Notifications
Clear all

Last SIM Details

1 Posts
1 Users
0 Likes
348 Views
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

Has anyone else run any tests using LSD.exe free tool?

This program is listed on the FF download and http//lastsimdetails.blogspot.co.uk/.

Photos have been added here http//trewmte.blogspot.co.uk/2015/03/last-sim-details.html

The concept behind this tool is very good and it is a great credit to the authors to allow free distribution of LSD.exe.

- Able to parse .bin and .pm data files.

- Regex customiser allows you to define country and network parameters to eliminate false positives

- Generic network search allows you to search for all Mobile Network Codes (MNC), however using this method may bring back more false positives

- Advanced view provides the user with all IMSI matches and offsets within the data file

- The summary view counts recurrences of IMSIs in order to display unique values

Limitations
-Limited testing has been performed on live data. Please verify your results

This program was designed and developed by Jason Nicolaou and Daniel Roe.

There are in fact three Option tests that can be can be applied and not two as offered by the menu

1. Make no option selection at all
2. Generic search
3. Samsung mode

All return search data depending upon the flash file being read.

The authors have explicitly stated the limitations of the program. I emailed and left messages at the authors website but have not received any replies.

=====================================================
IMSI UK prefix *9 = (T) telecommunications / 234 = MCC United Kingdom / MNC = xxx
=====================================================
*This is different from TE.118 prefix 89 in use as Mobile Industry Identifier (MII) ISO/IEC 7812-1

The program's GUI search window returns (along with other details) values e.g.

Offset 3962356 IMSI MCC/MNC/Subscriber detail = 234919011221080

HxD (used for examination of the raw flash file) the offset identifies e.g.

reverse nibble 29 43 19 09 11 22 01 08

LSD.exe performs translation. The translation above was obtained using Option Generic search.

LSD.exe returns the MNC as "unknown" - verified.
LSD.exe returns known MNC also - verified.

From flash file library stocks selection was made using two old Samsung models D500 and D600 to see if LSD.exe would work with older flash files. LSD.exe did work and false-positives were obtained as the authors point out.

LSD.exe also revealed that when comparisons were made between D500 and D600 there were repetition of identical IMSIs found in both D500/D600 one example being (which I have anonymised)

- 2341007xxxxxxxx

The fact the D500 flash file and the D600 flash file were apparently not connected in any way introduced the proposition are the results positive-positive or false-positive.

Furthermore, if positive-positive are correct then the authors statement that the tool should be used for intelligence purposes lives up to that expectation.

 
Posted : 27/03/2015 3:00 pm
Share: