[Simsec] SIMTester update: gsmmap.org upload

Lukas Kuzmiak lukas at srlabs.de
Sat Jan 4 17:31:06 CET 2014

Dear simsec list,

We’d like to announce an update to SIMTester [2], a scanner for vulnerabilities in SIM cards released during 30c3 [1]. The tool tests for:

  *   TARs (applications) that require no security to receive and execute commands sent OTA (over-the-air),
  *   TARs (applications) that provide potential attack surface for DES cracking.

You will need a PC/SC reader -or- an OsmocomBB phone. The project Wiki has more instructions [2].

The new version of the tool includes (1.5):

  *   gsmmap.org<http://gsmmap.org> upload functionality in the standalone version of a tool - so now it’s possible to contribute to gsmmap without booting into the Live Image (please uns Tor if you want to contribute anonymously [2]),
  *   there’s a web form [3] to upload already scanned cards (CSV files) to gsmmap.org<http://gsmmap.org> - so you don’t have to go over them again.
  *   a few bugs have been fixed - if SIMTester ended up with an exception on your card, please try again with version 1.5. Please post to the mailing list if something doesn’t work out,

We’ll be happy to receive your feedback on the tool as well as your results and observations from the SIM cards world.

Thank you. Cheers!

[1] - http://events.ccc.de/congress/2013/Fahrplan/events/5449.html
[2] - https://opensource.srlabs.de/projects/simtester
[3] - http://gsmmap.org/upload.html

Lukas Kuzmiak
Security Research Labs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20140104/bfc921da/attachment.html>

More information about the Simsec mailing list