Find Out How to Access iPhone Sim Card Using AT+ Commands To Read Its Hidden Info

Have you ever thought about deciphering Sim card of your iPhone? Because I thought. You may ask why? The answer is simple. You can do that to access iPhone Sim card’s hidden info. And here I’ll show you the way to do that using AT+ commands.

You can access iPhone Sim card to get info and use it to decipher your SIM while your iPhone is connected to the network. It is good method if you don’t have handy Sim card reader.

access iPhone sim card

Here I’ll show you AT+ commands and examples which you can use to access iPhone Sim card but first read what you need for successful access.

Requirements

  • First you need to jailbreak your iPhone to get SSH access.
  • The second thing you should do is to install Minicom on your iPhone.
  • After you install Minicom, set Serial Device to read the port. Just add this:
/dev/tty.debug

After you have done all these requirements you can access iPhone Sim card to be sure that it works. Here below I give you what AT+ commands you need to use and examples how it would look like.

How to Access iPhone Sim Card

Note: Successful iPhone Sim card access depends on version of iOS firmware. If you are on iPhone 4 or newer one please use this guide to connect to iPhone baseband using minicom and Signal app.

1. Run GSM Algorithm

Commands:

AT+CSIM=14,"A0A40000027F20"
AT+CSIM=42,"A088000010FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

Where the 16 0xff are the RAND

Here is an example:

AT+CSIM=14,"A0A40000027F20"
+CSIM: 48,"000010247F20020000000000091100160800838A838A9000"

OK
AT+CSIM=42,"A088000010FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+CSIM: 28,"A5975E88E0940FC09AEFA0009000"
OK

And in the response you will find this:

sres: A5 97 5E 88
Kc: E0 94 0F C0 9A EF A0 00

2. Read EF files from the SIM

Here you can read some interesting parameters which are saved on your Sim card by the ME.

Read Kc 0x6F20

Commands:

AT+CSIM=14,"A0A40000026F20"
AT+CSIM=10,"A0B0000009"

Here is the sample run:

AT+CSIM=14,"A0A40000026F20"
+CSIM: 34,"000000096F2004001100BB010200009000"

OK
AT+CSIM=10,"A0B0000009"
+CSIM: 22,"E0940FC09AEFA000009000"

OK

And you find the last Kc used here: E0 94 0F C0 9A EF A0 00, the key sequence number would be 00.

Read IMSI 0x6F07

Commands:

AT+CSIM=14,"A0A40000026F07"
AT+CSIM=10,"A0B0000009"

Here is the sample run:

/* FIXME: Do one */

Also you can read IMSI adding this command:

AT+CIMI

Here is the sample run:

AT+CIMI
 250997001138203

OK

You can find out more about IMSI number here if you don’t know what it is.

Read LOCI 0x6F7E

You can decomposed LOCI here:

  • TMSI[0:3]
  • LAI[4:8]
  • TMSI Time[9]
  • status[10]

Commands:

AT+CSIM=14,"A0A40000026F7E"
 AT+CSIM=10,"A0B000000B"

And the sample run is:

/* FIXME: Do one */

That’s it. Now you know how access iPhone Sim card and use it in everything you wish. For example to find another iPhone Sim card unlock. Or just use it in Sim card deciphering to know more about your SIM.

AT+ command and examples was taken from here.