Succesfully registered to TIM italy!!!! I can make call and sms but not in entrance!!! BTW I'm very very excited!!!!!!!

Is it possible to do this with a funcard because I have no silver cards? I have an Infinity USB Unlimited.

Succesfully registered to TIM italy!!!! I can make call and sms but not in entrance!!! BTW I'm very very excited!!!!!!!

No SMS IN either?

No SMS IN either?

No only OUT :-/ someone able also to send? And what about changing the apn with the one of my carrier in order to surf the edge? Is it difficoult?

Where can one buy Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09? Thanks

Where can one buy Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09? Thanks

I bought Infinity USB unlimited from http://www.telcominstrument.com/

The other two are downloable from the net...

No only OUT :-/ someone able also to send? And what about changing the apn with the one of my carrier in order to surf the edge? Is it difficoult?

I dont understand this then:
Thanks @ oz and @iPhive I finally got result with SuperSim
1. Call in/out - No/yes
2. EDGE - yes
3. SMS in/out - yes/yes
4. YT - no

Sorry this is dos'nt work. this SIMEMU asm is very old and for sure not GSM 11.14 compliant. I need to know where to change in files, like do not ask pin

I bought Infinity USB unlimited from http://www.telcominstrument.com/

The other two are downloable from the net...

Thanks Palluan. Sorry for the stupid question, but what is a silvercard?

Sorry this is dos'nt work. this SIMEMU asm is very old and for sure not GSM 11.14 compliant. I need to know where to change in files, like do not ask pin

you can deactivate the pin requiestion in an other phone like nokia.

May I suggest something interesting to those who think they know a lot about GSM and SIM cards? Why don't you guys join the dev team effort to offer an unlock solution faster? As far as I know, everbody knowledgable is welcomed.
This would make much more sense than offering people the possibility to change the SIM data by allowing them to make calls but not to receive them. What is a phone worth which can't receive calls? You can't receive SMS either.

Btw: what about data traffic? Is it possible to enter the Internet and at least receive eMails through POP3/IMAP accounts?

you can deactivate the pin requiestion in an other phone like nokia.

This probably won't help if the emu is buggy :D

If you want to go for a dirty hack, you can check if the source supports ENABLE CHV/DISABLE CHV and disable all checks related to what is set here.

Then return ALWAYS for all READ/WRITE conditions in the GET RESPONSE related to the SELECT FILE.

Thanks @ oz and @iPhive I finally got result with SuperSim
1. Call in/out - No/yes
2. EDGE - yes
3. SMS in/out - yes/yes
4. YT - no


Vladimir, can u please explain how did U get SMS in working?:eek:

This would make much more sense than offering people the possibility to change the SIM data by allowing them to make calls but not to receive them. What is a phone worth which can't receive calls? You can't receive SMS either.

well, there are two attacks interwoven in this thread, they look similar but are very different :)

The "clone" effort is basically an attack on the GSM network. I wouldn't recommend it for obvious reasons :) and it's not really usable, because it'll only apply to some COMP 128-1 subscriptions (not even all of them), and will never offer incoming calls.

The "proxy" effort is a supposed attack on a baseband bug. It is supposed to be equivalent to a software unlock, once validated (full features with no impact on the network, works with any subscription) - but will require some very specific hardware (which should be available quicky, I'm pretty sure that some guys will rush to be the first to have something out if it's validated).

Vladimir is trying here to prove the "proxy" method using a "clone" method, that's why it might be confusing, but this effort should clearly be continued, as it's the easiest way to validate the proxy IMO :)

even more guys schould try this!

my 2 cents + another 2 cents, actually my all cents goes to both proxy and clone ideas :) and people who makes it possible :)

I've incredible received the sms, but only when you place a call you receive them, while you're calling... if this may help...

Vladimir, can u please explain how did U get SMS in working?:eek:

Have NO IDEA: it is just work

I've incredible received the sms, but only when you place a call you receive them, while you're calling... if this may help...

I guess this is something to do with the way the IMSI's are being reported.

e.g. As ZF was saying:

- first IMSI read binary : return AT&T IMSI
- second IMSI read binary : return AT&T IMSI
- all subsequent IMSI read binary : return the subscription IMSI

I reckon when you made your call (PALLUN), the call routines are reporting the correct IMSI to the network and the SMS you had sat their waiting suddenly found the door open so to speak.

This is really cool, because it just goes to show that the relevant services are either working or not depending on the phones interaction with the network and whether the correct IMSI is being used at the appropriate time.

I rekon Vladimir, OZBimmer and ZF combined arn't far off being able to work out which IMSI's are needed at what times. Once thats established, I'm hoping the EMU can be coded to interact in the correct way with each part of the phone (e.g. Calls, SMS, DATA etc).

I could be way off the mark and interpreted some of the terminology wrong but that's my assessment of the situation :-)

Same theory is here, if IMSI thing can be fixed, the door will be wide open....

2 more cents...

Another 2 cents... when I call I can receive call! :-)

Need help:
1. Where to find good pic16f8x disassembler
- PICDIS lite - is not enought
- icprog embedded - making mistakes with labels
2. Need GSM SIM 11.14 or later mf_d, df_d file reference
- i need to understand what these configuration bytes and bit stands for

Another 2 cents... when I call I can receive call! :-)

same with me, but I can't answer

same with me, but I can't answer

I can answer...

hey vladi,

a frend of mine is the software engineer at voodafone.
he is an expert in gsm stuff.
if you want i can bring you together, he is even speaking russian.

pen

ps.: i hope you brick the bitch soon

I can answer...

It appears the phone is doing all the right things whilst on a call to open up the other features to work then.

I asked PALLUAN to make a call and leave the line open and test other things like SMS etc and he confirmed it all works, the SMS comes through straight away if the line is open.

I hope I'm not raising hopes prematurely but I really don't think your far away from being able to replicate what is happening when on a call :-)

I know some people doubt this work, but I think its already proved its worth while even if only a stop gap to the full unlock.

I guess a lot of people said that already so I'll only say it once more :) but I don't think the cloning effort should be continued. Laws dealing with communication networks tampering are usually quite ugly in many countries, and using a cloned subscription half attached is clearly looking for trouble.

Hack safely :D

Ops, now it's saying NO SERVICE and I'm not able to connect to my carrier anymore... what could be? :-(

I've re-done all the process and it works now... probably my carrier realize that something isn't correct...

@ZF_

unlocking is allowed but hacking the copyrighted software is not? :)

Also, if this proxy thing works, how will the network know?

cloned sim will send the right data to the network what it is looking for...

all in all, it comes down to security/serial numbers that the network is looking for to identify u... and u re using the network and u r paying for it, u r not hacking the network to use it for free or anything? As long as u dont use two sims the cloned one and the original one at the same time, network shouldnt bother u for anything? or is it otherwise? am i wrong? maybe? :D who care atm :) i dont have iphone and wont have until UK launch probably hehe (I m on O2 so even if i buy one, I may not need the unlock solution too quickly) it will be saturated after europe and asia launches and within 1 year there probably a better solution... anyone needs my 2 cents? i have 50 more 2 cents hehe

@ZF_

unlocking is allowed but hacking the copyrighted software is not? :)

Also, if this proxy thing works, how will the network know?


the precise idea of the proxy is that, due to the baseband bug, the network shouldn't know anything :D if something unexpected (like a wrong authentication token) goes over the network, then this method should be discontinued as well.


cloned sim will send the right data to the network what it is looking for...

all in all, it comes down to security/serial numbers that the network is looking for to identify u... and u re using the network and u r paying for it, u r not hacking the network to use it for free or anything?


problem is you can *somehow* disrupt the network, no matter if you try to abuse it or not. People are probably going to see warning reports coming if somebody that's not attached suddenly hops in for some time then leaves, or sends dummy tokens to a remote HLR. And usually giving people free ammo to use against you is a bad idea :D I highly doubt many people will get "caught", but even if they want to make only one example, you don't want to be that guy

anyway, that was my last message on this issue, I assume everybody is aware of the risks now and assume their responsabilities :)

There will be some sacrifices for the holy good cause mate :) dont be too pessimistic, look at the bright light side :)

If they get a warning, they will know what is going wrong, but since you are not trying to hack for bad use, shouldnt be a very big hassle :) at the end of the day who knows maybe they may even help u (us) for which data is wrong :D

Hi
Anyone is vancouver, canada who want to maybe buy the Infinity USB unlimited together to share the cost?
Kevin

Back to the (more interesting :p) technical posts

Another validation method of the SIM proxy would be to perform an anti-validation - with the sequence defined (AT&T IMSI / AT&T IMSI / subscription IMSI on the rest of READ BINARY calls) the network attach should not work properly on most, if not all, other handsets, and incoming calls should not be available.

i am writer of this article: http://www.black-xstar.com/blog/article.asp?id=383
i will translate this article to English now, i think i can finish it in a month.:D

Hi Black-xtar
thanks for the article. Seems like only Comp128 v1 will work.
Do you know how do I find out if my card is v1 or v2?
kevin

Hi Black-xtar
thanks for the article. Seems like only Comp128 v1 will work.
Do you know how do I find out if my card is v1 or v2?
kevin

simple - try to clone it. If it's destroyed in the process, then it's a v2, or a v1 with counters :D

joking aside, I don't think there's any method to know, other than asking to people from your country that did it already and are aware of which authentication algorithm was implemented on the cards according to their manufacturing date.

