SIM-EMU (SIM card emulator)
Daniel Jabif - (Email: info@simemu.cjb.net)
[Translated to english by Alf: pa "at" netcabo.pt]
Version 6.01 for GREENCARD 2 cards(16F876/7 y 24C256)
Version 6.01g for GREENCARD cards(16F876/7 y 24C128)
Version 6.01s for SILVERCARD cards(16F876/7 y 24C64)
NEW Configurator for this version 6.01 Sim_Emu_6.01_CFG_v2.1.zip (Version 2.1)
|
Ayúdame a mejorar SIM-EMU
|
|
|
To access the 6.01 version in spanish click here
http://simemu.cjb.net/
To access the previous 5.00 version in spanish click
here http://simemu.gsmhosting.net/5.00
Il link alla versione 5.00 in italiano è questo
http://simemu.gsmhosting.net/5.00 Ita
Para ir para a versão 5.00 em português clicar
aqui http://simemu.gsmhosting.net/5.00 Pt
Pour accéder à la version 5.00 en français cliquer
ici http://simemu.gsmhosting.net/5.00 Fr
IMPORTANT:
The site http://simemu.com is no longer an official
SIM-EMU site, for which all information on that site has no relation
whatsoever with me neither the official site of SIM-EMU simemu.cjb.net
Due to the closure of my commercial agreement with
UCABLES, from 10-May-2003 on, the SIMCARD8 or any other product may
no longer be commercialized if it inclued SIM-EMU software. Any commercialized
product programmed with any version SIM-EMU will be beeing sold without
my previous consent.
In spite of my continual requests since May 10th (end of the deal) to
UCABLES to stop selling the SIMCARD8 product (SilverCard with pre-programmed
SIM-EMU) I want you to know that today, June, 3rd 2003, UCABLES is still
selling that product, without my consent.
This version makes usage of the extra capacity of
the GreenCard 2 (16F876/24LC256), which has the same PIC has the SilverCard
and GreenCards but doubles the size of the external EEPROM when compared
to the GreenCard.
It's programmed using the same devices as used on previous
versions.
This version also works on the SilverCard (16F876/24LC64)
and the GreenCard (16F876/24LC128) as long as the flash file (SIM_EMU_FL_6.01_xxx.hex) is configured for each of these cards
using the configurator program: SIM_EMU_6.01_CFG.exe.
The new features and improvements introduced were:
Support of up to 10 distinct numbers of distinct operators simultaneously.
PIN security management equal
to the original SIM. (3 PIN attemps + 10 PUK attempts)
Better compatibility with mobile brands
Configurable capacity between
1 and 254 phonebook entries de with 18 characters for name
Capacity configurable between
1 and 99 SMS
Possibility do define the FDN
(Fixed Dialing Numbers list) (up to 254 FDN's)
Simultaneous configuraction of up to 99 SMS's, 254
phonebook entries and 222 fixed dialing numbers
Configurator
Program SIM_EMU_6.01_CFG.exe
Private "Message centre number
(SMSc)" for each of the 10 phone numbers
Built-in compatible ICProg loader to read/write the external EEPROM
Support for instructions required
by some mobiles (SEEK) for PHILIPS and ERICSSON
Rewritten mobile communication
proceedures for better compatibility
Storage of the 10 last dialed numbers. (Used only by some brands
of mobiles)
Configuration of the 10 possible
numbers on the mobile using SMSs
Selection of the number of SMS's
and phonebook entries on the mobile
Scripts to backup / restore
SMS's and ADN's
SIM-EMU management using the
mobile menus (if the mobile supports SATK)
Phone switching without powering
down the mobile (does not work on all phones)
Reset option to re-ask the PIN.
(if switching by menu does not work)
Configuration of the 10 possible
numbers using the menu (creating and deleting)
Configuration of the number of
SMS's using the menu
Possibility to set a description
to each of the 10 phone numbers
Current phone and associated description
checking
Current configuration (SMS/ADN
and active phone numbers) checking
Version information, author (websites
and email)
Implementation of the INCREASE
for cost control
Cardinal compatibility for phonebook
management
Permanent on-screen current number
information (now on most mobiles)
Number switching using a menu
with a list of available numbers
Position associated description
length increased to 16 characters.
