SlideShare una empresa de Scribd logo
1 de 46
Descargar para leer sin conexión
Subscriber Identity Module














💸
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
$ pcsc_scan
PC/SC device scanner
V 1.4.23 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.11
Using reader plug'n play mechanism
Scanning present readers...
0: Gemalto PC Twin Reader 00 00
Wed Oct 5 21:45:38 2016
Reader 0: Gemalto PC Twin Reader 00 00
Card state: Card inserted,
ATR: 3B 9D 95 80 3F C7 A0 80 31 A0 73 BE 21 13 51 05 83 05 90 00 7C
ATR: 3B 9D 95 80 3F C7 A0 80 31 A0 73 BE 21 13 51 05 83 05 90 00 7C
+ TS = 3B --> Direct Convention
+ T0 = 9D, Y(1): 1001, K: 13 (historical bytes)
TA(1) = 95 --> Fi=512, Di=16, 32 cycles/ETU
125000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 156250 bits/s
TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
TD(2) = 3F --> Y(i+1) = 0011, Protocol T = 15 - Global interface bytes following
-----
TA(3) = C7 --> Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
TB(3) = A0 -->
+ Historical bytes: 80 31 A0 73 BE 21 13 51 05 83 05 90 00
Category indicator byte: 80 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: A0
- Application selection: by full DF name
- BER-TLV data objects available in EF.DIR
- EF.DIR and EF.ATR access services: by GET RECORD(s) command
- Card with MF
Tag: 7, len: 3 (card capabilities)
Selection methods: BE
- DF selection by full DF name
- DF selection by path
- DF selection by file identifier
- Implicit DF selection
- Short EF identifier supported
- Record number supported
Data coding byte: 21
- Behaviour of write functions: proprietary
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
Command chaining, length fields and logical channels: 13
- Logical channel number assignment: by the card
- Maximum number of logical channels: 4
Tag: 5, len: 1 (card issuer's data)
Card issuer data: 05
Tag: 8, len: 3 (status indicator)
LCS (life card cycle): 05 (Operational state (activated))
SW: 9000 (Normal processing.)
+ TCK = 7C (correct checksum)
Possibly identified card (using /home/sim-user/.cache/smartcard_list.txt):
3B 9D 95 80 3F C7 A0 80 31 A0 73 BE 21 13 51 05 83 05 90 00 7C
NTT docomo Xi(LTE) DN05(DNP) Pink SIM (Telecommunication)
- Maximum number of logical channels: 4
Tag: 5, len: 1 (card issuer's data)
Card issuer data: 05
Tag: 8, len: 3 (status indicator)
LCS (life card cycle): 05 (Operational state (activated))
SW: 9000 (Normal processing.)
+ TCK = 7C (correct checksum)
Possibly identified card (using /home/sim-user/.cache/smartcard_list.txt):
3B 9D 95 80 3F C7 A0 80 31 A0 73 BE 21 13 51 05 83 05 90 00 7C
NTT docomo Xi(LTE) DN05(DNP) Pink SIM (Telecommunication)
Subscriber Identity Module
thanks!!
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
3GPP
3GPP TS 11.11 V8.14.0 (2007-06)118Release 1999
MF
'3F00'
DFGSM DFTELECOM DFIS-41 DFFP-CTS EFICCID EFELP
'7F20' '7F10' '7F22' '7F23' '2FE2' '2F05'
see GSM 11.19
EFADN EFFDN EFSMS EFCCP EFMSISDN
'6F3A' '6F3B' '6F3C' '6F3D' '6F40'
