This program is from lastsimdetails.blogspot.co.uk/.
The concept behind this tool is very good and it is a great credit to the authors to allow free distribution of LSD.exe.
Screen dump for LSD.exe v1.2.0 - Samsung D500 flash file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- HELP About
- Able to parse .bin and .pm data files.
- Regex customiser allows you to define country and network parameters to eliminate false positives
- Generic network search allows you to search for all Mobile Network Codes (MNC), however using this method may bring back more false positives
- Advanced view provides the user with all IMSI matches and offsets within the data file
- The summary view counts recurrences of IMSIs in order to display unique values
Limitations
-Limited testing has been performed on live data. Please verify your results
This program was designed and developed by Jason Nicolaou and Daniel Roe.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are in fact three Option tests that can be can be applied and not two as offered by the menu:
1. Make no option selection at all
2. Generic search
3. Samsung mode
All return search data depending upon the flash file being read.
The authors have explicitly stated the limitations of the program. I emailed and left messages at the authors website but have not received any replies.
=====================================================
IMSI UK prefix *9 = (T) telecommunications / 234 = MCC United Kingdom / MNC = xxx
=====================================================
*This is different from TE.118 prefix 89 in use as Mobile Industry Identifier (MII) ISO/IEC 7812-1
The program's GUI search window, above, returns (along with other details) values e.g.
Offset: 3962356 IMSI: MCC/MNC/Subscriber detail = 234919011221080
HxD (used for examination of the raw flash file), below, the offset identifies
e.g. reverse nibble: 29 43 19 09 11 22 01 08
Screen dump for HxD.exe - Samsung D500 flash file
OBSERVATIONS
LSD.exe searches the flash file and performs translation. The translation (top of page) was obtained using Option: Generic search.
LSD.exe returns the MNC as "unknown" - verified.
LSD.exe returns known MNC also - verified
From flash file library stocks selection was made using two old Samsung models D500 and D600 to see if LSD.exe would work with older flash files. LSD.exe did work and false-positives were obtained as the authors point out.
LSD.exe also revealed that when comparisons were made between D500 and D600 there were repetition of identical IMSIs found in both D500/D600 one example being (which I have anonymised):
- 2341007xxxxxxxx
The fact the D500 flash file and the D600 flash file were apparently not connected in any way introduced the proposition are the results positive-positive or false-positive.
Furthermore, if positive-positive are correct then the authors statement that the tool should be used for intelligence purposes lives up to that expectation.
No comments:
Post a Comment