Version 1 - History - Osmo-sim-auth - osmo-sim-auth - Open Source Mobile Communications

1

laforge

[[PageOutline]]

2

= osmo-sim-auth =

3

4

osmo-sim-auth is a small script that can be used with a PC-based smart card

5

reader to obtain GSM/UMTS authentication parameters from a SIM/USIM

6

card.

7

8

The program can be found in the git repository at git://git.osmocom.org/osmo-sim-auth, web-based browsing is available at http://cgit.osmocom.org/cgit/osmo-sim-auth

9

10

== prerequisites ==

11

12

We assume that you have

13

14

 * A smart card reader compatible with pcsc-lite

15

 * Installed python program and pyscard library

16

17

=== smart card reader ===

18

19

Any reader supported by pcsc-lite will work.  However, a reader

20

compatible with the USB CCID device class is much recommended.

21

22

Please verify that the hardware and driver setup is working, e.g. by

23

using the 'pcsc_scan' tool included with pcsc-lite.  You should get an

24

output like:

25

{{{

26

V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>

27

Compiled with PC/SC lite version: 1.5.5

28

Scanning present readers...

29

0: OmniKey CardMan 5121 00 00

30

31

Wed Dec  7 01:32:37 2011

32

 Reader 0: OmniKey CardMan 5121 00 00

33

  Card state: Card inserted, Shared Mode,

34

  ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2

35

36

ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2

37

}}}

38

39

plus many more lines of output decoding the ATR.

40

41

If you only get

42

{{{

43

PC/SC device scanner

44

V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>

45

Compiled with PC/SC lite version: 1.5.5

46

Scanning present readers...

47

0: OmniKey CardMan 5121 00 00

48

49

Wed Dec  7 01:35:08 2011

50

 Reader 0: OmniKey CardMan 5121 00 00

51

  Card state: Card removed,

52

}}}

53

54

then your card was not detected in the reader.

55

If you don't even get any displayed readers, your hardware and/or driver

56

setup are likely wrong.

57

58

59

=== pyscard ===

60

61

pyscard can be installed from packages of major Linux distributions.

62

63

If you want to build it from source, it is available from

64

http://pyscard.sourceforge.net/

65

66

67

== running osmo-sim-auth ==

68

69

{{{

70

$ ./osmo-sim-auth.py --help

71

Usage: osmo-sim-auth.py [options]

72

73

Options:

74

  -h, --help            show this help message and exit

75

  -a AUTN, --autn=AUTN  AUTN parameter from AuC

76

  -r RAND, --rand=RAND  RAND parameter from AuC

77

  -d, --debug           Enable debug output

78

  -s, --sim             SIM mode (default: USIM)

79

}}}

80

81

you can run the program in two modes:

82

 * running GSM authentication (classic SIM card protocol)

83

 * running UMTS authentication (USIM card protocol)

84

85

=== classic GSM authentication ===

86

87

This mode will use the "RUN GSM ALGORITHM" command as specified in GMS

88

TS 11.11

89

90

You have to specify

91

 * the 16 byte RAND value from the AuC (-r) as 32 hex digits

92

 * the '-s' flag to enable SIM mode

93

94

{{{

95

$ ./osmo-sim-auth.py -r 00000000000000000000000000000000 -s

96

Testing SIM card with IMSI 901700000000403

97

98

GSM Authentication

99

SRES:   215fdb4d

100

Kc:     6de816a759a42912

101

}}}

102

103

=== UMTS authentication ===

104

105

This mode will use the "AUTHENTICATE" command as specified in 3GPP TS

106

31.102

107

108

You have to specify

109

 * the 16 byte RAND value from the AuC (-r) as 32 hex digits

110

 * the 16 byte AUTN value from the AuC (-a) as 32 hex digits

111

112

==== successful operation ====

113

114

In this case, the tool will output the following values obtained from

115

the card:

116

 * RES authentication result value

117

 * CK ciphering key

118

 * IK integrity key

119

 * Kc for inter-RAN handover from UMTS -> 2G

120

121

Secondly, the tool will re-run the authentication in "2G authentication

122

context" in order to obtain the SRES result.  This value would be used

123

if a 3G/2G dual-mode phone registers on a 2G network.

124

125

{{{

126

python ./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2000000e1dd22c1ad3e2d3d

127

[+] UICC AID found:

128

found [AID 1] 3GPP || USIM || (255, 134) || (255, 255) || (137, 255,

129

255, 255, 255)

130

[+] USIM AID selection succeeded

131

132

Testing USIM card with IMSI 901700000000403

133

134

UMTS Authentication

135

RES:    e9fc88ccc8a35381

136

CK:     7200a184d8f2c758fbdf87900ddbf275

137

IK:     12cb2dd3e0ec8378f6fc1d606c619f47

138

Kc:     6de816a759a42912

139

140

GSM Authentication

141

SRES:   215fdb4d

142

Kc:     6de816a759a42912

143

}}}

144

145

==== synchronization required ====

146

In this case, the AUTHENTICATE command will return the AUTS parameter,

147

which has to be sent to the AuC in order to re-synchronzie the SQN

148

counter which is kept in both the USIM as well as the AuC.

149

150

{{{

151

./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2120000c8b7de2a3449f1bd

152

[+] UICC AID found:

153

found [AID 1] 3GPP || USIM || (255, 134) || (255, 255) || (137, 255,

154

255, 255, 255)

155

[+] USIM AID selection succeeded

156

157

Testing USIM card with IMSI 901700000000403

158

159

UMTS Authentication

160

AUTS:   8711a0ec9e2be2f766881a64605b

161

162

GSM Authentication

163

SRES:   215fdb4d

164

Kc:     6de816a759a42912

165

}}}

Project

General

Profile

SIM card related Projects » osmo-sim-auth

Osmo-sim-auth » History » Version 1