OOA/OOP

After completing GHOST testing on the GAIT phone, my manager told me a engineer wanted to get with me and attempt some over the air activation and over the air programming (OOA/OOP). So, I contacted the engineer and invited him to stop by when he was ready.

He came to me asking questions about programming SMS messages on my base station. I demonstrated to him what could be done. He then explained that he believed he had figured out how to program the SIM over-the-air and asked if I could write an OOA/OOP script for him. I said sure. He then pulled up a file containing a long hex string and gave it to me.

I could decode the raw SMS hex code by sight but didn't recognize what he gave me. Anyway, we calculated the length and I created a SMS script to send it to the phone. It took a few times to get everything working but in short order, we were doing OOA/OOP over the air!

I never really knew if he had found a SIM exploit, if he just happened to come across where someone else published a SIM exploit, or if the SIM manufacturer had provided the authentication information. We could only do this with one particular manufacturers SIM. In any event, being able to test OOA/OOP in-house was a real benefit in that normally, only pieces of the OOA/OOP process could be tested in-house.

He would generate the strings and give them to me. I would then code up the script and OTA program the phone. We worked together like this for about two or three weeks.