[Simsec] SIMtester on Android (partial code included)

Joey Hewitt joey at joeyhewitt.com
Mon Mar 2 09:25:04 CET 2015


Hello all,

Android 5 has an iccTransmitApduBasicChannel() API, and some earlier
builds of Android have similar patches (SEEK).  I wondered if SIMtester
could be ported to this.  I've made a first attempt, code is here:
https://github.com/scintill/SIMtester

This is only tested on my CyanogenMod 11 Sony phone, and it doesn't work
very well.  The SEEK APIs used should be available on several commercial
Android builds, but it's hard to find reliable information about which.

It's able to read the first few SIM files, but fails at MANUAREA, with
SW = 6f00.  If I hack that out, it goes on to probe TARs, but the
results don't match what I see on my PC with PCSC.  Looking at the logs
from my Qualcomm RIL, I think what is happening is that only certain
types of commands are allowed.  The error message also points to a QMI
error code, which leads me to believe the baseband is denying access, so
it's not something that could be trivially bypassed.

I'm not sure if I can or will pursue this further, but here are some
ideas for discussion or further investigation:

- Logical channel access might have less restrictions.  I don't know
enough about SIMs/smartcards to know if SIMtester can be rewritten to
use a logical channel rather than the basic channel.

- The [Remote SIM Access for Android app](http://www.android-rsap.com/)
proxies SIM requests in some way over Bluetooth on supported phones.
Maybe it has another route to SIM card access that is less restricted.
I tried the trial app on my phone (which is supposed to be supported),
but I could not get it to work.  It seemed to be a fairly superficial
problem with the installation of a RIL wrapper library, rather than
something deeper, so maybe there is some hope yet.

- Arbitrary SIM requests may be possible with proprietary RIL requests,
AT commands, and/or Linux device ioctl's etc.  Personally, that's not
very interesting to me, though -- full Android support would be much
more useful.

Some more information is in the README.md of the linked code repository.
 If you're interested but are having trouble compiling or running, I'm
happy to help where I can, but maybe it should be off-list.

Thanks for reading and cheers,
Joey Hewitt


More information about the Simsec mailing list