OTA RFM on sysmoISIM-SJA2 cards

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Mychaela Falconia mychaela.falconia at gmail.com
Mon Feb 22 23:55:02 UTC 2021


Hi Vadim,

> thanks for your detailed report, I have submitted a bugfix:
>
> https://git.osmocom.org/sim/sim-tools/log/?h=fixeria/fixes

LGTM.

> Please let us know if it works for you, so we'll merge it to master.

I have tested the PoC test_rfm() function in your new version, and it
now emits packets that are 8 bytes shorter than before, matching what
my own ota-smswrap-sjs1 C-language utility generates.  The new way
works with both sysmoUSIM-SJS1 and sysmoISIM-SJA2, using each card's
respective different keys from webshop emails.  KIC2 and KID2 are the
keys needed for this operation.

Please note, however, that the only feature of shadysim.py I ever
tested (both before and after your fix) is the test_rfm() function
which can only be exercised by editing the code to uncomment the two
lines that invoke it and exit - there is no command line option for
this function, which itself is of course nothing more than a PoC.  I
have never exercised this program's main intended function of
manipulating Java card applets - at the present moment I have no need
for those, and I don't know when (if ever) I will get to play with STK
and Java applets for it - right now there are too many other areas of
GSM that are more interesting to me. :)

> I hope you don't mind that I copy-pasted some sentences from your
> original message into the commit description.

Sure thing - technical knowledge is meant to be shared and reproduced
in different media and fora.

In other SIM card news, it looks like Grcard folks (back from their
LNY holidays) are reshipping their sample cards to me via a different
route (going through HK this time), thus there is a chance that I
might finally receive them this week or the next.  I am very anxious
to find out if they are the same card platform as the short-lived
sysmoSIM-GR2, or if it's a newer evolutionary revision given how many
years have passed - given that they once made the evolutionary change
from GR1 to GR2, we have every reason to expect that other evolutionary
changes have followed since then.  One of the features I hope to see
included on these new cards is RFM - I will be perfectly fine with a
non-Java card with no ability to install applications, but I do desire
RFM - being able to write the MSISDN record OTA like real operators do
is just so cool!

Would anyone happen to know if the short-lived historical sysmoSIM-GR2
cards supported RFM or not?  I reason that GR1 cards probably lacked
this feature, but I do wonder about GR2.

In hacking fellowship,
Mother Mychaela



More information about the OpenBSC mailing list