Hi all,

I couldn't believe it but i have done it!!! The phone is now connected to my carrier in Australia!!!

I can make calls only, not receive calls and I don't have EDGE so cannot connect to the internet... DOH!! Oh, it's related to APN... How can I change APN?

/* ADMIN EDIT:
Technically this is no unlock, I renamed the thread. The proble, with this solution is it will never work proper as you can bypas the baseband protection for real and it the network handshake is also no working correctly so the network might even notice you as "problem".
A intresting in the lab thing at all but not a practical way aroudn the PN lock for real.
*/

How did you manage to pull that off?

Okay you just made a new friend in London - Cup of tea and fish and chips ready for you.

How did you do it????

your not joking are you??? i been waiting for this post work weeks,

do tell then and any pics????


well done buddy.

go to imageshack.us and upload buddy, please read my pm any chance of a step by step guide ???

You can insert pics in the tool bar where you post your msseages...

Yes please a step by step, wow I have been waiting for this for ever so long!

more info please? what hardware is needed. process?

I'll be the first to call BS...

This forum just got pretty exciting:p

still bullshit..

the carrier name changes when you roam..

I know It's late there "down under" but could you be so kind to post a guide?

Hi there.

Ok, jokes aside man. If you have cracked the SIM lock, and can now fully use your iPhone (completely), then I will personally send this to DVD Jon. You will be a star on the internet if this is true.

So, first of all, explain what you have done. Will this work for all iPhone users (international too?) Or is this just one of those, "You need 2 iPhones to do this.. " kind of crap..? I live in Norway, have an iPhone, and have hacked mine to work, except the phone part, and YouTube. The rest of it was very easy to crack, due to the great work from everyone on the WWW. :-)

So Mr. I have hacked my iPhone comletely: Your task now is to explain to everyone how you did it, take a photo of your iPhone with a piece of paper, showing today's date, and make sure that everyone can see that you are using a SIM other than AT&T.

If this is true, then you are the man

do you want me to show you the sim in the slot? :) but how can i do it if it's in the iphone???

I can also change the carrier image file, np. And why is the image mirrored?

@ ozbimmer

Give us a detailed step by step

I called BS, Bollocks, or whatever u want to call it

no we want a step by step guide...

explain what you did, or be branded a bullshitter

This Is Bloody Messed Up If Your A Hoax, I Really Hope Your Not

Give him some space, man...

You call this TOTAL unlock????? You can't even receive calls. What i understand of it, you haven't unlocked it at all.

Like a pack of fucking piranhas. Firstly we need to see that this isn't some lamer fake (in which case your credibility is destroyed) - but also I'm interested in whether this actually unlocks the iPhone, or merely spoofs the SIM.

I'm after getting the iPhone working with any SIM I choose from any provider, without having to either (a) alter the SIM using special equipment, or (b) piss off my current provider by hacking their SIM card.

Are you saying that the key-checks that are meant to be done in the baseband firmware are actually done by the software checking an OS X .plist file???? I can't see how AT&T would let them get away with that, but I can see Apple doing this.

FWIW all that banter about BB5 and the 'Nokia engineer' sounded duff to me - BB5 requires a separate chip running its own OS to separate privileges IIRC, and the teardown photos of the iPhone logic board don't seem to contain anything that may be the TI chip required....

I believe in you. but please post a video at youtube and share the link.

Your credibility is under risk, so the goal of this global dev work is exchange the knowledge.

I can make calls only, not receive calls and I don't have EDGE so cannot connect to the internet... DOH!! Oh, it's related to APN... How can I change APN?

/System/Library/Frameworks/CoreTelephony.framework/Support/PDPContext_0.plist looks interesting. It contains:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>apn</key>
<string>wap.cingular</string>
<key>password</key>
<string>CINGULAR1</string>
<key>username</key>
<string>WAP@CINGULARGPRS.COM</string>
</dict>
</plist>

Oh Brother................

Changing the phones carrier is not a biggy,


Next I'll have you believing there really is a PacMan service provider!!!
Its true look, I'll prove it to you:

http://www.tivoland.com/ebaypics/PacMan.jpg

This should usally not work as the phoen is Provider locked which means you can only use it with a sim off a carrier sharing ATT netcode. Everythign else is blocked.

extracting the Ki destroys the sim with 40% probability

Holy shit?!?!? There's a pac man provider?!?!??!

:)

if you have a bit mind of logic, u will understand that it is sim cloning visa versa, not fully unlocking the phone, dont curse guys, ozbimmer is doing great i think, it is not an unlock as you can understand, just a tricking the iphone to belive it is on at&t sim...

the real unclock i believe is still quite far away, as the real data is securely signed (1024 bit RSA - a super computer that cost around a billion$$$ will crack it for sure, but since noone has one among you, it will still be a challange to unlock the phone...) therefore a full unlock without ozbimmer's sim trick may work for people who cant wait to tickle the iPhone's phone to show off they can make calls...

in the mean time, for full unlock you really have to be patient i think... no cursing... people here are all trying to find work-arounds so that u guys can use your new baby...

because of the nature of trick and involved equipment and the knowledge to be able do the trick, you can see that it is not for everyone...

sorry for the excitment, mysticusa is right... this is not an unlock. The method only trick the iphone that the genuine AT&T sim is used... and it could only make outgoing calls.


Anyway, it's a small step towards the holy grail... I will post video soon...

change ur topic title..

Ozbimmer:

Thanks for your great work. Sorry for all the riots here.. when you yell WOLF :eek: , we all start running

go on mate, you are doing the right thing just wrong wording :) you will give people heart attack if u use the word especially "total unlock" :)

cheers mate and good luck with what you are doing, at least until a real full unlock, your method can give some people a taste of their phone :) not just ipod

ok, here's the details:

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com

That's all!!!

Well, this looks almost like what I proposed:

http://hackint0sh.org/forum/showpost.php?p=10539&postcount=34

I am glad that it worked for you:D

thanks for your help iPhive

How do i change the topic title?

why you don´t able to receive calls?

not able to receive calls is because the IMSI doesn't relate to a local mobile phone (I think this is the correct explanation)

As promised... video link

http://www.youtube.com/watch?v=0YK9KFwcAo0

top job mate, you have done real well, thanks.

some issues with the sim... I tried to flash the silvercard again with 2 IMSI flash/eeprom files... Doesn't work... it says no services... wierd

I flash the original flash/eeprom files.. again.. no services...

Not sure what's going on...

Technically this is no unlock, I renamed the thread. The proble, with this solution is it will never work proper as you can bypas the baseband protection for real and it the network handshake is also no working correctly so the network might even notice you as "problem".
A intresting in the lab thing at all but not a practical way aroudn the PN lock for real.

Interesting read, I am glad I counted to 10 before Yelling RECCO!!! in our office

umm why is all of your user interface flipped?

yeah, its good work, but I still don't understand the flipped display?

yeah, its good work, but I still don't understand the flipped display?

If you look at the Apple logo at the beginning of the clip the on back of the iPhone it is also flipped. It is actually the video clip that is mirrored for some reason and not the iPhone display itself.

it is his camera dude's it is just mirror image effect he probably forgot to change it to normal? If you have ever used a cam u will know that normal (non-mirrored) cam screen will show your everything moving/going the opposite way around. Although it is not practical for showing text stuff on screen, it is good for real tracking of your moves... well if i m not wrong :) i last used my webcam 1 year ago :D

hey sam, although it is not the real solution, can we say it is temporary "hold the horses" solution until dev team really dig into the firmware and 1024 bit rsa solved? :)

it is working and the network is allowing it, although sees it as problem :) can we call it temporary handshake with the iphone and community?

Thats very interesting indeed :)

The proble, is the network is not really allowing it, it causes malfunction with it which will be noticed by the carrier and migth even tigger a fraud alert or something.
The only real benifit you have it phone "seems" registrered with the network. Also the baseband will not work, as it requires teh network carrier to have ATT netcode.
Its a intresting display effect but not of real value or technical functionality.

well if the problem is computing power why doesn't someone go to a local super computer like here in Pittsburgh, PA Carnegie Mellon university has a very large super computer that I believe can be either rented or used the the public so this could be an option.

Problem i sno computer power, the problem is a hardware lock which requires much reversing to find a way to disable it. This requires man power, time and patience. :)

I think that for now this is a good way to wait for the real unlocking.. Just to play around and "waist" time.. :) waist not in the negative sense, because all of us like to invest this time in this gadget. Tomorrow I will try this silvercard method too, to test the sound quality of calls.. Let's see how it is to place calls with the iPhone.

On the bright side I validated that the method posted here http://www.hackint0sh.org/forum/showpost.php?p=10818&postcount=47 let me receive calls as well.

@ iPhone_eu: I have read your post, can you describe better what you have done? What is a SIM proxy? Thanks for your answer...

The SIM proxy is a software proxy (somewhat similar to a web proxy) that sits between the phone and the SIM to intercept a few calls and modify results. Most of the time, it justs passes APDUs transparently. The changes applied are described in the pseudo-code I posted in the other post.

I built one in a non embedded form factor, which is not that useful for this (as you're not going to carry your computer with you :)), the idea is to try to find an embedded solution to run this.

As suggested on the other thread, implementing the pseudo-code on a software COMP 128-1 SIM seems like a good way to validate this solution IMO, and should not be too complicated to do for someone familiar with this PIC ASM code (I'm not :))

Oh Brother................

Changing the phones carrier is not a biggy,


Next I'll have you believing there really is a PacMan service provider!!!
Its true look, I'll prove it to you:

http://www.tivoland.com/ebaypics/PacMan.jpg

How did you do that? I think I want to that to my phone. Or is it just a photoshop effect.

you must change the icon that is in /System/library/CoreServices/Springboard.app/ the normal icon is called "Default_CARRIER_ATT.png". You do this by either getting the icon from the phone (I think geffile works) or I can email it to you and then sending it to you phone via the putfile function of jailbreak.

Hope this helps.

The SIM proxy is a software proxy (somewhat similar to a web proxy) that sits between the phone and the SIM to intercept a few calls and modify results. Most of the time, it justs passes APDUs transparently. The changes applied are described in the pseudo-code I posted in the other post.

I built one in a non embedded form factor, which is not that useful for this (as you're not going to carry your computer with you :)), the idea is to try to find an embedded solution to run this.

As suggested on the other thread, implementing the pseudo-code on a software COMP 128-1 SIM seems like a good way to validate this solution IMO, and should not be too complicated to do for someone familiar with this PIC ASM code (I'm not :))

Let's ask this guys http://forum.gsmhosting.com/vbb/forumdisplay.php?f=70
It looks like they can do that for us, if they like ;)

Ozbimmer

Can you confirm if you can send text messages and receive at all?

ok, here's the details:

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com

That's all!!!

Hmmm...may be I missed something, but how did U get IMSI-a??
At first step known values are: IMSI-b, Ki-b, ICCID-b, ICCID-a, but you wrote "Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)".

ok, so far i'm seeing a lot of negativity. has anyone else here got a sim card writer and can give it a try? i've just brought one, but it won't arrive until next week. let's hold off on judgements about ozbimmer until someone else disproves it, or until ozbimmer makes a youtube video that includes (seamlessly, no editing) the sim card insertion, power on, and call making all in video.

it is quite a large claim, but still, he deserves the benefit of the doubt for at least until someone can disprove or he can prove it conclusively.

hi wombat, there's a youtube link to the video... but it seems it's not enough :)

http://www.youtube.com/watch?v=0YK9KFwcAo0

hi wombat, there's a youtube link to the video... but it seems it's not enough :)

http://www.youtube.com/watch?v=0YK9KFwcAo0

I think the problem is, by your own admittance, you mentioned earlier that you couldn't get any service after tinkering with the original configuration.

Some the the techies have replied in respect to this process having already been investigated.

And for the remaining people that needed convincing by the video, the service provider logo is easily changed. The SIM replacement is conveniently put down out of sight and re-inserted into the phone un-seen and no call is even made in the video!

I think the problem is, by your own admittance, you mentioned earlier that you couldn't get any service after tinkering with the original configuration.

Some the the techies have replied in respect to this process having already been investigated.

And for the remaining people that needed convincing by the video, the service provider logo is easily changed. The SIM replacement is conveniently put down out of sight and re-inserted into the phone un-seen and no call is even made in the video!

Look closely - you can still see the back of the 'super sim' as he enters it

Its deffo not an AT&T Sim going into the phone

Give the guy a break

As most have said - this isnt really an unlocking solution - but interesting none the less

Well done Oz and thanks for sharing your efforts

6. Then use SIM-EMU to change the IMSI of FLASH2 and EEPROM2 to the IMSI of AT&T sim (IMSI-a). This will create FLASH3 and EEPROM3


Could you answer on my question? How did you read IMSI-a (iPhone AT&T SIM card)? If you want change IMSI of FLASH2 to the IMSI-a you should know IMSI-a (iPhone's SIM card IMSI). Does they (AT&T) use COMP128-1 and you "cracked" AT&T card?

Second problem. My GSM provider (Megaphone Russia) uses COMP128-3. How you'll get IMSI-b and Ki-b in this case?

then it's unlocking the iphone or no.

sorry my english.

you are from japan ? ( name sounds japanese..)

NO its not an unlocking !

It is some kind of "tricking to phone out".
You manipulate the sim to be accepted in the iphone.
But still there is no full functionality ! ( you can not recieve calls with this).

So lets say its a step in the right direction !

no, i'm from spain but the name is japanese becuase is the name of a person anime of tv show meitantei conan and shinishi kudo is the name of starring.

p.d. thanks for the information.

Could you answer on my question? How did you read IMSI-a (iPhone AT&T SIM card)? If you want change IMSI of FLASH2 to the IMSI-a you should know IMSI-a (iPhone's SIM card IMSI). Does they (AT&T) use COMP128-1 and you "cracked" AT&T card?

Second problem. My GSM provider (Megaphone Russia) uses COMP128-3. How you'll get IMSI-b and Ki-b in this case?


IMSI is unencrypted. So you can read it without any program. It's not the case for Ki.

If it's COMP128-3, then you can only get IMSI-b. Sorry you cannot use my method :(

I think the problem is, by your own admittance, you mentioned earlier that you couldn't get any service after tinkering with the original configuration.

Some the the techies have replied in respect to this process having already been investigated.

And for the remaining people that needed convincing by the video, the service provider logo is easily changed. The SIM replacement is conveniently put down out of sight and re-inserted into the phone un-seen and no call is even made in the video!

why is this so bad attitude? he is just trying his best to find some workaround solutions although they might be temporary... You dont need to be angry? He said he is going to send another video hopefully showing what he has done/accomplished... If he was a sort of scammer "i say it bcoz u sound like he is one" he would not give any details of what he has done... He is explaining everything, so dont curse guys, everyone is trying their best whether they are best or worst at what they re doing...

All he is doing from what it seems like is making iphone to think the sim in the slot is AT&T or its brand bla bla, just tricking the phone...

My personal opinion about his method, if the network provider sees this error or problem on their system and not doing anything and letting it go through, than it is a temp solution for people who are desperate to show off their iphone to make calls...

If you dont appreciate what other people doing than dont look at it or read it, you dont need to flame on these people...

Just peace, and take it easy, and flame on fake offers (who asks money) that are tricking people to believe that they have real solution, not the ones who donts ask anything in return...

Cheers...

A new youtube video... enjoy :)

http://www.youtube.com/watch?v=pubGSYatDIo

hi wombat, there's a youtube link to the video... but it seems it's not enough :)

http://www.youtube.com/watch?v=0YK9KFwcAo0

could you make one where you make a call on speakerphone after you have inserted the card.

the reason i say this is you can get the same effect (minus calling) by pairing your telstra sim with iasign, then dialling 911 and hanging up straight away. you'll get full reception etc, but you won't be able to make any calls.

basically, just to clear it up for everyone so there's no shadow of a doubt.

cheers.

hi wombat, see post #76

hi wombat, see post #76

lol we both posted at exactly the same time :) good job. now noone will refute it ;)

wow ozbimmer,

way cool, i respect that!!!! salute salute.... half the solution.
so outgoing call yes, no data, no gprs, no edge, no 3G..... still cool solution.... can be beaten matter of time..... way to GO GO!!!

well, i don't think my work has achieved much, just to prove the concept...

