def __init__(self, cardtype = GSM_USIM, atr = None): if cardtype == GSM_USIM: self.card = USIM(atr) self.usim = True else: self.card = SIM(atr) self.usim = False
def program_files(self):
# program SIM with SMSP and HMPLN infos
#
sim = SIM()
verify_chv(sim, chv=CHV_PROG, adm=0x5)
#
# go to ICCID and update it
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x2F, 0xE2])
ret = sim.UPDATE_BINARY(0, 0, encode_ICCID(self.ICCID))
print('Writing ICCID: %s' % ret)
#
# go to IMSI and update it
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x07])
ret = sim.UPDATE_BINARY(0, 0, encode_IMSI(self.IMSI))
print('Writing IMSI: %s' % ret)
#
# go to SMSP address and update the 1st record for SMSP
# this is the absolute address for SIM application
# USIM app addr for SMSP is only a symlink to it
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x10])
sim.SELECT_FILE(0, 0, [0x6F, 0x42])
ret = sim.UPDATE_RECORD(1, 4, SMSP)
print('Writing SMSP: %s' % ret)
#
# go to HPLMN search period file
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x31])
ret = sim.UPDATE_BINARY(0, 0, T_HPLMN)
print('Writing HPLMN selection search period: %s' % ret)
#
# go to PLMNsel address and update binary string for HPLMN
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x30])
ret = sim.UPDATE_BINARY(0, 0, PLMNsel)
print('Writing PLMN selector: %s' % ret)
#
# go to SST address and update the service table
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x38])
ret = sim.UPDATE_BINARY(0, 0, SST)
print('Writing SIM Services Table: %s' % ret)
#
# go to SPN address and update Service Provider Name
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x46])
ret = sim.UPDATE_BINARY(0, 0, SPN)
print('Writing Service Provider Name: %s' % ret)
#
sim.disconnect()
return 0
def handle_sim_info(options):
s = SIM()
if not s:
print "Error opening SIM"
exit(1)
if options.debug:
s.dbg = 1
s.caller.get(options.param)()
def test_identification(self):
s = SIM()
self.ICCID = s.get_ICCID()
#s.disconnect()
#s = SIM()
self.IMSI = s.get_imsi()
s.disconnect()
print('[+] SIM identification:\nICCID: %s\nIMSI: %s' \
% (self.ICCID, self.IMSI))
if not self.ICCID or not self.IMSI:
print('[-] identification error')
return 1
return 0
def __init__(self, cardtype=GSM_USIM, atr=None):
if cardtype == GSM_USIM:
self.card = USIM(atr)
self.usim = True
# Detect ISIM / USIM applications
self.card.get_AID()
AID = self.card.AID
for a in AID:
if a[0:7] == [0xA0, 0x00, 0x00, 0x00, 0x87, 0x10, 0x04]:
self.has_isim = True
elif a[0:7] == [0xA0, 0x00, 0x00, 0x00, 0x87, 0x10, 0x02]:
self.has_usim = True
else:
self.card = SIM(atr)
self.usim = False
def handle_sim(options, rand_bin):
s = SIM()
if not s:
print "Error opening SIM"
exit(1)
imsi = s.get_imsi()
ret = s.run_gsm_alg(rand_bin)
if not options.ipsec:
print "Testing SIM card with IMSI %s" % imsi
print "\nGSM Authentication"
print "SRES:\t%s" % b2a_hex(byteToString(ret[0]))
print "Kc:\t%s" % b2a_hex(byteToString(ret[1]))
if options.ipsec:
print "1%[email protected]%s.mcc%s.3gppnetwork.org,%s,%s,%s" % (
imsi, imsi[3:6], imsi[0:3], b2a_hex(byteToString(rand_bin)),
b2a_hex(byteToString(ret[0])), b2a_hex(byteToString(ret[1])))
def handle_siminfo(options):
s = SIM()
if not s:
print "Error opening SIM"
exit(1)
if options.write is not None:
return s.caller.get(options.param)(options.write)
elif options.rand is not None:
return s.caller.get(options.param)(options.rand)
else:
return s.caller.get(options.param)()
def sw_status(sw1, sw2):
status = SIM.sw_status(sw1, sw2)
if sw1 == 0x98 and sw2 in (0x62, 0x64, 0x65, 0x66, 0x67):
status = 'security management'
if sw2 == 0x62: status += ': authentication error, ' \
'incorrect MAC'
elif sw2 == 0x64: status += ': authentication error, ' \
'security context not supported'
