yup what happened to me was i was learning about the art of hacking and programming, Then i saw that defcon had some ted talk type shit and was like, oh dis gonna be some good shit and you were hours down the hole, i am weeks down dis hole
Yes, it's likely an arm-m0 with 8-16K of ram with a serial interface and some non-volatile memory. Possibly the A3/A5 crypto and whatever crypto I'm potentially missing about UMTS and LTE might be in there in hardware as well. That's all it is. It has an ISO protocol for talking to it, bits send over a serial line and messages are along the lines of CLA INS LEN P1 P2. CLA and INS are class and instruction. Some instructions are even standardized like those to do with files, SELECT FILE, APPEND FILE etc. Files are not huge btw. There are a few bytes long maybe 512-1024 bytes max because the flash will be maybe anything from 8-32K. The smartcard OS firmware will usually observe wear levelling especially for files that get updated a lot. Without knowing too much I'll bet you have to access the GSM application by authenticating against a file using PIN1. Then you can use the instruction to calculate the reply to A3 crypto challenges. And then there are also ways to add your own SIM Toolkit applications. So you see, it's not at all just a piece of "dumb" flash memory. It definitely can do a hell of a lot more than your first home computer if you had one. Only the RAM is lots less, usually around 1-8K.
I find it crazy to think that inside this tiny tiny chip there's a whole computer with better specs than a freaking NES (Nintendo). (Minus a few things like the GPU... I know...)
If it was only a simple EEPROM it would be so easy to clone. The reason you need a CPU inside is because that way the private keys never leave the SIM, but the phone simply sends commands to the SIM that computes the required cryptographic functions giving back the result, without the phone knowing the secret keys. That is the principle of operation of all smart cards (a SIM is just one of them), like the one in your credit card or your pay TV card.
This put me on the road to becoming one of the few open-source JavaCard developers. What a talk. They reside in smartcards now, including implants, which I help build.
I used to work at a mobile service provider, where we had these little card reader/writers with which you could program these. From what I remember, we wrote our own little apps.
In the 2000s in Australia Vodafone sim cards could be used for gprs data (dial up speed pre 3g) without any activation of the card just chuck it in and set the connection to Vodafone and off you go. just used to get $2 sims from the piles in shops. You would get about a week to 2 weeks before the card stopped working then you would use another $2 card. you always got your free calls from a payphone and a straw. useless info now :(
TIL that SIM cards have much more computational power than the Apollo 11 computer. Most people know that the Apollo 11 computer was primitive in contrast to today's technology, that even a £1 calculator has more power than it did, but it's amazing that SIM cards have up to 250kb of storage, 64kb ram and run at 30mhz while the Apollo 11 computer ran at 0.043mhz and had 4kb ram and a 32kb hard disk.
I see that these programming tools need another abstraction layer through better or improved software tools, or improving an IDE to make programming easy and handle themselves like a current high level programming language, but it could be done, just more work and you'll have an easy way to program these cards. The thing is, if they can act on independently on parallel toe the Smartphone CPU, how do you control it and check what security measures it's using and how it's using them, might be secured being independent, but how do you interface with it, if it can't use the SP screen and other functions
I fiddled with sim cards in the past, when it was quite easy to clone them (getting the secret keys by statistics and guessing run on the replies from the sim) But some time after , the sim card operations limit decreased so this method became unusable...
Not to disrespect the presenter or op, presenter did a great job and I've heard comments like ops a lot, but seriously....what are people learning now? Back in the 90s this was two, maybe three steps above script kiddie depending on which language you learned first after binary. The first time I flashed a chip, it was a Sim card. If this is mind blowing, check out totse.com on the way back machine...the bbs boards combined with phrack mag, 2600, and the Linux journal would have been hacker U in the 80s/90s and it produced higher quality intellects than the academic white/black hat BS today. The average hacker has gotten stupid....or there are more normies than usual trying, either way, bad times.
what do u mean? you cant be hacker if your normie? normie is stupid? from what i understand is that you're saying that whole talk was nothing and holds no value comprared to hacking that was happening in 90s? Is that pointless to learn this stuff?