I think the dev team should be praised for their work, as they are the group that actually unlock the iphone (i know you will :)

great video ozbimmer but when posible receiving calls in the iphone jejeje

A new youtube video... enjoy :)

http://www.youtube.com/watch?v=pubGSYatDIo

Very good!

Can we get a "idiot tutorial step-by-step",so that we can do it ourself?:D

I am not that good at writing guides... leave it to the experts :)

very good work, ozbimmer. Everybody is putting in a lot of hard work and trying different routes.

U think there's a file on the phone where you can change the APN? or is that also under the 1024 bit security?

not sure whistler4ever... possibly need some cracking and hacking :)

not sure whistler4ever... possibly need some cracking and hacking :)

i guess time will tell! awesome work nonetheless...

I'm pretty sure data isn't the problem... APN can be changed via a plist.

thanks, everyone. your supports are invaluable :)

The data parameters to modify are in /var/root/Library/Preferences/SystemConfiguration/preferences.plist :)

can anyone tell me how to gain access to the abovementioned file? Thanks.

From the iphoneinterface shell



cd /var/root/Library/Preferences/SystemConfiguration/
getfile preferences.plist



then edit it, launch the iphoneinterface shell again and send it back



putfile /var/root/Library/Preferences/SystemConfiguration/preferences.plist

Now that would be interesting if Oz can change the APN and get data working too!

good work ozbimmer, hope it helps to put off some flames against you mate :) it looks good obviously although it is not the 100% unlock yet... However our buddies need this kind of temp workarounds so that they can show off their iphones can make calls out of usa :)

like sam suggested before that it should show problem on network providers side, i hope they dont mind you using it either :)... it is not the full solution but one step closer temp solution... :)

cheers

Now that would be interesting if Oz can change the APN and get data working too!

i guess it would depend on whether he has a data enabled plan or not :)???

my plan has data services enabled :) I will do some testing tomorrow re changing APN

Do it now Oz

Sleep is for wimps - you snooze you lose ;)

even the superman sleeps :)

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com
Two questions:

1) Has anyone replicated this method?
2) Could someone post a more detailed step-by-step guide?

I'm stuck in step 3, getting an error message from SIM EMU: "load the sim emu flash and eeprom files first", when I press 'write to disk'

Great work!!!
Here's my question though...
What Sim card will i actually be using to make the phone call. For example right now in Canada i am using Rogers. Will i be using that sim card? And will it show my number when i call someone? Thankx again Oz for your help and efforts...

Two questions:

1) Has anyone replicated this method?
2) Could someone post a more detailed step-by-step guide?

I'm stuck in step 3, getting an error message from SIM EMU: "load the sim emu flash and eeprom files first", when I press 'write to disk'

In step 3 it says create the information first (to create the info, you should read, not write) , from my understanding you are trying the 4 th step?? i m just guessing what might be going wrong?

i understand the skepticism... i will do a better video tonight.

I finally understand the reason behind the problem that I encountered after the first successful trial... Here is the correct sequence (note the insertion of step 5a)

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (FLASH1 and EEPROM1) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then write these 2 files to create a sim using the infinity usb unlimited reader/writer and the silvercard
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
5a. Use the software the comes with the Infinity usb unlimited read/writer to READ the sim Flash and EEPROM. This will create 2 files (Flash2 and EEPROM2).
6. Then use SIM-EMU to change the IMSI of FLASH2 and EEPROM2 to the IMSI of AT&T sim (IMSI-a). This will create FLASH3 and EEPROM3
7. Again write the silvercard with the new flash (FLASH3) and eeprom (EEPROM3)
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com
10. You can now make outgoing calls, although NO SMS, incoming calls and EDGE data services. Basically the iphone is fooled... :)


I don't know, what this hype is all about.

This does not work with newer SIM-cards as they use the COMP128-V2 or V3 code. You can't crack them, so you won't get the IMSI or Ki of them.

So nice find, but useless to the most of us. Although my 10 years old SIM is a COMP128-V1 ... So does somebody know a good address in Europe (or Germany) to buy a Silvercard (16F876/16F877 + 24C64)? :D

i agree. i just want to say this is just a proof of concept limited to COMP128 v1 SIM cards.

Anyway, I think you can get IMSI, but not Ki, from COMP128 v2 or v3 sim cards

i agree. i just want to say this is just a proof of concept limited to COMP128 v1 SIM cards.

Anyway, I think you can get IMSI, but not Ki, from COMP128 v2 or v3 sim cardsYes, you are right. You can get IMSI but not Ki.

Anyway, the instruction is rather old and has been used to "unlock" a Palm Tungsten in 2004:

http://www.expansys.de/ft.aspx?i=104093&thread=76&m=653

:D

Hallo Everybody, I've just received my Infinity USB unlimited and a silver card to test this solution. I'm from italy... I stopped to the first step :-(((, I've nevere used XP probably this is the reason... I'm trying to use woronscan in order to read data from my carrier sim, but in woroscan I can only select com port and the sim reader is usb, when I try to read data I get of course:

Communication problem... closing COM port...
Phoenix device selected COM port is not available...
Communication problem... closing COM port...

How can I make the application read the usb port as a com port? Thank you

Antonio

ahh yes, the schitzophrenic joys of windows...

hi,
with this method can only make calls or call and receive?
thanks

PALLUAN - change it to VCP mode (virtual COM port), then choose the relevant com port in woronscan setup.

nanni85 - only make calls.

PALLUAN - change it to VCP mode (virtual COM port), then choose the relevant com port in woronscan setup.

nanni85 - only make calls.


Hi OB, thanks for this... Now I'm able to use Woron Scan, but when I try to get the imsi from my vodafone IT sim (128-1) I get:

The real speed is 19200..
There is a card in Phoenix device:
ATR:
3B BE 96 00 80 1F C7 80 31 E0 73 FE 21 13 62 00
29 83 81 90 00 47
Communication problem... closing COM port...
Can't select 3F00 file

What could it be?

I am not really a very tech guy, but shouldnt it be 9600 instead of 19200?

I've changed the speed but same problem, I have to say that if I insert the AT&T sim I can read correctly the IMSI... PRobably it's impossible to read the imsi from Vodafone IT Sim? It's a 128-1 vodafone sim, not a new one...

The real speed is 9600..
There is a card in Phoenix device:
ATR:
3B FF 95 00 FF C0 0A 1F 43 80 31 E0 73 F6 21 13
57 4A 33 48 57 31 41 41 E5
Communication problem... closing COM port...
Can't select 3F00 file

did i think of cloning first???
i think so.

now pay me.
before i patent this :eek:

Ok finally I was able to get the IMSI... now another problem for the ki;
I get this error:
The real speed is 9600..
There is a card in Phoenix device:
ATR:
3B BE 96 00 80 1F C7 80 31 E0 73 FE 21 13 62 00
29 83 81 90 00 47
PIN1 is disabled
PIN1 remaining 3 attemps
PUK1 remaining 10 attemps
15:46:59
Starting 2R attack on 0 pair....
The GSM algorithm is not comp128-1 ...Scanning stoped...
15:46:59

The sim has 128-1 printed on it...

oops, sorry no can do :( Without Ki it's not going to work...

oops, sorry no can do :( Without Ki it's not going to work...

Ob??
it's because the Sim? Too recent? It's a 128-1... Do I have to look for an older one?

if woron says it's not 128-1 then it's not. sorry :(

hello ! can you tell me where to buy a sim card ?? is it a normal silvercard that you cut yourself ? thanks a lot

if woron says it's not 128-1 then it's not. sorry :(

Ok so I have to look for an older sim? 64? What was your sim?
Thanks

enrico- google's your friend :) Thou you can try this place - http://www.cellular-cables.com/catalog.php?tree_id=190

PALLUAN - don't know if only old sim could work because my pre-paid sim is pretty new... I just got it a few weeks ago... No marking on the sim so I don't know it's 64 or COMP128-1...

i just get SMS to work...need to fill in the SMS phone# in SIM-EMU :) during the sim creation process

i just get SMS to work...need to fill in the SMS phone# in SIM-EMU :) during the sim creation process

Also receive SMS?

hehe, you got me again, no incoming SMS :( only outgoing SMS

hehe, you got me again, no incoming SMS :( only outgoing SMS

I'm trying to get this f......g ki... I'll try with my granmother sim :-P, it's almos old as she...

