c:\_MNT\PROJECTS\_PROJECTS\SIMSEC\_TOOLKIT\_app>shell # JAVA / eUICC CARD INTROSPECTOR # (c) Security Explorations 2016-2019 Poland # https://security-explorations.com # (c) AG Security Research 2019-2025 Poland # https://agsecurityresearch.com LOADING KEYSETS - db\keysets\testsd.kset (3 ksets) - db\keysets\testsd2.kset (3 ksets) LOADING CARDS - db\cards\GD.card - db\cards\Kigen.card LOADING MEM DESCRIPTIONS - db\mems\kigen.mem loaded sctoolkit [SIM Card toolkit] loaded crypto [Crypto ops] loaded serial [Serial channel Interface] loaded network [Network channel Interface] loaded netserver [Network server] loaded cardfs [Card file system] loaded verifykey [VerifyKey auth] loaded scp01 [SCP01 auth] loaded scp02 [SCP02 auth] loaded gpcmds [Global Platform commands] loaded stk [SIM Toolkit support] loaded efsms [EFsms OTA proto] loaded otasms [SMS OTA proto] loaded otacbs [CBS OTA proto] loaded scanners [Helper scanners] loaded jvm [Java VM] loaded javacard [Java Card VM] loaded capbuild [CAP file build] loaded agent [Agent Interface] loaded euicc [eUICC profile] loaded mem [Memory provider] loaded kigen [Kigen eUICC commands] loaded obfuscate [Obfuscator] loaded seccheck [Basic Security Check] loaded license [License Generator] scard> terminal -c 0 card: Kigen eUICC info: PC/SC card in Gemplus USB Smart Card Reader 0, protocol T=0, state OK ATR 3b 9f 96 80 3f 87 82 80 31 e0 73 fe 21 1f 57 45 43 75 31 30 13 65 02 channel: 0 secure: false auth: SCP_02 handler: scard> scard> #set TAR of target app scard> scard> set tar 0xaabbcc ERROR: invalid number of arguments scard> scard> scard> scard> #declare var denoting GSM app scard> scard> var gsmapp str scard> scard> scard> scard> #set the value of GSM app scard> scard> set gsmapp A0000000090001FF33FFFF89C0000000 scard> scard> scard> scard> #declare var denoting pkg aid scard> scard> var pkgaid str scard> scard> scard> scard> #set the value of pkg aid scard> scard> set pkgaid A00000004147535201 scard> scard> scard> scard> #declare var denoting pkg2 aid scard> scard> var pkg2aid str scard> scard> scard> scard> #set the value of pkg2 aid scard> scard> set pkg2aid A00000004147535202 scard> scard> scard> scard> #declare var denoting applet aid scard> scard> var appaid str scard> scard> scard> scard> #set the value of applet aid scard> scard> set appaid A0000000414753520101 scard> scard> scard> scard> #declare var denoting applet2 aid scard> scard> var app2aid str scard> scard> scard> scard> #set the value of applet2 aid scard> scard> set app2aid A0000000414753520102 scard> scard> scard> scard> #declare var denoting STK applet aid scard> scard> var stkappaid str scard> scard> scard> scard> #set the value of applet aid scard> scard> set stkappaid A00000004147535201000000aabbcc scard> scard> scard> scard> #declare var denoting CAP file scard> scard> var capfile str scard> scard> scard> scard> #set the value of CAP file scard> scard> set capfile agent.cap scard> scard> scard> scard> #declare var denoting package CAP file scard> scard> var cap2file str scard> scard> scard> scard> #set the value of package CAP file scard> scard> set cap2file