# HG changeset patch # User Mychaela Falconia # Date 1617933707 0 # Node ID 526193acfb3f5e002180725f79cacfd92c50e092 # Parent 42229bec887bdf0f0a9d5490d116fa401697722a doc/GrcardSIM2-WEKI-file: update with knowledge from doc/vendor/grcard2-person-script diff -r 42229bec887b -r 526193acfb3f doc/GrcardSIM2-WEKI-file --- a/doc/GrcardSIM2-WEKI-file Wed Apr 07 07:17:12 2021 +0000 +++ b/doc/GrcardSIM2-WEKI-file Fri Apr 09 02:01:47 2021 +0000 @@ -6,16 +6,25 @@ and the selection of COMP128 algorithm version, but the same file also appears to have other fields serving other purposes which are not currently understood. +When we (FreeCalypso) asked Grcard about this proprietary file, they sent us a +"personalization" command script which we have archived in this code repository +under doc/vendor/grcard2-person-script; this script is a sequence of command +APDUs (raw hex with minimal comments) for an example card programming. The +proprietary file in question is named GSM_KI in this script; the origin of the +name EF.WEKI that appears in the Osmocom wiki page is still unknown. + The total length of this transparent EF is 35 bytes, out of which only the first 19 bytes are documented in the Osmocom wiki page and written by their pySim-prog -tool. Let us now break down this file according to our currently available -limited understanding: +tool. Interestingly enough, Grcard's "personalization" command script also +writes only the first 19 bytes. Let us now break down this file according to +our currently available limited understanding: * The first two bytes are always 00 10 - these byte values appear in "blank" unprogrammed cards as shipped by Grcard, they also appear in the Osmocom wiki - page, and are programmed by pySim-prog. The purpose and meaning of these two - bytes are completely unknown, and we have never tried writing anything - different into them. + page, and are programmed by pySim-prog. The "personalization" script we got + from Grcard also programs the same 00 10 in these two bytes. The purpose and + meaning of these two bytes are completely unknown, and we have never tried + writing anything different into them. * The next byte gives COMP128 algorithm selection plus something else that is not understood: @@ -32,11 +41,16 @@ selecting COMP128v1.) - The remaining 6 bits of this byte are not understood. Osmocom wiki page - tells people to write zeros into the upper 6 bits and so does pySim-prog, - but the "blank" unprogrammed cards we got from Grcard have this byte set to - 0x20. Setting the upper nibble to either 0 or 2 does not seem to affect - the result of RUN GSM ALGORITHM operations, thus it probably controls - something else. + tells people to write zeros into the upper 6 bits and so does pySim-prog; + the "personalization" command script we got from Grcard also writes zeros + into these upper 6 bits. However, if one orders "blank" or unprogrammed + cards from Grcard like we do, the initial "unprogrammed" state of this byte + is 0x20, as one can see in the data/grcard2-blank-state dump. + + Setting the upper nibble to either 0 or 2 does not seem to affect the + result of RUN GSM ALGORITHM operations, thus it probably controls something + else - or perhaps that bit controls nothing at all, and the "unprogrammed" + state is merely a bogon - we have no way of knowing. * The next 16 bytes store Ki - this part is straightforward.