I'm trying to get this f......g ki... I'll try with my granmother sim :-P, it's almos old as she...
Obzimmer,
Using Woron scan to get the key in a old vodafone sim (64) it seeems that I have some comunication problem. When I push "ki" I see that GSM alghorithm steps proceeds but they stops at 00092 or 000180... random... and then I get this


The real speed is 9600..
There is a card in Phoenix device:
ATR:
3B 3F 94 00 80 65 AF 03 12 01 6F 73 32 21 1B 83
0F 90 00
PIN1 is disabled
PIN1 remaining 3 attemps
PUK1 remaining 10 attemps
19:17:06
Starting 2R attack on 0 pair....
Communication problem... closing COM port...

It seems some comunication problems... do you think that it depends becouse I'm using XP under parallels and so the connection isn't so diretc as it should be?

omg :D you are not using xp! u are just emulating which rings the bells... you are already emulating the OS and and emulating the ports on emulated OS :) that sounds great good luck mate :) it is better to try it on a native xp that will use everything natively... i m sure u have a friend out there with an xp on his computer...

better run xp natively :)

ozbimmer is possible send sms with your iphone? yes?

please how to configure the virtual com port ??? I try for 2 hours ....

Great work!!!
Here's my question though...
What Sim card will i actually be using to make the phone call. For example right now in Canada i am using Rogers. Will i be using that sim card? And will it show my number when i call someone? Thankx again Oz for your help and efforts...

I think Oz, you should write down all the sort of softwares and equipment u used for this sim trick to work including brands or sorts and where do get them from? :)

It would be better that people wont ask it every other message...

cheers mate

i understand the skepticism... i will do a better video tonight.

I finally understand the reason behind the problem that I encountered after the first successful trial... Here is the correct sequence (note the insertion of step 5a)

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (FLASH1 and EEPROM1) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then write these 2 files to create a sim using the infinity usb unlimited reader/writer and the silvercard
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
5a. Use the software the comes with the Infinity usb unlimited read/writer to READ the sim Flash and EEPROM. This will create 2 files (Flash2 and EEPROM2).
6. Then use SIM-EMU to change the IMSI of FLASH2 and EEPROM2 to the IMSI of AT&T sim (IMSI-a). This will create FLASH3 and EEPROM3
7. Again write the silvercard with the new flash (FLASH3) and eeprom (EEPROM3)
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com
10. You can now make outgoing calls, although NO SMS, incoming calls and EDGE data services. Basically the iphone is fooled... :)

Hi, I have a question about the AT&T sim card.
I want to make sure if the only thing that I need from the AT&T sim card is to get the its IMSI-a? And how can I get the IMSI-a?
As I understand from your article, I need a proper sim card reader and WoronScan to get this IMSI-a, right?
Because I lived in Taiwan, and it's hard to get an AT&T sim card here.
But I'm lucky to have a friend who have an normal activated iPhone here. So I want to ask to borrow me the sim card for a while.
That's why I need to know everything detail, thank you in advance.

Hi were you able to send sms with the modify SIM ?

I don't get an answer of at&t sim card related question.
Can somebody answer me can I use the original at&t sim card that comes with iPhone to get the IMEI and used for this fool-iPhone method.
And what kind of sim-card writer that I should use? I lived outside US, so I can't find the Infinity USB SIM at Taiwan.
But I think they may have the other simular brothers that I can buy. Just don't know what kind of them I need to buy.
Any hints? Thank you.

@ ozbimmer

I did exactly what you did (5 times) but result is different - "Waiting for AT&T activation"+Call failed
so I have few questions
1. Did you use IMSI-a and ICCID-a from iPhone SIM card or another AT&T card?
2. What tool did you use to read EPROM after normal phone call+data (SIM EMU Configurator or not)
3. What model of normal unlocked phone did you use?
4. What version of SIM-EMU software did you use 6.01/6.00???
5. What position 0-9 of SIM-EMU did you use for your case
6. Was this position pin locked on unlocked

thank you in advance and good luck

@ zhihmeng

IMEI is related to phone not to SIM CARD
you need IMSI and ICCID from iPhone AT&T SIM card. To have these numbers you can use your iPhone (if it is activated) or SIM card reader

You can ask SIM CARD reader seller if reader can write to Silver Card (16f877+24c64) if "YES" - you can buy. Better if seller can guarranty to you WoronScan 1.09 and ICProg software compatibility. My one is RS232 one and have 3 MANUAL jumpers - bad model. Better model should be USB and JumperFree (have no idea if it is exists).

But before you are going to buy SIM writer be 100% shure, that your SIM is 128comp-1 (surf local internet for that) because if not - SIM READER will not help you to extract KI and your SIM can not be "cloned"

more good news :)

I edited the preferences.plist in /var/root/Library/Preferences/SystemConfigurations/ (thanks Zf_) - changed APN from wap.cingular to my carrier's APN. BINGO!! I can surf the web wirelessly without Wifi!! But geez it's slowwwww...

The next challenge... how to use YouTube...

Vladmir:

1. both are from the original iphone SIM
2. Infinity USB Unlimited software
3. SonyEricsson K800i
4. 6.01
5. 0
6. It was locked initially. Use your normal unlocked phone to unlock using PIN1.

Thats sweet. keep at it , it looks like you are getting closer

I hope so... The next challenge is actually to able to receive calls/SMS, but I doubt it's possible as the SIM is having an IMSI different to the one of the local carrier. It's like a letter cannot go into your mailbox because your house number has changed to a different one.

However, if 2 IMSI could co-exist, then it may be possible.

i ve tried differnet activation methods and managed to get them all to work but for some reason you tube still wont work. also i noticed that when i try to link my email account it comes up authentication failed

marvelous ozbimmer marvelous, great work

@ zhihmeng

IMEI is related to phone not to SIM CARD
you need IMSI and ICCID from iPhone AT&T SIM card. To have these numbers you can use your iPhone (if it is activated) or SIM card reader

You can ask SIM CARD reader seller if reader can write to Silver Card (16f877+24c64) if "YES" - you can buy. Better if seller can guarranty to you WoronScan 1.09 and ICProg software compatibility. My one is RS232 one and have 3 MANUAL jumpers - bad model. Better model should be USB and JumperFree (have no idea if it is exists).

But before you are going to buy SIM writer be 100% shure, that your SIM is 128comp-1 (surf local internet for that) because if not - SIM READER will not help you to extract KI and your SIM can not be "cloned"

Vladimir_CDI, Thank you for your answer...

Ha...I actually know the IMEI is not related with SIM CARD. It's a typo error, my mistake, sorry for that. Orz...
As your answer, I don't need to borrow an activated AT&T sim card, I can just use the one that comes from iPhone, right?

And also thank you for the information of card reader...
I am luck to have an V1 card, that's why I want to try this method...

Hi! Good work!

Only 3 questions:
1. Can i use a Phoenix TE21?
2. Can i use a Apolo4?
3. Can i use the original AT$T?

Thanks

macguai

1. Don't know what it is
2. Ditto
3. original AT&T? you mean the sim card? You don't use it but need the information within

oz, i think you are in trouble, people wont stop asking every single detail about your project :)

more than happy to help :)

macguai

1. Don't know what it is
2. Ditto
3. original AT&T? you mean the sim card? You don't use it but need the information within

Thanks ;) :)

Hello everybody

Does anyone know what happened to this approach? http://www.hackint0sh.org/forum/showpost.php?p=11175&postcount=61

It seemed very promising to me.

I did some PIC programming back in college, so I think I could try to do some playing with that..

Hi OZ,
Thanks for the great work!
I am trying to do this here in Taiwan.
Few questions vefore I start.
Firstly, you said I need an v1 sim carda i order to extract the required information from the carrier I intended to use? And so like v2 or v3 will be no possible? What is I got an v1 sim from the same carrier I intended to use and the line that's been suspended or upgraded to 3G a? I mean just extract the needed data but not the trying to use their line. Just try to make it legal.
Secondly, you also mentioned the silver card and a card reader. Is that the normal ic or sim card reader around? Then about the silver card, is it ok if use the one from the sim card from the sim card copying or combining tool kit?
Again, thanks for the great work!
Your step is a great step to us.
If any one has the thoughts about my questions, you are wellcome to bring up.
Thanks, guys!

few question about this "ki" thing.
is it different form line to line?
or if I can find any other v1 card trhat was with the same carrier I intended to use and extrac the "ki"?
thanks!
I am stuck at the at the beginning with extracting "ki", problem with card version!
wonder if there is an other to get "ki"?

