±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36783
New Yesterday: 0 Visitors: 92

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

SIM PIN Challenge

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

trewmte
Senior Member
 

SIM PIN Challenge

Post Posted: Jan 08, 09 02:30

Back in 2005 I was at a presentation by a SIM manufacturer when the presentation turned to CHV (Card Holder Verification), the correct technical term for PIN used for SIM Cards.

The presentation had reached the part "Verifying the CHV" and went on to record:

~ To verify PIN, the verifyCHV APDU is used....

A0 20 00 CHVNum 08 PINValue

~ The message sent from the phone to the SIM in order to check your PIN number 1111, is:

A0 20 00 01 08 313131FFFFFFFF

This all seemed normal until three slides later when the presentation started to discuss "File Structure after personalization" and displayed the graphics starting with the Master File (MF) and under which there were five Elementary Files (EF). The graphics displayed in the presentation were text book style when discussing MF and EFs, except for this presentation the manufacturer had gone as far as to identify two particular CHV EFs; one of which was 3F00 - EF_CHV1 0000.




So does that mean a particular EF under the MF in SIM with a logical address 3F00 0000 is always going to be the CHV1 file and would the raw data from that EF reveal a user's PIN number?

Below are raw data extracts from three phases of SIM cards - Phase 1, Phase 2 and Phase 3 (2+) and harvested from the Master File (MF) 3F00 and an unnamed EF immediately under the MF with an addess 3F00 0000.

Your challenge, if you are interested, is to examine the raw data and corroborate whether the data reveals a user's CHV1 (PIN number) or not.

To help, you may want to check the GSM SIM card standard GSM 11.11 to comprehend file structure, formatting and coding etc for elementary files and to learn what the standard has to say about CHV/PIN.

As forensic investigators you shouldn't need the 'carrot and stick' approach to get you to undertake this challenge because I know how much you all love your work and can't get enough of it and that should be reward enough :-). However, the first person who posts the correct answer at Forensic Focus, I am sure we can sort out some sort of prize.

However, there are some rules (there is always something like this):

1) In your answer it should contain identification to a document or weblink that supports the answer (the document/weblink must be traceable and not based on "something somebody told you"). This will be checked before any prize is awarded.
2) Challenge closes 15th February 2012.
3) I wont be giving the answer, because I do not want everyone just to sit back and think they can wait for my reply.

GOOD LUCK


PHASE 1 SIM Card
3F00
--------------------------------------------------------------------------------
Response: 00 00 1A 47 3F 00 00 00 F1 F4 44 13 15 83 02 03 04 00 82 8A 00 00 00 00 00 00 00 00 00 00 00 00 00 00
----------------------------------------
Allocated memory :1A47
File ID :3F00
Type of file :MF
Number of DF : 2
Number of EF : 3
Number of CHV's : 4
CHV1(PIN1) :Disabled
CHV1(PIN1) Status :2 Tries left
CHV1(PIN1) Status :10 Tries left
CHV1(PIN1) Status :0 Tries left
CHV1(PIN1) Status :0 Tries left
--------------------------------------------------------------------------------



3F00:0000
--------------------------------------------------------------------------------
Response: 00 00 00 18 00 00 00 00 FF FF FF 13 06 00 00 02 01 00 00 0A FF
----------------------------------------
File ID :0000
Type of file :RFU
Structure of file :Transparent
File Size :0018
Read Access :CHV (PIN) 15
Write Access :CHV (PIN) 15
Increase Access :CHV (PIN) 15
Rehabilitate :CHV (PIN) 15
Invalidate Access :CHV (PIN) 15
File Status :Not Invalidated
--------------------------------------------------------------------------------


Phase 2 SIM Card
3F00
--------------------------------------------------------------------------------
Response: 00 00 63 9C 3F 00 01 FF FF FF FF 01 0E 93 02 07 02 00 83 8A 00 00 00 00 83 00 FF
----------------------------------------
Allocated memory :639C
File ID :3F00
Type of file :MF
Number of DF : 2
Number of EF : 7
Number of CHV's : 2
CHV1(PIN1) :Disabled
CHV1(PIN1) Status :3 Tries left
CHV1(PIN1) Status :10 Tries left
CHV1(PIN1) Status :0 Tries left
CHV1(PIN1) Status :0 Tries left
--------------------------------------------------------------------------------



3F00:0000
--------------------------------------------------------------------------------
Response: 00 00 00 12 00 00 04 00 FA FF FF 01 02 00 00
----------------------------------------
File ID :0000
Type of file :EF
Structure of file :Transparent
File Size :0012
Read Access :CHV (PIN) 15
Write Access :CHV (PIN) 10
Increase Access :CHV (PIN) 15
Rehabilitate :CHV (PIN) 15
Invalidate Access :CHV (PIN) 15
File Status :Not Invalidated
--------------------------------------------------------------------------------


Phase 3 (2+) SIM Card
3F00
--------------------------------------------------------------------------------
Response: 00 00 00 01 3F 00 01 00 00 00 00 00 09 81 04 12 0A 00 83 8A 83 8A
----------------------------------------
Allocated memory :0001
File ID :3F00
Type of file :MF
Number of DF : 4
Number of EF : 18
Number of CHV's : 10
CHV1(PIN1) :Disabled
CHV1(PIN1) Status :3 Tries left
CHV1(PIN1) Status :10 Tries left
CHV1(PIN1) Status :3 Tries left
CHV1(PIN1) Status :10 Tries left
--------------------------------------------------------------------------------



3F00:0000
--------------------------------------------------------------------------------
Response: 00 00 00 17 00 00 04 00 FB FF FF 01 02 00 00
----------------------------------------
File ID :0000
Type of file :EF
Structure of file :Transparent
File Size :0017
Read Access :CHV (PIN) 15
Write Access :CHV (PIN) 11
Increase Access :CHV (PIN) 15
Rehabilitate :CHV (PIN) 15
Invalidate Access :CHV (PIN) 15
File Status :Not Invalidated
--------------------------------------------------------------------------------
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 


Last edited by trewmte on Mar 19, 11 13:27; edited 1 time in total
 
  

trewmte
Senior Member
 

Re: SIM PIN Challenge

Post Posted: Feb 02, 09 03:07

A reminder that this challenge ends on the 15th February 2009.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

trewmte
Senior Member
 

Re: SIM PIN Challenge

Post Posted: Feb 02, 09 17:13

No pressure here guys, but we have had the first written response to the SIM PIN Challenge from a Challenge Entrant who has just started in mobile telephone forensics. This Challenge should therefore be a walk in the park for all you mobile phone and computer forensic examiners who have given evidence about SIM Cards in Court.

As a brief history about SIM Cards, the requirement for *Personal Identity Number (PIN) to be available in a SIM Card is defined by way of the GSM Standard GSM11.11. Moreover, GSM11.11 v3 1995 standard and onwards can be downloaded free of charge. So at least we know there is over 13 years of technical knowledge about SIM Card PIN that is traceable. Furthermore, there are other standards that are used to test for allocation and activation of PIN and the mandated execution of the function between the mobile phone and SIM Card.

*Do remember that PIN is only used because it is comon language now, but has been made obsolete from the standards and replaced by CHV (Card Holder Verification).

Finally, many ten of thousands of SIM Cards have been examined and their evidence, along with examiners' testimonies/experts' opinions, have been presented in criminal proceedings at Court for well over a decade. A large number of the SIM Cards presented for examination had PIN enabled, thus understanding the fundamental operation of PIN is vital to forensic investigation understanding and the evidence presented about it.

I thought you might like to know I have sent copies of this Challenge and MOBILE FORENSICS AND EVIDENCE DEGREES/CHALLENGE
(http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3388) to the following who have the responsibility for: innovation, universities and skills; and regulation of forensic sciences:

- Rt Hon John Denham Secretary of State for the Department of Innovation, Universities and Skills (DIUS)
- Mr Andrew Rennison UK Forensic Science Regulator
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

halil
Newbie
 

Re: SIM PIN Challenge

Post Posted: Feb 17, 09 16:54

We have studied a lot but could not find anything. Would you give more details/hints about the solution.  
 
  

Ninja
Member
 

Need your Help!

Post Posted: Jul 09, 09 03:48

Confused Permit me call you teacher, I ve been going thru your lesson series and am quiet impressed at the way things are going in the forum.
Am in a country with a lot of kidnapping which needs alot of knoweldge to despair. Though, my little field knowledge has been carrying me through various investigations. Am aquited with knowledge of Mobile foerensic via self research and person field challenges that has seen me thru sovling some Kidnap & murder cases in my country. I ve faint knowledge of IMEI, SIM, Blacklist, CDR etc. I really know i need to get to a Mobile forensic school to be a professional. I also want to enlist your support in solving some cases arising from kidnaps.
Thank you!
_________________
Law Enforcement Agent with Mobile Forensic Expertise in Investigation. 
 

Page 1 of 1