bladox.com Forum Index bladox.com
Turbo SIM Toolkit Adapter Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Important Iphone question!!
Goto page Previous  1, 2, 3, ... 23, 24, 25  Next
 
Post new topic   Reply to topic    bladox.com Forum Index -> General
View previous topic :: View next topic  
Author Message
healeydave
Guest





PostPosted: Wed Aug 08, 2007 7:23 pm    Post subject: Reply with quote

Bekar, Yes I have just caught up with that Smile

It looks like someone is gifting us the necessary code to put into a turbosim.

I'm not sure if the author has tested it yet.

If someone can get it tested, this may well be the holy grail we are looking for.

PZ should prepare for a massive order intake Smile
Back to top
pz
Guest





PostPosted: Wed Aug 08, 2007 7:29 pm    Post subject: Reply with quote

OK, some update of the code posted at hackint0sh.

First of all big warning: we - bladox - do not have iphone nor have access to it, we had it for a while few weeks ago to check sim toolkit capabilities. In fact we are not interested in unlocking iphone at all, we are just helping users of our devices. For legal reasons we will keep distance to iphone and not use it at all. So the code is untested in iphone, we work on blind with some other phones.

In the code posted by iph0wned there may be issue how EF_ICCID is handled, this is because iphone reads this file at the very begining while we are initiating the applications possibly later on, so this EF_ICCID modification may/may not be applied. The reason we do it later is that user can reset turbo device by entering TPIN at the time of SIM PIN - special PIN for reseting the device and removing potentially bad applications). To avoid this delay we just released kernel 1.2.7, for turbo sim kernel see http://www.bladox.com/pub/kernel-TSIM-1.2.7.bin.gz

Insert following into turbo/proc.h:
Code:

/**
\ingroup api_proc
If application init #ACTION_APP_INIT action is to be done in first APDU or later
 after PIN check. Warning: if set then cannot be reset with TPIN and possible
 recovery has to be done with firmware reflash - Turbo Programmer is needed.

\return 0/1.
*/

#define PROC_8_CONFIG_INIT_BOOSTER              0x16



And here is the new "applesaft" version:

Code:

/*
 * iPhone baseband SIM lock 0wnage PoC
 *
 * History:
 * 0.91 - some fixes, PROC_8_CONFIG_INIT_BOOSTER for speedy init of ICCID file,
 *        needs bladox turbo kernel >=1.2.7
 * 0.9 - original version
 *
 * Compile, load on your leet Bladox gear
 * disable your subscription PIN and enjoy :p
 *
 * Special thanks to the baseband development team
 * It wouldn't have been so easy without you :)
 *
 * (c) 2007, collective iPhone development effort
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
.
*/

#include <config.h>
#include <turbo/turbo.h>

#include <stdlib.h>
#include <string.h>

#define FAKE_ICCID 1

#define EF_IMSI 0x6F07
#define EF_ICCID 0x2FE2

u8 PROGMEM ef_imsi_path[] = { 0x3F, 0x00, 0x7F, 0x20, 0x6F, 0x07 };

#ifdef FAKE_ICCID
u8 PROGMEM ef_iccid_path[] = { 0x3F, 0x00, 0x2F, 0xE2 };

u8 PROGMEM _ef_iccid[] = {
  0x00, 0x00, 0x00, 0x0A, 0x2F, 0xE2, 0x04, 0x00,
  0x0F, 0x00, 0xAA, 0x01, 0x02, 0x00, 0x00
};
u8 PROGMEM _att_iccid[] = {
  'H', 'e', 'l', 'l', 'o', 'S', 't', 'e', 'v', 'e'
};
#endif

u8 PROGMEM _att_imsi[] = {
  0x08, 0x39, 0x01, 0x14, 0x10, '0', 'w', 'n', 'd'
};

#define IMSI_SIZE 9
#define IMSI_RESPONSE_SIZE 15

u8 counter;
u8 *imsi;
u8 *imsi_response;
u8 file[2];

