The Truth About SIM Card Cloning

Поділитися
Вставка
  • Опубліковано 21 лис 2024

КОМЕНТАРІ • 1,1 тис.

  • @JanusCycle
    @JanusCycle  Рік тому +485

    There have been some really great responses on possible alternate ways to getting your Ki number. Including, voltage glitching your SIM to get it to read out unintended memory addresses. Physical extraction and/or reading the chip's die directly using a Scanning Electron Microscope. Or bribing an engineer working in your local network to access your Ki database entry.
    Wikipedia is a wonderful collaborative information resource. This video provides a quality example of the way collaborative effort promptly fixes these errors. I demonstrate the truth, and within just a couple of hours, editors rush in to check and fix the accuracy of Wikipedia. Keep up the great work everyone :)

    • @Redditard
      @Redditard Рік тому +8

      I have a query,,, is there a way to use a sim cards functionality such as of internet, phone calsl and sms on a PC? with some kind of adapter, I have looked far and wide but can't find any sim-card adapter and software combo which can do this do you have any idea?

    • @peeniewalli
      @peeniewalli Рік тому +3

      I'm ancient building tube-amps and first pre-windows interface time when so called younger-wonder age 10-16😊 (" it's so simple , but the manufacturer trends to over button/Dail was funny.
      Still most don't know why things work. I 'm now entering that old styled thinking patterns group of people.
      But A.I. winning on board games GO is just unfairness towards human workings-processor trying to navigate in a bowl of pea soup.....intuitive non-selfishness works better.
      Can that be progressing in self-education AI situation near future?🤔 sparks Mr youngster thinking again.
      Thanx for upload this!

    • @KPbICMAH
      @KPbICMAH Рік тому +4

      @@Redditard there used to be some netbooks some time ago with built-in 3G modems and SIM card slots, so you could browse the internet or send SMS via mobile network (not sure about voice calls). Some USB 3G dongles from Huawei also allowed enabling voice features, but that was like 10 years ago.

    • @Redditard
      @Redditard Рік тому +1

      @@KPbICMAH yeah, but they aren't sold anymore I did check it

    • @popoffs5273
      @popoffs5273 Рік тому +1

      ​@@Redditard yes but your pc would need an antenna or other hardware capable of talking with mobile networks

  • @JanusCycle
    @JanusCycle  Рік тому +799

    The Phone Cloning Wikipedia page has been updated. Thank you to whoever did that so quickly, less than two hours after release!

    • @slyceth
      @slyceth Рік тому +23

      I still don't get it.
      So I have this sim card. It's made of metal and plastic. How can I not plug it in, copy the data to another?
      It makes zero sense. Explain it to me

    • @JanusCycle
      @JanusCycle  Рік тому +131

      @@slyceth Sure thing, SIM cards have a little processor inside that does secret key authentication calculations. The software running on this processor also decides how to respond to requests to read the memory. It will never allow the secret key to be read out.
      The only way in theory to read the entire memory would be to bypass the processor. By directly extracting the internal silicon and reading the memory contents directly with an electron microscope or similar specialised equipment. This also destroys the original SIM card in the process.

    • @dandeeteeyem2170
      @dandeeteeyem2170 Рік тому +3

      Dude thank you for doing this video, although I would worry about the type of enemies you will make for posting it..
      There was an Aussie politician who claimed his sim was cloned about 5 years ago. I saw a radio show in Sydney then got US private investigator Ed Oppernan on their show to debunk the politician's claims in a phone interview.
      I was very vocal at the time, because I knew for a FACT they were lying to protect this flaw from being fixed and essentially throw this politician under the buss. What people need to realise, especially those who think that law enforcement should be allowed to do this because "nothing to hide, nothing to fear", is that anything the good guys have access to, the bad guys do too. How do I know? The son of a guy who was high up in the mafia, had the hots for my girlfriend at the time. He was sending messed up messages to her pretending to be me. He was not spoofing my number because he could read her replies, and I changed my phone to make sure it wasn't my phone having remote access software running on it. We only realised why we were fighting, and she was sending me messages that made no sense, because we managed to catch him doing it when I had the day off work and were together while he tried to send more abusive messages as me.
      As a side note - encryption matters. A government back door is a a mafia back door. Imagine you were in the witness protection scheme and your private communication was being read by the wrong people. Or police records. Or private photos which can compromise people in positions of authority. Does Dan Andrews and other politicians frothing at the mouth about getting everyone jabbed make sense now? Encryption protects everyone, bad and good. The old trope of needing to catch pedophiles is BS, and they have many other means of doing that job that they should be adequately funding.
      Rant over, excellent video

    • @du42bz
      @du42bz Рік тому +132

      @@slyceth It's actually pretty simple
      Computer to SIM card: "Gimme key"
      SIM card to Computer: "No"

    • @BrianG61UK
      @BrianG61UK Рік тому +25

      Why didn't you do it yourself? That's what I do when I see something that's wrong on Wikipedia.

  • @threeMetreJim
    @threeMetreJim Рік тому +311

    Reminds me of the time when I used to play with SIM emulators. They used to run on a small microcontroller (A PIC variety). Gold cards, silver cards, wafer cards (and others) usually used for decrypting the old analogue satellite pay TV. But could be used as clone phone-cards in payphones and something called a yes-card (a fake bank card that used a flaw that meant it wasn't checked online) where you could enter any PIN on the PIN pad.

    • @JanusCycle
      @JanusCycle  Рік тому +33

      I remember those cards, but I didn't have a use for one so I have never tried them out. That payphone trick is quite sneaky.

    • @threeMetreJim
      @threeMetreJim Рік тому +19

      @@JanusCycle I've still got all the details and source code (as an historical artifact), but fully expect the vulnerable systems to have been hardened by now.

    • @Veso266
      @Veso266 Рік тому +3

      @@threeMetreJim can you share your source code maybe?

    • @MRooodddvvv
      @MRooodddvvv Рік тому +21

      I still have one of those. it let enter imsi and ki directly from phone "sim menu" but on new phones that menu half broken so it only work properly on old phone. It let create multiple "profiles" with pairs of imsi and ki and switch between them. On old phone switching worked even without need to reboot phone to reconnect to new network. It worked for 2g and 3g without any issues but for 4g couldnt work because for 4g algorithm was changed again and 3rd code called "opc" was added to make more "security trough obscurity".

    • @mathiasjapri
      @mathiasjapri Рік тому +2

      FBI we got a suspect here... 🤣🤣🤣😅

  • @JxH
    @JxH Рік тому +73

    Back in the day, Satellite TV access cards were hacked by 'glitching'. That's resetting the card, counting clock cycles, and then glitching the power supply. Repeated thousands of times (with variable parameters) until the card responded out of spec, and spilled its secrets, or (at the user end) allowed access to adjust the available channels.

    • @raylopez99
      @raylopez99 Рік тому +11

      So that's how they did it! Those clever pirates, selling those cards which would last a few months before having to be replaced...or so I'm told.

    • @JxH
      @JxH Рік тому +11

      @@raylopez99 Once in a while, closer to a year. But sometimes the signal provider would issue a series of changes all in a row, and the hacked cards would be mailed back and forth more than being used. Later, one could buy a glitcher (serial or parallel port, long before USB) and subscribe to the new software from the pirate. I stopped before it became illegal in my jurisdiction. And I always maintained a local subscription to the local provider, in case that might mitigate things. House had up to four small dishes at one point.

    • @mickey7245
      @mickey7245 Рік тому +4

      @@JxH i remember my mom and dad buying those cards until they gave up because of them having to change it every year or 6 months

    • @bobFranck-wq5mz
      @bobFranck-wq5mz 5 місяців тому

      Merde

  • @fujitsubo3323
    @fujitsubo3323 Рік тому +104

    Pretty crazy seeing all this out in the open all these years later. I use to see a lot of this stuff and the systems Telstra used when I worked for them back in the day. Everything you said was correct.

