Difference between pages "Blackberry Forensics" and "SIM Cards"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
'''Blackberry Forensics''' is a page dedicated to the forensics world. This page should contain all the necessary steps to acquire data from a BlackBerry Device.  
+
[[Image:Simpic.jpg|thumb|A typical SIM card.]]
<br/>
+
<br/>
+
  
== Warning for BlackBerry Forensics ==
+
== SIM-Subscriber Identity Module ==
[[BlackBerry]] devices come with password protection. The owner has the capability to protect all data on the phone with a password. The user may also specify the amount of attempts for entering the password before wiping all data from the device.
+
  
[[Image:Image1.jpg|none|thumb]]
+
The UICC (Universal Integrated Circuit Card) is a smart card which contains account information and memory that is used to enable GSM cellular telephones.  One of the applications running on the smart card is the SIM, or Subscriber Identity Module. In common parlance the term "UICC" is not used an the phrase "SIM" is used to describe the smart card itself.
  
If you exceed your password attempts limit (defaults to 10, but you can set it as low as 3), you will be prompted one last time to type the word BlackBerry.  
+
Because the SIM is just one of several applications running on the smart card, a given card could, in theory, contain multiple SIMs. This would allow multiple phone numbers or accounts to be accessed by a single UICC. This is seldom seen, though there is at least one "12-in-1" SIM card being advertised at present.
  
[[Image:Image2.jpg|none|thumb]]
+
Early versions of the UICC used full-size smart cards (85mm x 54mm x 0.76mm).  The card has since been shrunk to the standard size of 25mm x 15mm x 0.76mm.
  
The device will then wipe. It will be reset to the factory out-of-the-box condition (default folder structure), and the password reset. You will lose everything in the device memory, with no possibility of recovery. It will not reformat the microSD card, since that's not part of the factory configuration. The phone will still be usable, and the operating system will be unchanged. So this technique cannot be used to roll back from an OS upgrade problem.
 
  
Obviously this is a serious problem if you need to perform forensics on the device. The best work around is to work with the owner of the device and hopefully get them to disclose the password.
+
Although UICC cards traditionally held just 16 to 64KB of memory, the recent trend has been to produce SIM cards with larger storage capacities, ranging from 512MB up to [http://www.m-systems.com/site/en-US/ M-Systems'] 1GB SIM Card slated for release in late 2006.
  
 +
== ICCID ==
  
== Acquiring BlackBerry Backup File (.ipd) ==
+
Each SIM is internationally identified by its ICC-ID (Integrated Circuit Card ID). ICC-IDs are stored in the SIM card and can also be engraved or printed on the SIM card’s body during a process called personalization. The number is up to 18 digits long with an addition of a single “check digit” that is used for error detection.  This single digit allows us to detect an input error of digits, mistyped digits or a permutation of two successive digits.  This digit was calculated using the Luhn algorithm.
* Version 4.6 was used in this example
+
A typical SIM (19 digits) example 89 91 10 1200 00 320451 0, provide several details as follows:
 +
*The first two digits (89 in the example) refers to the Telecom Id.
 +
*The next two digits (91 in the example) refers to the country code (91-India).
 +
*The next two digits (10 in the example) refers to the network code.
 +
*The next four digits (1200 in the example) refers to the month and year of manufacturing.
 +
*The next two digits (00 in the example) refers to the switch configuration code.
 +
*The next six digits (320451 in the example) refers to the SIM number.
 +
*The last digit which is separated from the rest is called the “check digit”.
  
