scc = SimCardCommands(transport=sl) # Batch mode init init_batch(opts) # Iterate done = False first = True card = None while not done: if opts.dry_run is False: # Connect transport print "Insert card now (or CTRL-C to cancel)" sl.wait_for_card(newcardonly=not first) # Not the first anymore ! first = False if opts.dry_run is False: # Get card card = card_detect(opts, scc) if card is None: if opts.batch_mode: first = False continue else: sys.exit(-1) # Erase if requested
# Parse options opts = parse_options() # Connect to the card if opts.pcsc_dev is None: from pySim.transport.serial import SerialSimLink sl = SerialSimLink(device=opts.device, baudrate=opts.baudrate) else: from pySim.transport.pcsc import PcscSimLink sl = PcscSimLink(opts.pcsc_dev) # Create command layer scc = SimCardCommands(transport=sl) # Wait for SIM card sl.wait_for_card() # Program the card print("Reading ...") # EF.ICCID (res, sw) = scc.read_binary(['3f00', '2fe2']) if sw == '9000': print("ICCID: %s" % (dec_iccid(res), )) else: print("ICCID: Can't read, response code = %s" % (sw, )) # EF.IMSI (res, sw) = scc.read_binary(['3f00', '7f20', '6f07']) if sw == '9000': print("IMSI: %s" % (dec_imsi(res), ))
# Parse options opts = parse_options() # Connect to the card if opts.pcsc_dev is None: from pySim.transport.serial import SerialSimLink sl = SerialSimLink(device=opts.device, baudrate=opts.baudrate) else: from pySim.transport.pcsc import PcscSimLink sl = PcscSimLink(opts.pcsc_dev) # Create command layer scc = SimCardCommands(transport=sl) # Wait for SIM card sl.wait_for_card() # Program the card print("Reading ...") # EF.IMSI (res, sw) = scc.read_binary(['3f00', '7f20', '6f07']) if sw == '9000': print("IMSI: %s" % (dec_imsi(res),)) else: print("IMSI: Can't read, response code = %s" % (sw,)) imsi = dec_imsi(res) # run the algorithm here and output results print('%-16s %-32s %-8s %s' % ('# IMSI', 'RAND', 'SRES', 'Kc')) for i in xrange(opts.iterations):
class Phonebook(): def __init__(self, device, baudrate): # create trasnport self.sl = SerialSimLink(device=device, baudrate=baudrate) # wait for SIM card print("[Phonebook] Waiting for SIM card ...") self.sl.wait_for_card() # program the card print("[Phonebook] Reading SIM card ...") def send_apdu_list(self, lst): for apdu in lst: print("In: %s" % apdu) out, sw = self.sl.send_apdu_raw(apdu) print "SW:", sw print "OUT:", out print def send_apdu_list_prefixed(self, lst): lst = ["A0A4000002" + l for l in lst] print("Prefixed list: %s" % lst) self.send_apdu_list(lst) def connect_to_sim(self): connect_sim_apdu_lst = ['A0A40000023F00', 'A0F200000D', 'A0F2000016'] print("Connecting to SIM...") ret = self.send_apdu_list(connect_sim_apdu_lst) print("Connected") print def get_contacts(self): phone_lst = [] print("Selecting file") self.send_apdu_list_prefixed(['3F00', '7F10', '6F3A']) data, sw = self.sl.send_apdu_raw("A0C000000F") rec_len = int(data[28:30], 16) # Usually 0x20 # Now we can work out the name length & number of records name_len = rec_len - 14 # Defined GSM 11.11 num_recs = int(data[4:8], 16) / rec_len print("rec_len: %d, name_len: %d, num_recs: %d" % (rec_len, name_len, num_recs)) apdu_str = "A0B2%s04" + IntToHex(rec_len) hexNameLen = name_len << 1 try: for i in range(1, num_recs + 1): apdu = apdu_str % IntToHex(i) data, sw = self.sl.send_apdu_raw(apdu) print("Contact #%d" % i) print("In: %s" % apdu) print "SW:", sw print "OUT:", data if data[0:2] != 'FF': name = GSM3_38ToASCII(unhexlify(data[:hexNameLen])) if ord(name[-1]) > 0x80: # Nokia phones add this as a group identifier. Remove it. name = name[:-1].rstrip() number = "" numberLen = int(data[hexNameLen:hexNameLen + 2], 16) if numberLen > 0 and numberLen <= ( 11): # Includes TON/NPI byte hexNumber = data[hexNameLen + 2:hexNameLen + 2 + (numberLen << 1)] if hexNumber[:2] == '91': number = "+" number += GSMPhoneNumberToString(hexNumber[2:]) #self.itemDataMap[i] = (name, number) print "Name: ", name print "Number: ", number phone_lst.append((name, number)) print except Exception as exp: print "\n\nget_phonebook() got exception :: %s\n\n" % exp return phone_lst def get_sms(self): sms_lst = [] print("Selecting SMS file") self.send_apdu_list_prefixed(['3F00', '7F10', '6F3C']) data, sw = self.sl.send_apdu_raw("A0C000000F") rec_len = int(data[28:30], 16) # Should be 0xB0 (176) num_recs = int(data[4:8], 16) / rec_len print("rec_len: %d, num_recs: %d" % (rec_len, num_recs)) apdu_str = "A0B2%s04" + IntToHex(rec_len) try: for i in range(1, num_recs + 1): apdu = apdu_str % IntToHex(i) data, sw = self.sl.send_apdu_raw(apdu) print("SMS #%d" % i) print("In: %s" % apdu) print "SW:", sw print "OUT:", data print # See if SMS record is used status = int(data[0:2], 16) if status & 1 or data[2:4] != 'FF': try: sms = SMSmessage() sms.smsFromData(data) sms_lst.append((sms.status, sms.timestamp, sms.number, sms.message)) except Exception as exp: pass #print "\n\nget_sms() got exception: %s\n while fetching SMS from data, for SMS #%d\n\n" % (exp, i) #print traceback.format_exc() except Exception as exp: print "\n\nget_sms() got exception :: %s\n\n" % exp print traceback.format_exc() return sms_lst
class RsSIMReader(): """ Multipurpose reader class inspired from pySIm's reader """ def __init__(self, device, baudrate): # create trasnport self.sl = SerialSimLink(device=device, baudrate=baudrate) # create command layer self.scc = SimCardCommands(transport=self.sl) # wait for SIM card print("[INFO] Waiting for SIM card ...") self.sl.wait_for_card() # program the card print("[INFO] Reading SIM card ...") def get_iccid(self): # EF.ICCID (res, sw) = self.scc.read_binary([MF, '2fe2']) if sw == '9000': print("[INFO] ICCID: %s" % (dec_iccid(res), )) else: print("[INFO] ICCID: Can't read, response code = %s" % (sw, )) def get_msisdn(self): print " --- get_msisdn --- " # EF.MSISDN try: (res, sw) = self.scc.read_record([MF, DF_TELECOM, EF_MSISDN], 1) print "get_msisdn for sw", sw print "get_msisdn for res", res if sw == '9000': if res[1] != 'f': print("[INFO] MSISDN: %s" % (res, )) else: print("[INFO] MSISDN: Not available") else: print("[INFO] MSISDN: Can't read, response code = %s" % (sw, )) except: print "[INFO] MSISDN: Can't read. Probably not existing file" def get_opc(self): print " --- get_opc --- " # EF.MSISDN try: (res, sw) = self.scc.read_binary([MF, '7F20', '00F7']) print "get_opc for sw", sw print "get_opc for res", res if sw == '9000': if res[1] != 'f': print("[INFO] OPC: %s" % (res, )) else: print("[INFO] OPC: Not available") else: print("[INFO] OPC: Can't read, response code = %s" % (sw, )) except: print "[INFO] MSISDN: Can't read. Probably not existing file" def get_pl(self): # EF.PL (res, sw) = self.scc.read_binary([MF, '2f05']) if sw == '9000': print("[INFO] PL: %s" % (res, )) else: print("[INFO] PL: Can't read, response code = %s" % (sw, )) def get_imsi(self): # EF.IMSI (res, sw) = self.scc.read_binary([MF, DF_GSM, EF_IMSI]) if sw == '9000': print("[INFO] IMSI: %s" % (dec_imsi(res), )) else: print("[INFO] IMSI: Can't read, response code = %s" % (sw, )) def list_applets(self): apdu = "80f21000024f0000c0000000" self.send_apdu_list([apdu]) def get_global_pin(self): print("[INFO] :: getting global PIN") file_id = '2205' file_size = 52 path = ['3F00', file_id] #(res, sw) = self.scc.read_binary(path) (res, sw) = self.scc.read_record(path, 1) print "res", res print "sw", sw def get_native_apps(self): print("[INFO] :: getting native apps") path = ['3F00', '2207'] num_records = self.scc.record_count(path) print("Native Applications: %d records available" % num_records) for record_id in range(1, num_records + 1): print self.scc.read_record(path, record_id) print def get_arr_mf(self): print("[INFO] :: getting ARR MF") path = ['3F00', '2f06'] num_records = self.scc.record_count(path) print("ARR MF: %d records available" % num_records) for record_id in range(1, num_records + 1): print self.scc.read_record(path, record_id) print def get_arr_telecom(self): """ Access rules may be shared between files in the UICC by referencing. This is accomplished by storing the security attributes in the EF ARR file under the MF. The second possibility allows the usage of different access rules in different security environments. """ print("[INFO] :: getting ARR TELECOM") path = ['3F00', '7f10', '6f06'] num_records = self.scc.record_count(path) print("ARR TELECOM: %d records available" % num_records) for record_id in range(1, num_records + 1): print self.scc.read_record(path, record_id) print def get_df_phonebook(self): print("[INFO] :: getting DF PHONEBOOK") path = ['3F00', '7f10', '5f3a'] num_records = self.scc.record_count(path) print("DF PHONEBOOK: %d records available" % num_records) for record_id in range(1, num_records + 1): print self.scc.read_record(path, record_id) print def get_df_toolkit(self): print("[INFO] :: getting DF TOOLKIT") path = ['3F00', '7FDE'] num_records = self.scc.record_count(path) print("DF TOOLKIT: %d records available" % num_records) for record_id in range(1, num_records + 1): print self.scc.read_record(path, record_id) print def get_ef_dir(self): print("[INFO] :: getting EF DIR") path = ['3F00', '2F00'] num_records = self.scc.record_count(path) print("EF DIR: %d records available" % num_records) for record_id in range(1, num_records + 1): print self.scc.read_record(path, record_id) print def get_ef_atr(self): print("[INFO] :: getting EF ATR") path = ['3F00', '2F01'] (res, sw) = self.scc.read_binary(path) print "res", res print "sw", sw
class Reader(): """ Multipurpose reader class inspired from pySIm's reader """ def __init__(self, device, baudrate): # create trasnport self.sl = SerialSimLink(device=device, baudrate=baudrate) # create command layer self.scc = SimCardCommands(transport=self.sl) # wait for SIM card print("[Reader] Waiting for SIM card ...") self.sl.wait_for_card() # program the card print("[Reader] Reading SIM card ...") def get_iccid(self): # EF.ICCID (res, sw) = self.scc.read_binary([MF, '2fe2']) if sw == '9000': print("[Reader] ICCID: %s" % (dec_iccid(res),)) else: print("[Reader] ICCID: Can't read, response code = %s" % (sw,)) def get_smsp(self): # EF.SMSP (res, sw) = self.scc.read_record([MF, '7f10', '6f42'], 1) if sw == '9000': print("[Reader] SMSP: %s" % (res,)) else: print("[Reader] SMSP: Can't read, response code = %s" % (sw,)) def get_acc(self): # EF.ACC (res, sw) = self.scc.read_binary([MF, '7f20', '6f78']) if sw == '9000': print("[Reader] ACC: %s" % (res,)) else: print("[Reader] ACC: Can't read, response code = %s" % (sw,)) def get_msisdn(self): # EF.MSISDN try: (res, sw) = self.scc.read_record([MF, DF_TELECOM, EF_MSISDN], 1) if sw == '9000': if res[1] != 'f': print("[Reader] MSISDN: %s" % (res,)) else: print("[Reader] MSISDN: Not available") else: print("[Reader] MSISDN: Can't read, response code = %s" % (sw,)) except: print "[Reader] MSISDN: Can't read. Probably not existing file" # FIXME def get_uid(self): try: (res, sw) = self.scc.read_record([MF, '0000'], 1) if sw == '9000': if res[1] != 'f': print("[Reader] UID: %s" % (res,)) else: print("[Reader] UID: Not available") else: print("[Reader] UID: Can't read, response code = %s" % (sw,)) except: print "[Reader] UID: Can't read. Probably not existing file" def get_pl(self): """ Preferred Languages This EF contains the codes for up to n languages. This information, determined by the user/operator, defines the preferred languages of the user, for the UICC, in order of priority. """ # EF.PL (res, sw) = self.scc.read_binary([MF, '2f05']) if sw == '9000': print("[Reader] PL: %s" % (dec_iccid(res),)) else: print("[Reader] PL: Can't read, response code = %s" % (sw,)) # FIXME - it crashes def get_arr(self): """ Access Rule Reference Access rules may be shared between files in the UICC by referencing. This is accomplished by storing the security attributes in the EF ARR file under the MF. The second possibility allows the usage of different access rules in different security environments. """ # EF.ARR (res, sw) = self.scc.read_binary([MF, '2fe6']) if sw == '9000': print("[Reader] ARR: %s" % (dec_iccid(res),)) else: print("[Reader] ARR: Can't read, response code = %s" % (sw,)) # FIXME - cant read def get_dir(self): """ Application DIRectory EF DIR is a linear fixed file under the MF and is under the responsibility of the issuer. All applications are uniquely identified by application identifiers (AID) that are obtained from EF DIR. These application identifiers are used to select the application. """ # EF.DIR (res, sw) = self.scc.read_binary([MF, '2f00']) if sw == '9000': print("[Reader] DIR: %s" % (dec_iccid(res),)) else: print("[Reader] DIR: Can't read, response code = %s" % (sw,)) # FIXME - it crashes def get_usim(self): """ Universal Subscriber Identity Module """ # EF.USIM (res, sw) = self.scc.read_binary([MF, '6f05']) if sw == '9000': print("[Reader] USIM: %s" % (dec_iccid(res),)) else: print("[Reader] USIM: Can't read, response code = %s" % (sw,)) def get_telecom(self): """ """ # EF.TELECOM r = self.scc.select_file([MF, DF_TELECOM, EF_ADN]) print "r:", r def get_imsi(self): # EF.IMSI (res, sw) = self.scc.read_binary([MF, DF_GSM, EF_IMSI]) if sw == '9000': print("[Reader] IMSI: %s" % (dec_imsi(res),)) else: print("[Reader] IMSI: Can't read, response code = %s" % (sw,)) def get_plmn(self): # EF.PLMN (res, sw) = self.scc.read_binary([MF, DF_GSM, '6F30']) print ("res: ", res) if sw == '9000': print("[Reader] PLMN: %s" % (dec_plmn(res),)) else: print("[Reader] PLMN: Can't read, response code = %s" % (sw,)) def get_phase(self): (res, sw) = self.scc.read_binary(["3F00", "7F20", "6FAE"]) if sw == '9000': if res == "00": phase = 'Phase 1' elif res == "01": phase = 'Phase 2' else: phase = 'Phase 2+' print("[Reader] Phase: %s" % phase) else: print("[Reader] Phase: Can't read, response code = %s" % (sw,)) def send_apdu_list(self, lst): for apdu in lst: print ("In: %s" % apdu) out, sw = self.sl.send_apdu_raw(apdu) print "SW:", sw print "OUT:", out print def send_apdu_list_prefixed(self, lst): lst = ["A0A4000002" + l for l in lst] print ("Prefixed list: %s" % lst) self.send_apdu_list(lst) def connect_to_sim(self): connect_sim_apdu_lst = ['A0A40000023F00', 'A0F200000D', 'A0F2000016'] print ("Connecting to SIM...") ret = self.send_apdu_list(connect_sim_apdu_lst) print ("Connected") print def get_phonebook(self): phone_lst = [] print ("Selecting file") self.send_apdu_list_prefixed(['3F00', '7F10', '6F3A']) data, sw = self.sl.send_apdu_raw("A0C000000F") rec_len = int(data[28:30], 16) # Usually 0x20 # Now we can work out the name length & number of records name_len = rec_len - 14 # Defined GSM 11.11 num_recs = int(data[4:8], 16) / rec_len print ("rec_len: %d, name_len: %d, num_recs: %d" % (rec_len, name_len, num_recs)) apdu_str = "A0B2%s04" + IntToHex(rec_len) hexNameLen = name_len << 1 try: for i in range(1, num_recs + 1): apdu = apdu_str % IntToHex(i) data, sw = self.sl.send_apdu_raw(apdu) print ("Contact #%d" % i) print ("In: %s" % apdu) print "SW:", sw print "OUT:", data if data[0:2] != 'FF': name = GSM3_38ToASCII(unhexlify(data[:hexNameLen])) if ord(name[-1]) > 0x80: # Nokia phones add this as a group identifier. Remove it. name = name[:-1].rstrip() number = "" numberLen = int(data[hexNameLen:hexNameLen+2], 16) if numberLen > 0 and numberLen <= (11): # Includes TON/NPI byte hexNumber = data[hexNameLen+2:hexNameLen+2+(numberLen<<1)] if hexNumber[:2] == '91': number = "+" number += GSMPhoneNumberToString(hexNumber[2:]) #self.itemDataMap[i] = (name, number) print "Name: ", name print "Number: ", number phone_lst.append((name, number)) print except Exception as exp: print "\n\nget_phonebook() got exception :: %s\n\n" % exp return phone_lst def get_sms(self): sms_lst = [] print ("Selecting SMS file") self.send_apdu_list_prefixed(['3F00', '7F10', '6F3C']) data, sw = self.sl.send_apdu_raw("A0C000000F") rec_len = int(data[28:30], 16) # Should be 0xB0 (176) num_recs = int(data[4:8], 16) / rec_len print ("rec_len: %d, num_recs: %d" % (rec_len, num_recs)) apdu_str = "A0B2%s04" + IntToHex(rec_len) try: for i in range(1, num_recs + 1): apdu = apdu_str % IntToHex(i) data, sw = self.sl.send_apdu_raw(apdu) print ("SMS #%d" % i) print ("In: %s" % apdu) print "SW:", sw print "OUT:", data print # See if SMS record is used status = int(data[0:2], 16) if status & 1 or data[2:4] != 'FF': try: sms = SMSmessage() sms.smsFromData(data) sms_lst.append( (sms.status, sms.timestamp, sms.number, sms.message) ) except Exception as exp: pass #print "\n\nget_sms() got exception: %s\n while fetching SMS from data, for SMS #%d\n\n" % (exp, i) #print traceback.format_exc() except Exception as exp: print "\n\nget_sms() got exception :: %s\n\n" % exp print traceback.format_exc() return sms_lst def list_applets(self): apdu = "80f21000024f0000c0000000" self.send_apdu_list([apdu])