Notifications
Clear all

SIM Card Cloning

7 Posts
4 Users
0 Reactions
3,246 Views
(@brianquinn)
New Member
Joined: 16 years ago
Posts: 4
Topic starter  

Greetings All,

I am trying to find a SIM Hard Cloner (Both Software and Hardware) and wanted to see what you guys use to create SIM Clones. I have been researching for the last few days and have not found a huge amount regarding such a device. I have come across two software application that are capable of creating SIM Clones. ASC- SIM Cloner from SIMiFOR and Forensic SIM Cloner from MFI. Just wondering if any one has any experience of these apps, if they are any good, any pit falls. Any input would be greatly appreciated.

Bert ?


   
Quote
(@trewmte)
Noble Member
Joined: 19 years ago
Posts: 1877
 

The link doesn't discuss the apps you mentioned but discusses some pitfalls that can arise in using a Test SIM Clone. Not sure if you have seen the post and whether it is helpful to you

http//trewmte.blogspot.com/2008/11/cloning-test-sim-cards.html


   
ReplyQuote
(@brianquinn)
New Member
Joined: 16 years ago
Posts: 4
Topic starter  

Greetings trewmte,

Thanks for the response. I have seen the posting, in fact I have browsed through quite a few of your postings (use as reference material). The reason behind my question stems from a Mobile Phone that I am currently examining. The mobile phone (a Sony Ericsson W810i) was given to me Inactive or Powered Off. The phone has been previously examined but a second opinion was requested. I removed the SIM Card and created my image using Paraben SIM Card Seizure and MPE. I then tried to create an Image of the Mobile Phone using MPE. However I cant seem to get MPE to recognize the Phone. I have installed the USB Driver and the Sony Ericsson PC Suite but still no luck. I was thinking that the mobile phone may need a SIM card present in order to communicate with the Computer (I may be way off here). The phone does not seen to have an Offline mode. This is where the Cloned SIM card would come in. My thinking was to create a clone of the original SIM card and insert the clone to try the acquisition. I have tested (on test phones ) the impact of inserting a different SIM card and have seen that certain types of data is delete by doing this (call log in particular). From the rough outline above of my examination procedure could you recommend any procedure or steps that I could use to create the image of the phone. Again any input would be greatly appreciated.

Bert ?


   
ReplyQuote
Redcelica67
(@redcelica67)
Estimable Member
Joined: 17 years ago
Posts: 130
 

I use XRY for creating clone SIM cards. I haven't had any problems with this method. )


   
ReplyQuote
(@si666)
Eminent Member
Joined: 16 years ago
Posts: 28
 

Xry requires a SIM card with an IMSI to do a logical read of the handset, so MPE (never used it – does it create physical or logical images?) might need the same.
If you do want a physical read maybe try a flasher box like Infinity Box or Cruiser Box


   
ReplyQuote
(@trewmte)
Noble Member
Joined: 19 years ago
Posts: 1877
 

Brian, some observations (not advice).

The mobile phone (a Sony Ericsson W810i) was given to me Inactive or Powered Off.

I wouldn't accept this pre-examined mobile phone on face value and simply examine it. I would halt any work and get the other party to present a copy of their report and full contemporaneous notes straightaway along with witness statements etc. Then you may find out where you stand for examination and identify true/false issues

1) where any PIN/Password has been used or removed
2) what reader they used on the exhibit handset
3) if you consider you should use the same reader or something else
4) whether the other party loaded an agent onto the exhibit handset or not
5) if yes to 4) whether the agent is still on the exhibit handset

Also, you may wish to think about whether you can you a use a write blocker with this device and whether it will work or not (a) vis-a-vis the handset and (b) vis-a-vis the device reader

What does the W810i user guide state?

The phone has been previously examined but a second opinion was requested.

Is there something that needs to be read into that statement with respect for the need for a "second opinion"?

I removed the SIM Card and created my image using Paraben SIM Card Seizure and MPE. I then tried to create an Image of the Mobile Phone using MPE. However I cant seem to get MPE to recognize the Phone.

Compatibility? What does the MPE handset list as make/models it can read and waht does the reader's output log tell you?

I have installed the USB Driver and the Sony Ericsson PC Suite but still no luck. I was thinking that the mobile phone may need a SIM card present in order to communicate with the Computer (I may be way off here). The phone does not seen to have an Offline mode.

Without SIM/USIM what would be the impact for selecting bluetooth or other method for transferring date to/from handset?

Not all, but a quite a number (perhaps majority) of handsets require to detect SIM/USIM card to be inserted at boot up.

This is where the Cloned SIM card would come in. My thinking was to create a clone of the original SIM card and insert the clone to try the acquisition.

Have you checked out what data is revealed when you use a test clone SIM (IMEI/ICCID) vis-a-vis the original SIM with complete DFs/EFs?

And finally….did you see this post here at Forensic Focus?
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=2722


   
ReplyQuote
(@brianquinn)
New Member
Joined: 16 years ago
Posts: 4
Topic starter  

Greetings Everyone,

To start, I would like to say thanks for everyone how has taken the time to post there advise and opinions, it is greatly appreciated. In regards to Redcelica67 and si666, I have seen the Xry application and its SIM Cloning capabilities. I had spoken to a Forensic Examiner in the UK and he had indicated that the XRY application was something that should be added to a forensic toolkit and no no where is this more true then with Mobile Phone Forensics (common issue so wont raise it here). I have no experience of this application and cannot comment any further, but from your posting it does seem to have certain attributes that would deal with my issue.

In regards to trewmte posting, all of the issue you high-lighted particularly the lack of original report has been a issue of hot topic between my client and the original examining body. The original examining party would only release a Witness Statement that was generated by the examiner, the report was not released. However from the witness statement, the examiner did indicate that a SIM Clone was used to create an Image of the Mobile Phone. So from this, Information such as LDN/ SMS may already be deleted due to using a clone. Original tools used are unknown and I get the feeling that this information will not be disclosed. In regards to the second opinion, I think that this came about because of the behavior of the original examining party. MPE does list the Mobile Phone as being support (I should probably take this up with Access Data Support, I was fishing to see if anyone had encountered this issue with the same Mobile Phone). Without a SIM Card present the mobile phone will only boot to either a Music Mode (built in Music Player) or a Demo Mode.

I hope the above gives you a further understanding of my scenario. Again any advice, observations, input would be helpful.

Bert 😯


   
ReplyQuote
Share: