Simtrace: exploring the world of SIM cards

Simtrace: exploring the world of SIM cards

0 × 00 about SIM card

As we all know, SIM card is a small card inserted on a mobile phone. It is called the Subscriber Identity Module customer recognition Module. However, not many people in the world know that the operating system in the SIM card is based on jvm. This system is short for SCF (Smart Card Filesystem), also known as SAT (SIM Application Toolkit ).

So what can this system do?

Allows the operator to download firmware for your SIM card. encryption and decryption are used to read mobile phone data, get user input, and even intercept your chat records.

The file in the SAT system is not like Windows or Linux. Its file name is a string of 8 or 16 bytes, and its file structure is also very unique, such:

 

System commands in SAT

READ, READ, SELECT, modify, download, GET, and so on ....

Then you will say: since it is a system, security problems will certainly occur.

Indeed, according to foreign media, hackers used self-made transmitters to record carrier encrypted information and modify the information, causing a large number of Brazilian citizens to leak SIM card attributes, and no further reports were reported.

How can I access this system if I have said so much?

0 × 01 introduction to SIMtrace

 

This Board uses T = 0 wire + AT91SAM7 micro control.

It takes the initiative to receive the contents of communication between SIM card and mobile phone and uploads the content to the computer through computer program decryption into a TCP/UDP protocol package, you can get the visual content through Wireshark.

Features:

Full active scanner

Able to detect RST and ASD

Support PPS/PTS

Able to split APDUs

Act as the intermediary between mobile phones and cards

0 × 02 usage

Connect SIMtrace as follows:

 

Installation:

sudo apt-get install libusb-1.0-0-devgit clone git://git.osmocom.org/simtrace.gitcd simtrace/host/makesudo groupadd osmocomsudo adduser $USERNAME osmocomsudo tee /etc/udev/rules.d/10-osmocom.rules << EOF# to use, install this file in /etc/udev/rules.d as 10-osmocom.rules# rule to grant read/write access on SIMtrace to group named osmocom.SUBSYSTEM=="usb", ATTR{idProduct}=="0762", ATTRS{idVendor}=="16c0", MODE="0660", GROUP="osmocom"EOFsudo service udev reload

Run:

sudo ./simtrace

 

 

APDU: (9):  a0 a4 00 00 02 6f 07 9f 0fAPDU: (22):  a0 c0 00 00 0f 00 00 00 09 6f 07 04 00 15 00 15 01 02 00 00 91 78APDU: (9):  a0 a4 00 00 02 6f 38 9f 0fAPDU: (22):  a0 c0 00 00 0f 00 00 00 09 6f 38 04 00 15 00 55 01 02 00 00 91 78APDU: (16):  a0 b0 00 00 09 ff 3f ff ff 00 00 3f 03 00 91 78APDU: (9):  a0 a4 00 00 02 6f ad 9f 0fAPDU: (8):  a0 b0 00 00 01 00 91 78APDU: (9):  a0 a4 00 00 02 6f 07 9f 0fAPDU: (16):  a0 b0 00 00 09 08 49 06 20 11 49 00 11 06 91 78APDU: (9):  a0 a4 00 00 02 6f 7e 9f 0fAPDU: (18):  a0 b0 00 00 0b ff ff ff ff 64 f0 00 ff fe 00 03 91 78APDU: (9):  a0 a4 00 00 02 6f 78 9f 0fAPDU: (9):  a0 b0 00 00 02 00 01 91 78APDU: (9):  a0 a4 00 00 02 6f 74 9f 0fAPDU: (23):  a0 b0 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 91 78APDU: (9):  a0 a4 00 00 02 6f 20 9f 0fAPDU: (16):  a0 b0 00 00 09 ff ff ff ff ff ff ff ff 07 91 78APDU: (9):  a0 a4 00 00 02 6f 30 9f 0fAPDU: (22):  a0 c0 00 00 0f 00 00 00 f0 6f 30 04 00 11 00 55 01 02 00 00 91 78

Use wireshark

socat -u udp-recv:4729 /dev/null./simtrace -i 192.168.0.1

 

Next, you can see how your phone communicates with your SIM card.

For example, the SIM card tells the mobile phone what he can do.

 

If you are interested, you can continue to study in depth, such as flushing SIM cards into the system. However, there is no information in this field.