    • @ShawnJonesHellion
      @ShawnJonesHellion Рік тому

      Everything everyone says is correct apparently. Christian channel commenter's say that. Satanist channels commenter's say that. Atheist cult channels commenter's say that. Republicans channels all say that. Democrat channels, libertarian channels, bigfoot sighting channels....
      Channels that say: see where I'm getting with this, probably say that

  • @batica81
    @batica81 Рік тому +156

    Amazing nostalgia trip :) Cloning SIMs to wafer or "12in1" cards was quite popular in the Balkans before multisim phones came out. It was more convenient to restart your phone and select the active SIM with a code than juggling a few actual cards of different providers. Due to 64k inquiry limit, it worked only on some cards ofcourse. However there was a horror story that most of the phone repair shops (and enthusiasts) unknowingly used a "backdoored" version of Woron scan that was sending all the KI numbers to some Russian hacker group that made the clones as well, and then used them to call ultra premium numbers they set up :)

    • @MMC_Repair
      @MMC_Repair Рік тому +9

      Точно, такое было.

    • @raylopez99
      @raylopez99 Рік тому +9

      A high tech version of what occasionally happens today, where a stranger who looks like a drug dealer will ask to use your phone, because he "lost" his, and then use it to make a deal. A kind of a 'burner phone' technique.

    • @MrAsddasdasda
      @MrAsddasdasda Рік тому +1

      @@raylopez99 Not the same

    • @counterleo
      @counterleo Рік тому +8

      Your part about the backdoored version of Woron scan will serve as my daily reminder to only use this sort of software in a virtual machine isolated from the Internet :)

    • @janikesina7813
      @janikesina7813 10 місяців тому +1

      There is a lesson about the russians in this. Learn it

  • @nickmashek840
    @nickmashek840 Рік тому +351

    Typically, music on most educational / research videos is misplaced and annoying, IMO. You Sir...are the exception. Beautiful and brilliant song and version selection. Perfect application and execution. Thanks for making this video, the content was info I've been curious about for years. Depeche Mode was the cherry on top!

    • @JanusCycle
      @JanusCycle  Рік тому +30

      Thank you, music is really important in life, and my videos :)

    • @Mjmikol
      @Mjmikol Рік тому +2

      i was waiting for the moment u discribed... I WAS DELIGHTED and slightyly impressed as wel.

    • @Mjmikol
      @Mjmikol Рік тому +3

      though... the volume in the end track is kind a louder the the rest...

    • @JKC40
      @JKC40 Рік тому +1

      @@JanusCycle what remix is that?

    • @JanusCycle
      @JanusCycle  Рік тому +3

      @@JKC40 The Eric Lymon remix

  • @mikeyjohnson5888
    @mikeyjohnson5888 Рік тому +56

    About 20 years ago a family friend claimed to be able to do this alongside hacking the cards in cable boxes and such. Of course, he wasn't open about his process but some of the things he talked about were mentioned here. Maybe he wasn't actually doing anything but its neat to see he wasn't totally blowing smoke. He did eventually get caught up in a casino machine cheating scandal so its not hard to imagine he was up to something.

    • @EdwardJamesBickels
      @EdwardJamesBickels Рік тому +20

      The whole DirecTV smart card story was fun to read. The gist of it was them and hackers going back and forth for years until DTV started sending required card updates that appeared to have useless data, but once the last bytes were received, it turned into a program running on the card itself. Then a week before a Super Bowl (I think it was 2000 or 2001), they sent a command that bricked all hacked smart cards and set the first 8 bytes of the card to GAMEOVER.

  • @worroSfOretsevraH
    @worroSfOretsevraH Рік тому +12

    Oh I spent so much time back when I was young in the early 2000's playing with SIM cards, phone cards, SIM card emulators.
    I've built a serial port scanner, and used it with Dejan Kaljevic's software. Lots of fun. (R.I.P.)

    • @JanusCycle
      @JanusCycle  Рік тому +8

      Dejan Kaljevic was the pioneer of phone hacking, and sad that he has passed. It's good to see him being mentioned.

    • @slavisaasus
      @slavisaasus Рік тому +5

      I was privileged to know him quite well. Godspeed, Den's hacking den...

    • @ElaineGarcia-uo8qj
      @ElaineGarcia-uo8qj 5 місяців тому

      Switching ssms was how I upgraded, traded and sold a lot of my phones back when flips were cool.
      I even knew someone who's unlock for a small fee
      Now smms are useless in modern smartphones and om learning how to unlock phone by myself

  • @RichardBetel
    @RichardBetel Рік тому +13

    It's been a long time, so I don't remember all the details, but I remember the days at Research In Motion developing the Tachyon, aka The BlackBerry 5810/20... It had a number of problems. An important one was that they SIM card slot was prone to bad electrical connections and static discharge. One (entirely temporary and never shipped IIRC) solution was to get the Ki and program it into the phone, so that the phone could emulate the SIM card rather than use it... It made the phone far more reliable. My memory was that it was possible to have the phone work out the Ki by passively gathering challenges, actively get it (which took a day or so if it didn't crash, and was tough on the battery), or asking nicely and getting it from the carrier. Our SIMs at work were weird special SIMs meant for testing and devellopment, so the Ki's were not treated with the same care as normal SIMs. I think it's possible that they didn't have protected ROM on some of them, so if you had the right tools, you could just read the Ki off of it.

  • @grajzer
    @grajzer Рік тому +63

    What a blast from the past. I was playing with this 20-30 years ago and it was really fun. One interesting thing was that first mobile operator in my country didn't use KI authentication for quite some time, and phone numbers were correlating with IMSI numbers, so you would be able to easily guess IMSI number of any phone number and clone it.

    • @manp1039
      @manp1039 Рік тому

      what was the correlation?

    • @grajzer
      @grajzer Рік тому

      @@manp1039 differences between two phone numbers and their IMSI keys were the same :) so, if i wanted to "hijack" phone number 12345 and mine phone number was 12300 i would just add 45 to my IMSI number

    • @rodak_
      @rodak_ Рік тому +1

      Wait... Are you THIS DEJAN?!

    • @grajzer
      @grajzer Рік тому +5

      @@rodak_ You mean the guy who hacked this algo, Kaljević? No, but I knew him. He's no longer alive.

    • @rodak_
      @rodak_ Рік тому +2

      @@grajzer I was referring to the guy who made the "Dejan flasher" for Nokia phones. Was he the same guy?

  • @alexus267
    @alexus267 10 місяців тому +6

    64k attempts lifetime limit, how neat. That's probably why my SIM card mysteriously died after 15 years of flawless service (getting a replacement was challenging since not many people remembered the time one didn't have to show id and register everything in that country).

  • @KPbICMAH
    @KPbICMAH Рік тому +23

    Speaking about SIM card vendors sending card data to mobile operators. I used to work for a GSMoperator in one of the former Soviet republics in the early 2000s, being responsible for interaction with SIM makers, among other things. We used PGP for any sensitive information sent via email, but even if you did get the plain-text output files, you wouldn’t get Ki from them, as it was additionally encrypted with a transport key (which was delivered separately and entered in the switch for decrypting the Ki information inside the AUC). Different keys were used for different SIM vendors (and sometimes several keys for the same vendor), and these were only referenced in the output files by their numbers, which means the actual Ki value was pretty much never available to anyone on the operator's side. I don’t think this was much different in the UK or elsewhere, at least post-2000.

    • @mustfit
      @mustfit Рік тому

      Interesting, thank you. Have you (op-side) had the transport keys in plain? Could you decrypt Ki outside AUC using the transport key?

    • @KPbICMAH
      @KPbICMAH Рік тому +3

      @@mustfit no, the switch people received the transport keys and input them into the system. So in theory we could have cooperated with them on this.

    • @mustfit
      @mustfit Рік тому

      Interesting, thank you again

    • @ShawnJonesHellion
      @ShawnJonesHellion Рік тому

      Back in my day we had tons of tricks like kicking people off the internet. seriously. That sounds so far off like something a bigfoot or religious follower would say that no one today would even believe that was possible I bet.
      I bet I could make a video about it claiming it still exists an the big feet/ape evolution people would spread it like it's gospel

    • @MRooodddvvv
      @MRooodddvvv 10 місяців тому

      I really surprised its not mobile operator who writes those keys in blank cards from manufacturer. It is even possible to order those blank cards from sellers online for cheap. And process of writing keys is so simple and only require basic usb card reader hardware it could be even done at operator sim card sale office.