/* bugbug ? doesn't seem to work with the high level API, anyway ... */
void low_level_imsi_select ()
{
  file[0] = 0x3F;
  file[1] = 0x00;
  sim (0xA4, 0x00, 0x00, 0x02, file);
  file[0] = 0x7f;
  file[1] = 0x20;
  sim (0xA4, 0x00, 0x00, 0x02, file);
  file[0] = 0x6F;
  file[1] = 0x07;
  sim (0xA4, 0x00, 0x00, 0x02, file);
}

void handle_sim_file (File_apdu_data * fa)
{
  u8 i;

  if (fa->ins == ME_CMD_SELECT)
  {
    u16 ef = (fa->data[0] << 8) | fa->data[1];

    if (ef == EF_IMSI || ef == EF_ICCID)
    {
      fa->data[0] = 0x9F;
      fa->data[1] = 0x0F;
    }
    return;
  }

#ifdef FAKE_ICCID

  if (fa->ef == EF_ICCID)
  {
    if (fa->ins == ME_CMD_GET_RESPONSE)
    {
      memcpy (fa->data, _ef_iccid, sizeof (_ef_iccid));
      fa->data[fa->p3] = 0x90;
      fa->data[fa->p3 + 1] = 0x00;
    }
    if (fa->ins == ME_CMD_READ_BINARY)
    {
      memcpy (fa->data, _att_iccid, sizeof (_att_iccid));
      fa->data[fa->p3] = 0x90;
      fa->data[fa->p3 + 1] = 0x00;
    }
  }

#endif

  if (fa->ef == EF_IMSI)
  {
    if (fa->ins == ME_CMD_GET_RESPONSE)
    {
      if (counter == 0)
      {
        low_level_imsi_select ();
        sim (0xC0, 0x00, 0x00, 0x0F, imsi_response);    /* GET RESPONSE */
      }
      memcpy (fa->data, imsi_response, IMSI_RESPONSE_SIZE);
      fa->data[fa->p3] = 0x90;
      fa->data[fa->p3 + 1] = 0x00;
    }
    if (fa->ins == ME_CMD_READ_BINARY)
    {
      switch (counter)
      {
        case 0:
          /* learn and retransmit */
          low_level_imsi_select ();
          sim (0xB0, 0x00, 0x00, 0x09, imsi);   /* READ BINARY */
          memcpy (fa->data, imsi, IMSI_SIZE);
          fa->data[fa->p3] = 0x90;
          fa->data[fa->p3 + 1] = 0x00;
          counter++;
          break;
        case 1:
          /* spoof */
          memcpy (fa->data, _att_imsi, sizeof (_att_imsi));
          fa->data[fa->p3] = 0x90;
          fa->data[fa->p3 + 1] = 0x00;
          counter++;
          break;
        case 2:
          counter++;
          /* no break intended here */
        default:
          /* play nice */
          memcpy (fa->data, imsi, IMSI_SIZE);
          fa->data[fa->p3] = 0x90;
          fa->data[fa->p3 + 1] = 0x00;
      }
    }
    else
      sim (fa->ins, fa->p1, fa->p2, fa->p3, fa->data);
  }

}

void turbo_handler (u8 action, void *data)
{
  switch (action)
  {
    case ACTION_APP_REGISTER:
      set_proc_8 (PROC_8_CONFIG_INIT_BOOSTER, 1);
      break;
    case ACTION_APP_UNREGISTER:
      break;
    case ACTION_APP_INIT:
      dbsp ("APP_INIT\n");
      counter = 0;
      imsi = malloc (IMSI_SIZE);
      imsi_response = malloc (IMSI_RESPONSE_SIZE);
      reg_file (ef_imsi_path, 3);
#ifdef FAKE_ICCID
      reg_file (ef_iccid_path, 2);
#endif
      break;
    case ACTION_FILE_APDU:
      handle_sim_file (data);
      break;
    default:
      break;
  }
}


Please post if/how it works. The scenario (first use ATT card to upload IMSI, ICCID) described above should be then easy mod.
Back to top
healeydave
Guest





PostPosted: Wed Aug 08, 2007 7:36 pm    Post subject: Reply with quote

Okay, I have bitten the bullet and ordered a TurboSim.

Perhaps PZ could expedite the order and get it to me quicker than the estimated 2 weeks Smile so I can give it a try Smile

Maybe someone who has used TurboSim previously and already has one and an iphone may be able to test quicker though!

Cheers
Dave.
Back to top
zbug
Guest





PostPosted: Wed Aug 08, 2007 7:54 pm    Post subject: Reply with quote

hello all, i have just placed an order for the Turbo SIM - Blank Version hope this is the right one. ill let everyone know what happens when i get them. just a few QS's tho.

1) how / what software do i need to load that code? please link ?
2) if this works.. im gonna be buying alot of TurboSims Smile i know at least 20 people that want it ;D

thanks !
Back to top
uptown
Guest





PostPosted: Wed Aug 08, 2007 8:14 pm    Post subject: Reply with quote

"In the code posted by iph0wned there may be issue how EF_ICCID is handled, this is because iphone reads this file at the very begining while we are initiating the applications possibly later on, so this EF_ICCID modification may/may not be applied. The reason we do it later is that user can reset turbo device by entering TPIN at the time of SIM PIN - special PIN for reseting the device and removing potentially bad applications). To avoid this delay we just released kernel 1.2.7, for turbo sim kernel see http://www.bladox.com/pub/kernel-TSIM-1.2.7.bin.gz "

how are the windows people supposed to use this tool? if it's .bin.gz, i believe Linux and MAC are the ones that are able to "unzip" and upload?
Back to top
nbasim
Guest





PostPosted: Wed Aug 08, 2007 8:42 pm    Post subject: Reply with quote

uptown wrote:


how are the windows people supposed to use this tool? if it's .bin.gz, i believe Linux and MAC are the ones that are able to "unzip" and upload?


WinZip should handle that.

Anyway I think you'll need the programmer to update the kernel. But that's not a big issue - just use the code with FAKE_ICCID not defined if you can't update.
Back to top
assad
Guest





PostPosted: Wed Aug 08, 2007 8:52 pm    Post subject: Reply with quote

Hi,
I'am also gonna give a try ... i really hope i'am gonna receive it fast Smile so i can try with my iphone

Thanks
Back to top
trueno86
Guest





PostPosted: Wed Aug 08, 2007 9:00 pm    Post subject: How does one upload this program on to the Turbo SIM? Reply with quote

How does one upload this program on to the Turbo SIM?

I am assuming one would still need a programmer (i.e. Turbo Programmer 2 ) correct?
Back to top
nbasim
Guest





PostPosted: Wed Aug 08, 2007 9:08 pm    Post subject: Re: How does one upload this program on to the Turbo SIM? Reply with quote

trueno86 wrote:
How does one upload this program on to the Turbo SIM?

I am assuming one would still need a programmer (i.e. Turbo Programmer 2 ) correct?


nope, you just need a regular phone that you can use as a modem, connect it to your PC with Turbo SIM and your SIM in it, then use the turbo-app application from the turbo-cable-utils package.

And if it works someone will probably port Bladox tools natively on the iPhone to make the installation process even easier.
Back to top
pz
Guest





PostPosted: Wed Aug 08, 2007 9:24 pm    Post subject: Reply with quote

Here is yet another untested, unknown to work, not iphone nor att specific, etc. version, see http://www.bladox.com/pub/applesaft-0.92.tar.gz

It should follow the scenario described above:
1. use with A card to get IMSI, ICCID - go to menu Apple Saft->Show to see values (you may write it down), then Apple Saft->Set
2. use with your card

So no cloning, reader, anything else is needed.

Feedback please.
Back to top
trueno86
Guest





PostPosted: Wed Aug 08, 2007 9:31 pm    Post subject: Re: How does one upload this program on to the Turbo SIM? Reply with quote

nbasim wrote:
trueno86 wrote:
How does one upload this program on to the Turbo SIM?

