FreeCalypso > hg > fc-pcsc-tools
annotate doc/Low-level-commands @ 186:c925f7808285
doc/GrcardSIM2-security-model article written
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 06 Mar 2021 20:59:23 +0000 |
parents | cc6a4b48dc2a |
children | a5fee308b699 |
rev | line source |
---|---|
75
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 fc-simtool is a tool built from the bottom up: at the foundation there is a set |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 of low-level commands that provide raw access to the actual SIM protocol APDU |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 commands, these low-level commands can be used to do everything that the SIM |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 protocol allows, and all higher-level commands merely provide user-friendly |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 utilities for the most common particular use cases. This document describes |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 these low-level commands. Readers of this document are expected to know the |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 SIM interface protocol as defined in GSM TS 11.11 and its successor 3GPP TS |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 51.011. |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 Exploring and reading commands |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 ============================== |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 atr |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 This command displays the ATR (Answer To Reset) byte string which the SIM sent |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 to the reader when it powered up. |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 select File_ID |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
20 This fc-simtool command sends a SELECT command to the SIM, follows up with a |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
21 GET RESPONSE command as expected in the T=0 protocol, and provides some human- |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
22 readable parsing of the most important fields in the SIM response structure. |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
23 If a correctly formed response was received from the SIM and this response |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
24 structure indicates that a record-based EF has been selected, the indicated |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
25 record length is saved in an internal variable used by readrec and update-rec |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 commands. |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
27 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
28 The file ID can be specified either in hexadecimal (exactly 4 hex digits, *no* |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
29 0x prefix) or as a symbolic name. fc-simtool knows the following symbolic |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
30 names: |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 * MF |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 * DF_GSM, DF_DCS1800 and DF_TELECOM |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 * "gsm" and "telecom" as shorthand names for DF_GSM and DF_TELECOM |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 * Some of the most classic EFs, but not all |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 Important note: regardless of whether you specify the file ID in raw hex or |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 symbolically, this low-level select command will send only one SELECT command |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
39 to the SIM. Per the SIM protocol, in order to successfully select an EF, you |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
40 have to be in the right directory first, i.e., select MF, DF_GSM or DF_TELECOM |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
41 as appropriate before the EF of interest. Our low-level select command does |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
42 NOT do this extra step on its own, you have to do it explicitly, even if you |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
43 use symbolic names for EFs. |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
44 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
45 sim-resp |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
46 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
47 This command displays in raw hex the content of the internal buffer that holds |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
48 the last response received from the SIM. This internal buffer is filled by the |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
49 GET RESPONSE command that follows up after SELECT or RUN GSM ALGORITHM, and by |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
50 the READ BINARY or READ RECORD commands, whether they are invoked directly as |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
51 low-level commands (select, readbin, readrec or a38) or internally as part of |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
52 higher-level fc-simtool commands. |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
53 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
54 readbin offset len |
91
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
55 |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
56 This fc-simtool command sends a READ BINARY command to the SIM and displays the |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
57 SIM response in raw hex, internally invoking the same function as sim-resp. |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
58 The two arguments are exactly as in the READ BINARY protocol command; each |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
59 number is interpreted as decimal by default or as hex if preceded by 0x. |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
60 |
75
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
61 readrec record-index [len] |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
62 |
91
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
63 This fc-simtool command sends a READ RECORD command to the SIM (absolute |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
64 addressing mode) and displays the SIM response in raw hex, internally invoking |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
65 the same function as sim-resp. The arguments are decimal or hex as in the |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
66 readbin command. |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
67 |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
