fc-sim-tools: doc/GrcardSIM2-security-model annotate

annotate doc/GrcardSIM2-security-model @ 93:6041c601304d

fcsim1-mkprov: revert OTA key addition It appears that GrcardSIM2 cards (which is what we got for FCSIM1) do not support OTA after all, contrary to what we were previously led to believe by some tech support emails from Grcard - apparently those support emails and OTA descriptions referred to some other card model(s).

author	Mychaela Falconia <falcon@freecalypso.org>
date	Wed, 21 Apr 2021 05:38:39 +0000
parents	da6e9d0b2ee6
children

rev	line source
18 da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	1 GrcardSIM2 cards (previously sold as sysmoSIM-GR2 and now being reintroduced as
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	2 FCSIM1) have two different ADM access levels, each guarded by a separate secret
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	3 code. These two ADM access levels are referred to as ADM and SUPER ADM in the
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	4 Osmocom wiki page for GrcardSIM2, but they can also be called ADM5 and ADM11,
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	5 as the access level numbers appear in the actual APDUs.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	6
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	7 If you successfully authenticate with ADM5 secret code, you gain the following
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	8 abilities:
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	9
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	10 * You can change the ADM5 secret code itself;
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	11 * You can reset PIN1, PIN2, PUK1 and PUK2 to new codes without having to know
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	12 any previous ones.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	13
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	14 If you successfully authenticate with ADM11 secret code, you gain the following
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	15 abilities:
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	16
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	17 * You can change the ADM11 secret code itself;
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	18 * You can reset PIN1, PIN2, PUK1, PUK2 and ADM5 to new codes without having to
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	19 know any previous ones.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	20
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	21 Most admin-write-only files are writable after either ADM5 or ADM11
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	22 authentication, but some files (particularly EF.WEKI that holds Ki) can only be
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	23 read and written with ADM11. More precisely, if a given access condition
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	24 (returned in response to SELECT) is listed as ADM11, then you need to
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	25 authenticate with ADM11, but if it is listed as ADM5, then either ADM5 or ADM11
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	26 is acceptable. Because of this permissive design whereby ADM11 alone is
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	27 sufficient, one can typically ignore ADM5 altogether for programming purposes.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	28
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	29 Both ADM5 and ADM11 can be set to any arbitrary string of 8 bytes, i.e., each
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	30 is effectively a 64-bit key. However, it is common for users to treat ADM5
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	31 and/or ADM11 as being a string of 8 ASCII-encoded decimal digits like standard
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	32 PUK1/PUK2 - the initial default ADM11 secret code from Grcard factory is set to
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	33 64-bit hex string 3838383838383838, which corresponds to PIN/PUK-style decimal
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	34 88888888.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	35
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	36 fc-simtool provides commands to set and verify ADM5 and ADM11 secret codes in
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	37 either full hex or ASCII-encoded decimal representation; the former allows any
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	38 arbitrary 64-bit key to be entered, whereas the latter is restricted to those
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	39 64-bit keys which correspond to 8 ASCII-encoded decimal digits. The commands
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	40 are:
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	41
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	42 verify-ext 5 XXXXXXXX # authenticate as ADM5, decimal format
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	43 verify-hex 5 xxxxxxxxxxxxxxxx # authenticate as ADM5, arbitrary hex format
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	44
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	45 verify-ext 11 XXXXXXXX # authenticate as ADM11, decimal format
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	46 verify-hex 11 xxxxxxxxxxxxxxxx # authenticate as ADM11, arbitrary hex format
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	47
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	48 grcard2-set-adm5 XXXXXXXX # set new ADM5, decimal format
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	49 grcard2-set-adm5-hex xxxxxxxxxxxxxxxx # set new ADM5, arbitrary hex format
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	50
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	51 grcard2-set-super XXXXXXXX # set new ADM11, decimal format
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	52 grcard2-set-super-hex xxxxxxxxxxxxxxxx # set new ADM11, arbitrary hex format
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	53
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	54 ADM11 MF quirk
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	55 ==============
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	56
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	57 The operation of authenticating with ADM11 (verify-ext 11 or verify-hex 11) is
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	58 only allowed when the currently selected directory is MF - either as the very
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	59 first command in an fc-simtool session, or after an explicit 'select MF'. If
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	60 the current directory is DF_GSM or DF_TELECOM, the command to authenticate with
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	61 ADM11 (VERIFY CHV with P2=0x0B) fails with SW of 0x9802.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	62
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	63 Setting PIN1/PIN2/PUK1/PUK2
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	64 ===========================
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	65
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	66 The following commands reset standard PIN and PUK secret codes after
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	67 authenticating with either ADM5 or ADM11:
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	68
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	69 grcard2-set-pin1 XXXX
