Hi,
sim card by identification
ATR: 3B 9F 95 80 1F C3 80 31 E0 73 FE 21 13 57 86 81 02 86 98 44 18 A8 GREEN CARD, Grcard (Hong Kong ) Co.,Limited, LTE Usim Card (Telecommunication) Celcom Postpaid 3G (Telecommunication)
when trying to program using
./pySim-prog.py -n OpenBSC -i 901700000003080 -c 001 -x 001 -y 02 -s 1791198229180000075 -d /dev/ttyUSB0 -a 58001006 -t grcardsim
pySim-prog.py fails with following stacktrace
Programming ... Traceback (most recent call last): File "./pySim-prog.py", line 636, in <module> card.program(cp) File "/home/username/pysim/pySim/cards.py", line 271, in program self._scc.verify_chv(5, pin) File "/home/username/pysim/pySim/commands.py", line 111, in verify_chv return self._tp.send_apdu_checksw(self.cla_byte + '2000' + ('%02X' % schv_no) + '08' + fc) File "/home/username/pysim/pySim/transport/__init__.py", line 85, in send_apdu_checksw rv = self.send_apdu(pdu) File "/home/username/pysim/pySim/transport/__init__.py", line 68, in send_apdu data, sw = self.send_apdu_raw(pdu) File "/home/username/pysim/pySim/transport/serial.py", line 202, in send_apdu_raw self._tx_string(pdu[5:]) File "/home/username/pysim/pySim/transport/serial.py", line 168, in _tx_string raise ProtocolError("Bad echo value (Expected: %s, got %s)" % (b2h(s), b2h(r))) pySim.exceptions.ProtocolError: Bad echo value (Expected: 33353338333033303331333033303336, got 3335333833303330333330333033366e)
- using usb sim card reader which creates standard serial line on /dev/ttyUSB0
programming also fails when using Gemalto Ezio Shield
./pySim-prog.py -n OpenBSC -i 901700000003080 -c 001 -x 001 -y 02 -s 1791198229180000075 -p 0 -a 58001006 -t grcardsim
fails with following stacktrace
Programming ... Traceback (most recent call last): File "./pySim-prog.py", line 636, in <module> card.program(cp) File "/home/smarek/Documents/PROJEKTY/SECURITY/TELCO/SIMCARDS/pysim/pySim/cards.py", line 271, in program self._scc.verify_chv(5, pin) File "/home/smarek/Documents/PROJEKTY/SECURITY/TELCO/SIMCARDS/pysim/pySim/commands.py", line 111, in verify_chv return self._tp.send_apdu_checksw(self.cla_byte + '2000' + ('%02X' % chv_no) + '08' + fc) File "/home/smarek/Documents/PROJEKTY/SECURITY/TELCO/SIMCARDS/pysim/pySim/transport/__init__.py", line 87, in send_apdu_checksw raise RuntimeError("SW match failed ! Expected %s and got %s." % (sw.lower(), rv[1])) RuntimeError: SW match failed ! Expected 9000 and got 6b00.
Thank you for your help MS
Hi Marek,
On Mon, Jan 29, 2018 at 05:39:24PM +0100, Marek Sebera wrote:
ATR: 3B 9F 95 80 1F C3 80 31 E0 73 FE 21 13 57 86 81 02 86 98 44 18 A8 GREEN CARD, Grcard (Hong Kong ) Co.,Limited, LTE Usim Card (Telecommunication) Celcom Postpaid 3G (Telecommunication)
The supplier of the cards you mention hasever contributed in any way to pySim. We simply did some protocol tracing of an early GRSIM card (2G, not USIM or LTE) and implemented code for it based on reverse engineering, just like for the early MagicSIM. If you have a different card, it will for sure not work.
If you would like to implement support for the card models you are using, please feel free to contribute patches, we're happy to add support for more cards.
The only SIM card supplier that ever contributed development of pySim code was sysmocom, and most recently, also fairwaves.