Need help:
1. Where to find good pic16f8x disassembler
- PICDIS lite - is not enought
- icprog embedded - making mistakes with labels
2. Need GSM SIM 11.14 or later mf_d, df_d file reference
- i need to understand what these configuration bytes and bit stands for


here is some useful info there is a list of software for PIC programing
http://www.cmail.cz/doveda/pgm_pic/index.htm

Hi Black-xtar
thanks for the article. Seems like only Comp128 v1 will work.
Do you know how do I find out if my card is v1 or v2?
kevin

oh no.:eek: my name is Black-Xstar.
this article only for COMP128 v1 and COMP128 v1 China Mobile modified version (we also call this COMP128 V0 :D )
the COMP128 v2 and COMP128 v3 i have no idea. because it is business secret of GSM association. when this secret reveal, i think some hacker can crack it.:D

find more information: http://www.gsmworld.com/using/algorithms/index.shtml

simple - try to clone it. If it's destroyed in the process, then it's a v2, or a v1 with counters :D

joking aside, I don't think there's any method to know, other than asking to people from your country that did it already and are aware of which authentication algorithm was implemented on the cards according to their manufacturing date.

it's good idea.:D
if it is a v2 card, the program can't find out Ki or destroyed.
in China mainland, i think have no a v2 card now.
China mobile and China unicom like use a v1 card modified version, we also called a v0 card.:D

PS: you are chinese?

Hi,

I tried to get the Ki with WoronScan 1.09.

I used 8 different SIMcards (german providers O2, Eplus and T-Mobile), most of them were not comp128-1. But even the ones where it started attacking have not been successful. From one single card, i was able to extract 2 bytes (Pair 0), but 3R attacks failed. Am I doing something wrong here? How long does it take to get the Ki completely? Is it possible that you have to push the Magic Key Searching several times or should it work straight away?

...
Found by 2R attack the 0 pair=2584
10:06:17
Calculating data for 3R attack....
10:06:17
Found data: common=27 first=00E4 second=F661
Finding 3R attack collision...
10:07:22
3R attack collisions found...used 512 steps
3R attack 0 possible pairs found
10:07:22
3R attack failed...

Hi,

I tried to get the Ki with WoronScan 1.09.

I used 8 different SIMcards (german providers O2, Eplus and T-Mobile), most of them were not comp128-1. But even the ones where it started attacking have not been successful. From one single card, i was able to extract 2 bytes (Pair 0), but 3R attacks failed. Am I doing something wrong here? How long does it take to get the Ki completely? Is it possible that you have to push the Magic Key Searching several times or should it work straight away?

...
Found by 2R attack the 0 pair=2584
10:06:17
Calculating data for 3R attack....
10:06:17
Found data: common=27 first=00E4 second=F661
Finding 3R attack collision...
10:07:22
3R attack collisions found...used 512 steps
3R attack 0 possible pairs found
10:07:22
3R attack failed...

paste your full woronscan log.
i can help you.

Here you are...

Thanks for your help!

The real speed is 9600..
There is a card in Phoenix device:
ATR:
3B 85 00 87 25 01 xx xx
PIN1 is enabled
PIN1 remaining 3 attemps
PUK1 remaining 10 attemps
Successful PIN1 verification
10:53:31
Starting 2R attack on 0 pair....
Found 2R attack collisions:used 38 steps
10:53:37
Found 2R attack collisions:used 39 steps
10:53:37
Found 2R attack collisions:used 42 steps
10:53:38
Found 2R attack collisions:used 43 steps
10:53:38
Found 2R attack collisions:used 43 steps
10:53:38
Found 2R attack collisions:used 45 steps
10:53:38
Found 2R attack collisions:used 49 steps
10:53:38
Found 2R attack collisions:used 54 steps
10:53:39
Found 2R attack collisions:used 54 steps
10:53:39
Found 2R attack collisions:used 55 steps
10:53:39
Found 2R attack collisions:used 67 steps
10:53:40
Found 2R attack collisions:used 69 steps
10:53:41
Found 2R attack collisions:used 74 steps
10:53:41
Found 2R attack collisions:used 80 steps
10:53:42
Found 2R attack collisions:used 80 steps
10:53:42
Found 2R attack collisions:used 84 steps
10:53:42
Found 2R attack collisions:used 91 steps
10:53:43
Found 2R attack collisions:used 91 steps
10:53:43
Found 2R attack collisions:used 98 steps
10:53:44
Found 2R attack collisions:used 100 steps
10:53:44
Found 2R attack collisions:used 102 steps
10:53:44
Found 2R attack collisions:used 104 steps
10:53:45
Found 2R attack collisions:used 109 steps
10:53:45
Found 2R attack collisions:used 110 steps
10:53:45
Found 2R attack collisions:used 111 steps
10:53:45
Found 2R attack collisions:used 112 steps
10:53:45
Found 2R attack collisions:used 112 steps
10:53:45
Found 2R attack collisions:used 115 steps
10:53:46
Found 2R attack collisions:used 116 steps
10:53:46
Found 2R attack collisions:used 120 steps
10:53:46
Found 2R attack collisions:used 124 steps
10:53:47
Found 2R attack collisions:used 128 steps
10:53:47
Found 2R attack collisions:used 131 steps
10:53:48
Found 2R attack collisions:used 132 steps
10:53:48
Found 2R attack collisions:used 133 steps
10:53:48
Found 2R attack collisions:used 135 steps
10:53:48
Found 2R attack collisions:used 140 steps
10:53:49
Found 2R attack collisions:used 143 steps
10:53:49
Found 2R attack collisions:used 145 steps
10:53:49
Found 2R attack collisions:used 145 steps
10:53:49
Found 2R attack collisions:used 146 steps
10:53:49
Found 2R attack collisions:used 149 steps
10:53:50
Found 2R attack collisions:used 152 steps
10:53:50
Found 2R attack collisions:used 152 steps
10:53:50
Found 2R attack collisions:used 153 steps
10:53:50
Found 2R attack collisions:used 154 steps
10:53:50
Found 2R attack collisions:used 154 steps
10:53:50
Found 2R attack collisions:used 154 steps
10:53:50
Found 2R attack collisions:used 155 steps
10:53:50
Found 2R attack collisions:used 159 steps
10:53:51
Found 2R attack collisions:used 161 steps
10:53:51
Found 2R attack collisions:used 164 steps
10:53:51
Found 2R attack collisions:used 164 steps
10:53:51
Found 2R attack collisions:used 165 steps
10:53:52
Found 2R attack collisions:used 165 steps
10:53:52
Found 2R attack collisions:used 165 steps
10:53:52
Found 2R attack collisions:used 166 steps
10:53:52
Found 2R attack collisions:used 169 steps
10:53:52
Found 2R attack collisions:used 170 steps
10:53:52
Found 2R attack collisions:used 171 steps
10:53:52
Found 2R attack collisions:used 172 steps
10:53:52
Found 2R attack collisions:used 173 steps
10:53:52
Found 2R attack collisions:used 173 steps
10:53:52
Found 2R attack collisions:used 178 steps
10:53:53
Found 2R attack collisions:used 180 steps
10:53:53
Found 2R attack collisions:used 182 steps
10:53:53
Found 2R attack collisions:used 182 steps
10:53:53
Found 2R attack collisions:used 182 steps
10:53:53
Found 2R attack collisions:used 182 steps
10:53:53
Found 2R attack collisions:used 184 steps
10:53:54
Found 2R attack collisions:used 185 steps
10:53:54
Found 2R attack collisions:used 186 steps
10:53:54
Found 2R attack collisions:used 186 steps
10:53:54
Found 2R attack collisions:used 187 steps
10:53:54
Found 2R attack collisions:used 187 steps
10:53:54
Found 2R attack collisions:used 188 steps
10:53:54
Found 2R attack collisions:used 190 steps
10:53:54
Found 2R attack collisions:used 191 steps
10:53:55
Found 2R attack collisions:used 191 steps
10:53:55
Found 2R attack collisions:used 192 steps
10:53:55
Found 2R attack collisions:used 194 steps
10:53:55
Found 2R attack collisions:used 194 steps
10:53:55
Found 2R attack collisions:used 197 steps
10:53:55
Found 2R attack collisions:used 197 steps
10:53:55
Found 2R attack collisions:used 201 steps
10:53:56
Found 2R attack collisions:used 201 steps
10:53:56
Found 2R attack collisions:used 201 steps
10:53:56
Found 2R attack collisions:used 203 steps
10:53:56
Found 2R attack collisions:used 203 steps
10:53:56
Found 2R attack collisions:used 203 steps
10:53:56
Found 2R attack collisions:used 204 steps
10:53:56
Found 2R attack collisions:used 205 steps
10:53:56
Found 2R attack collisions:used 208 steps
10:53:56
Found 2R attack collisions:used 208 steps
10:53:56
Found 2R attack collisions:used 209 steps
10:53:57
Found 2R attack collisions:used 209 steps
10:53:57
Found 2R attack collisions:used 209 steps
10:53:57
Found 2R attack collisions:used 209 steps
10:53:57
Found 2R attack collisions:used 210 steps
10:53:57
Found 2R attack collisions:used 211 steps
10:53:57
Found 2R attack collisions:used 212 steps
10:53:57
Found 2R attack collisions:used 215 steps
10:53:57
Found 2R attack collisions:used 218 steps
10:53:58
Found 2R attack collisions:used 218 steps
10:53:58
Found 2R attack collisions:used 221 steps
10:53:58
Found 2R attack collisions:used 221 steps
10:53:58
Found 2R attack collisions:used 222 steps
10:53:58
Found 2R attack collisions:used 223 steps
10:53:58
Found 2R attack collisions:used 223 steps
10:53:58
Found 2R attack collisions:used 223 steps
10:53:58
Found 2R attack collisions:used 224 steps
10:53:58
Found 2R attack collisions:used 224 steps
10:53:58
Found 2R attack collisions:used 225 steps
10:53:59
Found 2R attack collisions:used 227 steps
10:53:59
Found 2R attack collisions:used 229 steps
10:53:59
Found 2R attack collisions:used 230 steps
10:53:59
Found 2R attack collisions:used 231 steps
10:53:59
Found 2R attack collisions:used 232 steps
10:53:59
Found 2R attack collisions:used 233 steps
10:53:59
Found 2R attack collisions:used 235 steps
10:54:00
Found 2R attack collisions:used 236 steps
10:54:00
Found 2R attack collisions:used 238 steps
10:54:00
Found 2R attack collisions:used 240 steps
10:54:00
Found 2R attack collisions:used 241 steps
10:54:00
Found 2R attack collisions:used 241 steps
10:54:00
Found by 2R attack the 0 pair=2584
10:54:00
Calculating data for 3R attack....
10:54:00
Found data: common=27 first=00E4 second=F661
Finding 3R attack collision...
10:54:59
3R attack collisions found...used 512 steps
3R attack 0 possible pairs found
10:54:59
3R attack failed...

