Tuesday, August 7, 2007

iPhone unlocked using SIM cloning

It's not a consumer-friendly hack, but some of the uber hackers over on the hackint0sh forum have figured out a way to use other carrier's SIM cards in the iPhone using some SIM cloning techniques. The method was posted by a person claiming the device now completely works with service in Croatia.


Hopefully a reader who understands more about this stuff can correct me, but I'll take a pass at explaining how this works. First off, the SIM in your device is like a small computer. In addition to storing a small amount of data, it also contains a mechanism for performing a challenge-response sequence using an internal secret key, which is how the carrier detects if your SIM is a legitimate card and hasn't been tampered with. This key, referred to as Ki, cannot be read from the card, so the only way to obtain it is to get it from the carrier (not a chance), or by way of a brute force attack (takes 4 or 5 hours).

So, with the hack, you use some special hardware to extract the carrier information from your network's SIM and the AT&T SIM. You also brute force the Ki value for your SIM. Then, you program a new SIM with your carrier's data, as well as some atypical functionality. This special programming on your cloned SIM card returns the network identifier (IMSI) of the AT&T SIM for the first few tries, and then continues to function as your normal carrier's SIM. I'm presuming this is to trick the iPhone into accepting your card as an AT&T SIM during boot, but then switching back to the alternate SIM when it connects to the network.

Long story short, it's quite a lot of crud to have to wade through just to use a $600 phone in Vermont, Croatia, or anywhere else on the planet you desire to reside.

Here's a priceless snippet from an interview on VideoGamer.com:

VideoGamer: Do you think hackers have an unfairly bad reputation?

Deepdark: Listen, let's talk about the iPhone situation. Apple has 10000 employees and they are against us because we are bricking them by hacking their protection. On another side are end users who are 1,000,000 strong maybe. They are happy. So like you see, it's a big difference.

VideoGamer: But isn't it Apple's right to have their own protection on their products?

Deepdark: Yes, but you can't sell a car and then say to the buyer, "hey listen, you must drive 50kmh". It's so stupid.

...

VideoGamer: In the end do you think these projects actually make the iPhone more desirable to consumers?

Deepdark: Of course. We are making the product more useful. Imagine a world without hackers. You won't live in that world.

via (hackzine)