Extract Kc from Phone?
dexter
zero-kelvin at gmx.de
Thu Feb 17 01:02:21 CET 2011
Hi folks.
>
> How do they do that? As far as I know Kc shouldn't be extracted (except from
> very old cards). I would be better to know to have an open source sw that
> allow us to understand...
>
The Kc is only the session key. The Ki is the key that you can not extract.
I had a similar problem some time ago. I wanted to get the current kc in
realtime. My solution was to sniff the kc from the data stream between
sim and phone. The kc occurs in 2 ways: 1. When RUN-GSM-ALGORITHM is
executed and when the phone stores the Kc back on the simcard.
You can download the sourcecode, layouts for my approach at:
http://www.runningserver.com/software/chipcardlab.tar
The hardest task is to sniff the data because the baudrate of the
communication is not a standard baudrate. You can also try to get
simtrace (http://bb.osmocom.org/trac/wiki/SIMtrace) running. I did not
test it yet but i think it can achieve the same.
You could also find a phone where you can read the Kc by sending APDUs
through AT-Commands. Some Blackberrys have a netmonitor mode that can
display the Kc.
regards.
Philipp
More information about the baseband-devel
mailing list