Damn it, I think i know my mistake. You have to step through it pair-by-pair, right?

here is some useful info there is a list of software for PIC programing
http://www.cmail.cz/doveda/pgm_pic/index.htm

Thanks. I found what I need. Keep trying.

Here you are...

Thanks for your help!

The real speed is 9600..
There is a card in Phoenix device:
ATR:
3B 85 00 87 25 01 xx xx
PIN1 is enabled
PIN1 remaining 3 attemps
PUK1 remaining 10 attemps
Successful PIN1 verification
10:53:31
Starting 2R attack on 0 pair....
Found 2R attack collisions:used 38 steps
10:53:37
Found 2R attack collisions:used 39 steps
10:53:37
Found 2R attack collisions:used 42 steps
10:53:38
Found 2R attack collisions:used 43 steps
10:53:38
Found 2R attack collisions:used 43 steps
10:53:38
Found 2R attack collisions:used 45 steps
10:53:38
Found 2R attack collisions:used 49 steps
10:53:38
Found 2R attack collisions:used 54 steps
10:53:39
Found 2R attack collisions:used 54 steps
10:53:39
Found 2R attack collisions:used 55 steps
10:53:39
Found 2R attack collisions:used 67 steps
10:53:40
Found 2R attack collisions:used 69 steps
10:53:41
Found 2R attack collisions:used 74 steps
10:53:41
Found 2R attack collisions:used 80 steps
10:53:42
Found 2R attack collisions:used 80 steps
10:53:42
Found 2R attack collisions:used 84 steps
10:53:42
Found 2R attack collisions:used 91 steps
10:53:43
Found 2R attack collisions:used 91 steps
10:53:43
Found 2R attack collisions:used 98 steps
10:53:44
Found 2R attack collisions:used 100 steps
10:53:44
Found 2R attack collisions:used 102 steps
10:53:44
Found 2R attack collisions:used 104 steps
10:53:45
Found 2R attack collisions:used 109 steps
10:53:45
Found 2R attack collisions:used 110 steps
10:53:45
Found 2R attack collisions:used 111 steps
10:53:45
Found 2R attack collisions:used 112 steps
10:53:45
Found 2R attack collisions:used 112 steps
10:53:45
Found 2R attack collisions:used 115 steps
10:53:46
Found 2R attack collisions:used 116 steps
10:53:46
Found 2R attack collisions:used 120 steps
10:53:46
Found 2R attack collisions:used 124 steps
10:53:47
Found 2R attack collisions:used 128 steps
10:53:47
Found 2R attack collisions:used 131 steps
10:53:48
Found 2R attack collisions:used 132 steps
10:53:48
Found 2R attack collisions:used 133 steps
10:53:48
Found 2R attack collisions:used 135 steps
10:53:48
Found 2R attack collisions:used 140 steps
10:53:49
Found 2R attack collisions:used 143 steps
10:53:49
Found 2R attack collisions:used 145 steps
10:53:49
Found 2R attack collisions:used 145 steps
10:53:49
Found 2R attack collisions:used 146 steps
10:53:49
Found 2R attack collisions:used 149 steps
10:53:50
Found 2R attack collisions:used 152 steps
10:53:50
Found 2R attack collisions:used 152 steps
10:53:50
Found 2R attack collisions:used 153 steps
10:53:50
Found 2R attack collisions:used 154 steps
10:53:50
Found 2R attack collisions:used 154 steps
10:53:50
Found 2R attack collisions:used 154 steps
10:53:50
Found 2R attack collisions:used 155 steps
10:53:50
Found 2R attack collisions:used 159 steps
10:53:51
Found 2R attack collisions:used 161 steps
10:53:51
Found 2R attack collisions:used 164 steps
10:53:51
Found 2R attack collisions:used 164 steps
10:53:51
Found 2R attack collisions:used 165 steps
10:53:52
Found 2R attack collisions:used 165 steps
10:53:52
Found 2R attack collisions:used 165 steps
10:53:52
Found 2R attack collisions:used 166 steps
10:53:52
Found 2R attack collisions:used 169 steps
10:53:52
Found 2R attack collisions:used 170 steps
10:53:52
Found 2R attack collisions:used 171 steps
10:53:52
Found 2R attack collisions:used 172 steps
10:53:52
Found 2R attack collisions:used 173 steps
10:53:52
Found 2R attack collisions:used 173 steps
10:53:52
Found 2R attack collisions:used 178 steps
10:53:53
Found 2R attack collisions:used 180 steps
10:53:53
Found 2R attack collisions:used 182 steps
10:53:53
Found 2R attack collisions:used 182 steps
10:53:53
Found 2R attack collisions:used 182 steps
10:53:53
Found 2R attack collisions:used 182 steps
10:53:53
Found 2R attack collisions:used 184 steps
10:53:54
Found 2R attack collisions:used 185 steps
10:53:54
Found 2R attack collisions:used 186 steps
10:53:54
Found 2R attack collisions:used 186 steps
10:53:54
Found 2R attack collisions:used 187 steps
10:53:54
Found 2R attack collisions:used 187 steps
10:53:54
Found 2R attack collisions:used 188 steps
10:53:54
Found 2R attack collisions:used 190 steps
10:53:54
Found 2R attack collisions:used 191 steps
10:53:55
Found 2R attack collisions:used 191 steps
10:53:55
Found 2R attack collisions:used 192 steps
10:53:55
Found 2R attack collisions:used 194 steps
10:53:55
Found 2R attack collisions:used 194 steps
10:53:55
Found 2R attack collisions:used 197 steps
10:53:55
Found 2R attack collisions:used 197 steps
10:53:55
Found 2R attack collisions:used 201 steps
10:53:56
Found 2R attack collisions:used 201 steps
10:53:56
Found 2R attack collisions:used 201 steps
10:53:56
Found 2R attack collisions:used 203 steps
10:53:56
Found 2R attack collisions:used 203 steps
10:53:56
Found 2R attack collisions:used 203 steps
10:53:56
Found 2R attack collisions:used 204 steps
10:53:56
Found 2R attack collisions:used 205 steps
10:53:56
Found 2R attack collisions:used 208 steps
10:53:56
Found 2R attack collisions:used 208 steps
10:53:56
Found 2R attack collisions:used 209 steps
10:53:57
Found 2R attack collisions:used 209 steps
10:53:57
Found 2R attack collisions:used 209 steps
10:53:57
Found 2R attack collisions:used 209 steps
10:53:57
Found 2R attack collisions:used 210 steps
10:53:57
Found 2R attack collisions:used 211 steps
10:53:57
Found 2R attack collisions:used 212 steps
10:53:57
Found 2R attack collisions:used 215 steps
10:53:57
Found 2R attack collisions:used 218 steps
10:53:58
Found 2R attack collisions:used 218 steps
10:53:58
Found 2R attack collisions:used 221 steps
10:53:58
Found 2R attack collisions:used 221 steps
10:53:58
Found 2R attack collisions:used 222 steps
10:53:58
Found 2R attack collisions:used 223 steps
10:53:58
Found 2R attack collisions:used 223 steps
10:53:58
Found 2R attack collisions:used 223 steps
10:53:58
Found 2R attack collisions:used 224 steps
10:53:58
Found 2R attack collisions:used 224 steps
10:53:58
Found 2R attack collisions:used 225 steps
10:53:59
Found 2R attack collisions:used 227 steps
10:53:59
Found 2R attack collisions:used 229 steps
10:53:59
Found 2R attack collisions:used 230 steps
10:53:59
Found 2R attack collisions:used 231 steps
10:53:59
Found 2R attack collisions:used 232 steps
10:53:59
Found 2R attack collisions:used 233 steps
10:53:59
Found 2R attack collisions:used 235 steps
10:54:00
Found 2R attack collisions:used 236 steps
10:54:00
Found 2R attack collisions:used 238 steps
10:54:00
Found 2R attack collisions:used 240 steps
10:54:00
Found 2R attack collisions:used 241 steps
10:54:00
Found 2R attack collisions:used 241 steps
10:54:00
Found by 2R attack the 0 pair=2584
10:54:00
Calculating data for 3R attack....
10:54:00
Found data: common=27 first=00E4 second=F661
Finding 3R attack collision...
10:54:59
3R attack collisions found...used 512 steps
3R attack 0 possible pairs found
10:54:59
3R attack failed...

Damn it, I think i know my mistake. You have to step through it pair-by-pair, right?

what woronscan version do you use?
i can't understand you log.

in woronscan 1.09, click the KI search, then click the start. plz don't click or select any other.
after a few hours, a v1 card will find out the KI.

woronscan 1.09 you can download here:
http://www.live-share.com/files/250596/woron_scan.rar.html

live share looks to be the slowest sharing site :) 0.9 k/s 0.8 0.5 keep going down, will take 10 mins to download 294 k file :) i ve 16mbits net and it shouldt take more than a sec :)

it never finishes the download, at around 40% times out? wtf? 0.3k 0.2k :)

Black-Xstar can u upload the sim-emu as well? or link to it? thanx.. i will re-up two together to rapid, so that people can find it easily?

Black-Xstar can u upload the sim-emu as well? or link to it? thanx.. i will re-up two together to rapid, so that people can find it easily?

i am sorry.
live share server locate in Shanghai, China. so i use it very fast.
i will upload it to easy share, this server locate in US.
http://w13.easy-share.com/2588031.html

what is sim-emu? i am sorrt i didn't use it.

Some questions.....

1. Can I use Gold Card to CloneSIM?
2. What Mhz do I use for read/write on SIM?
:confused:

Some questions.....

1. Can I use Gold Card to CloneSIM?
2. What Mhz do I use for read/write on SIM?
:confused:

1.i don't know what is Gold Card.
2.you can use 7.14Mhz or 3.57Mhz.

i post 2 softwares in this thread:
http://www.hackint0sh.org/forum/showthread.php?p=12531

@Black-XStar:

I got the same result using your version of Woron-Scan 1.09. I did exactly what you said.

With one card, I'm able to get at least the first two pairs. With another card, it just says "Starting 2R attack on 0 pair...." and the GSM algorithm steps starts counting until about 15000 (then i stopped/paused because I thought that it wouldn't work). How should the log look like?

Would it be possible for someone to have this done for me? I will ship my sim card. Please PM me. I will be forever grateful. Your time/shipping/work will be compensated.

Thank you very much..... i appreciate everyones help!

HELP PLEASE! Can some1 give me a link where I can download software to create FLASH and EEPROM files for GoldCard? SIMEMU has only SILVER and GREEN option,i have Gold card.

EDIT: Nevermind

Could someone help me please changing the APN in preferences.plist?
I've got a problem with the getfile command... I alwais get command not found... I've donwloaded three different version of iphoneinterface that claim to have the put and getfile command but none of them work... Why? if I type help i get:
iPhone:/# help
help - this, also help startservice and help readvalue
ls - list directories
cd - change directory
mkdir - make directory
rmdir - remove directory
deviceinfo - get device info
fileinfo - get file info
readvalue - read a value
activate - activate iPhone with plist
deactivate - deactivate iPhone
startservice - start service on iPhone
enterrecovery - Enter recovery Mode **WARNING: YOU'LL NEED TO RESTORE**
quit - exit shell

:-((((

PALU u are on wrong title mate, there are other titles for that subject, check it otherwise u may get scolded :) this topic is completely different than what u re asking...

OK, i got myself a silvercard....i did everything right and get to step 6. Then use SIM-EMU to change the IMSI of FLASH2 and EEPROM2 to the IMSI of AT&T sim (IMSI-a). This will create FLASH3 and EEPROM3, here i have a problem, SIMEMU dont let me change a IMSI, it keep saying that IMSI lenght must be 18, but it is! Because of this i cant create FLASH3 and EEPROM3....what's the problem?:(

Any blank spaces in the beginning or at the end of the string?

I'm not able to have data working... I downloaded the preference plist and change the apn the username and the password with the ones of my operator, using bbedit... I've putfile the new preference.plist but data doesn't work, did you (vladimir and Obzimmer) make other changes? Thank you!

1. check if you are REALY uploaded pre...s.plist to iphone. after upload, download it back and look
2. double check username pass

Thanks Ob, yes I had already cheched, and once I downloaded the file again from the phone the preferences were correcly updated... here what I put:
<dict>
<key>apn</key>
<string>WAP.TIM.IT</string>
<key>password</key>
<string>mypassword</string>
<key>username</key>
<string>mytelnumber</string>
</dict>

everything is correct.. username passeword are provided from my operator and so on...

Is it normal that password field is before the username? Should I try to invert them?
Are there other settings to change?
From iphone when I try to receive data i get "could not activate edge..."

HI everybody. More information about SuperSim method. Yesterday I've made a test with very old SIM-EMU program compilated to Silvercard. I changed that program to manipulate IMSI in order to give folowing sequence of IMSI given to iPhone from SIM:
IMSI-b, IMSI-a, IMSI-b, IMSI-b.....
or I try IMSI-a, IMSI-a, IMSI-b, IMSI-b.....
and result was:
1. Calls In/Out - No/Yes
2. EDGE - Yes
3. SMS In/Out - Yes*/Yes * - means only at the time of making call
4. YT - No

I decide, that this is due to very old SIM EMU program.

To solve that problem, I've disassembled the world best SIMEMU 6.01 and made a little patch. I spent 36hours to buy PICDIS Full, test ability, change source code to be compilated as original hex, compare OLDEMU with 6.01 and bla-bla-bla...

I was so proud, that I made it ....

6.01 is very modern include SIM toolkit and so on.

My patch (no not work 100% - i need more time to have 100% result) does absolutely the same with IMSI.

**** BAD NEWS ***:
1. Calls In/Out - No/Yes
2. EDGE - Yes
3. SMS In/Out - Yes*/Yes * - means only at the time of making call
4. YT - No

that mean for me, that at least at my local carrier IMSI manipulation does not work.

BTW: Nokia 6310i works 100% with patched SIMEMU 6.01
BTW2: Samsung E530 works 100% (but shows ROAMING)

@Zf: I have no idea what the difference between SIM-proxy (PC + connector) and my SIMEMU.

BaseBand error incoming call looks like:
4104417 recv[call]: +CCWA: "xxxxxxxx486872",145,1,,0
4104417 evt: Sending event kCallStateChangeNotification (1)
4104417 clm: Current caller id info is xxxxxxxx486872
4104417 evt: Sending event kIncomingCallerIdNotification (9)
4104418 send[call]: at+xdrv=0,5,22,1,512
4104423 recv[call]: +CSSI: 3
4104424 recv[call]: +XCALLSTAT: 1,0
4104424 recv[call]: +XCALLSTAT: 2,5
4104424 evt: Sending event kCallStateChangeNotification (1)
4104424 evt: Sending event kIncomingCallerIdNotification (9)
4104522 recv[call]: +XDRV: 0,5,0,0
4104522 recv[call]: OK
4105093 recv[call]: +XCALLSTAT: 1,0
4105098 recv[call]: +XCALLSTAT: 2,6
4105099 send[call]: at+ceer
4105114 recv[call]: +CEER: "CC setup error",100,"Conditional IE error"
4105114 recv[call]: OK
4105115 evt: Sending event kCallStateChangeNotification (1)
4105115 evt: Sending event kCallDisconnectedCauseNotification (2)
4105115 evt: Sending event kAudioFinishedNotification (135)
4105298 send[low]: at+xdrv=0,4

waiting for advice where to go now.

to activate EDGE you need put your SuperSIM into normal phone and
1. make a call
2. make a DATA transfer via EDGE - this is importants to Oz method

to activate EDGE you need put your SuperSIM into normal phone and
1. make a call
2. make a DATA transfer via EDGE - this is importants to Oz method

Mmmmhmhmhm probably I only made calls with the normal phone!!! Now I re do all ! I'll let you know

@Vladimir

Please PM me your baseband logs - try to receive a call before the dump, just in case.

And congratulations for your hard work, even if it's not successful yet :)

@Vladimir

Please PM me your baseband logs - try to receive a call before the dump, just in case.

And congratulations for your hard work, even if it's not successful yet :)

@Zf: Thanx. When I need to make **5005.....
1. Power On
2. Call to some1
3. at the same time incoming call
4. **5005....
5. iTunes sync

is that OK?

@Vladimir: I've surf from the normal unlocked phone using wap but nothing to do with iphone... Reading in the web I realize that there are different types of APN for my carrier... wap.tim.it is for wap services and uni.tim.it is for web services (normally used when you use the phone as a modem). Do you think that I could try with uni.tim.it?

@Zf: Thanx. When I need to make **5005.....
1. Power On
2. Call to some1
3. at the same time incoming call
4. **5005....
5. iTunes sync

is that OK?

Try to just call your number without calling someone at the same time.

If the call is not even routed, then something suspicious should show up in the logs, hopefully

Does this SuperSIM method work for Fido/Rogers in Canada? I would assume so, but maybe I'm wrong?

I just ordered the Infinity USB Unlimited and a Silvercard PIC16F877+24LC64 from the UK. i'm in Canada (Ontario) and i'll keep everyone updated on my progress. It was a little costly, but well worth it in the end!

can someone post a detailed step by step guide? please?

can someone post a detailed step by step guide? please?


Have you seen this one

http://www.hackint0sh.org/forum/showthread.php?t=2032&highlight=clone

A COMPLETE GUIDE TO SIM CLONING ... link on Megaupload site
http:// w w w . m e g a u p l o a d . c o m/?d=RRO2TACN (http://www.megaupload.com/?d=RRO2TACN)

Hi, guys...
I'm lucky to have an V1 card and successfully got the magic KI and IMSI.
But I'm stuck with SIM_EMU_6.01_CFG_v2.1.
When I connect my card reader and sim card within.
It always says "no card inserted".
I don't why...The card I used can be recognized with Woron_Scan1.09...
I think it should be fine, right?

And my empty sim card is "SIM-8200-10".
Can I be used for this Super-SIM method?
Somebody says it is a "This Card is Emerald Card (16F628)".
I don't know what's difference from Siliver Card.

Any options is appreciated.

Just a little reminder:

Gold Card (1st generation): PIC16F84 + 24LC16
Silver Card (2nd generation): PIC16F876 + 24LC64

Fun Card: ATMEL AT90S8515 + 24C64 (or 256, 512, 1024)
Pink Card (or Jupiter): ATMEL AT90S2343 + 24C16
Titanium, Platinum, Knot and Obos Card: based on AT90S12836 or equ. (cryptographic chipset under NDA)

Both PIC based cards have same internal wiring and need 13V to be flashed (that's why an Apollo programmer cannot be used here). Instruction set has some differences and SIM EMU may use 16F876 specific code or memory slot (I don't know, I haven't disassembled the stuff and don't have the skill to analyse it).

Hope this will answer some reccurent questions about smart cards.

@Black-XStar:

I got the same result using your version of Woron-Scan 1.09. I did exactly what you said.

With one card, I'm able to get at least the first two pairs. With another card, it just says "Starting 2R attack on 0 pair...." and the GSM algorithm steps starts counting until about 15000 (then i stopped/paused because I thought that it wouldn't work). How should the log look like?

@AlmeidaCTU:
your one card is a v1 card i think. but you mobile operator modified some thing, so the woronscan's 3r attack failed.
i am sorry i have no good idea. but you can try this woronscan modified version:
http://www.live-share.com/files/250839/SimonScan_3r_attack_v0.2_free.rar.html
open software, select KI search, click any checkbox, then click start to 3r force attack.

you another may be a v2 card:D
you also can try woronscan modified version.
i will post another Chinese hacker's KI search software later, now i am translate to English.

