Gevey 3G SIM – an almost functional solution for iPhone 4 decoding

There has been so much talk about Gevey SIM these days that someone managed to discusses with the manufacturers of these cards and finally explains how this device works, who can use it and under what conditions. How does it work? All telephone operator cards have a certain unique code called IMSI, which contains the information about your subscription/card. A code IMSI it looks like this: 310 150 987654321, the first 3 digits 310 represents the mobile code of his country mmc, the second set of 3 digits 150 represents the mobile network code or MNC and the last set of digits is the card identification code. When you insert the card into the iPhone, the baseband checks these 2 codes with the telephone operator and depending on the answer received will unlock/keep your terminal locked. In the old versions of iOS it was very easy to fool the baseband by falsifying these codes, but now this was impossible to do until the new cards appeared. Gevey found a new method to use these IMSIs to fool the operators, but to get the signal it was necessary to falsify another unique code called TMSI which is issued by the operator when connecting to the network and is essential to get the signal . You can find the entire technical explanation here.

OK, now let's see what the network activation procedure is: insert the card into the terminal, you will see that a signal line appears at the top of the device, a sign that you must now proceed to the next step, which involves calling the single emergency number 112 after which you have to activate/deactivate airplane mode and you have a signal. The unique emergency number 112 can be used from any coded or not coded terminal and those from Gevey have found a method to trick the network so that it provides a TMSI code for the terminal, a code based on which registration is made to the network and then the connection is obtained.

As you know, in Romania the unique emergency code 112 is intended for use only in cases of emergency, any other kind of use being punished by law. In China, this emergency number has been deactivated, so there is no problem to call it because a robot will answer and tell you that the number has been taken out of use. In Europe the situation is different, but theoretically this kind of card could also work in Romania considering that the number 112 is active. These cards only decode the basebands of the iPhone 4 terminal and we are talking about all basebands available up to iOS 4.3, inclusive.

The one who tested the product claims that the said card is much too expensive for what it offers, it can give errors at any time and there are chances that it will not work with any operator.

1. It works if A.your network handles 112 calls properly according to the GSM standard; B.they are tolerant to TSMI spoofing and does not actively validate your SIM again for incoming calls.
2. Unlike its ancestors, the i4 SIM interposer is not a drop-in-and-forget device. The exact procedure must be performed should the device restart, lose reception for an extended period of time or move to another PLMN. In all these situations the TMSI expires and has to be obtained again. Theoretically it is possible for a daemon to automate the process similar to ZeroG, but that only makes things more convoluted.
3. It is, without question, unethical or downright illegal to use the technique anywhere 112 is a legitimate emergency number. Not a huge issue in China where the number is only used for informative purposes and the networks cannot be bothered to fix the issue.
4. All firmware/baseband combinations for the i4 up to iOS4.3 is vulnerable, however the exploit may be patched in any future software updates or via the carrier. If apple can influence providers to block Cydia it is not impossible for them to press them to fix the exploit. The only way to permanently unlock your baseband is NCK.
5. SIM interposer should not harm your phone hardware, however your network could request IMEI and identify your device during the emergency call. Your identity cannot be faked it is possible that they will ban your account. There is a reason why SIM cards remain legally the property of the service provider: you are not supposed to tamper with them without breaching the contract.
6. Despite all the problems, SIM interposer does not cause any battery drain since it is only active transiently, nor would it cause signal loss because it does not change cellular transmission other than the initial validation step.