Cellular Network Infrastructure

{{>toc}}

h1. sysmoUSIM-SJS1

The sysmoUSIM-SJS1 is programmable and Java capable USIM card. Not all commands are known yet and this page should grow over time. Each card is using a separate ADM1 key and the default configuration is hacker/developer friendly (fields being writable, reduced security for installing applets to have more quick development cycles).

Please see [[shadysim.py]] for a tutorial on installing and removing a SIM Toolkit.

h2. Command Reference

To understand this reference, it is assumed that you are familiar with basic knowledge on smartcard

technologies, such as standard ISO 7816-3/-4 APDUs and GSM TS 11.11.

The below should be possible to set after authenticating with the ADM1 pin

h3. Setting the IMSI

Use a standard UPDATE BINARY command on EF.IMSI (7F20/6F07)

h3. Setting the ICCID

Use a standard UPDATE BINARY command on EF.ICCID (2FE2)

h3. Setting the Ki

Use a standard UPATE BINARY command on EF.KI (7F20/00FF)

h3. Setting the OP

Use a standard UPATE BINARY command on EF.MilenageOP (7F20/00FD)

h3. Setting the OPC

Use a standard UPATE BINARY command on EF.MilenageOPC (7F20/00FC)

h3. Setting the Algorithm(s)

Use a standard UPDATE BINARY command on EF.AUTH (7FCC/6F00)

Two bytes, first byte for 2G, second byte for 3G.

Value '01' for milenage

Value '03' for COMP128v1 (only allowed for 2G)