SIM card related Projects » pySim

h1. Manually Testing USIM Authentication

This page describes how  you can use Osmocom tools to manually test USIM / ISIM authentication against a SIM card.

h2. Prerequisites

* A USIM card of which you know the secret key K + OP/OPc

* A smart card interface device ("reader") supported by pysim (such as any pcsc-lite / libccid compatible reader)

* @osmo-auc-gen@ program (part of [[libosmocore:]])

* @pySim-shell@ program (part of [[pysim:]])

h2. Step-by-step guide

h3. Generate a 16-byte random challenge

Let's use @/dev/random@ to generate 16 bytes of randomness; conver it to hexadecimal

<pre>

$ dd if=/dev/random bs=16 count=1 2>/dev/null | xxd -p -l 100

8188388ad5cdd481b02298ff29827791

</pre>

h3. Generating the actual quintuple using @osmo-auc-gen@

This process mimics what is happening inside the Authentication Centre part of the HLR/HSS of your 2G/3G/4G network: Deriving RES from K, OP/OPc and SEQ/SQN.

We use the card-specific K + OPc values we received from the card manufacturer, as well as the random  value we generated in the previous  step

<pre>

$ osmo-auc-gen --3g --algorithm MILENAGE --key 77291F1E17132ADD86DC23A3AF601C89 --opc 831AFD01EF48692EC6FD18AEAB6CF381 --rand 8188388ad5cdd481b02298ff29827791

osmo-auc-gen (C) 2011-2012 by Harald Welte

This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY

RAND:   8188388ad5cdd481b02298ff29827791

AUTN:   7f62c464f6d60000b77b88e0f6b9449c

IK:     43c7bc1e8e193ed2e0e7e164126bbed5

CK:     a0188b5f7724878b86b9a336d8f2e327

RES:    b4013d66d107a2b6

IMS nonce:      gYg4itXN1IGwIpj/KYJ3kX9ixGT21gAAt3uI4Pa5RJw=

IMS res:        tAE9ZtEHorY=

SRES:   65069fd0

Kc:     8581751333a4e4ab

SQN:    32

IND:    0

</pre>

This shows us the following information

* input data (RAND, IND, SQN)

* the challenge the network would send via radio interface to the UE/phone/modem (RAND, AUTN)

* the data the network keeps on the network side and does *not* send over radio:

** the A3 authentication result value (RES)

** the A8 generated keys for integrity protection and ciphering (IK, CK)

** the derived GSM values in case of fall-back to 2G (Kc, SRES)

h3. Performing authentication with the card, using @pySim-shell@

We now perform what the phone/modem does with the SIM card when it receives the RAND + AUTN values from the cellular network via a @AUTHENTICATION REQUEST@.

For this, we use  [[pysim:]], specifically the @authentication@ command in it.  It takes two parameters: @rand@ and @autn@

As we want to do UMTS-AKA against the USIM application on the card, we must first select @ADF.USIM@.

<pre>

$ ./pySim-shell.py -p0

Using PC/SC reader interface

Waiting for card...

Autodetected card type: sysmoISIM-SJA2

Info: Card is of type: UICC-SIM

AIDs on card:

 USIM: a0000000871002ffffffff8907090000 (EF.DIR)

 ISIM: a0000000871004ffffffff8907090000 (EF.DIR)

 ADF.ISD: a000000003000000

 ARA-M: a00000015141434c00

Detected CardModel: SysmocomSJA2

Welcome to pySim-shell!

pySIM-shell (MF)> select ADF.USIM

pySIM-shell (MF/ADF.USIM)> authenticate 8188388ad5cdd481b02298ff29827791 7f62c464f6d60000b77b88e0f6b9449c

{

    "successful_3g_authentication": {

        "res": "b4013d66d107a2b6",

        "ck": "a0188b5f7724878b86b9a336d8f2e327",

        "ik": "43c7bc1e8e193ed2e0e7e164126bbed5",

        "kc": "8581751333a4e4ab"

    }

}

</pre>

In this successful case, we see the card has accepted the AUTN nonce and generated the following output parameters:

* authentication result (RES); would be sent back to the network, where the network compares it with the expected RES value it has computed earlier. If it matches, authentication is OK.

* integrity protection (IK) and ciphering (CK) keys

** used for air interface protection on 3G/UMTS after a @CIPHERING MODE COMMAND

** used in derived forms for air interface protection and NAS protection in 4G/LTE

* GSM ciphering key (Kc); used for encryption on 2G/GSM/GPRS after a @CIPHERING MODE COMMAND@