EFSMSP EFSMSS EFLND EFSMSR EFSDN
'6F42' '6F43' '6F44' '6F47' '6F49'
EFEXT1 EFEXT2 EFEXT3 EFBDN EFEXT4
'6F4A' '6F4B' '6F4C' '6F4D' '6F4E'
DFGRAPHICS EFIMG
'5F50' '4F20'
DFIRIDIUM DFGLOBST DFICO DFACeS
'5F30' '5F31' '5F32' '5F33'
DFEIA/TIA-553 DFCTS DFSoLSA EFSAI EFSLL
'5F40' '5F60' '5F70' '4F30' '4F31'
see GSM 11.19
DFMExE EFMExE-ST EFORPK EFARPK EFTPRPK
'5F3C' '4F40' '4F41' '4F42' '4F43'
EFLP EFIMSI EFKc EFPLMNsel EFHPPLMN EFACMmax
'6F05' '6F07' '6F20' '6F30' '6F31' '6F37'
EFSST EFACM EFGID1 EFGID2 EFPUCT EFCBMI
'6F38' '6F39' '6F3E' '6F3F' '6F41' '6F45'
EFSPN EFCBMID EFBCCH EFACC EFFPLMN EFLOCI
'6F46' '6F48' '6F74' '6F78' '6F7B' '6F7E'
EFAD EFPHASE EFVGCS EFVGCSS EFVBS EFVBSS
'6FAD' '6FAE' '6FB1' '6FB2' '6FB3' '6FB4'
EFeMLPP EFAAeM EFECC EFCBMIR EFNIA EFKcGPRS
'6FB5' '6FB6' '6FB7' '6F50' '6F51' '6F52'
EFLOCIGPRS EFSUME EFPLMNwAcT EFOPLMNwAcT EFHPLMNAcT EFCPBCCH
'6F53' '6F54' '6F60' '6F61' '6F62' '6F63'
EFINVSCAN
'6F64'
Figure 8: File identifiers and directory structures of GSM
./pySim-read.py -p 0
Reading ...
8981100004402791051
440103152044102
SMSP: edffffffffffffffffffffffff07911809131056f2ffffffffffffa9
ACC: 0004
MSISDN: 07817040919843f3ffffffffffff
Done !
ICCID:
IMSI:
./pySim-read.py -p 0
Reading ...
8981100004402791051
440103152044102
SMSP: edffffffffffffffffffffffff07911809131056f2ffffffffffffa9
ACC: 0004
MSISDN: 07817040919843f3ffffffffffff
Done !
ICCID:
IMSI:
Subscriber Identity Module
3GPP TS 11.11 V8.14.0 (200118se 1999
MF
'3F00'
FGSM DFTELECOM DFIS-41 DFFP-CTS EFICCID EFELP
F20' '7F10' '7F22' '7F23' '2FE2' '2F05'
see GSM 11.19
EFADN EFFDN EFSMS EFCCP EFMSISDN
'6F3A' '6F3B' '6F3C' '6F3D' '6F40'
EFSMSP EFSMSS EFLND EFSMSR EFSDN
'6F42' '6F43' '6F44' '6F47' '6F49'
EFEXT1 EFEXT2 EFEXT3 EFBDN EFEXT4
'6F4A' '6F4B' '6F4C' '6F4D' '6F4E'
19 bytes
2bytes 2bytes 2bytes 12bytes 1byte
MII CC II 12bytes CS
89 81 10 000440279105 1
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
3GPP TS 11.11 V8.14.0 (20118Release 1999
MF
'3F00'
DFGSM DFTELECOM DFIS-41 DFFP-CTS EFICCID EFELP
'7F20' '7F10' '7F22' '7F23' '2FE2' '2F05
see GSM 11.19
EFADN EFFDN EFSMS EFCCP EFMSISD
'6F3A' '6F3B' '6F3C' '6F3D' '6F40
EFSMSP EFSMSS EFLND EFSMSR EFSDN
'6F42' '6F43' '6F44' '6F47' '6F49
EFEXT1 EFEXT2 EFEXT3 EFBDN EFEXT4
'6F4A' '6F4B' '6F4C' '6F4D' '6F4E
DFGRAPHICS EFIMG
'5F50' '4F20'
EFADN EFFDN EFSMS EFCCP EFMSISD
'6F3A' '6F3B' '6F3C' '6F3D' '6F40
EFSMSP EFSMSS EFLND EFSMSR EFSDN
'6F42' '6F43' '6F44' '6F47' '6F49
EFEXT1 EFEXT2 EFEXT3 EFBDN EFEXT4
'6F4A' '6F4B' '6F4C' '6F4D' '6F4E
DFGRAPHICS EFIMG
'5F50' '4F20'
DFIRIDIUM DFGLOBST DFICO DFACeS
'5F30' '5F31' '5F32' '5F33'
DFEIA/TIA-553 DFCTS DFSoLSA EFSAI EFSLL
'5F40' '5F60' '5F70' '4F30' '4F31
see GSM 11.19
DFMExE EFMExE-ST EFORPK EFARPK EFTPRP
'5F3C' '4F40' '4F41' '4F42' '4F43
EFLP EFIMSI EFKc EFPLMNsel EFHPPLMN EFACMma
'6F05' '6F07' '6F20' '6F30' '6F31' '6F37
EFSST EFACM EFGID1 EFGID2 EFPUCT EFCBMI
~ 16 bytes
3bytes 2 ~ 3bytes ~ 10bytes
MCC MNC MSIN
440 10 3152044102
HNI
Subscriber Identity Module


