def handle_usim(options, rand_bin, autn_bin):
u = USIM()
if not u:
print "Error opening USIM"
exit(1)
if options.debug:
u.dbg = 2
imsi = u.get_imsi()
print "Testing USIM card with IMSI %s" % imsi
print "\nUMTS Authentication"
ret = u.authenticate(rand_bin, autn_bin, ctx='3G')
if len(ret) == 1:
print "AUTS:\t%s" % b2a_hex(byteToString(ret[0]))
else:
print "RES:\t%s" % b2a_hex(byteToString(ret[0]))
print "CK:\t%s" % b2a_hex(byteToString(ret[1]))
print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
if len(ret) == 4:
print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))
print "\nGSM Authentication"
ret = u.authenticate(rand_bin, autn_bin, ctx='2G')
if not len(ret) == 2:
print "Error during 2G authentication"
exit(1)
print "SRES:\t%s" % b2a_hex(byteToString(ret[0]))
print "Kc:\t%s" % b2a_hex(byteToString(ret[1]))
def handle_usim_fakehss(options, rand_bin):
u = USIM(options.debug)
if not u:
print "Error opening USIM"
exit(1)
if options.debug:
u.dbg = 2
if rand_bin == None:
rand_bin = stringToByte("00112233445566778899aabbccddeeff")
IV = 16 * '\x00'
OP_bin = stringToByte("00000000000000000000000000000000") # Operator Key
KI_bin = stringToByte("00000000000000000000000000000000") # K
SQN_bin= stringToByte("000023403500") # SQN 591410432
# AMF ??
#"7D3D6804DB5480003F7A47FB35FA7285"
#"808182888485868788898A8B8C8D8E8F" K
#"97A167DED889B6DFA92D985D77E5C088" OP
#calculate OPc
KI = binascii.unhexlify(byteToString(KI_bin))
aesCrypt = AES.new(KI, mode=AES.MODE_CBC, IV=IV)
data = binascii.unhexlify(byteToString(OP_bin))
## OCc = encAES(OP) xor OP
OPc = xor_strings(data, aesCrypt.encrypt(data))
OPc_bin = stringToByte(OPc)
print "OP: \t%s" % b2a_hex(OP_bin)
print "KI: \t%s" % b2a_hex(KI_bin)
print "OPc:\t%s" % b2a_hex(OPc_bin)
imsi = u.get_imsi()
print "USIM card with IMSI %s" % imsi
print "AUTS:\t%s" % b2a_hex(rand_bin)
def handle_usim(options, rand_bin, autn_bin): u = USIM() if not u: print "Error opening USIM" exit(1) if options.debug: u.dbg = 2; imsi = u.get_imsi() ret = u.authenticate(rand_bin, autn_bin, ctx='3G') if len(ret) == 1: print "AUTS:\t%s" % b2a_hex(byteToString(ret[0])) else: print "RES:\t%s" % b2a_hex(byteToString(ret[0])) print "CK:\t%s" % b2a_hex(byteToString(ret[1])) print "IK:\t%s" % b2a_hex(byteToString(ret[2])) if len(ret) == 4: print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))
def handle_usim(options, rand_bin, autn_bin):
u = USIM()
if not u:
print "Error opening USIM"
exit(1)
if options.debug:
u.dbg = 2
imsi = u.get_imsi()
ret = u.authenticate(rand_bin, autn_bin, ctx='3G')
if len(ret) == 1:
print "AUTS:\t%s" % b2a_hex(byteToString(ret[0]))
else:
print "RES:\t%s" % b2a_hex(byteToString(ret[0]))
print "CK:\t%s" % b2a_hex(byteToString(ret[1]))
print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
if len(ret) == 4:
print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))
print "CK:\t%s" % b2a_hex(byteToString(ret[1]))
print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
if len(ret) == 4:
print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))
#ret = u.authenticate(rand_bin, autn_bin, ctx='2G')
#if not len(ret) == 2:
# print "Error during 2G authentication"
# exit(1)
#print "SRES:\t%s" % b2a_hex(byteToString(ret[0]))
#print "Kc:\t%s" % b2a_hex(byteToString(ret[1]))
if __name__ == "__main__":
u = USIM()
u.debug = 2
imsi = u.get_imsi()
s = socket.socket()
host = socket.gethostname()
#host = '192.168.2.254'
port = 12345
s.connect((host, port))
authenticated = False
status = 0
while True:
print "\n"
if authenticated == False:
if status == 2:
print "## auth=false; status=2 - trying to send imsi+auts"
s.send("3"+imsi+auts)
print "IK:\t%s" % b2a_hex(byteToString(ret[2]))
if len(ret) == 4:
print "Kc:\t%s" % b2a_hex(byteToString(ret[3]))
#ret = u.authenticate(rand_bin, autn_bin, ctx='2G')
#if not len(ret) == 2:
# print "Error during 2G authentication"
# exit(1)
#print "SRES:\t%s" % b2a_hex(byteToString(ret[0]))
#print "Kc:\t%s" % b2a_hex(byteToString(ret[1]))
if __name__ == "__main__":
u = USIM()
u.debug = 2
imsi = u.get_imsi()
s = socket.socket()
host = socket.gethostname()
#host = '192.168.2.254'
port = 12345
s.connect((host, port))
authenticated = False
status = 0
while True:
print "\n"
if authenticated == False:
if status == 2:
print "## auth=false; status=2 - trying to send imsi+auts"
s.send("3" + imsi + auts)