I am assuming one would still need a programmer (i.e. Turbo Programmer 2 ) correct?


nope, you just need a regular phone that you can use as a modem, connect it to your PC with Turbo SIM and your SIM in it, then use the turbo-app application from the turbo-cable-utils package.

And if it works someone will probably port Bladox tools natively on the iPhone to make the installation process even easier.


Ah, understood. Thanks.
Back to top
mm
Guest





PostPosted: Wed Aug 08, 2007 9:34 pm    Post subject: Reply with quote

[quote="pz"]
ian475 wrote:

We are really surprised by the interest, we played with iphone few weeks ago, have some logs and thought that there are too many IMSI readings so maybe one could be just for locking purpose.

It is strange for me. You guys have tools and didn't try to make the iPhone working with TurboSIM??? I just want to purchase 2 Tubo SIMs, but I'm not sure about your honesty because on internet so many crap... Sorry for my english.
Back to top
pz
Guest





PostPosted: Wed Aug 08, 2007 9:48 pm    Post subject: Reply with quote

[quote="mm"]
pz wrote:
ian475 wrote:

We are really surprised by the interest, we played with iphone few weeks ago, have some logs and thought that there are too many IMSI readings so maybe one could be just for locking purpose.

It is strange for me. You guys have tools and didn't try to make the iPhone working with TurboSIM??? I just want to purchase 2 Tubo SIMs, but I'm not sure about your honesty because on internet so many crap... Sorry for my english.


Hey, we are a normal company having projects with banks, telcos, doing payment systems and such. We don't want to spoil our name with iphone/whatever unlocking, which may be in some countries illegal or at the edge (though we believe that this solution is elegant and legal: no phone modification, no network abuse, no sim cloning). It is simply not our core business. We just helped to clean the code and improve the usage/user scenario. But we are not authors, we don't claim to be, we have not much interest in iphone.
Back to top
berkar
Guest





PostPosted: Wed Aug 08, 2007 9:51 pm    Post subject: Reply with quote

So, I see it is very intresting forum now, and read a lot of people who would like iphone.

Please write somebody answers for my questions:

I read that I need a turbo sim, and a regular phone to copy the program to
turbo sim. and need more?? like cable or anything?? or good with like my nokia n73?? or other nokia???

but the most important question, that need I at t sim to work the iphone,
because it is very hard in europe in hungary???!!!!

and

the iphone what i will buy, have to activated iphone? or it works with
absoulte new iphone?????


I think this questions the most important now for everybody, and for me because i dont want to pay a lot of money for the iphone which i will cant make calls..


thanks for answers


berkar
hungary


Last edited by berkar on Wed Aug 08, 2007 9:55 pm; edited 1 time in total
Back to top
nbasim
Guest





PostPosted: Wed Aug 08, 2007 9:52 pm    Post subject: Reply with quote

pz wrote:
Here is yet another untested, unknown to work, not iphone nor att specific, etc. version, see http://www.bladox.com/pub/applesaft-0.92.tar.gz


cool. Nice, clean and redistributable Cool

some suggestions to make it even better, and market it as a "secure SIM access validation toolkit" Wink

- You could let the user type a sequence (a's and b's) to fed the IMSI to the phone ("bab" for this sample)
- You could display the number of time the IMSI has been read

mm wrote:
You guys have tools and didn't try to make the iPhone working with TurboSIM???


I guess what they mean is that their goal was not to unlock it using Turbo SIM, as Bladox is not an unlocking shop ... regarding their honesty, as a satisfied customer I can say that I've never had any problem with them, and that their products are pretty cool (and pretty unique too Wink)
Back to top
Display posts from previous:   
Post new topic   Reply to topic    bladox.com Forum Index -> General All times are GMT
Goto page Previous  1, 2, 3, ... 23, 24, 25  Next
Page 2 of 25

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group