@@shd2937 - no, you cannot be a truly effective hacker if you cannot think outside the status quo. There are good guys around, null byte and hack5 being some of the better ones, but the community on average has lost its ability to freely and critically think. I definitely think people should learn this stuff, that's the problem, the basics are now seen as advanced or specialty outside of pen-testing. This stuff should be common knowledge by now, not a presentation.
i get your point, i think its an issue honestly, im cysec student myself and i feel like its harder to focus nowadays, i dont want to blame it at social media or phones but i bet that in the old days that you're mentioning, you didnt had so much distractions around, notifications and unecessary bullshit. Im starting my journey with cysec and im obsessed with gaining more skills and knowledge, and in other hand paralysed by amount of information that is avaliable, kinda stuck... Any tips from yours ?
I'd love to see a talk about other aspects of the network, like implementing the gsm protocol, but I'm also about 10 years late so I guess there isnt much use in asking now
Interesting that the provider can load new applets through the air. I wonder what sort of auth is involved... Considering it's possible to set up a fake GSM base with SDR. Scary stuff.
Tzisorey Tigerwuf Yeah I barely understand this stuff but I get it somebody could sneak something in that could be really powerful for them and damaging to you, stingray baby you’ve beenyou been Zucked!
Yeah, probably a really good way for intelligence service to set up a wiretap... Just run a AT command to dial a number, turn the volume and responses on the display off and you just got yourself a nice mic in the room. Or send a sms to get your cell, etc. The possibilities are probably endless and it will run on every f*cking phone with no way to notice or delete it (srsly, who would check their SIM card for bugs?)
*hackable*. They covered that. You send any junk to the card, it replies with a signed error message, you recover the key from the signature (weak hash) and sign your payload with that key.
I once tried to install an app from the internet onto a windows phone (back when they still were a thing) and not onto the SIM card. I wondered why it had this stange STK name. Now i know why i never got it to work.
Wow, whoever recorded the sound or set the mic gain needs to listen to this at full volume with headphones on. My PC volume was at 75% and my RUclips volume was at 50%, and "welcome, everyone" almost blew my speakers out.
Is there a way to know if this has been done to me? Very confident it is happening by the misleading information I get while on my phone. I get phone calls from different numbers with people who have the same voice claiming they’re from different companies, plus I haven’t had an amber alert the past year or two.I also seen a comment where they worked at a service provider where they had SIM card readers/writers, & my provider had me switch my sims card about 2 times back to back when I’d go to pay my phone bill. Seemed odd to me
Have you considered that maybe that's exactly what it still is? Terrorist payment method..... After all, ISIL is the group, so why the change? Those in charge like to name two or more things the same that seem not to be related, but actually are.
Rex2k10 That's disturbing. Why the hell would one put a Java VM on a µController? I even feel like I'm wasting efficiency when using C instead of Assembly.
I believe the main reason was standardization to make it easier for third parties to write apps; reduce complaints from angry users that can't get their game/app to work on their new hand set, and probably a failed attempt at predicting the ways in which mobiles would develop.
Surely the reason JAVA was used instead of Python or some derivative of C is the total limited scope of people who program these things, ever. It's a tiny circle jerk of a few industry leaders, their circle of developers, and managers who have never written a line of code themselves but heard of JAVA on Linkedin.
It is because it is a much safer language to develop with, and if you are going to have any idiot able to develop an app that can be accessed by something that is in every other person in the worlds pocket. You are going to want to avoid that shit storm. There are also Java elitists. The best thing Java did was lend its name to JavaScript.
I think the phone is network bound, so you get a compulsory subscription for the network companies which collaborate with phone companies. I think If you lose a phone you buy another one of the same network version and calls their customer service to cancel the old number or the new one and choose which will be used I'm really not sure tho
Thanks for the idea , as new products that are now very interchangeable and allow switching and reading and writing and copy and inter device direct wire connections . As well as transfer of complete Lynix portable device add ons with diverse cell phone multiple adapters at high speed and so much more ability’s . That it’s like a explosion of device uses that never before was so affordable and micro processed and diverse that only ones creative excitement will limit one especially with satellite and ham station and frequency scanners to really make AI a co pilot with a crew working to develop what you simply question if it’s only possible then it’s done before you finish talking with predictive technology .
7:32 If the SIM applet can run arbitrary commands on the phone, doesn't this basically mean that this is some way to "listen" to a phone? I mean arbitrary commands could also mean it can run commands in the background probably without showing anything to the user and therefor activate the microphone and transmit the data to the carrier (or to whomever).. right?
So you if you could change the number dialed you could redirect the call to switch with a recording device/tap and then redirect to the original number dialed? Sounds like a good way to tap phone. But I have no experience with this tech so I really don't know if that would be possible.
