Project

General

Profile

Wiki » History » Version 36

neels, 11/13/2016 01:26 PM
minor tweaks

1 4 wirelesss
{{>toc}}
2
3
h1. pySim WiKi 
4 1 laforge
5
pySim-prog is a small command line utility written in python, which is used for programming various programmable SIM/USIM cards.
6
7 32 wirelesss
h2. 1. Supported Cards
8 1 laforge
9 33 wirelesss
* [[cellular-infrastructure:sysmoUSIM-SJS1]]
10 1 laforge
* [[cellular-infrastructure:GrcardSIM]]
11
* [[cellular-infrastructure:GrcardSIM2]]
12
* [[cellular-infrastructure:MagicSIM]]
13
14
15 32 wirelesss
h2. 2. Usage instructions
16
17
h3. 2.1.  Install dependencies
18
19 1 laforge
 sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev
20
21 36 neels
h3. 2.2. Connect SIM card reader
22 16 wirelesss
23 36 neels
h3. 2.3. Insert programmable SIM card
24 5 wirelesss
25 34 wirelesss
h3. 2.4. Check the status of connection by entering the following command:
26 5 wirelesss
27
 pcsc_scan
28
29 32 wirelesss
h3. 2.5. If SIM card reader is recognised then we can expect something similar to the below output:
30 5 wirelesss
31
 $ pcsc_scan
32
 PC/SC device scanner
33
 V 1.4.25 (c) 2001-2011, Ludovic Rousseau ludovic.rousseau@free.fr
34
 Compiled with PC/SC lite version: 1.8.14
35
 Using reader plug'n play mechanism
36
 Scanning present readers...
37
 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00 
38
 Tue Oct 18 11:48:08 2016
39
 Reader 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] 00 00
40
 Card state: Card inserted, 
41
 ATR: 3B 99 18 00 11 88 22 33 44 55 66 77 60
42
 + TS = 3B --> Direct Convention
43
 + T0 = 99, Y(1): 1001, K: 9 (historical bytes)
44
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
45
  129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
46 20 wirelesss
  TD(1) = 00 --> Y(i+1) = 0000, Protocol T = 0 
47 1 laforge
 -----
48 20 wirelesss
 + Historical bytes: 11 88 22 33 44 55 66 77 60
49
 Category indicator byte: 11 (proprietary format)
50
 Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
51
 3B 99 18 00 11 88 22 33 44 55 66 77 60
52
 sysmocom sysmoSIM-GR1
53
54
55 32 wirelesss
h3. 2.6. Exit pcsc_scan : _Ctrl+C_
56 6 wirelesss
57 32 wirelesss
h3. 2.7. Get the code of PySIM by entering command:
58 5 wirelesss
59
 git clone git://git.osmocom.org/pysim pysim
60
61
 cd pysim
62
63 32 wirelesss
h3. 2.8. Run the /pySim-read.py to read your SIM card:
64 5 wirelesss
65
 ./pySim-read.py -p0 or ./pySim-read.py -p1 
66
67 32 wirelesss
h3. 2.9. Using sysmoSIM-GR1 and if everything is done correctly, you will see something similar to:
68 8 wirelesss
 
69 5 wirelesss
 $ ./pySim-read.py -p0 
70
 Reading ...
71
 ICCID: 1791198229180000071
72
 IMSI: 001640000000071
73
 SMSP: ffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
74
 ACC: ffff
75
 MSISDN: Not available
76
 Done !
77
78
79 32 wirelesss
h3. 2.10. Program your SIM card
80 17 wirelesss
81 5 wirelesss
Enter @./pySim-prog.py -help@ to get overview of possible options. 
82 1 laforge
83 7 wirelesss
Similar result should appear: 
84 5 wirelesss
85
 $ ./pySim-prog.py -help
86
 Usage: pySim-prog.py [options]
87
 Options:
88
   -h, --help            show this help message and exit
89
   -d DEV, --device=DEV  Serial Device for SIM access [default: /dev/ttyUSB0]
90
   -b BAUD, --baud=BAUD  Baudrate used for SIM access [default: 9600]
91
   -p PCSC, --pcsc-device=PCSC
92
                         Which PC/SC reader number for SIM access
93
   -t TYPE, --type=TYPE  Card type (user -t list to view) [default: auto]
94
   -a PIN_ADM, --pin-adm=PIN_ADM
95
                         ADM PIN used for provisioning (overwrites default)
96
   -e, --erase           Erase beforehand [default: False]
97
   -S SOURCE, --source=SOURCE
98
                         Data Source[default: cmdline]
99
   -n NAME, --name=NAME  Operator name [default: Magic]
100
   -c CC, --country=CC   Country code [default: 1]
101
   -x MCC, --mcc=MCC     Mobile Country Code [default: 901]
102
   -y MNC, --mnc=MNC     Mobile Network Code [default: 55]
103
   -m SMSC, --smsc=SMSC  SMSP [default: '00 + country code + 5555']
104
   -M SMSP, --smsp=SMSP  Raw SMSP content in hex [default: auto from SMSC]
105
   -s ID, --iccid=ID     Integrated Circuit Card ID
106
   -i IMSI, --imsi=IMSI  International Mobile Subscriber Identity
107
   -k KI, --ki=KI        Ki (default is to randomize)
108
   -o OPC, --opc=OPC     OPC (default is to randomize)
109
   --op=OP               Set OP to derive OPC from OP and KI
110
   --acc=ACC             Set ACC bits (Access Control Code). not all card types
111
                         are supported
112
   -z STR, --secret=STR  Secret used for ICCID/IMSI autogen
113
   -j NUM, --num=NUM     Card # used for ICCID/IMSI autogen
114
   --batch               Enable batch mode [default: False]
115
   --batch-state=FILE    Optional batch state file
116
   --read-csv=FILE       Read parameters from CSV file rather than command line
117
   --write-csv=FILE      Append generated parameters in CSV file
118
   --write-hlr=FILE      Append generated parameters to OpenBSC HLR sqlite3
119
   --dry-run             Perform a 'dry run', don't actually program the card
120
121 32 wirelesss
h3. 2.11. Example of how to program a sysmoSIM-GR1 card 
122 5 wirelesss
123 18 wirelesss
The GRcard SIM is a programmable GSM SIM card. It uses a mixture of TS11.11 / ISO7816-4 and proprietary commands for programming.
124 5 wirelesss
125
In the below example, we are changing the card’s IMSI to 901700000003080 (option -i) and we are specifying a new set of -n NAME (Operator name), -t TYPE (Card type), -c CC (Country code), -x MCC (Mobile Country Code), -y MNC (Mobile Network Code) and -s ID (Integrated Circuit Card ID) values.
126 1 laforge
 
127 25 wirelesss
 $ ./pySim-prog.py -p 0 -n OpenBSC -t sysmosim-gr1 -i 901700000003080 -c 001 -x 001 -y 02 -s 1791198229180000075
128 5 wirelesss
 Insert card now (or CTRL-C to cancel)
129
 Generated card parameters :
130
  > Name    : OpenBSC
131
  > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
132
  > ICCID   : 1791198229180000075
133
  > MCC/MNC : 1/2
134
  > IMSI    : 901700000003080
135
  > Ki      : 7edaeb6addbd72d2b2cc6ed7bfecc9c9
136
  > OPC     : 23f075ab9b1a113d4db822d8195ea20c
137
  > ACC     : None
138
 Programming ...
139 1 laforge
 Done !
140 5 wirelesss
141 32 wirelesss
h3. 2.12. Example of how to program a sysmoUSIM-SJS1 card
142 5 wirelesss
143 31 wirelesss
(U)SIM cards are Java capable and there is the Globalplatform that specifies standards API. SMS can be addressed directly to the SIM card, the SIM card will get events for network selection and others, it can modify call establishment attempts.
144 5 wirelesss
145
146
Provisioning of different identities or keys.
147
 
148 13 wirelesss
If you have a variant of the card-individual ADM1 key of your sysmoUSIM-SJS1 card,  you can change any identity (IMSI, ICCID, MSISDN) stored on the (U)SIM, as well as the private key data (K, OPC).
149 5 wirelesss
150
In the below example, we are changing the card’s IMSI to 901700000003080 (option -i) and we are specifying a new set of -t TYPE (Card type), - a ADM_PIN (ADM PIN used for provisioning), -x MCC (Mobile Country Code), -y MNC (Mobile Network Code), -s ID (Integrated Circuit Card ID), -o OPC and -k KI (Ki) values.
151 26 wirelesss
152 5 wirelesss
 $ ./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 58001006  -x 901 -y 71 -i 901700000010659 -s 8988211000000110000 -o 398153093661279FB1FC74BE07059FEF -k 1D8B2562B992549F20D0F42113EAA6FA
153 11 wirelesss
 Insert card now (or CTRL-C to cancel)
154 5 wirelesss
 Generated card parameters :
155
  > Name    : Magic
156
  > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
157
  > ICCID   : 8988211000000110000
158
  > MCC/MNC : 901/71
159
  > IMSI    : 901700000010659
160
  > Ki      : 1D8B2562B992549F20D0F42113EAA6FA
161
  > OPC     : 398153093661279FB1FC74BE07059FEF
162
  > ACC     : None
163
 Programming ...
164
 Done !
165 1 laforge
166 35 wirelesss
h3. 2.13. Example of how to program a Magic SIM / SuperSIM 16-in-1 / X-sim card
167 23 wirelesss
168
The 16-in-1 SIM cards are intended for COMP128v1 based cloning and enable the user to aggregate up to 16 SIM card identities in a single card. This multi-IMSI property is not used in the context of Osmocom.
169 29 laforge
170 23 wirelesss
Below example shows how we can change the card’s IMSI to 901990000000018 (option -i) and at the same time we are specifying a new set of -x MCC (Mobile Country Code), -y MNC (Mobile Network Code), -s ID (Integrated Circuit Card ID) , -o OPC and -k KI (Ki) values.
171
172
 $ ./pySim-prog.py -p 0 -x 801 -y 71 -i 901990000000018 -s 8988211000000110000 -o 398153093661279FB1FC74BE07059FEF -k 1D8B2562B992549F20D0F42113EAA6FA
173
 Insert card now (or CTRL-C to cancel)
174
 Autodetected card type fakemagicsim
175
 Generated card parameters :
176
  > Name    : Magic
177
  > SMSP    : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
178
  > ICCID   : 8988211000000110000
179
  > MCC/MNC : 801/71
180
  > IMSI    : 901990000000018
181
  > Ki      : 1D8B2562B992549F20D0F42113EAA6FA
182
  > OPC     : 398153093661279FB1FC74BE07059FEF
183
  > ACC     : None
184
 Programming ...
185
 Done !
186
187 35 wirelesss
h3. 2.14. README 
188 5 wirelesss
189
pySim comes with following README file:
190
191 1 laforge
This utility allows to :
192
193 5 wirelesss
* Program customizable SIMs. Two modes are possible:
194 1 laforge
195 5 wirelesss
- one where you specify every parameter manually :
196 6 wirelesss
_
197
./pySim-prog.py -n 26C3 -c 49 -x 262 -y 42 -i <IMSI> -s <ICCID>_
198 5 wirelesss
199
- one where they are generated from some minimal set :
200
201 6 wirelesss
_./pySim-prog.py -n 26C3 -c 49 -x 262 -y 42 -z <random_string_of_choice> -j <card_num>_
202 5 wirelesss
203
With <random_string_of_choice> and <card_num>, the soft will generate
204
'predictable' IMSI and ICCID, so make sure you choose them so as not to
205
conflict with anyone. (for eg. your name as <random_string_of_choice> and
206
0 1 2 ... for <card num>).
207
208
You also need to enter some parameters to select the device :
209
-t TYPE : type of card (supersim, magicsim, fakemagicsim or try 'auto')
210
-d DEV  : Serial port device (default /dev/ttyUSB0)
211
-b BAUD : Baudrate (default 9600)
212
213
* Interact with SIMs from a python interactive shell (ipython for eg :)
214
215
from pySim.transport.serial import SerialSimLink
216 1 laforge
from pySim.commands import SimCardCommands
217 5 wirelesss
218 1 laforge
sl = SerialSimLink(device='/dev/ttyUSB0', baudrate=9600)
219 5 wirelesss
sc = SimCardCommands(sl)
220
221
sl.wait_for_card()
222
223
# Print IMSI
224 6 wirelesss
_print sc.read_binary(['3f00', '7f20', '6f07'])_
225 5 wirelesss
226
# Run A3/A8
227 6 wirelesss
_print sc.run_gsm('00112233445566778899aabbccddeeff')_
Add picture from clipboard (Maximum size: 48.8 MB)