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	70 grcard2-set-pin2 XXXX
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	71 grcard2-set-puk1 XXXXXXXX
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	72 grcard2-set-puk2 XXXXXXXX
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	73
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	74 These 4 commands take decimal string arguments and send them to the card in
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	75 ASCII encoding per standard SIM spec definition of PIN1/PIN2/PUK1/PUK2.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	76
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	77 The underlying command APDUs sent by fc-simtool grcard2-set-* commands are
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	78 proprietary to Grcard. If you craft the right APDUs manually in hex (which our
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	79 low-level apdu command allows), you can set PIN1/PIN2/PUK1/PUK2 to arbitrary
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	80 64-bit hex strings which do not correspond to ASCII-encoded decimal - however,
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	81 doing so would produce a SIM that violates the public interface definition for
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	82 standard PIN1/PIN2/PUK1/PUK2, hence we do not provide such ability in our
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	83 high-level grcard2-set-* command set.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	84
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	85 FCSIM1 default PINs
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	86 ===================
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	87
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	88 The initial default ADM11 secret code from Grcard factory is decimal 88888888,
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	89 meaning that you need to authenticate as follows:
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	90
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	91 select MF
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	92 verify-ext 11 88888888
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	93
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	94 If your card is unprogrammed (if you haven't programmed it yourself with
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	95 fc-simtool), all other secret codes should be regarded as unknown - you need to
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	96 reset them yourself in your own card programming or provisioning operation.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	97 Our fcsim1-default-pins command script sets the following FCSIM1 official
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	98 defaults:
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	99
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	100 grcard2-set-pin1 1234
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	101 grcard2-set-pin2 6666
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	102 grcard2-set-puk1 00099933
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	103 grcard2-set-puk2 00099944
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	104 grcard2-set-adm5 55501234
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	105
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	106 For as long as you keep the ADM11 secret code at its default of 88888888, there
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	107 is no PIN security - even if you set PIN1/PIN2/PUK1/PUK2 to your own secrets,
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	108 anyone can authenticate with the unchanged default ADM11 and then freely reset
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	109 all lower PINs. However, in the Mother's opinion there is very little need for
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	110 PIN security in actual operational usage in this day and age - almost no one
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	111 enables their PIN1, making it moot, and no one ever uses SIM "parental control"
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	112 features controlled by PIN2. In the present circumstances, the only real use
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	113 for knowing SIM PINs is to exercise and test phone firmware code paths dealing
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	114 with these PINs - and for this purpose having known fixed "secret" codes is
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	115 very convenient.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	116
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	117 However, if someone does desire real PIN security, it is possible on FCSIM1
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	118 cards - but then you have to not only set PIN1/PIN2/PUK1/PUK2 to your own
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	119 secrets, but also set both ADM5 and ADM11 to your own truly-secret codes as
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	120 well. But be careful - if you set your own ADM11 secret code and then forget
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	121 it, there is no recovery! Maintaining a database of per-card secret codes is a
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	122 development job which the Mother gladly leaves to other programmers, to be
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	123 undertaken if and when someone actually needs such added complexity.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	124
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	125 How to (not) brick your card
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	126 ============================
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	127
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	128 The following actions will brick your card beyond recovery:
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	129
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	130 * If you enter ADM11 incorrectly 3 times in a row, ADM11 access is lost with no
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	131 possibility of recovery - this bricking mode is generally expected, there can
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	132 be no other way.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	133
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	134 * If you enter ADM5 incorrectly 3 times in a row, you unrecoverably lose the
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	135 ability to use ADM5 ever again - even if you successfully authenticate with
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	136 ADM11 and reset ADM5 with grcard2-set-adm5, the attempt counter does not get
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	137 reset, and ADM5 remains blocked.
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	138
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	139 * If you enter standard PUK1 or PUK2 incorrectly 10 times in a row, it is
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	140 similarly blocked beyond recovery, with no help from ADM5 or ADM11 -
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	141 grcard2-set-puk[12] commands reset the secret code, but not the associated
da6e9d0b2ee6 data, doc, scripts: import from previous fc-pcsc-tools repo Mychaela Falconia <falcon@freecalypso.org> parents: diff changeset	142 attempt counter.

FreeCalypso > hg > fc-sim-tools

annotate doc/GrcardSIM2-security-model @ 93:6041c601304d