The secret life of SIM cards (2013) (opens in new tab)

(simhacks.github.io)

225 pointscthackers11y ago43 comments

43 comments

i hate to be that guy, and without actually trying to start a flamewar or "who's better", I find it really interesting that americans are so great at marketing things, the german stuff works, but usually looks crappy. here's a CCC talk from 2011 on the topic [1]

you could observe the same thing when the ccc guys had their first gsm phones. Someone just showed up with a base station in the trunk of his car. compare that with the huge buzz that went around the same thing at defcon a couple of years ago. The defcon truck definitely looked WAY cooler.

but on topic what's actually really scary about this is that even newer smartphones would allow sim exploits to roam free. contrary to what you may think it's not just old phones.

[1] http://events.ccc.de/camp/2011/Fahrplan/events/4427.en.html

EDIT: while technically not exactly the same as opensimkit here's an answer to the why question posed by jacob appelbaum. I suspect the same applies here(and it's not really a bad reason either)

https://mailman.stanford.edu/pipermail/liberationtech/2013-J...

kalleboo11y ago

The CCC talk looks cool for digging into more of what's possible as well as actually building their own serial interface, but the DEFCON talk is more interesting from the perspective that they actually got their own virgin SIMs and implemented their own app.

FryHigh11y ago

In Kenya, the SIM card application is very important as most Telecommunication companies have important services that they offer thorugh the application. These include Mpesa, Airtel Money, YU Cash and Orange Money among other services.

The iPhone has a menu option within Settings > Phone > Sim Applications where these are displayed. I haven't seen this on other SIM cards

sjtrny11y ago

In Australia this is how you used to top-up prepaid phones with a credit card or check your balance. You can probably still use SIM applications to do it now but it seems to be mostly replaced by web portals.

girvo11y ago

Yeah. Telstra prepaid still do the phone driven menu, where you "call" a number, but instead of voice a text menu pops up on your phone. It's quite nice actually. I think they're called USSD menus?

1 more reply

tribaal11y ago

Same for Tanzania, Uganda, Rwanda, and I suspect a lot of the rest of the (non-Eastern) Africa.

USSD codes are critical.

rithi11y ago

Tanzania? Not so sure. What I've seen in Dar is that the way to access mobile money for instance is to dial 150XX# to access services. SIM Toolkit Applications on the contrary present as regular phone applications (albeit limited by the SIM tooklit capabilities).

mileschet11y ago

It reminds my good days programming simcards, i was the founded of a startup in Brazil that made a good use of simcard programming to store two numbers in the same simcard, around 2010 it's a cool and profitable, the thing is that i managed to insert a local imsi and an a north american imsi registered in the same card so everyone that travel abroad could be free of expensive roaming charges, them we sold the company and now days they are a reseller for some major carrier in US =)

geocar11y ago

Can you go into more details?

I travel a lot and use a hacked up Chinese phone since it supports dual SIM pretty well but I'd rather use an iPhone. Unfortunately I want both my US and UK numbers and contacts slightly more.

mileschet11y ago

For some reason i have that NDA shit on my back, but i can show you a few options available on ebay that works well too!

1 more reply

rasz_pl11y ago

in 2010??? v2/v3 sims were already popular in 2008, and its impossible to clone those (extract ki and imsi)

unless sims in brazil were that outdated/insecure at the time

abritishguy11y ago

It's not impossible, large carriers are still using DES to sign the OTA updates. Using rainbow tables you can crack the key and install an app which can break out of the sandbox and read the ki and IMSI.

1 more reply

farmdve11y ago

Wait, what? They're unknown in the U.S? Then what in the world are they using over there?

ChrisClark11y ago

Apps that run directly on the SIM card are relatively unknown in the US. We (in Canada) normally download apps that run on the phone's OS, like Android or iOS apps. Running apps directly on the SIM card is very unlikely.

dobbsbob11y ago

Most carriers like Wind sell phones with SIM apps to control your account, also there were a few banking apps done like this http://www.newswire.ca/en/story/1063949/cibc-and-rogers-comp...

I played around with a TurboSim for a while too back when I was testing out a SIM card 'firewall' that would block the carrier programmed SIM from responding to OTA updates or type-0 stealth SMS and other bad things http://www.bladox.com/ then phones with wifi that didn't require a SIM came out.

lucaspiller11y ago

There are also USSD menus which I hadn't heard of before going to Asia. It was used by carriers there to provide an alternative to voice menus to topup and buy addons. In India there is a company providing access to Facebook over it:

https://www.facebook.com/notes/airtel_in/airtel-launches-the...

abritishguy11y ago

USSD has very limited support outside Asia and US.

eli11y ago

Many people in the US are using CDMA phones that don't even have SIM cards.

JoshGlazebrook11y ago

This really isn't that accurate anymore. Verizon Wireless, which is the largest carrier in the US right now, uses sim cards in all of their LTE devices. Behind them is AT&T which of course is completely GSM and T-Mobile. Sprint, well... they're there.

2 more replies

msh11y ago

I am from Denmark and I have also never seen a application on a SIM card.

sjtrny11y ago

CDMA

thadk11y ago

In the public health space, these SIM applications on programmable SIM cards (pass-through sandwiched with parallel carrier SIM cards) are very useful for data collection: See Medic Mobile and http://vimeo.com/45532467 https://groups.google.com/forum/#!topic/ict4chw/5WKV3c6RfEU

Thlom11y ago

In Norway we can use a SIM application to log into the bank. Don't know how it works, but here's a introduction in English: https://www.bankid.no/Dette-er-BankID/BankID-in-English/Bank...

matthiasb11y ago

They did not mention who was their SIM vendor but each SIM vendor is using their own design for the metal contacts. One could find which vendor was trying to sell them the software which they did not own for $600.

