http://www.youtube.com/v/cmU2Al6RSvs
Part 2
Apple iphone 3G unlocked with Rebel SimCard World First Solution
the rebel sim R&D Team Hit Jackpot and preview the first unlock solution for the iphone 3G with the 2.0 firmware.
Patience pays of and the Rebel simcard Team show the unlocking of the newest phone on the market the iphone 3G Model
Rebel SimCard unlocks Network Restrictions on Nokia N82
Rebel Sim card has been released today by Solutions Point Limited, UK, they claim this product to be in the line of those smart technological solutions who will bring a revolution in the mobile phone unlocking industry, it would revolutionarise the way people use their mobile phones, by bringing in options which were not possible before.
Rebel Sim card can bypass network locks on almost all phones available in the market till date, and it would also support 95% of upcoming phone models out of the box, without making any changes to Rebel Sim card.
Rebel Sim card is used in parallel to the existing sim card as its only 0.10mm thick, therefore can be inserted along with existing simcard in any of the mobile phones available throughout the world.
It can also be removed easily, without causing any damage to the phone and the phone does not lose its warranty!
Rebel Simcard is the World’s first sim card which is fully compatible with UMTS technologies, which means users will get the same quality of service as they would get with a fully unlocked phone.
Rebel Sim card is transparent to the mobile phone, it does not interrupt in any of the existing features the simcard or the mobile phone has to offer either it be emails, Wifi, Bluetooth, 3G, GPS or any other service, rather it enhances the existing features with its proprietary menu which gives the user a whole lot of control over how Rebel Sim card functions for a particular mobile phone.
Rebel Sim card is backed up by experienced and highly skilled development team along with hundreds of beta testers throughout the world, who test Rebel Sim card on almost any new phone which is released in any part of the world.
Rebel Sim card also has a STK menu, Apart from giving better control to the end user on the Rebel Simcard features, This menu enables it to run high security applications like banking services, transactions etc, moreover it enhances the existing network simcard by adding more features to it, like Value Added Services, Telecom applications, Logos, Ringtones etc. This makes it a one and only choice for MVNO’s who are trying to discover new lands and increase their market share.
However the technology behind bypassing of network locks on a mobile phone looks rather complex and is no way a game of a common man, but by bringing the ease of use and simplicity Rebel Sim card provides to unlock a mobile phone to common people who know nothing about this technology, depicts a fine example, how difficult things can be made so simple by people who are behind such technologies and are working hard and writing new rules of the game
Types of Smart Cards
These Integrated Circuit Cards come in two forms when we categorize them based on the way we use tem, contact and contact-less. The former is easily identified due to its characteristic gold connector plate.
Originally the ISO Standard (7816-2) defined eight contacts, but only 6 are actually used to communicate with the outside world and rest two are marked as RFU (Reserved for future use). The contact-less cards optionally may contain its own power source, however mostly the operating power is provided to the contact-less card by means of an inductive loop that uses low frequency electronic magnetic radiation. The signals needed for communication with the reader devices may be transmitted in a similar way or can use capacitive coupling or even an optical connection (IR).
The Contact card is the most widely used ICC to date largely because of its use as telephone prepayment card. Yes! The SIM card that we you use in our cell phones is just a Smart card without the plastic base. Most contact cards contain only a simple integrated circuit although some also use two chips; the other one is used to perform complex cryptographic computations (which I’ll explain shortly). The chip itself varies considerably between vendors and each takes it own way of programming application for it, but the Java Card™ initiative by Sun has made it a breeze to write Smart Card applications that can be downloaded onto the memory of these cards and can execute on any type of chip which supports the Java Card runtime environment. I’ll come to programming the Smart cards in next article of this series.
Figure 2
Let us now consider the use of the 6 contacts used by the ICC:
Vcc is the supply voltage that drives the chips and is generally 3 to 5 volts with 10% deviation allowed. It used to be in 5-volt range prior to the recent move towards low power devices to make these cards.
Vss/GND pin is used to provide the substrate or ground reference voltage against which the Vcc potential is measured. It is usually 0 volts.
Reset is the signal line that is used to send the signal to the integrated circuit in order to reset it. This is a complex process that we shall describe later in more detail. There are two ways a card is reset:
Clock pin is used to drive the logic of the embedded IC and is also used as the reference for the serial communications synchronization. This pin is provided because the ICC doesn’t have any clock generator onboard and needs this as external input. The card reader device provides this clock. The clock frequency is 5MHz generally but many high end ICCs use frequency multipliers to operate at higher frequencies up to 40 MHz.
Vpp pin is now optional and used only in old cards. Previously it was used for the high voltage signal that is necessary to program the EPROM memory. It was provided with two voltage levels. The lower one (or the idle state) is held down by the Card Reader device, until the higher level (or the active state) is required.
