Project

General

Profile

Wiki » History » Version 38

wirelesss, 01/12/2017 11:19 AM

1 4 wirelesss
{{>toc}}
2
3
h1. pySim WiKi 
4 1 laforge
5
pySim-prog is a small command line utility written in python, which is used for programming various programmable SIM/USIM cards.
6
7 37 wirelesss
h2. Supported Cards
8 1 laforge
9 33 wirelesss
* [[cellular-infrastructure:sysmoUSIM-SJS1]]
10 1 laforge
* [[cellular-infrastructure:GrcardSIM]]
11
* [[cellular-infrastructure:GrcardSIM2]]
12
* [[cellular-infrastructure:MagicSIM]]
13
14
15 37 wirelesss
h2. Usage instructions
16 1 laforge
17
18 37 wirelesss
h3. Install dependencies:
19
20
<pre>
21 38 wirelesss
 sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev python-pyscard
22 37 wirelesss
</pre>
23 36 neels
24 37 wirelesss
* Connect SIM card reader.
25 16 wirelesss
26 37 wirelesss
* Insert programmable SIM card
27 1 laforge
28 37 wirelesss
h3. Check the status of connection by entering the following command:
29 1 laforge
30 37 wirelesss
<pre>
31 34 wirelesss
 pcsc_scan
32 37 wirelesss
</pre>
33 5 wirelesss
34 37 wirelesss
* If SIM card reader is recognised then we can expect something similar to the below output:
35 32 wirelesss
36 37 wirelesss
<pre>
37 5 wirelesss
 $ pcsc_scan
38
 PC/SC device scanner
39
 V 1.4.25 (c) 2001-2011, Ludovic Rousseau ludovic.rousseau@free.fr
40
 Compiled with PC/SC lite version: 1.8.14
41
 Using reader plug'n play mechanism
42
 Scanning present readers...
43
 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00 
44
 Tue Oct 18 11:48:08 2016
45
 Reader 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00
46
 Card state: Card inserted, 
47
 ATR: 3B 99 18 00 11 88 22 33 44 55 66 77 60
48
 + TS = 3B --> Direct Convention
49
 + T0 = 99, Y(1): 1001, K: 9 (historical bytes)
50 20 wirelesss
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
51 1 laforge
  129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
52 20 wirelesss
  TD(1) = 00 --> Y(i+1) = 0000, Protocol T = 0 
53 1 laforge
 -----
54
 + Historical bytes: 11 88 22 33 44 55 66 77 60
55 20 wirelesss
 Category indicator byte: 11 (proprietary format)
56 1 laforge
 Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
57
 3B 99 18 00 11 88 22 33 44 55 66 77 60
58
 sysmocom sysmoSIM-GR1
59 20 wirelesss
60 37 wirelesss
</pre>
61 20 wirelesss
62 37 wirelesss
** Exit pcsc_scan : _Ctrl+C_
63 20 wirelesss
64 1 laforge
65 37 wirelesss
h3. Get the code of PySIM by entering command:
66
67
<pre>
68 1 laforge
 git clone git://git.osmocom.org/pysim pysim
69 37 wirelesss
</pre>
70 1 laforge
71 37 wirelesss
<pre>
72 5 wirelesss
 cd pysim
73 37 wirelesss
</pre>
74 32 wirelesss
75 37 wirelesss
h3. Read your SIM card
76 5 wirelesss
77
 ./pySim-read.py -p0 or ./pySim-read.py -p1 
78 32 wirelesss
79 37 wirelesss
* Using sysmoSIM-GR1 and if everything is done correctly, you will see something similar to:
80 1 laforge
 
