Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

My goal is to communicate with a sim card via binary sms and upload new firmware

ID: 656770 • Letter: M

Question

My goal is to communicate with a sim card via binary sms and upload new firmware and/or talk to sim card api to retrieve data such as gps coordinates etc... I am not sure how to construct these binary messages. Does anyone know where I could find a program or some papers or research documents about this sort of stuff? I have watched black hat presentation on sim card vulnerability's. However this video presentation does not have provide information on were I want to succeed. I could not find much on google. I have previously been testing ISP servers for vulnerability's and now have decided to look into sim card security.

Explanation / Answer

I wanted to post that as comment but since i don't have the permisson yet i will trow here(i'm ready to delete if it does not answer you)

It is possible to exploit a SIM card's SMS over the air (OTA) update system that is built with Java Card, that is, a subset of Java that allows applets to run on small memory devices.

OTA commands, such as software updates, are cryptographically secured SMS messages, which are delivered directly to the SIM. While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the '70s-era DES cipher.

Send an improperly signed binary SMS to a target device using a SIM encoded with DES, which was not executed by the SIM because of a signature verification failure. However, while rejecting the code, the SIM responded with an error code that contained the device's cryptographic signature, a 56-bit private key. It was then possible to decrypt the key using common cracking techniques. With this key in hand hackers are able to sign malicious software updates with the key and send those updates to the device. The attacker is also able to download Java Card applets, send SMS messages, change voicemail numbers, and query location data.

If you want more technical details on how to reproduce that yourself i recommend google since i never exploited a SIM myself just google for "sim javacard vulnerability" "sim exploit" and you probably will find it yourself. Do good use of that info !

Related Questions

My disease is breast cancer This week, we are talking about nanoparticles that p
Question #58144
My disease is candida Vaginitis prepare and Write a 3 pages Scientific paper whi
Question #134818
My disease is candida Vaginitis prepare and Write a 3 pages Scientific paper whi
Question #134955
My disease is malaria Pick a nanoparticle you described in a previous assignment
Question #56382
My display won\'t work if my pack is full. When it is not full, it seems to be w
Question #3792680
My displayFlags function is not working properly in visual studios. Please Help!
Question #3559004
My diving instructor claimed that the amount of energy required to fill a scuba
Question #1621373
My diving instructor claimed that the amount of energy required to fill a scuba
Question #1623479
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
My goal here is to take a dotted notation IPv6 number and convert it to colon he
Next
My goal is to keep track of the popular posts on different blog sites based on s

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.