So I guess you have the choice of either contributing code for the cards you work with, or use cards where the suppliers actually care about pySim support.
Kind regards, Harald
Hi Harald,
thank you, I'll be happy to provide patches, as soon as I learn how to communicate with card.
Is there anything to start with? Supplier just told us they obtained the SIM cards from "http://www.copysim.cn" and there is no reference to recommended software for programming these cards.
I did obtain some informations using various utilities, but all I can now do is to study "ETSI TS 102 221" and implement the card-commands-discovery or bruteforce myself.
Or am I wrong, and I've missed some utilities that could aid my fight?
I've wrote some shell using both pySim and mitshell/card frameworks, and I've confirmed few things (ie. available commands, and CLA being 0x00, which means these cards are USIM), but passwords for ADM1 PIN (12345678, 44444444, 00000000) do not work. Also card partially responds to CLA 0x80, which probably indicates the availability of proprietary PDUs, as mentioned in grcardsim wiki. Is there any better tool, or am I using best available ones?
Also mentioning the "bad echo value", is this related to implementation of specific sim-card, the usb reader/writer (possibly faulty) or the sim card? Because something as simple as ping/pong (or at least this is what it seems like from code) should not fail generally, and it occurs only when I provide "pin_adm" (adm1) and using grcardsim and sysmoUSIM-SJS1 (prefered).
Thank you Marek
On 01/29/2018 11:15 PM, Harald Welte wrote:
Hi Marek,
On Mon, Jan 29, 2018 at 05:39:24PM +0100, Marek Sebera wrote:
ATR: 3B 9F 95 80 1F C3 80 31 E0 73 FE 21 13 57 86 81 02 86 98 44 18 A8 GREEN CARD, Grcard (Hong Kong ) Co.,Limited, LTE Usim Card (Telecommunication) Celcom Postpaid 3G (Telecommunication)
The supplier of the cards you mention hasever contributed in any way to pySim. We simply did some protocol tracing of an early GRSIM card (2G, not USIM or LTE) and implemented code for it based on reverse engineering, just like for the early MagicSIM. If you have a different card, it will for sure not work.
If you would like to implement support for the card models you are using, please feel free to contribute patches, we're happy to add support for more cards.
The only SIM card supplier that ever contributed development of pySim code was sysmocom, and most recently, also fairwaves.
So I guess you have the choice of either contributing code for the cards you work with, or use cards where the suppliers actually care about pySim support.
Kind regards, Harald
Hi Marek,
Are you trying to communicate with the card or program it?
Cheers, Domi
2018. jan. 31. dátummal, 10:18 időpontban Marek Sebera marek.sebera@gmail.com írta:
Hi Harald,
thank you, I'll be happy to provide patches, as soon as I learn how to communicate with card.
Is there anything to start with? Supplier just told us they obtained the SIM cards from "http://www.copysim.cn" and there is no reference to recommended software for programming these cards.
I did obtain some informations using various utilities, but all I can now do is to study "ETSI TS 102 221" and implement the card-commands-discovery or bruteforce myself.
Or am I wrong, and I've missed some utilities that could aid my fight?
I've wrote some shell using both pySim and mitshell/card frameworks, and I've confirmed few things (ie. available commands, and CLA being 0x00, which means these cards are USIM), but passwords for ADM1 PIN (12345678, 44444444, 00000000) do not work. Also card partially responds to CLA 0x80, which probably indicates the availability of proprietary PDUs, as mentioned in grcardsim wiki. Is there any better tool, or am I using best available ones?
Also mentioning the "bad echo value", is this related to implementation of specific sim-card, the usb reader/writer (possibly faulty) or the sim card? Because something as simple as ping/pong (or at least this is what it seems like from code) should not fail generally, and it occurs only when I provide "pin_adm" (adm1) and using grcardsim and sysmoUSIM-SJS1 (prefered).
