Beispiel #1
0
	def __init__(self, cardtype = GSM_USIM, atr = None):
		if cardtype == GSM_USIM:
			self.card = USIM(atr)
			self.usim = True
		else:
			self.card = SIM(atr)
			self.usim = False
Beispiel #2
0
 def program_files(self):
     # program SIM with SMSP and HMPLN infos
     #
     sim = SIM()
     verify_chv(sim, chv=CHV_PROG, adm=0x5)
     #
     # go to ICCID and update it
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x2F, 0xE2])
     ret = sim.UPDATE_BINARY(0, 0, encode_ICCID(self.ICCID))
     print('Writing ICCID: %s' % ret)
     #
     # go to IMSI and update it
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x07])
     ret = sim.UPDATE_BINARY(0, 0, encode_IMSI(self.IMSI))
     print('Writing IMSI: %s' % ret)
     #
     # go to SMSP address and update the 1st record for SMSP
     # this is the absolute address for SIM application
     # USIM app addr for SMSP is only a symlink to it
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x10])
     sim.SELECT_FILE(0, 0, [0x6F, 0x42])
     ret = sim.UPDATE_RECORD(1, 4, SMSP)
     print('Writing SMSP: %s' % ret)
     #
     # go to HPLMN search period file
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x31])
     ret = sim.UPDATE_BINARY(0, 0, T_HPLMN)
     print('Writing HPLMN selection search period: %s' % ret)
     #
     # go to PLMNsel address and update binary string for HPLMN
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x30])
     ret = sim.UPDATE_BINARY(0, 0, PLMNsel)
     print('Writing PLMN selector: %s' % ret)
     #
     # go to SST address and update the service table
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x38])
     ret = sim.UPDATE_BINARY(0, 0, SST)
     print('Writing SIM Services Table: %s' % ret)
     #
     # go to SPN address and update Service Provider Name
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x46])
     ret = sim.UPDATE_BINARY(0, 0, SPN)
     print('Writing Service Provider Name: %s' % ret)
     #
     sim.disconnect()
     return 0
Beispiel #3
0
def handle_sim_info(options):
    s = SIM()
    if not s:
        print "Error opening SIM"
        exit(1)

    if options.debug:
        s.dbg = 1

    s.caller.get(options.param)()
Beispiel #4
0
 def test_identification(self):
     s = SIM()
     self.ICCID = s.get_ICCID()
     #s.disconnect()
     #s = SIM()
     self.IMSI = s.get_imsi()
     s.disconnect()
     print('[+] SIM identification:\nICCID: %s\nIMSI: %s'  \
           % (self.ICCID, self.IMSI))
     if not self.ICCID or not self.IMSI:
         print('[-] identification error')
         return 1
     return 0
Beispiel #5
0
    def __init__(self, cardtype=GSM_USIM, atr=None):
        if cardtype == GSM_USIM:
            self.card = USIM(atr)
            self.usim = True

            # Detect ISIM / USIM applications
            self.card.get_AID()
            AID = self.card.AID
            for a in AID:
                if a[0:7] == [0xA0, 0x00, 0x00, 0x00, 0x87, 0x10, 0x04]:
                    self.has_isim = True
                elif a[0:7] == [0xA0, 0x00, 0x00, 0x00, 0x87, 0x10, 0x02]:
                    self.has_usim = True
        else:
            self.card = SIM(atr)
            self.usim = False
def handle_sim(options, rand_bin):
    s = SIM()
    if not s:
        print "Error opening SIM"
        exit(1)

    imsi = s.get_imsi()
    ret = s.run_gsm_alg(rand_bin)

    if not options.ipsec:
        print "Testing SIM card with IMSI %s" % imsi
        print "\nGSM Authentication"
        print "SRES:\t%s" % b2a_hex(byteToString(ret[0]))
        print "Kc:\t%s" % b2a_hex(byteToString(ret[1]))

    if options.ipsec:
        print "1%[email protected]%s.mcc%s.3gppnetwork.org,%s,%s,%s" % (
            imsi, imsi[3:6], imsi[0:3], b2a_hex(byteToString(rand_bin)),
            b2a_hex(byteToString(ret[0])), b2a_hex(byteToString(ret[1])))
def handle_siminfo(options):
    s = SIM()
    if not s:
        print "Error opening SIM"
        exit(1)

