But where’s the fun in that? Posted in Cellphone Hacks, Security Hacks Tagged logic analyzer, sim card, sniffing, unlock All had to do then was put the SIM in his phone and punch in the sniffed PIN when prompted.Ĭould have just run out to the store and picked up a prepaid SIM instead of cracking open this wireless terminal and sniffing its communications with a logic analyzer? Of course. It turns out the PIN was even being sent over the wire in plain text, though with the way security is often handled these days, we can’t say it surprises us. Once he found the bytes that signified successful unlocking, he was able to work his way backwards and determine the unlock command and its PIN code. After a bit of fiddling, he determined the SIM card was being run at 4 MHz, so he needed to configure a baud rate of 250 kbit/s to read the UART messages passing between the devices.
#Ps vita sim card hack plus#
already knew what the SIM unlock command would look like he just needed to capture the exchange between the WF721 and SIM card, find the correct byte sequence, and look at the bytes directly after it.įinding the test pads on the rear of the SIM slot, he wired his DSLogic Plus logic analyzer up to the VCC, CLK, RST, and I/O pins, then found a convenient place to attach his ground wire. This project is a fantastic example of the kind of reverse engineering you can pull off with even a cheap logic analyzer and a keen eye, but also perfectly illustrates the fact that having physical access to a device largely negates any security measures the manufacturer tries to implement. The only thing left to do was crack it open and sniff the PIN with a logic analyzer. Unfortunately, the terminal has no function to change the PIN and none of the defaults he tried seemed to work.
![ps vita sim card hack ps vita sim card hack](https://wololo.net/wagic/wp-content/uploads/2017/12/ReNpDrm.jpg)
![ps vita sim card hack ps vita sim card hack](http://hackinformer.com/wp-content/uploads/2015/07/vita1.jpg)
Wanted to reuse the SIM card that came with a ZTE WF721 wireless terminal he got from AT&T, but as he expected, it was locked to the device.