Project

General

Profile

Osmo-sim-auth » History » Version 3

laforge, 02/19/2016 10:48 PM

1 3 laforge
{{>toc}}
2 1 laforge
3 3 laforge
h1. osmo-sim-auth
4
5
6 1 laforge
osmo-sim-auth is a small script that can be used with a PC-based smart card
7
reader to obtain GSM/UMTS authentication parameters from a SIM/USIM
8
card.
9
10
The program can be found in the git repository at git://git.osmocom.org/osmo-sim-auth, web-based browsing is available at http://cgit.osmocom.org/cgit/osmo-sim-auth
11
12
13 3 laforge
h2. prerequisites
14
15
16 1 laforge
We assume that you have
17
18 3 laforge
* A smart card reader compatible with pcsc-lite
19
* Installed python program and pyscard library
20 1 laforge
21
22 3 laforge
h3. smart card reader
23
24
25 1 laforge
Any reader supported by pcsc-lite will work.  However, a reader
26
compatible with the USB CCID device class is much recommended.
27
28
Please verify that the hardware and driver setup is working, e.g. by
29
using the 'pcsc_scan' tool included with pcsc-lite.  You should get an
30
output like:
31 3 laforge
<pre>
32 1 laforge
V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
33
Compiled with PC/SC lite version: 1.5.5
34
Scanning present readers...
35 3 laforge
0: [[OmniKey]] CardMan 5121 00 00
36 1 laforge
37
Wed Dec  7 01:32:37 2011
38 3 laforge
 Reader 0: [[OmniKey]] CardMan 5121 00 00
39 1 laforge
  Card state: Card inserted, Shared Mode, 
40
  ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2
41
42
ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2
43 3 laforge
</pre>
44 1 laforge
45
plus many more lines of output decoding the ATR.
46
47
If you only get 
48 3 laforge
<pre>
49 1 laforge
PC/SC device scanner
50
V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
51
Compiled with PC/SC lite version: 1.5.5
52
Scanning present readers...
53 3 laforge
0: [[OmniKey]] CardMan 5121 00 00
54 1 laforge
55
Wed Dec  7 01:35:08 2011
56 3 laforge
 Reader 0: [[OmniKey]] CardMan 5121 00 00
57 1 laforge
  Card state: Card removed, 
58 3 laforge
</pre>
59 1 laforge
60
then your card was not detected in the reader. 
61
If you don't even get any displayed readers, your hardware and/or driver
62
setup are likely wrong.
63
64
65
66 3 laforge
h3. pyscard
67
68
69 1 laforge
pyscard can be installed from packages of major Linux distributions.
70
71
If you want to build it from source, it is available from
72
http://pyscard.sourceforge.net/
73
74
75
76 3 laforge
h2. running osmo-sim-auth
77
78
79
<pre>
80 1 laforge
$ ./osmo-sim-auth.py --help
81
Usage: osmo-sim-auth.py [options]
82
83
Options:
84
  -h, --help            show this help message and exit
85
  -a AUTN, --autn=AUTN  AUTN parameter from AuC
86
  -r RAND, --rand=RAND  RAND parameter from AuC
87
  -d, --debug           Enable debug output
88
  -s, --sim             SIM mode (default: USIM)
89 3 laforge
</pre>
90 1 laforge
91
you can run the program in two modes:
92 3 laforge
* running GSM authentication (classic SIM card protocol)
93
* running UMTS authentication (USIM card protocol)
94 1 laforge
95
96 3 laforge
h3. classic GSM authentication
97
98
99 1 laforge
This mode will use the "RUN GSM ALGORITHM" command as specified in GMS
100
TS 11.11
101
102
You have to specify
103 3 laforge
* the 16 byte RAND value from the AuC (-r) as 32 hex digits
104
* the '-s' flag to enable SIM mode
105 1 laforge
106 3 laforge
<pre>
107 1 laforge
$ ./osmo-sim-auth.py -r 00000000000000000000000000000000 -s
108
Testing SIM card with IMSI 901700000000403
109
110
GSM Authentication
111
SRES:   215fdb4d
112
Kc:     6de816a759a42912
113 3 laforge
</pre>
114 1 laforge
115
116 3 laforge
h3. UMTS authentication
117
118
119 1 laforge
This mode will use the "AUTHENTICATE" command as specified in 3GPP TS
120
31.102
121
122
You have to specify
123 3 laforge
* the 16 byte RAND value from the AuC (-r) as 32 hex digits
124
* the 16 byte AUTN value from the AuC (-a) as 32 hex digits
125 1 laforge
126
127 3 laforge
h4. successful operation
128
129
130 1 laforge
In this case, the tool will output the following values obtained from
131
the card:
132 3 laforge
* RES authentication result value
133
* CK ciphering key
134
* IK integrity key
135
* Kc for inter-RAN handover from UMTS -> 2G
136 1 laforge
137
Secondly, the tool will re-run the authentication in "2G authentication
138
context" in order to obtain the SRES result.  This value would be used
139
if a 3G/2G dual-mode phone registers on a 2G network.
140
141 3 laforge
<pre>
142 1 laforge
python ./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2000000e1dd22c1ad3e2d3d 
143
[+] UICC AID found:
144
found [AID 1] 3GPP || USIM || (255, 134) || (255, 255) || (137, 255,
145
255, 255, 255)
146
[+] USIM AID selection succeeded
147
148
Testing USIM card with IMSI 901700000000403
149
150
UMTS Authentication
151
RES:    e9fc88ccc8a35381
152
CK:     7200a184d8f2c758fbdf87900ddbf275
153
IK:     12cb2dd3e0ec8378f6fc1d606c619f47
154
Kc:     6de816a759a42912
155
156
GSM Authentication
157
SRES:   215fdb4d
158
Kc:     6de816a759a42912
159 3 laforge
</pre>
160 1 laforge
161 3 laforge
162
h4. synchronization required
163
164 1 laforge
In this case, the AUTHENTICATE command will return the AUTS parameter,
165
which has to be sent to the AuC in order to re-synchronzie the SQN
166
counter which is kept in both the USIM as well as the AuC.
167
168 3 laforge
<pre>
169 1 laforge
./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2120000c8b7de2a3449f1bd
170
[+] UICC AID found:
171
found [AID 1] 3GPP || USIM || (255, 134) || (255, 255) || (137, 255,
172
255, 255, 255)
173
[+] USIM AID selection succeeded
174
175
Testing USIM card with IMSI 901700000000403
176
177
UMTS Authentication
178
AUTS:   8711a0ec9e2be2f766881a64605b
179
180
GSM Authentication
181
SRES:   215fdb4d
182
Kc:     6de816a759a42912
183 3 laforge
</pre>
184 2 laforge
185
186 3 laforge
h4. Authentication Error
187
188
189 2 laforge
If you receive SW 98 62, it means that your AUTN parameter somehow is wrong.
190
Please try to understand how mutual USIM authentication works, and read the thread at
191
http://lists.osmocom.org/pipermail/simtrace/2013-March/000468.html
192
193 3 laforge
"osmo-auc-gen":http://cgit.osmocom.org/libosmocore/tree/utils/osmo-auc-gen.c which is part
194 1 laforge
of libosmocore can help you to generate the correct parameters.
Add picture from clipboard (Maximum size: 48.8 MB)