Cellular Network Infrastructure

{{>toc}}

h1. sysmoUSIM-SJS1

The sysmoUSIM-SJS1 is programmable and Java capable USIM card. Not all commands are known yet and this page should grow over time. Each card is using a separate ADM1 key and the default configuration is hacker/developer friendly (fields being writable, reduced security for installing applets to have more quick development cycles).

{{thumbnail(sysmousim-sjs1-h-50p.jpg,size=800)}}

h2. User Manual

sysmocom provides a comprehensive user manual at https://sysmocom.de/manuals/sysmousim-manual.pdf - please refer to that manual rather than this rarely maintained wiki page for most up-to-date reference information.

h2. Tools

h3. pySIM

The sysmoUSIM-SJS1 can be parameterized using pySim and sysmo-usim-tool. 

PySim provides the common general bulk provisioning features, which are already known from MagicSIM and previous sysmocom simcard models. Most of the settings (like Ki, ICCIC, OPC, etc...) listed below are covered by PySim. 

Please see the *pySim-prog.py* program from @git://git.osmocom.org/pysim@ (http://git.osmocom.org/pysim/) and 

h3. sysmo-usim-tool

For tweaking higly sysmoUSIM-SJS1 specific parameters (authentication algorithms, milenage parameters, enable/disable USIM application etc...), sysmo-usim-tool can be used. For more information see section "7.2 sysmo-usim-tool" in the provided manual.

Please see the *sysmo-usim-tool* program from @git://git.sysmocom.de/sysmo-usim-tool@ (http://git.sysmocom.de/sysmo-usim-tool)

h3. SIM Toolkit

Please see [[shadysim.py]] for a tutorial on installing and removing a SIM Toolkit applications.

h3. VoLTE / Android Carrier Privileges / ARA-M / IMS Configuration

If you want to use IMS (VoLTE/VoWiFi) on android devices, you will need to grant an android app special carrier privileges. This is done by storing a hash of the singing key of the android app on the SIM.

See [[VoLTE_IMS_Android_Carrier_Privileges]] for details.

h2. Availability

sysoUSIM-SJS1 is available from http://shop.sysmocom.de/ in both 2FF+3FF (micro) and 2FF+4FF (nano) form factors.

h2. Command Reference

*Please primarily refer to the user manual for more detailed information!*

To understand this reference, it is assumed that you are familiar with basic knowledge on smartcard

technologies, such as standard ISO 7816-3/-4 APDUs and GSM TS 11.11.

The below should be possible to set after authenticating with the ADM1 pin

h3. Setting the IMSI

Use a standard UPDATE BINARY command on EF.IMSI (7F20/6F07)

h3. Setting the ICCID

Use a standard UPDATE BINARY command on EF.ICCID (2FE2)

h3. Setting the Ki

Use a standard UPATE BINARY command on EF.KI (7F20/00FF)

h3. Setting the OP/OPC

Use a standard UPATE BINARY command on the EF.OPC (7F20/00F7)

|_. Offset |_. Size |_. Description |

|0|1| 0x00 for OP, 0x01 for OPc|

|1|16|OP or OPc value, depending on byte at offset 0|

h3. Setting the Algorithm(s)

Use a standard UPDATE BINARY command on EF.AUTH (7FCC/6F00)

Two bytes, first byte for 2G, second byte for 3G.

|_. Value |_. Algorithm |_. Supported Mode |

|01|Milenage|2G + 3G|

|03|COMP128v1|2G|

|04|XOR 2G|2G|

|06|COMP128v2|2G|

|07|COMP128v3|2G|

|08|XOR 3G|3G|

h3. Setting the Milenage parameters (Ci/Ri)

Use a standard UPATE BINARY command on EF.MLNGC (7FCC/6F01)

|_. Offset |_. Size |_. Description |

|0|16|C1|

|16|16|C2|

|32|16|C3|

|48|16|C4|

|64|16|C5|

|80|1|R1|

|81|1|R2|

|82|1|R3|

|83|1|R4|

|84|1|R5|