
Decap of a Cell Phone SIM card [video] - mynameislegion
https://www.youtube.com/watch?v=l_BfjEF513k
======
kasbah
If you want to understand more about what the glitching protection is about
Scanlime recently made a very good video where she grabs firmware from a
drawing tablet using such an attack.

[https://www.youtube.com/watch?v=TeCQatNcF20](https://www.youtube.com/watch?v=TeCQatNcF20)

------
gcb0
sim cards are as capable as 80s computers and run the JVM.

[http://www.extremetech.com/computing/161870-the-humble-
sim-c...](http://www.extremetech.com/computing/161870-the-humble-sim-card-has-
finally-been-hacked-billions-of-phones-at-risk-of-data-theft-premium-rate-
scams)

~~~
progman
If so, could obsolete SIM cards not be reused as embedded systems for free?

~~~
gcb0
see defcon talk about them. it was hell to buy sim cards to do the shaddytel
for torcamp.

basically, telcos make sure only them can update the code there. it's a
computer running 24h, with full network and sensor access, that you carry
everywhere, and you have zero control or visibility

------
teekert
Hmm so even if you can ever buy a secure phone you trust, you need to put
another, completely opaque, computer into it to make it function (on cell
networks anyway.)

~~~
dan1234
I wonder if there’s any easy way to make a private GSM network so that we can
see what data is actually passed between the SIM and the tower?

~~~
mschuster91
There is, Osmocom/OpenBSC. IIRC they got 3G working in a fully FOSS stack.

~~~
yitchelle
[http://osmocom.org/projects/openbsc](http://osmocom.org/projects/openbsc)

------
CommanderData
There was a talk on blackhat or defcon about the abilities of these
controllers, running mini java applications and other cool things. I remember
it being said finding necessary SDK's were very difficult and sometimes
secretive. Makes me wonder.

~~~
lucb1e
> mini java applications

They say Java but it's basically C++. It's Java without strings and I'm not
even sure it has normal 32-bit signed integers (heard somewhere that they
didn't, but I can't find it right now). It's called Java Card by the way.

------
theGimp
That is a very well-made video.

Like the video creator, I'm very surprised the humble SIM card has been made
so capable!

------
ccozan
Honest question, why there is a need for a ARM based processor on that SIM
card? AFAIK, the role of the SIM is to securely store all kind of IDs and PINs
and contacts.

I am quite sure that my first SIM card, 20 years ago, didn't have such setup
and worked, quite the same.

~~~
pjmlp
It sure did have such setup.

SIM cards can have micro applications that get exposed via the "SIM Services"
menu entry or something similar named.

That is how before the WAP days, the carriers used to offer SMS based
applications.

