search

tomasz-lisowski / swsim

A software SIM card.
BSD 3-Clause "New" or "Revised" License
300 stars 34 forks source link

GSM SIM: MS fails to update files after authentication #8

Closed laf0rge closed 1 year ago

laf0rge commented 1 year ago

I now have swsim at a point where a legacy 2G-only MS will get all the way up to (successful) authentication. Next, the MS tries to UPDATE BINARY on EF.Kc, EF.LOCI and EF.BCCH. Those three all fail with 6d00 (unknown instruction code). As a result, the network thinks the MS is successfully registered, but the MS thinks not. Any subsequent paging or othe transaction fails.

tomasz-lisowski commented 1 year ago

Could you list the APDUs sent by the MS to perform UPDATE BINARY? I suspect this is simply because I didn't implement UPDATE BINARY in the A0 class (right now UPDATE BINARY exists only in the 00, 40, 60, and interindustry classes). https://github.com/tomasz-lisowski/swsim/blob/5d951aebae683c98f9632145b2b05d5b327aeadd/src/apduh.c#L1365-L1372

laf0rge commented 1 year ago

Could you list the APDUs sent by the MS to perform UPDATE BINARY? I suspect this is simply because I didn't implement UPDATE BINARY in the A0 class (right now UPDATE BINARY exists only in the 00, 40, 60, and interindustry classes).

https://github.com/tomasz-lisowski/swsim/blob/5d951aebae683c98f9632145b2b05d5b327aeadd/src/apduh.c#L1365-L1372

It just uses the normal UPDATE BINARY like a0 d6 00 00 09 ff ff ff fe ff ff ff f2 06 / 90 00 as an example for EF.Kc.

I've added a related patch for UPDATE BINARY support to my branch/PR.

edbek commented 1 year ago

Colleagues, is it possible to give a file system (gsm.json or in another format) which would be authenticated in the GSM network ? With the current gsm.json file from swsim, my authentication fails.

Thank you in advance

laf0rge commented 1 year ago

@edbek, did you make sure to configure your (private GSM) network to use the same Ki as swsim (for the same IMSI)? Did you make sure to configure your network to COMP128v1? If so, but you still get auth failure, please provide the APDU of the RUN GSM ALGORITHM command (and its response), as well as the Ki (if it's not confidential).

edbek commented 1 year ago

I'm in a situation where I'm not even getting into the authentication process itself yet.

My GSM modem probes the swsim file system (gsm.json), but for some reason it doesn’t come out to read the ready the Kc key and to request authentication (command RUN GSM ALGORITHM is missing). The GSM modem doesn't like something in the swsim file system (gsm.json).

laf0rge commented 1 year ago

@edbek it would help tremendously if you would include the APDU log. Which file is the last one the MS selects/reads? likely that files contents is to be blamed. This is how I debugged+ fixed #6 and #7 whose fixes were just merged to master. Also, best to create a separate issue, as it is unrelated to this one.