Feature #4412
closedSIM applet: add debug menu entry to change IMSI
100%
Description
Before drafting the spec, we need to check how the baseband/SIM behave if the IMSI changes. Adding it to the menu of the SIM app should not be much effort, so let's do that.
As this is just for debugging, I suggest to add two menu entries, and each changes the IMSI to a hardcoded value.
For reference, see GSM TS 03.19 Annex C:
https://www.etsi.org/deliver/etsi_ts/101400_101499/101476/07.00.00_60/ts_101476v070000p.pdf
Updated by osmith about 4 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 30
I've implemented a menu, and a submenu for "Change IMSI":
IMSI Pseudonymization
1 Show LU counter
2 Show IMSI
3 Change IMSI
Change IMSI
1 Set 1 as last digit
2 Set 2 as last digit
Then I've started to implement "Show IMSI", so we have a convenient way of verifying that the IMSI written to the card was written properly. (Change IMSI is not working yet.)
The IMSI should be in DF GSM -> EF IMSI. So in theory, this should work:
gsmFile.select((short) SIMView.FID_DF_GSM); gsmFile.select((short) SIMView.FID_EF_IMSI); gsmFile.readBinary((short)0, IMSI, (short)0, (short)9);
However, the readBinary call throws a "AC_NOT_FULFILLED" exception.
This reason code (= 3) is used to indicate that the access condition is not fulfilled by the calling applet for the called method.
WIP code is pushed to the git repo.
Updated by osmith about 4 years ago
- Status changed from In Progress to Resolved
- % Done changed from 30 to 100
However, the readBinary call throws a "AC_NOT_FULFILLED" exception.
Resolved by adding an --access-domain=00 (default is ff) argument to the programmer.
Neels extended the code further, now there is one menu entry for "Change IMSI", that correctly displays the decoded IMSI. The user is then able to edit the IMSI, and if it was changed, it gets written back to the SIM card.
A standalone version of the Change IMSI code can be found here:
https://git.osmocom.org/sim/hello-stk/tree/imsi-change