Prerequisites:<br/>
+
These digits can be further grouped for additional information:
Download and install Blackberry Desktop Manager. <br/>
+
*The first 3 to 4 digits represents the Mobile Country Code (MCC) 
Use the following link to select and download the install file that fits your system or version. <br/>
+
**(Some cards only have 3 digits to represent the Telecom ID and country code.)
https://www.blackberry.com/Downloads/entry.do?code=A8BAA56554F96369AB93E4F3BB068C22 <br/>
+
*The next 2 digits represent the Mobile Network Code (MNC, AKA the mobile operator)
<br/>
+
*The next 12 digits is the number represent the Home Location Register
 +
*And mentioned above, the “check digit”
  
Once Desktop Manager is installed:<br/>
+
== Location Area Identity==
1. Open Blackberry’s Desktop Manager.<br/>
+
2. Click “Options” then “Connection Settings” <br/>
+
  
[[Image:BBManager4 6 Options.JPG|none|thumb]]<br/><br/>
+
Operation networks for cell phone devices are divided into area locations called Location Areas. Each location is identified with its own unique identification number creating the LAI (Location Area Identity).  A phone will store this number on its SIM card so it knows what location it’s in and to be able to receive service.  If a phone were to change to a new Location Area, it stores the new LAI in the SIM card, adding to a list of all the previous LAIs it has been in.  This way if a phone is powered down, when it boots back up, it can search its list of LAIs it has stored until it finds the one its in and can start to receive service again.  This is much quicker than scanning the whole list of frequencies that a telephone can have access on. 
 +
This is a real plus for forensic investigators because when a SIM card is reviewed, they can get a general idea of where the SIM card has been geographically.  In turn this tells them where the phone has been and can then relate back to where the individual who owns the phone has been. 
  
4. If the Desktop Manager hasn't already done so, select “USB-PIN: Device #” for connection type. Your device # may not be the same as the image below.<br/>
+
== SIM Security ==
  
[[Image:BBManager4 6 Connect.JPG|none|thumb]]<br/>
+
Information inside the UICC can be protected with a PIN and a PUK.
  
5.     Click "OK" to return to the main menu.<br/><br/>
+
A PIN locks the SIM card until correct code is entered. Each phone network sets the PIN of SIM to a standard default number (this can be changed via handset). If PIN protection is enabled, the PIN will need to be entered each time phone is switched on. If the PIN is entered incorrectly 3 times in a row, the SIM card will be blocked requiring a PUK from the network/service provider.
6. Click “Backup and Restore”.<br/>
+
  
[[Image:BBManager4 6 Backup.JPG|none|thumb]]  <br/><br/>
+
A PUK is needed if the PIN is entered incorrectly 3 times and the SIM is blocked (phone is unable to make and receive calls/texts). The PUK can be received from the network provider, or possibly the GSM cell phone manual. '''Caution:''' if PUK is entered 10 times incorrectly, the SIM card is permanently disabled and must be exchanged.
  
7.      Click the "Back up" button for a full backup of the device or use the Advanced section for specific data.<br/>
+
== SIM Forensics ==
  
[[Image:BBManager4 6 Backup1.JPG|none|thumb]]<br/><br/>
+
The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.
  
8. Select your destination and save the ".ipd" file.<br/>
+
In general, some of this data can help an investigator determine:
 +
* Phone numbers of calls made/received
 +
* Contacts
 +
* [[SMS]] details (time/date, recipient, etc.)
 +
* SMS text (the message itself)
  
[[Image:BBManager4 6 Save.JPG|none|thumb]]<br/>
+
There are many software solutions that can help the examiner to acquire the information from the SIM card. Several products include 3GForensics SIMIS [http://www.3gforensics.co.uk/products.htm], Inside Out's [http://simcon.no/ SIMCon], or SIM Content Controller, and Paraben Forensics' [http://www.paraben-forensics.com/catalog/product_info.php?products_id=289 SIM Card Seizure].
  
 +
The SIM file system is hierarchical in nature consisting of 3 parts:
 +
*Master File (MF) - root of the file system that contains
 +
DF’s and EF’s
 +
*Dedicated File (DF)
 +
*Elementary Files (EF)
  
=== Using Older Versions of Desktop Manager ===
 
Visit the archived instructions for use with older versions of Desktop Manager [[Blackberry Forensics Backup File Old|click here]].
 
  
<br/>
+
=== Data Acquisition ===
<br/>
+
  
== Opening Blackberry Backup Files (.ipd)* ==
+
These software titles can extract such technical data from the SIM card as:
* Trial Version 6.7 was used in this example
+
  
1. Purchase Amber BlackBerry Converter ($19.95/user or $59.95/unlimited) or Download the Trial Version from http://www.processtext.com/abcblackberry.html
+
* '''International Mobile Subscriber Identity (IMSI)''': A unique identifying number that identifies the phone/subscription to the [[GSM]] network
 +
* '''Mobile Country Code (MCC)''': A three-digit code that represents the SIM card's country of origin
 +
* '''Mobile Network Code (MNC)''': A two-digit code that represents the SIM card's home network
 +
* '''Mobile Subscriber Identification Number (MSIN)''': A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
 +
* '''Mobile Subscriber International ISDN Number (MSISDN)''': A number that identifies the phone number used by the headset
 +
* '''Abbreviated Dialing Numbers (ADN)''': Telephone numbers stored in sims memory
 +
* '''Last Dialed Numbers (LDN)'''
 +
* '''Short Message Service (SMS)''': Text Messages
 +
* '''Public Land Mobile Network (PLMN) selector'''
 +
* '''Forbidden PLMNs'''
 +
* '''Location Information (LOCI)'''
 +
* '''General Packet Radio Service (GPRS) location'''
 +
* '''Integrated Circuit Card Identifier (ICCID)'''
 +
* '''Service Provider Name (SPN)'''
 +
* '''Phase Identification'''
 +
* '''SIM Service Table (SST)'''
 +
* '''Language Preference (LP)'''
 +
* '''Card Holder Verification (CHV1) and (CHV2)'''
 +
* '''Broadcast Control Channels (BCCH)'''
 +
* '''Ciphering Key (Kc)'''
 +
* '''Ciphering Key Sequence Number'''
 +
* '''Emergency Call Code'''
 +
* '''Fixed Dialing Numbers (FDN)'''
 +
* '''Forbidden PLMNs'''
 +
* '''Local Area Identitity (LAI)'''
 +
* '''Own Dialing Number'''
 +
* '''Temporary Mobile Subscriber Identity (TMSI)'''
 +
* '''Routing Area Identifier (RIA) netowrk code'''
 +
* '''Service Dialing Numbers (SDNs)'''
 +
* '''Service Provider Name'''
 +
* '''Depersonalizatoin Keys'''
  
<br>2. Use File | Open and point the program to the BlackBerry backup file (.ipd).
+
This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.
  
[[Image:ABCOpen.JPG|none|thumb]]
+
== USIM-Universal Subscriber Identity Module ==
  
<br>3. Navigate to the appropriate content by using the navigation icons on the left and/or top.
+
A Universal Subscriber Identity Module is an application for UMTS mobile telephony running on a UICC smart card which is inserted in a 3G mobile phone. There is a common misconception to call the UICC card itself a USIM, but the USIM is merely a logical entity on the physical card.
<br>[[Image:ABCView.JPG|none|thumb]]<br>
+
<small>click for enlarged version</small>
+
<br>
+
  
=== Advanced Export Options ===
+
It stores user subscriber information, authentication information and provides storage space for text messages and phone book contacts. The phone book on a UICC has been greatly enhanced.
You may also export each subsection of acquired data to different file types such as pdf, txt, and html, etc.<br>
+
1. Select the appropriate content from the navigation items on the left.<br>
+
2. Either select an individual row or click "Select All" to export all rows.<br>
+
[[Image:ABCExportSelectAll.JPG|none|thumb]]<br><br>
+
3. Click "Fields to export" button<br>
+
  
[[Image:ABCExportButton.JPG|none|thumb]]<br><br>
+
For authentication purposes, the USIM stores a long-term preshared secret key K, which is shared with the Authentication Center (AuC) in the network. The USIM also verifies a sequence number that must be within a range using a window mechanism to avoid replay attacks, and is in charge of generating the session keys CK and IK to be used in the confidentiality and integrity algorithms of the KASUMI block cipher in Universal Mobile Telecommunications System (UMTS).
  