Nothing to do with the "Ki" here, I've tried with 4 different sim, very old sim, 32k... but nothing to do, I've read somewhere that you can extract Ki from 16k sim... But think that 16k sim here in italy are more than 5 years old... booohhhh... Any suggestion?

@ozbimmer:

i´ve got an idea, may be somebody else has got the same.
but, what do you thing about:

is it possible to install a kind of software on the iPhone wich simulate the numbers from att sim?

pen

I got my Infinity card writer today.

Good news: my T-Mobile Netherlands simcard is a V1, so I could extract the magic number Ki from it. I got the sim less then a year ago, so that suggests that T-Mobile -at least in certain countries- is using older type sims that may be used for the iPhone super-sim hack. Because T-Mobile is active worldwide, others may give it a try.

Bad news: the guy who sold me the cardwriter didn't know anything about gsm hacking and gave me some sort of satellite receiver smartcard, instead of a silver gsm sim. So I can't yet test if the modified sim info from the emulator actually works in the iPhone. But the odds are good.

Does anyone know where to find silver sim cards? Where can I order them online?

coatzin: i think the method is promising. Keep on exploring :)

parkertseng: 1. what's the point of using a suspended/upgraded sim? You cannot make any calls! 2. Get one that is PC/SC compliant. The reader should be able to work with WoronScan. Regariding sim card, I don't know if you can use those cards like "magic sim" with the reader. BTW, you can get some nice silvercard from ucables.com. 3. I am not an expert on Ki, but i think it's different from line to line. Don't think you can just extract a Ki from Card A and use it with a IMSI from Card B...this is too easy for hackers and no security is ensured. 4. If Woronscan cannot extract the Ki sorry bad luck. However, you can have a look at this link http://www.black-xstar.com/blog/article.asp?id=383 (i presume you can read chinese :) )

PALLUAN: Sorry cannot help you here

pendalf: Actually I have the same idea as yours. However, based on my limited experience on iphone and GSM switching, I think it may not work because the iphone will use the information (AT&T IMSI/Ki/Kc/etc) from the simulation program but not the information that you really need (Your carrier IMSI/Ki/Kc/etc). BTW it's impossible to use 2 IMSI on 1 cell phone simultaneously if the phone is not constructed to do so. Also, the mod sim is sort of the simulation program that you are talking about...

invaders: ucables.com or www.cellular-cables.com

pendalf: Actually I have the same idea as yours. However, based on my limited experience on iphone and GSM switching, I think it may not work because the iphone will use the information (AT&T IMSI/Ki/Kc/etc) from the simulation program but not the information that you really need (Your carrier IMSI/Ki/Kc/etc). BTW it's impossible to use 2 IMSI on 1 cell phone simultaneously if the phone is not constructed to do so. Also, the mod sim is sort of the simulation program that you are talking about...


ozbimmer: it was just an idea!
i thing there has to be an requiest in the iPhone wich is asking, at least once time, about the info from sim. the software, what i mean, could give the att info to the iPhone, but the iPhone send the other (your cariers values) through network.

i´m not a specialist in gsm work, as well. so i hope probably here is somebody who can prove, if this approach can basicly work...

pen

i think the iphone would use the information that it requests for authenticity and use it for network switching.

However, depending on the how the requests are made, it might be possible to send 2 different set of data to those requests.

For example, say iphone request info for authenticity (Req-a), the AT&T information is sent. When iphone requests info for network (Req-b), then your carrier info is sent. This is based on the assumption that there are 2 different request mode (ie. Req-a and Req-b). If not, your suggestion might not be workable.

i think the iphone would use the information that it requests for authenticity and use it for network switching.

However, depending on the how the requests are made, it might be possible to send 2 different set of data to those requests.

For example, say iphone request info for authenticity (Req-a), the AT&T information is sent. When iphone requests info for network (Req-b), then your carrier info is sent. This is based on the assumption that there are 2 different request mode (ie. Req-a and Req-b). If not, your suggestion might not be workable.

should we ask the dev team, if this approach aqlready proved or/and can works?
could be a temporary solution and make many people lucky...

To the Dev team: i would be grateful if the dev team could spare a single moment to consider the proposal as suggested. thanks :)

To the Dev team: i would be grateful if the dev team could spare a single moment to consider the proposal as suggested. thanks :)

me either :)

hi guys,
I talk to one of my frien just back from China...
He claimed that he saw an unlocked iphone inside a phone market in Guanzhou.
A very famous phone market.
He told me it was displayed in Chinese enviroment( i don't care about that ), but the important thing is he said the phone is using the sim card other than AT&T.
As for the price.... damn expensive....... they asked for almost USD1900....
I think that is backdoor released from the production plant.

thanks oz,
yes i can read the Chinese.........
the article seems interesting on the link you gave me.
probably i can extract the ki from an v2 card through their way.
after all that ki from v2 card is the point!
will try it tonight.

@ozbimmer:

is it possible to install a kind of software on the iPhone wich simulate the numbers from att sim?

pen

This is a nice idea:)
If it is possible to intercept the communication between the SIM card and the GSM chip with software running on the iphone, then we can write a small proxy that changes ICCID and IMSI requests according our needs...

@obzimmer:
There exists only one kind of request for authentication in the 2G GSM network.
This request is always issued by the network and never by the phone.
Fortunately (for us) it does not contain the IMSI it 'belongs' to and that's why this IMSI swapping trick works:D

thanks iPhive. In terms of authenitication, I am talking about the iPhone checking if the correct SIM (in this case AT&T IMSI/ICCID) is inserted (actually it's called validation).

Hi Ob! Finally I found a very old sim from my uncle, a 16k sim, and I was able to get the key with wonorscan. Now I'm tring to figure out the step number 3 of your tutorial...
But I don't understand how can I create the two files (FLASH1 and EEPROM1) using Sim-Emu 6.01... Could you please help me to go to step 4? :-) Thank you!!!

thanks iPhive. In terms of authenitication, I am talking about the iPhone checking if the correct SIM (in this case AT&T IMSI/ICCID) is inserted (actually it's called validation).

OK, now I see what you mean, let's call this iPhone IMSI/ICCID validation.

Maybe we find some SIM access patterns of the iPhone to distinguish IMSI/ICCID validation and IMSI requests from the network. AFAIK GSM networks do not ask for/care about ICCID.

The way I understood it from the previous posts

2 first IMSI read after reset -> validation
next IMSI reads -> requests from the network

Here I am again,
again in the third step of the Ob's tutorial:
1. When I used my silver card in 'Infinity Usb Phoenix', SimEmu cannot detect my card "No Card Inserted"
2. I have inserted my ki & imsi in 'Configure' and 'write to card' but could not write "Inserted a GSM or SIM-EMU card"
3. When I try to 'write to disk' the msg popup "Load the Sim Emu flash & Eeprom file first"
4. Where should I load the flash & Eeprom?
mhmhmmh
Thanks again

PALLUAN: First you need to download and unzip this file http://simemu.gsmhosting.net/Sim_Emu_6.01.zip which contain teh FLASH and EEPROM files (use SIM_EMU_FL_6.01_ENG.hex and SIM_EMU_EP_6.00.hex). Then you open them (Click "read from disk" in the "Config" tab) in SIMEMU, enter IMSI/Ki/ICCID and the press "write to disk". Now you have the FLASH1 and EEPROM1. Write them onto the SIM using the software that comes with Infinity USB unlimited. That's it!!

Zf_ and iPhive: If the requests are known, do you think it's possible to write a little program to "intervene" the validation and radio request process?

thanks oz,
yes i can read the Chinese.........
the article seems interesting on the link you gave me.
probably i can extract the ki from an v2 card through their way.
after all that ki from v2 card is the point!
will try it tonight.
hi, which link do you mean? i would like to "read" ;-) it too.

boeselhack: http://www.black-xstar.com/blog/article.asp?id=383

PALLUAN: First you need to download and unzip this file
Zf_ and iPhive: If the requests are known, do you think it's possible to write a little program to "intervene" the validation and radio request process?

