Osmo-sim-auth » History » Version 3
laforge, 02/19/2016 10:48 PM
1 | 3 | laforge | {{>toc}} |
---|---|---|---|
2 | 1 | laforge | |
3 | 3 | laforge | h1. osmo-sim-auth |
4 | |||
5 | |||
6 | 1 | laforge | osmo-sim-auth is a small script that can be used with a PC-based smart card |
7 | reader to obtain GSM/UMTS authentication parameters from a SIM/USIM |
||
8 | card. |
||
9 | |||
10 | The program can be found in the git repository at git://git.osmocom.org/osmo-sim-auth, web-based browsing is available at http://cgit.osmocom.org/cgit/osmo-sim-auth |
||
11 | |||
12 | |||
13 | 3 | laforge | h2. prerequisites |
14 | |||
15 | |||
16 | 1 | laforge | We assume that you have |
17 | |||
18 | 3 | laforge | * A smart card reader compatible with pcsc-lite |
19 | * Installed python program and pyscard library |
||
20 | 1 | laforge | |
21 | |||
22 | 3 | laforge | h3. smart card reader |
23 | |||
24 | |||
25 | 1 | laforge | Any reader supported by pcsc-lite will work. However, a reader |
26 | compatible with the USB CCID device class is much recommended. |
||
27 | |||
28 | Please verify that the hardware and driver setup is working, e.g. by |
||
29 | using the 'pcsc_scan' tool included with pcsc-lite. You should get an |
||
30 | output like: |
||
31 | 3 | laforge | <pre> |
32 | 1 | laforge | V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr> |
33 | Compiled with PC/SC lite version: 1.5.5 |
||
34 | Scanning present readers... |
||
35 | 3 | laforge | 0: [[OmniKey]] CardMan 5121 00 00 |
36 | 1 | laforge | |
37 | Wed Dec 7 01:32:37 2011 |
||
38 | 3 | laforge | Reader 0: [[OmniKey]] CardMan 5121 00 00 |
39 | 1 | laforge | Card state: Card inserted, Shared Mode, |
40 | ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2 |
||
41 | |||
42 | ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2 |
||
43 | 3 | laforge | </pre> |
44 | 1 | laforge | |
45 | plus many more lines of output decoding the ATR. |
||
46 | |||
47 | If you only get |
||
48 | 3 | laforge | <pre> |
49 | 1 | laforge | PC/SC device scanner |
50 | V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr> |
||
51 | Compiled with PC/SC lite version: 1.5.5 |
||
52 | Scanning present readers... |
||
53 | 3 | laforge | 0: [[OmniKey]] CardMan 5121 00 00 |
54 | 1 | laforge | |
55 | Wed Dec 7 01:35:08 2011 |
||
56 | 3 | laforge | Reader 0: [[OmniKey]] CardMan 5121 00 00 |
57 | 1 | laforge | Card state: Card removed, |
58 | 3 | laforge | </pre> |
59 | 1 | laforge | |
60 | then your card was not detected in the reader. |
||
61 | If you don't even get any displayed readers, your hardware and/or driver |
||
62 | setup are likely wrong. |
||
63 | |||
64 | |||
65 | |||
66 | 3 | laforge | h3. pyscard |
67 | |||
68 | |||
69 | 1 | laforge | pyscard can be installed from packages of major Linux distributions. |
70 | |||
71 | If you want to build it from source, it is available from |
||
72 | http://pyscard.sourceforge.net/ |
||
73 | |||
74 | |||
75 | |||
76 | 3 | laforge | h2. running osmo-sim-auth |
77 | |||
78 | |||
79 | <pre> |
||
80 | 1 | laforge | $ ./osmo-sim-auth.py --help |
81 | Usage: osmo-sim-auth.py [options] |
||
82 | |||
83 | Options: |
||
84 | -h, --help show this help message and exit |
||
85 | -a AUTN, --autn=AUTN AUTN parameter from AuC |
||
86 | -r RAND, --rand=RAND RAND parameter from AuC |
||
87 | -d, --debug Enable debug output |
||
88 | -s, --sim SIM mode (default: USIM) |
||
89 | 3 | laforge | </pre> |
90 | 1 | laforge | |
91 | you can run the program in two modes: |
||
92 | 3 | laforge | * running GSM authentication (classic SIM card protocol) |
93 | * running UMTS authentication (USIM card protocol) |
||
94 | 1 | laforge | |
95 | |||
96 | 3 | laforge | h3. classic GSM authentication |
97 | |||
98 | |||
99 | 1 | laforge | This mode will use the "RUN GSM ALGORITHM" command as specified in GMS |
100 | TS 11.11 |
||
101 | |||
102 | You have to specify |
||
103 | 3 | laforge | * the 16 byte RAND value from the AuC (-r) as 32 hex digits |
104 | * the '-s' flag to enable SIM mode |
||
105 | 1 | laforge | |
106 | 3 | laforge | <pre> |
107 | 1 | laforge | $ ./osmo-sim-auth.py -r 00000000000000000000000000000000 -s |
108 | Testing SIM card with IMSI 901700000000403 |
||
109 | |||
110 | GSM Authentication |
||
111 | SRES: 215fdb4d |
||
112 | Kc: 6de816a759a42912 |
||
113 | 3 | laforge | </pre> |
114 | 1 | laforge | |
115 | |||
116 | 3 | laforge | h3. UMTS authentication |
117 | |||
118 | |||
119 | 1 | laforge | This mode will use the "AUTHENTICATE" command as specified in 3GPP TS |
120 | 31.102 |
||
121 | |||
122 | You have to specify |
||
123 | 3 | laforge | * the 16 byte RAND value from the AuC (-r) as 32 hex digits |
124 | * the 16 byte AUTN value from the AuC (-a) as 32 hex digits |
||
125 | 1 | laforge | |
126 | |||
127 | 3 | laforge | h4. successful operation |
128 | |||
129 | |||
130 | 1 | laforge | In this case, the tool will output the following values obtained from |
131 | the card: |
||
132 | 3 | laforge | * RES authentication result value |
133 | * CK ciphering key |
||
134 | * IK integrity key |
||
135 | * Kc for inter-RAN handover from UMTS -> 2G |
||
136 | 1 | laforge | |
137 | Secondly, the tool will re-run the authentication in "2G authentication |
||
138 | context" in order to obtain the SRES result. This value would be used |
||
139 | if a 3G/2G dual-mode phone registers on a 2G network. |
||
140 | |||
141 | 3 | laforge | <pre> |
142 | 1 | laforge | python ./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2000000e1dd22c1ad3e2d3d |
143 | [+] UICC AID found: |
||
144 | found [AID 1] 3GPP || USIM || (255, 134) || (255, 255) || (137, 255, |
||
145 | 255, 255, 255) |
||
146 | [+] USIM AID selection succeeded |
||
147 | |||
148 | Testing USIM card with IMSI 901700000000403 |
||
149 | |||
150 | UMTS Authentication |
||
151 | RES: e9fc88ccc8a35381 |
||
152 | CK: 7200a184d8f2c758fbdf87900ddbf275 |
||
153 | IK: 12cb2dd3e0ec8378f6fc1d606c619f47 |
||
154 | Kc: 6de816a759a42912 |
||
155 | |||
156 | GSM Authentication |
||
157 | SRES: 215fdb4d |
||
158 | Kc: 6de816a759a42912 |
||
159 | 3 | laforge | </pre> |
160 | 1 | laforge | |
161 | 3 | laforge | |
162 | h4. synchronization required |
||
163 | |||
164 | 1 | laforge | In this case, the AUTHENTICATE command will return the AUTS parameter, |
165 | which has to be sent to the AuC in order to re-synchronzie the SQN |
||
166 | counter which is kept in both the USIM as well as the AuC. |
||
167 | |||
168 | 3 | laforge | <pre> |
169 | 1 | laforge | ./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2120000c8b7de2a3449f1bd |
170 | [+] UICC AID found: |
||
171 | found [AID 1] 3GPP || USIM || (255, 134) || (255, 255) || (137, 255, |
||
172 | 255, 255, 255) |
||
173 | [+] USIM AID selection succeeded |
||
174 | |||
175 | Testing USIM card with IMSI 901700000000403 |
||
176 | |||
177 | UMTS Authentication |
||
178 | AUTS: 8711a0ec9e2be2f766881a64605b |
||
179 | |||
180 | GSM Authentication |
||
181 | SRES: 215fdb4d |
||
182 | Kc: 6de816a759a42912 |
||
183 | 3 | laforge | </pre> |
184 | 2 | laforge | |
185 | |||
186 | 3 | laforge | h4. Authentication Error |
187 | |||
188 | |||
189 | 2 | laforge | If you receive SW 98 62, it means that your AUTN parameter somehow is wrong. |
190 | Please try to understand how mutual USIM authentication works, and read the thread at |
||
191 | http://lists.osmocom.org/pipermail/simtrace/2013-March/000468.html |
||
192 | |||
193 | 3 | laforge | "osmo-auc-gen":http://cgit.osmocom.org/libosmocore/tree/utils/osmo-auc-gen.c which is part |
194 | 1 | laforge | of libosmocore can help you to generate the correct parameters. |