RRRA11y ago

We need to get rid of the SIM card and the closed basebands if we ever want to save the internet / PC / FOSS that permitted this open ecosystem... #KeysToTheUsers

Wingman4l711y ago

These must be pretty small applications -- don't SIM cards have under a megabyte of storage capacity?

matthiasb11y ago

Yes. The memory space is very limited, which is why you cant code with String, int, or garbage collection. As mentioned in the video, the dev environment is limited and it allows to compile complex applications to a very small binary.

vardump11y ago

I was under impression the biggest cards have up to 1-2 MB RAM, 128 MB flash and relatively fast 32-bit MCUs.

And that was a few years ago.

Edit: Found a PDF from 2006 that talks about even higher spec SIM cards: http://www.spansion.com/products/documents/hd_sim_whitepaper...

pjmlp11y ago

The wonders one can do with 64KB. :)

wolfgke11y ago

Indeed: http://www.pouet.net/

geon11y ago

The slide (8) says 72k EEPROM, 6k RAM and 256 k ROM.

srean11y ago

It seems it would be a lot of fun to hack on these with some version of Lua. A reference counted variant might be more suitable.

Havent had a chance to watch the presentation, perhaps its already answered there: Are these totally locked down or is it within realms of possibility to take out the SIM card from an average GSM phone and start poking around, adding one's own applications.

j / k navigate · click thread line to collapse

43 comments

rjzzleep11y ago

but on topic what's actually really scary about this is that even newer smartphones would allow sim exploits to roam free. contrary to what you may think it's not just old phones.

[1] http://events.ccc.de/camp/2011/Fahrplan/events/4427.en.html

EDIT: while technically not exactly the same as opensimkit here's an answer to the why question posed by jacob appelbaum. I suspect the same applies here(and it's not really a bad reason either)

https://mailman.stanford.edu/pipermail/liberationtech/2013-J...

kalleboo11y ago

FryHigh11y ago

The iPhone has a menu option within Settings > Phone > Sim Applications where these are displayed. I haven't seen this on other SIM cards

sjtrny11y ago

girvo11y ago

Yeah. Telstra prepaid still do the phone driven menu, where you "call" a number, but instead of voice a text menu pops up on your phone. It's quite nice actually. I think they're called USSD menus?

1 more reply

tribaal11y ago

Same for Tanzania, Uganda, Rwanda, and I suspect a lot of the rest of the (non-Eastern) Africa.

USSD codes are critical.

rithi11y ago

mileschet11y ago

geocar11y ago

Can you go into more details?

I travel a lot and use a hacked up Chinese phone since it supports dual SIM pretty well but I'd rather use an iPhone. Unfortunately I want both my US and UK numbers and contacts slightly more.

mileschet11y ago

For some reason i have that NDA shit on my back, but i can show you a few options available on ebay that works well too!

1 more reply

rasz_pl11y ago

in 2010??? v2/v3 sims were already popular in 2008, and its impossible to clone those (extract ki and imsi)

unless sims in brazil were that outdated/insecure at the time

abritishguy11y ago

1 more reply

farmdve11y ago

Wait, what? They're unknown in the U.S? Then what in the world are they using over there?

ChrisClark11y ago

dobbsbob11y ago

Most carriers like Wind sell phones with SIM apps to control your account, also there were a few banking apps done like this http://www.newswire.ca/en/story/1063949/cibc-and-rogers-comp...

lucaspiller11y ago

https://www.facebook.com/notes/airtel_in/airtel-launches-the...

abritishguy11y ago

USSD has very limited support outside Asia and US.

eli11y ago

Many people in the US are using CDMA phones that don't even have SIM cards.

JoshGlazebrook11y ago

2 more replies

msh11y ago

I am from Denmark and I have also never seen a application on a SIM card.

sjtrny11y ago

CDMA

thadk11y ago

Thlom11y ago

In Norway we can use a SIM application to log into the bank. Don't know how it works, but here's a introduction in English: https://www.bankid.no/Dette-er-BankID/BankID-in-English/Bank...

matthiasb11y ago

RRRA11y ago

We need to get rid of the SIM card and the closed basebands if we ever want to save the internet / PC / FOSS that permitted this open ecosystem... #KeysToTheUsers

Wingman4l711y ago

These must be pretty small applications -- don't SIM cards have under a megabyte of storage capacity?

matthiasb11y ago

vardump11y ago

I was under impression the biggest cards have up to 1-2 MB RAM, 128 MB flash and relatively fast 32-bit MCUs.

And that was a few years ago.

Edit: Found a PDF from 2006 that talks about even higher spec SIM cards: http://www.spansion.com/products/documents/hd_sim_whitepaper...

pjmlp11y ago

The wonders one can do with 64KB. :)

wolfgke11y ago

Indeed: http://www.pouet.net/

geon11y ago

The slide (8) says 72k EEPROM, 6k RAM and 256 k ROM.

srean11y ago

It seems it would be a lot of fun to hack on these with some version of Lua. A reference counted variant might be more suitable.

j / k navigate · click thread line to collapse