Filosof_00 @ 13.10.2015, 15:57
On the S40 Nokia "open padlock" indicates the absence of network encryption. Up to the model of the Nokia 515
Heh. It's not just models.
The fact is that for some time now, the topic of the standard
GSM 02.07 , with reference to
GSM 11.11 explicitly regulates manufacturers of terminals to ask the SIM card "is it possible to show the user that the encryption is dropped in
A5 / 0 . And manufacturers of SIM cards, set the default bit in the "no show".
an excerpt from the standard
GSM 02.07 "Mobile Stations (MS) features"
The ciphering indicator feature may be disabled by the home network operator setting data in the "administrative data" field (EFAD) in the SIM, as defined in GSM 11.11.
If this feature is not disabled by the SIM, then whenever a connection is in place, which is, or becomes unenciphered, an indication shall be given to the user.
GSM 11.11
10.3.18 EFAD (Administrative data)
This EF contains information concerning the mode of operation according to the type of SIM, such as normal (to be used by PLMN subscribers for GSM operations), type approval (to allow specific use of the ME during type approval procedures of eg the radio equipment ), cell testing (to allow testing of a cell before commercial use of this cell), manufacturer specific (to allow the ME manufacturer to perform specific proprietary auto test in its ME during eg maintenance phases).
....
Byte 3:
b1 = 0: OFM to be disabled by the ME
b1 = 1: OFM to be activated by the ME
The OFM bit is used to control the Ciphering Indicator as specified in TS 02.07 [3]
According to some reports (quite arbitrary), 2012y year on such cards in Europe was 85%, in Russia - 60%
Too lazy to look, but one of senyor-programmers to Google Android, Android Development Group responded to numerous requests to enter the analogue of this padlock around in the way that it just came to nothing lead, and ask the need not only to producers of firmware, but also operators.
Consequently, there is what? Analyze remains on the radio interface protocol / SIM interface, ignoring the preset. And this is a very trivial task.
Fully it can be done (for now) only Osmocom-phones. With some difficulty - in the chipsets / firmware with a diagnostic driver.
What can and what conditions Darshak - I could not understand because I do not have the necessary machines and closed code. Above I mentioned alternative projects with them the situation is more or less moving.
Filosof_00 @ 12.10.2015, 00:22
catching hidden WAP-Push
Out of it, they are not the worst, they can be simple and RAW-PDU filter to catch. But PID: 0x7f / DCS: 0xf6, that "Binary message" / "Data Download" - it is unpleasant (more google Fake SIM OTA Update, if interested)