Looking for someone to test some new code (in master branch). Someone [1] has claimed to of decompiled a SIM validation program to figure out the algorithms for Comp128-2 and Comp128-3.
The reason why this is particularly useful, is because Comp128-1 is horribly broken, and versions 2 and 3 which are meant to be more secure were not released to the public domain. The only way you could properly (with a randomly generated challenge) authenticate SIMs using Comp128-2 and Comp128-3 was with a commercial AuC (Authentication centre) which cost $$$$$/$$$$$$. To try out the code, you need to know the Ki of a SIM. You can then set attributes: control:EAP-Sim-Ki to the 64bit Ki value and control:EAP-Sim-Algo-Version (to 1, 2 or 3). which rlm_eap_sim will then use in preference to the normal triplets. As part of these changes, the other SIM triplets will now be looked for in the control list, whereas they were previously looked for in the reply list. update control { EAP-Sim-RAND1 := &reply:EAP-Sim-RAND1 EAP-Sim-RAND2 := &reply:EAP-Sim-RAND2 EAP-Sim-RAND3 := &reply:EAP-Sim-RAND3 EAP-Sim-SRES1 := &reply:EAP-Sim-SRES1 EAP-Sim-SRES2 := &reply:EAP-Sim-SRES2 EAP-Sim-SRES3 := &reply:EAP-Sim-SRES3 EAP-Sim-Kc1 := &reply:EAP-Sim-Kc1 EAP-Sim-Kc2 := &reply:EAP-Sim-Kc2 EAP-Sim-Kc3 := &reply:EAP-Sim-Kc3 } Will fix up any existing configurations if you want to use the code from the master branch (which will become 3.1). If no one comes forward for testing, then i'll buy the hardware and do it myself, just if someone works at a telecoms provider, id imagine it'd be pretty easy to get hold of a test SIM, and Ki. Note: Comp128-4 (milenage) is still unknown (please contact one of the developers if you have access to it's specification), but just algorithms 1-3 are still useful. [1] http://www.hackingprojects.net/2013/04/secrets-of-sim.html Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html