81 37 wirelesss
<pre>
82 1 laforge
 $ ./pySim-read.py -p0 
83 5 wirelesss
 Reading ...
84
 ICCID: 1791198229180000071
85
 IMSI: 001640000000071
86
 SMSP: ffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
87
 ACC: ffff
88
 MSISDN: Not available
89
 Done !
90
91 37 wirelesss
</pre>
92 5 wirelesss
93 37 wirelesss
h3. Program your SIM card
94 17 wirelesss
95 37 wirelesss
* Enter   @./pySim-prog.py -help@   to get overview of possible options. 
96 1 laforge
97 7 wirelesss
Similar result should appear: 
98 5 wirelesss
99
 $ ./pySim-prog.py -help
100
 Usage: pySim-prog.py [options]
101
 Options:
102
   -h, --help            show this help message and exit
103
   -d DEV, --device=DEV  Serial Device for SIM access [default: /dev/ttyUSB0]
104
   -b BAUD, --baud=BAUD  Baudrate used for SIM access [default: 9600]
105
   -p PCSC, --pcsc-device=PCSC
106
                         Which PC/SC reader number for SIM access
107
   -t TYPE, --type=TYPE  Card type (user -t list to view) [default: auto]
108
   -a PIN_ADM, --pin-adm=PIN_ADM
109
                         ADM PIN used for provisioning (overwrites default)
110
   -e, --erase           Erase beforehand [default: False]
111
   -S SOURCE, --source=SOURCE
112
                         Data Source[default: cmdline]
113
   -n NAME, --name=NAME  Operator name [default: Magic]
114
   -c CC, --country=CC   Country code [default: 1]
115
   -x MCC, --mcc=MCC     Mobile Country Code [default: 901]
116
   -y MNC, --mnc=MNC     Mobile Network Code [default: 55]
117
   -m SMSC, --smsc=SMSC  SMSP [default: '00 + country code + 5555']
118
   -M SMSP, --smsp=SMSP  Raw SMSP content in hex [default: auto from SMSC]
119
   -s ID, --iccid=ID     Integrated Circuit Card ID
120
   -i IMSI, --imsi=IMSI  International Mobile Subscriber Identity
121 1 laforge
   -k KI, --ki=KI        Ki (default is to randomize)
122 5 wirelesss
   -o OPC, --opc=OPC     OPC (default is to randomize)
123
   --op=OP               Set OP to derive OPC from OP and KI
124
   --acc=ACC             Set ACC bits (Access Control Code). not all card types
125
                         are supported
126
   -z STR, --secret=STR  Secret used for ICCID/IMSI autogen
127
   -j NUM, --num=NUM     Card # used for ICCID/IMSI autogen
128
   --batch               Enable batch mode [default: False]
129
   --batch-state=FILE    Optional batch state file
130
   --read-csv=FILE       Read parameters from CSV file rather than command line
131
   --write-csv=FILE      Append generated parameters in CSV file
132
   --write-hlr=FILE      Append generated parameters to OpenBSC HLR sqlite3
133
   --dry-run             Perform a 'dry run', don't actually program the card
134 32 wirelesss
135 37 wirelesss
h3. Example of how to program a sysmoSIM-GR1 card 
136 18 wirelesss
137 5 wirelesss
The GRcard SIM is a programmable GSM SIM card. It uses a mixture of TS11.11 / ISO7816-4 and proprietary commands for programming.
138
139 1 laforge
In the below example, we are changing the card’s IMSI to 901700000003080 (option -i) and we are specifying a new set of -n NAME (Operator name), -t TYPE (Card type), -c CC (Country code), -x MCC (Mobile Country Code), -y MNC (Mobile Network Code) and -s ID (Integrated Circuit Card ID) values.
140
 
