Hello FC community, I finally have a share-worthy update on my quest to get programmable SIM cards (for running our own GSM networks) that are GSM-centric, rather than newer-tech-centric. Earlier today I received the sample cards from Grcard in China, the ones I've been anxiously waiting for since before Lunar New Year, and they are quite interesting:
* As far as I can tell, these cards appear to be exactly the same model that was resold by Sysmocom aeons ago as sysmoSIM-GR2. The cards I just got give the same ATR as the one listed for the historical GR2, all of the ADM authentication and PIN setting commands listed on the GrcardSIM2 Osmocom wiki page work on these cards exactly as described, and the non-standard file for writing Ki and COMP128 algorithm selection also works: I tried writing my own Ki and all 3 COMP128 selections, sent a RUN GSM ALGO test command to the SIM, and the output matches osmo-auc-gen in every test case. * These cards are truly native GSM SIMs, *not* UICCs that merely support the GSM SIM protocol as a backward compatibility mode: the cards respond to UICC protocol commands (CLA=0x00) with SW 6E00 (unsupported CLA), and there is no EF.DIR file. * Compared to Grcard1 version (sysmoSIM-GR1), these Grcard2 SIMs have two improvements that I can see: 1) Grcard1 had a hole in its PIN security: the commands for resetting PIN1/PIN2/PUK1/PUK2 were completely unauthenticated, thus anyone who knows the non-standard proprietary commands (which are now documented in Osmocom wiki and implemented in fc-simtool) can trivially blow away all PIN security. This hole has been plugged in Grcard2: it has different proprietary command APDUs for resetting PIN1/PIN2/PUK1/PUK2, but the important difference is not the APDU change, but the security change: the new commands work only if you have authenticated as ADM or SUPER ADM. The default SUPER ADM PIN is 88888888, and if you keep this default, there is no security - but if you need PIN security, you can reset all PINs including ADM and SUPER ADM to your own per-card secrets. 2) Decoding the ATRs for Grcard1 and Grcard2, it appears that Grcard1 does not support any speed enhancement (only F=372 D=1), whereas Grcard2 supports F=512 D=8. I have yet to test one of these cards in a FreeCalypso modem, though. So far these cards look good, and if Grcard folks hold to their word in terms of the prices they quoted me earlier, then we should be able to get a few hundred of these cards made with custom printing (I am shooting for the same level of aesthetic quality as the beautiful peach and mint SJS1 cards Sysmocom made before switching to SJA2), and essentially bring back the discontinued sysmoSIM-GR2 product! I will be doing a lot more back-and-forth email exchanges with Grcard folks before placing the big order, though: * The formatting these cards came with (which EFs have been created and with what allocated sizes) is not exactly to my liking: some files I am interested in are missing, others are too small. I asked Grcard folks to change this formatting, i.e., change some sizes and add some missing files. We'll see if they cooperate; if they refuse, I will probably still order a small batch (maybe 100 or 200 cards) just to bring sysmoSIM-GR2 back from the grave, but if they cooperate with my file system change requests, I would be inclined to give them a lot more of my business. * Using Sysmocom cards (SJS1 and SJA2), I was able to get OTA file programming via SMS-PP to work: I can send a properly authenticated and encrypted over-the-air message to the SIM and program the MSISDN record with a new phone number, just like traditional GSM networks do. I would really like to be able to do the same trick with these Grcard2 SIMs - hence I am asking Grcard if this capability exists and how to work it. It is also worth noting that these Grcard2 SIMs have the full set of 8 contacts rather than just the usual 6. Naturally I have no way of knowing if the extra C4 and C8 contacts actually do anything on these cards, or if they are just non-functional contact pads. Of course it doesn't matter one bit in practice as all standard phones leave C4 and C8 unconnected, but a SIM with 8 contacts is a rare sight. I will be getting our cards made in 2FF-only cut, with the 2FF piece being fully solid. If someone needs to cut their card down to 3FF, they should be able to do it by manual cutting - but if someone wishes to cut down to 4FF, doing so would involve cutting through those non-understood C4 and C8 contacts - and I have no idea if doing so would ruin the actual IC, depending on how big it is and where it is located below the visible parts. Hasta la Victoria, Siempre, Mychaela aka The Mother P.S. Given that the cards I just got appear to be exactly the same as sysmoSIM-GR2, I don't think I will need the remote access to the last GR2 card from 30C3 which Harald graciously offered earlier this week on the openbsc mailing list. _______________________________________________ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community