Page 1 of 2 12 LastLast
Results 1 to 10 of 20
Discuss [TurboSIM] Technical background ? at the Turbo-, Supersim and Simcloning Solution - Hackint0sh.org; First thanks tho those who came up with the TS solution! I brought to life ...
  1. #1
    Advanced Array

    Join Date
    Sep 2007
    Posts
    42
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Question [TurboSIM] Technical background ?

    First thanks tho those who came up with the TS solution! I brought to life a week 45 OOB 1.1.2 US iPhone with bootloader 4.6 yesterday. After reading a few guides carefully, it was pretty painless and straightforward.

    But I'm not usually one to just follow guides blindly. I want to know what's happening there. So here is how I understand this to work and my questions:

    When done it says
    Code:
    Following was set:
    IMSI 08 39 01 14 10 xy xy xy xy
    ICCID 98 10 14 30 12 41 xy xy xy xy
    (some digits replaced by xy to protect identity)

    Apparently, the TurboSIM copies the International Mobile Subscriber ID (IMSI) and Integrated Circuit Card ID (ICCID) from the AT&T SIM and presents that to the iPhone later, when another SIM is in there. This way, the iPhone believes a real AT&T SIM is inside.

    1. a) The IMSI and ICCID sent to the mobile network should be the ones from the actual SIM used so it functions properly in its home network, correct?
      b) When the iPhone connects to iTunes, doesn't it transmit the ICCID to Apple to determine the status of this SIM? I always assumed so, but if that was the case, Apple would be able to tell that this SIM has never been activated and could refuse to work with it. So is it transmitted or not?
    2. The background for this is: I have 4 phones and 4 TurboSIM. Would I be able to cut only one AT&T card and use it to program all 4 TS? What happens when all 4 iPhones (all on T-Mobile US) go online at the same time? What happens when they connect to iTunes at the same time? Would T-Mo or Apple notice the identical IMSI/ICCID and smell something fishy?
    3. Is there more to TS than copying IMSI/ICCID? If not, would it be possible to enter these values from the other AT&T cards manually? It seems so:
      http://www.hackint0sh.org/forum/showthread.php?t=4711
      But responses there are mixed and instructions are gone.
    4. Also, I noticed in the display above the digits within each pair are flipped. The real ICCID starts with 89 01 41 ... Any reason for that?
    5. Then I assumed the IMSI is also flipped. Flipping back, I get 80 93 10 41 01... and sure enough, I find the MCC and MNC (310 410) for the AT&T network beginning at digit 4. However, MCC+MNC are supposed to be right at the beginning and the IMSI 15 digits long: http://en.wikipedia.org/wiki/Interna...riber_Identity So what is the 809 in the beginning there bringing the IMSI to 18 digits?
    6. What exactly do all the apps I ran actually do?
      • turbo-iphone-smsreset
      • turbo-info
      • turbo-rm-apps
      • turbo-app

    7. What are all the other options I have now under SIM Applications? For example under Setup->TurboSMS? Or under Applesaft->Exploitable, it just says "Game over" with a sad smiley. What is that?
    8. How do I install and use other SIM apps? There seem to be some pretty cool ones out there for TS, like Flash SMS: http://www.votech.com.au/bladox_appl....htm#Flash_SMS

    I'd appreciate answers from someone who really knows, rather than guesswork. Or at a pointer in the right direction where I can learn on my own. I searched the forum but couldn't find anything useful. Thanks!



  2. #2
    Zf_
    Zf_ is offline
    iPhone Dev Team Array

    Join Date
    Jul 2007
    Posts
    717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    Quote Originally Posted by envision View Post
    First thanks tho those who came up with the TS solution! I brought to life a week 45 OOB 1.1.2 US iPhone with bootloader 4.6 yesterday. After reading a few guides carefully, it was pretty painless and straightforward.

    But I'm not usually one to just follow guides blindly. I want to know what's happening there. So here is how I understand this to work and my questions:

    When done it says
    Code:
    Following was set:
    IMSI 08 39 01 14 10 xy xy xy xy
    ICCID 98 10 14 30 12 41 xy xy xy xy
    (some digits replaced by xy to protect identity)

    Apparently, the TurboSIM copies the International Mobile Subscriber ID (IMSI) and Integrated Circuit Card ID (ICCID) from the AT&T SIM and presents that to the iPhone later, when another SIM is in there. This way, the iPhone believes a real AT&T SIM is inside.
    correct

    1. a) The IMSI and ICCID sent to the mobile network should be the ones from the actual SIM used so it functions properly in its home network, correct?
    1. correct

      b) When the iPhone connects to iTunes, doesn't it transmit the ICCID to Apple to determine the status of this SIM? I always assumed so, but if that was the case, Apple would be able to tell that this SIM has never been activated and could refuse to work with it. So is it transmitted or not?
      I believe it's only transmitted during the activation. No definitive answer though.

