cyb - cyberpunk

Yes, I know a fair bit about it. They're writing their own SIM cards using cloned IMEIs and such to steal phone service.

I normally do this for all of my burner phones, works great. Phone phreaking is fun.

anyone want more info? I'd be happy to share

Yeah I'm all ears. I thought SIM cards haven't been hacked yet? Along with smartcards.

I also heard that there was about just one large company in the world producing smartcards and they are supposedly secure to this day (backdoors aside). But if you just know about SIMs that's plenty for me

>>17856
yes, more info, please!

>>17856
+1 on the moar

>>17856
Yeah I'd like to known I could see this as being useful in the near future

>>17858
I would love some more information.

You do a series of whistles and clicking into the mic then boom, unlimited data and minutes.

>17850
I damn need to know how this work!
There is some day that I'm glad to be on lainchan.

>>17870
Well, at least I've heard they fixed that thing when you could deploy nuclear ICBM that way a few weeks ago.

>>17856
This sounds really interesting, please share.

>>17856
This would make a good article for lain mag

>>17856
+ on the MOAR.

>>17889
>>17887
Jesus calm down lainons. Its not like this thread is going anywhere.

I kinda recall in the book ghost in the wires, about when they started phone phreaking. It sounded pretty sweet cuz they could litterally change their numbers on a whim, but there were no sim cards back then and it was all low tech so it seemed considerably eaisier.

>>17850
Does anyone here use some sort of radio communications like CB or HAM?

>>17900
Relevant to my interests, particularly the lowdown on necessary equipment and self-education.

>>17935
Please don't.

sounds like a scam.

>>17900
mmm I have a CB in my off roader... now and again pick up some chit chat - but not much trafic round here.

>>17856
sounds like a lainzine article

Bumping so this thread does not fall off the map.

>>17939

You could always try some freebanding or linear amps, even though that's for bad people. My friends and I used to have CB's in our cars, it was actually a load of fun, but the maximum range we would get was about 1.5 miles. I'd sit about 2 miles in relatively clear ground away from the highway and pick up on chatter that was too continuous for vehicles moving ~60mph through that radius though, so they were either stopped, or I was hearing about illegal alien truckers in an area that really is too out of the way for illegal aliens to get to. Now that nobody gives a soykaf about linear amps now aside from people who...give a soykaf about linear amps, you might pick up on some cool things by coincidence, even though they're far away.

One night my cassette adapter cord got jerked too hard one last time as I was driving home late at night, and I had to listen to the radio. It was a while since I had to search frequencies to find something to listen to, and as I searched I realized how effin cool it was, the antenna of my car picking up waves I can't see that are transmitting songs in total clarity from a place that I have no idea where it is. Its the same with wi-fi and cell signal. All those dimensions we can't see...

Regardless, if LA'ed CB became more popular, that would be fantastic, since the web is so polluted with morons. It would be difficult to connect with others intentionally though, and unfortunately CB isn't going to come back to popularity, which is a shame.

>>18058
>cloning SIM cards
Jesus, that's such a ridiculously simple idea and it's never occurred to me. Considering how prevalent the cc market is, surely there's one for cloned SIMs, or the equipment needed to make them.

>>18059
You would probably receive each others phone call, cloning sim card doesn't sound practical.

>>18069
Keep it in a faraday cage, only break it out when I want to make phone calls?
Free calls whenever I want, provided the actual owner isn't on the line?

CDMA cloning
A selection of mobile phones that can be cloned.

Code Division Multiple Access (CDMA) mobile telephone cloning involves gaining access to the device's embedded file system /nvm/num directory via specialized software or placing a modified EEPROM into the target mobile telephone, allowing the Electronic serial number (ESN) and/or Mobile Equipment Identifier (MEID) of the mobile phone to be changed. The ESN or MEID is typically transmitted to the cellular company's Mobile Telephone Switching Office (MTSO) in order to authenticate a device onto the mobile network. Modifying these, as well as the phone's Preferred Roaming List (PRL) and the mobile identification number, or MIN, can pave the way for fraudulent calls, as the target telephone is now a clone of the telephone from which the original ESN and MIN data were obtained.
>from wikipedia

we need a lainzine article on this

>>17900
I'm an extra class HAM operator. I use it to talk with my friends, and I participate on the nets for local and long distance communication and disaster preparedness.
If anyone has any questions about amateur radio I'd be happy to answer them.

