Touche'

at 31:56 it says "Shadysim" although i think it's a name of an app they made for it or part of a script

@Tntmod54321 you clearly, clearly didn't get the original comment. WAY over your head.

is it the real simshady?

What?

yup what happened to me was i was learning about the art of hacking and programming, Then i saw that defcon had some ted talk type shit and was like, oh dis gonna be some good shit and you were hours down the hole, i am weeks down dis hole

Got here via Jason Scott talks... learning ALL the things now!

This is me right now. 4 to go on my Watch Later, haha

same here checks date 2013 the fuck I have been missing out

d1rksta same. Been watching these for 10 hours not got a clue what they're talking about tbh but it's clever as fuck.

an* do you also think your HDD or SSD is just a spinning plate or flash cell? (not meant too offensive but this is obvious)

@@chrissxMedia Necroposting while being an asshole. Nice.

Yes, it's likely an arm-m0 with 8-16K of ram with a serial interface and some non-volatile memory. Possibly the A3/A5 crypto and whatever crypto I'm potentially missing about UMTS and LTE might be in there in hardware as well. That's all it is. It has an ISO protocol for talking to it, bits send over a serial line and messages are along the lines of CLA INS LEN P1 P2. CLA and INS are class and instruction. Some instructions are even standardized like those to do with files, SELECT FILE, APPEND FILE etc. Files are not huge btw. There are a few bytes long maybe 512-1024 bytes max because the flash will be maybe anything from 8-32K. The smartcard OS firmware will usually observe wear levelling especially for files that get updated a lot. Without knowing too much I'll bet you have to access the GSM application by authenticating against a file using PIN1. Then you can use the instruction to calculate the reply to A3 crypto challenges. And then there are also ways to add your own SIM Toolkit applications. So you see, it's not at all just a piece of "dumb" flash memory. It definitely can do a hell of a lot more than your first home computer if you had one. Only the RAM is lots less, usually around 1-8K.

I find it crazy to think that inside this tiny tiny chip there's a whole computer with better specs than a freaking NES (Nintendo). (Minus a few things like the GPU... I know...)

If it was only a simple EEPROM it would be so easy to clone. The reason you need a CPU inside is because that way the private keys never leave the SIM, but the phone simply sends commands to the SIM that computes the required cryptographic functions giving back the result, without the phone knowing the secret keys. That is the principle of operation of all smart cards (a SIM is just one of them), like the one in your credit card or your pay TV card.

That's so cool! Do you have any golden tips to further any skills? I hope someday I can produce something as cool as what you're doing.

You're a GOD

what is sim apt?

@@busteraycan I second this

Lol I was thinking this comment was out of date then I realized it was from 3 years ago and realized the video was way out of date.

@@TheOnlySolipsist I was thinking this comment to a comment was out of date. Any of you guys still alive?

@@CrazyMineCuberthey are all in jail. Glowies got them

and fools actually believe such technology managed communications between the earth and the moon....

Total catcher, and i agree!

Not to disrespect the presenter or op, presenter did a great job and I've heard comments like ops a lot, but seriously....what are people learning now? Back in the 90s this was two, maybe three steps above script kiddie depending on which language you learned first after binary. The first time I flashed a chip, it was a Sim card. If this is mind blowing, check out totse.com on the way back machine...the bbs boards combined with phrack mag, 2600, and the Linux journal would have been hacker U in the 80s/90s and it produced higher quality intellects than the academic white/black hat BS today. The average hacker has gotten stupid....or there are more normies than usual trying, either way, bad times.

what do u mean? you cant be hacker if your normie? normie is stupid? from what i understand is that you're saying that whole talk was nothing and holds no value comprared to hacking that was happening in 90s? Is that pointless to learn this stuff?

@@shd2937 - no, you cannot be a truly effective hacker if you cannot think outside the status quo. There are good guys around, null byte and hack5 being some of the better ones, but the community on average has lost its ability to freely and critically think. I definitely think people should learn this stuff, that's the problem, the basics are now seen as advanced or specialty outside of pen-testing. This stuff should be common knowledge by now, not a presentation.

i get your point, i think its an issue honestly, im cysec student myself and i feel like its harder to focus nowadays, i dont want to blame it at social media or phones but i bet that in the old days that you're mentioning, you didnt had so much distractions around, notifications and unecessary bullshit. Im starting my journey with cysec and im obsessed with gaining more skills and knowledge, and in other hand paralysed by amount of information that is avaliable, kinda stuck... Any tips from yours ?

Tzisorey Tigerwuf Yeah I barely understand this stuff but I get it somebody could sneak something in that could be really powerful for them and damaging to you, stingray baby you’ve beenyou been Zucked!

Yeah, probably a really good way for intelligence service to set up a wiretap... Just run a AT command to dial a number, turn the volume and responses on the display off and you just got yourself a nice mic in the room. Or send a sms to get your cell, etc. The possibilities are probably endless and it will run on every f*cking phone with no way to notice or delete it (srsly, who would check their SIM card for bugs?)

*hackable*. They covered that. You send any junk to the card, it replies with a signed error message, you recover the key from the signature (weak hash) and sign your payload with that key.

Wow. And now "simjacker" is just made public

@@eulemitbeule5426 dude exactly what "simjacker" could do

Day mean when space station enc decode over smart net,pays?

