Hi Mychaela,
On Thu, Feb 04, 2021 at 04:42:35AM -0800, Mychaela Falconia wrote:
In theory, you
should be able to remove the respective applications from
most java based cards with the right credentials
For the "right credentials" part, I have a 10-pack of sysmoISIM-SJA2
cards which I bought with ADM keys included. The key material email
from your webshop gives ADM1 and KI[CDK][123] for each card - are
these the right credentials?
yes, please see the user manual on which keys to use for authentication
via SCP02 (par as global platform)
via SCP02.
Did you try?
I am afraid the learning curve will probably be too steep for me to
climb at this moment - but I am making a mental note to read up on
SCP02, whatever it is, when and if I get the mental space for it.
There's a nice command line tool called GlobalPlatformPro (written In java)
available from
https://github.com/martinpaljak/GlobalPlatformPro
Using it you can authenticate using SCP02 and then perform JavaCard application
management on the card.
I've never tried the "-delete" option for any of the ISIM/USIM
applications,
but it does look rather easy to try, if you are interested in that kind of thing.
Please note, once you deleted it, there is likely no way to recover, as
sysmocom cannot distribute third-party card applications in installable form.
sysmocom can
certainly also provide such cards, should you have a
related requirement.
What would be the MOQ and minimum order total cost for the following?:
MOQ for custom production batches at the factory is 1000 units.
We can also re-program white or sysmocom-printed cards at sysmocom, if
smaller batches are required (but that excludes custom printing).
* Application customization: either classic GSM only
or classic GSM
plus USIM (TBD), but no ISIM;
I'd do that for free in your case. But even if we'd charge, it's probably
less
than 4 hours of work in total.
* 1FF+2FF-only cut, with the 2FF piece being fully
solid w/o 3FF or
4FF cuts;
No extra cost associated with that.
* Custom printing.
This is likely going to be the most significant factor. Printing for any
batch below 10k cards has a significant price tag associated.
I would prefer to keep the discussions on the osmocom lists of technical
nature; feel free to contact sales(a)sysmocom.de for commercial information.
Just how much control do you have over your cards?
We control the configuration/profile/personalization process to the last bit,
but not the CardOS. We can choose the OS and version, but we cannot modify the
OS code.
Your docs give the impression that your
vendor/supplier more or less
forced you into a new CardOS platform by declaring EOL on the one you
had for SJS1
Well, so is life in the technology industry. Both hardware (in this
case the Samsung chip used) and software / OS go end-of-life for a
variety of reasons. We've been able to source the old chips + OS for
many years before, so I'm not complaining.
and
the comments in your Python code for programming Ki/OPc/etc make it
sound like these aspects were something you had to reverse-eng from
what your vendor gave you, rather than something you actually designed
yourselves.
sysmocom did not have to reverse-engineer the SJS1 nor SJA2 cards.
I mean, if your own team had actually designed the
custom
non-standard files for storing keys and algorithm selections, surely
you would not have come up with the awkward design where you have to
repeatedly store into each of SIM, USIM and ISIM, without making it
clear at all whether or not these files are all linked or separate...
I disagree. This was a deliberate design decision for the SJA2 cards,
in order to ensure maximum flexibility. If you link/share those files,
then all applications must always share the same key material and
algorithm. However, I can very well imagine legitimate use cases
where you want to use different key materials for the IMS/VoLTE
authentication than the key material used for the underlying radio
network.
If you were to make a version without ADF.ISIM or
without both
ADF.ISIM and ADF.USIM, what would the architecture look like for
storing Ki (or K/OPc) and algorithm selections?
if it's just SIM, then there's only one set of keys configured in
DF.SYSTEM.
If you want USIM and/or ISIM, those keys can either be shared or
different.
I am also concerned about the following stanza in
sysmo_isim_sja2.py:
sysmo_isimsja2_algorithms = (
(SYSMO_ISIMSJA2_ALGO_COMP12V1, 'COMP128v1'),
(SYSMO_ISIMSJA2_ALGO_COMP12V2, 'COMP128v2'),
(SYSMO_ISIMSJA2_ALGO_COMP12V3, 'XOR-2G'),
(SYSMO_ISIMSJA2_ALGO_MILENAGE, 'MILENAGE'),
(SYSMO_ISIMSJA2_ALGO_SHA1AKA , 'SHA1-AKA'),
(SYSMO_ISIMSJA2_ALGO_XOR, 'XOR'),
)
Why is SYSMO_ISIMSJA2_ALGO_COMP12V3 mapped to 'XOR-2G' and not
'COMP128v3'?
That is a question to Philipp (Cc) who is the main author and
maintainer of that program. IT does look *very* strange to me, too :)
Does sysmoISIM-SJA2 (and presumably any custom config
based on your current SJA2 CardOS) actually support COMP128v3 or not?
They should support it for sure, though I don't think anyone has tried so far.
If you have the ADM1 keys, you are happy to try.
--
- Harald Welte <laforge(a)osmocom.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)