Implementation of the INVALIDATE
a REHABILITATE instructions for FDN control
New SMS format to reconfigure
the number of phonebook entries
Possibility to store in the phonebook
some numbers with more that 20 digits
Independant cost control for
each of the 10 positions
GPRS support
Complete PIN2/PUK2 managment,
independant from the 10 PIN/PUK of each position.
SIM-EMU configuration is now
made using PIN2 instead of current PIN
Menu option to change PIN2/PUK2
New SMS format to change PIN2/PUK2
Flash protection
Correct management
of PIN protected files
Possibility to
enable/disable the "Select Phone" menu
Possibility to
enable/disable internal Loader
Compatibility
with new Panasonic and Sagem models (this later yet to verify)
Better compatibility
with GSM Programmer
Possibility to
disable PIN, enabling one of the positions by default
Editing any of
the position descriptions from any selected position
Behaviour change when
updating the number of SMSs on the mobile
For those wishing to keep on reading, I'll describe each introduced
improvement.
Support
of up to 10 distinct numbers of distinct operators simultaneously.
Originally, when changing the number to the number
of another operator it would not stay active until a call was issued
using the new number. Now all data necessary for a quick operator switch
is stored at each position. (LOCI and BCCH registers are stored for each
number). Now called
positions, for simplicity, numbered from 0 to 9.
PIN security management equal to the original SIM. (3 PIN attemps
+ 10 PUK attempts)
The PIN's/PUK's data can be introduced using the mobile
itself, however they can also be placed previously in the flash code
before it's programmed. The default values of PUK / PIN: 00000000 / 0000, 11111111
/ 1111 and 22222222 / 2222 for the
reasons I'll explain ahead. As a suggestion, change them as soon as possible
to the original PUK's of your cards.
The initial 0000, 1111 and 2222 PIN's,
can be changed imediatly from the mobiles own security menu.
Like in the original card, as soon as 3 wrong PIN's
are attempted the PIN will block itself and PUK will be required. As
soon as 10 PUK failed attempts are reached the card will be blocked forever
and will not
work on any phone. Of course the card is recovered once the
flash is reprogrammed.
When powering up the mobile any registered PIN will
be valid as well as any of the PUK's, if the PIN is blocked. Once the
phone is powered on changing the PIN must be done with the PIN of the
current position.
The PIN,PUK and KI codes are stored in the processor's internal
EEPROM, so it's recommended to protect the reading of this area when
programming the flash (CPD).
Better compatibility with mobile brands.
The brands I was able to test were:
NOKIA
SIEMENS
ALCATEL
PHILIPS
ERICSSON
MOTOROLA
MAXON
PANASONIC
MITSUBISHI
NEC
SAGEM
SAMSUNG
This was the part where I had most difficulties, but
finally I got all the models tested working perfectly. The most difficult
ones were SIEMENS and MAXON for them I had to rewerite the mobile communication
routines.
For the PHILIPS and ERICSSON I had to implement and instruction
not used on the rest of the brands,
called SEEK, used to analise the SMS's status.
Storage capacity between 1 and 254 phonebook entries
de with 18 characters for name
I decided to leave the last 51 phonebook entries in the Flash because
it's not recommended to rewrite the Flash frequently since it's durability
is very below the external EEPROM's (1000 write-cycles versus 1000000 of
the EEPROM) and also because I had to get some space on the programming area
for all the improvements I've been developing.
The rest of the entries, between 1 and 103, are located in the external
EEPROM.
The phonebook entries name length has been increased to 18 characters,
once the previous length of 14 characters was not enough for certain
countries.
For those mobiles with their own ADN storage space it's advised to configure
only one ADN to speed up mobile initialization.
Using the SIM_EMU_6.01_CFG.exe it's
possible to configure the maximum number of ADNs prior to the flash
programming. This number can be changed using the mobile, but never
to a value above this pre-defined maximum. As the flash is pre-configured
for the GreenCard2, the default value is 254.