Hello dear friends The 2nd December 2019 we get notified of the censorship of our channel by the new RUclips Guidelines (who change every 6 months) because of "Content reusing without including substantial original commentary or educational value" so in consequence the Monetization of our channel was disabled. This is a little bit tricky because these Guidelines wasn't there in 2013, 2014, 2015 and so on... It is abnormal to change the rules during a game ...even more before Christmas! Since 2013 we are trying to share the best Security Conference on our channel and we need your help to keep it up. As you already know I was fighting the disease since the last 2 years and it's difficult and without resource and support I wouldn't be able to keep up on this way. You can support us on Patreon if you find our work valuable. You can also express your dissatisfaction regarding our situation to RUclips on Twitter, Facebook, Instagram and wherever you can. to help us regain our rights. Your support in anyway will be truly appreciated Thanks guys for taking time reading me and stay tuned! Merry Christmas to you all and God bless you all! www.patreon.com/HackersOnBoard Bitcoin Wallet: 1NWM4upgKj8iF7zknzmnHG8Mm2pvAyTHqc
actually, the concept of things being stored on your SIM card that you can easily pop out and move to another device isn't awful in itself. i see the issue of where that _would_ have led things, but if we could just use it to simply move important data around, it would be nice.
Before I got a Windows Phone smartphone I would always move my contacts to my SIM card to move between phones but no modern phone OS allows that anymore! Unless there's an app for that?
justFuuZe Going with Filipino. They're subscribed to a few Phillippines-based TV series channels. The Phillippines would make sense, too, given the nation's rather poor telco situation.
So you could inessants, send someone a message or "task" through their phone and leave no trace. Like maybe a location or a time someone will be somewhere......... . . . ?
neoqueto -- Maybe there is but that might be a feature on specific SIM cards. What I have found is just by going to Wikipedia's sim toolkit page and then clicking on the ETSI standards document in the references. That's an eye opener just by itself, because it describes the command the phone accepts from the SIM and how the SIM can f with your phone in many ways. But the Standard you want is ETSI TS 131.113 which talks about the USAT interpreter and it's programming environment. It seems to be just a byte code interpreter with specific data types for text messages etc. And skimming through the manual I find in section 8.8 "Execute Native Command". The instruction code is 47H/C7H followed by length in bytes, then some stuff and finally a 16 bit NCI. You don't get to just jump anywhere you want, you have to give it a native call identifier. And that's where I'll bet it gets card specific. You're going to have to tell the card os to create a new application for you with a certain AID. In that command you're going to have to tell it how many bytes long. Then you would create the application files including writing your binary to a file and setting a special execute bit on it. The AID is probably the NCI. But for that you are going to have to have a USIM that supports this business, has space available and had its access rules/protections set so you can do it, or you have the crypto keys to unlock these features. And then I wondered if you can buy fresh un programmed USIM cards online and it turns out you easily can for a very reasonable price. I have no idea what they are the ones I looked at and I would only buy if they can supply the keys and the technical manual. You will likely deal with Chinese who don't speak much English. Now that's what's possible on the interface between the SIM and the phone and you have been educated on it for free. As a bonus I am just going to throw in I bet you didn't know your sdcards contained a arm core you can run code on using vendor specific sdcard commands.
I have a SIM card that, upon first boot, forces the phone into programming mode, connects to a cell tower, registers the phone, writes it to EEPROM then never calls the function ever again, effectively turning it into an one-time card.
I torched my SIM after this... Bad SIM, bad, bad... If these nerds figured this out, what could "security" agencies do? What is happening? Did i fall down the rabbit hole by watching this?
being java developer myself, i pretty amazed where java can run, well it would be coll if the showed actualy spy app which can record audio on the sim card!
What about Android and Security ? Is Rooting and moving to some other OS a good security thing - i wonder Because what are the next security steps and how mature is security on 'smart'-Phones ?
as much as i *love* very in-depth talks into protocols and communications, and i do love this one, but the speakers tutting between each sentence is driving me insane, i can't ignore it :(
HELP ANYONE WITH SOME ANDROID SKILLS! I HAVE BEEN ATTACKED. A few days ago, while watching a RUclips video(via the App) on my Samsung Galaxy S20 FE 5G, the left half of the video portion was covered with a pinkish/orangish screen with the words "MICROWAVE SPY CAMERA 1.XXXX" (where xxxx was 4 digits that I don't remember). After about 20 seconds, I clicked the next video and the exact same thing occurred. I then clicked back to the previous video and the video didn't have this "notice". Then I returned to the new video and it was no longer there either! I played one more completely different video and it wasn't on it either. I tried to look in the developer options for how to see active programs running and it listed about 20, but nothing that stood out as suspicious. I just now put the phone in airplane mode. How can I inspect my phone for evidence of this "screen notice"? Maybe some kind of cache files containing the "screen notice" or whatever? Is there a way to get a dump of ALL processes running before it's too late and it terminates, or the cache gets deleted? I would like to get proof this exists on my phone. Need evidence. Please help ASAP!!