>>17884
Yes. If the lainzine had an article about messing with sim cards I could finally into cellphones.

You can clone SIM cards a few different ways. Older cards you can clone with just a 10 dollar RTL-SDR, 2TB of storage, 200 dollar laptop and a usb to ttl adaptor. Newer cards you need to build an IMSI catcher (requires the ability to Tx as well as Rx) or buy one from a government contractor.

Try not to use a cloned SIM in any phone that hasn't been programmed to fake the IMEI number. Never carry a phone with a cloned SIM when you are carrying a normal phone or while with friends of yours who have normal phones. Do not travel with clone turned on, turn it on only in a location not associated with you and only when you need to send a message. Do not use the calling or texting features as they can identify you, use only the internet connectivity over VPN and an anonymity layer (Tor, I2P). Even if you take all these precautions, it's possible that your phone or baseband could be implanted with a rootkit over the air. Potential countermeasure ideas include running the linux drivers for the baseband in a Xen VM and replacing the actual baseband processor with a QEMU emulation. There is still the question of fingerprinting your radio's unique Tx properties, which I have heard rumors is used in tracking cloner gangs.

On the topic of mobile network self-defense (cellph defense), snoopsnitch and Android IMSI Catcher Detector are amazing tools for detecting attacks against you and others.

>>18111
Nice post
http://youtu.be/e8zMaOIk1q4
Bump

How feasible would you think it would be to instead of cloning sim cards,
to just create a kind of module that sits at the sims cards place and fakes corresponding outputs, switching between sim-identities constantly?
Although at this stage I guess you could just entirely ditch the concept of sim cards,
and just recreate the mechanism inside your phone software.

>>18114
Theres a 128 bit Ki number that is locked away in your phone with your IMSI.
This Ki together with RAND number that you get from your mobile provider get together to make SRES response no 2 in cryptographic algorithm of A3 that was protected mostly by secrecy until 1998.This SRES_2 is compared to SRES_1 that mobile company created and then you're authenticated. There are few attacks on this cryptographic algoirthm.
Ki cant be extracted from the card because only way phone is able to communicate with SIM on this matter is through a function that just parses the number into sim card, sim card encrypts everything and just hands you back Kc and SRES.
Kc is encryption key for further communication.
2^128 is a big number for bruteforcing and there is no way of exctracting Ki.
You cant "fake corresponding outputs" since both mobile provider and your SIM card has knowledge of IMSI and Ki.

>>18111
Underrated post. Can you write something for the zine?

>>18114
I think if you type somehting like #010# or something into the phones keypad, you can get the IMEI number. If a phone has been reported stolen and thet get an IMEI match when someone tries to cash it in at an pawn/electronic store, emplyees are supposed to check it when they are exchanged in. I'm pretty sure there is or was a way to change it to change it without fuarrrking up the phone.
You can make your own sim card too, they are called jcards.

>>18111
Instead of SDR transciever why not just a rooted phone?
Could it be done?
Same thingy...

>>17889
What was the link?
Now gone!

>>17850
>Also, what is the most /cyb/ form of communication?
the internet

>>19785
bbs's are more /cyb/ imo, particularly if you do some phreaking to avoid paying the phone line.

>>17859
>>17862
>>17863
>>17880
>>17884
>>17887
>>17888
>>17889
>>17892
>>17952
>>TheRest

https://ghostbin.com/paste/uvamj


Semi-Old (Like 2012 or 2013) tutorial writen by Team Berserk (some anonymous group that died late last year)

Should all still work though

>>19810
Oh, forgot to mention im not >>17856

>>19808
If anyone wants a nicely formatted version of that, I've had this sitting around for a while. Same tutorial, more greetz and ASCII art and formatting.

http://pastebin.com/ytfqB8Dd

>>19840
I didn't post that one because it has a larger autistic stigma around it.