68 If no explicit length argument is given, readrec uses the internal variable set |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
69 by the last select operation. This one-argument form is almost always used in |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
70 practice, as the SIM will normally reject any requested length that does not |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
71 match the current EF record length. |
5f3b16fd4321
doc/Low-level-commands: readbin and readrec documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
75
diff
changeset
|
72 |
92
9c3155221b0e
doc/Low-level-commands: readef command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
91
diff
changeset
|
73 readef File_ID |
9c3155221b0e
doc/Low-level-commands: readef command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
91
diff
changeset
|
74 |
9c3155221b0e
doc/Low-level-commands: readef command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
91
diff
changeset
|
75 This fc-simtool command provides a slightly higher-level facility for examining |
174
cc6a4b48dc2a
doc/Low-level-commands: readef extended
Mychaela Falconia <falcon@freecalypso.org>
parents:
128
diff
changeset
|
76 the content of EFs, combining select and readbin or readrec operations. The |
cc6a4b48dc2a
doc/Low-level-commands: readef extended
Mychaela Falconia <falcon@freecalypso.org>
parents:
128
diff
changeset
|
77 sole File_ID argument is the same as for the low-level select command; the SIM |
cc6a4b48dc2a
doc/Low-level-commands: readef extended
Mychaela Falconia <falcon@freecalypso.org>
parents:
128
diff
changeset
|
78 response to SELECT is then parsed to decide what to do next. Transparent EFs |
cc6a4b48dc2a
doc/Low-level-commands: readef extended
Mychaela Falconia <falcon@freecalypso.org>
parents:
128
diff
changeset
|
79 are read using as many READ BINARY commands as necessary (up to 256 bytes can |
cc6a4b48dc2a
doc/Low-level-commands: readef extended
Mychaela Falconia <falcon@freecalypso.org>
parents:
128
diff
changeset
|
80 be read in one APDU exchange) and displayed as a continuous hex dump. For |
cc6a4b48dc2a
doc/Low-level-commands: readef extended
Mychaela Falconia <falcon@freecalypso.org>
parents:
128
diff
changeset
|
81 record-based EFs (linear fixed and cyclic), readef reads and separately |
cc6a4b48dc2a
doc/Low-level-commands: readef extended
Mychaela Falconia <falcon@freecalypso.org>
parents:
128
diff
changeset
|
82 hex-dumps every record. |
92
9c3155221b0e
doc/Low-level-commands: readef command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
91
diff
changeset
|
83 |
93
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
84 Just like with the low-level select command, there is no built-in MF/DF |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
85 selection. |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
86 |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
87 savebin File_ID out-bin-file |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
88 |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
89 This command selects the specified EF (just like with low-level select and |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
90 readef, you need to be in the right MF/DF directory) and saves its complete |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
91 content in a raw binary file on the UNIX host file system. This command |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
92 supports all 3 types of EF (transparent, linear fixed and cyclic) and uses the |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
93 correct READ BINARY or READ RECORD commands based on the SELECT response. |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
94 Record-based EFs are read in the order of increasing record number and are saved |
1743802e494e
doc/Low-level-commands: savebin command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
92
diff
changeset
|
95 in the host binary file with all records simply abutted together. |
75
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
96 |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
97 Writing commands |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
98 ================ |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
99 |
94
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
100 update-bin offset hexfile |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
101 |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
102 This fc-simtool command reads a hex data file (an ASCII text file containing |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
103 only hex byte values and nothing else, with or without white space between |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
104 bytes, newlines treated as any other white space) and sends this byte content |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
105 to the SIM in an UPDATE BINARY command. The offset argument is the same as in |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
106 the readbin command. The length is the number of bytes read from the hex data |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
107 file. |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
108 |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
109 update-bin-imm offset hex-string |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
110 |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
111 This command works like update-bin, but the bytes to be written are given as a |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
112 hex string direct argument (like an immediate operand in assembly languages), |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
113 rather than via a hex data file. |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
114 |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
115 update-rec record-index hexfile |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
116 |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
117 This fc-simtool command reads a hex data file (just like update-bin) and sends |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
118 this byte content to the SIM in an UPDATE RECORD command, using absolute |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
119 addressing mode. The record-index argument is the same as in the readrec |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
120 command. The number of bytes in the hex data file must equal the EF record |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
121 length. |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
122 |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
123 update-rec-prev hexfile |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
124 |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
125 This fc-simtool command is like update-rec, but the UPDATE RECORD command sent |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
126 to the SIM uses the PREVIOUS addressing mode, and there is no record number. |
285fb9555530
doc/Low-level-commands: update-* commands documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
93
diff
changeset
|
127 This form is needed in order to write to cyclic EFs. |
75
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
128 |
95
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
129 restore-file File_ID host-bin-file |
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
130 |
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
131 This command restores a binary backup previously made with savebin back to the |
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
132 SIM, or writes new bits into the EF if you can construct the necessary binary |
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
133 image with tools like xxd. The arguments are the same as for the savebin |
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
134 command. This command supports all 3 types of EF (transparent, linear fixed |
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
135 and cyclic) and uses the correct UPDATE BINARY or UPDATE RECORD commands based |
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
136 on the SELECT response. Cyclic files are restored by writing every record in |
7412cdd505b3
doc/Low-level-commands: restore-file documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
94
diff
changeset
|
137 the reverse order from the last index to the first. |
75
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
138 |
127
08ba6a5d8a3f
doc/Low-level-commands: INVALIDATE and REHABILITATE documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
96
diff
changeset
|
139 INVALIDATE and REHABILITATE |
08ba6a5d8a3f
doc/Low-level-commands: INVALIDATE and REHABILITATE documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
96
diff
changeset
|
140 =========================== |
08ba6a5d8a3f
doc/Low-level-commands: INVALIDATE and REHABILITATE documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
96
diff
changeset
|
141 |
08ba6a5d8a3f
doc/Low-level-commands: INVALIDATE and REHABILITATE documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
96
diff
changeset
|
142 cur-ef-inval will send an INVALIDATE command to the SIM; cur-ef-rehab will send |
08ba6a5d8a3f
doc/Low-level-commands: INVALIDATE and REHABILITATE documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
96
diff
changeset
|
143 a REHABILITATE command. The naming of these low-level fc-simtool commands |
08ba6a5d8a3f
doc/Low-level-commands: INVALIDATE and REHABILITATE documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
96
diff
changeset
|
144 reflects the fact that you have to manually select the EF of interest first. |
08ba6a5d8a3f
doc/Low-level-commands: INVALIDATE and REHABILITATE documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
96
diff
changeset
|
145 |
75
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
146 GSM authentication testing |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
147 ========================== |
f661ad7eb126
doc/Low-level-commands: document started
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
148 |
96
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
149 a38 RAND |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
150 |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
151 This fc-simtool command exercises the SIM card's RUN GSM ALGORITHM command. |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
152 The user-specified RAND value (a hex string of 16 bytes) is sent to the SIM, |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
153 and the SIM response is parsed to display SRES and Kc. |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
154 |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
155 Per SIM specs GSM TS 11.11 and 3GPP TS 51.011, RUN GSM ALGORITHM can only be |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
156 executed when DF_GSM is selected. fc-simtool a38 command does NOT include a |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
157 built-in SELECT of DF_GSM, hence you need to manually issue 'select DF_GSM' |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
158 first. |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
159 |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
160 This a38 command can be used to verify if the SIM card's Ki and A38 algorithm |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
161 match what you expect them to be. To perform this test, issue an a38 command |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
162 to the SIM with some made-up RAND and note the SRES and Kc response. Then use |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
163 the osmo-auc-gen utility from Osmocom to run the expected algorithm with the |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
164 expected Ki (and the expected OPc if MILENAGE is used) and the same RAND, and |
3bce899bcf78
doc/Low-level-commands: a38 command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
95
diff
changeset
|
165 see if SRES and Kc match. |
128
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
166 |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
167 Exploring proprietary APDUs |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
168 =========================== |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
169 |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
170 If the SIM you are working with is known or suspected to implement some |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
171 non-standard or proprietary APDUs for which there is no explicit support in |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
172 fc-simtool, you can use this low-level debug command to send arbitrary APDUs: |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
173 |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
174 apdu "xx xx xx xx xx ..." |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
175 |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
176 The sole argument is a raw string of bytes (quotes are needed if there are |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
177 spaces between bytes), and the APDU needs to be given exactly as it is sent in |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
178 the T=0 protocol: 5 bytes of header (including the length byte) followed by |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
179 data bytes, if any. After executing the APDU exchange, the apdu command simply |
01aed8d0685a
doc/Low-level-commands: raw apdu command documented
Mychaela Falconia <falcon@freecalypso.org>
parents:
127
diff
changeset
|
180 prints the SW response code from the SIM. |