diff doc/GrcardSIM2-security-model @ 192:edaccdbac95b

doc/GrcardSIM2-security-model: document ADM11 MF quirk
author Mychaela Falconia <falcon@freecalypso.org>
date Sat, 06 Mar 2021 21:41:12 +0000
parents 7c24ae2ca648
children 810ea92d9f47
line wrap: on
line diff
--- a/doc/GrcardSIM2-security-model	Sat Mar 06 21:30:45 2021 +0000
+++ b/doc/GrcardSIM2-security-model	Sat Mar 06 21:41:12 2021 +0000
@@ -51,6 +51,15 @@
 grcard2-set-super XXXXXXXX		# set new ADM11, decimal format
 grcard2-set-super-hex xxxxxxxxxxxxxxxx	# set new ADM11, arbitrary hex format
 
+ADM11 MF quirk
+==============
+
+The operation of authenticating with ADM11 (verify-ext 11 or verify-hex 11) is
+only allowed when the currently selected directory is MF - either as the very
+first command in an fc-simtool session, or after an explicit 'select MF'.  If
+the current directory is DF_GSM or DF_TELECOM, the command to authenticate with
+ADM11 (VERIFY CHV with P2=0x0B) fails with SW of 0x9802.
+
 Setting PIN1/PIN2/PUK1/PUK2
 ===========================
 
@@ -79,6 +88,7 @@
 The initial default ADM11 secret code from Grcard factory is decimal 88888888,
 meaning that you need to authenticate as follows:
 
+select MF
 verify-ext 11 88888888
 
 If your card is unprogrammed (if you haven't programmed it yourself with