PIN (Personal Identification Number)

Is a security feature to protect your SIM card from others using it for phone calls or cellular
data, you can use a SIM PIN. Lock your SIM card with a PIN to require an identification code for
phone calls and cellular-data usage. The PIN code, made up of 4 numbers, is the access code for
your SIM card. You will need to enter this code every time you turn on your mobile. As your PIN code
is secret, it will appear on your mobile screen in the form of little stars or other symbols.

Code PIN

You will find your PIN code on the card that was attached to your SIM card.

This card was in your welcome pack.

Code PUK

The PUK code can also be found on the silver part of your SIM card.
PUK (Personal Unlocking Key)

Is a security feature on most mobile devices that protects your SIM card data. The PUK code is
unique to your SIM card and is required when a SIM Card PIN code has been entered incorrectly
multiple times.

FOR SMART USERS

If you accidentally blocked or forgot your PIN (Personal Identification Number) codes, you will
need your PUK (PIN Unblocking Key) to unlock your SIM and enjoy using Smart services
again.Your PUK can be found at the back of your SIM casing. Just enter the PUK code to unblock
it. If you lost your SIM casing, you can request for your PUK online or via IVRS.

VIA WEB

Register and log-in to My Smart. Registration is FREE.Once logged-in, link your Smart mobile
number to your My Smart account.

Once linked, select your Smart number under 'My Smart Accounts', click 'Account Services' then
'Phone and SIM'. Choose 'PUK Code Inquiry'.

You will be asked to enter your ICCID number. Your ICCID is the 16 digit number located at the
back of your SIM card.

Once validated, the system will display your PUK1 and PUK2 codes.

VIA IVRS

(Interactive Voice Response is an automated telephony system that interacts with callers,
gathers information and routes calls to the appropriate recipient.)

Dial *888 using your SMART cellphone or (02) 888-1111 using landline and follow the voice
prompt.

For Smart Postpaid subscribers, select the Aftersales option then PUK Release.

For Smart Prepaid and Talk 'N Text subscribers, select the Account option then PUK Inquiry.

You will be asked to enter your mobile number (09xxxxxxxxx) and ICCID number. Your ICCID is
the 16 digit number located at the back of your SIM card.

Once validated, the system will dictate your PUK1 and PUK2 codes. Please have a pen and
paper ready to jot them down.

Note:

PUK1 is used to unblock your Personal Identification Number or PIN.

PUK2 is used to unblock your PIN2 for your call/phone settings (ex. fixed dialing).
http://resources.infosecinstitute.com/sim-card-forensics-introduction/#gref
SIM Structure and File Systems
A SIM card contains a processor and operating system with between 16 and 256 KB of persistent,
electronically erasable, programmable read-only memory (EEPROM). It also contains RAM (random
access memory) and ROM (read-only memory). RAM controls the program execution flow and the
ROM controls the operating system work flow, user authentication, data encryption algorithm, and
other applications. The hierarchically organized file system of a SIM resides in persistent memory
and stores data as names and phone number entries, text messages, and network service settings.
Depending on the phone used, some information on the SIM may coexist in the memory of the
phone. Alternatively, information may reside entirely in the memory of the phone instead of available
memory on the SIM.

The hierarchical file system resides in EEPROM. The file system consists of three types of files:
master file(MF), dedicated files, and elementary files. The master file is the root of the file system.
Dedicated files are the subordinate directories of master files. Elementary files contain various types
of data, structured as either a sequence of data bytes, a sequence of fixed-size records, or a fixed
set of fixed-size records used cyclically.

As can be seen in the above figure, dedicated files are subordinate directories under the MF, their
contents and functions being defined by the GSM11.11 standards. Three are usually present: DF
(DCS1800), DF (GSM), and DF (Telecom). Also present under the MF are EFs (ICCID). Subordinate
to each of the DFs are supporting EFs, which contain the actual data. The EFs under DF (DCS1800)
and DF (GSM) contain network-related information and the EFs under DF (Telecom) contain the
service-related information. All the files have headers, but only EFs contain data. The first byte of
every header identifies the file type and the header contains the information related to the structure
of the files. The body of an EF contains information related to the application. Files can be either
administrative- or application-specific and access to stored data is controlled by the operating
system. The SIM card contains sensitive information about the subscriber. Data such as contact lists
and messages can be stored in SIM. SIM cards themselves contain a repository of data and
information, some of which is listed below:
 Integrated circuit card identifier (ICCID)
International mobile subscriber identity (IMSI)
Service provider name (SPN)
Mobile country code (MCC)
Mobile network code (MNC)
Mobile subscriber identification number (MSIN)
Mobile station international subscriber directory number (MSISDN)
Abbreviated dialing numbers (ADN)
Last dialed numbers (LDN)
Short message service (SMS)
Language preference (LP)
Card holder verification (CHV1 and CHV2)
Ciphering key (Kc)
Ciphering key sequence number
Emergency call code
Fixed dialing numbers (FDN)
Local area identity (LAI)
Own dialing number
Temporary mobile subscriber identity (TMSI)
Routing area identifier (RIA) network code
Service dialing numbers (SDNs)

A smart card, also known as an Integrated Circuit Card (ICC), is a micro-controller based
access module. It is a physical/logical entity and can be either a Subscriber Identity Module
(SIM) or a Universal Integrated Circuit Card (UICC). Originally, the ICC defined for 2G
networks was the SIM. In 3G networks, the SIM may also be a logical entity (application) on
a 3G UICC thereby making it functionally the same as a 2G SIM. The Universal Subscriber
Identity Module (USIM) is a logical application running on a UICC smart card, which
normally only accepts 3G Universal Mobile Telecommunications Service (UMTS) commands.
A USIM can have multiple phone numbers assigned to it, thus allowing one phone to have
multiple numbers. If the USIM and SIM applications reside on the same UICC, they cannot
be active at the same time.

