Hil list Today I've observed a strange behaviour when modifying the PNLM of some real networks expired sims (to be used with osmocom and openbts). I've put 001 01 on the top of the list. I've ejected and reinsterted the sim in the reader many times, and I'm sure that the value has been wrtitten. When trying to connect to my test operator I get the message "your sim card doesn't allow the connection to this network operator" from my android phone. Reading again the pnlm I see that the original list has been restored. This astonishes me... Is is possible that the SIM overwrites the list by itselt? Or is it the phone that does it? The android has an original, not branded, operating system. Thanks everybody for your help. Dario
I've seen similar behavior before -- particularly trying to write EF.PLMNSEL, EF.FPLMN, and EF.{O,H,}PLMNwACT on some US-carrier SIMs.
This seems to be worse in the ones from AT&T MVNOs (I've tried ones from Red Pocket and H2O). Generally, the write just fails; but I believe I've observed some EFs get reset after a successful write/read. Are you getting a valid response from the UPDATE BINARY command?
Unfortunately, I haven't found a reasonable workaround for this. One ugly hack that seemed to work with some SIMs on an HTC One V (a recent Android phone ), is "priming" the SIM by first registering to the network using a old Nokia 3310 or similar; the connected data is stored on the SIM (EF.LOCI, I imagine? I actually never figured out why this worked.) and is good for a one-time use in the smartphone.
Writable or custom SIMs are reasonably inexpensive, so for anything over a handful of devices in a test network (with manual network selection), that's probably the way to go..
Are you operating as MCC=001 MNC=01 (test network)?
(Apologies to the list if this is the wrong venue for this.)
On Fri, Sep 7, 2012 at 8:15 AM, Dario Lombardo dario.lombardo.ml@gmail.com wrote:
Hil list Today I've observed a strange behaviour when modifying the PNLM of some real networks expired sims (to be used with osmocom and openbts). I've put 001 01 on the top of the list. I've ejected and reinsterted the sim in the reader many times, and I'm sure that the value has been wrtitten. When trying to connect to my test operator I get the message "your sim card doesn't allow the connection to this network operator" from my android phone. Reading again the pnlm I see that the original list has been restored. This astonishes me... Is is possible that the SIM overwrites the list by itselt? Or is it the phone that does it? The android has an original, not branded, operating system. Thanks everybody for your help. Dario
On Fri, Sep 7, 2012 at 6:02 PM, Brandon Creighton cstone@pobox.com wrote:
I've seen similar behavior before -- particularly trying to write EF.PLMNSEL, EF.FPLMN, and EF.{O,H,}PLMNwACT on some US-carrier SIMs.
This seems to be worse in the ones from AT&T MVNOs (I've tried ones from Red Pocket and H2O). Generally, the write just fails; but I believe I've observed some EFs get reset after a successful write/read. Are you getting a valid response from the UPDATE BINARY command?
My software doesn't give me any error. Unplugging and replugging the sim gives me good feedback: the test operator is still on the top of the plnm.
Unfortunately, I haven't found a reasonable workaround for this. One ugly hack that seemed to work with some SIMs on an HTC One V (a recent Android phone ), is "priming" the SIM by first registering to the network using a old Nokia 3310 or similar; the connected data is stored on the SIM (EF.LOCI, I imagine? I actually never figured out why this worked.) and is good for a one-time use in the smartphone.
Writable or custom SIMs are reasonably inexpensive, so for anything over a handful of devices in a test network (with manual network selection), that's probably the way to go..
I tried to used expired sims because I have loads of them... :)
Are you operating as MCC=001 MNC=01 (test network)?
Yes.
(Apologies to the list if this is the wrong venue for this.)
On Fri, Sep 7, 2012 at 8:15 AM, Dario Lombardo dario.lombardo.ml@gmail.com wrote:
Hil list Today I've observed a strange behaviour when modifying the PNLM of some real networks expired sims (to be used with osmocom and openbts). I've put 001 01 on the top of the list. I've ejected and reinsterted the sim in the reader many times, and I'm sure that the value has been wrtitten. When trying to connect to my test operator I get the message "your sim card doesn't allow the connection to this network operator" from my android phone. Reading again the pnlm I see that the original list has been restored. This astonishes me... Is is possible that the SIM overwrites the list by itselt? Or is it the phone that does it? The android has an original, not branded, operating system. Thanks everybody for your help. Dario
Hi,
Curious, but I tested it and also came to the same conclusion (with a current vodafone card). The changes on PLMNsel are not stored permanently. On the next power up, the SIM will rewrite this file. Here some code to test it: https://www.tsaitgaist.info/private/plmn.tar.xz The source is open (it uses libpcsc), but only use it to verify the results (e.g. not distributing it), as the code is not yet ready to be published (the file will be removed in 2 days).
have fun, kevin
Excerpts from Dario Lombardo's message of Fri Sep 07 23:12:45 +0200 2012:
On Fri, Sep 7, 2012 at 6:02 PM, Brandon Creighton cstone@pobox.com wrote:
I've seen similar behavior before -- particularly trying to write EF.PLMNSEL, EF.FPLMN, and EF.{O,H,}PLMNwACT on some US-carrier SIMs.
