Tagged with:  

Apple iphone 3G unlocked with Rebel SimCard World First Solution

the rebel sim R&D Team Hit Jackpot and preview the first unlock solution for the iphone 3G with the 2.0 firmware.

Patience pays of and the Rebel simcard Team show the unlocking of the newest phone on the market the iphone 3G Model

Tagged with:  

Rebel SimCard unlocks Network Restrictions on Nokia N82

Tagged with:  

Types of Smart Cards

On July 10, 2008, in APDU Commands, by admin

Types of Smart Cards

These Integrated Circuit Cards come in two forms when we categorize them based on the way we use tem, contact and contact-less. The former is easily identified due to its characteristic gold connector plate.

Originally the ISO Standard (7816-2) defined eight contacts, but only 6 are actually used to communicate with the outside world and rest two are marked as RFU (Reserved for future use). The contact-less cards optionally may contain its own power source, however mostly the operating power is provided to the contact-less card by means of an inductive loop that uses low frequency electronic magnetic radiation. The signals needed for communication with the reader devices may be transmitted in a similar way or can use capacitive coupling or even an optical connection (IR).

The Contact card is the most widely used ICC to date largely because of its use as telephone prepayment card. Yes! The SIM card that we you use in our cell phones is just a Smart card without the plastic base. Most contact cards contain only a simple integrated circuit although some also use two chips; the other one is used to perform complex cryptographic computations (which I’ll explain shortly). The chip itself varies considerably between vendors and each takes it own way of programming application for it, but the Java Card™ initiative by Sun has made it a breeze to write Smart Card applications that can be downloaded onto the memory of these cards and can execute on any type of chip which supports the Java Card runtime environment. I’ll come to programming the Smart cards in next article of this series.

Smart Cards

Figure 2

Let us now consider the use of the 6 contacts used by the ICC:

Vcc is the supply voltage that drives the chips and is generally 3 to 5 volts with 10% deviation allowed. It used to be in 5-volt range prior to the recent move towards low power devices to make these cards.

Vss/GND pin is used to provide the substrate or ground reference voltage against which the Vcc potential is measured. It is usually 0 volts.

Reset is the signal line that is used to send the signal to the integrated circuit in order to reset it. This is a complex process that we shall describe later in more detail. There are two ways a card is reset:

  • Warm Reset: When a Signal is sent through this pin to reset the ICC.
  • Cold Reset: When the supply voltage is turned off and on again. Ejecting the card out and inserting again will have the same effect.

Clock pin is used to drive the logic of the embedded IC and is also used as the reference for the serial communications synchronization. This pin is provided because the ICC doesn’t have any clock generator onboard and needs this as external input. The card reader device provides this clock. The clock frequency is 5MHz generally but many high end ICCs use frequency multipliers to operate at higher frequencies up to 40 MHz.

Vpp pin is now optional and used only in old cards. Previously it was used for the high voltage signal that is necessary to program the EPROM memory. It was provided with two voltage levels. The lower one (or the idle state) is held down by the Card Reader device, until the higher level (or the active state) is required.

I/O pin is the serial input/output (SIO) connector. This is the signal line by which the underlying circuit receives commands and interchanges data with the outside world. This process will be explained in more detail when we talk about programming applications that receive these commands.

Tagged with:  

What is ATR ?

On July 10, 2008, in Uncategorized, by admin

ATR

ATR is used for conveying parameters that are required by the card to establish a data communication pathway. This message is conveyed as soon as the power in the smart card is set to on and stands for answer to reset (ATR).

It is usually up to 33 bytes, contains the transmission parameters such as T = 0 and T = 1, which are supported by the card. It also carries all the necessary information that is required to be known by the host such as:

  • Data transmission rate
  • Card hardware parameters
  • Chip serial number
  • Mask version number
Tagged with:  

What is an APDU?

On July 10, 2008, in APDU Commands, by admin

Answer
The APDU (Application Protocol Data Unit) is the communication unit between a reader and a card. The structure of an APDU is defined by the ISO 7816 standards.

There are two categories of APDUs: command APDUs and response APDUs. As the name implies, the former is sent by the reader to the card: it contains a mandatory 5-byte header and from 0 to up to 255 bytes of data. The latter is sent by the card to the reader: it contains a mandatory 2-byte status word and from 0 to up to 256 bytes of data.

