|
bladox.com Turbo SIM Toolkit Adapter Forums
|
View previous topic :: View next topic |
Author |
Message |
healeydave Guest
|
Posted: Wed Aug 08, 2007 7:23 pm Post subject: |
|
|
Bekar, Yes I have just caught up with that
It looks like someone is gifting us the necessary code to put into a turbosim.
I'm not sure if the author has tested it yet.
If someone can get it tested, this may well be the holy grail we are looking for.
PZ should prepare for a massive order intake |
|
Back to top |
|
|
pz Guest
|
Posted: Wed Aug 08, 2007 7:29 pm Post subject: |
|
|
OK, some update of the code posted at hackint0sh.
First of all big warning: we - bladox - do not have iphone nor have access to it, we had it for a while few weeks ago to check sim toolkit capabilities. In fact we are not interested in unlocking iphone at all, we are just helping users of our devices. For legal reasons we will keep distance to iphone and not use it at all. So the code is untested in iphone, we work on blind with some other phones.
In the code posted by iph0wned there may be issue how EF_ICCID is handled, this is because iphone reads this file at the very begining while we are initiating the applications possibly later on, so this EF_ICCID modification may/may not be applied. The reason we do it later is that user can reset turbo device by entering TPIN at the time of SIM PIN - special PIN for reseting the device and removing potentially bad applications). To avoid this delay we just released kernel 1.2.7, for turbo sim kernel see http://www.bladox.com/pub/kernel-TSIM-1.2.7.bin.gz
Insert following into turbo/proc.h:
Code: |
/**
\ingroup api_proc
If application init #ACTION_APP_INIT action is to be done in first APDU or later
after PIN check. Warning: if set then cannot be reset with TPIN and possible
recovery has to be done with firmware reflash - Turbo Programmer is needed.
\return 0/1.
*/
#define PROC_8_CONFIG_INIT_BOOSTER 0x16
|
And here is the new "applesaft" version:
Code: |
/*
* iPhone baseband SIM lock 0wnage PoC
*
* History:
* 0.91 - some fixes, PROC_8_CONFIG_INIT_BOOSTER for speedy init of ICCID file,
* needs bladox turbo kernel >=1.2.7
* 0.9 - original version
*
* Compile, load on your leet Bladox gear
* disable your subscription PIN and enjoy :p
*
* Special thanks to the baseband development team
* It wouldn't have been so easy without you :)
*
* (c) 2007, collective iPhone development effort
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
.
*/
#include <config.h>
#include <turbo/turbo.h>
#include <stdlib.h>
#include <string.h>
#define FAKE_ICCID 1
#define EF_IMSI 0x6F07
#define EF_ICCID 0x2FE2
u8 PROGMEM ef_imsi_path[] = { 0x3F, 0x00, 0x7F, 0x20, 0x6F, 0x07 };
#ifdef FAKE_ICCID
u8 PROGMEM ef_iccid_path[] = { 0x3F, 0x00, 0x2F, 0xE2 };
u8 PROGMEM _ef_iccid[] = {
0x00, 0x00, 0x00, 0x0A, 0x2F, 0xE2, 0x04, 0x00,
0x0F, 0x00, 0xAA, 0x01, 0x02, 0x00, 0x00
};
u8 PROGMEM _att_iccid[] = {
'H', 'e', 'l', 'l', 'o', 'S', 't', 'e', 'v', 'e'
};
#endif
u8 PROGMEM _att_imsi[] = {
0x08, 0x39, 0x01, 0x14, 0x10, '0', 'w', 'n', 'd'
};
#define IMSI_SIZE 9
#define IMSI_RESPONSE_SIZE 15
u8 counter;
u8 *imsi;
u8 *imsi_response;
u8 file[2];
/* bugbug ? doesn't seem to work with the high level API, anyway ... */
void low_level_imsi_select ()
{
file[0] = 0x3F;
file[1] = 0x00;
sim (0xA4, 0x00, 0x00, 0x02, file);
file[0] = 0x7f;
file[1] = 0x20;
sim (0xA4, 0x00, 0x00, 0x02, file);
file[0] = 0x6F;
file[1] = 0x07;
sim (0xA4, 0x00, 0x00, 0x02, file);
}
void handle_sim_file (File_apdu_data * fa)
{
u8 i;
if (fa->ins == ME_CMD_SELECT)
{
u16 ef = (fa->data[0] << 8) | fa->data[1];
if (ef == EF_IMSI || ef == EF_ICCID)
{
fa->data[0] = 0x9F;
fa->data[1] = 0x0F;
}
return;
}
#ifdef FAKE_ICCID
if (fa->ef == EF_ICCID)
{
if (fa->ins == ME_CMD_GET_RESPONSE)
{
memcpy (fa->data, _ef_iccid, sizeof (_ef_iccid));
fa->data[fa->p3] = 0x90;
fa->data[fa->p3 + 1] = 0x00;
}
if (fa->ins == ME_CMD_READ_BINARY)
{
memcpy (fa->data, _att_iccid, sizeof (_att_iccid));
fa->data[fa->p3] = 0x90;
fa->data[fa->p3 + 1] = 0x00;
}
}
#endif
if (fa->ef == EF_IMSI)
{
if (fa->ins == ME_CMD_GET_RESPONSE)
{
if (counter == 0)
{
low_level_imsi_select ();
sim (0xC0, 0x00, 0x00, 0x0F, imsi_response); /* GET RESPONSE */
}
memcpy (fa->data, imsi_response, IMSI_RESPONSE_SIZE);
fa->data[fa->p3] = 0x90;
fa->data[fa->p3 + 1] = 0x00;
}
if (fa->ins == ME_CMD_READ_BINARY)
{
switch (counter)
{
case 0:
/* learn and retransmit */
low_level_imsi_select ();
sim (0xB0, 0x00, 0x00, 0x09, imsi); /* READ BINARY */
memcpy (fa->data, imsi, IMSI_SIZE);
fa->data[fa->p3] = 0x90;
fa->data[fa->p3 + 1] = 0x00;
counter++;
break;
case 1:
/* spoof */
memcpy (fa->data, _att_imsi, sizeof (_att_imsi));
fa->data[fa->p3] = 0x90;
fa->data[fa->p3 + 1] = 0x00;
counter++;
break;
case 2:
counter++;
/* no break intended here */
default:
/* play nice */
memcpy (fa->data, imsi, IMSI_SIZE);
fa->data[fa->p3] = 0x90;
fa->data[fa->p3 + 1] = 0x00;
}
}
else
sim (fa->ins, fa->p1, fa->p2, fa->p3, fa->data);
}
}
void turbo_handler (u8 action, void *data)
{
switch (action)
{
case ACTION_APP_REGISTER:
set_proc_8 (PROC_8_CONFIG_INIT_BOOSTER, 1);
break;
case ACTION_APP_UNREGISTER:
break;
case ACTION_APP_INIT:
dbsp ("APP_INIT\n");
counter = 0;
imsi = malloc (IMSI_SIZE);
imsi_response = malloc (IMSI_RESPONSE_SIZE);
reg_file (ef_imsi_path, 3);
#ifdef FAKE_ICCID
reg_file (ef_iccid_path, 2);
#endif
break;
case ACTION_FILE_APDU:
handle_sim_file (data);
break;
default:
break;
}
}
|
Please post if/how it works. The scenario (first use ATT card to upload IMSI, ICCID) described above should be then easy mod. |
|
Back to top |
|
|
healeydave Guest
|
Posted: Wed Aug 08, 2007 7:36 pm Post subject: |
|
|
Okay, I have bitten the bullet and ordered a TurboSim.
Perhaps PZ could expedite the order and get it to me quicker than the estimated 2 weeks so I can give it a try
Maybe someone who has used TurboSim previously and already has one and an iphone may be able to test quicker though!
Cheers
Dave. |
|
Back to top |
|
|
zbug Guest
|
Posted: Wed Aug 08, 2007 7:54 pm Post subject: |
|
|
hello all, i have just placed an order for the Turbo SIM - Blank Version hope this is the right one. ill let everyone know what happens when i get them. just a few QS's tho.
1) how / what software do i need to load that code? please link ?
2) if this works.. im gonna be buying alot of TurboSims i know at least 20 people that want it ;D
thanks ! |
|
Back to top |
|
|
uptown Guest
|
Posted: Wed Aug 08, 2007 8:14 pm Post subject: |
|
|
"In the code posted by iph0wned there may be issue how EF_ICCID is handled, this is because iphone reads this file at the very begining while we are initiating the applications possibly later on, so this EF_ICCID modification may/may not be applied. The reason we do it later is that user can reset turbo device by entering TPIN at the time of SIM PIN - special PIN for reseting the device and removing potentially bad applications). To avoid this delay we just released kernel 1.2.7, for turbo sim kernel see http://www.bladox.com/pub/kernel-TSIM-1.2.7.bin.gz "
how are the windows people supposed to use this tool? if it's .bin.gz, i believe Linux and MAC are the ones that are able to "unzip" and upload? |
|
Back to top |
|
|
nbasim Guest
|
Posted: Wed Aug 08, 2007 8:42 pm Post subject: |
|
|
uptown wrote: |
how are the windows people supposed to use this tool? if it's .bin.gz, i believe Linux and MAC are the ones that are able to "unzip" and upload? |
WinZip should handle that.
Anyway I think you'll need the programmer to update the kernel. But that's not a big issue - just use the code with FAKE_ICCID not defined if you can't update. |
|
Back to top |
|
|
assad Guest
|
Posted: Wed Aug 08, 2007 8:52 pm Post subject: |
|
|
Hi,
I'am also gonna give a try ... i really hope i'am gonna receive it fast so i can try with my iphone
Thanks |
|
Back to top |
|
|
trueno86 Guest
|
Posted: Wed Aug 08, 2007 9:00 pm Post subject: How does one upload this program on to the Turbo SIM? |
|
|
How does one upload this program on to the Turbo SIM?
I am assuming one would still need a programmer (i.e. Turbo Programmer 2 ) correct? |
|
Back to top |
|
|
nbasim Guest
|
Posted: Wed Aug 08, 2007 9:08 pm Post subject: Re: How does one upload this program on to the Turbo SIM? |
|
|
trueno86 wrote: | How does one upload this program on to the Turbo SIM?
I am assuming one would still need a programmer (i.e. Turbo Programmer 2 ) correct? |
nope, you just need a regular phone that you can use as a modem, connect it to your PC with Turbo SIM and your SIM in it, then use the turbo-app application from the turbo-cable-utils package.
And if it works someone will probably port Bladox tools natively on the iPhone to make the installation process even easier. |
|
Back to top |
|
|
pz Guest
|
Posted: Wed Aug 08, 2007 9:24 pm Post subject: |
|
|
Here is yet another untested, unknown to work, not iphone nor att specific, etc. version, see http://www.bladox.com/pub/applesaft-0.92.tar.gz
It should follow the scenario described above:
1. use with A card to get IMSI, ICCID - go to menu Apple Saft->Show to see values (you may write it down), then Apple Saft->Set
2. use with your card
So no cloning, reader, anything else is needed.
Feedback please. |
|
Back to top |
|
|
trueno86 Guest
|
Posted: Wed Aug 08, 2007 9:31 pm Post subject: Re: How does one upload this program on to the Turbo SIM? |
|
|
nbasim wrote: | trueno86 wrote: | How does one upload this program on to the Turbo SIM?
I am assuming one would still need a programmer (i.e. Turbo Programmer 2 ) correct? |
nope, you just need a regular phone that you can use as a modem, connect it to your PC with Turbo SIM and your SIM in it, then use the turbo-app application from the turbo-cable-utils package.
And if it works someone will probably port Bladox tools natively on the iPhone to make the installation process even easier. |
Ah, understood. Thanks. |
|
Back to top |
|
|
mm Guest
|
Posted: Wed Aug 08, 2007 9:34 pm Post subject: |
|
|
[quote="pz"] ian475 wrote: |
We are really surprised by the interest, we played with iphone few weeks ago, have some logs and thought that there are too many IMSI readings so maybe one could be just for locking purpose. |
It is strange for me. You guys have tools and didn't try to make the iPhone working with TurboSIM??? I just want to purchase 2 Tubo SIMs, but I'm not sure about your honesty because on internet so many crap... Sorry for my english. |
|
Back to top |
|
|
pz Guest
|
Posted: Wed Aug 08, 2007 9:48 pm Post subject: |
|
|
[quote="mm"] pz wrote: | ian475 wrote: |
We are really surprised by the interest, we played with iphone few weeks ago, have some logs and thought that there are too many IMSI readings so maybe one could be just for locking purpose. |
It is strange for me. You guys have tools and didn't try to make the iPhone working with TurboSIM??? I just want to purchase 2 Tubo SIMs, but I'm not sure about your honesty because on internet so many crap... Sorry for my english. |
Hey, we are a normal company having projects with banks, telcos, doing payment systems and such. We don't want to spoil our name with iphone/whatever unlocking, which may be in some countries illegal or at the edge (though we believe that this solution is elegant and legal: no phone modification, no network abuse, no sim cloning). It is simply not our core business. We just helped to clean the code and improve the usage/user scenario. But we are not authors, we don't claim to be, we have not much interest in iphone. |
|
Back to top |
|
|
berkar Guest
|
Posted: Wed Aug 08, 2007 9:51 pm Post subject: |
|
|
So, I see it is very intresting forum now, and read a lot of people who would like iphone.
Please write somebody answers for my questions:
I read that I need a turbo sim, and a regular phone to copy the program to
turbo sim. and need more?? like cable or anything?? or good with like my nokia n73?? or other nokia???
but the most important question, that need I at t sim to work the iphone,
because it is very hard in europe in hungary???!!!!
and
the iphone what i will buy, have to activated iphone? or it works with
absoulte new iphone?????
I think this questions the most important now for everybody, and for me because i dont want to pay a lot of money for the iphone which i will cant make calls..
thanks for answers
berkar
hungary
Last edited by berkar on Wed Aug 08, 2007 9:55 pm; edited 1 time in total |
|
Back to top |
|
|
nbasim Guest
|
Posted: Wed Aug 08, 2007 9:52 pm Post subject: |
|
|
cool. Nice, clean and redistributable
some suggestions to make it even better, and market it as a "secure SIM access validation toolkit"
- You could let the user type a sequence (a's and b's) to fed the IMSI to the phone ("bab" for this sample)
- You could display the number of time the IMSI has been read
mm wrote: | You guys have tools and didn't try to make the iPhone working with TurboSIM??? |
I guess what they mean is that their goal was not to unlock it using Turbo SIM, as Bladox is not an unlocking shop ... regarding their honesty, as a satisfied customer I can say that I've never had any problem with them, and that their products are pretty cool (and pretty unique too ) |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|