[Simsec] SIMTester tips

Lukas Kuzmiak lukas at srlabs.de
Fri Nov 7 00:29:21 CET 2014

Hi Dmitry,

no it does not - as SIM cards *usually* use only some of the keysets (1-15), if you’d do TAR scanning (-st option) on eg. keyset 1 which would be unused by the sim card you’d be very likely to discover no TARs at all.
The reason for it is that most of the sim cards first check the “basics” like whether a keyset is even used and if it is not it never gets to TAR checking and just returns an error.

That is why you need to discovered a valid keyset prior to TAR scanning.

Does it make it more clear?


Lukas Kuzmiak
Security Research Labs

> On 06 Nov 2014, at 22:40, Дмитрий Полпуденко <dmitry.polpudenko at laps-spb.org> wrote:
> Does it imply that there is no need to scan all possible TARs of a card with -st option if fuzzer finds no vulnerabilities during first full fuzzing run?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20141106/1cc15597/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4127 bytes
Desc: not available
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20141106/1cc15597/attachment.bin>

More information about the Simsec mailing list