Subscriber Identity Module
Peer
Peer
Authenticator
Authenticator
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/SIM/Start (AT_VERSION_LIST)
EAP-Response/SIM/Start (AT_NONCE_MT, AT_SELECTED_VERSION)
EAP-Request/SIM/Challenge (AT_RAND, AT_MAC)
Peer runs GSM algorithms, verifies
AT_MAC and derives session keys
EAP-Response/SIM/Challenge (AT_MAC)
EAP-Success
Subscriber Identity Module
Peer
Peer
Authenticator
Authenticator
EAP-Request/Identity
EAP-Response/Identity (Includes user’s NAI)
Server runs AKA algorithms,
generates RAND and AUTN.
EAP-Request/AKA-Challenge (AT_RAND, AT_AUTN, AT_MAC)
Peer runs AKA algorithms, verifies AUTN
and MAC, derives RES and session key
EAP-Response/AKA-Challenge (AT_RES, AT_MAC)
Server checks the given RES,
and MAC and finds them correct.
EAP-Success
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
COMMAND CLASS INS P1 P2 P3
INVALIDATE 'A0' '04' '00' '00' '00'
9.2.15 REHABILITATE
COMMAND CLASS INS P1 P2 P3
REHABILITATE 'A0' '44' '00' '00' '00'
9.2.16 RUN GSM ALGORITHM
COMMAND CLASS INS P1 P2 P3
RUN GSM
ALGORITHM
'A0' '88' '00' '00' '10'
Command parameters/data:
Byte(s) Description Length
1 - 16 RAND 16
Response parameters/data:
Byte(s) Description Length
1 - 4 SRES 4
5 - 12 Cipher Key Kc 8
The most significant bit of SRES is coded on bit 8 of byte 1. The most significant bit of Kc is coded on bit 8 of byte 5.
9.2.17 SLEEP
COMMAND CLASS INS P1 P2 P3
3GPP TS 11.11
Subscriber Identity Module
$ cat /etc/freeradius/simtriplets.dat
# IMSI RAND SRES Kc
440103152044102,02bbdd69578d11057f3534539d61c3e1,9b93ab20,38a74d32f6334018
440103152044102,38279ae1b4ca5d63e93fcdbc2722b216,f8f9e5fe,9952db0411e0ac54
440103152044102,f35f71777ccfd21aec28913fc3fbe3bc,31452835,752a8baa96fa7dbf
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module
Subscriber Identity Module

Más contenido relacionado

La actualidad más candente

Iptv m3u germany channels update 09 11-2017
Iptv m3u germany channels update 09 11-2017Iptv m3u germany channels update 09 11-2017
Iptv m3u germany channels update 09 11-2017Hillal Didi
 
Main foxconn g31 m09
Main foxconn g31 m09Main foxconn g31 m09
Main foxconn g31 m09ThanhNong
 
0.47 inch LCD Micro Dispalay 800x600 Resolution RGB Interface LCD Screen
0.47 inch LCD Micro Dispalay 800x600 Resolution RGB Interface LCD Screen0.47 inch LCD Micro Dispalay 800x600 Resolution RGB Interface LCD Screen
0.47 inch LCD Micro Dispalay 800x600 Resolution RGB Interface LCD ScreenShawn Lee
 
Fadal - CNC Vertical Machining Centers - Classic Series
Fadal - CNC Vertical Machining Centers - Classic SeriesFadal - CNC Vertical Machining Centers - Classic Series
Fadal - CNC Vertical Machining Centers - Classic SeriesFadal Engineering
 
Lineup (fp0, fp0 r, fpς, and fp x)
Lineup (fp0, fp0 r, fpς, and fp x)Lineup (fp0, fp0 r, fpς, and fp x)
Lineup (fp0, fp0 r, fpς, and fp x)Steven Qi
 

La actualidad más candente (10)