Thank you Marek
On 01/29/2018 11:15 PM, Harald Welte wrote: Hi Marek,
On Mon, Jan 29, 2018 at 05:39:24PM +0100, Marek Sebera wrote: ATR: 3B 9F 95 80 1F C3 80 31 E0 73 FE 21 13 57 86 81 02 86 98 44 18 A8 GREEN CARD, Grcard (Hong Kong ) Co.,Limited, LTE Usim Card (Telecommunication) Celcom Postpaid 3G (Telecommunication)
The supplier of the cards you mention hasever contributed in any way to pySim. We simply did some protocol tracing of an early GRSIM card (2G, not USIM or LTE) and implemented code for it based on reverse engineering, just like for the early MagicSIM. If you have a different card, it will for sure not work.
If you would like to implement support for the card models you are using, please feel free to contribute patches, we're happy to add support for more cards.
The only SIM card supplier that ever contributed development of pySim code was sysmocom, and most recently, also fairwaves.
So I guess you have the choice of either contributing code for the cards you work with, or use cards where the suppliers actually care about pySim support.
Kind regards, Harald
you need the exact matching utilities / APDUs / scripts to configure the specific card chip / OS that you have in front of you.
Reading ETSI/3GPP specs won't help you, as those documents only describe how the card is used after production/provisioning. What happens with the card during production/provisioning and using what commands/protocols is completely outside of any public/interoperable specification.
Ok, but when you did the initial "tracing" of APDUs used to program Green Card SIMs, you reversed some existing software? Or did you "bruteforce" it ?
On 01/31/2018 01:33 PM, Harald Welte wrote:
you need the exact matching utilities / APDUs / scripts to configure the specific card chip / OS that you have in front of you.
Reading ETSI/3GPP specs won't help you, as those documents only describe how the card is used after production/provisioning. What happens with the card during production/provisioning and using what commands/protocols is completely outside of any public/interoperable specification.
On Wed, Jan 31, 2018 at 01:44:55PM +0100, Marek Sebera wrote:
Ok, but when you did the initial "tracing" of APDUs used to program Green Card SIMs, you reversed some existing software? Or did you "bruteforce" it ?
we traced the protocol between the windows software of the supplier and the card using the Osmocom SIMtrace.
Could you maybe tell me, because I haven't found anywhere in docs, which software and its version did you traced?
Also is it possible this software has the USIM support within, and could be simply "traced" ? Or maybe newer version of the software will have the support.
If the software can be downloaded anywhere, please link me, I'll investigate as much as I can.
On 01/31/2018 01:50 PM, Harald Welte wrote:
On Wed, Jan 31, 2018 at 01:44:55PM +0100, Marek Sebera wrote:
Ok, but when you did the initial "tracing" of APDUs used to program Green Card SIMs, you reversed some existing software? Or did you "bruteforce" it ?
we traced the protocol between the windows software of the supplier and the card using the Osmocom SIMtrace.
On Wed, Jan 31, 2018 at 02:49:34PM +0100, Marek Sebera wrote:
Could you maybe tell me, because I haven't found anywhere in docs, which software and its version did you traced?
This was some 5 or more years ago. Clearly I have no recollection of that.
I also don't see why I would or should invest time on this. At the time we sourced chinese magic and GRsim cards and developed pySim, it was not possible to get small quantities of programmable cards in Europe or the US, at least mot on the general/open market for a reasonable price, together with knowhow or tools to program them.
We have achieved that goal at the time, and after a lot of painful difficulties with GRcard, we have since moved to *much* better cards, and they are generally available together with pySim, the sysmusim-util and even a manual listing the APDUs and explaining the tools usage.
So the problem no longe exists. If you need a small quantity of programmable cards, you can obtain them at a very reasonable price. Beforre we started offering the sysmoUSIM cards, we couldn't find programmable SIM cards for under EUR 70 per unit. Now we're at less than 10% of that. In low quantity, shipping globally, available to anyone without going through a Quote/PO/... process.
