On Thu, Jul 25, 2019 at 01:05:54PM +0400, Emre Geckin wrote: the [U]SIM application normally does not request the IMEI, nor any other information. it is mainly a storage and key generation application. it would be possible for a UICC (the card) to be "proactive" and use the "card application toolkit" to interact with the mobile though (what vadim mentioned). to read out the IMEI, it could use the RUN AT COMMAND. see ETSI TS 102 223 for more information. to find out which mechanism is used, you would need to monitor the UICC-ME communication (for example using SIMtrace). the CHV (aka PIN) only protects files on the SIM card, not on the mobile. the SIMtrace hardware supports man-in-middle, but not the original firmware. if you have a SIMtrace (v1) board (https://osmocom.org/projects/simtrace/wiki/SIMtrace) you can use the alternative firmware simlabtrace (https://github.com/kamwar/simlabTrace/wiki). the SIMtrace v2 (https://osmocom.org/projects/simtrace2/wiki) firmware does not support MITM currently. there is also no ETA, but we are working on card emulation (you then just need a separate card reader and custom filtering software).