This seems to be worse in the ones from AT&T MVNOs (I've tried ones from Red Pocket and H2O). Generally, the write just fails; but I believe I've observed some EFs get reset after a successful write/read. Are you getting a valid response from the UPDATE BINARY command?
My software doesn't give me any error. Unplugging and replugging the sim gives me good feedback: the test operator is still on the top of the plnm.
Unfortunately, I haven't found a reasonable workaround for this. One ugly hack that seemed to work with some SIMs on an HTC One V (a recent Android phone ), is "priming" the SIM by first registering to the network using a old Nokia 3310 or similar; the connected data is stored on the SIM (EF.LOCI, I imagine? I actually never figured out why this worked.) and is good for a one-time use in the smartphone.
Writable or custom SIMs are reasonably inexpensive, so for anything over a handful of devices in a test network (with manual network selection), that's probably the way to go..
I tried to used expired sims because I have loads of them... :)
Are you operating as MCC=001 MNC=01 (test network)?
Yes.
(Apologies to the list if this is the wrong venue for this.)
On Fri, Sep 7, 2012 at 8:15 AM, Dario Lombardo dario.lombardo.ml@gmail.com wrote:
Hil list Today I've observed a strange behaviour when modifying the PNLM of some real networks expired sims (to be used with osmocom and openbts). I've put 001 01 on the top of the list. I've ejected and reinsterted the sim in the reader many times, and I'm sure that the value has been wrtitten. When trying to connect to my test operator I get the message "your sim card doesn't allow the connection to this network operator" from my android phone. Reading again the pnlm I see that the original list has been restored. This astonishes me... Is is possible that the SIM overwrites the list by itselt? Or is it the phone that does it? The android has an original, not branded, operating system. Thanks everybody for your help. Dario
On Sat, Sep 8, 2012 at 6:21 PM, Kevin Redon ml@mail.tsaitgaist.info wrote:
Hi,
Curious, but I tested it and also came to the same conclusion (with a current vodafone card). The changes on PLMNsel are not stored permanently. On the next power up, the SIM will rewrite this file.
That's not exactly what I observed. Powering up the card in a card reader, I checked that the list is modified. But putting it into a cell phone, I found it restored.
Here some code to test it: https://www.tsaitgaist.info/private/plmn.tar.xz The source is open (it uses libpcsc), but only use it to verify the results (e.g. not distributing it), as the code is not yet ready to be published (the file will be removed in 2 days).
Going to test it. Do you know open source suites for sim card management? The most complete one I know is from Dekart, but is for win and commercial/closed. Anything useful for open source/unix world?
Hi,
Excerpts from Dario Lombardo's message of Mon Sep 10 09:52:44 +0200 2012:
On Sat, Sep 8, 2012 at 6:21 PM, Kevin Redon ml@mail.tsaitgaist.info wrote:
Hi,
Curious, but I tested it and also came to the same conclusion (with a current vodafone card). The changes on PLMNsel are not stored permanently. On the next power up, the SIM will rewrite this file.
That's not exactly what I observed. Powering up the card in a card reader, I checked that the list is modified. But putting it into a cell phone, I found it restored.
Ok. I tested more sim cards and found different behaviours: - Vodafone (germany) + Vodafone CallYA: rewrites EF_PLMNsel at every power up - SFR: rewrites EF_PLMNsel at every power up - universal (bouygues): does not rewrite EF_PLMNsel, even in the phone (card not active/can not connect to network anymore) - virgin mobile (orange franche): does not rewrite EF_PLMNsel, even in the phone (card not active/can not connect to network anymore) - O2 prepaid: does not rewrite EF_PLMNsel at boot, but rewrites in the phone (card not active/can not connect to network anymore) - O2 loop (older): does not rewrite EF_PLMNsel, even in the phone. card did connect to the network.
I used a Motorols C121 as phone.
I will try SIMtrace on the o2 prepaid card to see what is happening and check if the phone rewrites it, or the SIM card does it itself (due to some sequence of instructions).
Here some code to test it: https://www.tsaitgaist.info/private/plmn.tar.xz The source is open (it uses libpcsc), but only use it to verify the results (e.g. not distributing it), as the code is not yet ready to be published (the file will be removed in 2 days).
Going to test it. Do you know open source suites for sim card management? The most complete one I know is from Dekart, but is for win and commercial/closed. Anything useful for open source/unix world?
No, I don't know any tool. That is why I wrote it myself.
kevin
Hi,
Excerpts from Kevin Redon's message of Mon Sep 10 12:14:14 +0200 2012:
Hi,
I will try SIMtrace on the o2 prepaid card to see what is happening and check if the phone rewrites it, or the SIM card does it itself (due to some sequence of instructions).
I looked at the traffic using SIMtrace and the O2 prepaid SIM card. PLMNsel is already rewritten when the phone (Motorala C121) reads it for the first time. The phone does not write anything up to that point. I think the rewrite to default is triggered when a particular file is read, but this is just a guess as I did not test it myself. It could also be due to a sequence a commands, or something else. At least we know something curious is happening with PLMNsel.
hope it helps, kevin
baseband-devel@lists.osmocom.org
-
Brandon Creighton -
Dario Lombardo -
Kevin Redon