[Simsec] Do these two SIMs have MSL=0 for some TARs?

Ondrej Mikle ondrej.mikle at gmail.com
Fri Jan 3 14:30:32 CET 2014


Hi,

I've found two SIMs that seem to have interesting properties.

First one is Vinaphone VN SIM (partial fuzz at [0]), which seems to have
card manager TAR 000000 totally unlocked. However, I'm not 100% sure since
it requires me to comment out 'Fuzzer.applicationDeselect()' - the SIM
simply won't handle the "00 A4 04 00 00" APDU and ends up in "card not
transacted state". On a side note it also won't handle fuzzer16 and stops
responding (even if fuzzer16 is run alone, hence the incomplete fuzz csv).
Am I interpreting the fuzz results correctly that TAR 000000 is not
protected at all, which would allow unauthenticated app installation?

Second fuzz [1] for Vodafone CZ card is a bit less interesting. Though if I
understand correctly, it has some proprietary TARs 443231, 505348, 534054,
EED201, EEE201 that are not protected, correct? Though no idea what those
TARs do.

[0]
https://www.constructibleuniverse.net/sim/Vinaphone_VN_FUZZ_89840200021115721554_1388696295162.csv
[1]
https://www.constructibleuniverse.net/sim/Vodafone_CZ_FUZZ_8942031013122766943_1388658485311.csv


Regards,
Ondrej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20140103/320f1858/attachment.html>


More information about the Simsec mailing list