comparison doc/GrcardSIM2-programming @ 75:42229bec887b

doc/GrcardSIM2-programming: a few updates
author Mychaela Falconia <falcon@freecalypso.org>
date Wed, 07 Apr 2021 07:17:12 +0000
parents da6e9d0b2ee6
children 8c23d2a9c013
comparison
equal deleted inserted replaced
74:9de2d8b8951d 75:42229bec887b
1 The card model which we call GrcardSIM2 is one of the many smart card models 1 The card model which we call GrcardSIM2 is one of the many smart card models
2 made and sold by Grcard in China. As of this writing (2021-03) and going back 2 made and sold by Grcard in China. Our FreeCalypso-branded version of this card
3 to somewhere around 2013, it is the card model they sell when a customer asks 3 is called FCSIM1 (batch of 200 cards made in 2021-04), but the same card model
4 for a GSM-only SIM card, as opposed to USIM cards for UMTS/LTE/etc. This card 4 was previously sold by Sysmocom as sysmoSIM-GR2, going back to some time around
5 model was once resold by Sysmocom as sysmoSIM-GR2, and we are hoping to get a 5 2013.
6 batch of our own FreeCalypso-branded version which we call FCSIM1.
7 6
8 Our fc-simtool supports full programming of these cards: you can take a card 7 Our fc-simtool supports full programming of these cards: you can take a card
9 whose initial state is "blank" or unprogrammed, or a card with some previous 8 whose initial state is "blank" or unprogrammed, or a card with some previous
10 programming, and you can program it to your own liking using fc-simtool. For 9 programming, and you can program it to your own liking using fc-simtool. For
11 the purpose of programming this particular card model (as opposed to USIM/ISIM 10 the purpose of programming this particular card model (as opposed to USIM/ISIM
19 GSM network deployments. 18 GSM network deployments.
20 19
21 * These cards have a fairly sophisticated security model with two different ADM 20 * These cards have a fairly sophisticated security model with two different ADM
22 access levels: see GrcardSIM2-security-model article for the details. 21 access levels: see GrcardSIM2-security-model article for the details.
23 pySim-prog support for this security model is fundamentally broken: it 22 pySim-prog support for this security model is fundamentally broken: it
24 authenticates with ADM11 as required for writing Ki, but does not support any 23 authenticates with ADM11 as required for writing Ki, but it always sends the
25 option of changing this key to a secure one, as would be required in any 24 default ADM11 key, i.e., pySim-prog -a or -A options have no effect on the key
26 application where traditional SIM security is desired. OTOH, pySim-prog 25 that actually matters. Instead of supporting changeable ADM11 keys,
27 needlessly resets ADM5, even though they could have left it alone - ADM11 by 26 pySim-prog needlessly resets ADM5, even though they could have left it alone
28 itself is sufficient for writing to all files. 27 (ADM11 by itself is sufficient for writing to all files), and the effect of
28 -a or -A options is only on this unnecessary ADM5 setting.
29 29
30 * Further on the security model, GrcardSIM2 cards allow admins to reset 30 * Further on the security model, GrcardSIM2 cards allow admins to reset
31 PIN1/PIN2/PUK1/PUK2 secret codes after authenticating with ADM5 or ADM11 - 31 PIN1/PIN2/PUK1/PUK2 secret codes after authenticating with ADM5 or ADM11 -
32 this mechanism is the only way to reset PUK1 and PUK2 if the previous codes 32 this mechanism is the only way to reset PUK1 and PUK2 if the previous codes
33 are unknown. pySim-prog provides no support for setting PIN/PUK codes. 33 are unknown. pySim-prog provides no support for setting PIN/PUK codes.
72 See our fcsim1-defprog script for a starting point. 72 See our fcsim1-defprog script for a starting point.
73 73
74 2) Per-card settings like ICCID, IMSI, ACC and Ki can only be set either 74 2) Per-card settings like ICCID, IMSI, ACC and Ki can only be set either
75 manually (OK for one or two cards, but doesn't scale), or by way of custom 75 manually (OK for one or two cards, but doesn't scale), or by way of custom
76 front end or wrapper programs that generate and execute one-time fc-simtool 76 front end or wrapper programs that generate and execute one-time fc-simtool
77 command scripts. We plan on implementing one such front end tool once we 77 command scripts. Now that our FCSIM1 cards are here, we plan on implementing
78 get our FCSIM1 card batch made. 78 the necessary front end tool soon - see FCSIM1-programming article.
79 79
80 Please refer to Admin-write-commands, GrcardSIM2-WEKI-file and 80 Please refer to Admin-write-commands, GrcardSIM2-WEKI-file and
81 GrcardSIM2-security-model articles for commands to be used in crafting your 81 GrcardSIM2-security-model articles for commands to be used in crafting your
82 custom programming scripts. 82 custom programming scripts.