elif sw2 == 0x65: status += ': key freshness failure'
elif sw2 == 0x66: status += ': authentication error, ' \
'no memory space available'
elif sw2 == 0x67: status += ': authentication error, ' \
'no memory space available in EF_MUK'
return status
def sw_status(sw1, sw2):
status = SIM.sw_status(sw1, sw2)
if sw1 == 0x98 and sw2 in (0x62, 0x64, 0x65, 0x66, 0x67):
status = 'security management'
if sw2 == 0x62: status += ': authentication error, ' \
'incorrect MAC'
elif sw2 == 0x64: status += ': authentication error, ' \
'security context not supported'
elif sw2 == 0x65: status += ': key freshness failure'
elif sw2 == 0x66: status += ': authentication error, ' \
'no memory space available'
elif sw2 == 0x67: status += ': authentication error, ' \
'no memory space available in EF_MUK'
return status
def test_identification(self):
s = SIM()
self.ICCID = s.get_ICCID()
#s.disconnect()
#s = SIM()
self.IMSI = s.get_imsi()
s.disconnect()
print('[+] SIM identification:\nICCID: %s\nIMSI: %s' \
% (self.ICCID, self.IMSI))
if not self.ICCID or not self.IMSI:
print('[-] identification error')
return 1
return 0
def program_files(self):
# program SIM with SMSP and HMPLN infos
#
sim = SIM()
verify_chv(sim, chv=CHV_PROG, adm=0x5)
#
# go to ICCID and update it
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x2F, 0xE2])
ret = sim.UPDATE_BINARY(0, 0, encode_ICCID(self.ICCID))
print('Writing ICCID: %s' % ret)
#
# go to IMSI and update it
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x07])
ret = sim.UPDATE_BINARY(0, 0, encode_IMSI(self.IMSI))
print('Writing IMSI: %s' % ret)
#
# go to SMSP address and update the 1st record for SMSP
# this is the absolute address for SIM application
# USIM app addr for SMSP is only a symlink to it
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x10])
sim.SELECT_FILE(0, 0, [0x6F, 0x42])
ret = sim.UPDATE_RECORD(1, 4, SMSP)
print('Writing SMSP: %s' % ret)
#
# go to HPLMN search period file
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x31])
ret = sim.UPDATE_BINARY(0, 0, T_HPLMN)
print('Writing HPLMN selection search period: %s' % ret)
#
# go to PLMNsel address and update binary string for HPLMN
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x30])
ret = sim.UPDATE_BINARY(0, 0, PLMNsel)
print('Writing PLMN selector: %s' % ret)
#
# go to SST address and update the service table
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x38])
ret = sim.UPDATE_BINARY(0, 0, SST)
print('Writing SIM Services Table: %s' % ret)
#
# go to SPN address and update Service Provider Name
sim.SELECT_FILE(0, 0, [0x3F, 0x00])
sim.SELECT_FILE(0, 0, [0x7F, 0x20])
sim.SELECT_FILE(0, 0, [0x6F, 0x46])
ret = sim.UPDATE_BINARY(0, 0, SPN)
print('Writing Service Provider Name: %s' % ret)
#
sim.disconnect()
return 0
#!/usr/bin/python from card.SIM import SIM s = SIM() print s.get_imsi()
class Simcard():
card = None
filelen = 0 #length of the currently selected file
# Constructor: Create a new simcard object
def __init__(self, cardtype = GSM_USIM, atr = None):
if cardtype == GSM_USIM:
self.card = USIM(atr)
self.usim = True
else:
self.card = SIM(atr)
self.usim = False
# Find the right class byte, depending on the simcard type
def __get_cla(self, usim):
return self.card.CLA
# Get file size from FCP
def __get_len_from_tlv(self, fcp):
# Note: This has been taken from http://git.osmocom.org/pysim/tree/pySim/commands.py,
# but pySim uses ascii-hex strings for its internal data representation. We use
# regular lists with integers, so we must convert to an ascii-hex string first:
fcp = ''.join('{:02x}'.format(x) for x in fcp)
# see also: ETSI TS 102 221, chapter 11.1.1.3.1 Response for MF,
# DF or ADF
from pytlv.TLV import TLV
tlvparser = TLV(['82', '83', '84', 'a5', '8a', '8b', '8c', '80', 'ab', 'c6', '81', '88'])