141 25 wirelesss
 $ ./pySim-prog.py -p 0 -n OpenBSC -t sysmosim-gr1 -i 901700000003080 -c 001 -x 001 -y 02 -s 1791198229180000075
142 5 wirelesss
 Insert card now (or CTRL-C to cancel)
143
 Generated card parameters :
144
  > Name    : OpenBSC
145
  > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
146
  > ICCID   : 1791198229180000075
147
  > MCC/MNC : 1/2
148
  > IMSI    : 901700000003080
149
  > Ki      : 7edaeb6addbd72d2b2cc6ed7bfecc9c9
150
  > OPC     : 23f075ab9b1a113d4db822d8195ea20c
151
  > ACC     : None
152 1 laforge
 Programming ...
153 5 wirelesss
 Done !
154 32 wirelesss
155 37 wirelesss
h3. Example of how to program a sysmoUSIM-SJS1 card
156 31 wirelesss
157 5 wirelesss
(U)SIM cards are Java capable and there is the Globalplatform that specifies standards API. SMS can be addressed directly to the SIM card, the SIM card will get events for network selection and others, it can modify call establishment attempts.
158
159
160
Provisioning of different identities or keys.
161 13 wirelesss
 
162 5 wirelesss
If you have a variant of the card-individual ADM1 key of your sysmoUSIM-SJS1 card,  you can change any identity (IMSI, ICCID, MSISDN) stored on the (U)SIM, as well as the private key data (K, OPC).
163
164 1 laforge
In the below example, we are changing the card’s IMSI to 901700000003080 (option -i) and we are specifying a new set of -t TYPE (Card type), - a ADM_PIN (ADM PIN used for provisioning), -x MCC (Mobile Country Code), -y MNC (Mobile Network Code), -s ID (Integrated Circuit Card ID), -o OPC and -k KI (Ki) values.
165 26 wirelesss
166 5 wirelesss
 $ ./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 58001006  -x 901 -y 71 -i 901700000010659 -s 8988211000000110000 -o 398153093661279FB1FC74BE07059FEF -k 1D8B2562B992549F20D0F42113EAA6FA
167 11 wirelesss
 Insert card now (or CTRL-C to cancel)
168 5 wirelesss
 Generated card parameters :
169
  > Name    : Magic
170
  > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
171
  > ICCID   : 8988211000000110000
172
  > MCC/MNC : 901/71
173 6 wirelesss
  > IMSI    : 901700000010659
174 5 wirelesss
  > Ki      : 1D8B2562B992549F20D0F42113EAA6FA
175
  > OPC     : 398153093661279FB1FC74BE07059FEF
176
  > ACC     : None
177 6 wirelesss
 Programming ...
178 5 wirelesss
 Done !
179
180 37 wirelesss
h3. Example of how to program a Magic SIM / SuperSIM 16-in-1 / X-sim card
181 5 wirelesss
182
The 16-in-1 SIM cards are intended for COMP128v1 based cloning and enable the user to aggregate up to 16 SIM card identities in a single card. This multi-IMSI property is not used in the context of Osmocom.
183
184 1 laforge
Below example shows how we can change the card’s IMSI to 901990000000018 (option -i) and at the same time we are specifying a new set of -x MCC (Mobile Country Code), -y MNC (Mobile Network Code), -s ID (Integrated Circuit Card ID) , -o OPC and -k KI (Ki) values.
185
186 5 wirelesss
 $ ./pySim-prog.py -p 0 -x 801 -y 71 -i 901990000000018 -s 8988211000000110000 -o 398153093661279FB1FC74BE07059FEF -k 1D8B2562B992549F20D0F42113EAA6FA
187
 Insert card now (or CTRL-C to cancel)
188
 Autodetected card type fakemagicsim
189
 Generated card parameters :
190
  > Name    : Magic
191
  > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
192
  > ICCID   : 8988211000000110000
193
  > MCC/MNC : 801/71
194 1 laforge
  > IMSI    : 901990000000018
195 5 wirelesss
  > Ki      : 1D8B2562B992549F20D0F42113EAA6FA
196 1 laforge
  > OPC     : 398153093661279FB1FC74BE07059FEF
197 5 wirelesss
  > ACC     : None
198
 Programming ...
199
 Done !
200
201 37 wirelesss
h3. README 
202 6 wirelesss
203 37 wirelesss
pySim comes with following README file: 
204 5 wirelesss
205 37 wirelesss
https://git.osmocom.org/pysim/tree/README
Add picture from clipboard (Maximum size: 48.8 MB)