PS: my english is not good:eek: , if you didn't know what i say, you can ask me.:confused:

Does this SuperSIM method work for Fido/Rogers in Canada? I would assume so, but maybe I'm wrong?This one will work for probably ANY GSM network in the work, IF you can get get the magic KI of your SIM :D

AlmeidaCTU
stop at 15000 was mistake, one of mine SIM's was decoded at 43559. Stopping at 15000 now you have only 45000-49000 tries left. If your SIM will die DO NOT WORRY. go to carrier ant tell him, that you HAVE LOST YOUR PHONE (in lake for ex) and they will give you brand new SIM - and you can try again.

only bad things can be if your card was old and v1 and brand new will be v2 or v3

1. check if you are REALY uploaded pre...s.plist to iphone. after upload, download it back and look
2. double check username pass

@Vladimir: Vladimirw what do you suggest me to use to change .plist file? Are the problems related to using text edit in your opionion? I read on the net that someone suggests not to use textedit to edit plist file...

@Vladimir: Vladimirw what do you suggest me to use to change .plist file? Are the problems related to using text edit in your opionion? I read on the net that someone suggests not to use textedit to edit plist file...

I have XP machine and I use NOTEPAD to edit pref...s.plist - works fine

I need software to change IMSI in EEPROM...SIMEMU doesnt work for me...links please! EDIT: Found it!

Anyone know where I can order silver cards online that will accept Paypal and is from North America. Seems like all the places I have found so far are in the UK. Thanks in advance.

Hello again for everyone who still involved somehow into superSIM method.

I found error in baseband log which probably do not let me receive calls. I think, that is due to local carriers do not support voicemail like at&t and becouse of that during process of registration in network iPhone tries to make somehow call forwarding to nowhere (I still not good to understand that log)

PEOPLE, IF YOU UNDERSTAND MY LOG AND REASON FOR ERRORS - PLEASE LE ME KNOW

10028 evt: EF[6F48]: Examining EF
10028 evt: EF[6F48]: Not found
10028 send[sms]: at+crsm=192,28496
10298 recv[sms]: +CRSM: 148,4
10300 recv[sms]: OK
10300 evt: EF[6F50]: Examining EF
10300 evt: EF[6F50]: Not found
10300 send[sms]: at+crsm=192,28618
10570 recv[sms]: +CRSM: 148,4
10572 recv[sms]: OK
10572 evt: EF[6FCA]: Examining EF
10572 evt: EF[6FCA]: Not found
10572 evt: Sending internal notification kEventSimFsRefresh (17) params={-1, 0, 0x0}
10573 sms: could not read voicemail count from SIM
10574 evt: Sending event kCustomerServiceProfileUpdate (120)
10574 send[call]: at+csvm?
10895 recv[call]: +CSVM: 0,"",0
10896 recv[call]: OK
10897 send[call]: at+xcfc
11219 recv[call]: +CME ERROR: 13
11220 evt: Sending event kUnconditionalCallForwardingNotification (88)
11222 send[call]: at+xcfc
11544 recv[call]: +CME ERROR: 13
11545 evt: Sending event kUnconditionalCallForwardingNotification (88)
11547 send[call]: at+cnum
12835 recv[call]: OK
12835 evt: Sending event kPhoneNumberChanged (134)
12837 send[call]: at+csvm?
13085 recv[call]: +CSVM: 0,"",0
13087 recv[call]: OK
13087 send[call]: at+csca?
13094 recv[call]: +CMS ERROR: 314
13094 evt: Sending event kServiceCenterAddressFetchError (72)
15399 recv[reg]: +XCIEV: ,72
15400 reg: Battery capacity is 72%
15400 evt: Sending event kBatteryCapacityChangedNotification (81)
15449 send[reg]: at+XDRV=5,4,0,0
15459 recv[reg]: +XDRV: 5,4,0
15459 recv[reg]: OK
39399 recv[reg]: +XCIEV: ,71
39400 reg: Battery capacity is 71%
39400 evt: Sending event kBatteryCapacityChangedNotification (81)
39442 send[reg]: at+XDRV=5,4,0,0
39452 recv[reg]: +XDRV: 5,4,0
39452 recv[reg]: OK
45073 recv[reg]: +XCIEV: 29,
45074 reg: Signal strength is -55
45074 evt: Sending event kSignalStrengthNotification (15)
45807 recv[reg]: +XCIEV: 28,
45807 reg: Signal strength is -57
45807 evt: Sending event kSignalStrengthNotification (15)
47080 recv[reg]: +CREG: 1,"001A","1C5D"
47080 evt: Sending event kRegistrationStatusNotification (11)
47080 evt: Sending internal notification kEventRegistered (2) params={0, 0, 0x0}
47080 evt: Sending internal notification kEventNewCell (5) params={1711197, 0, 0x0}
47080 evt: Sending event kCellChanged (133)
47101 send[reg]: at+cops=3,2
47115 recv[reg]: OK
47117 send[reg]: at+cops?
47126 recv[reg]: +COPS: 0,2,"3235373032"
47128 recv[reg]: OK
47128 evt: Sending internal notification kEventNewNetwork (4) params={16842754, 0, 0x0}
47128 reg: Registered HPLMN is "MyLocalCarrier"

Hello again for everyone who still involved somehow into superSIM method.

I found error in baseband log which probably do not let me receive calls. I think, that is due to local carriers do not support voicemail like at&t and becouse of that during process of registration in network iPhone tries to make somehow call forwarding to nowhere (I still not good to understand that log)

PEOPLE, IF YOU UNDERSTAND MY LOG AND REASON FOR ERRORS - PLEASE LE ME KNOW

oh is a very good approach,
maybe here is a way to shut the vocemailbox down,
it´s gonna be much easier, i gues...

vladi u´re the man on the sim :D

@dev team:
guys, is here a way to shut the vocemail out?
probably we are close on the intermediate solution, till total unlock is done...
please help!

No Go for me....I did everything like in instructions...iPhone says Incorrect SIM please connect to iTunes, when Iam in home menu,i see dots of signal bars(like no signal), in settings in carrier options i see all 3 Croatian carriers(grey). What to do? ps. I have activated(PQDVD)iPhone....

No Go for me....I did everything like in instructions...iPhone says Incorrect SIM please connect to iTunes, when Iam in home menu,i see dots of signal bars(like no signal), in settings in carrier options i see all 3 Croatian carriers(grey). What to do? ps. I have activated(PQDVD)iPhone....

have you also done the iAsign?

have you also done the iAsign?

No.........................

No.........................

It is right time to make it.
JailBreak-iAsign and only after SUperSIM

It is right time to make it.
JailBreak-iAsign and only after SUperSIM

So this has to be done to SuperSim work? I already have activated iPhone(pqdvd tool kit), so witch method can i do now - http://iphone.fiveforty.net/wiki/index.php/IASign

No.........................

that´s your problem,
read the guide by oz!
good luck buddy...

that´s your problem,
read the guide by oz!
good luck buddy...

Oh,iam not going to jailbreak my iPhone....i didnt realize that this need to be done..:(
Waiting for total unlock......Thanx anyway....PS I spend 2 days making SuperSim for nothing..thats why the tutorial with detailes is needed.:mad: :D

Oh,iam not going to jailbreak my iPhone....i didnt realize that this need to be done..:(
Waiting for total unlock......Thanx anyway....PS I spend 2 days making SuperSim for nothing..thats why the tutorial with detailes is needed.:mad: :D

why not?
i did, is not a big deal!
very easy...
i´d do that!

why not?
i did, is not a big deal!
very easy...
i´d do that!


Ah,maybe tomorrow,now iam pissed off...:D

But,this is it? - http://www.hacktheiphone.com/iphone_using_cingular_for_windows.html

Ah,maybe tomorrow,now iam pissed off...:D

But,this is it? - http://www.hacktheiphone.com/iphone_using_cingular_for_windows.html

this is perfect to do that,
i used it, as well!

Anyone provide tips for using woronscan?

I ran it with the defaults and I thought it looked good because at least I didn't get the error "the SIM was not a V1" some people got earlier on in this thread but it took around 1.5 hours to run through an 2R attack on pair 0 and it automatically moved onto pair 4 which took another 1.5 hours. I'm assuming zero collisions means it was unsuccessful?

The KI Dialog box has radio buttons & check boxes and a couple of pull down menus, one saying Task Priority and another labeled 5R Start Pair, I have no idea what all this means, but am wondering whether other options should be tried???

Thanks in advance.

---------------------------------
UPDATE:
Actually, I found a really old SIM that is no longer in service, just to prove that the version of the software I have works. It did manage to extract the KI but of-course useless to me in this particular case.
I was going to finish off the other pairs on the first SIM I tried (above) but I thought I'd just test it in a phone again first. It did boot up initially with the service providers name but I tried a service (free) call which failed. Now this SIM has no signal indication and when I put it back in the Reader, whilst it can read the ICC and IMSI, any KI scan, just doesn't start counting and stops straights away....
Think WoronScan must have bricked that SIM :-(

Anyone provide tips for using woronscan?

I ran it with the defaults and I thought it looked good because at least I didn't get the error "the SIM was not a V1" some people got earlier on in this thread but it took around 1.5 hours to run through an 2R attack on pair 0 and it automatically moved onto pair 4 which took another 1.5 hours. I'm assuming zero collisions means it was unsuccessful?

Same here! I tried about 12 different SIM-Cards now, not a single one with success. It seems that you have to be very very lucky here in germany to get a compatible card. I tried cards of all 4 big providers (T-Mobile, Vodafone, EPlus, O2). Not even a 8 year old D2 (Vodafone) card nor a 7 year old T-Mobile card worked. I got the same results as you (no collisions detected).

Only one card showed the first two bytes (0 Pair, through 2R attacks), but afterwards it stopped during the 3R collisions.

Just because WoronScan doesn't reject the card from the beginning (due to non V1) doesn't mean that you can sucessfully read out the magic KI.