  • @NeonVisual
    @NeonVisual Рік тому +3

    Back on 1G phones I was in school at the time, and with some friends we managed to get access to hidden menus in the phone and copied all these random digits into a different phone, and then when we called the number both phones rang! Could only answer one of them though as the other then stopped ringing. This was back when the call was basically not yet digital, if you went somewhere away from signal the voice started to go fuzzy like a walkie talky. Didn't take long for 2g phones and text messages to appear on the scene, at which point everything was digitally encrypted with the sim.

  • @JCLoony
    @JCLoony Рік тому +51

    Would be interesting to see if you could run a low power GSM base station to get these devices online and play with this a bit more in depth.

    • @cannaroe1213
      @cannaroe1213 Рік тому +5

      You'd be surprised how expensive low-power GSM base stations are to buy/run. It isn't simply a matter of software, to handle 100s of simultaneous links they have to have extremely expensive clocks, and this is true even if there is only 1 subscriber, the base station basically keeps time.
      Now i'm sure it's possible with a HackRF and a TCXO solder into something somewhere, but it's not as easy as reading a card with a card reader unfortunately, unless you spend above $3000

    • @JCLoony
      @JCLoony Рік тому +10

      Sure, but OpenBTS with a cheap SDR would probably be enough for a local system to be setup. Main issue I see is managing the RF situation, can it be run low power legally, or would the room have to be turned into a faraday cage first?

    • @johndododoe1411
      @johndododoe1411 Рік тому +3

      Some places keep Gen2 GSM running as the common fallback for later phones after their preferred protocol is shutdown . So when 3G shuts down, the old 3G phones "roam" to the backup 2G net. Same for 4G.

  • @Auberge79
    @Auberge79 Рік тому +55

    one of my simcards (bought around 2003) was cloned over 10 years ago (same simmax 16-in-one), and it still works perfectly in 2G and 3G networks after all this years. No need to swap cards in my old phones :-) Just switch it on and ready-to-go! By the way, should I switch more than one phone at the same time, they both (or all 3) can make calls, but only last-one-online will receive the incoming call. However I do not turn on more than one phone simultaneously.

    • @JanusCycle
      @JanusCycle  Рік тому +23

      It must be nice to have the convenience of cloned SIMs. And the last-one-online incoming calls is correct. Best to keep only one phone switched on :)

    • @narfharder
      @narfharder Рік тому +14

      The "what happens with two identical SIMs simultaneously on the network" question is a plot point in _Primer_ (2004), arguably the most convoluted time-travel movie ever. Now I know the answer to that, thanks. But I wonder, does the last-one-online rule still apply in the new SIM paradigm? For a network to assume there are no simultaneous duplicate subscribers seems... sloppy.

    • @manp1039
      @manp1039 Рік тому +1

      I am guessing that your calls and numbers you call are being monitored? and you may not be the only one with clones of your original sim that you bought in 2003?

    • @MRooodddvvv
      @MRooodddvvv 10 місяців тому +1

      Same here. Only issue is 4G not available.

  • @jvinsnes
    @jvinsnes Рік тому +3

    Your voice fits perfectly for the topic. An obscure, niche topic in electronic enthusiast community. I remember my dad used to get gold cards from ebay back in the day and programmed them to work as a car wash card. The first time he tried it, the cashier said he had 50k on it. Can’t imagine what went through his mind at that point

  • @SianaGearz
    @SianaGearz Рік тому +27

    I knew some guys who kept a 2G tower unit in their bathroom and were slowly hacking it, I think they were able to span a little network of their own but they didn't run it very often. Perhaps you can find some enthusiasts like that where you live.

    • @manp1039
      @manp1039 Рік тому +1

      Is the frequency for 2G unused by any other networks? I would have guess that if the phone company had no use for it the government would take back that frequency and offer it to other service providers? And if they did and thes rogue 2g towers were broadcasting on the airwaves.. they would eventually get identified, there broadcasts would potentially either be jamming the new legit devices using those frequencies and/or those new devices would jam the rogue 2g stations broadcasts??

    • @SianaGearz
      @SianaGearz Рік тому +5

      @@manp1039 I'm hoping frequency reassignment is a SLOW process. And as long as noone complains, nobody investigates. Hush hush sort of business though, you don't show every stranger your bathroom if you have one of those.

    • @ShawnJonesHellion
      @ShawnJonesHellion Рік тому

      Naa I live in the 13th largest city in usa. They don't even know how to milk the cows on their farms in usa. Back in the day I was like a space alien using computers. Today they still think only phones exist

    • @MRooodddvvv
      @MRooodddvvv 10 місяців тому

      LOL

  • @thetankie007
    @thetankie007 Рік тому +146

    Very interesting! I always wanted to know the details of how SIM cards worked. I actually built a SIM card reader when I was younger but it just bricked the SIM cards, it must have been hitting the limit!. However as a teenager everyone at school had a Nokia 5110 (without sim), you could enter a secret technician menu and change the phone number to a friends phone number and then receive their text messages and calls! it only worked when you were on the same cell tower and more of a funny prank as it diverted calls and messages and their phone would stop working.

    • @blakegriplingph
      @blakegriplingph Рік тому +32

      You may be referring to the AMPS/TDMA variants of the 5110. AMPS is notorious for being insecure, and that may have been the network standard used on the cellphone provider my dad complained about a few decades ago.

    • @CapTVchilenaShootingStarMax
      @CapTVchilenaShootingStarMax Рік тому +8

      I remember having a TDMA/AMPS Ericsson phone and with some service codes you could even listen to calls from other people.

    • @anthonychilufya6580
      @anthonychilufya6580 Рік тому +1

      ​@@blakegriplingph is your dad a revisionist or hackitivist

    • @dan_youtube
      @dan_youtube Рік тому

      That's hilarious, must have seen a lot of sexting from the cheerleader team

  • @blakegriplingph
    @blakegriplingph Рік тому +110

    The question is, as intriguing as it was, in some places SIM cards are sold more or less freely like here in the Philippines making burners and fraudulent calls easy; it wasn't until 2022 when mandatory SIM registration was enacted.

    • @HonestAuntyElle
      @HonestAuntyElle Рік тому +12

      Whoa. That's hard to imagine having lived in Australia. Getting a new SIM has always been such a barrier, that people were far less likely to swap prepaid carriers because of it.

    • @kerozin520
      @kerozin520 Рік тому +20

      @@HonestAuntyElle I'm in Croatia, you can still buy prepaid sim cards without any kind of identification or registration, they're $3 or so. You can optionally register it with info that is not checked in any way and in that case they send you those $3 you paid for card back to your prepaid account to use for calls.

    • @loganmacgyver2625
      @loganmacgyver2625 Рік тому +5

      @@kerozin520 in Hungary you have to register it and they call it EU law

    • @gameconsole9890
      @gameconsole9890 Рік тому

      Philippine law is shit. They make that law to lessen sms scam but still there is sms scams and now it even become more convincing.

    • @adriancoanda9227
      @adriancoanda9227 Рік тому +6

      so even with registration, it is still possible to extract an e sim profile and edit the info in a such way that you will get a new identity and if that identity exists on the career server than easy as cake

  • @pakfones
    @pakfones Рік тому +4

    I've done cloning years ago 😀 I'm talking about the year 2006, 2007. Nothing is new in this video for me, Anyway you've got a thumbs-up

    • @JanusCycle
      @JanusCycle  Рік тому

      Hello to an experienced SIM cloner! I'm glad you enjoyed the video :)

  • @exoqqen
    @exoqqen Рік тому +2

    all these new kids woth their videos on this topic are nice and dandy, but you're actually going indepth on some of the history and more practical attacks. very nice

  • @stockwellengineeringhints3527
    @stockwellengineeringhints3527 Рік тому +3

    Absolutely fantastic ending. The music really fits the visuals.

