How to Unlock a SIM Card PIN Code. How to Get an Unlock Pin for an AT&T SIM Card. Many people smartly protect their SIM cards with a PIN number. Emulation may be key to decrypt this PIN AND PUK Code. Hope. (e.g sim card rejected,not accepting correct pin code,sim card blocked etc.). Download Sim Pin Code Hack at SIM Informer: SharpKeys, Barcode Maker. CarProKey immo pin code calculator can calculate electronic units. . user to protect his SIM card with a PIN. to crack a PIN / PUK code on a phone SIM card? the PIN code, either directly or by cloning the SIM and. When deploying a mobile phone best practices policy, one of the points which were raised was the requirement for the user to protect his SIM card with a PIN. The theory is that three failed attempts to input the right PIN switches the SIM card into PUK mode, and 10 failed attempts to input the PUK make the card unusable. What is the reality of this assumption? One of the uses of a stolen mobile phone is to robot-call specific numbers and drain the user account: is it practically possible* to crack the PIN code, either directly or by cloning the SIM and testing the 10,000 possible codes? is it practically possible* to crack the PUK code? This one is longer but since it can be recovered by the carrier it means that a SIM ID can be used to generate such a code. *) "practically possible" means doing it quickly enough to use the SIM before it is blocked (say, an hour) I am interested in the technical aspects of the question (there are legal as well, when it comes to a policy ; there is also the possibility of fraud with the help of a carrier operator who would generate a PUK) Karsten Nohl had a nice presentation at Blackhat 2013 (https://www.blackhat.com/us-13/briefings.html#Nohl) claiming that many SIM cards are rootable. The crux of his attack is based on the Over-The-Air (OTA) software updates for these cards, which are typically sent via "secure" binary SMS directly to the SIM. He claims that in ~25% of the cases, the SIM will respond with a signed error message to an invalid attempt to update its code, and that for about 50% of the SIMs on the market, the signature will be encrypted with the very old and crackable Digital Encryption Standard (DES). Worse yet, the signature is signed with the same key as is used to sign code, so that once it is broken offline it can be used to send a software update to the SIM. This software update does not, in itself, provide access to the PUK, but by utilizing an unspecified memory vulnerability, Nohl claims to have been able to break out of the SIMs Java sandbox and get access to this key. If you believe Nohl (and I have no reason not to), this demonstrates that: SIM card is just a smart card. Like a majority of smart cards SIM card designed to be physically protected. I mean that you are not able to retrieve any information from smart card (of course there are some backdoors, side channel attacks and some not perfect techniques). Your carrier writes Ki private code and IMSI public id into your SIM. All of this data (including PIN and PUK codes) stored in (physically) secure memory. It is hard to extract this data directly by sniffing wires on a die of smart card. As I said before it is much more easily to carry out side channel attack. Because data like PIN code is used by algorithms it is possible to create some correlation between data and power consumption. Some Russian guys tried to attack COMP128v2-3 with SCA and made some success. By the way SIM cloning was possible because COMP128v1 is weak algorithm. So, to crack PIN you should to: Be a vendor ;) Have specification of algorithm of PIN checking and try to find weaknesses Carry out side channel attack (of course you need specs) Sniff data on the die and know chemistry :)','url':'http://security.stackexchange.com/questions/58758/is-it-possible-to-crack-a-pin-puk-code-on-a-phone-sim-card','og_descr':'When deploying a mobile phone best practices policy, one of the points which were raised was the requirement for the user to protect his SIM card with a PIN. The theory is that three failed attempt... How To Bypass the sim pin code Change sim without pin code Way to change sim without code. 1 - put your new sim card inside the phone.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2016
Categories |