Below is UST (USIM
Service Table) 3GPP 31.102 that may be found in a UST elementary file.
QUESTION 1
There are at minimum 1,900 items for
examination discovery, investigatory leads and evidence
that can be obtained from these UST entries. Can you identify just 50 items for
examination discovery, investigatory leads and evidence? If so, what are they?
Service n°1: Local Phone Book
Service n°2: Fixed Dialling Numbers (FDN)
Service n°3: Extension 2
Service n°4: Service Dialling Numbers (SDN)
Service n°5: Extension3
Service n°6: Barred Dialling Numbers (BDN)
Service n°7: Extension4
Service n°8: Outgoing Call Information (OCI and OCT)
Service n°9: Incoming Call Information (ICI and ICT)
Service n°10: Short Message Storage (SMS)
Service n°11: Short Message Status Reports (SMSR)
Service n°12: Short Message Service Parameters (SMSP)
Service n°13: Advice of Charge (AoC)
Service n°14: Capability Configuration Parameters 2 (CCP2)
Service n°15: Cell Broadcast Message Identifier
Service n°16: Cell Broadcast Message Identifier Ranges
Service n°17: Group Identifier Level 1
Service n°18: Group Identifier Level 2
Service n°19: Service Provider Name
Service n°20: User controlled PLMN selector with Access Technology
Service n°21: MSISDN
Service n°22: Image (IMG)
Service n°23: Support of Localised Service Areas (SoLSA)
Service n°24: Enhanced Multi Level Precedence and Pre emption Service
Service n°25: Automatic Answer for eMLPP
Service n°26: RFU
Service n°27: GSM Access
Service n°28: Data download via SMS-PP
Service n°29: Data download via SMS CB
Service n°30: Call Control by USIM
Service n°31: MO-SMS Control by USIM
Service n°32: RUN AT COMMAND command
Service n°33: shall be set to '1'
Service n°34: Enabled Services Table
Service n°35: APN Control List (ACL)
Service n°36: Depersonalisation Control Keys
Service n°37: Co-operative Network List
Service n°38: GSM security context
Service n°39: CPBCCH Information
Service n°40: Investigation Scan
Service n°41: MexE
Service n°42: Operator controlled PLMN selector with Access Technology
Service n°43: HPLMN selector with Access Technology
Service n°44: Extension 5
Service n°45: PLMN Network Name
Service n°46: Operator PLMN List
Service n°47: Mailbox Dialling Numbers
Service n°48: Message Waiting Indication Status
Service n°49: Call Forwarding Indication Status
Service n°50: Reserved and shall be ignored
Service n°51: Service Provider Display Information
Service n°52 Multimedia Messaging Service (MMS)
Service n°53 Extension 8
Service n°54 Call control on GPRS by USIM
Service n°55 MMS User Connectivity Parameters
Service n°56 Network's indication of alerting in the MS (NIA)
Service n°57 VGCS Group Identifier List (EFVGCS and EFVGCSS)
Service n°58 VBS Group Identifier List (EFVBS and EFVBSS)
Service n°59 Pseudonym
Service n°60 User Controlled PLMN selector for I-WLAN access
Service n°61 Operator Controlled PLMN selector for I-WLAN access
Service n°62 User controlled WSID list
Service n°63 Operator controlled WSID list
Service n°64 VGCS security
Service n°65 VBS security
Service n°66 WLAN Reauthentication Identity
Service n°67 Multimedia Messages Storage
Service n°68 Generic Bootstrapping Architecture (GBA)
Service n°69 MBMS security
Service n°70 Data download via USSD and USSD application mode
Service n°71 Equivalent HPLMN
Service n°72 Additional TERMINAL PROFILE after UICC activation
Service n°73 Equivalent HPLMN Presentation Indication
Service n°74 Last RPLMN Selection Indication
Service n°75 OMA BCAST Smart Card Profile
Service n°76 GBA-based Local Key Establishment Mechanism
Service n°77 Terminal Applications
Service n°78 Service Provider Name Icon
Service n°79 PLMN Network Name Icon
Service n°80 Connectivity Parameters for USIM IP connections
Service n°81 Home I-WLAN Specific Identifier List
Service n°82 I-WLAN Equivalent HPLMN Presentation Indication
Service n°83 I-WLAN HPLMN Priority Indication
Service n°84 I-WLAN Last Registered PLMN
Service n°85 EPS Mobility Management Information