SIM Technology and Functionality

SIMs are found in GSM, iDEN, and Blackberry handsets and are also used by satellite phone
networks such as Iridium, Thuraya, and Inmarsat. Under the GSM framework, a cell phone
is termed a Mobile Station, consisting of a SIM card and a handset (Mobile EquipmentME).
One very important and functional feature of a SIM card is that it can be moved from one
GSM compatible phone to another, thereby transferring all of the subscribers information.

The first SIM cards were about the size of a credit card. As cell phones began to shrink in
size, the mini-SIM (about one-third the size of a credit card) was developed. Today an even
smaller version, the micro-SIM, is available. Each of these three iterations varies in physical
size and the functionality supported. Normally, a SIM card provides functionality for both
the identification and authentication of the subscribers phone to its network; contains
storage for phone numbers, SMS, and other information; and allows for the creation of
applications on the card itself. The basic functions are illustrated in Figure 1.
 What is a SIM card?

SIM Structure
SIMs contain both a processor (CPU) and an operating system which is either native
(proprietary, vendor specific) or Java Card (a subset of the Java programming language).
SIMs also have Electrically Erasable Programmable Read Only Memory (EEPROM), Random
Access Memory (RAM) for controlling program execution, and persistent Read Only Memory
(ROM) which stores user authentication, data encryption algorithms, the operating system,
and other applications. Communication between the SIM card and the handset is via a serial
interface.

A SIM card also contains a hierarchical file system which resides in EEPROM. The file
structure consists of a Master File (MF), which is the root of the file system, Dedicated Files
(DFs), and Elementary Files (EFs). Dedicated Files are subordinate directories under the MF,
their contents and functions being defined by the GSM11.11 standards. Three are usually
present: DF (DCS1800), DF (GSM), and DF (Telecom). Also present under the MF is EF
(ICCID). Subordinate to each of the DFs are supporting EFs which contain the actual data.
The EFs under DF (DCS1800) and DF (GSM) contain network related information and the
EFs under DF (Telecom) contain the service related information. A typical SIM card file
system is shown in Figure 2.

While all the files have headers, only the EFs contain data. The first byte of the header
identifies the file type. Headers contain the security and meta-information related to the
structure and attributes of the file, such as length of record. The body of the EFs contains
information related to the application(s). Files can be either administrative or application
specific and access to stored data is controlled by the operating system.
 SIM Card Security

SIM SECURITY
SIM cards have built in security features that are designed to make them tamper resistant,
thereby ensuring data security. A SIM cards MF, DFs, and EFs all contain security
attributes. One security attribute, the access conditions, are constraints upon the execution
of commands. They filter every execution attempt, thus ensuring that only those with the
proper authorization can access the requested functionality controlled by the DFs or EFs.
Access conditions can be thought of as somewhat analogous to the user rights associated
with the file/directory attributes found in computer operating systems. There are different
levels of access conditions associated with DF and EF files:

Always (ALW): file access is allowed without restrictions and the command is
executable upon the file.
Card Holder Verification 1 (CHV1): file access is allowed with the valid verification of
the users PIN1 (or PIN1 verification is disabled) and the command is executable
upon the file.
Card Holder Verification 2 (CHV2): file access is allowed with a valid verification of
the users PIN2 (or PIN2 verification is disabled) and the command is executable
upon the file.
Administrative (ADM): the administrative authority (i.e. the card issuer who provides
the SIM card to subscribers), is responsible for the allocation of these levels.
Never (NEV): file access is prohibited and the command is never executable upon the
file.
Data of Forensic Value
Depending upon the phones technology and access scheme, the same data, such as a
contact list, may be stored on the SIM, in the handset, or on the phones memory card. SIM
cards themselves contain a repository of data and information, some of which is listed
below:
 Integrated Circuit Card Identifier (ICCID)
International Mobile Subscriber Identity (IMSI)
Service Provider Name (SPN)
Mobile Country Code (MCC)
Mobile Network Code (MNC)
Mobile Subscriber Identification Number (MSIN)
Mobile Station International Subscriber Directory Number (MSISDN)
Abbreviated Dialing Numbers (ADN)
Last Dialed Numbers (LDN)
Short Message Service (SMS)
Language Preference (LP)
Card Holder Verification (CHV1) and (CHV2)
Ciphering Key (Kc)
Ciphering Key Sequence Number
Emergency Call Code
Fixed Dialing Numbers (FDN)
Local Area Identity (LAI)
Own Dialing Number
Temporary Mobile Subscriber Identity (TMSI)
Routing Area Identifier (RIA) network code
Service Dialing Numbers (SDNs)
A discussion of some of this data and what it means will continue in the next column.

(Disclaimer: products mentioned in this column should not to be considered as an

endorsement of that product by Forensic Magazine or by the author.)

John J. Barbara owns Digital Forensics Consulting, LLC, providing consulting services for
companies and laboratories seeking digital forensics accreditation. An ASCLD/LAB inspector
since 1993, John has conducted inspections in several forensic disciplines including Digital
Evidence. John is the General Editor for the Handbook of Digital & Multimedia Forensic
Evidence published by Humana Press. He can be reached at jjb@digforcon.com.