Prehacking: GSM
The last click Issue 2
As promised in the first issue, I've been interested in the hardware part of SIM card cloning. I didn't make as much progress as I would have liked on it, but to present you something, I propose you today to build a smart card reader (which can also be used for bank cards).
This assembly is quite simple to make, I thought it was more clever to make something that works. What follows is more than enough.
First of all, you have to know that SIM cards are "asynchronous", which means that, unlike phone cards that only have memory, SIM cards have a microprocessor, memory, peripherals and operating software. It communicates with its reader in a bidirectional way. As its communication protocol is very close to the RS232 of our devices, a serial port with an interface is enough to operate it.
This interface will allow both reading and writing of any smart card.
Theoretically, such an interface should have a coupler that costs a lot of money, but a software can perfectly replace the microcontroller, and we write a very simple assembly software.
Here is the schematic:
It may look complicated, but it is actually quite simple. We have a 5V voltage regulator, a 3.58MHz clock generator and buffers to manage the I/O voltages ( TXD/RXD ).
Here is the printed circuit:
We connect the whole device to a 9V battery and to the COM port (1 or 2) of the PC with a "monitor extension" cable which connects a DB9 M to a DB9 F.
For the card connector, we use an annex card of which here is the Circuit:
For the ten round holes, use 5 straps which must be soldered first.
To connect the two cards, we use a 10-pin HE10.
For the software, use the following according to the chosen port:
COM 1:
Here is the list of components:
R1 : 15 Ohms
R2, R5 : 10 kOhms
R3 : 27 kOhms
R4 : 680 Ohms
R6 : 1 MOhms
R7 : 2,2 kOhms
C1 : 0.47 microF mylar
C2 : 100 microF/10V electrochemical radial
C3 : 0.1 microF mylar
C4, C5 : 33 pF mylar
IC1 : LM2931Z5
IC2 : 74HCT 04
T1 : 2N2222
D1 : Red LED
D2 : Zener 4.7V/0.25W
Q1 : quartz 3.58 (or 3.579) MHz
1 terminal block 2 circuits (5.08 mm)
1 DB9 female angled socket for IC
1 ITT-CANON smart card connector
1 breakaway strip with double row of angled square pins
2 HE10 plugs 10 contacts to be crimped
20 cm of 10 conductor flat cable
9V battery and clip.
INV1.exe For the manipulation of inverse convention cards.
DIR1.exe For direct convention cards.
OVL.exe which must be in the same directory (mandatory).
COM 2:
INV2.exe
DIR2.exe
When the card is inserted in the reader, it returns a value that starts with 3F. Then you have to enter the commands on the keyboard which consists of 5 bytes followed if necessary by a block of data in hexa.
The 5 bytes:
- CLA: the class of the card which is VITAL and A0 for the SIM
- INS: which is the code of the instruction specific to each card.
- P1 and P2: They are parameters of INS.
- LEN: it's the size of the block that we send or that we read.
If all goes well, the card returns two bytes: 90 00.
For us, it is now a question of getting a blank SIM card of type A0 or VITALE. After that, we look for the instructions to taton.
I leave you here for the moment, and I wish you good construction.