Наука
I think they really missed an opportunity to call their network "SimShady".
Touche'
at 31:56 it says "Shadysim"
although i think it's a name of an app they made for it
or part of a script
@Tntmod54321 you clearly, clearly didn't get the original comment. WAY over your head.
is it the real simshady?
What?
one of these defcon talks popped up in my suggested videos, hours later I'm deep down the RUclips rabbit hole.
yup
what happened to me was i was learning about the art of hacking and programming, Then i saw that defcon had some ted talk type shit and was like, oh dis gonna be some good shit
and you were hours down the hole, i am weeks down dis hole
Got here via Jason Scott talks... learning ALL the things now!
This is me right now. 4 to go on my Watch Later, haha
same here checks date 2013 the fuck I have been missing out
d1rksta same. Been watching these for 10 hours not got a clue what they're talking about tbh but it's clever as fuck.
Gotta respect speaker 2. He was clearly uncomfortable with public speaking, but he dropped a huge load of interesting information.
Very complicated but interesting to watch. I never realised that the SIM card was a smart CPU based card. I thought it was just a EEPROM.
an* do you also think your HDD or SSD is just a spinning plate or flash cell? (not meant too offensive but this is obvious)
@@chrissxMedia Necroposting while being an asshole. Nice.
Yes, it's likely an arm-m0 with 8-16K of ram with a serial interface and some non-volatile memory. Possibly the A3/A5 crypto and whatever crypto I'm potentially missing about UMTS and LTE might be in there in hardware as well. That's all it is. It has an ISO protocol for talking to it, bits send over a serial line and messages are along the lines of CLA INS LEN P1 P2. CLA and INS are class and instruction. Some instructions are even standardized like those to do with files, SELECT FILE, APPEND FILE etc. Files are not huge btw. There are a few bytes long maybe 512-1024 bytes max because the flash will be maybe anything from 8-32K. The smartcard OS firmware will usually observe wear levelling especially for files that get updated a lot. Without knowing too much I'll bet you have to access the GSM application by authenticating against a file using PIN1. Then you can use the instruction to calculate the reply to A3 crypto challenges.
And then there are also ways to add your own SIM Toolkit applications.
So you see, it's not at all just a piece of "dumb" flash memory. It definitely can do a hell of a lot more than your first home computer if you had one. Only the RAM is lots less, usually around 1-8K.
I find it crazy to think that inside this tiny tiny chip there's a whole computer with better specs than a freaking NES (Nintendo).
(Minus a few things like the GPU... I know...)
If it was only a simple EEPROM it would be so easy to clone. The reason you need a CPU inside is because that way the private keys never leave the SIM, but the phone simply sends commands to the SIM that computes the required cryptographic functions giving back the result, without the phone knowing the secret keys. That is the principle of operation of all smart cards (a SIM is just one of them), like the one in your credit card or your pay TV card.
This put me on the road to becoming one of the few open-source JavaCard developers. What a talk. They reside in smartcards now, including implants, which I help build.
That's so cool! Do you have any golden tips to further any skills? I hope someday I can produce something as cool as what you're doing.
You're a GOD
I would love to see a talk about actually running the GSM network. That would be interesting.
I used to work at a mobile service provider, where we had these little card reader/writers with which you could program these. From what I remember, we wrote our own little apps.
I was thinking this talk was out of date, then I saw it was from three years ago and realised these guys were the ones who pioneered sim apt
what is sim apt?
@@busteraycan I second this
Lol I was thinking this comment was out of date then I realized it was from 3 years ago and realized the video was way out of date.
@@TheOnlySolipsist I was thinking this comment to a comment was out of date. Any of you guys still alive?
@@CrazyMineCuberthey are all in jail. Glowies got them
the shot gave big man confidence
And here am I, 6 years later with my dual SIM phone...
