Hi Dieter,
On 24 November 2012 13:14, Dieter Spaar <spaar(a)mirider.augusta.de> wrote:
For the IMSI you can read the appropriate EF of the
SIM (the phone
does the same to get the IMSI). Ki usually cannot be read back but
because A3/A8 for a Test SIM is GSM XOR you can calculate Ki from
the SIM response to the RUN GSM ALGORITHM command. OpenBSC contains
code for the GSM XOR algorithm, this should give enough hints for
how the calculation is done.
For setting IMSI and Ki you most certainly have to contact the seller
of the SIM card and hope that he can/will tell you the details.
I asked the seller if they could tell me the Ki and explained why I
needed this, and the response I got was: "the test card is mainly test
2GB network singinal" :o)
The baseband VTY show subscriber command gave me the IMSI
(001010123456789) and by reading the OpenBSC code I found that for XOR
I just needed the first 4 bytes of Ki, which worked out to be 1 154 2
173 (to make things easy I set the tester to use 255 255 255 255 ...
for RAND). I'm not sure how I would ascertain Ki in its entirety, but
maybe I don't need this anyway.
Thank you for your help!
Best,
Andrew
--
Andrew Back
http://carrierdetect.com