1
|
$ osmo-auc-gen -3 -a milenage -r 00000000000000000000000000000000 -k FC25DB57763B6B3DFADE72F1F13CE90D -o 104D18F40D46C8BE0BB0EC05CC8B2F53
|
2
|
osmo-auc-gen (C) 2011-2012 by Harald Welte
|
3
|
This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY
|
4
|
|
5
|
RAND: 00000000000000000000000000000000
|
6
|
AUTN: 394372ac939d0000b4247a0e6225e5ee
|
7
|
IK: 8404a34e52a07f54a5c49cbac9aab99d
|
8
|
CK: 4a6ddf65c17eb63dcec3e31299dd45b9
|
9
|
RES: 49b7d6de3ca0a10b
|
10
|
SRES: 751777d5
|
11
|
Kc: a56e0383c3a9354d
|
12
|
$ cd osmo-sim-auth/
|
13
|
$ ./osmo-sim-auth.py -d -r 00000000000000000000000000000000 -a 394372ac939d0000b4247a0e6225e5ee
|
14
|
[+] UICC AID found:
|
15
|
APDU-TX: 00 a4 08 04 02 2f 00
|
16
|
DATA-RX:
|
17
|
SW1-RX: 0x61
|
18
|
SW2-RX: 0x24
|
19
|
APDU-TX: 00 c0 00 00 24
|
20
|
DATA-RX: 62 22 82 05 42 21 00 26 02 83 02 2f 00 a5 06 c0 01 00 ca 01 80 8a 01 05 8b 03 2f 06 04 80 02 00 4c 88 01 f0
|
21
|
SW1-RX: 0x90
|
22
|
SW2-RX: 0x00
|
23
|
APDU-TX: 00 b2 01 04 26
|
24
|
DATA-RX: 61 19 4f 10 a0 00 00 00 87 10 02 ff ff ff ff 89 07 09 00 00 50 05 55 53 69 6d 31 ff ff ff ff ff ff ff ff ff ff ff
|
25
|
SW1-RX: 0x90
|
26
|
SW2-RX: 0x00
|
27
|
APDU-TX: 00 b2 02 04 26
|
28
|
DATA-RX: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
|
29
|
SW1-RX: 0x90
|
30
|
SW2-RX: 0x00
|
31
|
found [AID 1] 3GPP || USIM || (255, 255) || (255, 255) || (137, 7, 9, 0, 0)
|
32
|
APDU-TX: 00 a4 04 04 10 a0 00 00 00 87 10 02 ff ff ff ff 89 07 09 00 00
|
33
|
DATA-RX:
|
34
|
SW1-RX: 0x61
|
35
|
SW2-RX: 0x59
|
36
|
APDU-TX: 00 c0 00 00 59
|
37
|
DATA-RX: 62 57 82 02 78 21 83 02 7f ff 84 10 a0 00 00 00 87 10 02 ff ff ff ff 89 07 09 00 00 a5 16 83 02 7f ff cb 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 01 80 8a 01 05 ab 15 80 01 01 a4 06 83 01 0a 95 01 08 80 01 40 97 00 80 01 06 90 00 c6 09 90 01 40 83 01 01 83 01 81
|
38
|
SW1-RX: 0x90
|
39
|
SW2-RX: 0x00
|
40
|
[+] USIM AID selection succeeded
|
41
|
|
42
|
APDU-TX: 00 a4 00 04 02 6f 07
|
43
|
DATA-RX:
|
44
|
SW1-RX: 0x61
|
45
|
SW2-RX: 0x29
|
46
|
APDU-TX: 00 c0 00 00 29
|
47
|
DATA-RX: 62 27 82 02 41 21 83 02 6f 07 a5 0e c0 01 00 9b 06 3f 00 7f 20 6f 07 ca 01 80 8a 01 05 8b 03 6f 06 03 80 02 00 09 88 01 38
|
48
|
SW1-RX: 0x90
|
49
|
SW2-RX: 0x00
|
50
|
[DBG] BER structure:
|
51
|
[(['applicative', 'constructed', 2], 39, [130, 2, 65, 33, 131, 2, 111, 7, 165, 14, 192, 1, 0, 155, 6, 63, 0, 127, 32, 111, 7, 202, 1, 128, 138, 1, 5, 139, 3, 111, 6, 3, 128, 2, 0, 9, 136, 1, 56])]
|
52
|
[DBG] 130 / File Descriptor: [65, 33]
|
53
|
[DBG] 131 / File Identifier: [111, 7]
|
54
|
[DBG] 165 / Proprietary BERTLV: [192, 1, 0, 155, 6, 63, 0, 127, 32, 111, 7, 202, 1, 128]
|
55
|
[DBG] 138 / Life Cycle Status: [5]
|
56
|
[DBG] 139 / Security Attributes ref to expanded: [111, 6, 3]
|
57
|