4. Select all the criteria for that subsection in which you wish to export and click "OK"<br>
+
In Mobile Financial Services, USIM seems to be a mandetory Security Element for user authentication, authorization and stored credentials. With the integration of NFC Handset and USIM, users will be able to make proximity payments where the NFS handset enables contactless payment and USIM enables independent security element.
 +
This is the evolution of the SIM for 3G devices. It can allow for multiple phone numbers to be assigned to the USIM, thus giving more than one phone number to a device.
  
[[Image:ABCExportFields.JPG|none|thumb]]<br><br>
+
== Service Provider Data ==
  
5. Select your output type from the bottom list of selections and click "Save As..."<br>
+
Some additional information the service provider might store:
[[Image:ABCExportOptions.JPG|none|thumb]]<br><br>
+
  
 +
* A customer database
 +
* [[Call Detail Record]]s (CDR)
 +
* [[Home Location Register]] (HLR)
  
  
== Blackberry IPD File Format (.ipd) ==
+
== Service Providers that use SIM Cards in the United States ==
 +
* T-Mobile
 +
* Cingular/AT&T
  
For a more advanced and in depth look at the file format of (.ipd) backup files visit the following site.
+
== Sim Card Text Encoding ==
<br><br>
+
http://na.blackberry.com/eng/devjournals/resources/journals/jan_2006/ipd_file_format.jsp
+
<br><br>
+
  
 +
Originally the middle-European [[GSM]] network used only a 7-bit code derived from the basic [[ASCII]] code. However as GSM spread worldwide it was concluded that more characters, such as the major characters of all living languages, should be able to be represented on GSM phones. Thus, there was a movement towards a 16-bit code known as [[UCS-2]] which is now the standard in GSM text encoding. This change in encoding can make it more difficult to accurately obtain data form [[SIM cards]] of the older generation which use the 7-bit encoding. This encoding is used to compress the hexadecimal size of certain elements of the SIMs data, particularly in [[SMS]] and [[Abbreviated Dialing Numbers]].
  
 +
== Authentication Key (Ki) ==
 +
The authentication key or Ki is a 128 bit key used in the authentication and cipher key generation process. In a nutshell, the key is used to authenticate the SIM on the GSM network. Each SIM contains this key which is assigned to it by the operator during the personalization process. The SIM card is specially designed so the Ki can't be compromised using a smart-card interface. However, flaws in the GSM cryptography have been discovered that do allow the extraction of the Ki from the SIM card, and essentially SIM card duplication.
  
== Acquisition with Paraben's Device Seizure ==
+
== See also ==
* You may purchase a copy of Device Seizure on Paraben's Website [http://www.paraben-forensics.com/catalog/product_info.php?cPath=25&products_id=405 here].
+
As an alternative to acquiring the Blackberry through Amber Blackberry Converter, Paraben's Device Seizure is a simple and effective method to acquire the data.  The only drawback, is that this method takes significantly more time to acquire than using Amber Blackberry Converter.
+
  
1. Create a new case in Device Seizure with File | New.
+
* [[SIM Card Forensics]]
  
2. Give the case a name and fill in any desired information about the case on the next two screens.  The third screen is a summary of the data entered.  If all data is correct click Next and then Finish.
+
== References ==
  
3. You are now ready to acquire the phone.  Go to Tools | Data Acquisition.
+
* [http://www.simcon.no/ SIMCon]
 
+
* [http://www.sectorforensics.co.uk/sim-examination.shtml Sector Forensics]
4. You are prompted for the supported manufacturer.  Select RIM Blackbery (Physical).<br/>
+
* [http://www.utica.edu/academic/institutes/ecii/ijde/articles.cfm?action=issue&id=5  IJDE Spring 2003 Volume 2, Issue 1 ]: [http://www.utica.edu/academic/institutes/ecii/publications/articles/A0658858-BFF6-C537-7CF86A78D6DE746D.pdf Forensics and the GSM Mobile Telephone System] (PDF)
[[Image:Image10.JPG|none|thumb]]<br/><br/>
+
* http://en.wikipedia.org/wiki/Subscriber_Identity_Module
 
