FreeCalypso > hg > fc-pcsc-tools
comparison doc/GrcardSIM2-WEKI-file @ 222:8c151bb01d28
doc/GrcardSIM2-WEKI-file: update for partial understanding
and implementation
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Tue, 09 Mar 2021 03:13:41 +0000 |
| parents | c804f2f8c138 |
| children |
comparison
equal
deleted
inserted
replaced
| 221:e3059d58ec93 | 222:8c151bb01d28 |
|---|---|
| 18 different into them. | 18 different into them. |
| 19 | 19 |
| 20 * The next byte gives COMP128 algorithm selection plus something else that is | 20 * The next byte gives COMP128 algorithm selection plus something else that is |
| 21 not understood: | 21 not understood: |
| 22 | 22 |
| 23 - The low nibble of this byte selects COMP128 algorithm version as follows: | 23 - The low 2 bits of this byte select COMP128 algorithm version as follows: |
| 24 | 24 |
| 25 0 = COMP128v1 | 25 0b00 = COMP128v1 |
| 26 1 = COMP128v2 | 26 0b01 = COMP128v2 |
| 27 2 = COMP128v3 | 27 0b10 = COMP128v3 |
| 28 | 28 |
| 29 Note that the Osmocom wiki page is wrong in its description of this nibble: | 29 Note that the Osmocom wiki page is wrong in its description of these bits: |
| 30 setting this nibble to 3 ends up selecting COMP128v2 rather than v3. | 30 setting these two bits to 0b11 ends up selecting COMP128v2 rather than v3. |
| 31 (pySim-prog is unaffected because it always writes 0 for COMP128v1.) | 31 (pySim-prog is unaffected because it always writes 00 into the whole byte, |
| 32 selecting COMP128v1.) | |
| 32 | 33 |
| 33 - The high nibble of this byte is not understood. Osmocom wiki page tells | 34 - The remaining 6 bits of this byte are not understood. Osmocom wiki page |
| 34 people to write 0 into this nibble and so does pySim-prog, but the "blank" | 35 tells people to write zeros into the upper 6 bits and so does pySim-prog, |
| 35 unprogrammed cards we got from Grcard have it set to 2. Setting this nibble | 36 but the "blank" unprogrammed cards we got from Grcard have this byte set to |
| 36 to either 0 or 2 does not seem to affect the result of RUN GSM ALGORITHM | 37 0x20. Setting the upper nibble to either 0 or 2 does not seem to affect |
| 37 operations, thus it probably controls something else. | 38 the result of RUN GSM ALGORITHM operations, thus it probably controls |
| 39 something else. | |
| 38 | 40 |
| 39 * The next 16 bytes store Ki - this part is straightforward. | 41 * The next 16 bytes store Ki - this part is straightforward. |
| 40 | 42 |
| 41 * The last 16 bytes are not understood; our "blank" unprogrammed cards from | 43 * The last 16 bytes are not understood; our "blank" unprogrammed cards from |
| 42 Grcard have all FFs in these bytes. | 44 Grcard have all FFs in these bytes. |
| 45 | |
| 46 fc-simtool support for programming Ki and COMP128 algorithm selection | |
| 47 ===================================================================== | |
| 48 | |
| 49 Even if we never learn the function of the other mysterious fields of EF.WEKI, | |
| 50 we must be able to program our own Ki and make our own selection of COMP128 | |
| 51 algorithm version in order to use these programmable SIM cards with our own GSM | |
| 52 networks. The following solution has been implemented for immediate use: | |
| 53 | |
| 54 * Our grcard2-set-comp128 command takes a single argument of 1, 2 or 3, | |
| 55 selecting COMP128 algorithm version. The implementation of this command | |
| 56 selects EF.WEKI, reads the previous content of the magic byte at offset 2, | |
| 57 keeps the upper 6 bits unchanged, and writes the new COMP128 algorithm | |
| 58 selection into the low 2 bits. If we ever learn the meaning of other bits, | |
| 59 we'll be able to add new orthogonal commands that manipulate those other bits, | |
| 60 but leave COMP128 selection unchanged. | |
| 61 | |
| 62 * Our grcard2-set-ki command writes 16 bytes at offset 3, leaving all other | |
| 63 bytes untouched. |