Root URGENT: Really Serious Bug in Galaxo 1.5 (probably in android)

[atbeyi]

can you do what i asked please i understand what you are saying but like kam said:
sim security is locked to the sim itself so the only common thing that could be happening is that pin is being set on the galaxy rather than another phone and the galaxy cannot write it properly

I've allready done it with Hp Ipaq 514 and nokia 1100.

they ask for pin all the time for all the 3 sim cards. i removed the pin lock and re enabled it with ipaq and nokia just to test.

 

[MichaelW]

I've never used pattern lock, and I've had the same SIM with the same PIN for years and haven't set or changed it in the Galaxy.

Booting into fast boot mode starts up as normal but never asks me to enter the PIN to unlock the SIM.

 

[atbeyi]

I've never used pattern lock, and I've had the same SIM with the same PIN for years and haven't set or changed it in the Galaxy.

Booting into fast boot mode starts up as normal but never asks me to enter the PIN to unlock the SIM.

this is exactly what happens.

and this is a really big security hole.

 

[Rastaman-FB]

this is mad

 

[atbeyi]

this is mad

now we see that both 1.5 and 1.6 are effected. and also both galaxo/galaxhero and stock firmwares are effected.

i am now wondering how can a device/software (which ever has the gap i don't know) can bypass the sim lock session.

 

[kam187]

Wow thats insane. That means that the SIM itself is at fault.

I'm guessing they protected AUTH but not LOCI or KC. Whoever provisioned those SIMs at the network was an idiot

Try this.. boot without PIN. Go to manual network search. Select some other network (that isnt yours). It will fail (and clear out your temporary subscription on your SIM). Now try to lock onto your normal network.

I bet it asks for pin.

 

[Rastaman-FB]

i still cant replicate it though

 

[kam187]

yeah will be SIM dependant.

A SIM is a bit like a normal filesystem, but with fixed directory structure and fixed files. The files are either there, or not there. Then you can set permisions on them. Eg. requires PIN1 to read, PIN2 to write. Or Read only, or PIN1 to read, no write etc

There is also a special AUTH procedure which generates the key to lock you onto the network. After you auth, it generates a temporary key to use to encrypt the voice and for future logins for a period of time (network decides this, usually a few hours to a week).

A properly personalised SIM would protect SMS, phonebook, AUTH, temporary key/id files. Or in fact the whole GSM subdirectory.
On the galaxy, it would boot, and read the serial number of the SIM, then a few other files, and then go into the GSM directory. As SOON as any file returned 'need pin 1' it would prompt you for PIN. If using fastboot this first prompt was ignored you would just be prompted for the pin when it tried to read the GSM directory.

An improperly personlised SIM would just protect some non essential (for network login) file that is read on boot. Using fastboot it may skip reading this file, OR read it but not ask for PIN. Since the GSM directory is not protected, it can continue reading and login as normal.

This is 99% the SIM's fault - bad provisioning, and 1% the phones fault - probably skips reading some non essential file when booted with fastboot.

 

[atbeyi]

yeah will be SIM dependant.
---

This is 99% the SIM's fault - bad provisioning, and 1% the phones fault - probably skips reading some non essential file when booted with fastboot.

kam i have tried it with all three sim cards i have, two of them didn't let me to roam to another network as intended the cosmophone one roamed to all three networks working in turkiye as intended too. after than i tried the steps to reproduce the issue. and everything is same.

the SIMs are not broken, they work as usual in any other phones (smart and dumb phones), they always ask for PIN when ever the phone starts in other phones.

i tried to test if i can screw up the "call baring" and FDN (fixed dialing numbers) but they worked as intended. FDN asked for PIN2 and call baring worked (cause its done in the network itself i guess).

Now what do i have:

- If i boot to fastboot and then let it go itself it never ever asks me PIN (tested with 3 different SIM Cards) (which are working with different phones)
- If i boot to fastboot and then let it go itself it asks me to enter PIN2 when i had enabled FDN and try to call a different phone number which is not in the FDN list.

Can we say that all three SIM Cards are broken/buggy which are all from different providers? although they are working realy good with different phones?

lets assume that my three SIM Cards are all broken/buggy what about those other guys SIM Cards? One of them says that he is using same SIM Card with the same PIN for years with several different phones.

Even tough the SIM Cards are faulty there is still a bug in Galaxy. no other phones act like it acts with faulty assumed SIM Cards.

 

[Cougar]

You have a CD with a big scratch on it. It plays fine in three CD players, but skips in a fourth. Is it a faulty CD player?

 

[Rastaman-FB]

You have a CD with a big scratch on it. It plays fine in three CD players, but skips in a fourth. Is it a faulty CD player?

im keeping this quote for epicness.

i will use this again

 

[Cougar]

I accept payment in most major forms of alcohol.

