view doc/GrcardSIM2-security-model @ 225:208ae1633f6c

simtool code: sysmo.c renamed to sjs1_hacks.c, comments changed to clarify that these special commands apply only to the recently discontinued SJS1 cards and not to the SJA2 successor.
author Mychaela Falconia <falcon@freecalypso.org>
date Wed, 10 Mar 2021 19:39:33 +0000
parents 810ea92d9f47
children
line wrap: on
line source

GrcardSIM2 cards (previously sold as sysmoSIM-GR2 and now being reintroduced as
FCSIM1) have two different ADM access levels, each guarded by a separate secret
code.  These two ADM access levels are referred to as ADM and SUPER ADM in the
Osmocom wiki page for GrcardSIM2, but they can also be called ADM5 and ADM11,
as the access level numbers appear in the actual APDUs.

If you successfully authenticate with ADM5 secret code, you gain the following
abilities:

* You can change the ADM5 secret code itself;
* You can reset PIN1, PIN2, PUK1 and PUK2 to new codes without having to know
  any previous ones.

If you successfully authenticate with ADM11 secret code, you gain the following
abilities:

* You can change the ADM11 secret code itself;
* You can reset PIN1, PIN2, PUK1, PUK2 and ADM5 to new codes without having to
  know any previous ones.

Most admin-write-only files are writable after either ADM5 or ADM11
authentication, but some files (particularly EF.WEKI that holds Ki) can only be
read and written with ADM11.  More precisely, if a given access condition
(returned in response to SELECT) is listed as ADM11, then you need to
authenticate with ADM11, but if it is listed as ADM5, then either ADM5 or ADM11
is acceptable.  Because of this permissive design whereby ADM11 alone is
sufficient, one can typically ignore ADM5 altogether for programming purposes.

Both ADM5 and ADM11 can be set to any arbitrary string of 8 bytes, i.e., each
is effectively a 64-bit key.  However, it is common for users to treat ADM5
and/or ADM11 as being a string of 8 ASCII-encoded decimal digits like standard
PUK1/PUK2 - the initial default ADM11 secret code from Grcard factory is set to
64-bit hex string 3838383838383838, which corresponds to PIN/PUK-style decimal
88888888.

fc-simtool provides commands to set and verify ADM5 and ADM11 secret codes in
either full hex or ASCII-encoded decimal representation; the former allows any
arbitrary 64-bit key to be entered, whereas the latter is restricted to those
64-bit keys which correspond to 8 ASCII-encoded decimal digits.  The commands
are:

verify-ext 5 XXXXXXXX		# authenticate as ADM5, decimal format
verify-hex 5 xxxxxxxxxxxxxxxx	# authenticate as ADM5, arbitrary hex format

verify-ext 11 XXXXXXXX		# authenticate as ADM11, decimal format
verify-hex 11 xxxxxxxxxxxxxxxx	# authenticate as ADM11, arbitrary hex format

grcard2-set-adm5 XXXXXXXX		# set new ADM5, decimal format
grcard2-set-adm5-hex xxxxxxxxxxxxxxxx	# set new ADM5, arbitrary hex format

grcard2-set-super XXXXXXXX		# set new ADM11, decimal format
grcard2-set-super-hex xxxxxxxxxxxxxxxx	# set new ADM11, arbitrary hex format

ADM11 MF quirk
==============

The operation of authenticating with ADM11 (verify-ext 11 or verify-hex 11) is
only allowed when the currently selected directory is MF - either as the very
first command in an fc-simtool session, or after an explicit 'select MF'.  If
the current directory is DF_GSM or DF_TELECOM, the command to authenticate with
ADM11 (VERIFY CHV with P2=0x0B) fails with SW of 0x9802.

Setting PIN1/PIN2/PUK1/PUK2
===========================

The following commands reset standard PIN and PUK secret codes after
authenticating with either ADM5 or ADM11:

grcard2-set-pin1 XXXX
grcard2-set-pin2 XXXX
grcard2-set-puk1 XXXXXXXX
grcard2-set-puk2 XXXXXXXX

These 4 commands take decimal string arguments and send them to the card in
ASCII encoding per standard SIM spec definition of PIN1/PIN2/PUK1/PUK2.

The underlying command APDUs sent by fc-simtool grcard2-set-* commands are
proprietary to Grcard.  If you craft the right APDUs manually in hex (which our
low-level apdu command allows), you can set PIN1/PIN2/PUK1/PUK2 to arbitrary
64-bit hex strings which do not correspond to ASCII-encoded decimal - however,
doing so would produce a SIM that violates the public interface definition for
standard PIN1/PIN2/PUK1/PUK2, hence we do not provide such ability in our
high-level grcard2-set-* command set.

FCSIM1 default PINs
===================

The initial default ADM11 secret code from Grcard factory is decimal 88888888,
meaning that you need to authenticate as follows:

select MF
verify-ext 11 88888888

If your card is unprogrammed (if you haven't programmed it yourself with
fc-simtool), all other secret codes should be regarded as unknown - you need to
reset them yourself in your own card programming or provisioning operation.
Our fcsim1-default-pins command script sets the following FCSIM1 official
defaults:

grcard2-set-pin1 1234
grcard2-set-pin2 6666
grcard2-set-puk1 00099933
grcard2-set-puk2 00099944
grcard2-set-adm5 55501234

For as long as you keep the ADM11 secret code at its default of 88888888, there
is no PIN security - even if you set PIN1/PIN2/PUK1/PUK2 to your own secrets,
anyone can authenticate with the unchanged default ADM11 and then freely reset
all lower PINs.  However, in the Mother's opinion there is very little need for
PIN security in actual operational usage in this day and age - almost no one
enables their PIN1, making it moot, and no one ever uses SIM "parental control"
features controlled by PIN2.  In the present circumstances, the only real use
for knowing SIM PINs is to exercise and test phone firmware code paths dealing
with these PINs - and for this purpose having known fixed "secret" codes is
very convenient.

However, if someone does desire real PIN security, it *is* possible on FCSIM1
cards - but then you have to not only set PIN1/PIN2/PUK1/PUK2 to your own
secrets, but also set both ADM5 and ADM11 to your own truly-secret codes as
well.  But be careful - if you set your own ADM11 secret code and then forget
it, there is no recovery!  Maintaining a database of per-card secret codes is a
development job which the Mother gladly leaves to other programmers, to be
undertaken if and when someone actually needs such added complexity.

How to (not) brick your card
============================

The following actions will brick your card beyond recovery:

* If you enter ADM11 incorrectly 3 times in a row, ADM11 access is lost with no
  possibility of recovery - this bricking mode is generally expected, there can
  be no other way.

* If you enter ADM5 incorrectly 3 times in a row, you unrecoverably lose the
  ability to use ADM5 ever again - even if you successfully authenticate with
  ADM11 and reset ADM5 with grcard2-set-adm5, the attempt counter does not get
  reset, and ADM5 remains blocked.

* If you enter standard PUK1 or PUK2 incorrectly 10 times in a row, it is
  similarly blocked beyond recovery, with no help from ADM5 or ADM11 -
  grcard2-set-puk[12] commands reset the secret code, but not the associated
  attempt counter.