+
5. Leave supported models at the default selection of autodetect.<br/>
+
[[Image:Image11.JPG|none|thumb]]<br/><br/>
+
 
+
6. Connection type should be set to USB.<br/>
+
[[Image:Image12.JPG|none|thumb]]<br/><br/>
+
 
+
7. For data type selection select Logical Image (Databases).<br/>
+
[[Image:Image13.jpg|none|thumb]]<br/><br/>
+
 
+
8. Confirm your selections on the summary page and click Next to start the acquisition.
+
<br/>
+
Now wait until the program is done acquiring data from the device. <br/><br/>
+
Please Note: In some instances the wait can be up to 30-45 minutes.
+
<br/><br/>
+
 
+
== BlackBerry Simulator ==
+
* For simulating a backup copy of the physical device. This is helpful if the device is low on battery, needs to be turned off,
+
* or you don't want to alter the data on the physical device.
+
 
+
This is a step by step guide to downloading and using a BlackBerry simulator. In this example the version 4.0.2 was used in order to simulate the 7230 series.
+
<br/><br/>
+
 
+
1. Select a simulator to download from the drop-down list on the [https://www.blackberry.com/Downloads/entry.do?code=060AD92489947D410D897474079C1477 BlackBerry website].
+
*For this example look through the list and download BlackBerry Handheld Simulator v4.0.2.51.
+
 
+
2. Then click ''Next''.
+
 
+
3. Enter your proper user credentials and click ''Next'' to continue.
+
 
+
4. On the next page, reply accordingly to the eligibility prompt and click ''Next'' to continue.*
+
 
+
5. Agree or disagree to the SDK agreement and click ''Submit'' to continue.*
+
 
+
6. The next page will provide you with a link to download the .ZIP file containing the wanted simulator.
+
* - If you disagree at any of these points you will not be able to continue to the download.
+
 
+
7. Extract the files to a folder that can easily be accessed (I used the desktop).
+
 
+
8. In that folder, find the xxxx.bat file (where xxxx is the model number of the device that is being simulated). The simulator should now open an image that resembles the phone.
+
 
+
9. In the ''BlackBerry 7230 Simulator'' window, select ''Simulate'' | ''USB Cable Connected''.  Refer to ''Figure BS-1'' for further assistance.
+
 
+
[[Image:7230_1.JPG|none|thumb]]
+
 
+
''Figure BS-1''
+
 
+
10. Open BlackBerry Desktop Manager.  If there are no Outlook profiles created there will be a prompt on how to create one.  Click ''OK'' to continue.  If the BlackBerry xxxx Simulator has properly connected to the BlackBerry Desktop Manager, ''Connected'' should be displayed at the bottom of the BlackBerry Desktop Manager window.  Refer to ''Figure BS-2'' for further assistance.
+
 
+
[[Image:BBDM_1.JPG|none|thumb]]
+
 
+
''Figure BS-2''
+
 
+
11. Double click ''Backup and Restore'' | select ''Restore...''.  Refer to ''Figure BS-2'' for further reference.
+
 
+
12. Navigate to the directory where an .ipd file that has been previously backed up is stored and select Open to load that file to the Simulator.  See the Acquiring BlackBerry Backup File section above on information on how to backup a physical BlackBerry.
+
 
+
== Blackberry Protocol ==
+
http://www.off.net/cassis/protocol-description.html
+
 
+
Here is a useful link to the Blackberry Protocol as documented by Phil Schwan, Mike Shaver, and Ian Goldberg. The article goes into great description of packet sniffing and the protocol as it relates to data transfer across a USB port.
+
 
