My mobile co uses a very lame credit update method!!!!
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: My mobile co uses a very lame credit update method!!!!

  1. #1
    Junior Member cybersamurai's Avatar
    Join Date
    Apr 2004
    Location
    At tha beach!
    Posts
    25

    My mobile co uses a very lame credit update method!!!!

    My mobile company uses scratch cards to increase ones units. it didn't take me long to brute force the combination(of only 9 characters which aren't even alpha Num). anyway bottomline i've got hours and hours of talk time...1 problem need to know where i can get my hands on a phonix encoder so i can duplicate the SIM card if it's even possible. (wouldn't mind using it on DSTV either! ) let me know
    see the sarcasim in my smile ????

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    What networks that on? all the major companys use a long combination...I have noticed some similaritys in the cards however.

    Im interested in the method u used to figure out the combinations, not that I want to get free credit as I believe thats wrong, Its also illegal and this forum isnt about illegal acts its about computer security.

    Cloning SIM cards is also illegal...

    Your skating on thin ice really, if the law find out then you'll be in the sh*t big style....

    could you enlighten the group about your method?

    i2c

  3. #3
    Ok i think that you have gotten a little confused about what this site is about.

    Why don't you just tottle over and take a good look at the site FAQ.
    http://www.antionline.com/misc.php?s=&action=faq


    cheers
    f2b

  4. #4
    Junior Member cybersamurai's Avatar
    Join Date
    Apr 2004
    Location
    At tha beach!
    Posts
    25
    okay first of all i recognise that the act was wroung but i couldn't help myself.
    well i2c my network rarely changes the first 3 digits for a particular scratch card. so i narrowed the BF to only 9 digits. i needed a data cable and a line with the network. (if you call the network they block your sim after 3 failed attempts but not if you sms it) i created a program(source withheld incase of scriptkiddies) to get the possible combinations from an excel worksheet(total combinations 999,999,999) and sms each to the recharge line...must say it took a long time so i added 20 more line (plus cables aswell)...in theory(and evidently in practice) the attack was very simple. My network should at least add aplha numeric key to the combination and increase the length to say 21 characters that way a BF attack would take several years!!!!

    I guess cloning a SIM would be illegal but for the right cause, pretty much harmless.
    like keeping intouch with my own 802.11b network. wheres the harm in that?????
    see the sarcasim in my smile ????

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    I guess cloning a SIM would be illegal but for the right cause, pretty much harmless.
    I am sure that Dick Turpin felt exactly the same way?

    As It happens, I quite like to go to pubs/bars and get drunk.............somehow I don't think that the Bank of England and the Royal Mint would be too happy about me manufacturing my own beer vouchers.



    The crime is called "fraud", you are over 18 so it is the "big boys house" for you...........just don't do it! Let's face it, it doesn't look good on your CV? and you haven't even started a career yet?

    I do hope that you bought that cellphone for cash and used the name Mickey Mouse c/o Disneyland"...............I am sure that you follow my meaning?

    One thing you might like to consider? By pulling a stunt like this you are going to make someone look stupid..............they are not going to like that and will be in a position to do something about it............like YOU?

    Life is not a permanent Rag Week (British University Tradition......for my foreign readers)

    Think about it.......I am serious, just as THEY will be?

    Good Luck

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Life is not a permanent Rag Week (British University Tradition......for my foreign readers)
    If only, there crazy times the best of my life...bring on beginning of october again!

    Part of the reason there numbers can be so "lame" is becuase they have the ability to monitor you and get wound up if they see fit.

    I have no doubt what you did would have been relativly easy, I realise you want to share you "achievements" but please channel your energys into something legal that wont get you banged up at her majesty's pleasure isnt gonna be an enjoyable experience for an 18yr old....fellow cell mates will take advantage of you just like your taking advantage of your netwrok provider...

    i2c

  7. #7
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Originally posted here by nihil
    ...
    As It happens, I quite like to go to pubs/bars and get drunk.............somehow I don't think that the Bank of England and the Royal Mint would be too happy about me manufacturing my own beer vouchers.
    ...
    During the testing phase of our new EPoS system we needed to test multi currency operation and invernted Barnsley Pint Tokens (BPT) which came in denominations of half, pint and yard...

    Current exchange rate to GBP is 0.57

    Wanna buy any?



    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  8. #8
    Junior Member cybersamurai's Avatar
    Join Date
    Apr 2004
    Location
    At tha beach!
    Posts
    25
    in my opinion whats worth doing is worth doing well. because lets face it if i tell them that theres a massive flaw in there system...chances are they won't take it seriously. so for a "happy" hacker it's a no win situation. and your right i2c a 2 year old with knowledge of vb6 could pull it off!!!! and thats my point exactly!!! surely their systems engineer could see this or maybe he's using the same flaw against them. for those of you who clearly seemed offended by my thread...my sincere apologies i wasn't tryin to promote illegal stuff. you could say it's just food for thought. "after all how can you defend what you don't understand?" the art of war
    see the sarcasim in my smile ????

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    I've got to say, cybersamurai, that I have no issue whatsoever with your post. Here's why:

    1) This site is about learning, and the discussion about what you found is perfectly acceptable. You don't hear police bitching when other cops demonstrate how a criminal pulls off a crime. Most of us are security professionals and we need a solid resource to learn about what's going on out there. Without posts like yours, where the hell are we to go for similar information? I know that I'd rather have a one stop shop than spend my entire day researching on 90 different sites.

    2) I'd much rather hear someone explain an exploit than hear about rules and regs of how this site works. There was a time when this place had exploit code and vulnerability info that was *very* useful. It's a shame that its all gone now.

    3) Though the act you are describing is illegal, it appears that you aren't interested in mass exploitation.

    4) You didn't show up here and ask how to hack hotmail. You actually *contributed* information on an exploit you found.

    I say keep posting vulnerabilities that you find in the style that you have in this thread. Maybe some folks will learn something. Besides, you provided enough info for those who already understand how you did it and not enough for those who are not skilled enough to pull it off. In my opinion, a perfectly balanced post.

    my two cents

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    The issue I have with the post is it 'boasts' about taking advantage of this vunerability and then asks for help to enage in further illegal activities:

    anyway bottomline i've got hours and hours of talk time...1 problem need to know where i can get my hands on a phonix encoder so i can duplicate the SIM card if it's even possible. (wouldn't mind using it on DSTV either!]
    The orginal info about the brute force was welcome.

    Just my 2c

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •