Project

General

Profile

Feature #4412

SIM applet: add debug menu entry to change IMSI

Added by osmith about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
02/21/2020
Due date:
% Done:

100%

Spec Reference:

Description

Before drafting the spec, we need to check how the baseband/SIM behave if the IMSI changes. Adding it to the menu of the SIM app should not be much effort, so let's do that.

As this is just for debugging, I suggest to add two menu entries, and each changes the IMSI to a hardcoded value.

For reference, see GSM TS 03.19 Annex C:
https://www.etsi.org/deliver/etsi_ts/101400_101499/101476/07.00.00_60/ts_101476v070000p.pdf

History

#1 Updated by osmith about 1 year ago

  • Description updated (diff)

#2 Updated by osmith about 1 year ago

  • Tracker changed from Bug to Feature

#3 Updated by osmith about 1 year ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 30

I've implemented a menu, and a submenu for "Change IMSI":

    IMSI Pseudonymization
    1 Show LU counter
    2 Show IMSI
    3 Change IMSI
    Change IMSI
    1 Set 1 as last digit
    2 Set 2 as last digit

Then I've started to implement "Show IMSI", so we have a convenient way of verifying that the IMSI written to the card was written properly. (Change IMSI is not working yet.)
The IMSI should be in DF GSM -> EF IMSI. So in theory, this should work:

gsmFile.select((short) SIMView.FID_DF_GSM);
gsmFile.select((short) SIMView.FID_EF_IMSI);
gsmFile.readBinary((short)0, IMSI, (short)0, (short)9);

However, the readBinary call throws a "AC_NOT_FULFILLED" exception.

This reason code (= 3) is used to indicate that the access condition is not fulfilled by the calling applet for the called method.

WIP code is pushed to the git repo.

#4 Updated by osmith about 1 year ago

  • Status changed from In Progress to Resolved
  • % Done changed from 30 to 100

However, the readBinary call throws a "AC_NOT_FULFILLED" exception.

Resolved by adding an --access-domain=00 (default is ff) argument to the programmer.

Neels extended the code further, now there is one menu entry for "Change IMSI", that correctly displays the decoded IMSI. The user is then able to edit the IMSI, and if it was changed, it gets written back to the SIM card.

A standalone version of the Change IMSI code can be found here:
https://git.osmocom.org/sim/hello-stk/tree/imsi-change

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)