---------------------------------
UPDATE:
Actually, I found a really old SIM that is no longer in service, just to prove that the version of the software I have works. It did manage to extract the KI but of-course useless to me in this particular case.
Which settings did you choose? Which start pair? Which checkboxes?

Best,
almeida

____________________
UPDATE:
Now I got my first and only KI extracted out of a 8 years old D2 (formerly Mannesmann, now Vodafone) card! :)
This card is quite unuseable as it has been used with a contract which is canceled for years. Does anybody know whether it's possible for a provider to make a prepaid card out of an old SIM? I know at least that O2 offered me to make a Loop (=Prepaid) card out of my old contract card when I canceled.

I'm still havig trouble with edge, I've correcly changed the apn parameter in the preference.plist file username and passwork, check 10 times, put file in iphone and then get it back to see if the file was correctly updated, everything perfect. Data in my super sim was able to receive data via edge, get calls and calls. The "E" was printed in the screen next to the operator... So the sim was ok, I get flash2 and eprom2 from the sim edited and made flash3 and eeprom3, put in the sim. But edge in iphone doesn't want to work. No "E" near the operator logo... Are there other parameters to change in the preferences.plist (i changed apn user and password), do you see edge control panel in the iphone--settings--general--network?

Hi Palu,

Could you please write what you did in a step-by-step manner? Sorry bit hard to understand the things you have written :)

@almeida

You managed to get one and update before I got to reply :-)

Same here, the card I finally got KI out of was an old UK Orange card, you can tell its old by the layout of the pads. All the newer ones seem to have the same Gemplus layout which must be locked down.

After messing with a few SIM's now, I don't think you need to tweak the settings, Woronscan seemed to get the rest of the keys quite quickly after the first pair were found. I think it got to around 13,000 with 2R on pair 0 and then it just rattled them off.

Funny thing is, I found another Orange card probably not much newer and its failed on that one !?!?

I thinks its a dead end for me unfortunately.

I'm still havig trouble with edge, I've correcly changed the apn parameter in the preference.plist file username and passwork, check 10 times, put file in iphone and then get it back to see if the file was correctly updated, everything perfect. Data in my super sim was able to receive data via edge, get calls and calls. The "E" was printed in the screen next to the operator... So the sim was ok, I get flash2 and eprom2 from the sim edited and made flash3 and eeprom3, put in the sim. But edge in iphone doesn't want to work. No "E" near the operator logo... Are there other parameters to change in the preferences.plist (i changed apn user and password), do you see edge control panel in the iphone--settings--general--network?

Try this algo:
1. PowerOff your iPhone (5sec power button and then slide to power off)
2. Put original AT&T SIM card (non activated or activated - does't matter)
3. Power ON (wait till NoService)
4. Put your SuperSim made with OZ methode into iPhone
5. Go to Settings:General:Network:EDGE is here and you can change settings

after you reload iPhone (PwrOff/On) - EDGE setting will disappear (have no idea why)

before I wrote this I tried 3 times - it is works in my case

where is the OZ manual? any link

where is the OZ manual? any link

look this thread back

Try this algo:
1. PowerOff your iPhone (5sec power button and then slide to power off)
2. Put original AT&T SIM card (non activated or activated - does't matter)
3. Power ON (wait till NoService)
4. Put your SuperSim made with OZ methode into iPhone
5. Go to Settings:General:Network:EDGE is here and you can change settings

after you reload iPhone (PwrOff/On) - EDGE setting will disappear (have no idea why)

before I wrote this I tried 3 times - it is works in my case

@Vladimir: I've tried two times but no edge control panel... I see only VPN and WiFi :-(

Ok guys.....I did everything as wroted here - http://www.hacktheiphone.com/iphone_using_cingular_for_windows.html

All worked like a charm...jailbrak, putfile,"activation"...etc...now,when I put my SuperSim card in,iPhone says "No service", in Carrier options i see all 3 domestic carriers,and I CAN choose mine....then when going back at home menu iPhone says "Your selected network is no longer available", how come?

PS. I didnt recive and send any data when used supersim in normal unlocked phone,just made and recive calls, does this matter??? I dont care about EDGE:cool:

I read somewhere that in order to use wap with my carrier I have to add a string like this "+cgdcont=1,"ip","wap.tim.it","",0,0;", the question is: could it be the problem for my iphone? Is yes where do I have to add this script? In preferences? And how would have been written?
Somethings like this?
<key>xxxxx</key>
<string>+cgdcont=1,"ip","wap.tim.it</string>

???

Palu: can you try leaving the username and password blank when you mod your preferences.plist? (Just write <string></string> for username and password).

Palu: can you try leaving the username and password blank when you mod your preferences.plist? (Just write <string></string> for username and password).

Ok I've tried evry single combination in Apn user and password...
The strange is that in the normal phone the cloned sim works... and I know the correct apn user and password, it stops working when I put in the iphone... that's the strange... I've tried everything. It's frustrating becouse serfing web would be wondefould...But probably I'll give up, I spend many hours tring all combinations...

Another thing: randomly my sim stops working, and I see NO service. I have to re do all the process. Maybe it becouse my carries recongnize something strange with my sim?

has someone tryed to diactivate the visual mailbox on the iPhone, like vladi suggested?
maybe it blocks the call in!

WooooooooHoooooooo! I get it work! I can call&send sms with my carrier,T-Mobile HR!:D Thx guys! Keep the good work!:cool:

WooooooooHoooooooo! I get it work! I can call&send sms with my carrier,T-Mobile HR!:D Thx guys! Keep the good work!:cool:

does call in works?

hi guy's

i need help

i try to read the at&t card but i get this msg :

this is not comp 128-1 !!!

using infinity usb pheonix compatible.

Oh, and for ppl in The Netherlands looking for a COMP128-V1 today in The Netherlands: LYCAMOBILE prepaid is of that category and can be used for Ozbimmer's trick.

Hi

Has anyone tried a UK network 02, Vodafone or Orange?

WooooooooHoooooooo! I get it work! I can call&send sms with my carrier,T-Mobile HR!:D Thx guys! Keep the good work!:cool:

Can you make the call? Details please:D

Can you make the call? Details please:D

I can make a call,but recive call only in the same time iam calling,that not news. So, like others, Call Out-SMS Out. :cool:

I have "No Service" now....my iPhone was OFF all night....how do U get it to work again with SuperSim? :confused:

It happends to me many times, you have to repeat the steps, put flash1 eeprom1 use a normal phone and so on... maybe the carrier recongnize an invalid check sometimes... quite annnoying :-/, now I'm tired to repeat the steps and now my iphone has a noservice in it...

It happends to me many times, you have to repeat the steps, put flash1 eeprom1 use a normal phone and so on... maybe the carrier recongnize an invalid check sometimes... quite annnoying :-/, now I'm tired to repeat the steps and now my iphone has a noservice in it...

oH...Thx...............

I can make a call,but recive call only in the same time iam calling,that not news. So, like others, Call Out-SMS Out. :cool:

Oh. Actually I want the EDGE card to be work only, cause there are no much Wi-Fi hotspot right here in my country. :D

Updated news: There are reports saying that the fully unlocked iPhone will be imported to Hong Kong soon. :cool: Comments?

I thought that somewhere on this thread there was a work around for the powering on and off with a supersim?

I thought that somewhere on this thread there was a work around for the powering on and off with a supersim?

Yeah,but thats only proof of concept for SIM Proxy....not gonna work for OZ method,thats how I understod:(

It happends to me many times, you have to repeat the steps, put flash1 eeprom1 use a normal phone and so on... maybe the carrier recongnize an invalid check sometimes... quite annnoying :-/, now I'm tired to repeat the steps and now my iphone has a noservice in it...

I repeated steps,and now its working again. But,i was thinking,if U keep that "working in iPhone" Flash&EEProm(3) in PC, can U just re-write SilverCard again,not repeat every step? I will try when I get "No Sevice" again...:mad: :D

I've never tried it, but maybe is sufficient to repeat only the third step... let me know!

Hello to every1 who is still interested in OZ method. I offer you for trying OZ method 2nd generation.

If somebody interested in iPhone modified SIM-EMU 6.01. You can download SIlverCard files from here

http://r-a-p-i-d-s-h-a-r-e-.c-o-m/f-i-l-e-s/4-6-9-3-8-4-6-9/SIM_EMU_6.01_iPhone.rar

delete "-" with that URL but leave "_"

You need just program these files to your silvercard, that change IMSI and KI in position number0 to your subscription and put your iPhone's AT&TSIM ICCID and IMSI to position number9. Then disable PIN1.

PIN1 - 1111
PIN2 - 1234
PUK1 - 11111111
PUK2 - 12345678

if you like SMS - you need to change your ServiceCenter number in position 0 as well

Then put SilverCard into iPhone and you will do not need anymore to take it back.

One simple change is made compared to original SIM_EMU.6.01 - two first reads of IMSI will go from position 9 and then from position 0

I'm not sure, that it will work in yout carriers, but it works on mine. Actually I need your feedback is it works or not.

**** IMPORTANT: you iPhone must be jailbreaked and activated using same ICCID that you are going to put to SIMEMU silvercard (IMSI-9 must correspond to ICCID)

hi vladimir, could it make incoming/outgoing calls? Thanks.

hi vladimir, could it make incoming/outgoing calls? Thanks.

outgoing yes, incoming - using my carrier no. but probabaly yours will be possible. Check please.

outgoing yes, incoming - using my carrier no. but probabaly yours will be possible. Check please.

Hi Vladimir are you saying that with this method probably the sim never loose the registration to my carrier? Now as you probably have read I have to repeat the steps sometimes when suddenly my carries kick me out and I get no service...

Hello to every1 who is still interested in OZ method. I offer you for trying OZ method 2nd generation.

If somebody interested in iPhone modified SIM-EMU 6.01. You can download SIlverCard files from here

http://**********.com/files/46917320/SIM_EMU_6.01_iPhone.rar

You need just program these files to your silvercard, that change IMSI and KI in position number0 to your subscription and put your iPhone's AT&TSIM ICCID and IMSI to position number9. Then disable PIN1.

if you like SMS - you need to change your ServiceCenter number in position 0 as well

Then put SilverCard into iPhone and you will do not need anymore to take it back.

