Did anyone managed to change the HSN of his card to a new one? Not by loading an old gam file.
That's the only think that would make g@m@ C@rds not to expire very soon.
The method of logging EMMs with EMM Xtractor doesn't have any great result because you jonly change the providers of the card not the HSN. This just makes an old file to wake up without the need to let the card in the reciever for 1-2 or even 10 hours. Someone said tha you need a paid of C3 and CB line for the same hsn from the Emm Extractor but i dont think this make sense.
Moreover it is already known the way a G@m@ command is syntaxed.
How to create Gamma Update, (Commands)
'' 020100DKLNMMMMMMMMUSUL PAYLOAD CC
02 = Gamma update PDU
01 = CLA
00 = P1
DK = Index to 16byte Gamma update 3DES Key.
LN = Length of Message
MM = 8 Byte DES MAC
US = Update Selector (what to update)
For GSMK US = 01
For PMSK US = 02
For IV_PAD US = 03
For GMASK US = 04
For PMASK US = 05
For KEK US = 06
For COCO US = 08
For HSN US = 09
For ExiKey US = 0B
For AxiKey US = 0C
For ProviderID US = 10
For GroupKey US = 12
For ProductKey US = 13
For OS Erase US = 20
FOR OS Update US = 21
UL = Length of Update (for example for HSN UL = 03, for GMSK UL = 10, etc...)
PAYLOAD is the Update
CC = Message CRC or Checksum. Simply XOR message with 0x3F
OK to have multiple updates in one command.
This command will update HSN (HN), Coco (CO) and Provider ID (PI) in one go.
The DES MAC is calculated by prepending an 8 octet confounder to the plaintext,
performing a DES CBC-mode encryption on the result using the key and an initialization vector of zero,
taking the last block of the ciphertext, prepending the same confounder and encrypting the pair using DES
in cipher-block-chaining (CBC) mode using a a variant of the key, where the variant is computed by eXclusive-ORing the key
The message after LN is encrypted using the Triple DES mode CBC until the CC using 16 byte key in index DK . ''
So finally does anyone know how to change HSN??