[DBG] 128 / Size: [0, 9]
|
58
|
[DBG] 136 / Short File Identifier: [56]
|
59
|
APDU-TX: 00 b0 00 00 09
|
60
|
DATA-RX: 08 99 10 07 00 00 10 60 55
|
61
|
SW1-RX: 0x90
|
62
|
SW2-RX: 0x00
|
63
|
Testing USIM card with IMSI 901700000010655
|
64
|
|
65
|
UMTS Authentication
|
66
|
APDU-TX: 00 88 00 81 22 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 39 43 72 ac 93 9d 00 00 b4 24 7a 0e 62 25 e5 ee
|
67
|
DATA-RX:
|
68
|
SW1-RX: 0x61
|
69
|
SW2-RX: 0x10
|
70
|
APDU-TX: 00 c0 00 00 10
|
71
|
DATA-RX: dc 0e d6 c6 b7 48 c5 1e 23 52 b1 a2 44 d5 50 cc
|
72
|
SW1-RX: 0x90
|
73
|
SW2-RX: 0x00
|
74
|
[+] Synchronization failure. Get [AUTS]
|
75
|
AUTS: d6c6b748c51e2352b1a244d550cc
|
76
|
|
77
|
GSM Authentication
|
78
|
APDU-TX: 00 88 00 80 11 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
79
|
DATA-RX:
|
80
|
SW1-RX: 0x61
|
81
|
SW2-RX: 0x0e
|
82
|
APDU-TX: 00 c0 00 00 0e
|
83
|
DATA-RX: 04 69 40 dd 8f 08 1e e0 f8 df 3d 5b 1c 00
|
84
|
SW1-RX: 0x90
|
85
|
SW2-RX: 0x00
|
86
|
[+] Successful 2G authentication. Get [RES, Kc]
|
87
|
SRES: 6940dd8f
|
88
|
Kc: 1ee0f8df3d5b1c00
|
89
|
$ osmo-auc-gen -3 -a milenage -r 00 -k FC25DB57763B6B3DFADE72F1F13CE90D -o 104D18F40D46C8BE0BB0EC05CC8B2F53 -A d6c6b748c51e2352b1a244d550cc
|
90
|
osmo-auc-gen (C) 2011-2012 by Harald Welte
|
91
|
This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY
|
92
|
|
93
|
RAND: 00000000000000000000000000000000
|
94
|
AUTN: 394372ac939c00003246c15fcc226926
|
95
|
IK: 8404a34e52a07f54a5c49cbac9aab99d
|
96
|
CK: 4a6ddf65c17eb63dcec3e31299dd45b9
|
97
|
RES: 49b7d6de3ca0a10b
|
98
|
SRES: 751777d5
|
99
|
Kc: a56e0383c3a9354d
|
100
|
AUTS success: SEQ.MS = 2
|
101
|
$ osmo-auc-gen -3 -a milenage -r 00 -k FC25DB57763B6B3DFADE72F1F13CE90D -o 104D18F40D46C8BE0BB0EC05CC8B2F53 -s 3
|
102
|
osmo-auc-gen (C) 2011-2012 by Harald Welte
|
103
|
This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY
|
104
|
|
105
|
RAND: 00000000000000000000000000000000
|
106
|
AUTN: 394372ac939e00008a0ecbdc50c586df
|
107
|
IK: 8404a34e52a07f54a5c49cbac9aab99d
|
108
|
CK: 4a6ddf65c17eb63dcec3e31299dd45b9
|
109
|
RES: 49b7d6de3ca0a10b
|
110
|
SRES: 751777d5
|
111
|
Kc: a56e0383c3a9354d
|
112
|
$ ./osmo-sim-auth.py -d -r 00000000000000000000000000000000 -a 394372ac939e00008a0ecbdc50c586df
|
113
|
[+] UICC AID found:
|
114
|
APDU-TX: 00 a4 08 04 02 2f 00
|
115
|
DATA-RX:
|
116
|
SW1-RX: 0x61
|
117
|
SW2-RX: 0x24
|
118
|
APDU-TX: 00 c0 00 00 24
|
119
|
DATA-RX: 62 22 82 05 42 21 00 26 02 83 02 2f 00 a5 06 c0 01 00 ca 01 80 8a 01 05 8b 03 2f 06 04 80 02 00 4c 88 01 f0
|
120
|
SW1-RX: 0x90
|
121
|
SW2-RX: 0x00
|
122
|
APDU-TX: 00 b2 01 04 26
|
123
|
DATA-RX: 61 19 4f 10 a0 00 00 00 87 10 02 ff ff ff ff 89 07 09 00 00 50 05 55 53 69 6d 31 ff ff ff ff ff ff ff ff ff ff ff
|
124
|
SW1-RX: 0x90
|
125
|