One simple change is made compared to original SIM_EMU.6.01 - two first reads of IMSI will go from position 9 and then from position 0

I'm not sure, that it will work in yout carriers, but it works on mine. Actually I need your feedback is it works or not.

**** IMPORTANT: you iPhone must be jailbreaked and activated using same ICCID that you are going to put to SIMEMU silvercard (IMSI-9 must correspond to ICCID)

Doesnt work for me...."Incorrect SIM"....:(

Doesnt work for me...."Incorrect SIM"....:(

Check if ICCID and IMSI-a written to SilverCard corresponds to each other. Better, if you take them from AT&T SIM.

what's the *******, vlad?

Hi Vladimir are you saying that with this method probably the sim never loose the registration to my carrier? Now as you probably have read I have to repeat the steps sometimes when suddenly my carries kick me out and I get no service...

I think the best way is to try. Try and you can understand. I'm not sure, that it works on your carrier.

1. Write files
2. Change IMSI-b and KI-b in position 0
3. Change ICCID - to your iPhone SIM ICCID
4. Change IMSI-A in position 9 to your iPhone SIM IMSI
5. DIsable PIN1
PIN1 - 1111
PIN2 - 1234
PUK1 - 11111111
PUK2 - 12345678
6. To double check go to woronscan and ask IMSI 5 times first 2 must be IMSI-a rest is IMSI-b
7/ check with ICCID - is must be ICCID-a (AT&T)
8. Power off iPhone
9. Put SIM EMU there

it should work

I repeated steps,and now its working again. But,i was thinking,if U keep that "working in iPhone" Flash&EEProm(3) in PC, can U just re-write SilverCard again,not repeat every step? I will try when I get "No Sevice" again...:mad: :D

Doesnt work with re-write, i think U must repeat steps from "Put in normal unlocked phone,make/recive calls,data....so on"...:mad:

what's the *******, vlad?

server is closing this but this is

r-a-p-i-d-s-h-a-r-e-.-c-o-m (remove "-")

file not found vlad

vlad, what is the PIN1?

vlad, what is the PIN1?

pin1 is first pin - you can disable it using normal phone for ex

file not found vlad

http://r-a-p-i-d-s-h-a-r-e.c-o-m/files/46917320/SIM_EMU_6.01_iPhone.rar

remove "-" but not the "_"

ok i have everything today finaly i got my iphone now i am very good with sim clone so here is my detials of my cloned sim card from T-mobile:
IMSI:082949102032106666
Ki:[Removed due to this guy safely]

now what to change and to write in SIMEMU?

olso i have a simemu 6.01 hex and bin file so are they working with i phone or i neeed a patched ones???

thx.

vlad, i mean what's the number for PIN1? 0000? 1111?

ok i have everything today finaly i got my iphone now i am very good with sim clone so here is my detials of my cloned sim card from T-mobile:


now what to change and to write in SIMEMU?

olso i have a simemu 6.01 hex and bin file so are they working with i phone or i neeed a patched ones???

thx.

Delete your post ASAP. Using your IMSI and KI *** ANYONE **** can make calls as YOU. Do not give this information to enybody. This is my advice

deepdark: word of caution... DO NOT POST you IMSI and Ki!!! Other people could use your details to write a SIM and use your account!!!

vlad, what's the number of the PIN1? I tried 0000 but failed. I need PIN1 to gain access!!!

vlad, what's the number of the PIN1? I tried 0000 but failed. I need PIN1 to gain access!!!

sorry - pin is the same as SIMEMU default
PIN1 - 1111
PIN2 - 1234
PUK1 - 11111111
PUK2 - 12345678

6. To double check go to woronscan and ask IMSI 5 times first 2 must be IMSI-a rest is IMSI-b

Ha! I get all 5 times IMSI-b......why?:confused:

many thanks, vlad

Ha! I get all 5 times IMSI-b......why?:confused:

because you need to put IMSI-a to position 9

because you need to put IMSI-a to position 9

I did that! I just double check my FLASH&EEprom...:confused:

Do U MUST use SIM_EMU_6.01_CFG_v2.1, because i use SIMEMU CFG by PIC-ador? :confused: :confused:

I did that! I just double check my FLASH&EEprom...:confused:

You need to test IMSI right after ATR command (Reset Card) or just after putting it into reader

Do U MUST use SIM_EMU_6.01_CFG_v2.1, because i use SIMEMU CFG by PIC-ador? :confused: :confused:

I use SIM_EMU_6.01_CFG_v2.1,

I use SIM_EMU_6.01_CFG_v2.1,

I will try it now.......and post results...

Sms In Out Call In Out Edge Everything Is Working!!!!!!!!!!!!!!!!!!!!!

I Cant't Beleve It!!!! Wath's Happenddddd!!!!

Sms In Out Call In Out Edge Everything Is Working!!!!!!!!!!!!!!!!!!!!!

I Cant't Beleve It!!!! Wath's Happenddddd!!!!

Can you please send me your baseband log?

Sms In Out Call In Out Edge Everything Is Working!!!!!!!!!!!!!!!!!!!!!

I Cant't Beleve It!!!! Wath's Happenddddd!!!!


hi palu,

you mean u have all the features working?
it seems lke the total unlock to me!
does it go back to "no service" after power off?
which way did you do it?
the oz 2nd generation?
thank!

hi guys!

is there any other way to write flash and eeprom other from ifinity usb writer?
i mean other software?

hi guys!

is there any other way to write flash and eeprom other from ifinity usb writer?
i mean other software?

Ok wait a minute, I'm changing apn, Vlad, I'm changing again apn, 5 min and I send my log...

OOOOOOMG! Everything is working!!!! CALL IN,OUT,SMS IN,OUT!!!!! EDGE! :D :D :D
In Croatia with T-Mobile HR!

Thank U SO MUCH VLADI!!!!

hi guys!

is there any other way to write flash and eeprom other from ifinity usb writer?
i mean other software?

Here - http://simemu.gsmhosting.net/Sim_Emu_6.01.zip

Palu,

Which Carrier and Which Country?

congrat, vlad!! Well done!!

ozbimmer, are you retrying with Vlad's change to see if incoming calls works for you?

Here - http://simemu.gsmhosting.net/Sim_Emu_6.01.zip

you mean using this software and a writer other from infinity usb?
i tried with this sim-emu6.01 and with a phoenix reader and when i place a silver card, it alway said the card i inserted is not a gsm or sim-emu card.
is that the problem of my silver card?
my card is with 256k of memory and also called 877 card in some places....
am i holding the right silver card or must have to do it with infinity usb writer?
any place to buy a silver card other than the sites mentioned before?

i can confirm that Vlad method is WORKING perfectly!!! Call in/Call out/SMS in/SMS out/Internet... Wow!!

Hi.
for the people who got everything working. Can you post what city, country and what carrier you're with? Thanks.

Also, anyone in vancouver canada with rogers tried this??

Hello to everyone. Congratulation to you. It seams, that I'm the only one still having NO CALL IN.

I put small and very bad english manual here http://*****s-h-a-r-e.com/f-i-l-e-s/4-6-9-3-8-4-6-9/SIM_EMU_6.01_iPhone.rar

delete "-" from url but leave "_"
probably it will help to answer common question and I'll ask OZ (AFAICS you are native with english) to write more detailed manual (if you have time to do that).

Vlad, more than happy to help :)

you mean using this software and a writer other from infinity usb?
i tried with this sim-emu6.01 and with a phoenix reader and when i place a silver card, it alway said the card i inserted is not a gsm or sim-emu card.
is that the problem of my silver card?
my card is with 256k of memory and also called 877 card in some places....
am i holding the right silver card or must have to do it with infinity usb writer?
any place to buy a silver card other than the sites mentioned before?

I used this with Dynamite Programer,all working fine only at Phoenix 6.00Mhz.
Maybe your Silver card is damaged...:confused:

you mean using this software and a writer other from infinity usb?
i tried with this sim-emu6.01 and with a phoenix reader and when i place a silver card, it alway said the card i inserted is not a gsm or sim-emu card.
is that the problem of my silver card?
my card is with 256k of memory and also called 877 card in some places....
am i holding the right silver card or must have to do it with infinity usb writer?
any place to buy a silver card other than the sites mentioned before?

256k card is not Silver it is GreenCard-2 and SIM_EMU with my patch will not work on that kind of card. I do not have GreenCard-2 with me to do tests. Sorry

Hi there!

I have downloaded Sim_Emu_6.01, but i don´t know what to do now!

can somebody just explain me in a few short steps what i have to do to get a working sim card for the iphone?

What do i need for hardware?
My carrier is vodafone germany.

Thanks a lot!!!

Hi there!

I have downloaded Sim_Emu_6.01, but i don´t know what to do now!

can somebody just explain me in a few short steps what i have to do to get a working sim card for the iphone?

What do i need for hardware?
My carrier is vodafone germany.

Thanks a lot!!!

@StefanM: calm down it's only an hour past that we came to result. there is no manuals for non-expirienced with sim cloning people yet. I think it will take few or even more days.

I recommend you to google for "SIM Cloning" and read about hardware and software used. Especially you need to find topics about Vodafone germany sim cloning (I'm not sure that this is possible)

eh, well done Vladimir, now the proxy theory is really going forward :)

question remains, why doesn't it work on your carrier ?

would be good if more non EU people could test - since we can assume iPhone_eu was from .eu as well :)

regarding my latest tests, I validated it on France for all 3 operators and with a Vodafone germany roaming account.

@Zf: what is good - this is not iPhone issue. This is carrier issue. And I know that 555 phones is working with my carrier so it is much more easy to find a solution. At least I will see logs.

BTW: Did you try my EMU? or all of your SIM is not V1?

@Zf: what is good - this is not iPhone issue. This is carrier issue. And I know that 555 phones is working with my carrier so it is much more easy to find a solution. At least I will see logs.

