in C++ to try it.

- It doesn't matter how the SimDoctor software communicates with card (encripted or not). I've tested 3 versions of SimDoctor:

6.0.5.0 - the only one useful to switch between COMP128v1 and v2 versions.
It shows fake Ki, manual input of Ki is wrong. Only calculated with SimDoctor keys work. User couldn't see them. He will see fake Ki.

6.2.0.2 - no menu for switching between COMP128v1 and v2. Shows fake Ki as previous versions.

6.3.0.3 - no menu for switching between COMP128v1 and v2. Shows correct Ki. Accepts manual Ki input correctly. It can still utilize encripted communication mode with cards (I don't know and it doesn't matter). I haven't logged communications yet. I've tested manual input and got correct card replies for COMP128v1 (the same as VB6 implementation of COMP128v1 gives, and the same as some cloned cards from my collection)

P.S. COMP128v1 to v2 switching works only in 6.0.5.0 version and only for 5in1 cards. (10in1 do not permit switching between v1 and v2)

Hi Ivan,

The better way to analizate this is with season2.
The SIMDoctor eliminate this option del program because nobody uses for nothing :)

If you like we can analizate the card to know what APDU uses to write the KI,

Regards,
Sir Graham.

Hi Ivan,
The better way to analizate this is with season2.
The SIMDoctor eliminate this option del program because nobody uses for nothing If you like we can analizate the card to know what APDU uses to write the KI,
Regards,
Sir Graham.
- I've just explained here to Eliran_EBL why did he failed to input Ki manually and what to do.
Of course, it would be interesting just for fun to log out SimDoctor communications with cards. But, this could hardly help us to learn more about COMP128v2. Each SIM-card implementation is very specific... SimDoctor cards - especially. They were developed by somebody, who signed NDA with GSM MoU to get COMP128v2 code.
Logging SimDoctor communications we'll be able to discover exact APDU's to switch between v1 or v2 and no more. I've got Makinterface with Season2 accessories for thus purpose, but hasn't spent time for the task yet.

Have you already discovered the v1 to v2 switching APDU's or just planning to do this? Are there any troubles in understanding the switching technique. Send me the logs if got any.

I think also, 10in1 cards may utilize EEPROM space cleared out after COMP128v2 elimination for storing additional keys, that's why they do not switch the algorithms.
Another question regardding SimDoctor is more interesting, - ... they say SimDoctor is a JavaCard. Is it possible to load custom CAP-files to this card?

Hi Ivan,

Yes, I have the log about the switch of COMP128 v1 into v2 of simdoctor. This night send you this file. :)

I haven´t got more log now, but I will generate it. You need also the APDU to save the Ki. Ok. ;)

Now I am working in some changes in XSim and I am studing your data about the reverse algorimth but If I have a moment make the rest of the logs.

Respect to the dude of this cards. I am sure yes. But the Java cards have a special security to send Applets to the card (and also load). :-o However this cards don´t have the encriptation implemented in java. This are part of the S.O. of the card. Java is to slow to implemented COMP128 in a card. :-?

If you are thinking to extract the COMP128 v2 of java card I afraid you will have more problems... :-P

Regards,
Sir Graham.