Description

In this video I show how to obtain, compile and install a tool known as usbswitcher, which can force our mobile phone to use it’s usb modem (AT commands) interface. Following this, the KC (symmetric encryption key) and TMSI (Temporary Mobile Subscriber Identity) are extracted.

Topics covered:
– Identifying device modes with lsusb
– Obtaining, compiling and using usbswitcher
– Using busybox (microcom) to communicate with the usb modem
– Brief Kc and TMSI explanation, including what to use

Tools:
– usbswitcher (https://github.com/ud2/advisories/blob/master/android/samsung/nocve-2016-0004/usbswitcher.c)
– libusb version 0.12 (https://sourceforge.net/projects/libusb/files/libusb-0.1%20%28LEGACY%29/0.1.12/)
– gcc
– lsusb
– busybox microcom (alternatively, use minicom)

Stay tuned and subscribe for more upcoming videos showing actual hacks!