BTW: Did you try my EMU? or all of your SIM is not V1?

unfortunately I forgot to pay for my last prepaid V1 account (yeah stupid :() so I couldn't test it. Everything was done on 128-2 and I guess Millenage subscriptions ...

could this work w/ Rogers in Canada? What SIM v do they use? anyone know?

edit: after some research, looks like all rogers sims are comp 128-v2 :( looks like no unlock for us in canada still.

Hey brothers,

Where can I buy "Infinity USB Unlimited Smartcard programmer" online?
Seems [http://ucables.com] ran out of stock.

--
GaryZ

hello i have the
IMSI:082949102032108035
Ki:2C7DCAB15A264668096250BEA8E6D167
of my sim and all hardware but i stuck in this method ehttp://www.hacktheiphone.com/iphone_using_cingular_for_windows.html
every thing went ok but in end cant activate it i am in macedonia i think that the phone tryes to call somewhere so can i continus to supersim method without this activation or not???


thx

deepdark, remove your KI from your post.

Could some of the guys who've got this working post some screens/vids?

they are fake ;( i need a help for continue

just to test this out in Brazil too I'd like to confirm where I can purchase some silver cards (if it works I need to do another one also), anyways, I saw on the cables website the silvercard seems to be a big card, credit-card like, on the picture... is the picture wrong or am I getting at the wrong product?

Also on ebay I see nothing, I'm a bit lost, can someone please point out where one can purchase these to be delivered in the US?

Thanks!

I have been following this thread since it started and I have no word about the amazing job all of you have done. I can not imagine Steve's face right now and I'm hoping someone at Apple is following this thread! :D

Is my intention to buy an iPhone for use in Venezuela. I have a good level of knowledge in computers but limited :confused: in the mobile industry so terms like IMSI, KI, etc are unfamiliar. Could anyone please write a ReadMe text file with requirements, what we do need before unlocking, links to download files or programs required and how to unlock the iPhone? I know that all these info are in the threads but would be great if we can have access to all the instructions in a manual.

Again, great job !! :D

FromVenezuela

Wonderfull work here, thanks alot.

To answer your question "FromVenezuela" i'm in France and even here people from apple are looking at this forum every day (at least).... Just don't ask me how I know ;)

Can't wait for the complete guide (or did I missed?). I want to try that out too.:p

That would be Great!!!:D :D ............I´m also looking for a complete guide.

By the way I´m from Caracas / Veneuela too.:) :)

I am right in thinking that a v2 sim you will be unable to get the KI from it?

Found this article about getting KI from V2 cards by limiting scan http://www.gsmhosting.com/vbb/archive/index.php/t-45259.html

Could anyone provide me the detail procedure of Unlock iPhone all function including call in / call out , SMS send / receive. thanks

After a hard work i made it :D :D :D

Country : Macedonia
Operator : T-Mobile
SIMCLONE : SIM_EMU_6.01_iPhone files
Calls Out : Working
Calls IN : Working
SMS Out : Working
SMS In : Working
WiFi : Working
Edge : We dont have it here :(
GPRS : Not tested

so i done from step by step guides on this GREAT forum..


thx

deepdark,

Could you please publish the procedure you followed in order to be able to use your iPhone? I know that all these information are indicated in this thread but a manual with all details would help a lot, specialy for people like me, not very familiar with deep mobile knowledge (:( )

FromVenezuela

Has anyone managed this on the Unlimited USB Phoenix? They are easier to come by here. If anyone _knows_ the phoenix will or won't work, please speak up. I will be buying tomorrow and if I definitely NEED the Unlimited I'll go that way, I just have to wait longer.

I gather the Unlimited is the latest model with some different features, just wondering if they are _required_ or a Phoenix will do ok.

Thanks...

Hi boys,
i have bought an iphone in usa and now i return in Italy, i have not yet activated it, and i don't know anything. Can you help me to activate it with all feature (also phone feature). What i have to do or to need? I have a 256k sim card of tim.
Thanks a lot

Emmanuele

My Infinity USB Unlimited should be arriving Tuesday, latest Wednesday. My SilverCard should also be arriving around the same time. My question is, i know Rogers Wireless here in Canada only uses V2 sim cards (i'm not 100% positive on this, but i'll find out soon enough) and that my sim card is quite old 2001ish time. Some people state that the Ki is unable to be accessed with the V2 cards and other say that with limited scan, you are capable of this.
Would anyone know the actual answer to this? Through actual testing? Also, would anyone like me to test anything out with my Sim card. i will obviously be doing what Sassha, Dimitry and others have done to copy the correct contents onto the supersim.

Please advise,

Thank you!

deepdark,

Could you please publish the procedure you followed in order to be able to use your iPhone? I know that all these information are indicated in this thread but a manual with all details would help a lot, specialy for people like me, not very familiar with deep mobile knowledge (:( )

FromVenezuela


i will try to write a manual today ;)

vlad, is this method working if i'm using the dvd jon activation on a windows platform? (i don't have an intel mac)
because i plan to make it work very soon

vlad, is this method working if i'm using the dvd jon activation on a windows platform? (i don't have an intel mac)
because i plan to make it work very soon

I use Windows as well. I did not test it on DVD John activation. I use iAsign web.

deepdark: check your pm. thanks

just wondering
how come does oz seldom talks about his work or any thing about unlock any more?
may be some pressure from somewhere or someone?

oh yeah!! I am being tortured at the moment. Help me, Steve is holding me hostage!! Hahahaha.

I think a lot of people here are refining my method (eg. Vlad). BTW I don't have much time to explore... although I am trying to write some instructions but it seems someone has already done so... I don't want to make so many threads here on just one topic.

Anyway, I have been researching other methods that don't involve sim cloning, as I understand it's not illegal in many parts of the world. I am thinking of a method which uses an IC that acts as a "middleman"/proxy between the iPhone and both the AT&T and the local carrier sim cards. As such, the 2 sim cards would be "miniaturised" and fit on a standard sim with the IC attached. By using this method no cloning is involved and people with COMP128 v2/3 sim won't miss out. Anyone interested in doing some IC programming? :)

As I know there is firm in Taiwan making the so called "membrane sim". It is a film like sim card that attached on the other sim card then you could able to have to 2 line on a phone. Can not sure whether it is 2 lines at same time or just one at the time. I am interested in IC programing though but I don't have such related knowlege, wonder if I can help in this case?

Just wanna to confirm that the method of OZ & Vlad works with CHINA MOBILE. Hugh thanx to OZ & Vald & others as we have come this far. Again, thanx guys, enjoy playing with you iphone.

hi there, thanks for all of your efforts for this sim-clone work-around for the mean time. Just want to know if you or anyone can put detailed specification for the type of silver card and the type of sim card (the one used to get Ki). There seem to be alot of confusion as to what type of sim to use for this method. And for those that have accomplished this wonder task successfully to put detailed info, i.e. location, carrier, capabilities achieved with this method, and the type of activation method (iasign, dvd john, or iphone unlock toolkit) used prior to this super sim method. Sorry for this long request. But i think putting such info as a sticky would definitely help alot of people and minimize the amounts of repeated questions. Thanks again.....^_^

hi there, thanks for all of your efforts for this sim-clone work-around for the mean time. Just want to know if you or anyone can put detailed specification for the type of silver card and the type of sim card (the one used to get Ki). There seem to be alot of confusion as to what type of sim to use for this method. And for those that have accomplished this wonder task successfully to put detailed info, i.e. location, carrier, capabilities achieved with this method, and the type of activation method (iasign, dvd john, or iphone unlock toolkit) used prior to this super sim method. Sorry for this long request. But i think putting such info as a sticky would definitely help alot of people and minimize the amounts of repeated questions. Thanks again.....^_^


Your sim card which will be cloned must be a v1 to detect this you must try to brute force...

and the Silver card must be PIC16F877+24LC64 or any with small EEPROM.

Does anyone know if its possible to use a deactivated V1 card.. for example, I have an old Orange V1 SIM (and an old O2 card too) but which haven't been in used (and are not active) for about 5 years! Can I go to Orange or O2, open a new account with them, and get the new phone number assigned to my old SIM card? Then I could clone it using a Silvercard...

Can networks reactivate old SIM cards to make this possible, or once a SIM becomes deactivated, is it then impossible to reactivate it?

Vladimir city, Russia, MTS. Can't get calls working (in/out). Everything else works just fine (edge, sms, wi-fi). I used WindowsXP and a Silvercard to activate the thing. Trust me, I double-checked everything before clicking "Ok". What can be wrong? Thanks in advance.

OOps. Incoming calls work! But no outgoing.

One more thing I noticed. When I put new cloned sim card into my regular phone (Motorola v3x) - 2.5 signal sigh has a triangle under it, which means that I am in roaming. Any ideas?

Reporting Dutch success with Vladimir's Super-Sim Method :)

Country: Netherlands
Network: T-Mobile
Sim Card: only 15 months old
Calls In: yes
Calls Out: yes
SMS in/out: yes
GPRS (Pocket Internet Totaal): works
YouTube: no
Using: Infinity writer and silvercard

Even conference calls work (merge calls button) !

more good news :)

I edited the preferences.plist in /var/root/Library/Preferences/SystemConfigurations/ (thanks Zf_) - changed APN from wap.cingular to my carrier's APN. BINGO!! I can surf the web wirelessly without Wifi!! But geez it's slowwwww...

The next challenge... how to use YouTube...
how i can change this file?

thanks from switzerland - iPhone is working - EDGE not(YET)

@ slmrvoge:

If your iPhone has been updated to 1.0.1, and you have the supersim working in the phone, you will have a new menu item:

Settings \ General \ Network \ Edge

here you can change your GPRS & Edge settings.

For example with T-Mobile, you only have to do this:

APN: internet
username: (leave empty)
password: (leave empty)

and it works. So no need to copy over modified files.

@ slmrvoge:

If your iPhone has been updated to 1.0.1, and you have the supersim working in the phone, you will have a new menu item:

Settings \ General \ Network \ Edge

here you can change your GPRS & Edge se