How long to extract Ki

**logic** · 08-07-2007 06:19 PM

Hi,

I am trying to extract the KI on a T-Mobile sim card, it has been running for 3 hours, i've seen elsewhere that others have retreived their ki in 40 minutes, how long can it take? When I use the woron Scan I get collision errors and it stops at about 60000 tries, I am currently using Sim Scan v2.01 and so far its at 93000.

The Ki currently shows:

ki = (00) (00) (00) 00 00 00 00 00 (00) (00) (00) 00 00 00 00 00

What does Brackets Mean around the zeros e.g .. (00) they appear every now and again

This is my 1st attempt at sim cloning....if it doesn't show

**HaRRo** · 08-07-2007 06:27 PM

Im assuming then your card is comp128-v2

so you probably wont be able to get the KI off it

**logic** · 08-07-2007 06:36 PM

Are the (00)s the tell tale sign or if my card was a comp128 v1 would I have got the KI by now???

**teamare2006** · 08-08-2007 03:40 AM

when i scan my cord i got the following ki key
can someone please tell me is this is the right key or no

Simulator is ready
07:01:30
Starting 2R attack on 0 pair....
Found 2R attack collisions:used 20240 steps
07:01:37
Found by 2R attack the 0 pair=0000
07:01:37
Calculating data for 3R attack....
07:01:37
Found data: common=25 first=00BD second=1019
Finding 3R attack collision...
07:01:38
3R attack collisions found...used 488 steps
3R attack 2 possible pairs found
Possible Pair 0000
Possible Pair 6500
07:01:38
Found by 3R attack the 4 pair=0000
07:01:38
Calculating data for 4R attack....
07:01:38
Found data: common=17 first=022B second=87CD third=5600
Finding 4R attack collision...
Used 150 steps for 4R attack
07:01:39
4R attack 8 collisions found...
07:01:39
final calculating pairs by 4R attack...
0000 001C
Found by 4R attack 2 pair=0000
07:01:39
07:01:39
Calculating data for 3R attack....
07:01:39
Found data: common=25 first=00BD second=1019
Finding 3R attack collision...
07:01:39
3R attack collisions found...used 488 steps
3R attack 2 possible pairs found
Possible Pair 0000
Possible Pair 6500
07:01:39
Found by 3R attack the 6 pair=0000
07:01:39
Calculating data for 5R attack....
07:01:40
Found data: common=274 first=004E second=5DDC third=1100 forth=8800
Finding 5R attack collision...
Used 460 steps for 5R attack
07:01:40
5R attack 8 collisions found...
07:01:40
final calculating pair by 5R attack...
0000 0001 FFE3 0007
00B2 0001 FFE3 0007
07:01:40
5R calc. time 0.672
Found by 5R attack 1 pair=0000
07:01:40
Calculating data for 3R attack....
07:01:41
Found data: common=25 first=00BD second=1019
Finding 3R attack collision...
07:01:41
3R attack collisions found...used 488 steps
3R attack 2 possible pairs found
Possible Pair 0000
Possible Pair 6500
07:01:41
Found by 3R attack the 5 pair=0000
07:01:41
Calculating data for 4R attack....
07:01:42
Found data: common=17 first=022B second=87CD third=5600
Finding 4R attack collision...
Used 150 steps for 4R attack
07:01:42
4R attack 8 collisions found...
07:01:42
final calculating pairs by 4R attack...
0000 001C
Found by 4R attack 3 pair=0000
07:01:42
Finding last pair by brute force...
07:01:42
Found by brute force the 7 pair=0000

KI : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

is ki key is right or there is some problem

**deepdark** · 08-08-2007 10:27 AM

Originally Posted by logic

Hi,

I am trying to extract the KI on a T-Mobile sim card, it has been running for 3 hours, i've seen elsewhere that others have retreived their ki in 40 minutes, how long can it take? When I use the woron Scan I get collision errors and it stops at about 60000 tries, I am currently using Sim Scan v2.01 and so far its at 93000.

The Ki currently shows:

ki = (00) (00) (00) 00 00 00 00 00 (00) (00) (00) 00 00 00 00 00

What does Brackets Mean around the zeros e.g .. (00) they appear every now and again

This is my 1st attempt at sim cloning....if it doesn't show

this is that when card is V2 or V3

**997TT** · 08-08-2007 02:16 PM

Originally Posted by teamare2006

when i scan my cord i got the following ki key
KI : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

is ki key is right or there is some problem

A little reminder: NEVER EVER post your Ki key. The only reason I didn't delete this is because it is very unlikely that this is the correct key.
In any case: DO NOT post your IMSI and ICCID too.

Are you sure the SIM card you scanned was ACTIVE? The Super SIM method only works with ACTIVE SIM cards, some people still don't seem to realize that.

**teamare2006** · 08-08-2007 08:02 PM

yes the sim card is active and i am using this sim card
another think i want to know when i read the data from my card with Woron_Scan from task it reads IMSI And ICCID properly but when i try to read the KI key it gives me error so i just selected A38 Simulator from Card Reader option from tht software and it had shown me the key within 30 second
is this method reads the right key or there is something wrong

**mdkia** · 08-08-2007 10:05 PM

how many "gsm algorithm steps" woron scan can count?

i'm on step 51043 (started almost 2 hours ago) and still going ...

should i quit woron scan because it will never find out the ki of my sim?

-------------------------------------------------

19:48:01
Starting 2R attack on 0 pair....
No 2R attack collision found....
21:10:17
Starting 2R attack on 4 pair....

**situ** · 08-23-2007 11:13 AM

I'm trying to extract a V1 SIM and it always stops after extracting pair 0 and pair 4. Does anyone know this?

**schalkse** · 08-23-2007 12:11 PM

To ALL having problems with extracting Ki.

Mention in your post what reader you use! what software you use!
Nobody can solve your problems if this is unknown.
Important is that VCP is active when using woron scan and that your reader support phoenix mode.

If you are not sure what type of sim you have. GO to you local GSM dealer or provider and ask them to put the sim in their reader to know what version you have. They are able to see through software from the provider. Phase 1, 2 or 3 is possible. You should have Phase 1.