Project

General

Profile

Actions

SysmoUSIM-SJS1 » History » Revision 20

« Previous | Revision 20/21 (diff) | Next »
laforge, 08/16/2021 11:53 AM


sysmoUSIM-SJS1

NOTE: As of October 2020, sysmoUSIM-SJS1 is obsolete and has been superseeded by sysmoISIM-SJA2

The sysmoUSIM-SJS1 is programmable and Java capable USIM card. Not all commands are known yet and this page should grow over time. Each card is using a separate ADM1 key and the default configuration is hacker/developer friendly (fields being writable, reduced security for installing applets to have more quick development cycles).

sysmousim-sjs1-h-50p.jpg

User Manual

sysmocom provides a comprehensive user manual at https://sysmocom.de/manuals/sysmousim-manual.pdf - please refer to that manual rather than this rarely maintained wiki page for most up-to-date reference information.

Tools

pySIM

The sysmoUSIM-SJS1 can be parameterized using pySim and sysmo-usim-tool.

PySim provides the common general bulk provisioning features, which are already known from MagicSIM and previous sysmocom simcard models. Most of the settings (like Ki, ICCIC, OPC, etc...) listed below are covered by PySim.

Please see the pySim-prog.py program from git://git.osmocom.org/pysim (http://git.osmocom.org/pysim/) and

sysmo-usim-tool

For tweaking higly sysmoUSIM-SJS1 specific parameters (authentication algorithms, milenage parameters, enable/disable USIM application etc...), sysmo-usim-tool can be used. For more information see section "7.2 sysmo-usim-tool" in the provided manual.

Please see the sysmo-usim-tool program from https://git.sysmocom.de/sysmocom/sysmo-usim-tool/

SIM Toolkit

Please see shadysim.py for a tutorial on installing and removing a SIM Toolkit applications.

VoLTE / Android Carrier Privileges / ARA-M / IMS Configuration

If you want to use IMS (VoLTE/VoWiFi) on android devices, you will need to grant an android app special carrier privileges. This is done by storing a hash of the singing key of the android app on the SIM.

See VoLTE_IMS_Android_Carrier_Privileges for details.

Availability

sysoUSIM-SJS1 is (as of October 2020) no longer available. Its succesor sysmoISIM-SJA2 is available from http://shop.sysmocom.de/products/sysmoISIM-SJA2

Command Reference

Please primarily refer to the user manual for more detailed information!

To understand this reference, it is assumed that you are familiar with basic knowledge on smartcard
technologies, such as standard ISO 7816-3/-4 APDUs and GSM TS 11.11.

The below should be possible to set after authenticating with the ADM1 pin

Setting the IMSI

Use a standard UPDATE BINARY command on EF.IMSI (7F20/6F07)

Setting the ICCID

Use a standard UPDATE BINARY command on EF.ICCID (2FE2)

Setting the Ki

Use a standard UPATE BINARY command on EF.KI (7F20/00FF)

Setting the OP/OPC

Use a standard UPATE BINARY command on the EF.OPC (7F20/00F7)

Offset Size Description
0 1 0x00 for OP, 0x01 for OPc
1 16 OP or OPc value, depending on byte at offset 0

Setting the Algorithm(s)

Use a standard UPDATE BINARY command on EF.AUTH (7FCC/6F00)

Two bytes, first byte for 2G, second byte for 3G.

Value Algorithm Supported Mode
01 Milenage 2G + 3G
03 COMP128v1 2G
04 XOR 2G 2G
06 COMP128v2 2G
07 COMP128v3 2G
08 XOR 3G 3G

Setting the Milenage parameters (Ci/Ri)

Use a standard UPATE BINARY command on EF.MLNGC (7FCC/6F01)

Offset Size Description
0 16 C1
16 16 C2
32 16 C3
48 16 C4
64 16 C5
80 1 R1
81 1 R2
82 1 R3
83 1 R4
84 1 R5
Files (1)
sysmousim-sjs1-h-50p.jpg View sysmousim-sjs1-h-50p.jpg 512 KB laforge, 03/17/2017 05:01 PM

Updated by laforge over 2 years ago · 20 revisions

Add picture from clipboard (Maximum size: 48.8 MB)