Have you considered that maybe that's exactly what it still is? Terrorist payment method..... After all, ISIL is the group, so why the change? Those in charge like to name two or more things the same that seem not to be related, but actually are.

isis was also an egyptian goddess, are they also related? did she invent the payment method and birth the terrorist organization too?

And their enemy was Google.

Something like that just happened to Estonian foreign minister. Check it out.

Anders Fredriksson ever hear that wierd noise right before the ring when you call your drug dealer?

Where are you from?

justFuuZe Prolly south asia.

justFuuZe Going with Filipino. They're subscribed to a few Phillippines-based TV series channels. The Phillippines would make sense, too, given the nation's rather poor telco situation.

Rex2k10 That's disturbing. Why the hell would one put a Java VM on a µController? I even feel like I'm wasting efficiency when using C instead of Assembly.

I believe the main reason was standardization to make it easier for third parties to write apps; reduce complaints from angry users that can't get their game/app to work on their new hand set, and probably a failed attempt at predicting the ways in which mobiles would develop.

"Failed attempt". Lol you do realise Android, the most popular mobile phone operating system in the world supports the Java apis.

Surely the reason JAVA was used instead of Python or some derivative of C is the total limited scope of people who program these things, ever. It's a tiny circle jerk of a few industry leaders, their circle of developers, and managers who have never written a line of code themselves but heard of JAVA on Linkedin.

It is because it is a much safer language to develop with, and if you are going to have any idiot able to develop an app that can be accessed by something that is in every other person in the worlds pocket. You are going to want to avoid that shit storm. There are also Java elitists. The best thing Java did was lend its name to JavaScript.

I think the phone is network bound, so you get a compulsory subscription for the network companies which collaborate with phone companies. I think If you lose a phone you buy another one of the same network version and calls their customer service to cancel the old number or the new one and choose which will be used I'm really not sure tho

Thanks for the idea , as new products that are now very interchangeable and allow switching and reading and writing and copy and inter device direct wire connections . As well as transfer of complete Lynix portable device add ons with diverse cell phone multiple adapters at high speed and so much more ability’s . That it’s like a explosion of device uses that never before was so affordable and micro processed and diverse that only ones creative excitement will limit one especially with satellite and ham station and frequency scanners to really make AI a co pilot with a crew working to develop what you simply question if it’s only possible then it’s done before you finish talking with predictive technology .

That's pretty interesting, care to share more about that? Do you have any documentation/videos talking about this?

android does allow it, at least on samsung devices

Anlaggy Laggy Samsung FTW

***** What?

***** Its android, android is the operating system. Samsung is the phone maker.

>mfw put down by totally not op *:(*

neoqueto -- Maybe there is but that might be a feature on specific SIM cards. What I have found is just by going to Wikipedia's sim toolkit page and then clicking on the ETSI standards document in the references. That's an eye opener just by itself, because it describes the command the phone accepts from the SIM and how the SIM can f with your phone in many ways. But the Standard you want is ETSI TS 131.113 which talks about the USAT interpreter and it's programming environment. It seems to be just a byte code interpreter with specific data types for text messages etc. And skimming through the manual I find in section 8.8 "Execute Native Command". The instruction code is 47H/C7H followed by length in bytes, then some stuff and finally a 16 bit NCI. You don't get to just jump anywhere you want, you have to give it a native call identifier. And that's where I'll bet it gets card specific. You're going to have to tell the card os to create a new application for you with a certain AID. In that command you're going to have to tell it how many bytes long. Then you would create the application files including writing your binary to a file and setting a special execute bit on it. The AID is probably the NCI. But for that you are going to have to have a USIM that supports this business, has space available and had its access rules/protections set so you can do it, or you have the crypto keys to unlock these features. And then I wondered if you can buy fresh un programmed USIM cards online and it turns out you easily can for a very reasonable price. I have no idea what they are the ones I looked at and I would only buy if they can supply the keys and the technical manual. You will likely deal with Chinese who don't speak much English. Now that's what's possible on the interface between the SIM and the phone and you have been educated on it for free. As a bonus I am just going to throw in I bet you didn't know your sdcards contained a arm core you can run code on using vendor specific sdcard commands.

Only need to read the url haha

+rentacow fuckin isis ruined them ):

Trashed the shuttle like some KZfaq commenter asked,challenger next,planes?

Softcard now

*smack smack smack* Thanks for *smack* telling -_-

you passed up some great knowledge for something pretty stupid. welcome to being passed. darwin style dumbass

I'm pretty amazed what Java shouldn't have run. That's just painful to watch.

Darren >> There is no fair use in copying someones work and re-posting it in verbatim. And absolutely not to monetize it.

Ads Darren... Ads

Just watched it, no ads here

@D C That's not how fair use works...

@@shockingguy I got 10 ads, maybe you have an ad blocker because it's definitely monetized.

Anna X Could you please explain what and how you've done (that)?

Probably a fem-to-cell or reverse engineered one and setting Sim card to connect to it..

@@shawnireland1197 thank you! still would be nice to have some concrete data on what was used and how

+Insufferable Picks Why? It's a beautiful name.

Sperminski ha, ha Google it

alahu abakahar