FreeCalypso > hg > fc-pcsc-tools
annotate doc/GrcardSIM2-security-model @ 190:f756bafde7a9
doc/GrcardSIM2-security-model: new grcard2-set-adm5 command
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 06 Mar 2021 21:14:17 +0000 |
parents | c925f7808285 |
children | 7c24ae2ca648 |
rev | line source |
---|---|
186
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 GrcardSIM2 cards (previously sold as sysmoSIM-GR2 and now being reintroduced as |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 FCSIM1) have two different ADM access levels, each guarded by a separate secret |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 code. These two ADM access levels are referred to as ADM and SUPER ADM in the |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 Osmocom wiki page for GrcardSIM2, but they can also be called ADM5 and ADM11, |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 as the access level numbers appear in the actual APDUs. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 If you successfully authenticate with ADM5 secret code, you gain the following |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 abilities: |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 * You can change the ADM5 secret code itself; |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 * You can reset PIN1, PIN2, PUK1 and PUK2 to new codes without having to know |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 any previous ones. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 If you successfully authenticate with ADM11 secret code, you gain the following |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 abilities: |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 * You can change the ADM11 secret code itself; |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 * You can reset PIN1, PIN2, PUK1, PUK2 and ADM5 to new codes without having to |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 know any previous ones. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
20 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
21 Most admin-write-only files are writable after either ADM5 or ADM11 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
22 authentication, but some files (particular EF.WEKI that holds Ki) can only be |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
23 read and written with ADM11. More precisely, if a given access condition |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
24 (returned in response to SELECT) is listed as ADM11, then you need to |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
25 authenticate with ADM11, but if it is listed as ADM5, then either ADM5 or ADM11 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 is acceptable. Because of this permissive design whereby ADM11 alone is |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
27 sufficient, one can typically ignore ADM5 altogether for programming purposes. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
28 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
29 Both ADM5 and ADM11 can be set to any arbitrary string of 8 bytes, i.e., each |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
30 is effectively a 64-bit key. However, it is common for users to treat ADM5 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 and/or ADM11 as being a string of 8 ASCII-encoded decimal digits like standard |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 PUK1/PUK2 - the initial default ADM11 secret code from Grcard factory is set to |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 64-bit hex string 3838383838383838, which corresponds to PIN/PUK-style decimal |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 88888888. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 fc-simtool provides commands to set and verify ADM5 and ADM11 secret codes in |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 either full hex or ASCII-encoded decimal representation; the former allows any |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 arbitrary 64-bit key to the entered, whereas the latter is restricted to those |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
39 64-bit keys which correspond to 8 ASCII-encoded decimal digits. The commands |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
40 are: |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
41 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
42 verify-ext 5 XXXXXXXX # authenticate as ADM5, decimal format |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
43 verify-hex 5 xxxxxxxxxxxxxxxx # authenticate as ADM5, arbitrary hex format |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
44 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
45 verify-ext 11 XXXXXXXX # authenticate as ADM11, decimal format |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
46 verify-hex 11 xxxxxxxxxxxxxxxx # authenticate as ADM11, arbitrary hex format |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
47 |
190
f756bafde7a9
doc/GrcardSIM2-security-model: new grcard2-set-adm5 command
Mychaela Falconia <falcon@freecalypso.org>
parents:
186
diff
changeset
|
48 grcard2-set-adm5 XXXXXXXX # set new ADM5, decimal format |
f756bafde7a9
doc/GrcardSIM2-security-model: new grcard2-set-adm5 command
Mychaela Falconia <falcon@freecalypso.org>
parents:
186
diff
changeset
|
49 grcard2-set-adm5-hex xxxxxxxxxxxxxxxx # set new ADM5, arbitrary hex format |
186
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
50 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
51 grcard2-set-super XXXXXXXX # set new ADM11, decimal format |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
52 grcard2-set-super-hex xxxxxxxxxxxxxxxx # set new ADM11, arbitrary hex format |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
53 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
54 Setting PIN1/PIN2/PUK1/PUK2 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
55 =========================== |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
56 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
57 The following commands reset standard PIN and PUK secret codes after |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
58 authenticating with either ADM5 or ADM11: |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
59 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
60 grcard2-set-pin1 XXXX |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
61 grcard2-set-pin2 XXXX |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
62 grcard2-set-puk1 XXXXXXXX |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
63 grcard2-set-puk2 XXXXXXXX |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
64 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
65 These 4 commands take decimal string arguments and send them to the card in |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
66 ASCII encoding per standard SIM spec definition of PIN1/PIN2/PUK1/PUK2. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
67 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
68 The underlying command APDUs sent by fc-simtool grcard2-set-* commands are |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
69 proprietary to Grcard. If you craft the right APDUs manually in hex (which our |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
70 low-level apdu command allows), you can set PIN1/PIN2/PUK1/PUK2 to arbitrary |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
71 64-bit hex strings which do not correspond to ASCII-encoded decimal - however, |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
72 doing so would produce a SIM that violates the public interface definition for |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
73 standard PIN1/PIN2/PUK1/PUK2, hence we do not provide such ability in our |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
74 high-level grcard2-set-* command set. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
75 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
76 FCSIM1 default PINs |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
77 =================== |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
78 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
79 The initial default ADM11 secret code from Grcard factory is decimal 88888888, |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
80 meaning that you need to authenticate as follows: |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
81 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
82 verify-ext 11 88888888 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
83 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
84 If your card is unprogrammed (if you haven't programmed it yourself with |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
85 fc-simtool), all other secret codes should be regarded as unknown - you need to |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
86 reset them yourself in your own card programming or provisioning operation. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
87 Our fcsim1-default-pins command script sets the following FCSIM1 official |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
88 defaults: |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
89 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
90 grcard2-set-pin1 1234 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
91 grcard2-set-pin2 6666 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
92 grcard2-set-puk1 00099933 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
93 grcard2-set-puk2 00099944 |
190
f756bafde7a9
doc/GrcardSIM2-security-model: new grcard2-set-adm5 command
Mychaela Falconia <falcon@freecalypso.org>
parents:
186
diff
changeset
|
94 grcard2-set-adm5 55501234 |
186
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
95 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
96 For as long as you keep the ADM11 secret code at its default of 88888888, there |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
97 is no PIN security - even if you set PIN1/PIN2/PUK1/PUK2 to your own secrets, |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
98 anyone can authenticate with the unchanged default ADM11 and then freely reset |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
99 all lower PINs. However, in the Mother's opinion there is very little need for |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
100 PIN security in actual operational usage in this day and age - almost no one |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
101 enables their PIN1, making it moot, and no one ever uses SIM "parental control" |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
102 features controlled by PIN2. In the present circumstances, the only real use |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
103 for knowing SIM PINs is to exercise and test phone firmware code paths dealing |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
104 with these PINs - and for this purpose having known fixed "secret" codes is |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
105 very convenient. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
106 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
107 However, if someone does desire real PIN security, it *is* possible on FCSIM1 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
108 cards - but then you have to not only set PIN1/PIN2/PUK1/PUK2 to your own |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
109 secrets, but also set both ADM5 and ADM11 to your own truly-secret codes as |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
110 well. But be careful - if you set your own ADM11 secret code and then forget |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
111 it, there is no recovery! Maintaining a database of per-card secret codes is a |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
112 development job which the Mother gladly leaves to other programmers, to be |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
113 undertaken if and when someone actually needs such added complexity. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
114 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
115 How to (not) brick your card |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
116 ============================ |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
117 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
118 The following actions will brick your card beyond recovery: |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
119 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
120 * If you enter ADM11 incorrectly 3 times in a row, ADM11 access is lost with no |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
121 possibility of recovery - this bricking mode is generally expected, there can |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
122 be no other way. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
123 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
124 * If you enter ADM5 incorrectly 3 times in a row, you unrecoverably lose the |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
125 ability to use ADM5 ever again - even if you successfully authenticate with |
190
f756bafde7a9
doc/GrcardSIM2-security-model: new grcard2-set-adm5 command
Mychaela Falconia <falcon@freecalypso.org>
parents:
186
diff
changeset
|
126 ADM11 and reset ADM5 with grcard2-set-adm5, the attempt counter does not get |
186
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
127 reset, and ADM5 remains blocked. |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
128 |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
129 * If you enter standard PUK1 or PUK2 incorrectly 10 times in a row, it is |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
130 similarly blocked beyond recovery, with no help from ADM5 or ADM11 - |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
131 grcard2-set-puk[12] commands reset the secret code, but not the associated |
c925f7808285
doc/GrcardSIM2-security-model article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
132 attempt counter. |