Version 5 - History - Wiki - pySim - Open Source Mobile Communications

13

wirelesss

14

h3. 1. Firstly install dependencies

15

16

 sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev

17

18

h3. 2. Connected your SIM card reader

19

20

h3. 3. Plug in it your programmable SIM card

21

22

h3. 4. Check the status of connection by execution of the following command:

23

24

 pcsc_scan

25

26

h3. 5. If SIM card reader is recognised then we can expect similar to the below output:

27

28

 $ pcsc_scan

29

 PC/SC device scanner

30

 V 1.4.25 (c) 2001-2011, Ludovic Rousseau ludovic.rousseau@free.fr

31

 Compiled with PC/SC lite version: 1.8.14

32

 Using reader plug'n play mechanism

33

 Scanning present readers...

34

 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00

35

 Tue Oct 18 11:48:08 2016

36

 Reader 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00

37

 Card state: Card inserted,

38

 ATR: 3B 99 18 00 11 88 22 33 44 55 66 77 60

39

 + TS = 3B --> Direct Convention

40

 + T0 = 99, Y(1): 1001, K: 9 (historical bytes)

41

  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU

42

  129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s

43

  TD(1) = 00 --> Y(i+1) = 0000, Protocol T = 0

44

 -----

45

 + Historical bytes: 11 88 22 33 44 55 66 77 60

46

 Category indicator byte: 11 (proprietary format)

47

 Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):

48

 3B 99 18 00 11 88 22 33 44 55 66 77 60

49

 sysmocom sysmoSIM-GR1

50

51

h3. 6. Exit pcsc_scan : Ctrl+C

52

53

h3. 7. Get the code of PySIM by entering command:

54

55

 git clone git://git.osmocom.org/pysim pysim

56

57

 cd pysim

58

59

h3. 8. Run the /pySim-read.py to read your SIM card:

60

61

 ./pySim-read.py -p0 or ./pySim-read.py -p1

62

63

h3. 9. Using sysmoSIM-GR1 and if everything is done correctly, you will see something similar to:

64

65

 $ ./pySim-read.py -p0

66

 Reading ...

67

 ICCID: 1791198229180000071

68

 IMSI: 001640000000071

69

 SMSP: ffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000

70

 ACC: ffff

71

 MSISDN: Not available

72

 Done !

73

74

h3. 9.1. in case of sysmoUSIM-SJS1 SIM card, you will see something similar to:

75

76

 $ ./pySim-read.py -p0

77

 Reading ...

78

 ICCID: 8988211000000106594

79

 IMSI: 901700000010659

80

 SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

81

 ACC: 0200

82

 MSISDN: Not available

83

 Done !

84

85

h3. 9.2. in case of SuperSIM/X-sim card, you will see something similar to:

86

87

 $ ./pySim-read.py -p0

88

 Reading ...

89

 ICCID: 8949901990000000184

90

 IMSI: 901990000000018

91

 SMSP: ffffffffffffffffffffffffe1ffffffffffffffffffffffff058100945555ffffffffffff000000

92

 ACC: ffff

93

 MSISDN: Not available

94

 Done !

95

96

97

h3. 10. SIM cards programming

98

99

Enter ./pySim-prog.py -help to get overview of possible options.

100

101

Similar result should appear:

102

103

 $ ./pySim-prog.py -help

104

 Usage: pySim-prog.py [options]

105

 Options:

106

   -h, --help            show this help message and exit

107

   -d DEV, --device=DEV  Serial Device for SIM access [default: /dev/ttyUSB0]

108

   -b BAUD, --baud=BAUD  Baudrate used for SIM access [default: 9600]

109

   -p PCSC, --pcsc-device=PCSC

110

                         Which PC/SC reader number for SIM access

111

   -t TYPE, --type=TYPE  Card type (user -t list to view) [default: auto]

112

   -a PIN_ADM, --pin-adm=PIN_ADM

113

                         ADM PIN used for provisioning (overwrites default)

114

   -e, --erase           Erase beforehand [default: False]

115

   -S SOURCE, --source=SOURCE

116

                         Data Source[default: cmdline]

117

   -n NAME, --name=NAME  Operator name [default: Magic]

118

   -c CC, --country=CC   Country code [default: 1]

119

   -x MCC, --mcc=MCC     Mobile Country Code [default: 901]

120

   -y MNC, --mnc=MNC     Mobile Network Code [default: 55]

121

   -m SMSC, --smsc=SMSC  SMSP [default: '00 + country code + 5555']

122

   -M SMSP, --smsp=SMSP  Raw SMSP content in hex [default: auto from SMSC]

123

   -s ID, --iccid=ID     Integrated Circuit Card ID

124

   -i IMSI, --imsi=IMSI  International Mobile Subscriber Identity

125

   -k KI, --ki=KI        Ki (default is to randomize)

126

   -o OPC, --opc=OPC     OPC (default is to randomize)