Storage capacity configurable between 1 and 99 SMS
For those mobiles with SMS storage space it's advisable to configure only
1 SMS, to speed up the initialization process.
With the SIM_EMU_6.01_CFG.exe program it's possible to configure the maximum
ammount of SMSs prior to the recording of the flash. This maximum value
can be reduced on the mobile itself, but never to a value above the pre-defined...
The flash is preconfigured for the GreenCard 2, therefore the default
value is 99.
Possibility do define the FDN (Fixed Dialing Numbers list)
(up to 254 FDN's)
This list allows the calls to be restricted to those numbers which
are parte of it and the access to it is protected by PIN2.
Using the SIM_EMU_6.01_CFG.exe program it's possible to configure the number
of FDN's prior to the programming of the flash. As the flash is configured
for the GreenCard 2, the default value is 222 FDNs.
Configurator Program SIM_EMU_6.01_CFG.exe
With this program it is possible to
configure the flash (of any language version) for any type of card, the
maximum number of ADN's, the maximum number of SMS's and the number of
FDN's.
Private "Message centre number (SMSc)" for each of the 10 phone
numbers
Once our numbers are programmed we have to store, using
the mobile, the number of the SMSc (message centre) for each of the numbers.
The default numbers are the 3 SMSs from the Spanish operators:
Amena: +34656000311
Movistar: +34609090909
Airtel: +34607003110
Built-in compatible ICProg loader to read/write the external EEPROM
Once the flash is programmed using ICPROG we can program
the external EEPROM also using ICPROG and a Phoenix programmed without
the need for any special external loader.
Storage of the 10 last dialed numbers. (Used only by some brands
of mobiles)
I've implemented the files of cyclic type
used, among others, to store the last 10 dialled numberes. The 11th
call will delete the oldest. The storage of dialled call in the SIM card
is only made in certain brands of mobiles (Alcatel, Siemens, Ericsson
and maybe others), but on the rest each time you change the number they're
lost because they aren't stored on or read from the SIM. This is something
I don't understand. These brands having the possibilty to save this
info on the SIM card prefer to keep them on the phone itself but erase
them every time the working IMSI is changed.
Configuration of the 10 possible numbers
on the mobile using SMSs
Once the .hex files as they
come in the ZIP are saved, the procedure to update the number data is to
store (not send) a SMS with one of the special formats which are explained
ahead.
Selection of the number of SMS's
and phonebook entries on the mobile
One of the possible procedures to update the number
of SMSs and phonebook entries is similar to the one used to update the
position data.
Scripts to backup / restore SMS's
and ADN's
I've included in the ZIP some scripts to backup /
restore the SMSs and ADNs of the cards, both original and SIM-EMU cards.
SIM-EMU management using the mobile menus (if
the mobile supports SATK)
Possibility to manage all of SIM-EMU's options using
the mobile's menu.
[ from
Alf: note that the phone must support SIMATK (SIM Application Toolkit)
to show the SIM-EMU functions menu. ]
Phone switching without powering down the mobile
(does not work on all phones)
This option allows the active number
to be changed without power-cycling the phone and entering the correspondant
PIN.
Unfortunately there are phones that do not correctly implement this
feature in a quick useful way.
Reset option to re-ask the
PIN. (if switching by menu does not work)
This option has been included
for those phones that will not switch correctly or that’ll do it too slowly.
If the phone operates correctly it should power off and on automatically
and ask for the PIN. If this does not happen then the phone has a bad implementation
of this feature… like some versions of the Nokia 3310, for instance.
Possibility to set a description
to each of the 10 phone numbers
To identify the selected
position in an easier way, it's possible to associate a description (that
can be the phone number itself or any text) to each of the 10 positions.
Current phone and associated description checkin
This option shows the currently
select number and it's associated description.
Current configuration (SMS/ADN
and active phone numbers) checking
This option shows the current
SIM-EMU configuration: the maximum number of SMSs and phonebook entries, the
active phone numbers (occupied posititions) and the default position at power on if PIN is
disabled.