1) nope, because this happens between the baseband and the SIM. Basically to do that you'll need to patch the baseband firmware. And if you're able to do that, I don't think you need to waste time on coding a proxy :)

2) yes, but that program would need to be running on a chip next to the SIM

PALLUAN: First you need to download and unzip this file http://simemu.gsmhosting.net/Sim_Emu_6.01.zip which contain teh FLASH and EEPROM files (use SIM_EMU_FL_6.01_ENG.hex and SIM_EMU_EP_6.00.hex). Then you open them (Click "read from disk" in the "Config" tab) in SIMEMU, enter IMSI/Ki/ICCID and the press "write to disk". Now you have the FLASH1 and EEPROM1. Write them onto the SIM using the software that comes with Infinity USB unlimited. That's it!!

Zf_ and iPhive: If the requests are known, do you think it's possible to write a little program to "intervene" the validation and radio request process?

Hi Ob! Thanks for the info, now I've arrived to step 4... and here another problem :confused:
In Infinity USB Unlimited where do I have to select the "SIM_EMU_FL6.01_ENG.hex" file? In the pic field?
I've selected flash in the pic and eprom in Ext eeprom field but when I try to write all in the Status information windows i see:
Erase CPU (in green so ... ok)
Write loader (in green so... ok)
Write Ext EEProm (in green so ... done)
Write flash (in red with a verify error) and here the write stops with this error...
So it seems that I can write EEProm but not flash...
:(

I m not an expert on this field but I remember there were dual sim slots sometime before and you were able to switch between them an the sort of things... Ozbimmer's suggestion and your answer "2) yes, but that program would need to be running on a chip next to the SIM", can it be implemented into that dual sim thing? I know it would dangle out of the phone but i m sure people would find out a way to put that circuitry and sim slot into the iphone? isnt that possible? Because that would maybe solve all the future firmware updates as well... As it has nothing to do with any software alteration in the iphone's firmware... ??

What do you think? Is it possible?

Thanks @ oz and @iPhive I finally got result with SuperSim
1. Call in/out - No/yes
2. EDGE - yes
3. SMS in/out - yes/yes
4. YT - no

my previous mistake was to use HTC3300 as normal unlocked phone - this is not. I tried my wife's samsung one - and got success.

I found, that method have one more limitation - if your iPhone will be out of service or OFF 10-15 minuters - SIM starts again NoService, AFAIU this is due KC expiration.

@iPhone_eu
If you have an ability to change IMSI "on-the-fly" can you please check if incoming call is possible using method and tool you describe here: http://www.hackint0sh.org/forum/showthread.php?t=1744&page=5

PALLUAN: You load your FLASH1, the one that has IMSI-b,Ki-b and ICCID-a, not the original SIM_EMU_FL6.01_ENG.hex

Are you using FLASH1 and EEPROM1? Not sure why you get the error.

Vladmir: Congrat!! BTW, how do you get SMS in but not call in?

@ Oz. Have no idea, but this is works 100%. I just try to send SMS to my number and iPhone (after some delay (like 60sec) shows this SMS.

Looking forward I think, that we need to make 2 more steps:
1. make shure, that if we are going to send first two IMSI validation IMSI-a and rest IMSI-b, that this will let us to receive calls
2. change SIMEMU program to enable that option

what do you think

PALLUAN: You load your FLASH1, the one that has IMSI-b,Ki-b and ICCID-a, not the original SIM_EMU_FL6.01_ENG.hex

Are you using FLASH1 and EEPROM1? Not sure why you get the error.

OB: yes I was using the files generated from sim emu, but I named it in in the same way as the original, BTW I repeated the action renaming files from simemu as FLASH1 and EEPROM1...Selected them with infinity usb unlimited but I get always the same error when I try to upload flash...The status bar show every time different progress percentage... sometimes 12% sometimes 4%... Just to be sure, which are the correct settings in the advantage bar? I've selected "FLASH WRITE ENABLE" and deselected Int.EEprom code protect...I have XT as oscillator and Id locations F F F F...

OB: yes I was using the files generated from sim emu, but I named it in in the same way as the original, BTW I repeated the action renaming files from simemu as FLASH1 and EEPROM1...Selected them with infinity usb unlimited but I get always the same error when I try to upload flash...The status bar show every time different progress percentage... sometimes 12% sometimes 4%... Just to be sure, which are the correct settings in the advantage bar? I've selected "FLASH WRITE ENABLE" and deselected Int.EEprom code protect...I have XT as oscillator and Id locations F F F F...

Are there other programs to use to load flash and eeprom in the silvercard?

PALLUAN: really don't know why. here are my settings before I write

http://img519.imageshack.us/img519/8666/infinityusbunlimitedak7.png

Vladimir: Sounds good. Anyone interested to tackle the problem?

boeselhack: http://www.black-xstar.com/blog/article.asp?id=383

Can anyone translate this page, i've found the google translations generally don't make much sense when it comes to technical pages.

Can anyone translate this page, i've found the google translations generally don't make much sense when it comes to technical pages.

Could always try http://babelfish.altavista.com/

PALLUAN: really don't know why. here are my settings before I write

http://img519.imageshack.us/img519/8666/infinityusbunlimitedak7.png

Vladimir: Sounds good. Anyone interested to tackle the problem?

OB:
Probably there are some errors in creating the flash files... and so it stops when try to verify the flash when I load it with infinity usb unlimited... So returning to Sim-Emu I write in "0" position all the data... Imsi-b Ki-b and ICCID-a... do I have to put something else in the other positions?
And in position "0" which card type do you select?
Thank you

Thanks @ oz and @iPhive I finally got result with SuperSim
1. Call in/out - No/yes
2. EDGE - yes
3. SMS in/out - yes/yes
4. YT - no


I didnt know that SMS in/out works?! Does it works for anyone who tried this method?


I found, that method have one more limitation - if your iPhone will be out of service or OFF 10-15 minuters - SIM starts again NoService, AFAIU this is due KC expiration.

This sucks! ,so U're not able to power iPhone OFF over the night....I usualy do this....hmmm:mad:

I really think that some1 should write a SIM cloning for iPhone tutorial...Please:)

PALLUAN: 6.01s, just put in position 0, others should left empty (delete the info in IMSI to delete the position).

Hello,

I just discovered your forum as I got an unactivated iphone in my hands to play with (and I am in Europe, so no AT&T for me). Following your thread, I try to gather my souvenirs of the good old sat tv hacking days. As far as I remember, the silvercard is a couple of PIC16F876 and a 24C64 EEPROM. I don't know anything yet about GSM SIM cards, but is there any data processed by the PIC on the card or only the memory is used and the PIC act as an interface between the card slot and the I2C bus of the EEPROM ? In this case, any card based on PIC or ATMEL (FUNcard) may be used to store these valuable datas ?

Am I wrong ?

So you guys have figured out how to connect to EDGE and send/recieve texts for free? Shit someone needs to write out a nice lengthy tutorial stat!

Hello,

I just discovered your forum as I got an unactivated iphone in my hands to play with (and I am in Europe, so no AT&T for me). Following your thread, I try to gather my souvenirs of the good old sat tv hacking days. As far as I remember, the silvercard is a couple of PIC16F876 and a 24C64 EEPROM. I don't know anything yet about GSM SIM cards, but is there any data processed by the PIC on the card or only the memory is used and the PIC act as an interface between the card slot and the I2C bus of the EEPROM ? In this case, any card based on PIC or ATMEL (FUNcard) may be used to store these valuable datas ?

Am I wrong ?

@ Colonel: Do you have past expirance to write your own programs for PIC16F8x?

That's pretty mad to see it on Telstra, but could someone please reupload the video?

@ Colonel: Do you have past expirance to write your own programs for PIC16F8x?

Negative. Just doing really basic things. I don't think my skill will help here :-( But I am following this thread closely and will bring any idea which can contribute to the ultimate goal !

Hi!

Anyone prove it with european sims?

Thanks ;)

I SEE LIGHT. Finally I have patched source code gsm-sim.asm to work with new phones incouding iPhone (that was wrong 3/5Volts SIM selection). It works on iPhone. (it was NoSIM before). Next step is to change program in order to play IMSI.

cross your fingers

I SEE LIGHT. Finally I have patched source code gsm-sim.asm to work with new phones incouding iPhone (that was wrong 3/5Volts SIM selection). It works on iPhone. (it was NoSIM before). Next step is to change program in order to play IMSI.

cross your fingers

what does this mean? Sorry....

hi oz,
done with the flash1 and eeprom1.....
i am using the writer from infinity but the local one in taiwan with rs232 converted to usb.
i am using sim-emu 6.01 to write the flash1 and eeprom1 to that silver card.
but when i insert the silver card to writer it saids " this is not a sim-emu card"
is that possible the silver card i have is not correct? this card is from a package for the sim card cloning( never use ) or it's been used then can't be reuse?

one more question,
since i don't have the v1 card for the line i intended use.
therefore i talk to my service provider today and ask if they can find me a v1 card to transfer the line, thery said they can do it but no v1 card any more in stock.
then i ask then if i can find an suspened v1 sim card ( from upgrade or card change) and bring it to them, can they transfer? they said will try it!
here is the question,
if a suspended (or upgraded ) v1 sim can be reuse after ( of course from the same carrier)? i think it is do-able in theory but not sure, so would like to ask you guys the possibility.
thanks!

what does this mean? Sorry....

I found SIM-EMU source .asm code and it works. Trying to change program to play with IMSI (send IMSI-a first tw0 attempts and IMSI-b after)

I found SIM-EMU source .asm code and it works. Trying to change program to play with IMSI (send IMSI-a first tw0 attempts and IMSI-b after)

So u're saying that there would be no need for cloning SIM ,or?:confused:

Step 9. Activate using the Cingular method as descirbe in Hacktheiphone.com

Which method is this?

Method comes from OZ only difference is that I do not use SIM_EMU 6.01 to put on SuperSim I use .asm source code similar SIM-EMU program (very old) compiled with my changes....

did not finished yet

I think what he is saying is he found the source code of the SIM-EMU program, so he is trying to re-program some parts (i dunoo which?) to make it send the necessary 010101s :) so that phone can make/receive calls with the silvercard (which emulates the simcard's functions) i guess??

Means: Silvercard will send att sim data (IMSI, Ki or ICCID etc) to iPhone when communicating with iphone and your own carrier's data (IMSI, Ki or ICCID) when communicating with network?

If the theory works :) than no unlock on the iphone's firmware will be necessary... So no hassle with hacking the phone's software...???

Good Luck...

I m creating theories dont get mad at me:D

@ mysticusa: You are right. This is what I'm trying to do. Have some success:

1. Call in/out - No/Yes
2. GPRS - yes

Advantages compared to OZ method
1/ you can Switch off an iPhone
2/ you do not need anymore Unlocked phone to make a proper SIM card

problems: incoming call are rejected by iPhone (or SIM). I see message "Incoming call" and it is disappear in 0.5 seconds.

@ mysticusa: You are right. This is what I'm trying to do. Have some success:

1. Call in/out - No/Yes
2. GPRS - yes

Advantages compared to OZ method
1/ you can Switch off an iPhone
2/ you do not need anymore Unlocked phone to make a proper SIM card

problems: incoming call are rejected by iPhone (or SIM). I see message "Incoming call" and it is disappear in 0.5 seconds.

hey vladi,
in wich country have you done the sim method?
with wich carier?
are you from russia?
pen

I have done some tests to copy simcards.
But i can't get de imsi and the KI out of new simcards that are on the market after the year 2000.

Is there somebody who can?

Great Job mate, keep on going, fingers started to cross :)

If it can be done with this silvercard, like in theory you wouldnt need the iphone's software to be unlocked/hacked, it will (in theory) work between the iphone and the network... Well I am not a GSM Standards or Phone specialist to know the technical do-able and not-do-able :) but it is theory at least :)

@ mysticusa: You are right. This is what I'm trying to do. Have some success:

1. Call in/out - No/Yes
2. GPRS - yes

Advantages compared to OZ method
1/ you can Switch off an iPhone
2/ you do not need anymore Unlocked phone to make a proper SIM card

problems: incoming call are rejected by iPhone (or SIM). I see message "Incoming call" and it is disappear in 0.5 seconds.

nice work ! validating the SIM proxy theory was the first step ...

now the result is quite surprising - if the call is routed to you, I suppose this mean that the network registration is ok ?

People who are trying to copy the sim cards should not really try it yet, until it becomes proven, because once it is proven, I m sure someone can share their pre-paid AT&T card's IMSI ICCID and Ki data for everyone to use... So why bother for now? you will just ask too many questions that will eat up these guy's time... They can focus more on the project to make it work for everyone... As it looks that it s not very easy to just read your sim card or clone it to anything you want. So fingers really crossed I m sure there will be a FULL GUIDE for this method once it is completed...

Need ideas:

I made a SuperSim on silvercard which send IMSI-a first two attemts and IMSI-b the rest let me call this iEMU - i checked this with woronscan

problems: No call in (... Call is finished... from mobile, and busy signal from normal home phone number)

tests i've made
1. Put my iEMU sim into normal phone - (Nokia 6310i, Samsung 530, HTC3300) - have the same result - No Incoming calls (rest is works)
2. Put my iEMU sim into iPhone - No incoming calls (Call out, EDGE, WIFi - works perfect)
3. Change iEMU program located in sim to supply only IMSI-b - all phones (except iPhone for sure) works 100%

so fop me that means, that IMSI-a, IMSI-a, IMS-b sequence somehow affect on network registration

IMSI-a, IMSI-b, IMS-b..... does not work with iPhone

need any ideas to try

IMSI-a, IMSI-b, IMS-b..... does not work with iPhone

you mean IMSI-a, IMSI-a, IMSI-b I guess ? :D

well if you're sure that you're sending the correct IMSIs, and incoming calls are not working (on the iPhone, it'd be normal to have them non working on the other handsets with this scenario), it means the SIM proxy method is flawed as well and is not a viable solution :(

-> to debug, can you post a baseband log of the iPhone using this scenario ? the method is given here http://iphone.fiveforty.net/wiki/index.php/Phone_Codes code **5005*78283# and put it somewhere on pastebin

More information:

new sequence
IMSI-b, IMSI-a, IMSI-b, IMSI-b.... works on normal phones 100% (including Call IN)
but iPhone still can't receive a calls

When I try to call out from iPhone and at the same time Call-in situation is better: I see message: Incoming Call ХХХХХХХХ Divert or answer" for 0.5 sec and then iPhone rejects in-call. After that number i've dialed from is displayed in Recent call of iPhone.

Normal unlocked phone is OK 100%

iPhone_eu WHERE ARE YOUUUUUUU? I need your help to make next step.

More information:

new sequence
IMSI-b, IMSI-a, IMSI-b, IMSI-b.... works on normal phones 100% (including Call IN)
but iPhone still can't receive a calls

When I try to call out from iPhone and at the same time Call-in situation is better: I see message: Incoming Call ХХХХХХХХ Divert or answer" for 0.5 sec and then iPhone rejects in-call. After that number i've dialed from is displayed in Recent call of iPhone.

Normal unlocked phone is OK 100%

iPhone_eu WHERE ARE YOUUUUUUU? I need your help to make next step.


i´ve got a basic question:
are you able to do that in the phone himself, or do you need the pc to use that?

To produce SuperSIM you need computer but only ones - then it is on SIM and you do not need a computer.

PS. Короче все работает кроме входящих звонков и надо чтобы провайдер был или MTS или Beeline потому что у Мегафона нельзя раскодировать KI

you mean IMSI-a, IMSI-a, IMSI-b I guess ? :D

well if you're sure that you're sending the correct IMSIs, and incoming calls are not working (on the iPhone, it'd be normal to have them non working on the other handsets with this scenario), it means the SIM proxy method is flawed as well and is not a viable solution :(

-> to debug, can you post a baseband log of the iPhone using this scenario ? the method is given here http://iphone.fiveforty.net/wiki/index.php/Phone_Codes code **5005*78283# and put it somewhere on pastebin

@ Zf_: I mean IMSI-a, IMSI-b, IMSI-b - do not work with iPhone, but
IMSI-b, IMSI-a, IMSI-b and IMSI-a, IMSI-a, IMSI-b - works both.