basepkg.cap scard> scard> scard> scard> #register APIs scard> scard> import generic register api: a0000000620002 [java/io] register api: a0000000620001 [java/lang] register api: a0000000620003 [java/rmi] register api: a0000000620101 [javacard/framework] register api: a0000000620102 [javacard/security] register api: a000000062010101 [javacard/framework/service] register api: a0000000620201 [javacardx/crypto] register api: a0000000090003ffffffff8910710001 [sim/access] register api: a0000000090003ffffffff8910710002 [sim/toolkit] register api: a0000000030000 [visa/openplatform] scard> scard> stk [TERMINAL_PROFILE] req -> 00000000: 80 10 00 00 27 ff ff ff ff ff ff ff ff ff ff ff ....'........... 00000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ............ rsp <- 00000000: 91 0f .. [FETCH] req -> 00000000: 80 12 00 00 0f ..... rsp <- 00000000: d0 0d 81 03 01 05 00 82 02 81 82 99 02 09 0a 90 ................ 00000010: 00 . PROACTIVE[setup_event_list] - CommandDetails 00000000: 01 05 00 ... - DeviceIdentity 00000000: 81 82 .. - EventList 00000000: 09 0a .. PROACTIVE[setup_event_list] - CommandDetails 00000000: 01 05 00 ... - DeviceIdentity 00000000: 82 81 .. - Result 00000000: 00 . [TERMINAL_RESPONSE] req -> 00000000: 80 14 00 00 0c 01 03 01 05 00 02 02 82 81 03 01 ................ 00000010: 00 . rsp <- 00000000: 90 00 .. scard> set tar 0 scard> set spi1 CC.Ciphering.NoCounter scard> set spi2 PoR.CC.NoCiphering scard> set kic K1.DES.CBC2keys scard> set kid K1.DES.CBC2keys scard> apduhandlers -c 0 -a stk scard> ota -e scard> getdata 0xdf1f [GET_DATA] req -> 00000000: 80 ca df 1f 00 ..... req -> 00000000: 80 ca df 1f 00 00 c0 00 00 00 .......... - SMS_PP_Download SMS_PP_Download - DeviceIdentity 00000000: 83 81 .. - SMS TPDU - FirstOctet 00000000: 74 t - Addr: 1122334455 00000000: 0a 98 11 22 33 44 55 ..."3DU - PID 00000000: 7f . - DCS 00000000: 16 . - TimeStamp 00000000: 19 07 03 0c 38 2b 04 ....8+. - UserData * hdr len 02 00000000: 70 00 p. * ud len (with hdr) 25 00000000: 00 20 15 06 09 15 15 00 00 00 3e 2b cd a4 a1 2e ..........>+.... 00000010: 14 65 60 3e cc 0e a7 e7 d4 8b b7 7a 83 ef 0f 0c .e.>.......z.... 00000020: c2 41 .A [ENVELOPE] req -> 00000000: 80 c2 00 00 3f d1 3d 02 02 83 81 0b 37 74 0a 98 ....?.=.....7t.. 00000010: 11 22 33 44 55 7f 16 19 07 03 0c 38 2b 04 25 02 ."3DU......8+.%. 00000020: 70 00 00 20 15 06 09 15 15 00 00 00 3e 2b cd a4 p...........>+.. 00000030: a1 2e 14 65 60 3e cc 0e a7 e7 d4 8b b7 7a 83 ef ...e.>.......z.. 00000040: 0f 0c c2 41 ...A rsp <- 00000000: 02 71 00 00 2c 12 00 00 00 00 00 00 00 00 00 00 .q..,........... 00000010: 1e 85 56 f4 3f 73 6b c5 01 90 00 df 1f 13 45 43 ..V.?sk.......EC 00000020: 75 31 30 31 33 65 23 06 23 00 05 b1 1a 00 04 85 u1013e#.#....... 00000030: 30 90 00 0.. - TAR 00000000: 00 00 00 ... - CNTR 00000000: 00 00 00 00 00 ..... - PCNTR 00000000: 00 . - StatusCode [PoR OK] 00000000: 00 . - CryptoChecksum 00000000: 1e 85 56 f4 3f 73 6b c5 ..V.?sk. - AdditionalRespData cmdcnt: 1 sw: 9000 - msg 00000000: df 1f 13 45 43 75 31 30 31 33 65 23 06 23 00 05 ...ECu1013e#.#.. 00000010: b1 1a 00 04 85 30 90 00 .....0.. scard>