Project

General

Profile

Actions

Manually Testing USIM Authentication

This page describes how you can use Osmocom tools to manually test USIM / ISIM authentication against a SIM card. This basically replicates what happens between the network and the USIM card - but without any cellular network or a phone.

Prerequisites

  • A USIM card of which you know the secret key K + OP/OPc
  • A smart card interface device ("reader") supported by pysim (such as any pcsc-lite / libccid compatible reader)
  • osmo-auc-gen program (part of libosmocore)
  • pySim-shell program (part of pysim)

Step-by-step guide

Generate a 16-byte random challenge

Let's use /dev/random to generate 16 bytes of randomness; conver it to hexadecimal

$ dd if=/dev/random bs=16 count=1 2>/dev/null | xxd -p -l 100
8188388ad5cdd481b02298ff29827791

Generating the actual quintuple using osmo-auc-gen

This process mimics what is happening inside the Authentication Centre part of the HLR/HSS of your 2G/3G/4G network: Deriving RES from K, OP/OPc and SEQ/SQN.

We use the card-specific K + OPc values we received from the card manufacturer, as well as the random value we generated in the previous step

$ osmo-auc-gen --3g --algorithm MILENAGE --key 77291F1E17132ADD86DC23A3AF601C89 --opc 831AFD01EF48692EC6FD18AEAB6CF381 --rand 8188388ad5cdd481b02298ff29827791
osmo-auc-gen (C) 2011-2012 by Harald Welte
This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY

RAND:   8188388ad5cdd481b02298ff29827791
AUTN:   7f62c464f6d60000b77b88e0f6b9449c
IK:     43c7bc1e8e193ed2e0e7e164126bbed5
CK:     a0188b5f7724878b86b9a336d8f2e327
RES:    b4013d66d107a2b6
IMS nonce:      gYg4itXN1IGwIpj/KYJ3kX9ixGT21gAAt3uI4Pa5RJw=
IMS res:        tAE9ZtEHorY=
SRES:   65069fd0
Kc:     8581751333a4e4ab
SQN:    32
IND:    0
This shows us the following information
  • input data (RAND, IND, SQN)
  • the challenge the network would send via radio interface to the UE/phone/modem (RAND, AUTN)
  • the data the network keeps on the network side and does not send over radio:
    • the A3 authentication result value (RES)
    • the A8 generated keys for integrity protection and ciphering (IK, CK)
    • the derived GSM values in case of fall-back to 2G (Kc, SRES)

Performing authentication with the card, using pySim-shell

We now perform what the phone/modem does with the SIM card when it receives the RAND + AUTN values from the cellular network via a AUTHENTICATION REQUEST.

For this, we use pysim, specifically the authentication command in it. It takes two parameters: rand and autn (copy+pated from the above execution of osmo-auc-gen)

As we want to do UMTS-AKA against the USIM application on the card, we must first select ADF.USIM.

$ ./pySim-shell.py -p0
Using PC/SC reader interface
Waiting for card...
Autodetected card type: sysmoISIM-SJA2
Info: Card is of type: UICC-SIM
AIDs on card:
 USIM: a0000000871002ffffffff8907090000 (EF.DIR)
 ISIM: a0000000871004ffffffff8907090000 (EF.DIR)
 ADF.ISD: a000000003000000
 ARA-M: a00000015141434c00
Detected CardModel: SysmocomSJA2
Welcome to pySim-shell!
pySIM-shell (MF)> select ADF.USIM
pySIM-shell (MF/ADF.USIM)> authenticate 8188388ad5cdd481b02298ff29827791 7f62c464f6d60000b77b88e0f6b9449c
{
    "successful_3g_authentication": {
        "res": "b4013d66d107a2b6",
        "ck": "a0188b5f7724878b86b9a336d8f2e327",
        "ik": "43c7bc1e8e193ed2e0e7e164126bbed5",
        "kc": "8581751333a4e4ab" 
    }
}
In this successful case, we see the card has accepted the AUTN nonce and generated the following output parameters:
  • authentication result (RES); would be sent back to the network, where the network compares it with the expected RES value it has computed earlier. If it matches, authentication is OK.
  • integrity protection (IK) and ciphering (CK) keys
    • used for air interface protection on 3G/UMTS after a @CIPHERING MODE COMMAND
    • used in derived forms for air interface protection and NAS protection in 4G/LTE
  • GSM ciphering key (Kc); used for encryption on 2G/GSM/GPRS after a CIPHERING MODE COMMAND

Unsuccessful case (re-synchronization)

If the SQN/SEQ number on the card and on the network (HSS/HLR) side don't match, the card will refuse authentication and return an AUTS value for re-synchronization.

If this happens with pySim-shell, it will look like below:

pySIM-shell (MF/ADF.USIM)> authenticate 8188388ad5cdd481b02298ff29827791 7f62c464f6d60000b77b88e0f6b9449c
{
    "synchronisation_failure": {
        "auts": "3156b88af1197c4611e142d75ef0" 
    }
}

You must then go back to osmo-auc-gen and re-execute it using the same rand value, but in addition specifying auts

$ osmo-auc-gen --3g --algorithm MILENAGE --key 77291F1E17132ADD86DC23A3AF601C89 --opc 831AFD01EF48692EC6FD18AEAB6CF381 --rand 8188388ad5cdd481b02298ff29827791 --auts 3156b88af1197c4611e142d75ef0
osmo-auc-gen (C) 2011-2012 by Harald Welte
This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY

RAND:   8188388ad5cdd481b02298ff29827791
AUTN:   7f62c464f6b60000dc15fe983df347ae
IK:     43c7bc1e8e193ed2e0e7e164126bbed5
CK:     a0188b5f7724878b86b9a336d8f2e327
RES:    b4013d66d107a2b6
IMS nonce:      gYg4itXN1IGwIpj/KYJ3kX9ixGT2tgAA3BX+mD3zR64=
IMS res:        tAE9ZtEHorY=
SRES:   65069fd0
Kc:     8581751333a4e4ab
SQN:    64
IND:    0
SQN.MS: 32

This will now generate you a new AUTN value for the same RAND. Use that again in pySim, and it will succeed again:

pySIM-shell (MF/ADF.USIM)> authenticate 8188388ad5cdd481b02298ff29827791 7f62c464f6b60000dc15fe983df347ae
{
    "successful_3g_authentication": {
        "res": "b4013d66d107a2b6",
        "ck": "a0188b5f7724878b86b9a336d8f2e327",
        "ik": "43c7bc1e8e193ed2e0e7e164126bbed5",
        "kc": "8581751333a4e4ab" 
    }
}

Unsuccessful case (MAC failure)

If you used the wrong K/OP/OPc key material on the network/osmo-auc-gen side, then the card will report a MAC failure:

pySIM-shell (MF/ADF.USIM)> authenticate 7188388ad5cdd481b02298ff29827791 7f62c464f6b60000dc15fe983df347ae
EXCEPTION of type 'SwMatchError' occurred with message: 'SW match failed! Expected 9000 and got 9862: Security management - Authentication error, incorrect MAC'

Updated by laforge 3 months ago · 4 revisions

Add picture from clipboard (Maximum size: 48.8 MB)