In the 2000s in Australia Vodafone sim cards could be used for gprs data (dial up speed pre 3g) without any activation of the card just chuck it in and set the connection to Vodafone and off you go. just used to get $2 sims from the piles in shops. You would get about a week to 2 weeks before the card stopped working then you would use another $2 card. you always got your free calls from a payphone and a straw. useless info now :(
Absolutely fantastic work guys. You're an inspiration to us all.
"This is used by the ISIS competitor,
Google Wallet"
LOL
TIL that SIM cards have much more computational power than the Apollo 11 computer. Most people know that the Apollo 11 computer was primitive in contrast to today's technology, that even a £1 calculator has more power than it did, but it's amazing that SIM cards have up to 250kb of storage, 64kb ram and run at 30mhz while the Apollo 11 computer ran at 0.043mhz and had 4kb ram and a 32kb hard disk.
and fools actually believe such technology managed communications between the earth and the moon....
How quickly my inner nerd has come out after finding defcon!
Memories...I used to do this back in the early 2000...I still have java cards and the card readers laying around.
Very helpful video. Well done!
Good stuff. Thanks for upload.
It's amazing how a lot of the stuff they're talking about back then that was experimental and new became standard practice years later.
I'm so glad to see this talk back. Ugh censorship.
Great vid
As always 👍🤜🤛💪
I see that these programming tools need another abstraction layer through better or improved software tools, or improving an IDE to make programming easy and handle themselves like a current high level programming language, but it could be done, just more work and you'll have an easy way to program these cards. The thing is, if they can act on independently on parallel toe the Smartphone CPU, how do you control it and check what security measures it's using and how it's using them, might be secured being independent, but how do you interface with it, if it can't use the SP screen and other functions
I fiddled with sim cards in the past, when it was quite easy to clone them (getting the secret keys by statistics and guessing run on the replies from the sim) But some time after , the sim card operations limit decreased so this method became unusable...
Big dude with the glasses might seem soft spoken but he's a technological beast
Total catcher, and i agree!
Not to disrespect the presenter or op, presenter did a great job and I've heard comments like ops a lot, but seriously....what are people learning now? Back in the 90s this was two, maybe three steps above script kiddie depending on which language you learned first after binary. The first time I flashed a chip, it was a Sim card. If this is mind blowing, check out totse.com on the way back machine...the bbs boards combined with phrack mag, 2600, and the Linux journal would have been hacker U in the 80s/90s and it produced higher quality intellects than the academic white/black hat BS today. The average hacker has gotten stupid....or there are more normies than usual trying, either way, bad times.
what do u mean? you cant be hacker if your normie? normie is stupid? from what i understand is that you're saying that whole talk was nothing and holds no value comprared to hacking that was happening in 90s? Is that pointless to learn this stuff?
@@shd2937 - no, you cannot be a truly effective hacker if you cannot think outside the status quo. There are good guys around, null byte and hack5 being some of the better ones, but the community on average has lost its ability to freely and critically think.
I definitely think people should learn this stuff, that's the problem, the basics are now seen as advanced or specialty outside of pen-testing. This stuff should be common knowledge by now, not a presentation.
i get your point, i think its an issue honestly, im cysec student myself and i feel like its harder to focus nowadays, i dont want to blame it at social media or phones but i bet that in the old days that you're mentioning, you didnt had so much distractions around, notifications and unecessary bullshit. Im starting my journey with cysec and im obsessed with gaining more skills and knowledge, and in other hand paralysed by amount of information that is avaliable, kinda stuck... Any tips from yours ?
SO SHWEEEETTT...much love Tee with LIONS NAMED LEO.[the music worldwide}
so fun..
I want to know more about how they set up their own mobile network out in the middle of nowhere!
I can't find the programmable smartcards on ebay. Can anyone help with this? i want to purchase them but first I need to find them.
I'd love to see a talk about other aspects of the network, like implementing the gsm protocol, but I'm also about 10 years late so I guess there isnt much use in asking now
Didn't know this I've had a Sim card even before a phone . interesting how a piece of smart card can be programmed in different ways.
Interesting that the provider can load new applets through the air. I wonder what sort of auth is involved... Considering it's possible to set up a fake GSM base with SDR.
Scary stuff.
Tzisorey Tigerwuf Yeah I barely understand this stuff but I get it somebody could sneak something in that could be really powerful for them and damaging to you, stingray baby you’ve beenyou been Zucked!
Yeah, probably a really good way for intelligence service to set up a wiretap... Just run a AT command to dial a number, turn the volume and responses on the display off and you just got yourself a nice mic in the room. Or send a sms to get your cell, etc.