Version information, author (websites and
email)
Shows the SIM-EMU version
and ways to contact me.
Implementation of the INCREASE for cost control
This instruction is necessary
for the correct working in all mobiles of the old contract cards from
Movistar with mobile/card cost control activated.
It's also used on several
italian providers and other countries for cost control on prepaid cards
[Alf: like Portuguese Vodafone’s
old “Vitamina” cards with mobile/card controlled cost]
Compatibility with Cardinal
for phonebook management
As no one has corrected
Cardianal like I requested once, so that it will support chactacter-by-character
recording (following an ISO standard allowing it to work correctly with
SIM-EMU)... I have decided to include a special redundant code so that phonebook
recording will actually work with this software.
Permanent on-screen
current number information (now on most mobiles)
Each time network connection is established
the description associated with the current position is set to the optional
file called SPN (Service Provider Name) that is now used by SIM-EMU.
Like most of the phones the content of this
file (if it exists) on the screen you can see permanently the currently
selected number, along with the registered network.
Suggestion:
Set the description
to “n:phonenumber” so that you can see the position and number. For instance,
for position 3, set the description 3:651974486.
Number switching using a menu
with a list of available numbers
It is possible to change
the current position by selecting the desired number from a list of available
numbers (on the SIM-EMU menu).
Position associated description length increased
to 16 characters.
This description shows
on the list of number when switching position and on the mobile screen to
indicate the currently selected position.
Independant cost control for each of the
10 positions
This information is necessary
for the correct cost control in countries/operators that use it.
GPRS support
Now SIM-EMU includes independant
GPRS communication registers for each position.
Complete PIN2/PUK2 managment, independant
from the 10 PIN/PUK of each position
Now SIM-EMU has one only
PIN2/PUK2 common to all positions which works like on the original SIMs,
with blocking after 3 failed attempts (unblockable with PUK2). If 10 PUK2
unblock attempts are made PUK2 with block forever and the card has to be
reprogrammed.
PIN2 is used to set cost
control, manage the FDN and configure SIM-EMU.
SIM-EMU configuration is now made using PIN2
instead of current PIN
To improve SIM-EMU's security,
the configuration is made entirely using PIN2
(which has the initial value set to 1234. PUK2 has the initial value 12345678, but can be changed later using the
menu. PIN2 can be changed using the mobile's menu or using the SIM-EMU menu.
Flash protection
Code-protecting the last 256 bytes of the flash makes it impossible to
program it again without a full erase. With this method we make it impossible
to program into to the PIC code that allows the internal EEPROM to be read
(where our KIs are stored).
Correct management of PIN protected files
From this version on it's no longer possible to read, using GSM commands,
any PIN protected file without previous PIN authorization.
Possibility to enable/disable the "Select
Phone" menu
Using PIN2 you can now
enable/disable this menu. To change position with the disabled menu you need
to use the Reset option or reboot the mobile using the correspondant PIN1.
Possibility to
enable/disable internal Loader
Using PIN2 you can enable/disable the internal Loader. When disabled the
reading of the external EEPROM can't be made without previously erasing the
flash.
Compatibility with
new Panasonic and Sagem models (this later yet to verify)
The compatibility with some models of Panasonic (GD87) and SAGEM has been
improved.
Better compatibility with
GSM Programmer
The compatibility with this device has been improved.
Possibility to disable
PIN, enabling one of the positions by default
To disable the PIN and
set the mobile to power on on one of the active positions the mobile must
be booted in the desired position and the PIN disabled using the mobile's
security menu (using the PIN corresponding to that position).
From that moment on, everytime
the mobile is powered, it'll boot to that position by default.
To reactivate the PIN you should enter the security menu again (on any position)
and activate the PIN, using the PIN for the currently selected position.
Editing any of the
position descriptions from any selected position
Now the editing of the description associated to each position can be done
from any position as it's asked which position's description should be edited.
Behaviour change when updating
the number of SMS's on the mobile
Now the changing of number
of SMSs (made using the SIM-EMU menu or using the correspondant SMS format)
will not delete all the SMSs EXCEPT if the number is kept equal
to the previous one.