  • @anthony4530
    @anthony4530 Рік тому +14

    Incredibly interesting, informative and entertaining! Your choice of music was nothing short of genius! Thank you for taking the time to put this together.

  • @WistrelChianti
    @WistrelChianti Рік тому +15

    nice video and nice music. Remember ages back reading about how sim cards were essentially little CPUs rather than things that simply store data, so cloning was impossible. Didn't know there was a way to mathematically brute force what they were doing but I guess it makes sense. I now see why government so upset about encrypted chat programs. Guess they lost their favourite toy.

    • @gayusschwulius8490
      @gayusschwulius8490 Рік тому

      They are microcontrollers, yes, but they do have memory containing the required executable code and keys, so it's absolutely not impossible to read them out.

    • @iRelevant.47.system.boycott
      @iRelevant.47.system.boycott 7 місяців тому

      If they worked, they would be illegal.

  • @ckm-mkc
    @ckm-mkc Рік тому +27

    In a lot of places, SIM cloning is an insider job that is done by someone inside the phone company who has all the tools to "port" the number to a new SIM. These days it is a compromised human rather than hardware.

    • @circuit10
      @circuit10 Рік тому

      What motivation do people have to do it? That seems like a lot of effort to just... have a spare SIM? So there must be some other reason

    • @Ontrus
      @Ontrus Рік тому +14

      There are a number of reasons (surveillance is mentioned in the video), but a huge, more nefarious motivator is getting access to MFA security. Assuming you can get a user's account credentials through social engineering or other means, having access to their phone number to receive MFA verification codes can give you access to tons of sensitive information. Government sites, bank accounts, web accounts, corporate resources, etc. Cellphones and their numbers are generally fairly secure; they are a separate, independently secured (sometimes through their own MFA security), physical object that also tends to be very important to the user, so people tend to keep them on hand, and they will be replaced quickly if lost. The best way to get around that security is to either get the sim out of the phone, or use social engineering/bribing (made easier because of the information the criminal has already gathered about the victim) to manipulate an underpaid customer service worker to replace the sim.

    • @JT-lq4yd
      @JT-lq4yd Рік тому +1

      ​@@circuit10 The SIM "cloning" you may see on the news is just someone transferring a cell number to new SIM, it may be a new SIM or cell company. This is so that someone is able to get a MFA code to allow them to your bank account.

    • @circuit10
      @circuit10 Рік тому +1

      @liampeanut1269 Scam

    • @deang5622
      @deang5622 Рік тому +1

      The phone number is not stored in the SIM.
      The phone number is held in the HLR/HSS of the mobile network.
      And it is associated with the IMSI number of SIM card.
      And the IMSI numbers are allocated in batches to each mobile network operator.
      So if you are trying to clone a SIM and use the SIM to get free phone calls, then you don't need to port a number from another SIM to the cloned SIM.
      Access to the mobile network is not granted to the mobile phone based on the mobile number, it's based on the IMSI number which is held in the SIM card and in the HLR/HSS.

  • @mickwolf1077
    @mickwolf1077 Рік тому +7

    I cloned my sim card years ago, I had a stk 8 in 1 sim that could have 8 numbers. I only ever used one and kept the original sim at home. It didn't take long either.

  • @PredragKuzmanovic
    @PredragKuzmanovic Рік тому +1

    I just have a basic knowledge of computer/phone etc devices but this video I watched in full , even when video actually ended at 11:44 I stayed to watch listening the song . Kudos , bro !

    • @JanusCycle
      @JanusCycle  Рік тому

      Sometimes just seeing technology and hearing the descriptions, even when you don't understand it all can help you learn. When learning more things in the future you will remember bits and it will become easier. I'm really glad you enjoyed this. Thank you for watching.

  • @therealchayd
    @therealchayd Рік тому +14

    I managed to accomplish a SIM clone back in the early noughties, and it was only possible to get the Ki on one out of about 10 SIM cards I tried, I think providers had added authentication limits to SIMs at that time (this was all done for legit purposes where we were developing a JavaCard application and no provider would give us a Ki unless we paid thousands and signed NDAs etc, so we DIY'd it in the end)

    • @TeeDwomanGodshowsmercy
      @TeeDwomanGodshowsmercy 11 місяців тому

      please my sim is still cloned, what do i do? my ex listens to my calls

    • @BillAnt
      @BillAnt 8 місяців тому

      @@TeeDwomanGodshowsmercy- Most likely it's not your sim cloned, but there's a spy app on your phone grabbing everything. Big difference.

  • @PHANTOmIND8
    @PHANTOmIND8 Рік тому +8

    Our service provider can give up to 4 sim clones if requested with a small fee. I had 3 sims of the same number all working on different phones with 3G/4G simultaneously. This service started around 2 decades ago.

    • @mrblc882
      @mrblc882 Рік тому +6

      Most probably those are not clones - just regular SIMs pinned to same number.

    • @ANWA143
      @ANWA143 Рік тому

      What service provider and how would this work? Would all of the phones ring when that number was being called?

    • @PHANTOmIND8
      @PHANTOmIND8 Рік тому +2

      @@ANWA143 service provider is STC in Saudi Arabia. You can send calls and messages from all sims but set one sim for recieving calls and you can switch the recieving to one sim at a time if you liked. Worked like a charm.

    • @j90319
      @j90319 Рік тому

      ​@@PHANTOmIND8 thats incredibly unsafe if someone gets your phone number you wouldnt even notice, as if someone sim swaps a normal phone number the real user would lose signal

  • @leodf1
    @leodf1 Рік тому +3

    What a cool channel. Real gem stumbled upon. The DM lyrics while bruting that poor SIM was hilarious. Subbed.

  • @triularity
    @triularity Рік тому +19

    You'd think they would have implemented simple rate limiting at the first sign of brute force attacks. Only allow a key attempt at most once a second.. maybe delayed even more if multiple are requested back to back. For normal use, this delay may never occur/be noticed. But that 40 minute attack might take days, weeks, or months, instead. Also, while I could understand some secret proprietary algorithm decades ago, anything in the past 10 years or so should be using established public key encryption, with SIM cards randomly generating there own private key and only exporting the public one. So nobody could amass everyone's keys, even if they wanted, since they would never be known to start with. Then you'd have to resort to glitching, side channel attacks, or more destructive means to try to get the key.

    • @JanusCycle
      @JanusCycle  Рік тому +5

      Even with the new stronger algorithms, including some sort of rate limiting should be easy to include and greatly add to the security. I don't know if they have done this, but your analysis is spot on.

    • @ignorance72
      @ignorance72 Рік тому +5

      SIM cards don't have real-time clocks so it would be hard to implement rate limiting.

    • @triularity
      @triularity Рік тому +2

      No, but one would have to power off the SIM and then back on, waiting for it to initialize again first. That is much slower than just hammering it constantly. Plus, it might be able to write a counter to persistent storage each time it fails, and then on power-up, it will have to wait a given amount before it will accept another attempt or clear the counter. It only needs to track accumulated run-time to delay.

    • @BillAnt
      @BillAnt Рік тому

      ​@@JanusCycle- My assumption for not rate/time limiting is, if there's an unreliable network connection due to weak signal or interference, the requests/responses would need to be resent several times in order to connect. They could have imposed something like 10 non-limited requests per second then a 1 second pause which would slow down hacking attempts significantly. But the best protection is a longer key.

    • @iRelevant.47.system.boycott
      @iRelevant.47.system.boycott 7 місяців тому

      @@ignorance72 Couldn't it be done algorithmic ? With an exponentially increasing number of empty loops between each failed attempt ?

  • @robogirlcops
    @robogirlcops 10 місяців тому +3

    GLAD YOU ARE ON OUR SIDE THX

  • @JeffLovesShantae
    @JeffLovesShantae Рік тому +2

    Thank you very much bro, for leaving the subtitles activated for the language in Spanish. Greetings from Colombia. ❤️‍🩹

    • @JanusCycle
      @JanusCycle  Рік тому +2

      Making subtitles is hard work. I'm glad you appreciate them. Thank you for letting me know.

