[TurboSIM] Technical background ?

Printable View

Show 40 post(s) from this thread on one page
Page 1 of 2 12 LastLast
yes

Quote:

What happens when all 4 iPhones (all on T-Mobile US) go online at the same time?
there won't be a problem as the AT&T info is only used locally (i.e. on the handset not sent on the GSM network) to fool the SIM lock function.

Quote:

What happens when they connect to iTunes at the same time? Would T-Mo or Apple notice the identical IMSI/ICCID and smell something fishy?
there shouldn't be any issue if you don't try to activate all these devices using iTunes.

Quote:

  • Is there more to TS than copying IMSI/ICCID?
  • yes, the important part is the sequence in which these IMSI/ICCID are sent. That's what fools the SIM lock. You can go through the AppleSaft source if you're a C programmer, it's pretty straightforward (google for applesaft-0.92.tar.gz and refer to Bladox documentation http://www.bladox.com/devel-docs/index.html)

    Quote:

    If not, would it be possible to enter these values from the other AT&T cards manually? It seems so:
    http://www.hackint0sh.org/forum/showthread.php?t=4711
    But responses there are mixed and instructions are gone.
    it's still possible to do that with another application which is called ISA and that you'll be able to find on Bladox website. ISA is less popular because you need to plug the Turbo SIM with an AT&T (or T-Mobile or Orange or ...) card in order to be able to use the iPhone Turbo SIM programming applications. Otherwise you'll have to program your Turbo SIM using another device, typically another phone connected to a PC, which is less convenient.

    Quote:

  • Also, I noticed in the display above the digits within each pair are flipped. The real ICCID starts with 89 01 41 ... Any reason for that?
  • for historical reasons a lot of data are stored swapped on the card. ie 01 23 45 will be stored 10 32 54. You'll find references to that in ETSI specifications, typically the 11.11.

    Quote:

  • Then I assumed the IMSI is also flipped. Flipping back, I get 80 93 10 41 01... and sure enough, I find the MCC and MNC (310 410) for the AT&T network beginning at digit 4. However, MCC+MNC are supposed to be right at the beginning and the IMSI 15 digits long: http://en.wikipedia.org/wiki/Interna...riber_Identity So what is the 809 in the beginning there bringing the IMSI to 18 digits?
  • the IMSI stored on the card should begin with the IMSI length i.e. 08 followed by the swapped IMSI. You'll find that in the ETSI 11.11 as well.

    Quote:

  • What exactly do all the apps I ran actually do?
    • turbo-iphone-smsreset

  • Quote:


    it is used to upload an application on the Turbo SIM

    Quote:

  • What are all the other options I have now under SIM Applications? For example under Setup->TurboSMS?
  • this is the default Bladox application - it should be documented on Bladox website.

    Quote:

    Or under Applesaft->Exploitable, it just says "Game over" with a sad smiley. What is that?
    it's a new test that checks if the baseband is still exploitable i.e. if the IMSI is read more than once.

    Be sure to use the latest version (on the first post of the thread) as there were several flawed versions released.

    Quote:

  • How do I install and use other SIM apps? There seem to be some pretty cool ones out there for TS, like Flash SMS: http://www.votech.com.au/bladox_appl....htm#Flash_SMS
  • Quote:


    you can use turbo-app on the iPhone to install another application the same way you'd install AppleSaft.

    For more information refer to the original Bladox utilities http://www.bladox.com/download.php?lang=en#cable
  • 12-02-2007, 11:55 AM
    envision
    Hey, that was great! Thanks a lot!
    :)

    Two follow-up questions though:

    turbo-app
    "displays internal information about the Turbo SIM"
    So then I should be able to leave it safely out of the programming routine, right?

