Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-11-2018, 05:49
m0nix m0nix is offline
Friend
 
Join Date: May 2018
Posts: 12
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 14
Thanks Rcvd at 3 Times in 3 Posts
m0nix Reputation: 0
Question How third parties generate valid pins for locked to the network devices

I was wondering do they cooperate with operators worldwide, maybe they gave them access to the database if they pay fee?

But maybe those services use leaked software that calculates the pins by given imei.
I searched a lot for software that calculates unlock pins by given imei but all that i found was old software for old devices.

Can someone give me information on this topic?
Reply With Quote
  #2  
Old 07-11-2018, 08:49
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
I imagine SIM card locks are not that strong. And this is really a silly point. Obviously if a phone is stolen, the SIM card is thrown away as its a perfect tracing/tracking device. So there is little benefit to trying to break in through it.

This security in context is just to prevent someone who happens on your phone from using it in a short term context. 4 digits but locked after 3 tries which I would hope is in hardware. The 8 digit PUK code would be easily brute forcible with the right hardware.

More interesting is when wifi routers have a default network name which is tied to the default password which typically is never changed.
Reply With Quote
  #3  
Old 07-11-2018, 11:44
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 387
Rept. Given: 2
Rept. Rcvd 21 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 65 Times in 34 Posts
jonwil Reputation: 21
I suspect for a lot of phones that are network locked they use bugs or exploits or the like in the software to unlock it rather than figuring out the actual codes. Certainly for the iPhone they did that quite a few times.
Reply With Quote
  #4  
Old 07-11-2018, 13:09
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,021 Times in 570 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by m0nix View Post
I was wondering do they cooperate with operators worldwide, maybe they gave them access to the database if they pay fee?

But maybe those services use leaked software that calculates the pins by given imei.
I searched a lot for software that calculates unlock pins by given imei but all that i found was old software for old devices.

Can someone give me information on this topic?
In nearly all the countries, with a court order (a judge/DA basically signs a request form by the cops and it takes anywhere from a few hours to a few days depending on the urgency of the case etc and this counts as a court order), SIM CARDS per se can be unlocked by the provider in seconds using their master PUKs.

This is used when the cops need to read some stuff stored on the sim cards. This was widely used a few years when when all the storage of the text messages was only on the sim rather than on the phone.

These days. since smart phones can optionally store stuff in the phone itself, this access to the SIM is requested only in cases where they want to verify some stuff from the SIM itself (identity etc).

It is in general a LOT harder for the cops to get "permissions" from the judges/Attorney General etc than you'd think , mainly due to privacy laws...

What you read on the news are about a few scattered cases...

In REAL LIFE, cops generally strike up a sort of "bargain" with the accused giving them options with a lesser sentence and charges if they would voluntarily agree to unlock their devices etc (sort of a plea bargain)

Further, if you say that you will NOT provide the access code, you could be charged (technically) with "Obstruction of justice". (Yeah, "Obstruction of Justice", "Not following Orders of an Officer" etc take precedence over your "Privacy laws" ).

If you say I "forgot" the code after having used it a minute ago , then again, you could be charged with "lying to an officer" and all sorts of stuff.

So IN SHORT, if they want the code, they WILL get it (sort of) VOLUNTARILY from you, enticing you with a nice bargain .

MOST agree to this and give in.

EVEN if a lawyer is brought in, most of the time the lawyer would advise to give the codes UNLESS he deems that there is a good deal of seriously inciminating evidence on it.

Some lawyers would say NEVER give, but then again, most say that settling for a lesser charge is better, especially when teh evidence against the accused is overwhelming...

SMART criminal do not text their customers on their mobiles regarding their transactions and stuff etc ANYWAY lol



SUMMARY:
IF there is a court order (order signed by a judge/DA counts as a court order), then IF the vendor DOES have a way to unlock ANYTHING (phone, router etc), THEY MUST do so. OR. Face charges.
Apple tried to refuse access last year. But smaller companies cannot afford to do so. They just check the order and if valid they follow it. Even Apple for that matter was under a great deal of pressure at tat time when they refused to unlock the phones...