  • @mihiguy
    @mihiguy Рік тому +21

    In this context I'm interested how the eSIM affects this. How does the Ki value get into the eSIM without being able to be intercepted, assuming the owner of the eSIM phone is interested in cloning his Ki value to use on more devices?
    BTW 90 00 is not only for sim cards but generally for PCSC smart cards and means "command successful". Error messages start with a 6 in hexadecimal which is not only flipping the digit glyph, but also its bit representation.

    • @JanusCycle
      @JanusCycle  Рік тому +6

      My guess is that an encrypted packet is sent to the eSIM chip, which decrypts it to get the Ki. The specifications exist, but I have't looked into eSIMs yet.

    • @mihiguy
      @mihiguy Рік тому +6

      @@JanusCycle Thank you for the response. But that means, that either all eSIM must have another key that is known to the carrier (chicken and egg problem), or some PKI must be involved that requires someone to sign the keys used as they would otherwise be prone to Man in the middle attacks (introducing a new point of failure)

    • @JanusCycle
      @JanusCycle  Рік тому +5

      Thank you, very good points. I have also wondered about eSIM security. Just not had the time to look that deeply yet.

    • @mkontent
      @mkontent Рік тому +2

      @@mihiguy diffie helman

    • @mihiguy
      @mihiguy Рік тому +2

      @@mkontent Without some kind of authentication scheme, Diffie-Hellman only helps agains passive listeners, not against active men in the middle.

  • @Ton4i
    @Ton4i Рік тому +2

    love the depish mode music when you put the second sim card for reading

  • @samwilliamson4715
    @samwilliamson4715 Рік тому +11

    Nice video. Interesting stuff. Apt music choice @ 4:38 - nice 👍
    Would still like the option of having handsets with multiple sims or at lest two or more carriers in one sim so you can switch carriers for different rates or needs..

    • @Hauketal
      @Hauketal Рік тому +2

      That is exactly what I'm typing this on. Dual SIM phones are quite common if you search for them.

  • @mr88cet
    @mr88cet 3 дні тому +1

    Very interesting information! Thanks.
    Best I can tell, the biggest danger is SIM Swapping via Human Engineering: A scammer using what would seem to be, but isn’t, hard-to-obtain information about the victim, to convince some underpaid and undertrained customer service agent at their mobile carrier that s/he is you, then transfer your number over the hacker’s phone.

  • @etmax1
    @etmax1 Рік тому +14

    There's potentially another way to read out the Ki No. from a sim card, use an e-beam prober to read out the actual Flash memory in the SIM card. You need a lot spare change to buy one, but I'm sure that's not much of a problem for a state owned spy agency.
    On your comment on Wikipedia being updated so quickly, actually virtually anybody can do that, so it was probably one of your regular viewers.

    • @Steve211Ucdhihifvshi
      @Steve211Ucdhihifvshi Рік тому +7

      Goverments dont work that way usually mate, Years ago they just mandated that Providers ie telstra etc provide unfettered access to agencies on request. Meaning at least 15 years ago when i worked for telstra, they could see everything you did, imagine their capabilities now.

    • @etmax1
      @etmax1 Рік тому +3

      @@Steve211Ucdhihifvshi I think you've misunderstood what I was saying, It wasn't that state level actors do it, only that it is the sort of budget you need. Of course multinationals have more loose change than a lot of governments so clearly they can do it.

    • @EvilSapphireR
      @EvilSapphireR Рік тому +1

      So by literally viewing the hexdump of the flash memory? Wouldn't that contain the code that runs on the SIM processor as well that you'd have to disassemble to sort them out from the key and understand how the code retrieves the key? Are the processors used by SIM card documented?

    • @etmax1
      @etmax1 Рік тому +2

      @@EvilSapphireR I would suggest to you that it is all relatively easily achieved by a skilled operator. I once did a hex dump of a microcontroller's Flash and hand disassembled the whole thing (didn't have the disassembler, just the data book), created a flow chart of what it was doing corrected a bug and then reassembled it all and programmed the device in 2 weeks. With the proper SW tools it would have been much easier. As to the documentation of the CPU they all use off the shelf cores. Some companies do soft cores in an FPGA but that's not going to happen for a simm card reader

  • @dimples282
    @dimples282 Рік тому +2

    This video is a great case study in supply chain exploitation with the points discussed from 9:47 onwards. Kinda like that one XKCD comic about encryption, rather than cracking a Ki, just social engineer and/or drug your way into the manufacturers which is the path of far less resistance.

  • @Paul-XCIV2
    @Paul-XCIV2 Рік тому +9

    Maybe this is why mobile operators are keen for you to have a new SIM whenever you get a new handset, even if you are retaining the same number with the same provider.

  • @bikepacker9850
    @bikepacker9850 Рік тому

    I like how you formally announce "We've reached the end of the video" . Great video, I have no interest in the subject matter, yet, watched the whole thing.

  • @JohnDoe-bd5sz
    @JohnDoe-bd5sz 11 місяців тому +3

    I did this to my card and my wifes card and put them on an ATMEL card.
    Worked fine and i was able to select which simcard i wanted to emulate, simply by the PIN code.
    If i turned the phone on and entered 1111 as PIN i would get my own card, if i used 2222 i got my wifes.
    Sadly both phone numbers could not be active at the same time though.
    Was mainly done as proof of concept, but i did it with a program just like yours that found the IMSI and KI.

    • @JanusCycle
      @JanusCycle  11 місяців тому +1

      Nice, I'm glad you got this working.

  • @Spelter
    @Spelter Рік тому +1

    Somehow, somebody copied my Sim Card back in the year 2000 here in Germany, but not like that. This person had to build an access point, so my phone logged into it, and they must've sniffed every information they could get. They phoned away on my bill. 200 bucks later, I went to police and the provider told me I was in a different city while calling people. Lucky me, I had proof I worked at that time - at least I thought lucky me. O2 refused to refund me, it went to the court, I won, but they kicked me out of the contract.
    So yeah, somehow it was easier 23 years ago, when no real encryption was implemented in GSM. This video made me remember it. Decades later, we know how you can build your cell tower or at least a small version of it. How somebody gets the KI number though with just listening to 1 calculation... maybe somebody made "logged in" phones reauthenticate many times and then.. tried the rest?
    I know, I was working at my job back then, and not in Berlin, so who knows how that worked back then. Hardware was slow back then, so your method would be taking a long time.

  • @CarcharothQuijadasdelased
    @CarcharothQuijadasdelased Рік тому +4

    "...they just want to listen in if they need to." something tells me that "if they need to" means all the time to misconstruct or find the smallest thing in case you dare to "notice" or do a "wrong think".

  • @MMWA-DAVE
    @MMWA-DAVE Рік тому +2

    FYI, as of April 2023 there is 900Mhz GSM still operating in one part of Australia I work at. Christmas Island. Telstra still operates the only mobile phone network there, its still 2G voice and SMS only, just like the early 90’s. The only mobile data service on the island is offered by a small business known as CiFi with their own LTE equipment and that service is data only. Their connection comes by way of tapping into the Vocus under sea cable from Perth. I was there only last week and can confirm this is the case still. Telstra has accepted millions of dollars of tax payers money in order to upgrade their service to 4G, but as usual is moving at a glacial pace. At some stage this remaining 2G outpost will also get switched off.

    • @JanusCycle
      @JanusCycle  Рік тому +1

      That is fascinating. It must be easy for Telstra to keep it going with the spare equipment they kept from the old network.

    • @MMWA-DAVE
      @MMWA-DAVE Рік тому +1

      @@JanusCycle astonishingly, they even installed additional 2G equipment last year to increase coverage 😂 I’m no expert and wonder if it is in fact modern stuff thats been dumbed down till the necessary bandwidth is available. Voice quality on the 2G service is below average also, extremely low bit rate and like AM radio quality. When you make a whatsapp or optus wifi call using the cifi LtE its like listening to a CD player in the age of worn out type 1 cassettes for the first time.