IMPORTANT
This version requires that the SIM_EMU_EP_6.01.hex is programmed into the
external EEPROM. Older versions of the external EEPROM are not compatible
with this version.
For this reason, if you wish to keep the phonebook and SMS data, it should
be backed up on the PC using the scripts supplied in the ZIP file.
When the card is programmed you can restore the data using the scripts.
How to program the
GREENCARD 2 / GREENCARD / SILVERCARD
- The first thing to
do is download and decompress the ZIP containing the files for the Flash and
external EEPROM. .
Download Sim_Emu_6.01.zip
- As the file for the
Flash comes preconfigured for the GreenCard2 wafer it is necessary to reconfigure
it if it's to be used on GREENCARD or SILVERCARD wafers. Using the configurator
program SIM_EMU_6.01_CFG.exe (included in the ZIP above) the type of card
as well as the maximum values of ADNs, SMSs and FDNs can be changed on the
flash. With the new configurator program is possible to make a full SIM-EMU configuration, see more details in Sim_Emu_6.01_CFG_v2.1.zip
- The IMSIs, KIs, PUKs
and PINs for each position as well as the number of ANDs and SMSs can be set
on the mobile. They can also be set editing the Flash and external EEPROM
like in the previous versions but I recommend doing it using the menus as
it is much more comfortable and less prone to error due to the tight validations
I make.
- Open the SIM_EMU_FL_6.01_xxx.hex (previously
configured to your type of card) using ICPROG set for the 16F877 device.
- Program the flash with
the CPD bit on if you wish the KIs to be invisible on further readings of
the flash.
- Configure ICPROG for the 24C256 (for GREENCARD 2),
24C128 (for GREENCARD) or 24C64 ( for SILVERCARD) and open SIM_EMU_EP_6.01.hex,
setting the following options:
The frequency must be set
to the same our Phoenix device is working with (3.58 or 6Mhz).
With the new configurator program, now it is possible to write the external EEPROM of the SIM-EMU.
- Program
the EEPROM and it's done. Cut the card, insert it into the mobile and if
everything went ok it will ask you the PIN.
- The FL and EP files come with one pre-defined
position for each of the Spanish Operators and the follwing values of PINs
and PUKs:
Position 0: 0000 / 00000000 (Amena)
Position 1: 1111 / 11111111 (Movistar)
Position 2: 2222 / 22222222 (Airtel)
with match positions 0,
1 and 2 out of 10 possible positions.
The reason for three and
not one only is so that you can boot the first time using a mobile that is
LOCKED to one of those networks.
Each of them as a false
IMSI but corresponds to a valid operator. If the phone is unlocked it should
work with any of the three.
[from Alf: If you do not live in Spain you have to use an unlocked mobile
to configure the card the first time. All mobiles, locked to a network, allow
you to boot only into that network. After booting, lots of them, even though
locked, allow you to change to another one using the menu (not the PIN, of
course). ]
- After the
PIN inserted the data corresponding to our phone numbers and ammount of ADN/SMS
can be accomplished in two ways:
. Using SMSs (go to item
11)
. Using the menu (next
item)
- The menus
are organised in the following way:
Sim-Emu 6.01
1) Sel.Phone #
2) Configure
3) Information
4) Reset
==============
1) Sel.Phone #
Allow the current position
to be changed to any of the active ones, selecting it from the list. The list
is made of the descriptions assigned to each number, prefixed with a minus
sign (-), except for the currently selected on which is prefixed with the
plus (+) sign. This option is not visible if it's been
deactivated (disabled).
2) Configure
Access to the SIM-EMU configuration menu.
2.1) Edit #
Allows you to set a description for any position.
2.1.1) Position:
A number between 0 and 9.
2.1.2) Phone #:
Description to assign to the selected position. Between 1 and 16 characters.
This description is used to form the selection list and is also usually shown
in the display along with the operator name or logo. (this can vary from model
to model)
2.2) Config.Pos.