SMART SOLUTION:
Do NOT use a smart phone for daily use I simply use a $50 phone for calls and text messages. ZERO TRACKING once I turn it off and remove battery.
I keep an iPad/Windows tablet next to me and turn it on to check mails etc as needed.


Source:
As many of you know my company provides IT side (Forensics and Data Acquisition etc) of the support to various Law Enforcement agencies (for "Major Crime" only - (underage-pn videos and images etc))
Yeah, Piracy/cracking is not exactly Major Crime (So we're good )
Reply With Quote
The Following 2 Users Say Thank You to TechLord For This Useful Post:
foosaa (07-18-2018), niculaita (07-11-2018)
  #5  
Old 07-11-2018, 15:48
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
Just to clarify this a bit further, without "probable cause", you would not be obstructing justice and further this would just be coercion to provide the code would amount to an illegal search. Best response would be to wait for lawyer and follow his advice, hiding behind another person as opposed to directly refusing or lying with temporary forgetfulness.
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
niculaita (07-11-2018)
  #6  
Old 07-11-2018, 16:27
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,021 Times in 570 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by chants View Post
Just to clarify this a bit further, without "probable cause", you would not be obstructing justice and further this would just be coercion to provide the code would amount to an illegal search. Best response would be to wait for lawyer and follow his advice, hiding behind another person as opposed to directly refusing or lying with temporary forgetfulness.
Cooking up probable casue is pretty easy :
"I smelt weed (marijuana) in your car" so I need to check.. OR

if I put it in ONE sentence : the word of a cop carries FAR higher weight in front of a judge especially when you do not have any witnesses.

They can even shoot you saying that you tried to hit them etc. Without witnesses its VERY tough to prove otherwise.

BOTTOM-LINE: Try not to antagonize cops by saying all those things like probable cause etc

What I used to do in practise was, that IF you really did nothing, generally , its better to be nice to them.

IF you DID do something, then the BEST approach is to say that you need a lawyer. Say NOTHING MORE. And COMPLY with whatever they ask in the meanwhile.

Body cameras etc have limited value.

Trust me. And read the papers if you still doubt me. Some cops even shoot if they "feel threatened" ... A long enquiry follows but at the end of the day someones dead ..

Cheers
Reply With Quote
The Following 2 Users Say Thank You to TechLord For This Useful Post:
chants (07-12-2018), niculaita (07-11-2018)
  #7  
Old 07-12-2018, 08:44
m0nix m0nix is offline
Friend
 
Join Date: May 2018
Posts: 12
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 14
Thanks Rcvd at 3 Times in 3 Posts
m0nix Reputation: 0
Quote:
Originally Posted by chants View Post
I imagine SIM card locks are not that strong. And this is really a silly point. Obviously if a phone is stolen, the SIM card is thrown away as its a perfect tracing/tracking device. So there is little benefit to trying to break in through it.

This security in context is just to prevent someone who happens on your phone from using it in a short term context. 4 digits but locked after 3 tries which I would hope is in hardware. The 8 digit PUK code would be easily brute forcible with the right hardware.

More interesting is when wifi routers have a default network name which is tied to the default password which typically is never changed.
To clarify i do not talk about the SIM card itself, the lock consist on the device itself, on hardware level strongly connected with low level software on the chip, like the bootloader or emergency download mode.
Reply With Quote
  #8  
Old 07-12-2018, 08:53
m0nix m0nix is offline
Friend
 
Join Date: May 2018
Posts: 12
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 14
Thanks Rcvd at 3 Times in 3 Posts
m0nix Reputation: 0
I have read a lot of stuff on this obscure topic, and it seems that low end or old devices can get their codes calculated easy, but the brand new ones like in my case a Sony device, were secure. There are methods of patching the firmware to bypass those checks, you don't remove them just go around them. And those things are hardware keys like the DRM of the stock rom, the hash of the pin is there too, that's why when i flashed new firmware the lock was still there, and bootloader unlock was not allowed, to make the work even harder.. So enough with the boring stuff, i ordered unlock code for sony device (now i wait) and i was wondering how they get them, there has to be a way of calculating that out by the imei, there are calculators but for very old phones.
Reply With Quote
  #9  
Old 07-12-2018, 10:34
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,021 Times in 570 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by m0nix View Post
To clarify i do not talk about the SIM card itself, the lock consist on the device itself, on hardware level strongly connected with low level software on the chip, like the bootloader or emergency download mode.
The answer remains teh same.
If the vendors tell the law enforcement that they CAN do it but they WILL NOT do it then there could be charges against the vendors (court cases etc).