Iptv m3u germany channels update 09 11-2017
Iptv m3u germany channels update 09 11-2017Iptv m3u germany channels update 09 11-2017
Iptv m3u germany channels update 09 11-2017
 
Main foxconn g31 m09
Main foxconn g31 m09Main foxconn g31 m09
Main foxconn g31 m09
 
hardware_design_RAFS
hardware_design_RAFShardware_design_RAFS
hardware_design_RAFS
 
0.47 inch LCD Micro Dispalay 800x600 Resolution RGB Interface LCD Screen
0.47 inch LCD Micro Dispalay 800x600 Resolution RGB Interface LCD Screen0.47 inch LCD Micro Dispalay 800x600 Resolution RGB Interface LCD Screen
0.47 inch LCD Micro Dispalay 800x600 Resolution RGB Interface LCD Screen
 
Fadal - CNC Vertical Machining Centers - Classic Series
Fadal - CNC Vertical Machining Centers - Classic SeriesFadal - CNC Vertical Machining Centers - Classic Series
Fadal - CNC Vertical Machining Centers - Classic Series
 
Lineup (fp0, fp0 r, fpς, and fp x)
Lineup (fp0, fp0 r, fpς, and fp x)Lineup (fp0, fp0 r, fpς, and fp x)
Lineup (fp0, fp0 r, fpς, and fp x)
 
Lampiran 1.programdocx
Lampiran 1.programdocxLampiran 1.programdocx
Lampiran 1.programdocx
 
Gigabyte ga 945 gzm-s2 rev 2.11
Gigabyte ga 945 gzm-s2 rev 2.11Gigabyte ga 945 gzm-s2 rev 2.11
Gigabyte ga 945 gzm-s2 rev 2.11
 
Stat softregistration
Stat softregistrationStat softregistration
Stat softregistration
 
Sua chua may lanh cua daikin
Sua chua may lanh cua daikinSua chua may lanh cua daikin
Sua chua may lanh cua daikin
 

Similar a Subscriber Identity Module

LG DA0LG2MB6D0 REV D PDF.pdf
LG DA0LG2MB6D0 REV D PDF.pdfLG DA0LG2MB6D0 REV D PDF.pdf
LG DA0LG2MB6D0 REV D PDF.pdfHomeCell3
 
ECS H77H2-M4 rA.pptx
ECS H77H2-M4 rA.pptxECS H77H2-M4 rA.pptx
ECS H77H2-M4 rA.pptxssusercda6b5
 
Quanta ze7 r1b_schematics
Quanta ze7 r1b_schematicsQuanta ze7 r1b_schematics
Quanta ze7 r1b_schematicsDATACORP
 
Eneett re 24
Eneett re 24Eneett re 24
Eneett re 24srbancha
 
Hi t 70xx system overview
Hi t 70xx  system overviewHi t 70xx  system overview
Hi t 70xx system overviewThien Huynh
 
How to design a Passive Infrared (PIR) Open Source Project
How to design a Passive Infrared (PIR) Open Source ProjectHow to design a Passive Infrared (PIR) Open Source Project
How to design a Passive Infrared (PIR) Open Source ProjectIonela
 
Howto ethereal-wireshark-trace en
Howto ethereal-wireshark-trace enHowto ethereal-wireshark-trace en
Howto ethereal-wireshark-trace enJORGE GOMEZ
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
 
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdfpdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdfPabloLobo18
 
truSDX_Main_Schematic_1.0.pdf
truSDX_Main_Schematic_1.0.pdftruSDX_Main_Schematic_1.0.pdf
truSDX_Main_Schematic_1.0.pdfPisuMiauPisuMiau
 
MR - MGD
MR - MGDMR - MGD
MR - MGDleet01
 
CM4450 Diagrama-3395 manual de reparacion
CM4450 Diagrama-3395 manual de reparacionCM4450 Diagrama-3395 manual de reparacion
CM4450 Diagrama-3395 manual de reparacionDecimeelPapucho
 
Ax som-bf60x description
Ax som-bf60x descriptionAx som-bf60x description
Ax som-bf60x descriptionAlexey Yurko
 
Analysis Extract AFSC 5JOX1 Paralegal (Active Duty).pdf
Analysis Extract AFSC 5JOX1 Paralegal (Active Duty).pdfAnalysis Extract AFSC 5JOX1 Paralegal (Active Duty).pdf
Analysis Extract AFSC 5JOX1 Paralegal (Active Duty).pdfYasmine Anino
 