Service n°86 Allowed CSG Lists and corresponding indications
Service n°87 Call control on EPS PDN connection by USIM
Service n°88 HPLMN Direct Access
Service n°89 eCall Data
Service n°90 Operator CSG Lists and corresponding indications
Service n°91 Support for SM-over-IP
Service n°92 Support of CSG Display Control
Service n°93 Communication Control for IMS by USIM
Service n°94 Extended Terminal Applications
Service n°95 Support of UICC access to IMS
Service n°96 Non-Access Stratum configuration by USIM
Service n°97 PWS configuration by USIM
QUESTION 2
An officer approaches you as the expert to
investigate comminucations on an iPhone. There is known comms that have
taken place but the twist is the comms at the distance end are being
received by a Satellite phone. The user of the SatPhone is known to be
trafficking in young children snatched from parents whilst on holiday.
Your job is to provide evidence to help the police officer regarding
which elementary files in the USIM would be used to permit mobile
network usage (home and roaming) and any network artefacts that maybe
connected to Satellite comms? To help you, a link below leads you to a
piece of equipment that links iPhone to satellite:
www.thuraya.com/
Sunday, March 16, 2014
Saturday, March 15, 2014
SIM Test Card Hardware Layouts
15/11/97
Interface for ASIM
README This file.
EMUSIM.BMP Artwork of Smart Card sized PCB
MAX232.BMP Artwork of Smart Card sized PCB whith MAX232
MAX232LY.GIF Parts placement guide of max232 pcb.
CIRCLAY.GIF Parts placement guide.
The bitmap file can be loaded into Windows Paintbrush then printed. They
are drawn 1:1 at 300 dpi so make sure you click "Use printer resolution" and
the Laser printer is set to 300 dpi before you print. The artwork is drawn as
seen from the copper side. It can be printed on a transparency as is and used
directly in a positive photo etch. The copper side of PCB not touches the
toner side of transparency.
Bye
by Giulio Cesare
SIM/USIM Research Materials
Research Materials
I shall be posting material (example below) I have gathered from my research over the last 20 years that students, examiners and experts may find of use. Some of the materials to be posted I couldn't find when I searched the Internet recently. Whether that is down to me not searching enough or information held in web-based wall-gardens or the information is no longer available, it would be a pity to let that research fade into obscurity. Where I can identify authors of materials posted I shall do so. But if I cannot do that then by posting I am not declaring someone elses work or their material are my creation. I am just sharing what is and in some case what was freely distributed over the years.
Trial and Error
When considering historical material it can provide a useful background insight, whilst at the same time nuture the interest to experiment and offers a knowledge base that may be needed or useful to know when approaching trial and error tests/experimentation.
Past Solutions Future Answers
One last point. A re-occuring theme, when considering digital evidence or forensic methodology or, even, how to apply examination techniques, is that solutions to problems, conundrums or perceived diametrically opposing facts can often be found by studying early developments in particular technologies. The approach that the manufacturer applied to the technology or how research and application found another way through may provide the solution for students, examiners and experts.
TEST SIM Script
(NOTE: The only details I have for the Author "brka". The email and website are no longer active. It is possible that the test materials are compiled from different sources and brought together in one source file. Some of the materials seemed to be have recognisable or at least similar designs to that created by the known programmer/developer "Dejan").
Once when you make TEST SIM using test_sim.hex you can:
Entering into TEST mode
***********************
Insert TEST SIM in your phone.
Power ON phone.
