Professional Documents
Culture Documents
MOBILE
TELEPHONE EVIDENCE
Trew & Co
ICT specialist
trewCO@compuserve.com
________________________________________________________________________
Trew MTE Special INDEX No: B/2002
Greg Smith editor of Trew MTE. Principal consulting forensic engineer Trew & Co. Chief Training Officer Trew MTE
Welcome to this Special Issue edition of Trew MTE relating to Cloning of SIM. This edition of Trew MTE is published only for the purpose of research and it is not intended that readers enter into cloning SIMs. Readers should have regard to national laws and Trew & Co, its editor and Trew MTE do not accept or agree expressly or implied responsibility in relation to how readers use the information contained herein. The information in issue was discovered on the Internet (in the public domain) and where possible the source of such discovery is identified. It is up to the reader to research further in order to comprehend each issue. This issue does not recommend installing programmes that have been identified during the research nor is it possible to indicate how such programmes might affect your computer. Hope you find the research of interest.
Trew MTE is an electronic publication for those involved with mobile telephone examination or for whom have an interest in the evidence obtained following data acquisition. Views expressed in articles by the authors are not necessarily those of the editor or Trew & Co. If you have something to say or you would care to write an article for MTE please send an electronic copy along with any photos (JPG, GIF etc) to Greg Smith email address: <trewCO@compuserve.com>
________________________________________________________________________
WHAT'S INSIDE
SOURCES OF SIM
A necessary commodity for those involved with SIM cloning is the obtaining of SIM cards for practise and to produce workable cloned SIMs. As an observation, there appear many places original SIMs can be obtained. Places such as, dustbins where old mobiles and SIMs have been thrown away. It is recalled that sometime back Kings Cross was an area where discarded mobiles could be found in alleys and other areas frequented by passers-through. Road sweepers were picking up, so the gossip went, sometimes 100 discarded mobiles and SIMs a week. Recycle for environmental and manufacturing appears another area where vast quantities of mobiles/SIMs may be obtained. Many stores and organisations operate mobile phone recycling collection facilities apparently as 35.00 per handset can be reclaimed. It is not clear whether all mobiles/SIMs that are collected are actually returned to manufacturers or recycling plants. Also "Lost and Found" (Railways and Taxi firms) is another source. Theft of mobile/SIM is yet another.
"Road sweepers were picking up, so the gossip went, sometimes 100 discarded mobiles and SIMs a week."
Whatever the source for collecting original SIMs, there is still the requirement of obtaining SIMs needed for programming (cloning). When researching for sources that sold SIMs, it was not clear how the distributors themselves obtained the SIMs, whether purchased directly from manufacturers, through distribution chains or from cleansing and refurbishment of old SIMs. Internet searches produced some interesting results for Goldwafer and Silverwafer Cards produced by Far East sources, such as Taiwan and China, and European sources, that suggested Spain and Germany. The cost of Gold Wafer Cards offered @ US$5 and Silver Wafer cards @ US$15. It is the fact of availability of programming tools and Cards that is precisely the issue being addressed at the beginning of this article that SIM cloning could well extend financially as an industry well beyond the industry created for cloning mobile telephones.
________________________________________________________________________
WHAT'S INSIDE
Text and images reproduced are as recorded from some web sites.
A fascinating part during research on SIM cloning was noting the packaging and point-of-sale presentation of the tools. The SIMMASTER referred to above gave the illustration and feature description suggesting that there was a high demand for such a product and that point-of-sale presentation was as a result of massproduction. If this product were not massed-produced it would appear an expensive way of selling these tools to a low-demand market.
Features: Source web site URL: http://ucables.com/ref/SIM-MASTER Compatible with all GSM Cellular phones Edit your phone book in your PC Edit SMS short messages in your PC Read IMSI and Ki codes of GSM simcards, very useful to use with our new SIMCARD8 to make simcard backups Edit and Change the personal ringtone for motorola cellular phone (Send as SMS function support needed. ex. V8088, V7689) GSM SIM PIN code management Connect to Serial port (RS-232), no need external power Built-in hundreds of Midi ringtone for Ring Tone editing. Copy and Backup phone book and SMS messages between your SIM cards. Convenience sorting functions Read IMSI and Ki codes from SIM Card with SIM-BACKUP or SIMscan 1.21
________________________________________________________________________
WHAT'S INSIDE
________________________________________________________________________
WHAT'S INSIDE
[http://users.anytimenow.com/sid67b/GSMSIM3.htm]
STEP 4 - Getting the Ki and IMSI of the original SIM Install Sim Scan 1.21 by running the install.bat file. Run and configure Sim Scan from c:\sim_scan\setup.bat file. Screen 1: Press Alt+Enter Key, then select the COM port where SIM Reader is connected. SIM Scan will not work properly unless it is maximised to full screen.