# pytlv is case sensitive!
fcp = fcp.lower()
if fcp[0:2] != '62':
raise ValueError('Tag of the FCP template does not match, expected 62 but got %s'%fcp[0:2])
# Unfortunately the spec is not very clear if the FCP length is
# coded as one or two byte vale, so we have to try it out by
# checking if the length of the remaining TLV string matches
# what we get in the length field.
# See also ETSI TS 102 221, chapter 11.1.1.3.0 Base coding.
exp_tlv_len = int(fcp[2:4], 16)
if len(fcp[4:])/2 == exp_tlv_len:
skip = 4
else:
exp_tlv_len = int(fcp[2:6], 16)
if len(fcp[4:])/2 == exp_tlv_len:
skip = 6
# Skip FCP tag and length
tlv = fcp[skip:]
tlv_parsed = tlvparser.parse(tlv)
if '80' in tlv_parsed:
return int(tlv_parsed['80'], 16)
else:
return 0
# Get the file length from a response (select)
def __len(self, res, p2):
if p2 == 0x04:
return self.__get_len_from_tlv(res)
else:
return int(res[-1][4:8], 16)
# Select a file and retrieve its length
def select(self, fid):
self.filelen = 0
p2 = 0x04
res = Card_res_apdu()
res.from_mich(self.card.SELECT_FILE(P2 = p2, Data = fid))
# Stop here, on failure
if res.sw[0] != 0x61:
return res
res.from_mich(self.card.GET_RESPONSE(res.sw[1]))
self.filelen = self.__len(res.apdu, p2)
return res
# Perform card holder verification
def verify_chv(self, chv, chv_no):
res = Card_res_apdu()
res.from_mich(self.card.VERIFY(P2 = chv_no, Data = chv))
return res
# Read CHV retry counter
def chv_retrys(self, chv_no):
res = self.card.VERIFY(P2 = chv_no)
return res[2][1] & 0x0F
# Perform file operation (Write)
def update_binary(self, data, offset = 0):
offs_high = (offset >> 8) & 0xFF
offs_low = offset & 0xFF
res = Card_res_apdu()
res.from_mich(self.card.UPDATE_BINARY(offs_high, offs_low, data))
return res
# Perform file operation (Read, byte oriented)
def read_binary(self, length, offset = 0):
offs_high = (offset >> 8) & 0xFF
offs_low = offset & 0xFF
res = Card_res_apdu()
res.from_mich(self.card.READ_BINARY(offs_high, offs_low, length))
return res
# Perform file operation (Read, record oriented)
def read_record(self, length, rec_no = 0):
res = Card_res_apdu()
res.from_mich(self.card.READ_RECORD(rec_no, GSM_SIM_INS_READ_RECORD_ABS, length))
return res
# Perform file operation (Read, record oriented)
def update_record(self, data, rec_no = 0):
res = Card_res_apdu()
res.from_mich(self.card.UPDATE_RECORD(rec_no, GSM_SIM_INS_UPDATE_RECORD_ABS, data))
return res