Notices

IMSI can be easily found with appropriate hardware (SIM card reader) and programs, but only if you have PIN.
Read for example here:
http://www.mfi-training.com/forum/paper/SIM&Salsa.pdf
I know it because once I was interested in SIM cloning.

Thank you! Let's cross our fingers then.

So you might be interested in this: http://talk.maemo.org/showthread.php?t=84987

That's all true, I fully agree. The good news are: Nobody will be forced using data on SIM as key for their encrypted data. It would be an optional feature offering convenience at an expense of security.

Those having data on their N900 that must be hidden against "three letter agencies" in all and every case should not use the planned feature using IMSI or other data on SIM. A SIM is protected by a 4 digit PIN only and can even be retrieved by specialists. For max security, you have to mount your truecrypt partitions manually by entering a strong 78 letter password (for hard to crack 512 bits) key by key.

Don't forget the device lock code which protects access to already mounted truecrypt data. Not sure if it can be more than 5 digits. Would need 155 digits for 512 bits. Do not assume brute force trying of device lock codes could not be automated by specialists.

Not sure what you mean. smscon does not store passwords as plain text . In my truecrypt/IMSI example description the "plain text password" is the encoded form of the decoded password. Should not have named this "plain text", sorry for confusion.

For more information see wikipedia - IMSI look for --> "Authentication key (Ki)" --> "Authentication process:" --> #1:

As far as I know , there's no way to clone newest SIM cards (and for "newest" I mean the ones produced about in the last 10 years).
The problem is just you can't extract Ki neither with brute-force, you just burn your SIM card.
I spent some times reading some documentation, so I'm pretty sure about it.

Of course, I guess investigative agencies have no problem to obtain all they need directly from the operator.

Max is 8 digits - theoretical limit is 10, but when using it, it unlocks by *both* providing 10 digits, or first 8 only (!).

As for automating brute force of lock code, it's interesting idea. Lock code is trivial to break (DES), but only, if You have access to root filesystem, which *shouldn't* be possible without rebooting, if already presented with lock code prompt. When prompted, every 2 wrong attempts there is delay, that increases in 3th attempt, then disappear for next 2 attempts, and so goes on, in circle. Both delays are customizable (don't remember where, but it is easy to find it, IIRC).

Honestly, I can't think of any way, that would allow "3 letter agencies" and their specialists to retrieve lock code/unlock, without causing reboot (messing with flash storage content directly, without device in middle, should definitely cause reboot, and it's far from achievable, without de-soldering One NAND or cutting motherboard and doing extra-precise connections to certain paths itself, without harming other paths).

If anyone have sensible ideas, it's worth to discuss them in Truecrypt thread
---

yablacky, it's great to hear, that You've managed to move lock code prompt! May I ask, what are current pitfails about? Maybe someone will be able to help overcome them?

/Estel

I solved most problems. One important remains:
When locking the phone using this method Phone_control#Security_Device_Lock_with_lockcode the power button won't get disabled. When pressing it, the corresponding menu is still shown. Most available options do not work, fortunately. But "Offline Mode" can be enabled. This counteracted the whole story because it disconnects the phone from networks.

Does anybody have an idea how to disable power-button menu as well?

Oh my, I remember hitting this bug when I've exploited putting device into "deepest sleep" via button in power menu key (with auto off-line mode and locking via code, just before putting it into freeze). Unfortunately, never found a way to overcome it. I guess it's high time time for really smashing this obstacle - will investigate.

/Estel

Possible solution could be:
(1) When locking the phone, the undesired menu items (Flight mode/Telephone - they must be known in advance) can be disabled explicitly. On regular unlock they would have to be enabled again automatically.

(2) When locking the phone, replace the complete power-button menu by one that contains desired items only (e.g . Power-off/Reboot). This also has to be undone automatically on regular unlock.

The 2nd solution would apply to custom entries as well, which usually do fancy things which should not be available while phone is locked.