view doc/User-oriented-commands @ 66:3ef90bd13fbe

fc-simtool write-imsi command implemented
author Mychaela Falconia <falcon@freecalypso.org>
date Mon, 15 Feb 2021 00:28:10 +0000
parents cc48ac3b151c
children d4058ae94749
line wrap: on
line source

This document describes those commands and functions of fc-simtool which can be
exercised by end users on any regular operator-issued SIM, without requiring a
special programmable SIM with admin privileges.  The Mother's plans for future
development include a companion fc-simint utility that will operate on SIM cards
inside Calypso phones; the intent is that all of the end-user-oriented commands
of fc-simtool described in this document will also be replicated in fc-simint.

Understanding SIM PIN1
======================

Every standard SIM card has a secret code called PIN1; this secret code can be
anywhere between 4 and 8 digits in length, with 4-digit PINs being most common.
In terms of persistent non-volatile state, SIM PIN1 can be enabled or disabled.
When SIM PIN1 is disabled, all regular functions of the card are enabled, as in
being able to power up the phone with the SIM in it and connect to the GSM
network with your subscriber identity, and being able to read and write SIM user
data content like phonebooks and stored messages - all of these functions are
enabled from the moment you turn on the phone with the SIM in it (or power the
SIM up by itself in a smart card "reader" driven by fc-simtool), without the
user ever being asked for a PIN, such that you can forget that the PIN even
exists - this situation in very common nowadays.  But when SIM PIN1 is enabled,
the smart chip in the SIM will not allow you access to any of the data stored
on the card and will not allow any GSM authentication operations until and
unless you send the correct PIN to the SIM in the VERIFY CHV command.

If you forgot your PIN1, the only way to reset it is to enter another secret
code (always 8 digits in length) called PUK1.  If the SIM is made according to
standards, then its PUK1 is set to a random number during either physical
manufacturing or administrative programming of the card and then remains
unchangeable afterward.  Therefore, in an ideal world if someone forgot their
PIN1 and don't have their PUK1 either, they should be able to obtain PUK1 from
the cellular operator who issued the SIM - but whether or not today's operators
will actually help such hapless users (without forcing them to get a new SIM)
is another question altogether.  PUK1 is often printed on the big (credit-card-
sized) plastic piece on which SIM cards are initially delivered - but it doesn't
help if you originally got your SIM many ages ago and no longer have that
souvenir plastic piece.

The standard protocol for communicating with SIM cards provides 5 special
commands that are dedicated to working with PIN1, and so does fc-simtool:

verify-pin1 XXXX

This command tells the SIM that you are attempting to prove knowledge
of PIN1, presenting a string of digits.  If the PIN digits you specify match
the PIN1 secret code stored inside the SIM, the card unlocks access to its
primary functions.  If the digits you send are wrong, the SIM decrements its
non-volatile attempt counter, giving you a total of 3 attempts (irrespective of
card power-downs between attempts) to enter the correct PIN.  If PIN1 is entered
incorrectly 3 times in a row, this PIN is blocked, and the only way to unblock
it is via PUK1.

enable-pin1 XXXX

This command changes the non-volatile state of the PIN1 enable/disable flag,
such that from now on the SIM will require PIN1 to be provided on every card
power-up before it will allow GSM authentication and access to user data.  The
enable-pin1 operation itself requires correct PIN1 digits to be provided.

disable-pin1 XXXX

This command changes the non-volatile state of the PIN1 enable/disable flag,
such that from now on the SIM will NOT require PIN1 to be provided on every
card power-up, and will instead be live immediately without needing proof of
card owner's identity.  The disable-pin1 operation itself requires correct PIN1
digits to be provided.

change-pin1 old-PIN new-PIN

This command tells the SIM that you wish to change PIN1 secret code to some new
digits.  Knowledge of the old PIN1 is required for this operation to succeed.

unblock-pin1 PUK1-secret-code new-PIN1

This command tells the SIM that you are attempting to prove knowledge
of PUK1 and to set new PIN1.  If PUK1 is given correctly, the new PIN1 will be
set.  If you enter wrong PUK1, the SIM decrements its non-volatile attempt
counter, giving you a total of 10 attempts (irrespective of card power-downs
between attempts) to enter the correct code.  If PUK1 is entered incorrectly 10
times in a row, it is blocked and the card should be considered bricked beyond
recovery.