    Applesaft->Exploitable, it just says "Game over" with a sad smiley. What is that?
    "it's a new test that checks if the baseband is still exploitable"
    As I wrote, my phone is bootloader 4.6, firmware 4.02.13_G. The TS resulted in a working phone and I made a few test calls. That should mean the baseband is still exploitable, right? Then why "Game over"? Or is it meant as game over for Apple's protection, like "I cracked you, game over!"
  • 12-02-2007, 12:38 PM
    Zf_
    Quote:

    Originally Posted by envision View Post
    Hey, that was great! Thanks a lot!
    :)

    Two follow-up questions though:

    turbo-app
    "displays internal information about the Turbo SIM"
    So then I should be able to leave it safely out of the programming routine, right?

    yes

    Quote:

    Applesaft->Exploitable, it just says "Game over" with a sad smiley. What is that?
    "it's a new test that checks if the baseband is still exploitable"
    As I wrote, my phone is bootloader 4.6, firmware 4.02.13_G. The TS resulted in a working phone and I made a few test calls. That should mean the baseband is still exploitable, right? Then why "Game over"? Or is it meant as game over for Apple's protection, like "I cracked you, game over!"
    either you are not running the latest AppleSaft modiifed version, or it's a problem with my validation routine, as it should display "ok"

    (the previous version was checking if the baseband read the IMSI 3 times, now it only checks if the IMSI is read 2 times)
  • 12-03-2007, 03:54 AM
    envision
    Quote:

    Originally Posted by Zf_
    either you are not running the latest AppleSaft modiifed version, or it's a problem with my validation routine, as it should display "ok"

    So you wrote AppleSaft? Cool! Are you German by any chance ("Saft")?

    Would this be the latest one posted here:
    http://www.hackint0sh.org/forum/showthread.php?t=15379

    Thanks a lot! It's all much clearer now.
  • 12-03-2007, 07:28 AM
    Zf_
    Quote:

    Originally Posted by envision View Post
    So you wrote AppleSaft? Cool! Are you German by any chance ("Saft")?

    Nope, AppleSaft has been written by Bladox based on an anonymous code snipped published here, I'm just the resident patching guy :)

    Quote:

    Would this be the latest one posted here:
    http://www.hackint0sh.org/forum/showthread.php?t=15379
    yes

    Quote:

    Thanks a lot! It's all much clearer now.
    glad to help :)
  • 12-05-2007, 12:17 AM
    saucy
    Could someone please differentiate between the different types of sim cards that function with the TurboSim? I've read that any GSM sim card would work, worldwide...and some people saying only V1?

    What is the difference between sim card versions, and how would I determine this?

    Thanks
  • 12-05-2007, 09:58 PM
    todro
    Quote:

    Originally Posted by saucy View Post
    Could someone please differentiate between the different types of sim cards that function with the TurboSim? I've read that any GSM sim card would work, worldwide...and some people saying only V1?

    What is the difference between sim card versions, and how would I determine this?

    Thanks

    TSIM simulates beeing a AT&T card (or whatever "original" card), but only when asked for locking reasons. After the initial requests, the regular sim card is registered in the network. Therefore, there is no special requirement regarding the sim cards to be used.


    Cards like SuperSIM are sim cloning (empty) cards and with old V1 cards, it was posibble to copy the necessary information from the original card and store it completely on the cloning card which makes the original sim card obsolete. This doesn't work any longer with V2/V3, which uses a stronger/better encryption, at least nobody has proven so far that a V2/3 can be brute-forced :D
  • 12-06-2007, 04:06 AM
    saucy
    Quote:

    Originally Posted by todro View Post
    TSIM simulates beeing a AT&T card (or whatever "original" card), but only when asked for locking reasons. After the initial requests, the regular sim card is registered in the network. Therefore, there is no special requirement regarding the sim cards to be used.


    Cards like SuperSIM are sim cloning (empty) cards and with old V1 cards, it was posibble to copy the necessary information from the original card and store it completely on the cloning card which makes the original sim card obsolete. This doesn't work any longer with V2/V3, which uses a stronger/better encryption, at least nobody has proven so far that a V2/3 can be brute-forced :D

    I see, thank you for the clarification :)
  • 12-07-2007, 10:38 PM
    macshodan
    First of all, thanks for all the clarification in this topic, I needed that! :)
    I have just one more question that's buggin' me these days... I own an US OOB 1.1.2 iPhone, which I have jailbreak and activate, and I'm willing to buy a TurboSIM. If I understand correctly, the TurboSIM would work even when another update comes out (a.k.a. 1.1.3 and so on), am I right?
    I will only need to wait for the new firmware to be jailbreaked ... but the TurboSIM should work even with new firmware, 'cos it's not related to bootloader or anything like that, right?

    Thanks in advance to anyone who will answer, cos this is the only thing that keeps me waiting from buying one, if the answer is yes I will place my order instantly! :D
  • Show 40 post(s) from this thread on one page
    Page 1 of 2 12 LastLast