|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "SIM hacks"
(New page: These hacks all require a SIM card passthrough to be used. ==Exploit== This relies on the fact that the IMSI is read twice, once to validate the IMSI and once to connect to the network. S...) |
|||
| Line 1: | Line 1: | ||
| − | These hacks all require a SIM card passthrough to be used. |
+ | These hacks all require a SIM card passthrough to be used. Some examples are the TurboSIM, the XSim, and the SuperSIM. |
==Exploit== |
==Exploit== |
||
This relies on the fact that the IMSI is read twice, once to validate the IMSI and once to connect to the network. So the SIM card spoofs the first IMSI read to trick the device into thinking it is operating on the AT&T network, or whatever network the device is locked to. The second time it allows the IMSI to be read properly from the sim card. That is the IMSI sent to the network. |
This relies on the fact that the IMSI is read twice, once to validate the IMSI and once to connect to the network. So the SIM card spoofs the first IMSI read to trick the device into thinking it is operating on the AT&T network, or whatever network the device is locked to. The second time it allows the IMSI to be read properly from the sim card. That is the IMSI sent to the network. |
||
| + | |||
| + | A slight variant of this exploit uses a silvercard to program the IMSI and ICCID differently. This variant requires your Ki to be known, which can only be extracted from COMPEMU v1 sim cards. |
||
Revision as of 23:49, 27 July 2008
These hacks all require a SIM card passthrough to be used. Some examples are the TurboSIM, the XSim, and the SuperSIM.
Exploit
This relies on the fact that the IMSI is read twice, once to validate the IMSI and once to connect to the network. So the SIM card spoofs the first IMSI read to trick the device into thinking it is operating on the AT&T network, or whatever network the device is locked to. The second time it allows the IMSI to be read properly from the sim card. That is the IMSI sent to the network.
A slight variant of this exploit uses a silvercard to program the IMSI and ICCID differently. This variant requires your Ki to be known, which can only be extracted from COMPEMU v1 sim cards.