    2. The background for this is: I have 4 phones and 4 TurboSIM. Would I be able to cut only one AT&T card and use it to program all 4 TS?
    yes

    What happens when all 4 iPhones (all on T-Mobile US) go online at the same time?
    there won't be a problem as the AT&T info is only used locally (i.e. on the handset not sent on the GSM network) to fool the SIM lock function.

    What happens when they connect to iTunes at the same time? Would T-Mo or Apple notice the identical IMSI/ICCID and smell something fishy?
    there shouldn't be any issue if you don't try to activate all these devices using iTunes.

  3. Is there more to TS than copying IMSI/ICCID?
yes, the important part is the sequence in which these IMSI/ICCID are sent. That's what fools the SIM lock. You can go through the AppleSaft source if you're a C programmer, it's pretty straightforward (google for applesaft-0.92.tar.gz and refer to Bladox documentation http://www.bladox.com/devel-docs/index.html)

If not, would it be possible to enter these values from the other AT&T cards manually? It seems so:
http://www.hackint0sh.org/forum/showthread.php?t=4711
But responses there are mixed and instructions are gone.
it's still possible to do that with another application which is called ISA and that you'll be able to find on Bladox website. ISA is less popular because you need to plug the Turbo SIM with an AT&T (or T-Mobile or Orange or ...) card in order to be able to use the iPhone Turbo SIM programming applications. Otherwise you'll have to program your Turbo SIM using another device, typically another phone connected to a PC, which is less convenient.

  • Also, I noticed in the display above the digits within each pair are flipped. The real ICCID starts with 89 01 41 ... Any reason for that?
  • for historical reasons a lot of data are stored swapped on the card. ie 01 23 45 will be stored 10 32 54. You'll find references to that in ETSI specifications, typically the 11.11.

  • Then I assumed the IMSI is also flipped. Flipping back, I get 80 93 10 41 01... and sure enough, I find the MCC and MNC (310 410) for the AT&T network beginning at digit 4. However, MCC+MNC are supposed to be right at the beginning and the IMSI 15 digits long: http://en.wikipedia.org/wiki/Interna...riber_Identity So what is the 809 in the beginning there bringing the IMSI to 18 digits?
  • the IMSI stored on the card should begin with the IMSI length i.e. 08 followed by the swapped IMSI. You'll find that in the ETSI 11.11 as well.

  • What exactly do all the apps I ran actually do?
    • turbo-iphone-smsreset
  • it displays internal information about the Turbo SIM

  • turbo-rm-apps
  • it removes all applications on the Turbo SIM

  • turbo-app
  • it is used to upload an application on the Turbo SIM

  • What are all the other options I have now under SIM Applications? For example under Setup->TurboSMS?
  • this is the default Bladox application - it should be documented on Bladox website.

    Or under Applesaft->Exploitable, it just says "Game over" with a sad smiley. What is that?
    it's a new test that checks if the baseband is still exploitable i.e. if the IMSI is read more than once.

    Be sure to use the latest version (on the first post of the thread) as there were several flawed versions released.

  • How do I install and use other SIM apps? There seem to be some pretty cool ones out there for TS, like Flash SMS: http://www.votech.com.au/bladox_appl....htm#Flash_SMS
  • you can use turbo-app on the iPhone to install another application the same way you'd install AppleSaft.

    For more information refer to the original Bladox utilities http://www.bladox.com/download.php?lang=en#cable
    Reply With Quote Reply With Quote

  • #3
    Advanced Array

    Join Date
    Sep 2007
    Posts
    42
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Hey, that was great! Thanks a lot!


    Two follow-up questions though:

    turbo-app
    "displays internal information about the Turbo SIM"
    So then I should be able to leave it safely out of the programming routine, right?

    Applesaft->Exploitable, it just says "Game over" with a sad smiley. What is that?
    "it's a new test that checks if the baseband is still exploitable"
    As I wrote, my phone is bootloader 4.6, firmware 4.02.13_G. The TS resulted in a working phone and I made a few test calls. That should mean the baseband is still exploitable, right? Then why "Game over"? Or is it meant as game over for Apple's protection, like "I cracked you, game over!"
    Last edited by envision; 12-02-2007 at 12:13 PM.

  • #4
    Zf_
    Zf_ is offline
    iPhone Dev Team Array

    Join Date
    Jul 2007
    Posts
    717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    Quote Originally Posted by envision View Post
    Hey, that was great! Thanks a lot!


