Done, your profile is created.Finish your profile by filling in the following fields
Forgot Password Earn Money,Free Notes
Password sent to your Email Id, Please Check your Mail
Updating Cart........ Please Wait........
Writing, building, loading, and using code on SIM Cards.
Writing, building, loading, and using code on SIM Cards. 19
Karl Koscher – supersat
Eric Butler – codebutler
Writing, building, loading, and using code on SIM Cards. Toorcamp 2012
Hacker camp on WA coast
Project: Run a GSM network.
My task: Procure SIM Cards.
2 “Subscriber Identity Module”
Contains an identity (IMSI)
and symmetric key (Ki).
“Secure” (key can’t be
extracted; can’t be cloned)
Used by GSM carriers and now
Can also run apps?
3 Long ago…
Applications live on your SIM card.
Phones are dumb hosts – UI and connectivity only.
Telcos own the SIMs, so they control the
Mostly obsolete today?
Still around decade later, mostly unchanged.
SIM Cards are mysterious little computers in
your pocket that you don’t control.
6 Needed SIMs for Toorcamp anyway, why not
get SIMs that supported apps?
This ended up taking many months.
Very little documentation about all this.
After lots of research, finally figured out how
to program the ing things.
Learn from our misery.
7 Chip Field Description
Generic Description 64K JavaCard 2.1.1 WIB1.3 USIM
Platform Atmel AT90SC25672RU
CPU Architecture 8-bit AVR
Technology 0.15uM CMOS
ROM 256KB ROM Program Memory
Non-volatile memory 72 KB EEPROM
RAM 6 KB
Internal operating frequency Between 20 & 30 MHz
Endurance Typically 500 000 write/erase cycles
8 9 Runs on SIM card CPU, separate from phone.
Connected directly to baseband.
Can be silently remotely installed (by carrier).
Supported by most carrier SIMs.
Cards support multiple apps, selected by AIDs
Apps managed by a “master” card manager app
GSM “SIM” is actually just an applet on a UICC
(the physical card).
10 Rudimentary UI – display text, menus, play tones, read
Works with most modern smartphones.
Send SMSes, initiate calls, initiate and use data services.
Receive and act on events, such as call connected, call
Interact with the rest of the SIM card.
Run arbitrary AT commands on the phone.
11 Not very common in US
But used widely in the developing world
Mobile banking, etc.
12 Smart Cards – Physical connection between SIM
and phone, same as any smart card.
Java Card – Java for Smart Cards. Easiest way to
SIM Toolkit (STK) API – Interface between
applets and phone UI.
GlobalPlatform – Standard for loading and
managing applications on a card.
13 Designed for secure storage and computation
Communication is via packets called APDUs
Class Param 1 Param 2 Data
14 It’s Java
… not really.
No garbage collection.
No chars, no strings, no floats,
no multi-dimensional arrays.
ints are optional.
No standard API, no threads, etc.
Verification can be offloaded.
But there are Exceptions
Instance and class variables are
saved in EEPROM, which has
limited write cycles.
15 There are specialized commercial IDEs for
this, but you can do without.
Download the Java Card Development Kit
from Oracle (it’s free).
If you’re using Eclipse, remove the JRE
system library and add the Java Card library
We also wrote tools to make things easier
16 App is loaded onto the card.
App registers itself with the SIM Toolkit API.
Phone informs STK of its capabilities.
STK informs the phone about registered apps.
Selection of an app will trigger an event to be
delivered to the app.
App can then send UI requests back to phone.
18 19 public class CryptoChallenge extends Applet implements
private byte hintsGiven;
private byte mainMenuItem;
private static byte menuItemText = new byte
'C', 'r','e', 'd', 'i', 't', 's' ;
private static byte needHints = new byte
'N', 'e', 'e', 'd', ' ', 's', 'o', 'm', 'e', ' ',
'h', 'i', 'n', 't', 's', '?';
private static byte yes = new byte 'Y', 'e', 's' ;
private static byte no = new byte 'N', 'o' ;
private static byte hints = new byte
'H', 'i', 'n', 't', 's' ;