127

   --op=OP               Set OP to derive OPC from OP and KI

128

   --acc=ACC             Set ACC bits (Access Control Code). not all card types

129

                         are supported

130

   -z STR, --secret=STR  Secret used for ICCID/IMSI autogen

131

   -j NUM, --num=NUM     Card # used for ICCID/IMSI autogen

132

   --batch               Enable batch mode [default: False]

133

   --batch-state=FILE    Optional batch state file

134

   --read-csv=FILE       Read parameters from CSV file rather than command line

135

   --write-csv=FILE      Append generated parameters in CSV file

136

   --write-hlr=FILE      Append generated parameters to OpenBSC HLR sqlite3

137

   --dry-run             Perform a 'dry run', don't actually program the card

138

139

140

h3. 11. Programming examples

141

142

h4. 11.1 Programming example of a sysmoSIM-GR1 card

143

144

The GRcard SIM is a programmable GSM SIM card. It uses a mixture of TS11.11 / ISO7816-4 and proprietary commands for programming.

145

146

147

 $ ./pySim-prog.py -p 0 -n OpenBSC -t sysmosim-gr1 -i 901700000003080 -c 001 -x 001 -y 02 -s 1791198229180000075

148

 Insert card now (or CTRL-C to cancel)

149

 Generated card parameters :

150

  > Name    : OpenBSC

151

  > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000

152

  > ICCID   : 1791198229180000075

153

  > MCC/MNC : 1/2

154

  > IMSI    : 901700000003080

155

  > Ki      : 7edaeb6addbd72d2b2cc6ed7bfecc9c9

156

  > OPC     : 23f075ab9b1a113d4db822d8195ea20c

157

  > ACC     : None

158

 Programming ...

159

 Done !

160

161

h4. 11.2 Programming example of a SysmoUSIM-SJS1 (orange) card

162

163

(U)SIM cards are Java capable and there is the Globalplatform that specifies standards API. SMS can be addressed directly to the SIM card, the SIM card will get events for network selection and others, it can modify call establishment attempts.

164

165

166

Provisioning of different identities or keys

167

168

If you have a variant of the card-individual ADM1 key of your sysmoUSIM-SJS1 card,  you can change any identity (IMSI, ICCID, MSISDN) stored on the (U)SIM, as well as the private key data (K, OPC).

169

170

ADM1 key can be found at:

171

172

[https://openerp.sysmocom.de/web#page=0&limit=80&view_type=list&model=sysmocom.simcard&menu_id=679&action=912]

173

174

In the below example, we are changing the card’s IMSI to 901710000011000 (it was 901700000011000 before), and specify a

175

new set of K and OPC values.

176

177

 $ ./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 58001006  -x 901 -y 71 -i 901700000010659 -s 8988211000000110000 -o 398153093661279FB1FC74BE07059FEF -k   1D8B2562B992549F20D0F42113EAA6FA

178

 Insert card now (or CTRL-C to cancel)

179

 Generated card parameters :

180

  > Name    : Magic

181

  > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000

182

  > ICCID   : 8988211000000110000

183

  > MCC/MNC : 901/71

184

  > IMSI    : 901700000010659

185

  > Ki      : 1D8B2562B992549F20D0F42113EAA6FA

186

  > OPC     : 398153093661279FB1FC74BE07059FEF

187

  > ACC     : None

188

 Programming ...

189

 Done !

190

191

192

193

194

h3. 12 README

195

196

pySim comes with following README file:

197

198

This utility allows to :

199

200

* Program customizable SIMs. Two modes are possible:

201

202

- one where you specify every parameter manually :

203

204

./pySim-prog.py -n 26C3 -c 49 -x 262 -y 42 -i <IMSI> -s <ICCID>

205

206

- one where they are generated from some minimal set :

207

208

./pySim-prog.py -n 26C3 -c 49 -x 262 -y 42 -z <random_string_of_choice> -j <card_num>

209

210

With <random_string_of_choice> and <card_num>, the soft will generate

211

'predictable' IMSI and ICCID, so make sure you choose them so as not to

212

conflict with anyone. (for eg. your name as <random_string_of_choice> and

213

0 1 2 ... for <card num>).

214

215

You also need to enter some parameters to select the device :

216

-t TYPE : type of card (supersim, magicsim, fakemagicsim or try 'auto')

217

-d DEV  : Serial port device (default /dev/ttyUSB0)

218

-b BAUD : Baudrate (default 9600)

219

220

* Interact with SIMs from a python interactive shell (ipython for eg :)

221

222

from pySim.transport.serial import SerialSimLink

223

from pySim.commands import SimCardCommands

224

225

sl = SerialSimLink(device='/dev/ttyUSB0', baudrate=9600)

226

sc = SimCardCommands(sl)

227

228

sl.wait_for_card()

229

230

# Print IMSI

231

print sc.read_binary(['3f00', '7f20', '6f07'])

232

233

# Run A3/A8

234

print sc.run_gsm('00112233445566778899aabbccddeeff')

Project

General

Profile

SIM card related Projects » pySim

Wiki » History » Version 5