Questions about the SIM card for VoWiFi

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/simtrace@lists.osmocom.org/.

Hyunwoo Lee hw5773 at gmail.com
Fri Nov 5 22:13:24 UTC 2021 

Dear,

I am Hyunwoo Lee. I am a newbie to configure the custom SIM card.
I have one question in configuring sysmoISIM-SJA2 to enable VoWiFi on COTS
UEs. The UEs that I am working on are Samsung Galaxy A21, OnePlus 7T, and
Motorola G Power.

I tried to make the UEs discover the ePDG by sending the DNS query and
establish the IPsec channel with my IPsec server. I ran my own DNS server
to reply with the IP address of my IPsec server on the DNS query. I tried
to make it similar to the T-mobile setting since all of the UEs work well
with the T-mobile SIM card. Unfortunately, I could not succeed in enabling
VoWiFi on the UEs and I do not know why they do not work and what I can do
further.

I would appreciate it if someone could help me with this. I described what
I did in detail below the line.
Thank you in advance for your help!

Sincerely,
Hyunwoo Lee.

------------------------------

What I did is as follows:
1) Equipments
 - Two sysmoISIM-SJA2
 - PC/SC CCID ISO7816 USB Smart Card Reader
 - UEs: Samsung Galaxy A21, OnePlus 7T, and Motorola G Power (all of them
work well with the T-mobile SIM card)

2) Environment
 - Ubuntu 18.04 LTS
 - python 3.6.9
 - pySim 1.0

3) Configuration of the SIM cards with pysim
 - The command that I used to configure the SIM cards (to T-mobile) was:
  : python3 pySim-prog.py -p 0 -a <adm value> -n name -x 310 -y 260
--imsi=3102601234567890 --msisdn=<telephone number> --epdgid=
epdg.epc.mnc260.mcc310.pub.3gppnetwork.org --epdgSelection=310260
--ims-hdomain=ims.mnc260.mcc310.3gppnetwork.org --impi=
sip:3102601234567890 at ims.mnc260.mcc310.3gppnetwork.org --impu=
sip:3102601234567890 at ims.mnc260.mcc310.3gppnetwork.org --iccid=<ICCID value>
 - The mnclen value is set to 3

4) UE behavior with the SIM card
 - Samsung Galaxy A21
  : It sends the DNS query for the ePDG, but does not execute the IKE
protocol to establish the IPsec channel with the T-mobile core network.

 - OnePlus 7T and Motorola G Power
  : It does not send the DNS query for the ePDG.

5) Configuration result
 - The command that I used to read the SIM card
  : python3 pySim-read.py -p 0
 - The result of the command
Using PC/SC reader interface
Reading ...
Autodetected card type: sysmoISIM-SJA2
ICCID: 8988211000000459514
IMSI: None
GID1: ffffffffffffffffffff
GID2: ffffffffffffffffffff
SMSP:
ffffffffffffffffffffffffffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
SPN: name
Show in HPLMN: True
Hide in OPLMN: True
PLMNsel:
130062ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
PLMNwAcT:
130062ffff # MCC: 310 MNC: 260 AcT: UTRAN, E-UTRAN WB-S1, E-UTRAN NB-S1,
GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused

OPLMNwAcT:
130062ffff # MCC: 310 MNC: 260 AcT: UTRAN, E-UTRAN WB-S1, E-UTRAN NB-S1,
GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused

HPLMNAcT:
130062ffff # MCC: 310 MNC: 260 AcT: UTRAN, E-UTRAN WB-S1, E-UTRAN NB-S1,
GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused

ACC: 0002
MSISDN (NPI=1 ToN=3): 17657759216
Administrative data: 00000003
MS operation mode: normal
Ciphering Indicator: disabled
SIM Service Table: ff33ffff3f003f0f300cf0c3f00000
Service 1 - CHV1 disable function
Service 2 - Abbreviated Dialling Numbers (ADN)
Service 3 - Fixed Dialling Numbers (FDN)
Service 4 - Short Message Storage (SMS)
Service 5 - Advice of Charge (AoC)
Service 6 - Capability Configuration Parameters (CCP)
Service 7 - PLMN selector
Service 8 - RFU
Service 9 - MSISDN
Service 10 - Extension1
Service 13 - Last Number Dialled (LND)
Service 14 - Cell Broadcast Message Identifier
Service 17 - Service Provider Name
Service 18 - Service Dialling Numbers (SDN)
Service 19 - Extension3
Service 20 - RFU
Service 21 - VGCS Group Identifier List (EFVGCS and EFVGCSS)
Service 22 - VBS Group Identifier List (EFVBS and EFVBSS)
Service 23 - enhanced Multi-Level Precedence and Pre-emption Service
Service 24 - Automatic Answer for eMLPP
Service 25 - Data download via SMS-CB
Service 26 - Data download via SMS-PP
Service 27 - Menu selection
Service 28 - Call control
Service 29 - Proactive SIM
Service 30 - Cell Broadcast Message Identifier Ranges
Service 31 - Barred Dialling Numbers (BDN)
Service 32 - Extension4
Service 33 - De-personalization Control Keys
Service 34 - Co-operative Network List
Service 35 - Short Message Status Reports
Service 36 - Network's indication of alerting in the MS
Service 37 - Mobile Originated Short Message control by SIM
Service 38 - GPRS
Service 49 - MExE
Service 50 - Reserved and shall be ignored
Service 51 - PLMN Network Name
Service 52 - Operator PLMN List
Service 53 - Mailbox Dialling Numbers
Service 54 - Message Waiting Indication Status
Service 57 - Multimedia Messaging Service (MMS)
Service 58 - Extension 8
Service 59 - MMS User Connectivity Parameters

