SIM Card Copy

t3st3r t3st3r at
Thu Nov 29 09:04:20 CET 2007

> I just had an idea that I got from a couple of devices, how about a virtual
> SIM card? Is it possible to make an ISO of a SIM card and store it in the
> Neo to be, for lack of a better word, booted from?
In general, no. SIM card is a bit more than just a dumb file system.It does has own CPU, file system, etc - all in one IC. When network requests subscriber authentication, request (with random number) is in fact passed to SIM card. Then SIM does computes proper response itself and returns these data to the phone. You can not compute response yourself without having proper card's internal key, known as Ki and once request is a random number, you have no way to craft proper reply without having correct Ki key. This Ki key is being written to the card at manufacturing time.Then, ETSI specs require Ki file to be "invalidated".I.e. this file becomes available only to card itself and it's built-in software only.But it should be never sent by the card to outside world.So, card can compute auth.Nobody else can.Except operator's hardware where another Ki copy resides so this hardware can repeat same computations and check if our reply to request is correct.

Well, in real world all things are not as ideal as it was intended to be.At least some SIM cards still can be "cloned".Initially, algo had cryptographic flaws allowing to recover Ki key if enough responses collected.So there was softwares which issued lots of requests to card and then recomputed Ki key using obtained responses.This requires some noticeable time and physical access to SIM card.However even this does not makes operators too happy.So today most cards are either limited in a number of requests they're willing to serve during their life and dying when this number is exhausted (this causes card to die somewhere in the middle of Ki recovery attempt) or networks are updated to use newer auth algos without such flaws.Cards which are using newer algos can not be cloned since you can't recompute Ki even if you have lots of responses collected.So, in modern world lots of cards can't be copied.You can backup some stuff like SMSes or phonebook or other crap.But you still can't pass authentication without having a real SIM card.

Theoretically, phone can compute authentication data on it's own, making virtual SIMs possible (and at least Siemens Mobile did implemented virtual SIM stuff in their phone firmwares for testing and debugging).On a practice however things are limited by your ability to get proper Ki and only if standard auth algo used by the network.In general, you can't expect this to work.Also in OpenMoko hardware design it is probably Calypso GSM modem IC who handles all this low-level GSM network crap on it's own.Inside it's own closed proprietary firmware, making things even harder to implement.I suspect that proprietary firmware is also heavily protected against any unauthorized modifications (Ti is known to be quite paranoid on security stuff).So, this is both hard to implement and OpenMoko isn't a best choice here as well.

More information about the community mailing list