+
==References==
+
* [http://www.processtext.com/abcblackberry.html ABC], Amber BlackBerry Converter
+
* [https://www.blackberry.com/Downloads/entry.do?code=060AD92489947D410D897474079C1477 BlackBerry Simulator], Simulator Download website
+
* [http://www.forensicswiki.org/wiki/BlackBerry Blackberry], BlackBerry Forensics Wiki page
+
* [https://www.blackberry.com/Downloads/entry.do?code=A8BAA56554F96369AB93E4F3BB068C22 Desktop Manager], BlackBerry Desktop Manager Download website
+
* [http://na.blackberry.com/eng/devjournals/resources/journals/jan_2006/ipd_file_format.jsp IPD], IPD File Format
+
* [[Blackberry Forensics Backup File Old|Older Desktop Manager Versions]], Using older versions of BlackBerry Desktop
+
* [http://www.paraben-forensics.com/catalog/index.php Paraben], Paraben Corporation website
+
* [http://www.off.net/cassis/protocol-description.html Blackberry Protocol]
+
* [http://www.rh-law.com/ediscovery/Blackberry.pdf Forensic Examination of a RIM (BlackBerry) Wireless Device]
+

Revision as of 08:55, 29 September 2008

A typical SIM card.

SIM-Subscriber Identity Module

The UICC (Universal Integrated Circuit Card) is a smart card which contains account information and memory that is used to enable GSM cellular telephones. One of the applications running on the smart card is the SIM, or Subscriber Identity Module. In common parlance the term "UICC" is not used an the phrase "SIM" is used to describe the smart card itself.

Because the SIM is just one of several applications running on the smart card, a given card could, in theory, contain multiple SIMs. This would allow multiple phone numbers or accounts to be accessed by a single UICC. This is seldom seen, though there is at least one "12-in-1" SIM card being advertised at present.

Early versions of the UICC used full-size smart cards (85mm x 54mm x 0.76mm). The card has since been shrunk to the standard size of 25mm x 15mm x 0.76mm.


Although UICC cards traditionally held just 16 to 64KB of memory, the recent trend has been to produce SIM cards with larger storage capacities, ranging from 512MB up to M-Systems' 1GB SIM Card slated for release in late 2006.

ICCID

Each SIM is internationally identified by its ICC-ID (Integrated Circuit Card ID). ICC-IDs are stored in the SIM card and can also be engraved or printed on the SIM card’s body during a process called personalization. The number is up to 18 digits long with an addition of a single “check digit” that is used for error detection. This single digit allows us to detect an input error of digits, mistyped digits or a permutation of two successive digits. This digit was calculated using the Luhn algorithm. A typical SIM (19 digits) example 89 91 10 1200 00 320451 0, provide several details as follows:

  • The first two digits (89 in the example) refers to the Telecom Id.
  • The next two digits (91 in the example) refers to the country code (91-India).
  • The next two digits (10 in the example) refers to the network code.
  • The next four digits (1200 in the example) refers to the month and year of manufacturing.
  • The next two digits (00 in the example) refers to the switch configuration code.
  • The next six digits (320451 in the example) refers to the SIM number.
  • The last digit which is separated from the rest is called the “check digit”.

These digits can be further grouped for additional information:

  • The first 3 to 4 digits represents the Mobile Country Code (MCC)
    • (Some cards only have 3 digits to represent the Telecom ID and country code.)
  • The next 2 digits represent the Mobile Network Code (MNC, AKA the mobile operator)
  • The next 12 digits is the number represent the Home Location Register
  • And mentioned above, the “check digit”

Location Area Identity

Operation networks for cell phone devices are divided into area locations called Location Areas. Each location is identified with its own unique identification number creating the LAI (Location Area Identity). A phone will store this number on its SIM card so it knows what location it’s in and to be able to receive service. If a phone were to change to a new Location Area, it stores the new LAI in the SIM card, adding to a list of all the previous LAIs it has been in. This way if a phone is powered down, when it boots back up, it can search its list of LAIs it has stored until it finds the one its in and can start to receive service again. This is much quicker than scanning the whole list of frequencies that a telephone can have access on. This is a real plus for forensic investigators because when a SIM card is reviewed, they can get a general idea of where the SIM card has been geographically. In turn this tells them where the phone has been and can then relate back to where the individual who owns the phone has been.