I/O pin is the serial input/output (SIO) connector. This is the signal line by which the underlying circuit receives commands and interchanges data with the outside world. This process will be explained in more detail when we talk about programming applications that receive these commands.
ATR
ATR is used for conveying parameters that are required by the card to establish a data communication pathway. This message is conveyed as soon as the power in the smart card is set to on and stands for answer to reset (ATR).
It is usually up to 33 bytes, contains the transmission parameters such as T = 0 and T = 1, which are supported by the card. It also carries all the necessary information that is required to be known by the host such as:
Answer
The APDU (Application Protocol Data Unit) is the communication unit between a reader and a card. The structure of an APDU is defined by the ISO 7816 standards.
There are two categories of APDUs: command APDUs and response APDUs. As the name implies, the former is sent by the reader to the card: it contains a mandatory 5-byte header and from 0 to up to 255 bytes of data. The latter is sent by the card to the reader: it contains a mandatory 2-byte status word and from 0 to up to 256 bytes of data.
The APDU is an application level protocol as specified in the ISO 7816-4, which takes place between a smart card and a host application for the communication purpose.
APDU consist of two structures, as defined below:
Structure of the APDU is given below:
1. Command APDU
Mandatory Header | Optional body | |||||
CLA | INS | P1 | P2 | Lc | Data Field | Le |
2. Response APDU
Optional body | Mandatory Trailer | |
Data Field | SW1 | SW1 |
Note:
The second case further divides the command and response APDU in four categories.
A file is composed of a header and a body. The header contains structure and attribute information and is managed by the operating system. The body, which is optional, contains the actual data. Files are uniquely identified by a two-byte hexadecimal number.
First Byte |
GSM file type |
3F |
Master File |
7F |
Dedicated File |
2F |
Elementary File under the Master File |
6F |
Elementary File under a Dedicated File |
GSM file type identifiers (first byte).
There are three different types of files on a SIM: a master file (MF), dedicated files (DF), and elementary files (EF). There is one master file on a SIM, which holds all the other files in a tree-like structure. Dedicated files are headers that hold hierarchical trees of elementary files, but don’t have data of their own. GSM defines two dedicated files immediately under the MF, DFGSM
containing GSM application files and DFTELECOM containing the application service features.
Elementary files (EF) have both a header and a body, and come in three flavors. The first, called transparent, is a binary file that can store information of varying length in any location. This is a raw, unstructured, random access file. The second is called linear fixed and stores data records that all have the same fixed length. The third is termed cyclic and is designed to store records in chronological order. It also uses fixed-length records, but when the last entry is full the next record overwrites the oldest entry.
This transmission protocol uses Application Protocol Data Units (APDU), which can be either commands or responses. These are sent across the electrical interface between the SIM and the mobile equipment, or the SIM-ME interface for short.
CLA |
INS |
P1 |
P2 |
P3 |
Data |
Command APDU format.
There are five fields in an APDU command. The class of instruction (CLA) is always A0 for GSM. The instruction code (INS) indicates the particular command to be performed. P1, P2, and P3 are parameters for the command, with P3 containing the length of the Data segment, if any.
Data |
SW1 |
SW2 |
Response APDU format.
The response to a command is returned in three fields. The Data portion, if any, contains information requested in the command. SW1 and SW2 are status words indicating the success or failure of the command.
A number of commands are defined for GSM SIM cards, including functions to read and write data, confirm security features, and run the GSM authentication algorithm. Completing an entire GSM procedure may require a series of APDU command/response pairs.
COMMAND |
INS |
P1 |
P2 |
P3 |
SELECT |
A4 |
00 |
00 |
02 |
STATUS |
F2 |
00 |
00 |
length |
READ BINARY |
B0 |
offset (high) |
offset (low) |
length |
UPDATE BINARY |
D6 |
offset (high) |
offset (low) |
length |
READ RECORD |
B2 |
record number |
mode |
length |
UPDATE RECORD |
DC |
record number |
mode |
length |
SEEK |
A2 |
00 |
type/mode |
length |
INCREASE |
32 |
00 |
00 |
03 |
VERIFY CHV |
20 |
00 |
CHV number |
08 |
CHANGE CHV |
24 |
00 |
CHV number |
10 |
DISABLE CHV |
26 |
00 |
01 |
08 |
ENABLE CHV |
28 |
00 |
01 |
08 |
UNBLOCK CHV |
2C |
00 |
00 (for CHV1) 02 (for CHV2) |
10 |
INVALIDATE |
04 |
00 |
00 |
00 |
REHABILITATE |
44 |
00 |
00 |
00 |
RUN GSM ALGORITHM |
88 |
00 |
00 |
00 |
SLEEP |
FA |
00 |
00 |
00 |
GET RESPONSE |
C0 |
00 |
00 |
length |
SIM command coding.