[Gsmmap] SIMTester update: gsmmap.org upload

Lukas Kuzmiak lukas at srlabs.de
Sat Jan 4 17:33:18 CET 2014


Dear gsmmap list,

as the topic is related to gsmmap I’m sending this update to this list as well, please note this is the only post about SIM card security to the gsmmap list, for those interested please subscribe to the simsec at lists.srlabs.de<mailto:simsec at lists.srlabs.de> [4].

We’d like to announce an update to SIMTester [2], a scanner for vulnerabilities in SIM cards released during 30c3 [1]. The tool tests for:

  *   TARs (applications) that require no security to receive and execute commands sent OTA (over-the-air),
  *   TARs (applications) that provide potential attack surface for DES cracking.

You will need a PC/SC reader -or- an OsmocomBB phone. The project Wiki has more instructions [2].

The new version of the tool includes (1.5):

  *   gsmmap.org<http://gsmmap.org/> upload functionality in the standalone version of a tool - so now it’s possible to contribute to gsmmap without booting into the Live Image (please use Tor if you want to contribute anonymously [2]),
  *   there’s a web form [3] to upload already scanned cards (CSV files) to gsmmap.org<http://gsmmap.org/> - so you don’t have to go over them again.
  *   a few bugs have been fixed - if SIMTester ended up with an exception on your card, please try again with version 1.5. Please post to the mailing list if something doesn’t work out,

We’ll be happy to receive your feedback on the tool as well as your results and observations from the SIM cards world.

Thank you. Cheers!

[1] - http://events.ccc.de/congress/2013/Fahrplan/events/5449.html
[2] - https://opensource.srlabs.de/projects/simtester
[3] - http://gsmmap.org/upload.html
[4] - https://lists.srlabs.de/cgi-bin/mailman/listinfo/simsec

--
Lukas Kuzmiak
Security Research Labs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/gsmmap/attachments/20140104/b565ad21/attachment-0003.html>


More information about the Gsmmap mailing list