I need detailed explanation how to get baseband log on WINDOWS machine. Can I get it from iPhone using iphoneinterface?

More information:

new sequence
IMSI-b, IMSI-a, IMSI-b, IMSI-b.... works on normal phones 100% (including Call IN)
but iPhone still can't receive a calls

When I try to call out from iPhone and at the same time Call-in situation is better: I see message: Incoming Call ХХХХХХХХ Divert or answer" for 0.5 sec and then iPhone rejects in-call. After that number i've dialed from is displayed in Recent call of iPhone.

Normal unlocked phone is OK 100%

iPhone_eu WHERE ARE YOUUUUUUU? I need your help to make next step.

have an idea:
probably the iPhone needs the IMSI-a again, when the call is coming in.
can you trigger it?

wich country, wich carrier are you trying?

Carrier do not need IMSI-a due to Normal Phone work 100% with that SIM.

@ pendalf: country - BY, carrier - MTS

Quick Question guys...

Is there anyway Apple would be able to block your guy's different SIM cards from using their network?

More information:

new sequence
IMSI-b, IMSI-a, IMSI-b, IMSI-b.... works on normal phones 100% (including Call IN)
but iPhone still can't receive a calls

When I try to call out from iPhone and at the same time Call-in situation is better: I see message: Incoming Call ХХХХХХХХ Divert or answer" for 0.5 sec and then iPhone rejects in-call. After that number i've dialed from is displayed in Recent call of iPhone.

Normal unlocked phone is OK 100%

iPhone_eu WHERE ARE YOUUUUUUU? I need your help to make next step.

Hi there,

Perhaps there is some method to diferentiate IMSI request from iPhone and from Network?

I think you are really close ;)

Hello Guys!

Huge thanks for ozbimmer and Vladimir for their first steps in creating SuperSim card. Tomorrow i would like to buy Infiniti card reader and try this method too. So i will publish my report soon :)

P.S Владимир, не могли бы Вы помочь мне разобраться с программами или по крайней мере одолжить ассемблерный файл? И маленький вопрос - сканируются ли новый карты билайн (черно-желтые) (Just a little question to Vladimir)

Yeah it comes down to iPhones's firmware has something to do with IMSI checks... As you are saying Carrier (Network Provide) doesn't bother with IMSI...

It looks as if when you receive the call, iPhone's interface is receiving the IMSI as well therefore blocking the call?

Like coatzin suggested, is it possible to send/past different IMSI to iPhone when receiving and making calls?

I need detailed explanation how to get baseband log on WINDOWS machine. Can I get it from iPhone using iphoneinterface?

you'll need to sync with iTunes then look for a "Baseband" directory in your user application path (users\xxx\appdata) - post the log created with the AT&T/AT&T/regular sequence.

I should be able to validate it myself again with an hardware solution later tonight as well, and will try to "fully" receive an incoming call (I did a first validation a few days ago but just let the phone ring for a few seconds without answering :D)

I will try this Super SIM method with Silvercard tonight, and i will post result....Thx Oz & Vladimir...and all good people who provided this to us! :cool:

EDIT I cant get answers to my questions, so iam quiting,I wont try this method...thanx

Hello Guys!

Huge thanks for ozbimmer and Vladimir for their first steps in creating SuperSim card. Tomorrow i would like to buy Infiniti card reader and try this method too. So i will publish my report soon :)

P.S Владимир, не могли бы Вы помочь мне разобраться с программами или по крайней мере одолжить ассемблерный файл? И маленький вопрос - сканируются ли новый карты билайн (черно-желтые) (Just a little question to Vladimir)

Извините, пока некогда, заработает с радостью поделюсь.

А вы старую карточку сканировали или новую?

is the iphone unlocked vladimir?

What's? :D

Were did INSTRUCTIONS from first page go? Please write a instructions so that I can try this method with Silvercard.:(

you'll need to sync with iTunes then look for a "Baseband" directory in your user application path (users\xxx\appdata) - post the log created with the AT&T/AT&T/regular sequence.

I should be able to validate it myself again with an hardware solution later tonight as well, and will try to "fully" receive an incoming call (I did a first validation a few days ago but just let the phone ring for a few seconds without answering :D)

Need more help:
dial **5005*78283# on phone. press "reply" and type name: Made a several dials and so on. made a sync with iTunes.

No files in AppData/
No files in iPhone/Library/Logs/Baseband

Need more help:
dial **5005*78283# on phone. press "reply" and type name: Made a several dials and so on. made a sync with iTunes.

No files in AppData/
No files in iPhone/Library/Logs/Baseband

It should tell you that there are diagnostics information available when syncing.

Then look for the "baseband" directory on your whole Windows install drive and you should find it :D

OK. Some more news
Changed IMSI sequence to
b-a-b-a-a-a-a-a-a - iPhone ok, Call out ok, EDGE is gone
b-a-b-b-a-a-a-a-a-a.... - EDGE is came back and Calls-in not.

so

b-a-b-b-b-b-b-b.... and
b-a-b-b-a-a-a-a-a...

are the same

put last version to normal phone - everything works. I'm sure, that question is about iPhone communication with SIM during incoming call. Will try to read GSM_11.14 standart. this will take time....

OK. Some more news
Changed IMSI sequence to
b-a-b-a-a-a-a-a-a - iPhone ok, Call out ok, EDGE is gone
b-a-b-b-a-a-a-a-a-a.... - EDGE is came back and Calls-in not.

so

b-a-b-b-b-b-b-b.... and
b-a-b-b-a-a-a-a-a...

are the same

put last version to normal phone - everything works. I'm sure, that question is about iPhone communication with SIM during incoming call. Will try to read GSM_11.14 standart. this will take time....


can you trigger it?
may be a small program on the iPhone would help...

Vladimir: can you post or send me a copy of your asm? thanks.

@vladi:

not able to receive calls is because the IMSI doesn't relate to a local mobile phone (I think this is the correct explanation)

i thing, the imsi must be corect, when the call is coming in!
if it´s change you´ll get reject.
probably the other phone, wich is working, doesn´t use the imsi request, when the call coming in. but iPhone does...

what do you thing?

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com

I found the instructions looking through the thread. If I use the suggested instructions above, would I be able to connect to EDGE for free?

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com

I found the instructions looking through the thread. If I use the suggested instructions above, would I be able to connect to EDGE for free?
Is the sim card reder/writer any good?

http://cgi.ebay.co.uk/12-IN-1-SUPER-SIM-CARD-READER-WRITER-MOBILE-PC-UK-SELL_W0QQitemZ330150814295QQihZ014QQcategoryZ43805 QQssPageNameZWDVWQQrdZ1QQcmdZViewItem

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com

I found the instructions looking through the thread. If I use the suggested instructions above, would I be able to connect to EDGE for free?

Thanks ;)

The problem is if we don´t have a v1 simcard.

you forgot 5a)

5a. Use the software the comes with the Infinity usb unlimited read/writer to READ the sim Flash and EEPROM. This will create 2 files (Flash2 and EEPROM2).

1. Get the required hardware and softwares: (these are the ones I have used): An Infinity USB unlimited SIM reader/writer, a silvercard, SIM-EMU 6.01, and WoronScan 1.09
2. Get the IMSI, Ki of your carrier using WoronScan (I will call them IMSI-b, Ki-b)
3. Use SIM-EMU and create 2 files (1 Flash and 1 EEPROM) using the ICCID of the AT&T sim (ICCID-a), IMSI-b and Ki-b
4. Then use these 2 files to create a sim using the infinity usb unlimited reader/writer
5. Put this sim into a normal unlocked phone and make some calls/receive calls/data services
6. Then use SIM-EMU to change the IMSI of the original Flash file to IMSI of AT&T sim (IMSI-a)
7. Again write the silvercard with the new flash and eeprom files
8. Put this sim into the iphone
9. Activate using the Cingular method as descirbe in Hacktheiphone.com

I found the instructions looking through the thread. If I use the suggested instructions above, would I be able to connect to EDGE for free?

@sam

can you post it on the top of this thread?

you forgot 5a)

5a. Use the software the comes with the Infinity usb unlimited read/writer to READ the sim Flash and EEPRO