SW2-RX: 0x00
|
126
|
APDU-TX: 00 b2 02 04 26
|
127
|
DATA-RX: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
|
128
|
SW1-RX: 0x90
|
129
|
SW2-RX: 0x00
|
130
|
found [AID 1] 3GPP || USIM || (255, 255) || (255, 255) || (137, 7, 9, 0, 0)
|
131
|
APDU-TX: 00 a4 04 04 10 a0 00 00 00 87 10 02 ff ff ff ff 89 07 09 00 00
|
132
|
DATA-RX:
|
133
|
SW1-RX: 0x61
|
134
|
SW2-RX: 0x59
|
135
|
APDU-TX: 00 c0 00 00 59
|
136
|
DATA-RX: 62 57 82 02 78 21 83 02 7f ff 84 10 a0 00 00 00 87 10 02 ff ff ff ff 89 07 09 00 00 a5 16 83 02 7f ff cb 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 01 80 8a 01 05 ab 15 80 01 01 a4 06 83 01 0a 95 01 08 80 01 40 97 00 80 01 06 90 00 c6 09 90 01 40 83 01 01 83 01 81
|
137
|
SW1-RX: 0x90
|
138
|
SW2-RX: 0x00
|
139
|
[+] USIM AID selection succeeded
|
140
|
|
141
|
APDU-TX: 00 a4 00 04 02 6f 07
|
142
|
DATA-RX:
|
143
|
SW1-RX: 0x61
|
144
|
SW2-RX: 0x29
|
145
|
APDU-TX: 00 c0 00 00 29
|
146
|
DATA-RX: 62 27 82 02 41 21 83 02 6f 07 a5 0e c0 01 00 9b 06 3f 00 7f 20 6f 07 ca 01 80 8a 01 05 8b 03 6f 06 03 80 02 00 09 88 01 38
|
147
|
SW1-RX: 0x90
|
148
|
SW2-RX: 0x00
|
149
|
[DBG] BER structure:
|
150
|
[(['applicative', 'constructed', 2], 39, [130, 2, 65, 33, 131, 2, 111, 7, 165, 14, 192, 1, 0, 155, 6, 63, 0, 127, 32, 111, 7, 202, 1, 128, 138, 1, 5, 139, 3, 111, 6, 3, 128, 2, 0, 9, 136, 1, 56])]
|
151
|
[DBG] 130 / File Descriptor: [65, 33]
|
152
|
[DBG] 131 / File Identifier: [111, 7]
|
153
|
[DBG] 165 / Proprietary BERTLV: [192, 1, 0, 155, 6, 63, 0, 127, 32, 111, 7, 202, 1, 128]
|
154
|
[DBG] 138 / Life Cycle Status: [5]
|
155
|
[DBG] 139 / Security Attributes ref to expanded: [111, 6, 3]
|
156
|
[DBG] 128 / Size: [0, 9]
|
157
|
[DBG] 136 / Short File Identifier: [56]
|
158
|
APDU-TX: 00 b0 00 00 09
|
159
|
DATA-RX: 08 99 10 07 00 00 10 60 55
|
160
|
SW1-RX: 0x90
|
161
|
SW2-RX: 0x00
|
162
|
Testing USIM card with IMSI 901700000010655
|
163
|
|
164
|
UMTS Authentication
|
165
|
APDU-TX: 00 88 00 81 22 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 39 43 72 ac 93 9e 00 00 8a 0e cb dc 50 c5 86 df
|
166
|
DATA-RX:
|
167
|
SW1-RX: 0x61
|
168
|
SW2-RX: 0x10
|
169
|
APDU-TX: 00 c0 00 00 10
|
170
|
DATA-RX: dc 0e d6 c6 b7 48 c5 1e 23 52 b1 a2 44 d5 50 cc
|
171
|
SW1-RX: 0x90
|
172
|
SW2-RX: 0x00
|
173
|
[+] Synchronization failure. Get [AUTS]
|
174
|
AUTS: d6c6b748c51e2352b1a244d550cc
|
175
|
|
176
|
GSM Authentication
|
177
|
APDU-TX: 00 88 00 80 11 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
178
|
DATA-RX:
|
179
|
SW1-RX: 0x61
|
180
|
SW2-RX: 0x0e
|
181
|
APDU-TX: 00 c0 00 00 0e
|
182
|
DATA-RX: 04 69 40 dd 8f 08 1e e0 f8 df 3d 5b 1c 00
|
183
|
SW1-RX: 0x90
|
184
|
SW2-RX: 0x00
|
185
|
[+] Successful 2G authentication. Get [RES, Kc]
|
186
|
SRES: 6940dd8f
|
187
|
Kc: 1ee0f8df3d5b1c00
|
188
|
|