________________________________________________________________________
WHAT'S INSIDE
Screen 3: Put original SIM card to SIM Reader and press Enter
________________________________________________________________________
WHAT'S INSIDE
Screen 5: Select 'F2' or 'F3' (Do not use 'F1' unless you know what you are doing.) 'F3' Retrieves 75% of SIMs even year 2001 GSM SIMs, but it is slow. 'F2' Retrieves 50% of SIMs even year 2001 GSM SIMs and it is faster. /\/\/\/\If the Ki and IMSI cannot be retrieved using 'F2', you can switch to 'F3'/\/\/\/\
________________________________________________________________________
WHAT'S INSIDE
Step 5 - Creating the HEX files for the "clone" SIM Run TwinSim 1.0 and select 'Single-Sim' then input the Ki and the IMSI that you got from the original SIM. For 'PIN' enter any 4 digits and for 'PUC' enter any 8 digits. After inputting all data needed, click 'Generate Picfile' and 'Generate Epromfile' then exit the program. Two HEX files will be generated in the folder where TwinSim is located (pic16f84.hex + eprom.hex).
Step 6 - Converting the eeprom.hex to eeprom.bin The eeprom.hex and hex2bin.exe files must be placed on the same directory. Run hex2bin.exe and copy the settings from the screen below. Now a new file 'eeprom.bin' will be created.
________________________________________________________________________
WHAT'S INSIDE
After setting up the hardware, put the blank Goldcard to the SIM Writer and select 16F84A from the chip list.
________________________________________________________________________
WHAT'S INSIDE
Step 8 - Burning the eeprom.bin to the Goldcard. Put the Goldcard which you used from IC-Prog to the SIM Reader and then run WinPhoenix 1.06. Other versions of WinPhoenix might not work so make sure that you are using version 1.06. Configure the COM port where the SIM reader is connected. This can be done using the 'File' --> 'Preferences' and selecting 'General' Tab.
________________________________________________________________________
WHAT'S INSIDE
Select 'Card' --> 'Program' and the eeprom.bin will be written to the Goldwafer's 24C16
Step 9 - Burning the pic16f84.hex to the Goldwafer. Put the Goldwafer to the SIM writer hardware and run IC-Prog 1.04 again. Follow the same steps as described in Step 7, but this time load the pic16f84.hex file instead. You can program this card with 'CP' enabled or disabled, it does not matter.
________________________________________________________________________
WHAT'S INSIDE
OBSERVATIONS
The discussion above represents a small proportion of information discovered by way of searching the Internet. Cloning for Dummies and tools, which have been identified above, are accessible and available from the Internet. The discussion above does not represent all testing carried out by the author of this Special Issue report. The aim has been to highlight the growth in promotion of tools claiming that SIM cloning is possible and how it is done. If the assertions made by the claims are correct then forensic examiners need to be aware of this and it is hoped this special issue helps to some degree. The impact of this issue in relation to data acquisition from SIM cards might initially create concern as to what constitutes an original SIM and what constitutes a clone SIM. During SIM examination there may be some clues by reference to Gold Wafer and Silver Wafer cards. This could be relevant provided that the examiner is in possession of two cards with identical IMSI and Ki. Of course, some examples of things more obvious to look for would be:
The printing on the card of the SIM might give some clues e.g. who is the mobile network operator ? The SSN (SIM Serial Numbers) and the ICCID (Integrated Circuit/s Card Identity) numbers. If they do not match, this could be another illustrator in determining a clone The plastic card material The contact pads as to shape and design, colour and alloy material Using SimiS, look at the Card Info Page and determine whether the SIMs produce identical information. The same analysis should be conducted with PhoneBase, if you use PhoneBase. The review should extend to all pages of information captured during data acquisition from SIM. In the article Cloning for Dummies guide it gave a clue that two identical SIMs could contain different data. Here's one example "Regarding receiving SMS from other people, only one of the SIMs will receive the message." The clues are there if time is given to considering what they are.
It appears inevitable that consideration must be given to the evidential impact of this topic. During the Extended Mobile Telephone Evidence training course best endeavours will be made to include some discussion time on this topic. Finally, readers should be aware that it is unclear at this stage whether cloning a SIM is a crime, where the person uses their own number (so to speak). There may be legal requirements too that might make cloning a SIM a civil wrong. IMSI, it is understood is owned by the issuer and may be authorised only to be recorded into one SIM. It is suggested therefore that before any laboratory testing is carried out enquiries as to the legal implications and authorisation may need to be sought.