Handheld Point of Sale Terminal
Handheld Point of Sale TerminalHandheld Point of Sale Terminal
Handheld Point of Sale TerminalPremier Farnell
 

Similar a Subscriber Identity Module (20)

LG DA0LG2MB6D0 REV D PDF.pdf
LG DA0LG2MB6D0 REV D PDF.pdfLG DA0LG2MB6D0 REV D PDF.pdf
LG DA0LG2MB6D0 REV D PDF.pdf
 
ECS H77H2-M4 rA.pptx
ECS H77H2-M4 rA.pptxECS H77H2-M4 rA.pptx
ECS H77H2-M4 rA.pptx
 
Quanta ze7 r1b_schematics
Quanta ze7 r1b_schematicsQuanta ze7 r1b_schematics
Quanta ze7 r1b_schematics
 
Eneett re 24
Eneett re 24Eneett re 24
Eneett re 24
 
Hi t 70xx system overview
Hi t 70xx  system overviewHi t 70xx  system overview
Hi t 70xx system overview
 
How to design a Passive Infrared (PIR) Open Source Project
How to design a Passive Infrared (PIR) Open Source ProjectHow to design a Passive Infrared (PIR) Open Source Project
How to design a Passive Infrared (PIR) Open Source Project
 
Howto ethereal-wireshark-trace en
Howto ethereal-wireshark-trace enHowto ethereal-wireshark-trace en
Howto ethereal-wireshark-trace en
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debugging
 
Sdhstm 1 trunk card 2
Sdhstm 1 trunk card 2Sdhstm 1 trunk card 2
Sdhstm 1 trunk card 2
 
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdfpdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
pdfcoffee.com_e11is2-rev-c-schematics-pdf-free.pdf
 
Ft 50 manual
Ft 50 manualFt 50 manual
Ft 50 manual
 
truSDX_Main_Schematic_1.0.pdf
truSDX_Main_Schematic_1.0.pdftruSDX_Main_Schematic_1.0.pdf
truSDX_Main_Schematic_1.0.pdf
 
Network Docs
Network DocsNetwork Docs
Network Docs
 
MR - MGD
MR - MGDMR - MGD
MR - MGD
 
CM4450 Diagrama-3395 manual de reparacion
CM4450 Diagrama-3395 manual de reparacionCM4450 Diagrama-3395 manual de reparacion
CM4450 Diagrama-3395 manual de reparacion
 
5638
56385638
5638
 
Ax som-bf60x description
Ax som-bf60x descriptionAx som-bf60x description
Ax som-bf60x description
 
Analysis Extract AFSC 5JOX1 Paralegal (Active Duty).pdf
Analysis Extract AFSC 5JOX1 Paralegal (Active Duty).pdfAnalysis Extract AFSC 5JOX1 Paralegal (Active Duty).pdf
Analysis Extract AFSC 5JOX1 Paralegal (Active Duty).pdf
 
Packet Card Knowledge Transferfinal
Packet Card Knowledge TransferfinalPacket Card Knowledge Transferfinal
Packet Card Knowledge Transferfinal
 
Handheld Point of Sale Terminal
Handheld Point of Sale TerminalHandheld Point of Sale Terminal
Handheld Point of Sale Terminal
 

Más de Yuki Mizuno

地デジを理解したつもりになる回
地デジを理解したつもりになる回地デジを理解したつもりになる回
地デジを理解したつもりになる回Yuki Mizuno
 
Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Yuki Mizuno
 
HTML5 and Video Streaming Vol.1
HTML5 and Video Streaming Vol.1HTML5 and Video Streaming Vol.1
HTML5 and Video Streaming Vol.1Yuki Mizuno
 
実践イカパケット解析α
実践イカパケット解析α実践イカパケット解析α
実践イカパケット解析αYuki Mizuno
 
実践イカパケット解析
実践イカパケット解析実践イカパケット解析
実践イカパケット解析Yuki Mizuno
 
CTFの話 - coinsLT #10
CTFの話 - coinsLT #10CTFの話 - coinsLT #10
CTFの話 - coinsLT #10Yuki Mizuno
 