EHPLMN:
130062 # MCC: 310 MNC: 260
ffffff # unused
ffffff # unused
ffffff # unused

USIM Service Table: beff9f9de73e0408400170330006002e00000000
Service 2 - Fixed Dialling Numbers (FDN)
Service 3 - Extension 2
Service 4 - Service Dialling Numbers (SDN)
Service 5 - Extension3
Service 6 - Barred Dialling Numbers (BDN)
Service 8 - Outgoing Call Information (OCI and OCT)
Service 9 - Incoming Call Information (ICI and ICT)
Service 10 - Short Message Storage (SMS)
Service 11 - Short Message Status Reports (SMSR)
Service 12 - Short Message Service Parameters (SMSP)
Service 13 - Advice of Charge (AoC)
Service 14 - Capability Configuration Parameters 2 (CCP2)
Service 15 - Cell Broadcast Message Identifier
Service 16 - Cell Broadcast Message Identifier Ranges
Service 17 - Group Identifier Level 1
Service 18 - Group Identifier Level 2
Service 19 - Service Provider Name
Service 20 - User controlled PLMN selector with Access Technology
Service 21 - MSISDN
Service 24 - Enhanced Multi-Level Precedence and Pre-emption Service
Service 25 - Automatic Answer for eMLPP
Service 27 - GSM Access
Service 28 - Data download via SMS-PP
Service 29 - Data download via SMS-CB
Service 32 - RUN AT COMMAND command
Service 33 - shall be set to 1
Service 34 - Enabled Services Table
Service 35 - APN Control List (ACL)
Service 38 - GSM security context
Service 39 - CPBCCH Information
Service 40 - Investigation Scan
Service 42 - Operator controlled PLMN selector with Access Technology
Service 43 - HPLMN selector with Access Technology
Service 44 - Extension 5
Service 45 - PLMN Network Name
Service 46 - Operator PLMN List
Service 51 - Service Provider Display Information
Service 60 - User Controlled PLMN selector for I-WLAN access
Service 71 - Equivalent HPLMN
Service 73 - Equivalent HPLMN Presentation Indication
Service 85 - EPS Mobility Management Information
Service 86 - Allowed CSG Lists and corresponding indications
Service 87 - Call control on EPS PDN connection by USIM
Service 89 - eCall Data
Service 90 - Operator CSG Lists and corresponding indications
Service 93 - Communication Control for IMS by USIM
Service 94 - Extended Terminal Applications
Service 106 - ePDG configuration Information support
Service 107 - ePDG configuration Information configured
Service 122 - 5GS Mobility Management Information
Service 123 - 5G Security Parameters
Service 124 - Subscription identifier privacy support
Service 126 - UAC Access Identities support

ePDGId:
657064672e6570632e6d6e633236302e6d63633331302e7075622e336770706e6574776f726b2e6f7267
# epdg.epc.mnc260.mcc310.pub.3gppnetwork.org

ePDGSelection:
130062000100 # MCC: 310 MNC: 260 ePDG Priority: 0001 ePDG FQDN format:
Operator Identifier FQDN
ffffffffffff # unused
ffffffffffff # unused
ffffffffffff # unused

P-CSCF:
Not available
Not available
Not available
Not available
Not available
Not available
Not available
Not available

Home Network Domain Name: ims.mnc260.mcc310.3gppnetwork.org
IMS private user identity:
sip:3102601234567890 at ims.mnc260.mcc310.3gppnetwork.org
IMS public user identity:
sip:3102601234567890 at ims.mnc260.mcc310.3gppnetwork.org
Not available
Not available
Not available
Not available
Not available
Not available
Not available

UICC IARI:
Not available
Not available
Not available
Not available
Not available
Not available
Not available
Not available

ISIM Service Table: 190200
Service 1 - P-CSCF address
Service 4 - GBA-based Local Key Establishment Mechanism
Service 5 - Support of P-CSCF discovery for IMS Local Break Out
Service 10 - Support of UICC access to IMS

Done !

Hyunwoo Lee, Ph. D.
Network Security Researcher

E-mail: hw5773 at gmail.com
Homepage: https://hw5773.github.io
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/simtrace/attachments/20211105/05f75182/attachment.htm>

More information about the simtrace mailing list