The possibilities are probably endless and it will run on every f*cking phone with no way to notice or delete it (srsly, who would check their SIM card for bugs?)
*hackable*. They covered that. You send any junk to the card, it replies with a signed error message, you recover the key from the signature (weak hash) and sign your payload with that key.
Wow. And now "simjacker" is just made public
@@eulemitbeule5426 dude exactly what "simjacker" could do
Fug guys that's a lot of work and we'll prepped
Good Job! Dealing with SIM-SWAPPING problem in Africa. Any ideas?
I once tried to install an app from the internet onto a windows phone (back when they still were a thing) and not onto the SIM card. I wondered why it had this stange STK name. Now i know why i never got it to work.
Wow, whoever recorded the sound or set the mic gain needs to listen to this at full volume with headphones on. My PC volume was at 75% and my RUclips volume was at 50%, and "welcome, everyone" almost blew my speakers out.
But can you run Doom on those?
Where do you buy a blank SIM Card
Sim Card is a computer...?! Mindblown.
Is there a way to know if this has been done to me? Very confident it is happening by the misleading information I get while on my phone. I get phone calls from different numbers with people who have the same voice claiming they’re from different companies, plus I haven’t had an amber alert the past year or two.I also seen a comment where they worked at a service provider where they had SIM card readers/writers, & my provider had me switch my sims card about 2 times back to back when I’d go to pay my phone bill. Seemed odd to me
in Estonia, Sim app function is used for mobile ID as digital signing and identification service.
8:10 lol just jumps in
this is a neat talk, I did not realize a SIM was a computer, thought it just held some memory or something
Am I the only person who has no audio on this video? WTF, it just stopped. I tried so many things. I've been trying to watch it for weeks now. HELP.
39:11 back when isis was a payment...
Day mean when space station enc decode over smart net,pays?
Have you considered that maybe that's exactly what it still is? Terrorist payment method..... After all, ISIL is the group, so why the change? Those in charge like to name two or more things the same that seem not to be related, but actually are.
isis was also an egyptian goddess, are they also related? did she invent the payment method and birth the terrorist organization too?
And their enemy was Google.
Mobile-ID, Estonia. Use it all the time. App comes with the SIM
Why in the work would you run Java on such a limited system, that's crazy. But looking at 27:42 , craziness seems to be the norm.
Rex2k10
That's disturbing. Why the hell would one put a Java VM on a µController? I even feel like I'm wasting efficiency when using C instead of Assembly.
I believe the main reason was standardization to make it easier for third parties to write apps; reduce complaints from angry users that can't get their game/app to work on their new hand set, and probably a failed attempt at predicting the ways in which mobiles would develop.
"Failed attempt". Lol you do realise Android, the most popular mobile phone operating system in the world supports the Java apis.
Surely the reason JAVA was used instead of Python or some derivative of C is the total limited scope of people who program these things, ever. It's a tiny circle jerk of a few industry leaders, their circle of developers, and managers who have never written a line of code themselves but heard of JAVA on Linkedin.
It is because it is a much safer language to develop with, and if you are going to have any idiot able to develop an app that can be accessed by something that is in every other person in the worlds pocket. You are going to want to avoid that shit storm. There are also Java elitists. The best thing Java did was lend its name to JavaScript.
watching in 2017, boy how names change meaning...
great talk
Gotta love these fools 👍
That's interesting. I never knew there were mobiles without SIMs. How do you bring your number from one phone to another that way?
I think the phone is network bound, so you get a compulsory subscription for the network companies which collaborate with phone companies.
I think If you lose a phone you buy another one of the same network version and calls their customer service to cancel the old number or the new one and choose which will be used
I'm really not sure tho
Thanks for the idea , as new products that are now very interchangeable and allow switching and reading and writing and copy and inter device direct wire connections . As well as transfer of complete Lynix portable device add ons with diverse cell phone multiple adapters at high speed and so much more ability’s . That it’s like a explosion of device uses that never before was so affordable and micro processed and diverse that only ones creative excitement will limit one especially with satellite and ham station and frequency scanners to really make AI a co pilot with a crew working to develop what you simply question if it’s only possible then it’s done before you finish talking with predictive technology .
7:32 If the SIM applet can run arbitrary commands on the phone, doesn't this basically mean that this is some way to "listen" to a phone? I mean arbitrary commands could also mean it can run commands in the background probably without showing anything to the user and therefor activate the microphone and transmit the data to the carrier (or to whomever).. right?
