Wiki » History » Version 16
wirelesss, 10/18/2016 04:18 PM
1 | 4 | wirelesss | {{>toc}} |
---|---|---|---|
2 | |||
3 | h1. pySim WiKi |
||
4 | 1 | laforge | |
5 | pySim-prog is a small command line utility written in python, which is used for programming various programmable SIM/USIM cards. |
||
6 | |||
7 | h2. Supported Cards |
||
8 | |||
9 | * [[cellular-infrastructure:SysmoUSIM-SJS1]] |
||
10 | * [[cellular-infrastructure:GrcardSIM]] |
||
11 | * [[cellular-infrastructure:GrcardSIM2]] |
||
12 | * [[cellular-infrastructure:MagicSIM]] |
||
13 | 5 | wirelesss | |
14 | 14 | wirelesss | h3. 1. Install dependencies |
15 | 5 | wirelesss | |
16 | sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev |
||
17 | |||
18 | h3. 2. Connected your SIM card reader |
||
19 | |||
20 | 16 | wirelesss | h3. 3. Plug your programmable SIM card in |
21 | 5 | wirelesss | |
22 | h3. 4. Check the status of connection by execution of the following command: |
||
23 | |||
24 | pcsc_scan |
||
25 | |||
26 | h3. 5. If SIM card reader is recognised then we can expect similar to the below output: |
||
27 | |||
28 | $ pcsc_scan |
||
29 | PC/SC device scanner |
||
30 | V 1.4.25 (c) 2001-2011, Ludovic Rousseau ludovic.rousseau@free.fr |
||
31 | Compiled with PC/SC lite version: 1.8.14 |
||
32 | Using reader plug'n play mechanism |
||
33 | Scanning present readers... |
||
34 | 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00 |
||
35 | Tue Oct 18 11:48:08 2016 |
||
36 | Reader 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00 |
||
37 | Card state: Card inserted, |
||
38 | ATR: 3B 99 18 00 11 88 22 33 44 55 66 77 60 |
||
39 | + TS = 3B --> Direct Convention |
||
40 | + T0 = 99, Y(1): 1001, K: 9 (historical bytes) |
||
41 | TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU |
||
42 | 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s |
||
43 | TD(1) = 00 --> Y(i+1) = 0000, Protocol T = 0 |
||
44 | ----- |
||
45 | + Historical bytes: 11 88 22 33 44 55 66 77 60 |
||
46 | Category indicator byte: 11 (proprietary format) |
||
47 | Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): |
||
48 | 3B 99 18 00 11 88 22 33 44 55 66 77 60 |
||
49 | sysmocom sysmoSIM-GR1 |
||
50 | |||
51 | 6 | wirelesss | h3. 6. Exit pcsc_scan : _Ctrl+C_ |
52 | 5 | wirelesss | |
53 | h3. 7. Get the code of PySIM by entering command: |
||
54 | |||
55 | git clone git://git.osmocom.org/pysim pysim |
||
56 | |||
57 | cd pysim |
||
58 | |||
59 | h3. 8. Run the /pySim-read.py to read your SIM card: |
||
60 | |||
61 | ./pySim-read.py -p0 or ./pySim-read.py -p1 |
||
62 | |||
63 | h3. 9. Using sysmoSIM-GR1 and if everything is done correctly, you will see something similar to: |
||
64 | |||
65 | $ ./pySim-read.py -p0 |
||
66 | Reading ... |
||
67 | ICCID: 1791198229180000071 |
||
68 | IMSI: 001640000000071 |
||
69 | SMSP: ffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000 |
||
70 | ACC: ffff |
||
71 | MSISDN: Not available |
||
72 | Done ! |
||
73 | |||
74 | 8 | wirelesss | h3. 9.1. In case of sysmoUSIM-SJS1 SIM card, you will see something similar to: |
75 | 5 | wirelesss | |
76 | $ ./pySim-read.py -p0 |
||
77 | Reading ... |
||
78 | ICCID: 8988211000000106594 |
||
79 | IMSI: 901700000010659 |
||
80 | SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff |
||
81 | ACC: 0200 |
||
82 | MSISDN: Not available |
||
83 | Done ! |
||
84 | |||
85 | 8 | wirelesss | h3. 9.2. In case of SuperSIM/X-sim card, you will see something similar to: |
86 | 5 | wirelesss | |
87 | $ ./pySim-read.py -p0 |
||
88 | Reading ... |
||
89 | ICCID: 8949901990000000184 |
||
90 | IMSI: 901990000000018 |
||
91 | SMSP: ffffffffffffffffffffffffe1ffffffffffffffffffffffff058100945555ffffffffffff000000 |
||
92 | ACC: ffff |
||
93 | MSISDN: Not available |
||
94 | Done ! |
||
95 | |||
96 | |||
97 | h3. 10. SIM cards programming |
||
98 | |||
99 | 7 | wirelesss | Enter @./pySim-prog.py -help@ to get overview of possible options. |
100 | 5 | wirelesss | |
101 | Similar result should appear: |
||
102 | |||
103 | $ ./pySim-prog.py -help |
||
104 | Usage: pySim-prog.py [options] |
||
105 | Options: |
||
106 | -h, --help show this help message and exit |
||
107 | -d DEV, --device=DEV Serial Device for SIM access [default: /dev/ttyUSB0] |
||
108 | -b BAUD, --baud=BAUD Baudrate used for SIM access [default: 9600] |
||
109 | -p PCSC, --pcsc-device=PCSC |
||
110 | Which PC/SC reader number for SIM access |
||
111 | -t TYPE, --type=TYPE Card type (user -t list to view) [default: auto] |
||
112 | -a PIN_ADM, --pin-adm=PIN_ADM |
||
113 | ADM PIN used for provisioning (overwrites default) |
||
114 | -e, --erase Erase beforehand [default: False] |
||
115 | -S SOURCE, --source=SOURCE |
||
116 | Data Source[default: cmdline] |
||
117 | -n NAME, --name=NAME Operator name [default: Magic] |
||
118 | -c CC, --country=CC Country code [default: 1] |
||
119 | -x MCC, --mcc=MCC Mobile Country Code [default: 901] |
||
120 | -y MNC, --mnc=MNC Mobile Network Code [default: 55] |
||
121 | -m SMSC, --smsc=SMSC SMSP [default: '00 + country code + 5555'] |
||
122 | -M SMSP, --smsp=SMSP Raw SMSP content in hex [default: auto from SMSC] |
||
123 | -s ID, --iccid=ID Integrated Circuit Card ID |
||
124 | -i IMSI, --imsi=IMSI International Mobile Subscriber Identity |
||
125 | -k KI, --ki=KI Ki (default is to randomize) |
||
126 | -o OPC, --opc=OPC OPC (default is to randomize) |
||
127 | --op=OP Set OP to derive OPC from OP and KI |
||
128 | --acc=ACC Set ACC bits (Access Control Code). not all card types |
||
129 | are supported |
||
130 | -z STR, --secret=STR Secret used for ICCID/IMSI autogen |
||
131 | -j NUM, --num=NUM Card # used for ICCID/IMSI autogen |
||
132 | --batch Enable batch mode [default: False] |
||
133 | --batch-state=FILE Optional batch state file |
||
134 | --read-csv=FILE Read parameters from CSV file rather than command line |
||
135 | --write-csv=FILE Append generated parameters in CSV file |
||
136 | --write-hlr=FILE Append generated parameters to OpenBSC HLR sqlite3 |
||
137 | --dry-run Perform a 'dry run', don't actually program the card |
||
138 | |||
139 | |||
140 | 6 | wirelesss | h3. 11. Example to program a sysmoSIM-GR1 card |
141 | 5 | wirelesss | |
142 | The GRcard SIM is a programmable GSM SIM card. It uses a mixture of TS11.11 / ISO7816-4 and proprietary commands for programming. |
||
143 | 12 | wirelesss | |
144 | 10 | wirelesss | In the below example, we are changing the card’s IMSI to 901700000003080, and specify a new set of -n NAME (Operator name), -t TYPE (Card type), -c CC (Country code), -x MCC (Mobile Country Code), -y MNC (Mobile Network Code) and -s ID (Integrated Circuit Card ID) values. |
145 | 5 | wirelesss | |
146 | $ ./pySim-prog.py -p 0 -n OpenBSC -t sysmosim-gr1 -i 901700000003080 -c 001 -x 001 -y 02 -s 1791198229180000075 |
||
147 | Insert card now (or CTRL-C to cancel) |
||
148 | Generated card parameters : |
||
149 | > Name : OpenBSC |
||
150 | > SMSP : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000 |
||
151 | > ICCID : 1791198229180000075 |
||
152 | > MCC/MNC : 1/2 |
||
153 | > IMSI : 901700000003080 |
||
154 | > Ki : 7edaeb6addbd72d2b2cc6ed7bfecc9c9 |
||
155 | > OPC : 23f075ab9b1a113d4db822d8195ea20c |
||
156 | 1 | laforge | > ACC : None |
157 | 5 | wirelesss | Programming ... |
158 | Done ! |
||
159 | |||