ノーゲーム・ノーライフ[Games on Linux] - Kernel/VM北陸1
ノーゲーム・ノーライフ[Games on Linux] -  Kernel/VM北陸1ノーゲーム・ノーライフ[Games on Linux] -  Kernel/VM北陸1
ノーゲーム・ノーライフ[Games on Linux] - Kernel/VM北陸1Yuki Mizuno
 

Más de Yuki Mizuno (9)

地デジを理解したつもりになる回
地デジを理解したつもりになる回地デジを理解したつもりになる回
地デジを理解したつもりになる回
 
Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話
 
HDMI探検隊
HDMI探検隊HDMI探検隊
HDMI探検隊
 
HTML5 and Video Streaming Vol.1
HTML5 and Video Streaming Vol.1HTML5 and Video Streaming Vol.1
HTML5 and Video Streaming Vol.1
 
# TELETEXT
# TELETEXT# TELETEXT
# TELETEXT
 
実践イカパケット解析α
実践イカパケット解析α実践イカパケット解析α
実践イカパケット解析α
 
実践イカパケット解析
実践イカパケット解析実践イカパケット解析
実践イカパケット解析
 
CTFの話 - coinsLT #10
CTFの話 - coinsLT #10CTFの話 - coinsLT #10
CTFの話 - coinsLT #10
 
ノーゲーム・ノーライフ[Games on Linux] - Kernel/VM北陸1
ノーゲーム・ノーライフ[Games on Linux] -  Kernel/VM北陸1ノーゲーム・ノーライフ[Games on Linux] -  Kernel/VM北陸1
ノーゲーム・ノーライフ[Games on Linux] - Kernel/VM北陸1
 

Último

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 

Último (20)

