[Simsec] Do these two SIMs have MSL=0 for some TARs?
ondrej.mikle at gmail.com
Fri Jan 3 14:30:32 CET 2014
I've found two SIMs that seem to have interesting properties.
First one is Vinaphone VN SIM (partial fuzz at ), which seems to have
card manager TAR 000000 totally unlocked. However, I'm not 100% sure since
it requires me to comment out 'Fuzzer.applicationDeselect()' - the SIM
simply won't handle the "00 A4 04 00 00" APDU and ends up in "card not
transacted state". On a side note it also won't handle fuzzer16 and stops
responding (even if fuzzer16 is run alone, hence the incomplete fuzz csv).
Am I interpreting the fuzz results correctly that TAR 000000 is not
protected at all, which would allow unauthenticated app installation?
Second fuzz  for Vodafone CZ card is a bit less interesting. Though if I
understand correctly, it has some proprietary TARs 443231, 505348, 534054,
EED201, EEE201 that are not protected, correct? Though no idea what those
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Simsec