160 | 6 | wirelesss | h3. 12. Example to program a SysmoUSIM-SJS1 (orange) card |
161 | 5 | wirelesss | |
162 | (U)SIM cards are Java capable and there is the Globalplatform that specifies standards API. SMS can be addressed directly to the SIM card, the SIM card will get events for network selection and others, it can modify call establishment attempts. |
||
163 | |||
164 | |||
165 | 13 | wirelesss | Provisioning of different identities or keys. |
166 | 5 | wirelesss | |
167 | If you have a variant of the card-individual ADM1 key of your sysmoUSIM-SJS1 card, you can change any identity (IMSI, ICCID, MSISDN) stored on the (U)SIM, as well as the private key data (K, OPC). |
||
168 | |||
169 | ADM1 key can be found at: |
||
170 | |||
171 | [https://openerp.sysmocom.de/web#page=0&limit=80&view_type=list&model=sysmocom.simcard&menu_id=679&action=912] |
||
172 | |||
173 | In the below example, we are changing the card’s IMSI to 901710000011000 (it was 901700000011000 before), and specify a |
||
174 | new set of K and OPC values. |
||
175 | |||
176 | 11 | wirelesss | $ ./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 58001006 -x 901 -y 71 -i 901700000010659 -s 8988211000000110000 -o 398153093661279FB1FC74BE07059FEF -k 1D8B2562B992549F20D0F42113EAA6FA |
177 | 5 | wirelesss | Insert card now (or CTRL-C to cancel) |
178 | Generated card parameters : |
||
179 | > Name : Magic |
||
180 | > SMSP : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000 |
||
181 | > ICCID : 8988211000000110000 |
||
182 | > MCC/MNC : 901/71 |
||
183 | > IMSI : 901700000010659 |
||
184 | > Ki : 1D8B2562B992549F20D0F42113EAA6FA |
||
185 | > OPC : 398153093661279FB1FC74BE07059FEF |
||
186 | > ACC : None |
||
187 | Programming ... |
||
188 | Done ! |
||
189 | |||
190 | |||
191 | |||
192 | |||
193 | 7 | wirelesss | h3. 13 README |
194 | 5 | wirelesss | |
195 | pySim comes with following README file: |
||
196 | |||
197 | 1 | laforge | This utility allows to : |
198 | |||
199 | 5 | wirelesss | * Program customizable SIMs. Two modes are possible: |
200 | 1 | laforge | |
201 | 5 | wirelesss | - one where you specify every parameter manually : |
202 | 6 | wirelesss | _ |
203 | ./pySim-prog.py -n 26C3 -c 49 -x 262 -y 42 -i <IMSI> -s <ICCID>_ |
||
204 | 5 | wirelesss | |
205 | - one where they are generated from some minimal set : |
||
206 | |||
207 | 6 | wirelesss | _./pySim-prog.py -n 26C3 -c 49 -x 262 -y 42 -z <random_string_of_choice> -j <card_num>_ |
208 | 5 | wirelesss | |
209 | With <random_string_of_choice> and <card_num>, the soft will generate |
||
210 | 'predictable' IMSI and ICCID, so make sure you choose them so as not to |
||
211 | conflict with anyone. (for eg. your name as <random_string_of_choice> and |
||
212 | 0 1 2 ... for <card num>). |
||
213 | |||
214 | You also need to enter some parameters to select the device : |
||
215 | -t TYPE : type of card (supersim, magicsim, fakemagicsim or try 'auto') |
||
216 | -d DEV : Serial port device (default /dev/ttyUSB0) |
||
217 | -b BAUD : Baudrate (default 9600) |
||
218 | |||
219 | * Interact with SIMs from a python interactive shell (ipython for eg :) |
||
220 | |||
221 | from pySim.transport.serial import SerialSimLink |
||
222 | 1 | laforge | from pySim.commands import SimCardCommands |
223 | 5 | wirelesss | |
224 | 1 | laforge | sl = SerialSimLink(device='/dev/ttyUSB0', baudrate=9600) |
225 | 5 | wirelesss | sc = SimCardCommands(sl) |
226 | |||
227 | sl.wait_for_card() |
||
228 | |||
229 | # Print IMSI |
||
230 | 6 | wirelesss | _print sc.read_binary(['3f00', '7f20', '6f07'])_ |
231 | 5 | wirelesss | |
232 | # Run A3/A8 |
||
233 | 6 | wirelesss | _print sc.run_gsm('00112233445566778899aabbccddeeff')_ |