Allows the indicated position to be configured with it's IMSI/KI/PUK/PIN
data. For security reasons PIN2 is asked prior to the data and then, in order,
the position, IMSI, KI, PUK and PIN.
All these data is verified and only when it's correct the next value
is asked for.
2.2.1) PIN2:
PIN2 code, initially set to 1234. Can be a number with a length of 4
to 8 decimal (0-9) digits.
2.2.2) Position:
A number between 1 and 9
2.2.3) IMSI:
A number consisting of 18 decimal digits, the first two of it always
"08"
2.2.4) KI:
A number with a length of 32 hexadecimal (0-9 and A-F caps) digits
2.2.5) PUK:
A number with a length of 8 decimal digits.
2.2.6) PIN:
PIN for the position 2.2.2). A number with a length from 4 to 8
decimal digits.
2.3) Config.SMS
Allows the ammount of SMSs to be set. For security reasons PIN2 is asked
first then the desired ammount of SMSs, a number between 1 and the preconfigured
maximum. If the selected ammount is the same as the previously configured
all SMSs stored on the card are deleted. Otherwise, if the ammount is decresead
the last SMSs are lost; if it's incresead the SMSs remain.
2.3.1) PIN2:
PIN2 code, initially set to 1234. Can be a number with a length of 4
to 8 decimal (0-9) digits.
2.3.2) Nr.SMS:
Desired ammount of SMSs. A number
between 1 and the preconfigured maximum.
2.4) Config.ADN
Allows the ammount of ADNs to be set. For security reasons PIN2 is asked
first then the desired ammount of ADNs, a number between 1 and the preconfigured
maximum. This operation will only delete entries if the number is less than
the previous one, keeping it intact if it's increased.
2.4.1) PIN2:
PIN2 code, initially set to 1234. Can be a number with a length of 4
to 8 decimal (0-9) digits.
2.4.2) Nr.ADN:
Desired ammount of ADN's. A number
between 1 and the preconfigured maximum.
2.5) PIN2/PUK2
Allows the values of PIN2 / PUK2 to be changed. For security reasons
the current PIN2 is asked for, then the new PUK2 and the new PIN2.
2.5.1) PIN2:
PIN2 code, initially set to 1234. Can be a number with
a length of 4 to 8 decimal (0-9) digits.
2.5.2) PUK2:
PUK2 code, initially set to 12345678. A number with a length of 8 decimal
(0-9) digits.
2.5.3) new PIN2:
A number with
a length of 4 to 8 decimal (0-9) digits.
2.6) Sel.Phone #
Allows to enable/disable the change of active phone number using the
"Sel.Phone #" menu.
For security, PIN2 is asked to confirm the operation.
2.6.1) Activate or Deactivate:
Depending on the current state shows Deactivate or Activate.
2.6.2) PIN2:
PIN2 code, initially set to 1234. Can be a number with
a length of 4 to 8 decimal (0-9) digits.
2.7) Loader
Allows the built-in loader (that allows access to the external EEPROM)
to be disabled. For Permite desactivar/activar el Loader incorporado necesario
para acceder a la EEPROM externa. For security, PIN2 is asked to confirm
the operation.
If disabled it's not possible to read the external EEPROM without erasing
the flash completely.
2.7.1) Activate or Deactivate:
Depending on the current state shows Deactivate or Activate.
2.7.2) PIN2:
PIN2 code, initially set to 1234. Can be a number with
a length of 4 to 8 decimal (0-9) digits.
2.8) Erase Pos.
Allows the indicated position to be deleted. For security PIN2 is asked
first, then the position to erase, a number between 0 and 9, except the current
position.
2.8.1) PIN2:
PIN2 code,
initially set to 1234. Can be a number with
a length of 4 to 8 decimal (0-9) digits
2.8.2) Posición:
A number between 0 and 9, except for the current position.
3) Information:
Information about Sim-Emu
3.1) Actual Nr.
Shows the currently selected position, along with it's associated description.
3.2) Configuration
Shows SIM-EMU's current configuration of Sim-Emu.
