[Simsec] Do these two SIMs have MSL=0 for some TARs?

Ondrej Mikle ondrej.mikle at gmail.com
Fri Jan 3 14:30:32 CET 2014


I've found two SIMs that seem to have interesting properties.

First one is Vinaphone VN SIM (partial fuzz at [0]), which seems to have
card manager TAR 000000 totally unlocked. However, I'm not 100% sure since
it requires me to comment out 'Fuzzer.applicationDeselect()' - the SIM
simply won't handle the "00 A4 04 00 00" APDU and ends up in "card not
transacted state". On a side note it also won't handle fuzzer16 and stops
responding (even if fuzzer16 is run alone, hence the incomplete fuzz csv).
Am I interpreting the fuzz results correctly that TAR 000000 is not
protected at all, which would allow unauthenticated app installation?

Second fuzz [1] for Vodafone CZ card is a bit less interesting. Though if I
understand correctly, it has some proprietary TARs 443231, 505348, 534054,
EED201, EEE201 that are not protected, correct? Though no idea what those
TARs do.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20140103/320f1858/attachment.html>

More information about the Simsec mailing list