    if options.write is not None:
        return s.caller.get(options.param)(options.write)
    elif options.rand is not None:
        return s.caller.get(options.param)(options.rand)
    else:
        return s.caller.get(options.param)()
Beispiel #8
0
 def sw_status(sw1, sw2):
     status = SIM.sw_status(sw1, sw2)
     if sw1 == 0x98 and sw2 in (0x62, 0x64, 0x65, 0x66, 0x67):
         status = 'security management'
         if sw2 == 0x62: status += ': authentication error, ' \
             'incorrect MAC'
         elif sw2 == 0x64: status += ': authentication error, ' \
             'security context not supported'
         elif sw2 == 0x65: status += ': key freshness failure'
         elif sw2 == 0x66: status += ': authentication error, ' \
             'no memory space available'
         elif sw2 == 0x67: status += ': authentication error, ' \
             'no memory space available in EF_MUK'
     return status
Beispiel #9
0
 def sw_status(sw1, sw2):
     status = SIM.sw_status(sw1, sw2)
     if sw1 == 0x98 and sw2 in (0x62, 0x64, 0x65, 0x66, 0x67):
         status = 'security management'
         if sw2 == 0x62: status += ': authentication error, ' \
             'incorrect MAC'
         elif sw2 == 0x64: status += ': authentication error, ' \
             'security context not supported'
         elif sw2 == 0x65: status += ': key freshness failure'
         elif sw2 == 0x66: status += ': authentication error, ' \
             'no memory space available'
         elif sw2 == 0x67: status += ': authentication error, ' \
             'no memory space available in EF_MUK'
     return status
Beispiel #10
0
 def test_identification(self):
     s = SIM()
     self.ICCID = s.get_ICCID()
     #s.disconnect()
     #s = SIM()
     self.IMSI = s.get_imsi()
     s.disconnect()
     print('[+] SIM identification:\nICCID: %s\nIMSI: %s'  \
           % (self.ICCID, self.IMSI))
     if not self.ICCID or not self.IMSI:
         print('[-] identification error')
         return 1
     return 0
Beispiel #11
0
 def program_files(self):
     # program SIM with SMSP and HMPLN infos
     #
     sim = SIM()
     verify_chv(sim, chv=CHV_PROG, adm=0x5)
     #
     # go to ICCID and update it
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x2F, 0xE2])
     ret = sim.UPDATE_BINARY(0, 0, encode_ICCID(self.ICCID))
     print('Writing ICCID: %s' % ret)
     #
     # go to IMSI and update it
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x07])
     ret = sim.UPDATE_BINARY(0, 0, encode_IMSI(self.IMSI))
     print('Writing IMSI: %s' % ret)
     #
     # go to SMSP address and update the 1st record for SMSP
     # this is the absolute address for SIM application
     # USIM app addr for SMSP is only a symlink to it
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x10])
     sim.SELECT_FILE(0, 0, [0x6F, 0x42])
     ret = sim.UPDATE_RECORD(1, 4, SMSP)
     print('Writing SMSP: %s' % ret)
     #
     # go to HPLMN search period file
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x31])
     ret = sim.UPDATE_BINARY(0, 0, T_HPLMN)
     print('Writing HPLMN selection search period: %s' % ret)
     #
     # go to PLMNsel address and update binary string for HPLMN
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x30])
     ret = sim.UPDATE_BINARY(0, 0, PLMNsel)
     print('Writing PLMN selector: %s' % ret)
     #
     # go to SST address and update the service table
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x38])
     ret = sim.UPDATE_BINARY(0, 0, SST)
     print('Writing SIM Services Table: %s' % ret)
     #
     # go to SPN address and update Service Provider Name
     sim.SELECT_FILE(0, 0, [0x3F, 0x00])
     sim.SELECT_FILE(0, 0, [0x7F, 0x20])
     sim.SELECT_FILE(0, 0, [0x6F, 0x46])
     ret = sim.UPDATE_BINARY(0, 0, SPN)
     print('Writing Service Provider Name: %s' % ret)
     #
     sim.disconnect()
     return 0
Beispiel #12
0
#!/usr/bin/python

from card.SIM import SIM

s = SIM()
print s.get_imsi()
Beispiel #13
0
class Simcard():

	card = None
	filelen = 0 #length of the currently selected file

	# Constructor: Create a new simcard object
	def __init__(self, cardtype = GSM_USIM, atr = None):
		if cardtype == GSM_USIM:
			self.card = USIM(atr)
			self.usim = True
		else:
			self.card = SIM(atr)
			self.usim = False