For instance, if we have 40 SMS, 250 ADN, positions 1, 2 and 4 active
and PIN disabled with position 2 as default, it'll show the following:
SMS/ADN: 40/250 Active Nrs: -1(2)-4-----
3.3) Version
Shows the current Sim-Emu Version.
3.4) Author
Shows the author's name along with Web sites and email where to
find me.
4) Reset
Makes the mobile reset itself so it'll re-ask the PIN (if enabled).
Enlightments:
The option to change position doesn't work correctly on all mobiles. For
instance, most Nokia phones require a network search to be issued and others
take too long to make the change. For those I recommend using the Reset option.
The reset option is also not very useful on some versions of Nokia
3310 since this mobile INCORRECTLY re-sends the last inserted PIN upon Reset.
I recommend using on these Nokias the sequence *3370# which will perform a
full Reset.
[from Alf: at least my Nokia 3510, v5.00 does not work with any
of above and it seems some DCT4 Nokias are having this problem, resending
the PIN upon reset and not even the *3370# sequence helps ]
As an advantage on most Nokias, the position can be changed to any
position of any operator (using the menu) even when the phone is locked. Same
applies to Trium.
All SMSs can be deleted by reconfiguring the number of SMSs and
re-using the current ammount of SMSs.
It is not necessary to reboot the mobile every time a configuration
change is made. The program detects this and does it automatically.
Here ends the procedure of updating the data using the mobile menus.
The next item refers to updating the data using stored messages (SMSs).
**************************************************************************************************************
- Store, not send, a message with one of the following
formats:
Type 1) Inserting/Modifying a complete number
PIN2 n IMSI KI PUK PIN
Type 2) Inserting/Modifying a number without changing PUK/PIN
PIN2 n IMSI KI
Type 3) Deleting a number
PIN2 n EN
Type 4) Selecting the number of SMSs (Deletes
all SMSs if the selected value is the same as if was before. The operation
only truncates SMSs if the number is decreased, leaving them intact if it's
increased).
PIN2 mm SM
Type 5) Selecting the number of ADNs (This operation will only
truncate phonebook entries if the ammount is decreased, leaving them intact
if the number is increased)
PIN2 aaa AD
Type 6) Changing PIN2/PUK2
PIN2 PUK2 PIN2n
Where:
PIN2 is needed to authenticate the message. It's a number
with a length from 4 to 8 decimal (0-9) digits. Example: 1234, 11231, 12345678
n is the position of the phone number. A number between
0 and 9
IMSI is the IMSI value to store at position n. A
number with 18 decimal digits, the first two always "08". Example: 081234567890123456
KI is the KI value to store at position n. A number
with 32 hexadecimal digits (0-9 and A-F, caps!) Example: 0123456789ABCDEF0123456789ABCDEF
PUK is the PUK value to store at position n.
A number with 8 decimal digits. Example: 12345689
PIN is the PIN value to stora at position n. A number
with 4 to 8 decimal digits. Example:
1234, 13124, 23412429
PUK2 is the new PUK2 value. A number with 8 decimal digits.
Example: 12345678
PIN2n is the new PIN2 value. A number with 4 to 8 decimal
digits. Example: 1234, 13124, 23412429
EN is the command to erase the number at position n.
mm is the
number of wanted SMSs. A number between 1 and the preconfigured maximum (including
both).
aaa is the number of wanted ADNs. A number between 1 and
the preconfigured maximum (including both).
SM is the
command to select the ammount of SMSs indicated by mm.
AD is the command to select the ammount of ADNs indicated
by aaa.
Complete example of a type 1 message to insert a Movistar number
at position 8 and assuming our PIN2 is set to 1234.
1234 8 082941705566778899 0123456789ABCDEF0123456789ABCDEF
12345678 12345
IMSI = 082941705566778899
KI = 0123456789ABCDEF0123456789ABCDEF
PUK = 12345678
PIN = 12345
Once this SMS is stored in the SIM this position can be used.
A type 3 message example to erase position 3 (assuming PIN2 = 2222).