When phone ask for PIN, type 5555
Then, the phone displays "CHECK CARD",
and then Power-Off the phone and Power-Up
The phone will enter into the TEST mode ....
(it can Register on ANY network ... but no Phone calls
can be done)
Entering into CLONE mode (SP Unlocking)
***************************************
Insert TEST SIM in your phone.
Power ON phone.
When phone ask for PIN, type 1111
Phone will display "CHECK CARD"
Wait for few seconds and turn OFF phone!!!
Now turn phone ON and phone will be in CLONE Mode!
Clone Mode works on all Motorola phones!
SP Unlocking
************
Once you are in Clone Mode, type 03# and phone will be unlocked.
NOTE! SP unlocking work on all Motorola phones made before Sep.98!!!
It even works on some of CD920 and CD930 ....
Try it and please write me the results ....
(I found that the phones that IMEI ends with 0 can be unlocked !)
TEST SIM can be made with PIC 16F84 (16C84) wafer card.
***************************************
test_sim.hex
***************************************
This test file is still available on the internet
Tools
PICkit - http://www.microchip.com/Developmenttools/ProductDetails.aspx?PartNO=PG164130
Propic2 Clone - http://cuteminds.com/index.php/en/propic2
I shall be posting material (example below) I have gathered from my research over the last 20 years that students, examiners and experts may find of use. Some of the materials to be posted I couldn't find when I searched the Internet recently. Whether that is down to me not searching enough or information held in web-based wall-gardens or the information is no longer available, it would be a pity to let that research fade into obscurity. Where I can identify authors of materials posted I shall do so. But if I cannot do that then by posting I am not declaring someone elses work or their material are my creation. I am just sharing what is and in some case what was freely distributed over the years.
Trial and Error
When considering historical material it can provide a useful background insight, whilst at the same time nuture the interest to experiment and offers a knowledge base that may be needed or useful to know when approaching trial and error tests/experimentation.
Past Solutions Future Answers
One last point. A re-occuring theme, when considering digital evidence or forensic methodology or, even, how to apply examination techniques, is that solutions to problems, conundrums or perceived diametrically opposing facts can often be found by studying early developments in particular technologies. The approach that the manufacturer applied to the technology or how research and application found another way through may provide the solution for students, examiners and experts.
TEST SIM Script
(NOTE: The only details I have for the Author "brka". The email and website are no longer active. It is possible that the test materials are compiled from different sources and brought together in one source file. Some of the materials seemed to be have recognisable or at least similar designs to that created by the known programmer/developer "Dejan").
Once when you make TEST SIM using test_sim.hex you can:
Entering into TEST mode
***********************
Insert TEST SIM in your phone.
Power ON phone.
When phone ask for PIN, type 5555
Then, the phone displays "CHECK CARD",
and then Power-Off the phone and Power-Up
The phone will enter into the TEST mode ....
(it can Register on ANY network ... but no Phone calls
can be done)
Entering into CLONE mode (SP Unlocking)
***************************************
Insert TEST SIM in your phone.
Power ON phone.
When phone ask for PIN, type 1111
Phone will display "CHECK CARD"
Wait for few seconds and turn OFF phone!!!
Now turn phone ON and phone will be in CLONE Mode!
Clone Mode works on all Motorola phones!
SP Unlocking
************
Once you are in Clone Mode, type 03# and phone will be unlocked.
NOTE! SP unlocking work on all Motorola phones made before Sep.98!!!
It even works on some of CD920 and CD930 ....
Try it and please write me the results ....
(I found that the phones that IMEI ends with 0 can be unlocked !)
TEST SIM can be made with PIC 16F84 (16C84) wafer card.
***************************************
test_sim.hex
***************************************
This test file is still available on the internet
Tools
PICkit - http://www.microchip.com/Developmenttools/ProductDetails.aspx?PartNO=PG164130
Propic2 Clone - http://cuteminds.com/index.php/en/propic2
Subscribe to:
Posts (Atom)