Shadysimpy » History » Revision 7
Revision 6 (osmith, 02/26/2020 08:57 AM) → Revision 7/10 (osmith, 03/27/2020 03:21 PM)
Dieter Spaar has modified the shadysim.py to support the configured OTA mode on the sysmoUSIM-SJS1 (and by extension the SIM Cards issued at 31C3, the following camp and 32C3).
h2. What is it about
(U)SIM cards are Java capable and there is the Globalplatform that specifies standards API. SMS can be addressed directly to the SIM card, the SIM card will get events for network selection and others, it can modify call establishment attempts.
The following will show how to build the example applet and install it on your USIM. If you create plugins please make them available as Free Software and point us to them. If you find interesting Globalplatform APIs or hacks please talk about it.
h2. What you will need
* sysmoUSIM-SJS1 card
* KIC, KID private keys of the card
* PCSC, serial card reader or be able to send SMS to the SIM card
* JDK to create Java1.1 bytecode to create/customize SIM Toolkit applets.
* Dependency for sim-tools: python-pyscard
h2. What you can read
* JavaCard? API specification (http://www.andresteder.com/static/api/simtoolkitapi/sim/toolkit/package-summary.html)
* 3GPP sim.toolkit API (http://www.etsi.org/deliver/etsi_ts/101400_101499/101476/07.00.00_60/ts_101476v070000p.pdf). Specially setEvent is a good keyword to look at!
* 3GPP TS 31.102 Characteristics of the Universal Subscriber Identity Module (USIM) application, describes the file system in 4.7 https://www.etsi.org/deliver/etsi_ts/131100_131199/131102/15.08.00_60/ts_131102v150800p.pdf
h2. Building an example applet
<pre>
git clone git://git.osmocom.org/sim/sim-tools/
git clone git://git.osmocom.org/sim/hello-stk
cd hello-stk/hello-stk
make
ls -la ./build/javacard/org/toorcamp/HelloSTK/javacard/HelloSTK.cap
</pre>
If you have a javac in your system you have now built an example Helloworld applet.
h2. Working with a PC/SC reader
Make sure you have the KIC1, KIC2, KIC3 and KID1, KID2 and KID3 for your card. If you have a CCC Event card from 31C3 or later you should be set and for the sysmoUSIM-SJS1 be sure to buy the option that includes the ADM1 keys as otherwise no OTA keys will be provided to you (you will have to buy a new batch of cards then).
<pre>
#Clone if you have not done the above
git clone git://git.osmocom.org/sim/sim-tools/
cd sim-tools/shady-sim
# Load the applet
python shadysim.py --pcsc -l HelloSTK.cap -i HelloSTK.cap \
--enable-sim-toolkit --module-aid d07002ca44900101 \
--instance-aid d07002CA44900101 \
--nonvolatile-memory-required 0100 \
--volatile-memory-for-install 0100 \
--max-menu-entry-text 15 \
--max-menu-entries 05 --kic KIC1 \
--kid KID1
# Delete it (it takes time)
python shadysim.py --pcsc -d d07002CA449001 \
--kic KIC1 \
--kid KID1
</pre>
h2. Working with a SMPP reader
Instead of directly interacting with the SIM through a PCSC reader the APDU is sent through SMPP. Replace the --pcsc call with --smpp and lines starting with SMPP are printed. These then need to be sent.
h2. Troubleshooting
h4. "SW match failed! Expected 9000 and got 6985."
You have probably tried to flash twice, without deleting the applet.
h4. "error: Source option 1.3 is no longer supported. Use 6 or later."
Your openjdk version is too new: support for building the source and target versions required for SIM applets has been dropped. Build with openjdk-8. On debian:
<pre>
$ export PATH=/usr/lib/jvm/java-1.8.0-openjdk-amd64/bin:$PATH
</pre>
If you have upgraded your debian from 9 to 10, you might already have it installed (check if @/usr/lib/jvm/java-8-openjdk-amd64@ exists). Otherwise, you can add the debian 9 (stretch) related mirrors to your @/etc/apt/sources.list@ (copy the buster entries, but replace buster with stretch). After @apt update@, the openjdk-8 related packages are available for installation.
