Programming SIM card RAND?

Andrew Back andrew at carrierdetect.com
Wed Nov 28 22:44:02 UTC 2012


Hi Dieter,

On 24 November 2012 13:14, Dieter Spaar <spaar at mirider.augusta.de> wrote:

> For the IMSI you can read the appropriate EF of the SIM (the phone
> does the same to get the IMSI). Ki usually cannot be read back but
> because A3/A8 for a Test SIM is GSM XOR you can calculate Ki from
> the SIM response to the RUN GSM ALGORITHM command. OpenBSC contains
> code for the GSM XOR algorithm, this should give enough hints for
> how the calculation is done.
>
> For setting IMSI and Ki you most certainly have to contact the seller
> of the SIM card and hope that he can/will tell you the details.

I asked the seller if they could tell me the Ki and explained why I
needed this, and the response I got was: "the test card is mainly test
2GB network singinal" :o)

The baseband VTY show subscriber command gave me the IMSI
(001010123456789) and by reading the OpenBSC code I found that for XOR
I just needed the first 4 bytes of Ki, which worked out to be 1 154 2
173 (to make things easy I set the tester to use 255 255 255 255 ...
for RAND). I'm not sure how I would ascertain Ki in its entirety, but
maybe I don't need this anyway.

Thank you for your help!

Best,

Andrew

-- 
Andrew Back
http://carrierdetect.com




More information about the baseband-devel mailing list