Reverse Engineering Team Board

Reverse Engineering Team Board (
-   Reverse/Social Engineering (
-   -   Actual subject worth reading... (

nchanta 05-25-2003 01:01 PM

Actual subject worth reading...
Hey all

In Australia (I can't vouch for any other countried), we have something called 'Pre Paid' plans for mobile phone networks, the system works as follows:

1. The carrier gives you a free simcard, and a new phone number
2. You call up and get it activated
3. You regularly pay for a code, where you can then phone the carriers special number, follow the prompts, enter the number in your phone and *magically* your account now has the amount of $$ worth of calls you payed for...

I am extremely interested in this, as I dont know how it works internally, if anyone has any information about this (work at in telecommunications?) please reply to the forum.

The codes for my network are 10 digits, and cant be re-used. They also (somehow) indicate the amount you paid for ($30, $50, $100, etc)...


Devine9 05-25-2003 01:19 PM

This topic is indeed quite interesting. I used to work a lot with this sort of thing.. ripping apart documentation on phones and working with people to reverse the protections on phone billing etc.

Back a year or two ago the proection on these sorts of things was extremely low. But over the past year they have greatly advanced their technology to hopefully allow for much less gaps to the point where you are only now able to do basically what the builtin functions offer in your debug mode of your particular make/model of phone.

This particular method though, now that you mention it, reminds me of a pay as you go plan a while back that one company had where only 1 size of the memory module was being used within the card and once bridged you were able to make unlimited calls as your time had spanned past the end point into the second memory module.. I will look around for my notes on this..

Another interesting thing is those phone cards that you use.. pay 5$ and get a phone card.. these in my experience are Extremely easy to assimilate.. I didn't have the time to look deeply into them though to crack the hahing routine on the money.. but if you do a raw data dump of teh card with a data reader you can rewrite the card with some writing of a chip and then just embed it in a card. Although we were successful in reading the raw data and dumping the hex and started preliminary inspections of the patterns, we weren't successful in actually rewriting the card.. the phone cards you get have something like a filiment... if you try to write to them they burn out and are rendered useless. so you need to make another chip which isn't as complicated as it sounds. But alas we had no time.

The bus system in my area also works off cards of this type.. only they run off the magnetic strip cards rather than embedded chip.. but would be just as easy to duplicate...

There is a very interesting mailing list I was on quite a couple years ago that dealt with a lot of these things.. hack-phreak on yahoo groups.. despite the lame location there was actually quite a lot of very useful information passed over that email network.. any information anyone has on this stuff.. post it here.. would be good to get a nice store of it..
barcode? ;)

</random data>

Devine Right [RET]

nchanta 05-25-2003 01:34 PM

Ahh, i dont think you understand me fully

The "card" you pay for, is nothing but a plastic card with a 10 digit number, hidden by a scratch panel.

You can also buy them from petrol stations, and even certain ATM's, which just spit out a little docket with the 10 digit number on it...

This is why it interests me, it is nothing more than a number, and its not locked to the phone (I can put my simcard in another phone with no problems)

Devine9 05-25-2003 01:41 PM

Yes I understood you. The number however I would guess is probably recycled and then assigned within the server for a value.. so they randomly choose 15000 10 digit numbers and assign them values.. and then make the cards.. when you phone in it adds to your account and the number goes back in queue at the end.. or just gets blacklisted.. brute forcing a 10 digit numbe ris not possible.. and if they do it randomly whch would be the smartest route.. then its impossible to reverse..

Devine Right [RET]

All times are GMT -4. The time now is 02:16 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.