Understanding SIM PIN2
======================

GSM standards provide support for a very rarely used feature that works in the
spirit of "parental controls": if you authenticate to the SIM with PIN2 secret
code (which has to be different from PIN1 for meaningful security), you can
edit a SIM-resident list of so-called Fixed Dialing Numbers (FDN), and then all
standard phones that implement this feature per the spec will refuse to allow
ordinary users (authenticated with PIN1 or with no PIN at all) to call any
numbers other than those programmed in FDN.

This whole "parental control" feature is totally silly and is not expected to be
of any practical use, but the whole purpose of fc-simtool is to allow every
feature of SIM cards to be exercised, hence we provide the necessary support.
The following commands work just like their PIN1 counterparts:

verify-pin2 XXXX
change-pin2 old-PIN new-PIN
unblock-pin2 PUK2-secret-code new-PIN2

Unlike PIN1, PIN2 cannot be disabled per traditional SIM card standards.

Getting basic info from the SIM
===============================

The following commands are available for retrieving basic info from the SIM:

iccid

This command retrieves the ICCID (Integrated Circuit Card ID) record from the
SIM - it is a number of up to 20 digits (although 19-digit ICCIDs are most
common) that identifies the SIM card as a physical artifact.  If your SIM is of
the traditional operator-issued kind, as opposed to a developer-oriented
programmable SIM from vendors like Sysmocom who have different ideas, this ICCID
will usually be the SIM card ID number printed on the physical plastic, along
with a barcode representation of the same number.

imsi

This command retrieves the IMSI (International Mobile Subscriber Identity) from
the SIM - it is the most fundamental ID token by which GSM phones present
themselves to networks, and they even use the first 5 or 6 digits of the IMSI
to decide which network they should try connecting to first.

sst

Every SIM card is required to have an essential data record (an EF in technical
terms) called the SIM Service Table, or SST.  This SST indicates which services
are allocated and activated on the given SIM.  Our sst command lists all
allocated service numbers, listing just a plain number if the service is both
allocated and activated (the usual case), or a number with a '^' suffix if the
service is allocated but not activated.  You will need to look in the 3GPP TS
51.011 spec to make sense of these service numbers.

user-sum

This command displays a user-friendly summary of user-oriented services present
on the SIM.  It reads SST to get the list of available and activated services,
but it considers only user-oriented ones (as opposed to SIM services dealing
with GSM network functions or serving operators' interests rather than users'),
and it displays them in a user-friendly manner.  For each present SIM phonebook
(ADN, FDN, SDN) and for the SMS store, user-sum displays the storage capacity
provided by the SIM (number of phonebook entries or messages), and for each of
the various phonebooks, the allocated number of alpha tag bytes is also
displayed.

The number of bytes allocated for the alpha tag in SIM phonebooks determines
the maximum length of the name field in each phonebook entry.  These name fields
can be written either in GSM7 encoding (GSM 03.38 aka 3GPP 23.038) or in UCS-2;
when GSM7 encoding is used, no SMS-style septet packing is applied - instead the
high bit of each byte is simply cleared.  Therefore, the maximum number of
characters in a phonebook entry name field usually equals the number of bytes
allocated for the alpha tag on the SIM, except for names containing ASCII
characters [\]^ and {|}~ which get expanded to 2-character escape sequences in
GSM7 encoding.

uicc-dir

If your SIM card functions not only as a classic GSM 11.11 SIM, but also as a
UICC with USIM/ISIM or other UICC-based applications, it will have a file named
EF_DIR in its file system, listing those applications.  fc-simtool uicc-dir
command dumps the content of this file in a human-readable form - but please
note that fc-simtool only speaks the classic GSM 11.11 protocol to the SIM, and
not the UICC protocol.  EF_DIR does not officially exist in the classic GSM SIM
spec, hence the dir command in fc-uicc-tool (speaking the UICC protocol) is the
official way to read and dump the content of EF_DIR.

Manipulating SIM phonebooks
===========================

Manipulating stored SMS
=======================

Manipulating SMS profiles
=========================

Identifying MVNO SIMs
=====================