So you if you could change the number dialed you could redirect the call to switch with a recording device/tap and then redirect to the original number dialed? Sounds like a good way to tap phone. But I have no experience with this tech so I really don't know if that would be possible.
Something like that just happened to Estonian foreign minister. Check it out.
Anders Fredriksson
ever hear that wierd noise right before the ring when you call your drug dealer?
The name, ShadyTel describes pretty much any telecom nowadays
Genius!!
Imagine taking that back to commodore 64 time...
Hello dear friends
The 2nd December 2019 we get notified of the censorship of our channel by the new RUclips Guidelines (who change every 6 months) because of "Content reusing without including substantial original commentary or educational value" so in consequence the Monetization of our channel was disabled.
This is a little bit tricky because these Guidelines wasn't there in 2013, 2014, 2015 and so on...
It is abnormal to change the rules during a game
...even more before Christmas!
Since 2013 we are trying to share the best Security Conference on our channel and we need your help to keep it up.
As you already know I was fighting the disease since the last 2 years and it's difficult and without resource and support I wouldn't be able to keep up on this way.
You can support us on Patreon if you find our work valuable.
You can also express your dissatisfaction regarding our situation to RUclips on Twitter, Facebook, Instagram and wherever you can. to help us regain our rights.
Your support in anyway will be truly appreciated
Thanks guys for taking time reading me and stay tuned!
Merry Christmas to you all and God bless you all!
www.patreon.com/HackersOnBoard
Bitcoin Wallet: 1NWM4upgKj8iF7zknzmnHG8Mm2pvAyTHqc
actually, the concept of things being stored on your SIM card that you can easily pop out and move to another device isn't awful in itself.
i see the issue of where that _would_ have led things, but if we could just use it to simply move important data around, it would be nice.
I have a feeling they are indirectly responsible for the large volume of "scam calling" over the past couple years
Before I got a Windows Phone smartphone I would always move my contacts to my SIM card to move between phones but no modern phone OS allows that anymore! Unless there's an app for that?
android does allow it, at least on samsung devices
Anlaggy Laggy Samsung FTW
***** What?
***** Its android, android is the operating system. Samsung is the phone maker.
>mfw put down by totally not op
*:(*
development in this area?
in my country running application in simcard is still a common...
Where are you from?
justFuuZe Prolly south asia.
justFuuZe Going with Filipino. They're subscribed to a few Phillippines-based TV series channels.
The Phillippines would make sense, too, given the nation's rather poor telco situation.
in NZ we have Semble which requires you to upgrade your sim to a more secure sim. would it use SWP?
How do I recover my pin? I locked myself out and I don't know my pin
whats with allaAds again??
So you could inessants, send someone a message or "task" through their phone and leave no trace. Like maybe a location or a time someone will be somewhere......... . . . ?
I wonder if one can write apps in assembly for it and somehow make it interface with the hardware. A SIM card is literally more powerful than a C64.
neoqueto -- Maybe there is but that might be a feature on specific SIM cards. What I have found is just by going to Wikipedia's sim toolkit page and then clicking on the ETSI standards document in the references. That's an eye opener just by itself, because it describes the command the phone accepts from the SIM and how the SIM can f with your phone in many ways. But the Standard you want is ETSI TS 131.113 which talks about the USAT interpreter and it's programming environment. It seems to be just a byte code interpreter with specific data types for text messages etc. And skimming through the manual I find in section 8.8 "Execute Native Command". The instruction code is 47H/C7H followed by length in bytes, then some stuff and finally a 16 bit NCI. You don't get to just jump anywhere you want, you have to give it a native call identifier.
And that's where I'll bet it gets card specific. You're going to have to tell the card os to create a new application for you with a certain AID. In that command you're going to have to tell it how many bytes long. Then you would create the application files including writing your binary to a file and setting a special execute bit on it. The AID is probably the NCI. But for that you are going to have to have a USIM that supports this business, has space available and had its access rules/protections set so you can do it, or you have the crypto keys to unlock these features.
And then I wondered if you can buy fresh un programmed USIM cards online and it turns out you easily can for a very reasonable price. I have no idea what they are the ones I looked at and I would only buy if they can supply the keys and the technical manual. You will likely deal with Chinese who don't speak much English.
Now that's what's possible on the interface between the SIM and the phone and you have been educated on it for free. As a bonus I am just going to throw in I bet you didn't know your sdcards contained a arm core you can run code on using vendor specific sdcard commands.