  • @awalden
    @awalden Рік тому +3

    Excellent video, content, narrating, presentation... everything! (And I especially loved that version of "Policy of Truth") Wishing you continued success with your youtube channel! ~ Allen

    • @JanusCycle
      @JanusCycle  Рік тому

      Thank you Allen. I really enjoy making videos and I'm glad you enjoyed this one.

  • @luigigaminglp
    @luigigaminglp Рік тому +2

    Great video! Your voice is very nice, the topic is very interesting (to me lol) and the demonstrations and explanations were really good. Keep up the great work!

  • @MrCrazyGameGuy
    @MrCrazyGameGuy Рік тому +4

    Just like to point out that just because there is no "known" method to clone a modern SIM card; that doesn't mean certain people don't know how to do it. Just because something isn't widely spread, doesn't imply that theres no way to do that thing. I'm sure you can't find any information on copying a government issued form of ID, but it does happen.

    • @JanusCycle
      @JanusCycle  Рік тому +2

      You make a good point, there is a dark web out there.

  • @nowheremanjk8624
    @nowheremanjk8624 Рік тому +2

    In my country they are blocking the 3G network. 2G stays because apparently some old infrastructure works on it, and the 2G network has several advantages

  • @Budgiebrain994
    @Budgiebrain994 Рік тому +8

    Your videos get better and better.

  • @co5tellooffical
    @co5tellooffical Рік тому +1

    Man those old SIM cards be bringing back memories of my first phone 😢

  • @markjune3027
    @markjune3027 Рік тому +9

    My ex-roommate went to MIT, he's now head of R&D (they don't call it that but I can't remember the exact job title) for Deutsche Telekom/Tmobile here in the U.S. Back in 2014 when we were living together, I watched him clone his own sim card so he could have multiple phones with the same number. This was on Tmobile's 3G/4G network. He definitely found a significant vulnerability and wasn't keen on sharing it with me. And I doubt he's the only one who knows of it. But instead of revealing it, he (and/or they) keep their mouths shut so they don't "fix" it again. He learned his lesson with satellite TV -- they used to hack the cards in order to get free TV. They would then release the new hacked ROM online and eventually the TV company would send out a patch to fix the hole and they'd have to crack it again; rinse repeat. This happened numerous times until the satellite TV company finally did away with that card system all together. If my ex-roommate would have never released those hacked roms on the internet, he would probably still have free satellite TV to this day. He said he'll never forget that lesson.

    • @JanusCycle
      @JanusCycle  Рік тому +2

      Interesting, thank you. I wonder if the vulnerability he found was inside the SIM or in the network.

  • @miscme7116
    @miscme7116 Рік тому +3

    I remember the good old times when me and my friends would clone the analog NMT mobile phones. It was ridiculously easy back then, and then you can be any number in the network. In my country for a long time it was not believed that it was possible. There was a classic case where a police chief gave a challenge to replicate his phone number, as he did not believe it was possible. Next month he received in his mobile invoice costs for calls to adult phone services not made by him, and he had to believe it was true.

    • @salvadorcruz46
      @salvadorcruz46 11 місяців тому

      My sims locked every time I turn it off,I know a little bu about to Learn more

  • @stevenchristenson2428
    @stevenchristenson2428 Рік тому +3

    Actually capturing responses and working out the key is how you can figure out the secret key in WPA2 encrypted wireless networks. All you really need is a computer that can put the wireless card into promiscuous mode and set it up to listen for new device traffic. You can even send a bad packet of data to the network to reboot all the devices and they all have to re-auth back to the WAP thus getting a large number of encrypted packets to process. You then either manually decrypt the password or you can put the encrypted password into a giant list of known passwords and see if the user used one of them.
    It only takes like 48 hours or so to decrypt WPA2 encrypted keys and maybe even less with GPU processing. Its pretty fun to do, just don't use it to try and steal your neighbors wifi as that can be illegal in some places.

    • @X4Alpha4X
      @X4Alpha4X Рік тому +3

      the time to crack WPA2 is extremely variable depending on hardware and complexity of the password assuming brute force(or how big the password list is, assuming it even has it). there was a manufacturer of mobile data wifi pucks who used a default password of 8 random numbers. a laptop with a 1070 GPU could brute force that keyspace in about 4 mins with hashcat.

  • @_____7704
    @_____7704 Рік тому +1

    This whole channel is magical - more videos on phreaking generally please

  • @examplerkey
    @examplerkey Рік тому +11

    Some years ago, a father and son cloned a sim card, for whatever reason. They were found out, arrested and jailed. I think there's a way from the NP side to find out this kind of activity, for example by way of phone make and model number or an UUID.

    • @manp1039
      @manp1039 Рік тому +4

      that is exactly what i was thinking. It is not just a sim that the network has for any device that connect to it. Those people would have had to clone everything on the phone.. and there may even be one or more unique chips on each of the phones that the NP can collect data from.. in addition to which tower and date and time it connects (presuming this father and son were using prepaid sim cards where the location they lived and their legal names etc were not already known by the NP and connected with the sim acct?

    • @MRooodddvvv
      @MRooodddvvv 10 місяців тому +1

      Are they got lifetime sentence for such horrible crime against humanity ?

  • @dodegkr
    @dodegkr Рік тому +1

    What a tune to select, bravo, more! I hope you have a lime mini2 on order for some TACS and LTE fun

  • @chinmayasinghrawat4622
    @chinmayasinghrawat4622 Рік тому +12

    Very interesting to watch. Funny how the SIMs are compromised over simple e-mails though.

    • @raylopez99
      @raylopez99 Рік тому +5

      True, I've worked on big, secret M&As (Mergers & Acquisitions) where the utmost care was taken to ensure privacy, since it would affect the price of the companies if word got out, and yet details of the deal were sent in plaintext over email.

    • @josephkanowitz6875
      @josephkanowitz6875 Рік тому +1

      @@raylopez99 ב''ה, all securely stored at RIM's data center, right?

    • @raylopez99
      @raylopez99 Рік тому

      @@josephkanowitz6875 Iron Mountain...I do remember that logo a lot. Back in the the day before I think Google even did https on all its transmissions.

  • @guruoo
    @guruoo Рік тому +2

    We used to clone our in house phones back in the analog days to save on maintaining separate accounts. Like to experiment this for a couple of my phones, but so far yet to find a safe trojan-free version of woron scan.

    • @JanusCycle
      @JanusCycle  Рік тому +1

      This is where I downloaded from. I use a sacrificial laptop though to keep my main computer safe.
      woronscan.narod.ru/

  • @Valery0p5
    @Valery0p5 Рік тому +7

    It is no secret that the phone network in general was built with very little security in mind, even a WhatsApp call is safer in most circumstances.

  • @judyreyjumamoy
    @judyreyjumamoy Рік тому +1

    i didnt search for this and i dont know why i watched the video till the end

  • @anhedonianepiphany5588
    @anhedonianepiphany5588 Рік тому +3

    Why am I not surprised that most of the Ki numbers are known by surveillance agencies? This is the reason one doesn’t attempt any crucially private exchanges without decent end-to-end encryption.

  • @vincebanzon756
    @vincebanzon756 Рік тому +1

    I'm not sure why I'm watching this. But in the end, I feel like badass listening to the music with this new knowledge.

  • @nick066hu
    @nick066hu Рік тому +18

    Even if I could clone a modern SIM card somehow, I would very much be cautious to use more than one of them simultaneously. I guess the operators have some algorithm to recognize requests with the same IMSI numbers coming from different cells (from distant locations) at or around the same time, and would block my account, and may even ask me unpleasant questions. Or is the cloning so unlikely that they don't care? Any comments on this?

    • @BertoldVdb
      @BertoldVdb Рік тому +10

      I have accidentally turned on two modems using the same physical SIM on 4G (the sim slots are connected to the system CPU and then proxied to the modems, it happened due to a software bug). It didn't cause problems but only one of the modems was working, although both claimed to be registered. Probably depends on the network.