2222 3 EN
Type 4 message example to configure 30 SMSs (assuming PIN2 = 1111)
1111 30 SM
Notes
There should always be a space between each "field" of the message...
therefore the possible lengths associated to each type are:
Type 1: Between 72 (with length 4 PINs) and 80 (with length 8 PIN's)
Type 2: Between 58 (with
length 4 PINs) and 62 (with length 8 PINs)
Type 3: Between 9 (with length 4 PINs) and 13 (with length 8 PINs)
Type 4: Between 10 (with length 4 PINs) and 14 (with length 8 PINs)
Type 5: Between 11 (with length 4 PINs) and 15 (with length 8 PINs)
Type 6: Between 18 (with length 4 PINs) and 26 (with length 8 PINs)
The type 2 message is used to update a number keeping the current
PIN and PUK for that position. Have in mind that initially there are no PINs
or PUKs set for positions 3 to 9, making it necessary, at least once, to
store a type 1 message (using PUK and PIN) or it won't be possible to boot
the phone in that position, beeing the same only accessible by menu.
The data update is executed the instant the message is stored in
the SIM, not on the mobile's internal memory like on some brands as ERICSSON.
On these models you should give the express command to "Save" or "Store".
To avoid deleting all positions (ending up without the chance to
insert a new one until a re-flash of the card) the program does not allow
the current number to be deleted.
The deletion of a number with a type 3 message consists on the
erasing of all data from that position (IMSI/KI/PUK and PIN).
Once all positions are configured and everything works OK, delete
all the recorded message as the program won't do it automatically.
It's impossible for a received message (with one of the valid formats)
to automatically update our SIM as the program will only execute instructions
on "Outbox" messages, never on received ones.
However, if you modify the received message (to a still valid format)
and store it the update will be executed as all the requisites are fulfilled.
How to obtain our IMSIs and KIs
The programs that allow you to get the IMSIs and KIs from your original
cards (the ones I know of) are: SIM_SCAN from Dejan Kaljevic and Cardinal
by MFG.
[ from Alf: I strongly advise against the usage of Cardinal to extract
KIs on cards made after year 2000/2001. Use sim_scan 2.0 instead ]
How to copy our phonebook/SMSs data
With the new configurator program, now it is possible to transfer the phonebook data and SMS between cards.
For those having a phonebook capable mobile the same can be used
as a "bridge", copying all numbers to the phone memory and then to the new
card with SIM-EMU.
Those having a GSM-PROGRAMMER will have no problem saving your phonebook
data.
It's also possible to use Cardinal to copy the phonebook as I've
included some special and redundant code to make phonebook recording work
with this software.
You can also use WinExplorer 4.6 and the four VB scripts I've made:
- Leer_Agenda.xvb
reads the phonebook from the card and saves it to a
file.- Leer_SMS.xvb
reads the SMSs from the card and saves them to a file.- Grabar_Agenda.xvb
reads the phonebook from a file and saves it to the card.
- Grabar_SMS.xvb
reads the SMSs from a file and saves them to the card.
These scripts are included in the same ZIP file for those who have
no other way to do the backup.
The reading scripts as for the PIN if necessary and only save to
the file non-empty records.
The recording scripts ask for the PIN if necessary and after recording
all the records from the file ask if the records remaining on the card after
the last recorded are to be erased. They also warn if the number of records
on the file is too big to fit the card.
There are two possible configurations for WinExplorer: one for
SIM-EMU and another to our original card (if the SIM-EMU one does not work
with it). Test your original cards first with the SIM-EMU configuration and
then with the original configuration:
For a SIM-EMU card:
For the original cards that won't work with the SIM-EMU configuration:
In some cases you'll also have to keep incresaing the Byte Delay
and/or Rec Timeout until it works.
Final comments
I hope this program is useful and also that you'll send me your
opinions and report me any bugs you find or suggestions you may want to place.
Please put your questions using these forums:
http://foros.zackyfiles.com/forumdisplay.php?s=&forumid=6 or http://forum.gsmhosting.com/vbb/forumdisplay.php?s=2e4d803d07111a5454ac49c1f3b07671&forumid=70
this way we'll all get to know what's going on.
Hosted by gsmhosting.com
