by paliometoxo » Mon Oct 13, 2008 8:18 pm
they are not trustworthy according to the devteam..
Hi guys,
First of all I want to thank everybody who sent me their logs so I could see if the *sim solutions were using different methods.
Though it may sound a little frustrating to some of you who believe this would work out if we could find a tweak to the methods implemented by the 'almost-there' solutions.
By collecting all the data and checking the logs to see how each sim dealt with the IMSI information (something like your ID on the network) I could compare legit, legit with *sim, locked sim + *sim.
My conclusion is as follows:
All of the tested solutions use IMSI solutions that are not appropriate and could possibly get you in deep trouble.
Here's a little explanation of why it worked before and why it's not working anymore (and possibly will not work ever)
People found out that the iPhone asked for your IMSI twice, the first time used to be for the iPHone itself, and the second time was relayed to the network for identification. What they did was they created a program that would respond to the first request with a IMSI that belonged to ATT network so that the iPHONe would believe it was working with an ATT sim card, but to the second request the program would reply with your own IMSI and this would be sent to the network which would make your proper identification in the network.
What changed?
Apple got smart and changed how this works. Now the requests aren't so simple and so far it seems to us that it's not possible to fake the IMSI using the same techniques that were used before.
An example of what could be happening:
the iPhone asks your SIM for it's IMSI and then relays that same IMSI everytime it's needed by the network without consulting your SIM again and again.
This way if we give the iPhone a fake IMSI, it'll relay the fake IMSI to the network which won't work as a stable, safe and legit (as far as networking goes) way.
What's my plan ?
I don't plan on giving up just yet, I believe much has to be learned about the baseband before we can rule out the *sim solutions. I will keep working on this at the same pace I have been (one-two hours a day).
The next thing on my plate now is to attempt reversing some of the baseband in search of IMSI related or pretty much any SIM related calls. If I succeed in doing that I plan on using that information to try and create a reliable and safe way of using *sim solutions.
I would advise everyone who has one of these chips to stop using them. Even though you might think it's ok, it's not ok because pretty much what you are doing is using a fake ID at a store or a fake credit card.
Also for those who're using ZeroG, it's doing basically the same thing, so stay away from ZeroG as well.
Don't throw your turbo-sim or whatever other sim you have away. Keep it with you because if someday we can find a proper solution they might be useful.
I'll keep looking at logs of other solutions to see if they are using the same stuff but until it's safe to use a solution for a daily basis I would recommend that you guys keep watching the forums until it's proven by reliable people that such solution would work properly.
This is my two cents about this subject.
Thanks for everyone who helped me.
===================
that is a post from one of the hackers working on the hack for iphone 3g regarding the sim solutions