    Two follow-up questions though:

    turbo-app
    "displays internal information about the Turbo SIM"
    So then I should be able to leave it safely out of the programming routine, right?
    yes

    Applesaft->Exploitable, it just says "Game over" with a sad smiley. What is that?
    "it's a new test that checks if the baseband is still exploitable"
    As I wrote, my phone is bootloader 4.6, firmware 4.02.13_G. The TS resulted in a working phone and I made a few test calls. That should mean the baseband is still exploitable, right? Then why "Game over"? Or is it meant as game over for Apple's protection, like "I cracked you, game over!"
    either you are not running the latest AppleSaft modiifed version, or it's a problem with my validation routine, as it should display "ok"

    (the previous version was checking if the baseband read the IMSI 3 times, now it only checks if the IMSI is read 2 times)

  • #5
    Advanced Array

    Join Date
    Sep 2007
    Posts
    42
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by Zf_
    either you are not running the latest AppleSaft modiifed version, or it's a problem with my validation routine, as it should display "ok"
    So you wrote AppleSaft? Cool! Are you German by any chance ("Saft")?

    Would this be the latest one posted here:
    http://www.hackint0sh.org/forum/showthread.php?t=15379

    Thanks a lot! It's all much clearer now.


  • #6
    Zf_
    Zf_ is offline
    iPhone Dev Team Array

    Join Date
    Jul 2007
    Posts
    717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    Quote Originally Posted by envision View Post
    So you wrote AppleSaft? Cool! Are you German by any chance ("Saft")?
    Nope, AppleSaft has been written by Bladox based on an anonymous code snipped published here, I'm just the resident patching guy

    Would this be the latest one posted here:
    http://www.hackint0sh.org/forum/showthread.php?t=15379
    yes

    Thanks a lot! It's all much clearer now.
    glad to help

  • #7
    Rookie Array

    Join Date
    Oct 2007
    Posts
    28
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Could someone please differentiate between the different types of sim cards that function with the TurboSim? I've read that any GSM sim card would work, worldwide...and some people saying only V1?

    What is the difference between sim card versions, and how would I determine this?

    Thanks

  • #8
    Professional Array

    Join Date
    Sep 2007
    Posts
    84
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default

    Quote Originally Posted by saucy View Post
    Could someone please differentiate between the different types of sim cards that function with the TurboSim? I've read that any GSM sim card would work, worldwide...and some people saying only V1?

    What is the difference between sim card versions, and how would I determine this?

    Thanks
    TSIM simulates beeing a AT&T card (or whatever "original" card), but only when asked for locking reasons. After the initial requests, the regular sim card is registered in the network. Therefore, there is no special requirement regarding the sim cards to be used.


    Cards like SuperSIM are sim cloning (empty) cards and with old V1 cards, it was posibble to copy the necessary information from the original card and store it completely on the cloning card which makes the original sim card obsolete. This doesn't work any longer with V2/V3, which uses a stronger/better encryption, at least nobody has proven so far that a V2/3 can be brute-forced

  • #9
    Rookie Array

    Join Date
    Oct 2007
    Posts
    28
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by todro View Post
    TSIM simulates beeing a AT&T card (or whatever "original" card), but only when asked for locking reasons. After the initial requests, the regular sim card is registered in the network. Therefore, there is no special requirement regarding the sim cards to be used.


    Cards like SuperSIM are sim cloning (empty) cards and with old V1 cards, it was posibble to copy the necessary information from the original card and store it completely on the cloning card which makes the original sim card obsolete. This doesn't work any longer with V2/V3, which uses a stronger/better encryption, at least nobody has proven so far that a V2/3 can be brute-forced
    I see, thank you for the clarification

  • #10
    Advanced Array

    Join Date
    Dec 2007
    Posts
    37
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    First of all, thanks for all the clarification in this topic, I needed that!
    I have just one more question that's buggin' me these days... I own an US OOB 1.1.2 iPhone, which I have jailbreak and activate, and I'm willing to buy a TurboSIM. If I understand correctly, the TurboSIM would work even when another update comes out (a.k.a. 1.1.3 and so on), am I right?
    I will only need to wait for the new firmware to be jailbreaked ... but the TurboSIM should work even with new firmware, 'cos it's not related to bootloader or anything like that, right?

    Thanks in advance to anyone who will answer, cos this is the only thing that keeps me waiting from buying one, if the answer is yes I will place my order instantly!


  •  

     
    Page 1 of 2 12 LastLast

    Similar Threads

    1. Technical Discussions
      By JuniorJack in forum General
      Replies: 2
      Last Post: 08-01-2011, 10:43 AM
    2. Replies: 2
      Last Post: 12-29-2008, 06:32 PM
    3. Technical Support
      By x0bry7x in forum General
      Replies: 2
      Last Post: 10-24-2007, 03:40 AM
    4. HW unlock technical questions
      By THEJACKAL in forum General
      Replies: 1
      Last Post: 09-07-2007, 09:02 PM

    Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    Powered by vBulletin®
    Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
    Search Engine Friendly URLs by vBSEO
    (c) 2006-2012 Hackint0sh.org
    All times are GMT +2. The time now is 01:34 PM.
    twitter, follow us!