Dieter Spaar has modified the to support the configured OTA mode on the sysmoUSIM-SJS1 (and by extension the SIM Cards issued at 31C3, the following camp and 32C3).

What is it about

(U)SIM cards are Java capable and there is the Globalplatform that specifies standards API. SMS can
be addressed directly to the SIM card, the SIM card will get events for network selection and others, it
can modify call establishment attempts.

The following will show how to build the example applet and install it on your USIM. If you create plugins
please make them available as Free Software and point us to them. If you find interesting Globalplatform
APIs or hacks please talk about it.

What you will need

  • sysmoUSIM-SJS1 card
  • KIC, KID private keys of the card
  • PCSC, serial card reader or be able to send SMS to the SIM card
  • JDK to create Java1.1 bytecode to create/customize SIM Toolkit applets.

What you can read

Building an example applet

git clone
git clone
cd hello-stk
ls -la ./build/javacard/org/toorcamp/HelloSTK/javacard/HelloSTK.cap

If you have a javac in your system you have now built an example Helloworld applet.

More applets

Follow the same steps as building the Helloworld applet.

SMS I'm alive

Applet to deliver an SMS the very first time the SIM registers in the GSM/GPRS network

git clone

APN autoconfiguration

Applet to configure a PDP Context with a correct APN via RUN AT proactive command

git clone

Data heartbeat

Applet to monitor the status of data connectivity over-the-air

git clone

Working with a PC/SC reader

Make sure you have the KIC1, KIC2, KIC3 and KID1, KID2 and KID3 for your card. If you have a
CCC Event card from 31C3 or later you should be set and for the sysmoUSIM-SJS1 be sure to buy
the option that includes the ADM1 keys as otherwise no OTA keys will be provided to you (you will
have to buy a new batch of cards then).

#Clone if you have not done the above
git clone
cd sim-tools/shady-sim

# Load the applet
python --pcsc -l [[HelloSTK]].cap -i [[HelloSTK]].cap \
          --enable-sim-toolkit --module-aid d07002ca44900101 \
          --instance-aid d07002CA44900101 \
          --nonvolatile-memory-required 0100 \ 
          --volatile-memory-for-install 0100 \
          --max-menu-entry-text 15 \
          --max-menu-entries 05 --kic KIC1 \
          --kid KID1

# Delete it (it takes time)
python --pcsc -d d07002CA449001 \
          --kic KIC1 \
          --kid KID1

Working with a SMPP reader

Instead of directly interacting with the SIM through a PCSC reader the APDU is sent through SMPP. Replace
the --pcsc call with --smpp and lines starting with SMPP are printed. These then need to be sent.

Files (0)

Updated by laforge over 1 year ago ยท 12 revisions

Add picture from clipboard (Maximum size: 48.8 MB)