FreeCalypso > hg > fc-pcsc-tools
view doc/User-oriented-commands @ 64:8cd4771bdd79
doc/User-oriented-commands: document started
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sun, 14 Feb 2021 19:01:04 +0000 |
parents | |
children | cc48ac3b151c |
line wrap: on
line source
This document describes those commands and functions of fc-simtool which can be exercised by end users on any regular operator-issued SIM, without requiring a special programmable SIM with admin privileges. The Mother's plans for future development include a companion fc-simint utility that will operate on SIM cards inside Calypso phones; the intent is that all of the end-user-oriented commands of fc-simtool described in this document will also be replicated in fc-simint. Understanding SIM PIN1 ====================== Every standard SIM card has a secret code called PIN1; this secret code can be anywhere between 4 and 8 digits in length, with 4-digit PINs being most common. In terms of persistent non-volatile state, SIM PIN1 can be enabled or disabled. When SIM PIN1 is disabled, all regular functions of the card are enabled, as in being able to power up the phone with the SIM in it and connect to the GSM network with your subscriber identity, and being able to read and write SIM user data content like phonebooks and stored messages - all of these functions are enabled from the moment you turn on the phone with the SIM in it (or power the SIM up by itself in a smart card "reader" driven by fc-simtool), without the user ever being asked for a PIN, such that you can forget that the PIN even exists - this situation in very common nowadays. But when SIM PIN1 is enabled, the smart chip in the SIM will not allow you access to any of the data stored on the card and will not allow any GSM authentication operations until and unless you send the correct PIN to the SIM in the VERIFY CHV command. If you forgot your PIN1, the only way to reset it is to enter another secret code (always 8 digits in length) called PUK1. If the SIM is made according to standards, then its PUK1 is set to a random number during either physical manufacturing or administrative programming of the card and then remains unchangeable afterward. Therefore, in an ideal world if someone forgot their PIN1 and don't have their PUK1 either, they should be able to obtain PUK1 from the cellular operator who issued the SIM - but whether or not today's operators will actually help such hapless users (without forcing them to get a new SIM) is another question altogether. PUK1 is often printed on the big (credit-card- sized) plastic piece on which SIM cards are initially delivered - but it doesn't help if you originally got your SIM many ages ago and no longer have that souvenir plastic piece. The standard protocol for communicating with SIM cards provides 5 special commands that are dedicated to working with PIN1, and so does fc-simtool: verify-pin1 XXXX This command tells the SIM that you are attempting to prove knowledge of PIN1, presenting a string of digits. If the PIN digits you specify match the PIN1 secret code stored inside the SIM, the card unlocks access to its primary functions. If the digits you send are wrong, the SIM decrements its non-volatile attempt counter, giving you a total of 3 attempts (irrespective of card power-downs between attempts) to enter the correct PIN. If PIN1 is entered incorrectly 3 times in a row, this PIN is blocked, and the only way to unblock it is via PUK1. enable-pin1 XXXX This command changes the non-volatile state of the PIN1 enable/disable flag, such that from now on the SIM will require PIN1 to be provided on every card power-up before it will allow GSM authentication and access to user data. The enable-pin1 operation itself requires correct PIN1 digits to be provided. disable-pin1 XXXX This command changes the non-volatile state of the PIN1 enable/disable flag, such that from now on the SIM will NOT require PIN1 to be provided on every card power-up, and will instead be live immediately without needing proof of card owner's identity. The disable-pin1 operation itself requires correct PIN1 digits to be provided. change-pin1 old-PIN new-PIN This command tells the SIM that you wish to change PIN1 secret code to some new digits. Knowledge of the old PIN1 is required for this operation to succeed. unblock-pin1 PUK1-secret-code new-PIN1 This command tells the SIM that you are attempting to prove knowledge of PUK1 and to set new PIN1. If PUK1 is given correctly, the new PIN1 will be set. If you enter wrong PUK1, the SIM decrements its non-volatile attempt counter, giving you a total of 10 attempts (irrespective of card power-downs between attempts) to enter the correct code. If PUK1 is entered incorrectly 10 times in a row, it is blocked and the card should be considered bricked beyond recovery. Understanding SIM PIN2 ====================== GSM standards provide support for a very rarely used feature that works in the spirit of "parental controls": if you authenticate to the SIM with PIN2 secret code (which has to be different from PIN1 for meaningful security), you can edit a SIM-resident list of so-called Fixed Dialing Numbers (FDN), and then all standard phones that implement this feature per the spec will refuse to allow ordinary users (authenticated with PIN1 or with no PIN at all) to call any numbers other than those programmed in FDN. This whole "parental control" feature is totally silly and is not expected to be of any practical use, but the whole purpose of fc-simtool is to allow every feature of SIM cards to be exercised, hence we provide the necessary support. The following commands work just like their PIN1 counterparts: verify-pin2 XXXX change-pin2 old-PIN new-PIN unblock-pin2 PUK2-secret-code new-PIN2 Unlike PIN1, PIN2 cannot be disabled per traditional SIM card standards.