20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 

Subscriber Identity Module

  • 11. $ pcsc_scan PC/SC device scanner V 1.4.23 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr> Compiled with PC/SC lite version: 1.8.11 Using reader plug'n play mechanism Scanning present readers... 0: Gemalto PC Twin Reader 00 00 Wed Oct 5 21:45:38 2016 Reader 0: Gemalto PC Twin Reader 00 00 Card state: Card inserted, ATR: 3B 9D 95 80 3F C7 A0 80 31 A0 73 BE 21 13 51 05 83 05 90 00 7C ATR: 3B 9D 95 80 3F C7 A0 80 31 A0 73 BE 21 13 51 05 83 05 90 00 7C + TS = 3B --> Direct Convention + T0 = 9D, Y(1): 1001, K: 13 (historical bytes) TA(1) = 95 --> Fi=512, Di=16, 32 cycles/ETU 125000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 156250 bits/s TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 ----- TD(2) = 3F --> Y(i+1) = 0011, Protocol T = 15 - Global interface bytes following ----- TA(3) = C7 --> Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V TB(3) = A0 --> + Historical bytes: 80 31 A0 73 BE 21 13 51 05 83 05 90 00 Category indicator byte: 80 (compact TLV data object) Tag: 3, len: 1 (card service data byte) Card service data byte: A0 - Application selection: by full DF name - BER-TLV data objects available in EF.DIR - EF.DIR and EF.ATR access services: by GET RECORD(s) command - Card with MF Tag: 7, len: 3 (card capabilities) Selection methods: BE - DF selection by full DF name - DF selection by path - DF selection by file identifier - Implicit DF selection - Short EF identifier supported - Record number supported Data coding byte: 21 - Behaviour of write functions: proprietary - Value 'FF' for the first byte of BER-TLV tag fields: invalid - Data unit in quartets: 2 Command chaining, length fields and logical channels: 13 - Logical channel number assignment: by the card - Maximum number of logical channels: 4 Tag: 5, len: 1 (card issuer's data) Card issuer data: 05 Tag: 8, len: 3 (status indicator) LCS (life card cycle): 05 (Operational state (activated)) SW: 9000 (Normal processing.) + TCK = 7C (correct checksum) Possibly identified card (using /home/sim-user/.cache/smartcard_list.txt): 3B 9D 95 80 3F C7 A0 80 31 A0 73 BE 21 13 51 05 83 05 90 00 7C NTT docomo Xi(LTE) DN05(DNP) Pink SIM (Telecommunication)
  • 12. - Maximum number of logical channels: 4 Tag: 5, len: 1 (card issuer's data) Card issuer data: 05 Tag: 8, len: 3 (status indicator) LCS (life card cycle): 05 (Operational state (activated)) SW: 9000 (Normal processing.) + TCK = 7C (correct checksum) Possibly identified card (using /home/sim-user/.cache/smartcard_list.txt): 3B 9D 95 80 3F C7 A0 80 31 A0 73 BE 21 13 51 05 83 05 90 00 7C NTT docomo Xi(LTE) DN05(DNP) Pink SIM (Telecommunication)
  • 18. 3GPP 3GPP TS 11.11 V8.14.0 (2007-06)118Release 1999 MF '3F00' DFGSM DFTELECOM DFIS-41 DFFP-CTS EFICCID EFELP '7F20' '7F10' '7F22' '7F23' '2FE2' '2F05' see GSM 11.19 EFADN EFFDN EFSMS EFCCP EFMSISDN '6F3A' '6F3B' '6F3C' '6F3D' '6F40' EFSMSP EFSMSS EFLND EFSMSR EFSDN '6F42' '6F43' '6F44' '6F47' '6F49' EFEXT1 EFEXT2 EFEXT3 EFBDN EFEXT4 '6F4A' '6F4B' '6F4C' '6F4D' '6F4E' DFGRAPHICS EFIMG '5F50' '4F20' DFIRIDIUM DFGLOBST DFICO DFACeS '5F30' '5F31' '5F32' '5F33' DFEIA/TIA-553 DFCTS DFSoLSA EFSAI EFSLL '5F40' '5F60' '5F70' '4F30' '4F31' see GSM 11.19 DFMExE EFMExE-ST EFORPK EFARPK EFTPRPK '5F3C' '4F40' '4F41' '4F42' '4F43' EFLP EFIMSI EFKc EFPLMNsel EFHPPLMN EFACMmax '6F05' '6F07' '6F20' '6F30' '6F31' '6F37' EFSST EFACM EFGID1 EFGID2 EFPUCT EFCBMI '6F38' '6F39' '6F3E' '6F3F' '6F41' '6F45' EFSPN EFCBMID EFBCCH EFACC EFFPLMN EFLOCI '6F46' '6F48' '6F74' '6F78' '6F7B' '6F7E' EFAD EFPHASE EFVGCS EFVGCSS EFVBS EFVBSS '6FAD' '6FAE' '6FB1' '6FB2' '6FB3' '6FB4' EFeMLPP EFAAeM EFECC EFCBMIR EFNIA EFKcGPRS '6FB5' '6FB6' '6FB7' '6F50' '6F51' '6F52' EFLOCIGPRS EFSUME EFPLMNwAcT EFOPLMNwAcT EFHPLMNAcT EFCPBCCH '6F53' '6F54' '6F60' '6F61' '6F62' '6F63' EFINVSCAN '6F64' Figure 8: File identifiers and directory structures of GSM