	# Find the right class byte, depending on the simcard type
	def __get_cla(self, usim):
		return self.card.CLA

	# Get file size from FCP
	def __get_len_from_tlv(self, fcp):
		# Note: This has been taken from http://git.osmocom.org/pysim/tree/pySim/commands.py,
		# but pySim uses ascii-hex strings for its internal data representation. We use
		# regular lists with integers, so we must convert to an ascii-hex string first:
		fcp =  ''.join('{:02x}'.format(x) for x in fcp)

		# see also: ETSI TS 102 221, chapter 11.1.1.3.1 Response for MF,
		# DF or ADF
		from pytlv.TLV import TLV
		tlvparser = TLV(['82', '83', '84', 'a5', '8a', '8b', '8c', '80', 'ab', 'c6', '81', '88'])

		# pytlv is case sensitive!
		fcp = fcp.lower()

		if fcp[0:2] != '62':
			raise ValueError('Tag of the FCP template does not match, expected 62 but got %s'%fcp[0:2])

		# Unfortunately the spec is not very clear if the FCP length is
		# coded as one or two byte vale, so we have to try it out by
		# checking if the length of the remaining TLV string matches
		# what we get in the length field.
		# See also ETSI TS 102 221, chapter 11.1.1.3.0 Base coding.
		exp_tlv_len = int(fcp[2:4], 16)
		if len(fcp[4:])/2 == exp_tlv_len:
			skip = 4
		else:
			exp_tlv_len = int(fcp[2:6], 16)
			if len(fcp[4:])/2 == exp_tlv_len:
				skip = 6

		# Skip FCP tag and length
		tlv = fcp[skip:]
		tlv_parsed = tlvparser.parse(tlv)

		if '80' in tlv_parsed:
			return int(tlv_parsed['80'], 16)
		else:
			return 0

	# Get the file length from a response (select)
	def __len(self, res, p2):
		if p2 == 0x04:
			return self.__get_len_from_tlv(res)
		else:
			return int(res[-1][4:8], 16)

	# Select a file and retrieve its length
	def select(self, fid):
		self.filelen = 0
		p2 = 0x04
		res = Card_res_apdu()
		res.from_mich(self.card.SELECT_FILE(P2 = p2, Data = fid))

		# Stop here, on failure
		if res.sw[0] != 0x61:
			return res

		res.from_mich(self.card.GET_RESPONSE(res.sw[1]))
		self.filelen = self.__len(res.apdu, p2)
		return res

	# Perform card holder verification
	def verify_chv(self, chv, chv_no):
		res = Card_res_apdu()
		res.from_mich(self.card.VERIFY(P2 = chv_no, Data = chv))
		return res

	# Read CHV retry counter
	def chv_retrys(self, chv_no):
		res = self.card.VERIFY(P2 = chv_no)
		return res[2][1] & 0x0F

	# Perform file operation (Write)
	def update_binary(self, data, offset = 0):
		offs_high = (offset >> 8) & 0xFF
		offs_low = offset & 0xFF
		res = Card_res_apdu()
		res.from_mich(self.card.UPDATE_BINARY(offs_high, offs_low, data))
		return res

	# Perform file operation (Read, byte oriented)
	def read_binary(self, length, offset = 0):
		offs_high = (offset >> 8) & 0xFF
		offs_low = offset & 0xFF
		res = Card_res_apdu()
		res.from_mich(self.card.READ_BINARY(offs_high, offs_low, length))
		return res

	# Perform file operation (Read, record oriented)
	def read_record(self, length, rec_no = 0):
		res = Card_res_apdu()
		res.from_mich(self.card.READ_RECORD(rec_no, GSM_SIM_INS_READ_RECORD_ABS, length))
		return res


	# Perform file operation (Read, record oriented)
	def update_record(self, data, rec_no = 0):
		res = Card_res_apdu()
		res.from_mich(self.card.UPDATE_RECORD(rec_no, GSM_SIM_INS_UPDATE_RECORD_ABS, data))
                return res