FreeCalypso > hg > fc-sim-tools
annotate doc/GrcardSIM1-notes @ 74:9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Wed, 07 Apr 2021 05:57:44 +0000 |
parents | 5f7377392211 |
children |
rev | line source |
---|---|
72
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
1 As of A.D. 2021, the GSM-only SIM card model (as opposed to USIM/ISIM for LTE/5G |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
2 users) sold by Grcard company is the one which we call GrcardSIM2 - our current |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
3 FCSIM1 cards are GrcardSIM2, and this card model goes back to some time around |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
4 2013, when it was sold by Sysmocom as sysmoSIM-GR2. However, if we go back in |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
5 time a little further to around 2011, Grcard had an earlier card model which we |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
6 call GrcardSIM1 - it was sold by Sysmocom as sysmoSIM-GR1. In the present day |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
7 these original GrcardSIM1 cards are extremely scarce: Mother Mychaela got one |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
8 card from Das Signal, there may be one or two other people on the planet who |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
9 have one or two cards, but that's it - an extreme rarity. |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
10 |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
11 These GrcardSIM1 cards have one and only one special feature that makes them |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
12 interesting: supposedly they are freely reformattable, meaning that any |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
13 individual card owner can completely erase the card file system and then |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
14 recreate an entirely new one according to her liking: see our |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
15 Formatting-thoughts article. However, I said "supposedly" in the previous |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
16 sentence, referring to GrcardSIM1 free reformatting ability, because the extreme |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
17 scarcity makes it too difficult to test this ability: I (Mother Mychaela) have |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
18 only one card to play with, I am not too keen on the idea of possibly bricking |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
19 this card via incorrectly-guessed formatting commands, and there does not seem |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
20 to be much point in developing formatting tools for a card model that is no |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
21 longer available. |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
22 |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
23 Aside from their unique reformatting feature, GrcardSIM1 cards have two very |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
24 notable defects compared to current GrcardSIM2 or FCSIM1: |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
25 |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
26 * GrcardSIM1 cards have a broken security model in that grcard1-set-pin1, |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
27 grcard1-set-pin2, grcard1-set-adm1 and grcard1-set-adm2 commands (or rather |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
28 the actual command APDUs sent by these fc-simtool commands) are completely |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
29 unauthenticated, meaning that all PIN security is trivially bypassable: you |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
30 can take a PIN-locked card for which you don't know the PIN, you can reset |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
31 its PIN with grcard1-set-pin1, and bingo, you have access to all private data |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
32 and the GSM authentication token which the hapless owner sought to protect |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
33 with their PIN. The same goes for ADM access: if someone set the card's ADM2 |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
34 key to some unknown secret, you can reset it back to the pySim default of |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
35 4444444444444444 with grcard1-set-adm2 and give yourself full admin write |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
36 access, without ever knowing the previous key. |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
37 |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
38 * GrcardSIM2 (FCSIM1) cards support F=512 D=8 speed enhancement (the classic |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
39 SIM speed enhancement specified in GSM 11.11 and supported by classic GSM/2G |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
40 phones), but GrcardSIM1 cards don't support it - hence GR1 cards run in the |
5f7377392211
doc/GrcardSIM1-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff
changeset
|
41 slowest F=372 D=1 mode. |
74
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
42 |
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
43 The only datum on GrcardSIM1 cards which appears to be secure against reading |
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
44 is Ki. grcard1-set-ki command is unauthenticated like the other grcard1-set-*, |
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
45 thus anyone can overwrite Ki with their own, but it is a write-only datum on |
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
46 this card model: it does not appear in the file system, and there is no command |
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
47 for reading Ki. Contrast with GrcardSIM2, sysmoUSIM-SJS1 and sysmoISIM-SJA2 |
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
48 cards: all of these cards store their Ki in a special file in their file system, |
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
49 but this file requires ADM access (SUPER ADM on GrcardSIM2, ADM1 on Sysmocom |
9de2d8b8951d
doc/GrcardSIM1-notes: add note about Ki
Mychaela Falconia <falcon@freecalypso.org>
parents:
72
diff
changeset
|
50 cards) for both reading and writing. |