[Om2009] PIN & PUK

David Fokkema dfokkema at ileos.nl
Mon Jun 8 16:25:45 CEST 2009 

On Mon, 2009-06-08 at 12:39 +0100, Al Johnson wrote:
> On Monday 08 June 2009, David Fokkema wrote:
> > On Mon, 2009-06-08 at 12:15 +0300, Risto H. Kurppa wrote:
> > > On Mon, Jun 8, 2009 at 11:36 AM, David Fokkema<dfokkema at ileos.nl> wrote:
> > > > Hi list,
> > > >
> > > > Getting a bit too confident, I decided to change the PIN (default 0000)
> > > > of my SIM.
> > > >
> > > > 1. Paroli doesn't require you to re-enter the PIN, to make sure you
> > > > made no typo's.
> > > >
> > > > 2. Paroli doesn't give feedback on incorrect old PIN values, so you
> > > > don't really know for sure the PIN was actually changed.
> > > >
> > > > 3. On startup, unlocking the phone with your PIN is not very verbose.
> > > > An incorrect PIN results in another 'enter your PIN' screen, but
> > > > nothing like 'PIN incorrect, only 2 tries left'.
> > > >
> > > > 4. When the SIM is blocked (incorrect PIN) nothing shows in Paroli. It
> > > > doesn't tell you that the SIM is blocked and that you now need to enter
> > > > your PUK code. Having already tried a few times, I asked a colleague
> > > > for his unlocked phone to really make sure I wouldn't block the SIM by
> > > > entering incorrect PUK codes.
> > > >
> > > > So, does anyone dare reproducing this, ;-) ?
> > >
> > > Thank you David for sharing your experience! I don't think we'll soon
> > > find anyone ready to test this (maybe with old SIM cards..). Could you
> > > please report all this to http://www.paroli-project.org/trac so it
> > > will not get lost in the mail archives. I think this is something
> > > quite important to be fixed..
> >
> > I might try a few times. Apparently, as long as you're not entering an
> > incorrect PUK code ten times, all is well. Of course, an unlocked phone
> > nearby is necessary to the whole procedure.
> 
> Why? You can just use mdbus to enter the PUK and set the PIN:
> 
> http://git.freesmartphone.org/?p=specs.git;a=blob_plain;f=html/org.freesmartphone.GSM.SIM.html;hb=HEAD#Unlock

Sure, but I didn't really know if paroli had already sent several
invalid PIN attempts as actual PUK attempts (and I thus had maybe only a
few attempts left). I really wanted to make sure I didn't lock my SIM
permanently. When running tests and keeping track of your failed
attempts, you'll be quicker running the actual AT commands, of course.
Thanks for the pointer BTW, didn't know this one. Maybe this deserves a
nice wiki page.

David

More information about the support mailing list