Attempting to scan a modern, secure SIM with this software often results in the card being permanently disabled (locked) after a certain number of failed authentication attempts. Operating Systems: As a 32-bit legacy application, it often requires compatibility mode
In regions with limited access to commercial software (e.g., post-Soviet states), such utilities flourished. They were written in assembly or C, compiled to tiny executables, and often released as freeware or with a “nag screen” requesting registration. Woron Scan 1.09 would have been prized for its speed, low memory footprint, and ability to run directly from a bootable floppy—critical when the host operating system itself might be corrupt.
Modern SIM cards are designed with strict anti-tampering logic. If a modern chip detects a rapid-fire sequence of cryptographic challenge requests mimicking a tool like Woron Scan, the SIM automatically triggers a permanent internal lockout. This bricking mechanism renders the card permanently useless to protect user security. Woron Scan 1.09
The user placed the original SIM into a Phoenix-style smart card programmer connected to a PC via a serial COM port or USB-to-Serial adapter.
A Phoenix/Smartmouse USB -> RS232 SIM reader is required to bridge the SIM card with a desktop computer 1.2.1. Attempting to scan a modern, secure SIM with
To protect remaining legacy cards from brute-force attempts, manufacturers implemented internal loop counters. Modern or late-generation SIM cards are programmed to count the number of authentication attempts they process. If a card detects an abnormal influx of queries (typically exceeding 50,000 to 100,000 continuous hits without a reset), the SIM card's internal microcontroller permanently self-destructs or locks ("burns"). Running Woron Scan on an unverified or modern SIM card will frequently render the card permanently useless. 6. Legacy and Technical Summary
By utilizing brute-force and side-channel computational cryptanalysis, Woron Scan 1.09 forces the SIM card's onboard processor to execute a high volume of authentication cycles. It captures the output responses, gradually piecing together the hidden 128-bit Ki string. Once both the IMSI and Ki are extracted, users can write these values onto a blank, programmable Multi-SIM emulator card, successfully duplicating the cellular identity. 2. The Vulnerability: Exploiting COMP128v1 Woron Scan 1
Contemporary SIM profiles track rapid, abnormal authentication requests. If a modern card detects thousands of consecutive failed authentications (a symptom of scanning software), it permanently fries its own internal silicon to protect the customer's encryption keys.
Allows the extracted data to be saved, which was often used to clone SIM cards onto blank, programmable SIMs (multi-SIM solutions).
The tool eventually fell out of practical use as mobile carriers migrated to , and eventually to USIM (3G/4G/5G)