39:49 boy did that name not age well since 2013
I hope ISIS Co. changed up its branding...
Only need to read the url haha
+rentacow fuckin isis ruined them
):
Trashed the shuttle like some RUclips commenter asked,challenger next,planes?
Softcard now
Nice.
hey guys I am graduated in Computer science engineering.I am interested to pursue Master's.Please help me in choosing the domain in master's...
could you use this to execute arbitrary code? In the right environment?
Could you erase the card and use it as a microcontroller that you program using machine language and just use it as a tiny arduino
I really hope SIM cards have gotten less complicated...
I have a SIM card that, upon first boot, forces the phone into programming mode, connects to a cell tower, registers the phone, writes it to EEPROM then never calls the function ever again, effectively turning it into an one-time card.
That's pretty interesting, care to share more about that? Do you have any documentation/videos talking about this?
why did yt recommed me this
Oh this is your slide, probably the shots are going to head 😂
Nice talk, interesting to hear about what happens in SIM-cards.
He said "ISIS" at 39:51. I am reporting this video for terrorism.
Why is their ads on this? Did you present this?
so sms applet programmers are like modern day PLC programmers lol
That NFC card company's name probably didn't age well
The Other Onion Router?
Do you have permission to monetize these defcon conferences? This is not really your content.
Darren >> There is no fair use in copying someones work and re-posting it in verbatim. And absolutely not to monetize it.
Ads Darren... Ads
Just watched it, no ads here
@D C That's not how fair use works...
@@shockingguy I got 10 ads, maybe you have an ad blocker because it's definitely monetized.
39:49 Did anyone else shit themselves when they heard this?
This is very interesting, but the speakers tend to smack all the time, which drives me crazy and I can't continue listening. I stopped a third in.
*smack smack smack* Thanks for *smack* telling -_-
you passed up some great knowledge for something pretty stupid. welcome to being passed. darwin style dumbass
I torched my SIM after this... Bad SIM, bad, bad... If these nerds figured this out, what could "security" agencies do? What is happening? Did i fall down the rabbit hole by watching this?
being java developer myself, i pretty amazed where java can run, well it would be coll if the showed actualy spy app which can record audio on the sim card!
I'm pretty amazed what Java shouldn't have run. That's just painful to watch.
What about Android and Security ?
Is Rooting and moving to some other OS
a good security thing - i wonder
Because what are the next security steps
and how mature is security on 'smart'-Phones ?
So where are these bytes being sent? From the simcard to the phone?? What if I want these bytes sent to my lab top???
Card for gsm are so cheap ....using PIC 16F84 and 24LC16 that what i used many years ago to clone two numbers on 1 card .....still working in 2015 :)
Anna X Could you please explain what and how you've done (that)?
I don't get it
What do you mean by secure bitcoin transaction 37:37 ?
wheres the doom port for sim cards cmon people we're waiting
But can it run crysis?
No sound?
how did they start their own telco network though??? thats what i wanted to know...
Probably a fem-to-cell or reverse engineered one and setting Sim card to connect to it..
@@shawnireland1197 thank you! still would be nice to have some concrete data on what was used and how
the appendix of telcos
I have SIM toolkit on my OnePlus 2 but when I open it just closes 32:56
My family clone every phone and new sim i get
as much as i *love* very in-depth talks into protocols and communications, and i do love this one, but the speakers tutting between each sentence is driving me insane, i can't ignore it :(
No body is safe from shadism aka sadism LMAOOOO
HELP ANYONE WITH SOME ANDROID SKILLS! I HAVE BEEN ATTACKED.
A few days ago, while watching a RUclips video(via the App) on my Samsung Galaxy S20 FE 5G, the left half of the video portion was covered with a pinkish/orangish screen with the words "MICROWAVE SPY CAMERA 1.XXXX" (where xxxx was 4 digits that I don't remember). After about 20 seconds, I clicked the next video and the exact same thing occurred. I then clicked back to the previous video and the video didn't have this "notice". Then I returned to the new video and it was no longer there either!
I played one more completely different video and it wasn't on it either.
I tried to look in the developer options for how to see active programs running and it listed about 20, but nothing that stood out as suspicious.
I just now put the phone in airplane mode.
How can I inspect my phone for evidence of this "screen notice"? Maybe some kind of cache files containing the "screen notice" or whatever? Is there a way to get a dump of ALL processes running before it's too late and it terminates, or the cache gets deleted?
I would like to get proof this exists on my phone. Need evidence.
Please help ASAP!!
quite cool,