The APDU is an application level protocol as specified in the ISO 7816-4, which takes place between a smart card and a host application for the communication purpose.

APDU consist of two structures, as defined below:

  1. Command APDU (C-APDU: this command is used by the host application to send command to the card.
    1. Header: it consist of 4 bytes:-
      1. Class of instruction (CLA)
      2. Instruction code (INS)
      3. Parameters: P1 and 2
    2. Optional body: varies in length.
      1. Lc = specifies the length of the optional body or the data field (Bytes).
      2. Le = specifies the length of the data or the number of bytes that the host is expecting in response to the command sent.
      3. Data field contains the data that are sent to the card for executing the instruction specified in the header.
  2. Response APDU (R-APDU): this command is used by the card in order to respond to the command send by the host application.
    1. Optional body: it consist of data field whose length is specified by the Le
    2. Trailer: it consist of two words SW1 and SW2 called as status word, which denotes the processing state in the card after the execution of the command APDU.

Structure of the APDU is given below:

1. Command APDU

Mandatory Header Optional body
CLA INS P1 P2 Lc Data Field Le

2. Response APDU

Optional body Mandatory Trailer
Data Field SW1 SW1

Note:

  • A command is always paired with response APDU
  • The data field is optional in both command APDU and response APDU.

The second case further divides the command and response APDU in four categories.

  1. There is no transfer of data to or from the card
    1. C- APDU: contains header only.
    2. R- APDU: contains only the trailer status word.
  2. There is no transfer of data to the card but data are returned from the card
    1. C- APDU: contains Le only, which specifies the number of data bytes in the corresponding response APDU.
  3. There is transfer of data to the card but no data is returned from the card
    1. C- APDU: contains Lc and data field, Lc which specifies the length of the data field.
    2. R-APDU: contains the trailer status word SW1 and SW2.
  4. There is transfer of data to the card and data is returned from the card
    1. C- APDU: contains Lc and data field and Le.
    2. R-APDU: contains both the optional body and the trailer status word SW1 and SW2.
Tagged with:  

Supports mostly
2G Sim cards.

Universal Rebel Simcard support Virtually any phone using the Rebel STK Menu

Support for iPhone 3G firmware 2.1 or below

Rebel STK Can change between 12 Modes

Download here

SIM FILE SYSTEM

On July 4, 2008, in APDU Commands, by admin

First Byte

GSM file type

3F

Master File

7F

Dedicated File

2F

Elementary File under the Master File

6F

Elementary File under a Dedicated File

Tagged with:  

SIM COMMANDS

On July 4, 2008, in APDU Commands, by admin

This transmission protocol uses Application Protocol Data Units (APDU), which can be either commands or responses. These are sent across the electrical interface between the SIM and the mobile equipment, or the SIM-ME interface for short.

CLA

INS

P1

P2

P3

Data

Command APDU format.

There are five fields in an APDU command. The class of instruction (CLA) is always A0 for GSM. The instruction code (INS) indicates the particular command to be performed. P1, P2, and P3 are parameters for the command, with P3 containing the length of the Data segment, if any.

Data

SW1

SW2

Response APDU format.

The response to a command is returned in three fields. The Data portion, if any, contains information requested in the command. SW1 and SW2 are status words indicating the success or failure of the command.

A number of commands are defined for GSM SIM cards, including functions to read and write data, confirm security features, and run the GSM authentication algorithm. Completing an entire GSM procedure may require a series of APDU command/response pairs.

COMMAND

INS

P1

P2

P3

SELECT

A4

00

00

02

STATUS

F2

00

00

length

READ BINARY

B0

offset (high)

offset (low)

length

UPDATE BINARY

D6

offset (high)

offset (low)

length

READ RECORD

B2

record number

mode

length

UPDATE RECORD

DC

record number

mode

length

SEEK

A2

00

type/mode

length

INCREASE

32

00

00

03

VERIFY CHV

20

00

CHV number

08

CHANGE CHV

24

00

CHV number

10

DISABLE CHV

26

00

01

08

ENABLE CHV

28

00

01

08

UNBLOCK CHV

2C

00

00 (for CHV1)

02 (for CHV2)

10

INVALIDATE

04

00

00

00

REHABILITATE

44

00

00

00

RUN GSM ALGORITHM

88

00

00

00

SLEEP

FA

00

00

00

GET RESPONSE

C0

00

00

length

SIM command coding.

Tagged with: