Hi,
as I could not find any udpates since July 2011 about MitM capable firmware here, or on the Wiki page I wanted to check if there is currently active development of a MitM firmware ?
I would like to use it to manipulate fields from a physical SIM / UICC in real-time, e.g. non user editable fields like EF OPLMNwAcT.
As a next step I would like to develop a tool that simulates a UICC with several applications on it, so that only the authentication is being made by the real UICC / SIM and utilize the simtrace HW as the physical interface.
However the key to this is a proper firmware to interact with the ME <-> UICC communication in real time.
I have written some classes and decoder for specific fields in Python (using Smartcard and a PCSC compatible reader) that can read and write, authenticate etc. however I lack the ability to write the firmware on my own.
Regards, Dominique
On 01/11/2012 01:42 PM, Dominique Parolin wrote:
Hi,
Hi,
it is not implemented, regarding SIM emulation there is Kevin's softsim[1].
holger
If you have Ki of some real SIM I believe you could get some programmable SIM like those which were on cccamp 2011 and make those files there.
i just think it might be less time consuming than implementing all the commands phone may be using (not sure what's implemented in softsim tho, never used it).
cheers, lukash
On Wed, Jan 11, 2012 at 1:42 PM, Dominique Parolin D.Parolin@gmx.netwrote:
Hi,
as I could not find any udpates since July 2011 about MitM capable firmware here, or on the Wiki page I wanted to check if there is currently active development of a MitM firmware ?
I would like to use it to manipulate fields from a physical SIM / UICC in real-time, e.g. non user editable fields like EF OPLMNwAcT.
As a next step I would like to develop a tool that simulates a UICC with several applications on it, so that only the authentication is being made by the real UICC / SIM and utilize the simtrace HW as the physical interface.
However the key to this is a proper firmware to interact with the ME <-> UICC communication in real time.
I have written some classes and decoder for specific fields in Python (using Smartcard and a PCSC compatible reader) that can read and write, authenticate etc. however I lack the ability to write the firmware on my own.
Regards, Dominique
here more general info about softsim: - to use it you must first dump the sim card data (tool available). softsim will use this dump. - it can not handle Ki. it either uses the auth-tuples it dumped, or forwards the requests to the real sim. - it implements most (used) SIM commands (but not USIM at all).
happy to help, kevin
Excerpts from Lukas Kuzmiak's message of Thu Jan 12 04:58:02 +0100 2012:
If you have Ki of some real SIM I believe you could get some programmable SIM like those which were on cccamp 2011 and make those files there.
i just think it might be less time consuming than implementing all the commands phone may be using (not sure what's implemented in softsim tho, never used it).
cheers, lukash
On Wed, Jan 11, 2012 at 1:42 PM, Dominique Parolin D.Parolin@gmx.netwrote:
Hi,
as I could not find any udpates since July 2011 about MitM capable firmware here, or on the Wiki page I wanted to check if there is currently active development of a MitM firmware ?
I would like to use it to manipulate fields from a physical SIM / UICC in real-time, e.g. non user editable fields like EF OPLMNwAcT.
As a next step I would like to develop a tool that simulates a UICC with several applications on it, so that only the authentication is being made by the real UICC / SIM and utilize the simtrace HW as the physical interface.
However the key to this is a proper firmware to interact with the ME <-> UICC communication in real time.
I have written some classes and decoder for specific fields in Python (using Smartcard and a PCSC compatible reader) that can read and write, authenticate etc. however I lack the ability to write the firmware on my own.
Regards, Dominique
Thanks Lukash,
If you have Ki of some real SIM I believe you could get some programmable SIM like those which were on cccamp 2011 and make those files there.
I am actually less interested in cloning a SIM, rather than the development of the actual SW than can do this stuff.
As it is yet impossible to extract the Ki of current SIMs / UICCs and the algorithm used can be a modified one, there won't be any use for such an emulated one in a real NW.
However to get full control over fields that the actual SIM/UICC holds and that are only editable by using ADM codes the MitM firmware would be a great tool.
You could force certain roaming scenarios, force failures for testing etc.
I understand that this might not really be useful in the scope of what simtrace is intended for.
Will look deeper into softsim, maybe start reimplementing it in Python in the scope of "RFC: Generic (U)SIM software"
Already have certain Python functionality to read/write/decode EFs on SIM and USIM, I am yet lacking the physical interface to an actual phone.
Regards, Dominique
-
Dominique Parolin -
Holger Hans Peter Freyther -
Kevin Redon -
Lukas Kuzmiak -
Peter Stuge