In previous articles we have discussed the basics of SIMs and SMS as well as the different types of SMS messages such as SMS-Submit, SMS-Submit and Over The Air messages (specifically SMS-PP Data Download). In this part we will be talking about SIM Tester.
SIMTester is a tool written in Java by the folks of Security Research Labs and it is used to assess the security of SIM Cards in 2 dimensions: Cryptanalytic Attack Surface by collecting cryptographic signatures and encryptions of known plaintexts and Application Attack Surface by generating a list of all application identifiers (TAR) and find “unprotected” (MSL=0) applications.
Based on the project’s wiki the requirements for running SIM Tester are as follows:
- Java 1.7+
- PC/SC reader (via pcsc daemon) βorβ
- Osmocom phone (via libosmosim)
In this case we will be using a PCSC-enabled smart card reader, PCSC is a standard for communication between a Personal Computer and an Smart Card. Although this specification was initially created for Windows computers, currently there are implementations available for Linux and MacOS as well, there is a free implementation known as PCSC Lite and that’s the one we will be using here.
Before moving on to installing all the required software, we need to get our hands on a smart card reader with support for the PCSC standard, for that we will be using a reader as the one shown below (I got this this one from a local store for about $20):
Installing the required software
If you are using Linux (Ubuntu in this case), there are already packages available with the required software and libraries, so, first we are going to install the pcsc daemon (pcscd) and the pcsc-tools:
apt-get install pcscd
apt-get install pcsc-tools
As well as installing the required libraries (libpcsclite1 and libpcsclite-dev):
apt-get install libpcsclite1
apt-get install libpcsclite-dev
And finally the CCID driver (libccid):
apt-get install libccid
Testing the reader
Once the required software is installed, we need to check if the smart card reader is working correctly, to do so, we first start the pcscd:
pcscd
Then we insert the SIM Card into the smart card reader and connect the smart card reader into a USB port on your computer:
Now we run the pcsc_scan (part of pcsc-tools) in order to make sure that the smart card has been detected and working as expected:
pcsc_scan
You will see a result like the following:
Running SIM Tester
Download the pre-compiled binary zip from the repository and unzip it:
unzip SIMTester_v1.9.zip
After unzipping, you can run SIM Tester as follows:
java -jar SIMTester.jar
Do note that in case that Java has trouble finding the libpcsclite shared object, you would need to specify the path manually as follows:
java -Dsun.security.smartcardio.library=/usr/lib/x86_64-linux-gnu/libpcsclite.so -jar SIMTester.jar
In the following video you can see the result of running SIM Tester:
In the above video, around minute 1:10, we can see that critical weaknesses has been identified on TAR 505348 and this is the main indicator that the SIM Card is vulnerable to the SIM Jacker attack:
In part 4 of these series we will see how to exploit the SIM Jacker vulnerability.
References
[1] PCSC Group
[2] SIM Tester
[3] PCSC Lite
[4] CCID
[5] PCSC-Tools
Recent Comments