[Simsec] SIMTester tips

Дмитрий Полпуденко dmitry.polpudenko at laps-spb.org
Fri Nov 7 12:50:04 CET 2014


Hi Lukas,

Thank you very much for a prompt reply and for the great SIMTester we all now play with!

Frankly, not much. Let me show you a small example, please.

I ran SIMTester with a command:

$ java -jar SIMTester.jar -tf PCSC -ri 0

All keysets 1-15 of all TARs a SIM card was tested against gave null response. You can check it from SIMTester output, I attached it to the letter. Which keysets am I supposed to pick for TAR scanning with -st option in this case? I assume a following command would be something like this:

$ java -jar SIMTester.jar -tf PCSC -ri 0 -st -k 1 2 3 4 <or any responsive keysets>

?

Could you please explain the logic behind the keysets selection or am I missing something from the SIMTester output?

Kind Regards,

Dmitry


> 7 нояб. 2014 г., в 2:29, Lukas Kuzmiak <lukas at srlabs.de> написал(а):
> 
> Hi Dmitry,
> 
> no it does not - as SIM cards *usually* use only some of the keysets (1-15), if you’d do TAR scanning (-st option) on eg. keyset 1 which would be unused by the sim card you’d be very likely to discover no TARs at all.
> The reason for it is that most of the sim cards first check the “basics” like whether a keyset is even used and if it is not it never gets to TAR checking and just returns an error.
> 
> That is why you need to discovered a valid keyset prior to TAR scanning.
> 
> Does it make it more clear?
> 
> Lukas
> 
> --
> Lukas Kuzmiak
> Security Research Labs
> 
> 
>> On 06 Nov 2014, at 22:40, Дмитрий Полпуденко <dmitry.polpudenko at laps-spb.org <mailto:dmitry.polpudenko at laps-spb.org>> wrote:
>> 
>> Does it imply that there is no need to scan all possible TARs of a card with -st option if fuzzer finds no vulnerabilities during first full fuzzing run?
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20141107/7afa5a28/attachment-0002.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: simtester_out.txt
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20141107/7afa5a28/attachment-0001.txt>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.srlabs.de/pipermail/simsec/attachments/20141107/7afa5a28/attachment-0003.html>


More information about the Simsec mailing list