And now you are asking us to spend time and help you with some other cards. Cards of a supplier that has never done anything for the Osmocom or general open source community, never released proper documentation or never contributed any code.
You are free to do whatever you want by yourself, and we're very happy to merge any related patches by anoyne interested in adding support for more card types to pySim. But please allow us to spend our time on development of something that really matters, i.e. something that isn't already possible today, rather than spending time on replicating something that's already available to anyone for a very low price. It will not bring the capabilities of Open Source Mobile communications forward. Or would you disagree?
Also is it possible this software has the USIM support within, and could be simply "traced" ?
No. At that point you couldn't even buy USIMs from GRcard.
I really think you should bother GRcard with those kind of questions. If somebody is selling a programmable SIM card to you, he should provide you with the tools to progam it.
You have obtained a product and want to use it. It's not *our* job to help you make use it. It's the job of whoever sold you those cards.
Regards, Harald
Harald, please, I'm not asking you to fix this for me, just to point me in the right direction, in my efforts. Which you did.
Investigation with supplier and vendor is already undergoing, and I'll let you know, if I obtain any kind of info, that might be interesting and/or useful for the community.
I also have sysmocom SJS1 on the way, so it will shortly stop being pain for me, and I'll have time to invest in reverse-engineering the chinese green cards.
Also if I'll have the documentation available, I'll contribute with patch to use with GR-USIM cards. And I disagree that solving or trying to solve the question, whether these chinese sim cards are easy-to-use and programmable, will not do any good. It might not be the most important or interesting topic, but still it is something, and something useful in the end. But as I said in the beginning, please, I'm not asking you to spend much time on my issue.
Initial motivation was my idea, that I cannot search or that this should be issue, somebody in this community already tackled, it's not, and I take that as conclusion.
Take care Harald, and no hard feelings, really
Best Regards Marek Sebera
On 01/31/2018 03:12 PM, Harald Welte wrote:
On Wed, Jan 31, 2018 at 02:49:34PM +0100, Marek Sebera wrote:
Could you maybe tell me, because I haven't found anywhere in docs, which software and its version did you traced?
This was some 5 or more years ago. Clearly I have no recollection of that.
I also don't see why I would or should invest time on this. At the time we sourced chinese magic and GRsim cards and developed pySim, it was not possible to get small quantities of programmable cards in Europe or the US, at least mot on the general/open market for a reasonable price, together with knowhow or tools to program them.
We have achieved that goal at the time, and after a lot of painful difficulties with GRcard, we have since moved to *much* better cards, and they are generally available together with pySim, the sysmusim-util and even a manual listing the APDUs and explaining the tools usage.
So the problem no longe exists. If you need a small quantity of programmable cards, you can obtain them at a very reasonable price. Beforre we started offering the sysmoUSIM cards, we couldn't find programmable SIM cards for under EUR 70 per unit. Now we're at less than 10% of that. In low quantity, shipping globally, available to anyone without going through a Quote/PO/... process.
And now you are asking us to spend time and help you with some other cards. Cards of a supplier that has never done anything for the Osmocom or general open source community, never released proper documentation or never contributed any code.
You are free to do whatever you want by yourself, and we're very happy to merge any related patches by anoyne interested in adding support for more card types to pySim. But please allow us to spend our time on development of something that really matters, i.e. something that isn't already possible today, rather than spending time on replicating something that's already available to anyone for a very low price. It will not bring the capabilities of Open Source Mobile communications forward. Or would you disagree?
Also is it possible this software has the USIM support within, and could be simply "traced" ?
No. At that point you couldn't even buy USIMs from GRcard.
I really think you should bother GRcard with those kind of questions. If somebody is selling a programmable SIM card to you, he should provide you with the tools to progam it.
You have obtained a product and want to use it. It's not *our* job to help you make use it. It's the job of whoever sold you those cards.
Regards, Harald
-
Harald Welte -
Marek Sebera -
Tomcsányi, Domonkos