diff doc/Low-level-commands @ 96:3bce899bcf78

doc/Low-level-commands: a38 command documented
author Mychaela Falconia <falcon@freecalypso.org>
date Wed, 17 Feb 2021 20:55:34 +0000
parents 7412cdd505b3
children 08ba6a5d8a3f
line wrap: on
line diff
--- a/doc/Low-level-commands	Wed Feb 17 20:41:30 2021 +0000
+++ b/doc/Low-level-commands	Wed Feb 17 20:55:34 2021 +0000
@@ -138,4 +138,20 @@
 GSM authentication testing
 ==========================
 
-a38
+a38 RAND
+
+This fc-simtool command exercises the SIM card's RUN GSM ALGORITHM command.
+The user-specified RAND value (a hex string of 16 bytes) is sent to the SIM,
+and the SIM response is parsed to display SRES and Kc.
+
+Per SIM specs GSM TS 11.11 and 3GPP TS 51.011, RUN GSM ALGORITHM can only be
+executed when DF_GSM is selected.  fc-simtool a38 command does NOT include a
+built-in SELECT of DF_GSM, hence you need to manually issue 'select DF_GSM'
+first.
+
+This a38 command can be used to verify if the SIM card's Ki and A38 algorithm
+match what you expect them to be.  To perform this test, issue an a38 command
+to the SIM with some made-up RAND and note the SRES and Kc response.  Then use
+the osmo-auc-gen utility from Osmocom to run the expected algorithm with the
+expected Ki (and the expected OPc if MILENAGE is used) and the same RAND, and
+see if SRES and Kc match.