    • @BertoldVdb
      @BertoldVdb Рік тому +2

      BTW: Since both modems were on the same board, they both joined the same cell.

    • @stultuses
      @stultuses Рік тому +12

      The network operates separately to the billing system
      When you make a call, the records that make up your call (CLR's, Call Link Records (Think of your mobile call going from cell tower to cell tower, onto say a landline network to eventually end up at someone's home, all of those hops are CLR's)) are aggregated into a CDR, Call Detail Record) that is used for Rating (assigning distance and charging / service components to), that is then fed into the Billing engine (for assigning a cost value to)
      i.e. [CLR + CLR + CLR+ ...] -> CDR -> Rated -> Billed
      Back in the 3G and 4G days, it didn't matter how many dual sims were on the network, the system doesn't cross check (how could it, with literally millions of phones on the network, it would be extremely compute intensive. Even 10,000 phones active at once would take 10,000 x 10,000 cross checks)
      It was the last sim activated that got the incoming calls, so even though you had multiple sims the last active used to get the incoming traffic
      Making calls was different, any copied sim on the network could make calls at any time
      Things have most certainly changed since I was involved in the telco space though

    • @nick066hu
      @nick066hu Рік тому +11

      @@stultuses Thank you for the inside info. It was 15, maybe 20 years ago, I wrote microcontroller code into a Microchip PIC in our remote control device monitoring pump stations. The uC was interfaced to a GSM modem, that we had to buy and maintain subscriptions for about 150 pcs SIM cards. It was expensive, although we used very little data, just a couple of bytes per message, and almost nothing if no errors, so it really felt an overkill having so many full phone subscriptions (the operator had no plan for M2M communication back then). I was then thinking about how we could trick the system with cloned SIMs but lacked both the courage and knowledge for it.

    • @Aim54Delta
      @Aim54Delta Рік тому

      ​@@stultuses
      I could imagine if they wanted to that they could implement some kind of optimized cross-check algorithm to catch duplicate sims, but I can see where it would be mostly a non-issue to correct.
      The number of people who can clone a sim is relatively small and mostly limited to people who tend to confound your efforts, anyway - and by virtue of how the network functions, it wouldn't really be a valid way of gaming the system to the user's favor ... again, outside of niche uses.
      It's not just cross-checks for activating phones, it's cross-checks for changing towers or some means of rationally managing a phone between nearby towers. In principle, it could be done - but I don't really see it as being a priority investment as it addresses a very niche problem that is only a problem when governments aren't doing it (at least from the network operator's perspective). Further, here in the States, most cell infrastructure is locally or regionally owned/maintained and the network operator leases access to the tower, as I understand it. That adds a whole different layer into authentication strategies. The authentication would have to be baked into the communication standard used by the tower so that any carrier could function.
      The only thing I could see being different with 5g is some manner of sub-identifier which would basically turn a sim card into a network gateway and multiple devices could send/receive on the network at the same time. My phone would just ignore the data packets for a different phone.
      I could see support for this being put in.... but don't really see the use/advantage as you'd have to effectively route data to two different towers for broadcast... or more. And whatever plan that is would probably be absurdly expensive while having no particular benefit other than potentially reducing the number of authenticated devices on a tower (as the sim allocates and band and packet address the device) .... but you could implement something similar to this without doing cloned sims in congested areas, overlapping devices into a single band and using the band as an old fashioned network bus.

  • @MrGrisha84
    @MrGrisha84 Рік тому +2

    This video answered more questions that I had, so I guess I know way more now than I did before starting the video

  • @mamborambo
    @mamborambo Рік тому +8

    Since you know so much about SIM and how they work, please do an episode on eSIM and how to convert between them. My provider charges for esims and it is difficult and costly to swap sims between phone.

    • @manp1039
      @manp1039 Рік тому +1

      you said "convert".. did you mean transfer the esim to a new device? if you did mean "convert" convert to what?

  • @HonestAuntyElle
    @HonestAuntyElle Рік тому +11

    What was the original sales purpose of the SimMax holding 12 Sims, was it able to be swapped by phones, or did it need an external device to swap between profiles. If it was simple as typing a number command and rebooting, then I could see the purpose if you were trying to make cheap calls from Optus to Optus or Telstra to Telstra or for frequent travellers.

    • @JanusCycle
      @JanusCycle  Рік тому +2

      One of the benefits they describe is 'Change mobile phone number without turning off mobile phone'. I'm not sure how it was done, yet.

    • @kerozin520
      @kerozin520 Рік тому +5

      If I remember correctly there were sim cards which could store multiple sim card profiles/numbers you would read cards you have and then store those into that single "super sim" and on some phones you could cycle through those stored profiles even through menu on phone itself.

    • @JanusCycle
      @JanusCycle  Рік тому +11

      @@kerozin520 This could be using SIM Application Toolkit to add menu options to the phone. Another aspect of SIM cards that doesn't seem well known about.

    • @Auberge79
      @Auberge79 Рік тому +5

      You actually have "SIM menu" on your phone and there's an item called "change number" provided you have this all-in-one SIMcard inserted, so you can select there any of slots of your 12-in-one SIM. But not all phones do support simcard hotswap, so most old phones still needed reboot (power cycle) in order to change simcard.

    • @veryboringname.
      @veryboringname. Рік тому +4

      ​@@JanusCycle Yup, that's actually what the "STK" on the card refers to - SIM ToolKit. On phones that supported STK, an extra menu would appear on the phone allowing you to pick a SIM.
      You could also use a PIC programmer like the Infinity USB to write SIM-EMU software onto a blank Greencard to create your own SIMMAX-style multisim-in-one card. From memory SIM-EMU worked more reliably than SIMMAX.

  • @lobsangbarriga5324
    @lobsangbarriga5324 Рік тому +5

    Very well explained, thank you! And nice music btw

  • @monmonmon4177
    @monmonmon4177 Рік тому +2

    its like cracking a wpa wifi code (trying many codes until matching exact one) but sim cards have security made in, factory they send a voltege on a pin to burn it, this pin is the one for writting or making changes on the sim so it cannot be edited

  • @Knaeckebrotsaege
    @Knaeckebrotsaege Рік тому +8

    Would be interesting to try this in a country where 2G/basic GSM is still alive and well, like Germany. I still know of two pre-2000 prepaid SIMs that are still active and being used, one being my moms (from sometime in '97) and one being mine from my very first own phone I got for christmas '99, which might already be too new...

    • @MRooodddvvv
      @MRooodddvvv 10 місяців тому +1

      If you still want to know one of those cloned cards still work well in russia because original card was lost and that number only used in old phone without 4g so no one bothered to do anything and just used cloned card. No issues or oddities was noticed for years.

  • @morsine
    @morsine Рік тому +4

    Thanks a lot mate! this was the question I had when I was a child, and I searched a lot for it.. thank you for solving my childhood mystery!

    • @morsine
      @morsine Рік тому

      @Liam Peanut your spammer is running and old script xD

  • @alexanderwhite8320
    @alexanderwhite8320 Рік тому +5

    Very good video, two thumbs up! As a person who cloned SIM cards and made multiple-in-one cards I can tell the video and explanation is 100% accurate. Except the part of spy agencies spying by intercepting the Ki number.

    • @JanusCycle
      @JanusCycle  Рік тому +8

      Spy agencies intercepted Ki numbers in emails from card manufactures sent to networks. Not over the air. Hopefully I made that clear enough in the video.

  • @ABaumstumpf
    @ABaumstumpf Рік тому +2

    How i HATE how simcards have changed over the years. Now you gotta register even prepaid simcards for "security"? Yeah no - it got nothing to do with that as we have seen what it is actually used for the past 3 years. Then also the push towards eSIM. So now the phones can be hardware vendor locked and i can not just use whatever phone i want (aside from the other obvious problems).
    And the most aggravating thing is trying to get a 2nd SIM officially..... i asked my provider - it is "only" 5€ per month.......and 20€ for the card ..... and 20€ each year for "services" .... and 5€/month extra to be able to use it for anything but phonecalls. They seriously want to charge me more just for a 2nd SIM than it would cost me to get an entire 2nd contract.