If the vendors CANNOT do it (technically not possible) then the cops can do nothing.

MOST companies if they CAN do it, they would comply if they see a court order.

Regarding technical feasilibity and possibility, it can only be said with certainty if the exact make and the model of the device in question is known, as obviously, it differs from model to model even from the same company.
Reply With Quote
  #10  
Old 08-03-2018, 06:44
Mkz Mkz is offline
Friend
 
Join Date: Jan 2002
Posts: 98
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 5
Thanks Rcvd at 25 Times in 17 Posts
Mkz Reputation: 2
My take on the original question by @m0nix is that he's asking how do *non-police* companies sell, through the web, either:
- bootloader unlock codes (so you can flash non official ROMs, obtain root, etc.) or
- netlock removal PINs (that will allow you to use the device with SIM cards other than from the carrier that sold the phone to you with a subsidized price.
Not the SIM card PINs/PUKs, which are managed by the hardware inside its chip, and the *phone* manufacturer has nothing to do with.

And the most intriguing part, is that they only request from you the IMEI of your phone, nothing more.

Either:
- the vendors have a very straightforward (even if time/CPU consuming) way of generating those 2 types of unlock codes with a formula related solely with the IMEI - so they don't have to bother registering every single produced device/IMEI on a table along with the *random* bootloader / netlock codes that had been generated
- if the vendors did it safely - generating random codes and storing them on their side - these online sites need inside info so they can sell the codes to you; otherwise, they'd need more info from you, not just the IMEI. Perhaps a dump of a partition with encrypted info validating during the unlock process, or whatever.

I've asked myself this question a few times as well , but it must be the first situation, right?

I remember that when I owned a Sony Android phone and wanted to unlock the bootloader, I reversed the code and saw something along the lines of an SHA or other hash function output stored on the "TA" partition of the device.
When I entered a code to unlock the bootloader, it would get hashed (perhaps with a salt, perhaps with multiple iterations as in the PBKDF2 techniques to prevent brute force, don't remember the details) and the output of those calculations would be compared with the expected hash result stored in that TA partition. The right code will produce that expected hash, and I have no means to know it unless I get it from Sony (at the time they didn't provide unlock codes, don't think they started doing it), or from one of those sites.

Either these 3rd party sites know the formula and run a GPU farm to brute force the right code that generated that hash, crypto-mining style - assuming it's inferable from the IMEI that I as a customer provided them - or they must have inside connections with the phone manufacturer.
I mentioned the bootloader unlock code, but the netlock is likely a similar mechanism.
Reply With Quote
The Following 2 Users Say Thank You to Mkz For This Useful Post:
m0nix (08-15-2018), p4r4d0x (08-03-2018)
  #11  
Old 08-03-2018, 15:13
traf0 traf0 is offline
Family
 
Join Date: Nov 2017
Posts: 86
Rept. Given: 2
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 228
Thanks Rcvd at 118 Times in 46 Posts
traf0 Reputation: 4
  • leaked software (like Siemens ST55 code generator)
  • reversing unlock code algorithm (like Nokia DCT3 code generator)
the same way, as "Creating a key generator to reset a Hikvision IP camera's admin password"
https://neonsea.uk/blog/2018/08/01/hikvision-keygen.html
Reply With Quote
The Following 3 Users Say Thank You to traf0 For This Useful Post:
m0nix (08-15-2018), niculaita (08-03-2018), p4r4d0x (08-03-2018)
  #12  
Old 08-15-2018, 18:59
m0nix m0nix is offline
Friend
 
Join Date: May 2018
Posts: 12
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 14
Thanks Rcvd at 3 Times in 3 Posts
m0nix Reputation: 0
Yes that is exactly what i was wondering! @TechLord

But the thing i noticed is that for certain phone brands the service is the same but more expensive.
As an example for Sony phones is more expensive and for Alcatel the prices are very low.
Reply With Quote
Reply

Tags
lock, pin, sim

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 07:48.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )