Osmo-sim-auth » History » Version 5
fixeria, 04/21/2022 07:08 PM
pyscard has dropped support for EOL Python 2.7
1 | 1 | laforge | h1. osmo-sim-auth |
---|---|---|---|
2 | 3 | laforge | |
3 | 4 | fixeria | {{>toc}} |
4 | 3 | laforge | |
5 | 1 | laforge | osmo-sim-auth is a small script that can be used with a PC-based smart card |
6 | reader to obtain GSM/UMTS authentication parameters from a SIM/USIM |
||
7 | card. |
||
8 | |||
9 | The program can be found in the git repository at git://git.osmocom.org/osmo-sim-auth, web-based browsing is available at http://cgit.osmocom.org/cgit/osmo-sim-auth |
||
10 | |||
11 | |||
12 | 3 | laforge | h2. prerequisites |
13 | |||
14 | |||
15 | 1 | laforge | We assume that you have |
16 | |||
17 | 3 | laforge | * A smart card reader compatible with pcsc-lite |
18 | * Installed python program and pyscard library |
||
19 | 1 | laforge | |
20 | |||
21 | 3 | laforge | h3. smart card reader |
22 | |||
23 | |||
24 | 1 | laforge | Any reader supported by pcsc-lite will work. However, a reader |
25 | compatible with the USB CCID device class is much recommended. |
||
26 | |||
27 | Please verify that the hardware and driver setup is working, e.g. by |
||
28 | using the 'pcsc_scan' tool included with pcsc-lite. You should get an |
||
29 | output like: |
||
30 | 3 | laforge | <pre> |
31 | 1 | laforge | V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr> |
32 | Compiled with PC/SC lite version: 1.5.5 |
||
33 | Scanning present readers... |
||
34 | 3 | laforge | 0: [[OmniKey]] CardMan 5121 00 00 |
35 | 1 | laforge | |
36 | Wed Dec 7 01:32:37 2011 |
||
37 | 3 | laforge | Reader 0: [[OmniKey]] CardMan 5121 00 00 |
38 | 1 | laforge | Card state: Card inserted, Shared Mode, |
39 | ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2 |
||
40 | |||
41 | ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2 |
||
42 | 3 | laforge | </pre> |
43 | 1 | laforge | |
44 | plus many more lines of output decoding the ATR. |
||
45 | |||
46 | If you only get |
||
47 | 3 | laforge | <pre> |
48 | 1 | laforge | PC/SC device scanner |
49 | V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr> |
||
50 | Compiled with PC/SC lite version: 1.5.5 |
||
51 | Scanning present readers... |
||
52 | 3 | laforge | 0: [[OmniKey]] CardMan 5121 00 00 |
53 | 1 | laforge | |
54 | Wed Dec 7 01:35:08 2011 |
||
55 | 3 | laforge | Reader 0: [[OmniKey]] CardMan 5121 00 00 |
56 | 1 | laforge | Card state: Card removed, |
57 | 3 | laforge | </pre> |
58 | 1 | laforge | |
59 | then your card was not detected in the reader. |
||
60 | If you don't even get any displayed readers, your hardware and/or driver |
||
61 | setup are likely wrong. |
||
62 | |||
63 | h3. pyscard |
||
64 | |||
65 | 5 | fixeria | pyscard has dropped support for EOL Python 2.7, while osmo-sim-auth still requires Python 2 to run. |
66 | It's recommended to install an old version of pyscard (2.0.0 is known to work) using pip: |
||
67 | 1 | laforge | |
68 | 5 | fixeria | <pre> |
69 | pip install --user pyscard==2.0.0 |
||
70 | </pre> |
||
71 | 1 | laforge | |
72 | If you want to build it from source, it is available from |
||
73 | http://pyscard.sourceforge.net/ |
||
74 | |||
75 | 3 | laforge | h2. running osmo-sim-auth |
76 | |||
77 | |||
78 | <pre> |
||
79 | 1 | laforge | $ ./osmo-sim-auth.py --help |
80 | Usage: osmo-sim-auth.py [options] |
||
81 | |||
82 | Options: |
||
83 | -h, --help show this help message and exit |
||
84 | -a AUTN, --autn=AUTN AUTN parameter from AuC |
||
85 | -r RAND, --rand=RAND RAND parameter from AuC |
||
86 | -d, --debug Enable debug output |
||
87 | -s, --sim SIM mode (default: USIM) |
||
88 | 3 | laforge | </pre> |
89 | 1 | laforge | |
90 | you can run the program in two modes: |
||
91 | 3 | laforge | * running GSM authentication (classic SIM card protocol) |
92 | * running UMTS authentication (USIM card protocol) |
||
93 | 1 | laforge | |
94 | |||
95 | 3 | laforge | h3. classic GSM authentication |
96 | |||
97 | |||
98 | 1 | laforge | This mode will use the "RUN GSM ALGORITHM" command as specified in GMS |
99 | TS 11.11 |
||
100 | |||
101 | You have to specify |
||
102 | 3 | laforge | * the 16 byte RAND value from the AuC (-r) as 32 hex digits |
103 | * the '-s' flag to enable SIM mode |
||
104 | 1 | laforge | |
105 | 3 | laforge | <pre> |
106 | 1 | laforge | $ ./osmo-sim-auth.py -r 00000000000000000000000000000000 -s |
107 | Testing SIM card with IMSI 901700000000403 |
||
108 | |||
109 | GSM Authentication |
||
110 | SRES: 215fdb4d |
||
111 | Kc: 6de816a759a42912 |
||
112 | 3 | laforge | </pre> |
113 | 1 | laforge | |
114 | |||
115 | 3 | laforge | h3. UMTS authentication |
116 | |||
117 | |||
118 | 1 | laforge | This mode will use the "AUTHENTICATE" command as specified in 3GPP TS |
119 | 31.102 |
||
120 | |||
121 | You have to specify |
||
122 | 3 | laforge | * the 16 byte RAND value from the AuC (-r) as 32 hex digits |
123 | * the 16 byte AUTN value from the AuC (-a) as 32 hex digits |
||
124 | 1 | laforge | |
125 | |||
126 | 3 | laforge | h4. successful operation |
127 | |||
128 | |||
129 | 1 | laforge | In this case, the tool will output the following values obtained from |
130 | the card: |
||
131 | 3 | laforge | * RES authentication result value |
132 | * CK ciphering key |
||
133 | * IK integrity key |
||
134 | * Kc for inter-RAN handover from UMTS -> 2G |
||
135 | 1 | laforge | |
136 | Secondly, the tool will re-run the authentication in "2G authentication |
||
137 | context" in order to obtain the SRES result. This value would be used |
||
138 | if a 3G/2G dual-mode phone registers on a 2G network. |
||
139 | |||
140 | 3 | laforge | <pre> |
141 | 1 | laforge | python ./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2000000e1dd22c1ad3e2d3d |
142 | [+] UICC AID found: |
||
143 | found [AID 1] 3GPP || USIM || (255, 134) || (255, 255) || (137, 255, |
||
144 | 255, 255, 255) |
||
145 | [+] USIM AID selection succeeded |
||
146 | |||
147 | Testing USIM card with IMSI 901700000000403 |
||
148 | |||
149 | UMTS Authentication |
||
150 | RES: e9fc88ccc8a35381 |
||
151 | CK: 7200a184d8f2c758fbdf87900ddbf275 |
||
152 | IK: 12cb2dd3e0ec8378f6fc1d606c619f47 |
||
153 | Kc: 6de816a759a42912 |
||
154 | |||
155 | GSM Authentication |
||
156 | SRES: 215fdb4d |
||
157 | Kc: 6de816a759a42912 |
||
158 | 3 | laforge | </pre> |
159 | 1 | laforge | |
160 | 3 | laforge | |
161 | h4. synchronization required |
||
162 | |||
163 | 1 | laforge | In this case, the AUTHENTICATE command will return the AUTS parameter, |
164 | which has to be sent to the AuC in order to re-synchronzie the SQN |
||
165 | counter which is kept in both the USIM as well as the AuC. |
||
166 | |||
167 | 3 | laforge | <pre> |
168 | 1 | laforge | ./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2120000c8b7de2a3449f1bd |
169 | [+] UICC AID found: |
||
170 | found [AID 1] 3GPP || USIM || (255, 134) || (255, 255) || (137, 255, |
||
171 | 255, 255, 255) |
||
172 | [+] USIM AID selection succeeded |
||
173 | |||
174 | Testing USIM card with IMSI 901700000000403 |
||
175 | |||
176 | UMTS Authentication |
||
177 | AUTS: 8711a0ec9e2be2f766881a64605b |
||
178 | |||
179 | GSM Authentication |
||
180 | SRES: 215fdb4d |
||
181 | Kc: 6de816a759a42912 |
||
182 | 3 | laforge | </pre> |
183 | 2 | laforge | |
184 | |||
185 | 3 | laforge | h4. Authentication Error |
186 | |||
187 | |||
188 | 2 | laforge | If you receive SW 98 62, it means that your AUTN parameter somehow is wrong. |
189 | Please try to understand how mutual USIM authentication works, and read the thread at |
||
190 | http://lists.osmocom.org/pipermail/simtrace/2013-March/000468.html |
||
191 | |||
192 | 3 | laforge | "osmo-auc-gen":http://cgit.osmocom.org/libosmocore/tree/utils/osmo-auc-gen.c which is part |
193 | 1 | laforge | of libosmocore can help you to generate the correct parameters. |