  • 19. ./pySim-read.py -p 0 Reading ... 8981100004402791051 440103152044102 SMSP: edffffffffffffffffffffffff07911809131056f2ffffffffffffa9 ACC: 0004 MSISDN: 07817040919843f3ffffffffffff Done ! ICCID: IMSI:
  • 20. ./pySim-read.py -p 0 Reading ... 8981100004402791051 440103152044102 SMSP: edffffffffffffffffffffffff07911809131056f2ffffffffffffa9 ACC: 0004 MSISDN: 07817040919843f3ffffffffffff Done ! ICCID: IMSI:
  • 22. 3GPP TS 11.11 V8.14.0 (200118se 1999 MF '3F00' FGSM DFTELECOM DFIS-41 DFFP-CTS EFICCID EFELP F20' '7F10' '7F22' '7F23' '2FE2' '2F05' see GSM 11.19 EFADN EFFDN EFSMS EFCCP EFMSISDN '6F3A' '6F3B' '6F3C' '6F3D' '6F40' EFSMSP EFSMSS EFLND EFSMSR EFSDN '6F42' '6F43' '6F44' '6F47' '6F49' EFEXT1 EFEXT2 EFEXT3 EFBDN EFEXT4 '6F4A' '6F4B' '6F4C' '6F4D' '6F4E'
  • 23. 19 bytes 2bytes 2bytes 2bytes 12bytes 1byte MII CC II 12bytes CS 89 81 10 000440279105 1
  • 27. 3GPP TS 11.11 V8.14.0 (20118Release 1999 MF '3F00' DFGSM DFTELECOM DFIS-41 DFFP-CTS EFICCID EFELP '7F20' '7F10' '7F22' '7F23' '2FE2' '2F05 see GSM 11.19 EFADN EFFDN EFSMS EFCCP EFMSISD '6F3A' '6F3B' '6F3C' '6F3D' '6F40 EFSMSP EFSMSS EFLND EFSMSR EFSDN '6F42' '6F43' '6F44' '6F47' '6F49 EFEXT1 EFEXT2 EFEXT3 EFBDN EFEXT4 '6F4A' '6F4B' '6F4C' '6F4D' '6F4E DFGRAPHICS EFIMG '5F50' '4F20' EFADN EFFDN EFSMS EFCCP EFMSISD '6F3A' '6F3B' '6F3C' '6F3D' '6F40 EFSMSP EFSMSS EFLND EFSMSR EFSDN '6F42' '6F43' '6F44' '6F47' '6F49 EFEXT1 EFEXT2 EFEXT3 EFBDN EFEXT4 '6F4A' '6F4B' '6F4C' '6F4D' '6F4E DFGRAPHICS EFIMG '5F50' '4F20' DFIRIDIUM DFGLOBST DFICO DFACeS '5F30' '5F31' '5F32' '5F33' DFEIA/TIA-553 DFCTS DFSoLSA EFSAI EFSLL '5F40' '5F60' '5F70' '4F30' '4F31 see GSM 11.19 DFMExE EFMExE-ST EFORPK EFARPK EFTPRP '5F3C' '4F40' '4F41' '4F42' '4F43 EFLP EFIMSI EFKc EFPLMNsel EFHPPLMN EFACMma '6F05' '6F07' '6F20' '6F30' '6F31' '6F37 EFSST EFACM EFGID1 EFGID2 EFPUCT EFCBMI
  • 28. ~ 16 bytes 3bytes 2 ~ 3bytes ~ 10bytes MCC MNC MSIN 440 10 3152044102 HNI
  • 30.
  • 32. Peer Peer Authenticator Authenticator EAP-Request/Identity EAP-Response/Identity EAP-Request/SIM/Start (AT_VERSION_LIST) EAP-Response/SIM/Start (AT_NONCE_MT, AT_SELECTED_VERSION) EAP-Request/SIM/Challenge (AT_RAND, AT_MAC) Peer runs GSM algorithms, verifies AT_MAC and derives session keys EAP-Response/SIM/Challenge (AT_MAC) EAP-Success
  • 34. Peer Peer Authenticator Authenticator EAP-Request/Identity EAP-Response/Identity (Includes user’s NAI) Server runs AKA algorithms, generates RAND and AUTN. EAP-Request/AKA-Challenge (AT_RAND, AT_AUTN, AT_MAC) Peer runs AKA algorithms, verifies AUTN and MAC, derives RES and session key EAP-Response/AKA-Challenge (AT_RES, AT_MAC) Server checks the given RES, and MAC and finds them correct. EAP-Success
  • 39. COMMAND CLASS INS P1 P2 P3 INVALIDATE 'A0' '04' '00' '00' '00' 9.2.15 REHABILITATE COMMAND CLASS INS P1 P2 P3 REHABILITATE 'A0' '44' '00' '00' '00' 9.2.16 RUN GSM ALGORITHM COMMAND CLASS INS P1 P2 P3 RUN GSM ALGORITHM 'A0' '88' '00' '00' '10' Command parameters/data: Byte(s) Description Length 1 - 16 RAND 16 Response parameters/data: Byte(s) Description Length 1 - 4 SRES 4 5 - 12 Cipher Key Kc 8 The most significant bit of SRES is coded on bit 8 of byte 1. The most significant bit of Kc is coded on bit 8 of byte 5. 9.2.17 SLEEP COMMAND CLASS INS P1 P2 P3 3GPP TS 11.11
  • 41. $ cat /etc/freeradius/simtriplets.dat # IMSI RAND SRES Kc 440103152044102,02bbdd69578d11057f3534539d61c3e1,9b93ab20,38a74d32f6334018 440103152044102,38279ae1b4ca5d63e93fcdbc2722b216,f8f9e5fe,9952db0411e0ac54 440103152044102,f35f71777ccfd21aec28913fc3fbe3bc,31452835,752a8baa96fa7dbf