  • @uglyrose2019
    @uglyrose2019 11 місяців тому +3

    Mine has been cloned already....I worked at a BIG telephone company and you would be surprise how corrupt the employees are!!!!
    Money talk.....as you already know .....
    Most illegal things are not done by criminals but by government employees.....😂

  • @ichabaudcraine2923
    @ichabaudcraine2923 Рік тому +1

    Love the Depeche Mode bit, absolute genius

  • @helmutzollner5496
    @helmutzollner5496 Рік тому +9

    It was known from the start of the GSM implementations that the SIM crypto algorithm was pretty weak.
    But as you said it was kept secret, which in the early 1990s created quite a discussions. Normally in Crypto systems the security lies in the secrecy of the key, not in the secrecy of the algorithm. But this was ignored by the GSM standards consortium.
    I guess there were two reasons. The first is that they were worried about the SIM chips available being powerful enough. The other reason was probably the governments wanted a back door.
    To your assertion about getting the Perso keys of the SIM cards, there the security has been tightened considerably and the Perso Keys issued by the SI vendors are now sent in a classic crypto ceremony in 3 parts, where only the combination of all three parts of the key will result in the correct key. This is used to derive the individual chip keys.
    But I guess there may be still different standards used by different vendors.

    • @JanusCycle
      @JanusCycle  Рік тому +2

      I'm glad we are getting smarter at having good security. Great info, thanks.

    • @HitchensTV
      @HitchensTV Рік тому +3

      ​@@JanusCycle The 3 part way is not default for any manufacturer afaik. Where I worked we started forcing encrypted orders in 2019 or so, after which I ordered new cards and destroyed my old ones. But even that handling did not seem to be the default way for the big manufacturers =/

    • @iRelevant.47.system.boycott
      @iRelevant.47.system.boycott 7 місяців тому

      It is know that it was the second reason. The Brits.

  • @Haroun.Benmahdjoub
    @Haroun.Benmahdjoub Рік тому +2

    *Basically, everybody has access to you but not you to yourself.*

  • @fredsalter1915
    @fredsalter1915 Рік тому +3

    Does this apply to eSIM and iSIM as well? Thanks. Great vid!

    • @JanusCycle
      @JanusCycle  Рік тому +1

      Those chips are also much more secure.

  • @rexarn781
    @rexarn781 Рік тому +2

    I didn't know a simcard was this complicated.

  • @kevinlee7263
    @kevinlee7263 Рік тому +5

    Sounds like those scenes in movies where someone pulls the sim card out of another person's phone while they're in the bathroom, clones it in 30 seconds, and puts it back in their phone before they know what happened, are pretty far-fetched.

    • @JanusCycle
      @JanusCycle  Рік тому +4

      There is a scene just like your description in the The Bourne Supremacy. Since it's a movie we can assume Bourne had a backdoor SIM exploit, or some other secret intel we don't know to keep it fun :)

  • @Info-Centras
    @Info-Centras Рік тому +2

    All codes you can see, when using your own GSM station :)
    All mobile phones connecting to strongest signal, best wishes...

  • @MarkBryant007
    @MarkBryant007 Рік тому +2

    I love the use of Depeche Mode.

  • @k-vn-7
    @k-vn-7 Рік тому

    Brief but perfect musical interlude!

  • @CosminSandu2907
    @CosminSandu2907 Рік тому +3

    Here from Hugh Jeffreys! 👋🏻

  • @DanielKaspo
    @DanielKaspo Рік тому +2

    Massive nostalgia seeing that Windows XP theme (Zune theme??) Used to love it

    • @JanusCycle
      @JanusCycle  Рік тому +1

      Zune theme is the best!

    • @DanielKaspo
      @DanielKaspo Рік тому +1

      @@JanusCycle I had the Gen 1 and the Zune HD - I was a massive fan :) Still have their wallpaper pack saved on my PC!

  • @upseguest
    @upseguest Рік тому +3

    Zune theme on your xp laptop? Did you ever own a zune or did you just download it because it looked cool?

    • @JanusCycle
      @JanusCycle  Рік тому +2

      It looks very cool. I still need to buy a Zune one day :)

    • @upseguest
      @upseguest Рік тому +1

      @@JanusCycle yeah lol, sadly the zune service doesnt work anymore so a lot of the functionality is lost but you can still store music on it!

  • @rb4593
    @rb4593 Рік тому +1

    A man of class using the Zune theme 👍

  • @Jbrimbelibap
    @Jbrimbelibap Рік тому +3

    So SIM card cloning is dead if I am not a government entity ? Good to know, thank you, I add thought of cloning a sim card to share internet access but looks like it's not possible

    • @JanusCycle
      @JanusCycle  Рік тому

      Yep, no way to clone a modern SIM

    • @orange11squares
      @orange11squares Рік тому

      @@JanusCycle well, telekom companies can replace your sim card in case you lost it, same phone number....

    • @ItachIBrolly2
      @ItachIBrolly2 Рік тому +4

      @@orange11squares Not the same, once the SIM is replaced the number is assigned to the new SIM card and the old one becomes useless, I work in a US telecom company

    • @HoloScope
      @HoloScope Рік тому

      @@ItachIBrolly2 yep this

    • @IvanIvanov-uw4yx
      @IvanIvanov-uw4yx Рік тому +1

      @@JanusCycle Isn't it viable to read it directly from the chip with a microscope, destroying the original sim in the process, and later cloning it to another 2 sims?

  • @BlueRice
    @BlueRice Рік тому +2

    I know the potential of this during late 1990's. It seems like no one noticed it. They were trying to get those code to get free calls

  • @kefler187
    @kefler187 11 місяців тому +4

    Jokes on them, no one can listen in on my phone calls because I don't make any XD
    Google does have front row seats to my internet browsing habbits though as I subscribe to the whole google ecosystem lol.

  • @sbcinema
    @sbcinema Рік тому +1

    here in germany, most of the old networks are still available, i use a NOKIA from 1998 myself (witout gps)

    • @IvanIvanov-uw4yx
      @IvanIvanov-uw4yx Рік тому +2

      2G is still available everywhere across europe. It was something related to contracts mobile operators had with emergency phone numbers iirc, so we will probably have 2G for at least 10 more years!

  • @Graeme_Lastname
    @Graeme_Lastname Рік тому +4

    Just one more reason to not have a mobile phone. Thanks m8. 🙂

  • @妃廬詩裳乃汰
    @妃廬詩裳乃汰 Рік тому +2

    My dad just lost his phone by dropping it into our well. After the incident, he cloned his lost sim card. but some apps interact weirdly with the new sim. It had known the sim has the same number as the old one but some verifications were not sent to the new card but to the old one.

    • @app0the
      @app0the Рік тому +10

      If he went to get a replacement at the carrier, it's likely not a clone but a new card that the carrier bound to his account.
      I remember when I did that back in Russia all my bank and payment apps stopped working because the login code would come in an sms and they weren't sure it was me who made the replacement sim card (there used to be a lot of incidents where carrier employees would illegally reissue sim cards to get into peoples bank accounts)

  • @krzbrew
    @krzbrew Рік тому +2

    Ah such nostalgia...

  • @techwolflupindo
    @techwolflupindo Рік тому

    This is good info for someone looking into recovering info from an old phone that stored it SMS and Contacts on the sim card. Last time I went looking, there was lots of really schechy products and software.

  • @rd9831
    @rd9831 Рік тому +3

    Ok thats how pegasusus works😄

    • @iRelevant.47.system.boycott
      @iRelevant.47.system.boycott 7 місяців тому

      It's a bitch. Try to mention a certain ideology and you may be unpleasantly surprised.

  • @Beanso
    @Beanso Рік тому +1

    I just love this cover song. Great work. Great content.

  • @ssenkumbadeogratius6910
    @ssenkumbadeogratius6910 9 місяців тому +3

    u still have xp bro

  • @ridingdirty2412
    @ridingdirty2412 Рік тому +1

    5:02 waiting for the drop