This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Mychaela Falconia mychaela.falconia at gmail.comHello esteemed masters of Osmocom, (asking here because Harald's proposed osmocom-simcard list hasn't been created yet) I have some questions and experience-based corrections related to the gold nuggets contained in this wiki page: https://osmocom.org/projects/cellular-infrastructure/wiki/GrcardSIM2 First let me establish relevance: even though Sysmocom stopped selling these GR2 cards ages ago and it looks like the wider Osmocom community also stopped playing with them once sysmoUSIM-SJS1 came out, these same GrcardSIM2 cards are still available from Grcard in the present day. A week and a half ago I received 5 sample cards (plain white, no printing, unprogrammed) from Grcard that return the same ATR as is listed for sysmoSIM-GR2, and all of the card-model-specific proprietary commands described on the above wiki page work exactly the same on these cards as they once worked on sysmoSIM-GR2. I am now in the process of ordering a batch of 200 of these cards from Grcard, with my own custom printing applied (so they will look pretty, not plain white and not black like sysmoISIM-SJA2) - essentially I am bringing back an exact equivalent of the discontinued sysmoSIM-GR2. With relevance thus established, let's move on technical questions: * The wiki page describes a file named EF.WEKI, file ID 0001 under DF.GSM. Whoever wrote this wiki page, how did you get this fancy name EF.WEKI? Was there some kind of document from Grcard that described this card-model-specific proprietary file? Does that document still exist somewhere? Can there be some way for mere mortals like me to see that document? * The wiki page describes byte 3 of EF.WEKI as selecting COMP128 algorithm version. It lists 0 as selecting COMP128v1 and 1 as selecting COMP128v2, and these two codes are correct - confirmed by programming these codes, doing a RUN GSM ALGO command, and comparing returned SRES and Kc against osmo-auc-gen. However, the page lists 3 as selecting COMP128v3, and this part is not correct - writing 3 in there results in COMP128v2 being selected, just like code 1. Instead I need to write 2 into the lower nibble of this byte in order to get COMP128v3 SRES and Kc in response to RUN GSM ALGO. * The COMP128 selection code is just the lower nibble of byte 3 of EF.WEKI - the upper nibble is something else that currently eludes my understanding. The wiki page instructs users to write 0 into the upper nibble, and so does pySim-prog - yet in the initial "unprogrammed" state of the cards I received from Grcard, this upper nibble is set to 2, not 0. I could not see any observable difference in card behaviour whether the upper nibble is set to 0 or 2 - either way the lower nibble selects COMP128 version for RUN GSM ALGO operations. * The wiki page gives the impression that EF.WEKI is 19 bytes long in total. However, the actual size of this transparent EF on the card is 35 bytes, i.e., there is another 16-byte field (some other key?) after Ki. Of the people who were once privileged with proper official documentation for these cards, might anyone be able to tell what this other key is for? Could it perhaps be some kind of key for OTA? Before someone tells me that I should direct these questions to Grcard, given that I am buying cards from them, let me assure everyone that yes, of course I am doing everything I can to pry this information out of them. However, they seem to have the same attitude as most Chinese companies where they just want you to buy their product and not ask any technical questions, and whatever answers they do give are so terse that they feel like non-answers. But there is also the undeniable fact that once upon a time these cards were resold by Sysmocom, once upon a time this Osmocom community right here worked with these cards, and someone in this community (or on Sysmocom staff) must have gotten enough documentation to write the wiki page and pySim-prog support for them. Thus I feel at least somewhat justified in asking this community for help with bringing back this lost knowledge. On a happier note, my fc-pcsc-tools suite (fc-simtool and its limited- function companion fc-uicc-tool) is advancing quite a bit in functionality. I don't know how it compares to pysim-shell since I gave up trying to get the latter to run under Slackware (just too many difficult dependencies), but from what I read in mailing list posts, pysim-shell seems to be rather UICC-centric - I couldn't tell if it is supposed to work on non-UICC GSM 11.11 protocol cards or not. In contrast, my fc-simtool (written in C, zero dependencies beyond libpcsclite) speaks the classic GSM 11.11 SIM protocol and does everything that is possible within this protocol, including innovative hacks like brute force search of the file ID space. This tool should be ideal for cards like GrcardSIM2 which are non-UICC and for which the classic GSM 11.11 SIM protocol is native. The companion utility fc-uicc-tool for the UICC protocol is quite minimal in functionality, just enough to satisfy the few areas of curiosity I had in relation to that protocol and the cards I have around that speak it. These new C-language SIM tools live here: https://www.freecalypso.org/hg/fc-pcsc-tools/ The code is 100% my own original work and there is a LICENSE file at the top of the repository declaring it as public domain, so there should be no problem with Free Software status of the work. In hacking fellowship, Mother Mychaela