 

[Rastaman-FB]

 

[atbeyi]

You have a CD with a big scratch on it. It plays fine in three CD players, but skips in a fourth. Is it a faulty CD player?

no man this a bit different,

this is like having several different well working cd roms which plays really good on all players except one of them.

as i severally said before all three sim cards are really working great with different phones but only galaxy is not working good with them.

if those three sim cards are defected how can they work well with different phone models? and also how can they work well with galaxy except after doing a fast boot.

and this is not only me even in this topic there are different guys/gals who also can replicate this problem.

SIM Cards are good, 1 of them is used by me for (aprx.) 6 years and 1 of them is 1 1/2 years old and the last one is only 2 weeks old. and the older one is a 32 bit SIM Card, 2nd one is 64 bit and the newest one is 128 bit. they are from different providers.

 

[kam187]

The sim cards are not 'broken'. They are just incorectly configured.

Its the same as you installing a password on your windows computer but only for the webcam

The PIN should lock GSM AUTH, LOCI/TIMSI/KC - cached auth locations, phonebook (maybe it does since you never use the SIM phonebook), SMS (maybe it does because you never use SIM SMS).

Its like saying 5 of you're laptops are working fine because they check the webcam password before letting you login, and the 6th is broken because it doesnt.

There IS a bug in the galaxy, sure, but its a MUCH smaller security problem than in your SIM cards :-/

 

[NoUse4aNick]

Wait guys, I don't know if this is clear for most of you, but with this flaw it is only possible to bypass the SIM security restriction on a SIM card that its PIN was inserted in a previous boot, i.e. never with a new SIM.

Basically, booting in fastboot mode only disables the initial insert PIN screen. Then a) if PIN was inserted before booting, you can have full access to the carrier service, or b) if PIN was not inserted before booting, you don't have access to the carrier service (neither if you select it from available networks - cannot register in it) and you have to normally restart it to access the service.

But still, this is a serious flaw. If I lose my phone, anyone (make that people who read this forum ) can turn off the phone the number of times they want and still make calls with my SIM.
And I add this: this bypass still works if you take out the battery (and even SIM) before the fastboot.

 

[kam187]

So you mean the PIN needs to be inserted once. So its the baseband caching it?

ok, then its a major samsung flaw!

 

[NoUse4aNick]

So you mean the PIN needs to be inserted once. So its the baseband caching it?

ok, then its a major samsung flaw!

Yes, that's what I think too.
I think this is very similar to the scenario when sometimes your phone freezes and auto-boots, it skips the PIN insertion screen.

About the fact that some people can replicate this, some don't (even with the same baseband) I suspect that it has to with the fastboot version, maybe?

Mine: v0.5 build 13 Dec 2009

 

[atbeyi]

So you mean the PIN needs to be inserted once. So its the baseband caching it?

ok, then its a major samsung flaw!

lets say there are two sim cards with different pins, sim a and sim b

insert sim a to the phone boot with fastboot PIN is asked, insert pin, remove battery, remove sim, re insert sim and batterry, fastboot; no PIN is asked after all and you may use all the abilities of the SIM Card.

same scenario can be done with SIM B

 

[mrbrdo]

I'm not sure if this is the same issue, but I noticed that whenever the phone reboots, it doesn't ask for PIN. I don't think that's really a bug but it's actually a feature (ha ha). Since if you reboot you already had to enter PIN anyway...
Can you replicate this "problem" starting with a completely turned off phone, without having to enter PIN even once and still be able to call? If not I don't think it's anything to worry about.

 

[NoUse4aNick]

I'm not sure if this is the same issue, but I noticed that whenever the phone reboots, it doesn't ask for PIN. I don't think that's really a bug but it's actually a feature (ha ha). Since if you reboot you already had to enter PIN anyway...
Can you replicate this "problem" starting with a completely turned off phone, without having to enter PIN even once and still be able to call? If not I don't think it's anything to worry about.

I think you didn't read the previous posts. Where in the part of "removing the battery, boot and still be able to make calls without entering PIN" you didn't understand? And, again, it's not possible to bypass the PIN if you put the card for the first time, but after inserting, you can bypass it in following boots.

Oh well, here's a video demonstrating this (just fast-forward the boring parts): YouTube - Android bypassing PIN insertion

 

[atbeyi]

Oh well, here's a video demonstrating this (just fast-forward the boring parts):

is it a galaxy or anyother app?

(i am using galaxy and wifi tether now thats why i can't watch it)

 

[atbeyi]

Oh well, here's a video demonstrating this (just fast-forward the boring parts):

is it a galaxy or any other phone?

(i am using galaxy and wifi tether now thats why i can't watch it)

 

[Alonski]

Anyone wanna sue Samsung? Nah just kidding. Maybe this can be fixed in musty or drak builds?

 

[KlaymenDK]

This is depressing. It also works on stock v1.5, and even circumvents the pattern unlock.
Edit: Oh wait, this time it did ask for my pattern. Hmm.