# HG changeset patch
# User Mychaela Falconia <falcon@freecalypso.org>
# Date 1613595334 0
# Node ID 3bce899bcf78f1e5c277e6377a3d71fb9f008663
# Parent  7412cdd505b30899fb3555598a3435e3e53d3bb1
doc/Low-level-commands: a38 command documented

diff -r 7412cdd505b3 -r 3bce899bcf78 doc/Low-level-commands
--- a/doc/Low-level-commands	Wed Feb 17 20:41:30 2021 +0000
+++ b/doc/Low-level-commands	Wed Feb 17 20:55:34 2021 +0000
@@ -138,4 +138,20 @@
 GSM authentication testing
 ==========================
 
-a38
+a38 RAND
+
+This fc-simtool command exercises the SIM card's RUN GSM ALGORITHM command.
+The user-specified RAND value (a hex string of 16 bytes) is sent to the SIM,
+and the SIM response is parsed to display SRES and Kc.
+
+Per SIM specs GSM TS 11.11 and 3GPP TS 51.011, RUN GSM ALGORITHM can only be
+executed when DF_GSM is selected.  fc-simtool a38 command does NOT include a
+built-in SELECT of DF_GSM, hence you need to manually issue 'select DF_GSM'
+first.
+
+This a38 command can be used to verify if the SIM card's Ki and A38 algorithm
+match what you expect them to be.  To perform this test, issue an a38 command
+to the SIM with some made-up RAND and note the SRES and Kc response.  Then use
+the osmo-auc-gen utility from Osmocom to run the expected algorithm with the
+expected Ki (and the expected OPc if MILENAGE is used) and the same RAND, and
+see if SRES and Kc match.