FreeCalypso > hg > fc-sim-tools
comparison doc/GrcardSIM1-notes @ 72:5f7377392211
doc/GrcardSIM1-notes article written
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Wed, 07 Apr 2021 05:18:17 +0000 |
| parents | |
| children | 9de2d8b8951d |
comparison
equal
deleted
inserted
replaced
| 71:7c9a3130fb66 | 72:5f7377392211 |
|---|---|
| 1 As of A.D. 2021, the GSM-only SIM card model (as opposed to USIM/ISIM for LTE/5G | |
| 2 users) sold by Grcard company is the one which we call GrcardSIM2 - our current | |
| 3 FCSIM1 cards are GrcardSIM2, and this card model goes back to some time around | |
| 4 2013, when it was sold by Sysmocom as sysmoSIM-GR2. However, if we go back in | |
| 5 time a little further to around 2011, Grcard had an earlier card model which we | |
| 6 call GrcardSIM1 - it was sold by Sysmocom as sysmoSIM-GR1. In the present day | |
| 7 these original GrcardSIM1 cards are extremely scarce: Mother Mychaela got one | |
| 8 card from Das Signal, there may be one or two other people on the planet who | |
| 9 have one or two cards, but that's it - an extreme rarity. | |
| 10 | |
| 11 These GrcardSIM1 cards have one and only one special feature that makes them | |
| 12 interesting: supposedly they are freely reformattable, meaning that any | |
| 13 individual card owner can completely erase the card file system and then | |
| 14 recreate an entirely new one according to her liking: see our | |
| 15 Formatting-thoughts article. However, I said "supposedly" in the previous | |
| 16 sentence, referring to GrcardSIM1 free reformatting ability, because the extreme | |
| 17 scarcity makes it too difficult to test this ability: I (Mother Mychaela) have | |
| 18 only one card to play with, I am not too keen on the idea of possibly bricking | |
| 19 this card via incorrectly-guessed formatting commands, and there does not seem | |
| 20 to be much point in developing formatting tools for a card model that is no | |
| 21 longer available. | |
| 22 | |
| 23 Aside from their unique reformatting feature, GrcardSIM1 cards have two very | |
| 24 notable defects compared to current GrcardSIM2 or FCSIM1: | |
| 25 | |
| 26 * GrcardSIM1 cards have a broken security model in that grcard1-set-pin1, | |
| 27 grcard1-set-pin2, grcard1-set-adm1 and grcard1-set-adm2 commands (or rather | |
| 28 the actual command APDUs sent by these fc-simtool commands) are completely | |
| 29 unauthenticated, meaning that all PIN security is trivially bypassable: you | |
| 30 can take a PIN-locked card for which you don't know the PIN, you can reset | |
| 31 its PIN with grcard1-set-pin1, and bingo, you have access to all private data | |
| 32 and the GSM authentication token which the hapless owner sought to protect | |
| 33 with their PIN. The same goes for ADM access: if someone set the card's ADM2 | |
| 34 key to some unknown secret, you can reset it back to the pySim default of | |
| 35 4444444444444444 with grcard1-set-adm2 and give yourself full admin write | |
| 36 access, without ever knowing the previous key. | |
| 37 | |
| 38 * GrcardSIM2 (FCSIM1) cards support F=512 D=8 speed enhancement (the classic | |
| 39 SIM speed enhancement specified in GSM 11.11 and supported by classic GSM/2G | |
| 40 phones), but GrcardSIM1 cards don't support it - hence GR1 cards run in the | |
| 41 slowest F=372 D=1 mode. |