SIM Security

Information inside the UICC can be protected with a PIN and a PUK.

A PIN locks the SIM card until correct code is entered. Each phone network sets the PIN of SIM to a standard default number (this can be changed via handset). If PIN protection is enabled, the PIN will need to be entered each time phone is switched on. If the PIN is entered incorrectly 3 times in a row, the SIM card will be blocked requiring a PUK from the network/service provider.

A PUK is needed if the PIN is entered incorrectly 3 times and the SIM is blocked (phone is unable to make and receive calls/texts). The PUK can be received from the network provider, or possibly the GSM cell phone manual. Caution: if PUK is entered 10 times incorrectly, the SIM card is permanently disabled and must be exchanged.

SIM Forensics

The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.

In general, some of this data can help an investigator determine:

  • Phone numbers of calls made/received
  • Contacts
  • SMS details (time/date, recipient, etc.)
  • SMS text (the message itself)

There are many software solutions that can help the examiner to acquire the information from the SIM card. Several products include 3GForensics SIMIS [1], Inside Out's SIMCon, or SIM Content Controller, and Paraben Forensics' SIM Card Seizure.

The SIM file system is hierarchical in nature consisting of 3 parts:

  • Master File (MF) - root of the file system that contains

DF’s and EF’s

  • Dedicated File (DF)
  • Elementary Files (EF)


Data Acquisition

These software titles can extract such technical data from the SIM card as:

  • International Mobile Subscriber Identity (IMSI): A unique identifying number that identifies the phone/subscription to the GSM network
  • Mobile Country Code (MCC): A three-digit code that represents the SIM card's country of origin
  • Mobile Network Code (MNC): A two-digit code that represents the SIM card's home network
  • Mobile Subscriber Identification Number (MSIN): A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
  • Mobile Subscriber International ISDN Number (MSISDN): A number that identifies the phone number used by the headset
  • Abbreviated Dialing Numbers (ADN): Telephone numbers stored in sims memory
  • Last Dialed Numbers (LDN)
  • Short Message Service (SMS): Text Messages
  • Public Land Mobile Network (PLMN) selector
  • Forbidden PLMNs
  • Location Information (LOCI)
  • General Packet Radio Service (GPRS) location
  • Integrated Circuit Card Identifier (ICCID)
  • Service Provider Name (SPN)
  • Phase Identification
  • SIM Service Table (SST)
  • Language Preference (LP)
  • Card Holder Verification (CHV1) and (CHV2)
  • Broadcast Control Channels (BCCH)
  • Ciphering Key (Kc)
  • Ciphering Key Sequence Number
  • Emergency Call Code
  • Fixed Dialing Numbers (FDN)
  • Forbidden PLMNs
  • Local Area Identitity (LAI)
  • Own Dialing Number
  • Temporary Mobile Subscriber Identity (TMSI)
  • Routing Area Identifier (RIA) netowrk code
  • Service Dialing Numbers (SDNs)
  • Service Provider Name
  • Depersonalizatoin Keys

This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.

USIM-Universal Subscriber Identity Module

A Universal Subscriber Identity Module is an application for UMTS mobile telephony running on a UICC smart card which is inserted in a 3G mobile phone. There is a common misconception to call the UICC card itself a USIM, but the USIM is merely a logical entity on the physical card.

It stores user subscriber information, authentication information and provides storage space for text messages and phone book contacts. The phone book on a UICC has been greatly enhanced.

For authentication purposes, the USIM stores a long-term preshared secret key K, which is shared with the Authentication Center (AuC) in the network. The USIM also verifies a sequence number that must be within a range using a window mechanism to avoid replay attacks, and is in charge of generating the session keys CK and IK to be used in the confidentiality and integrity algorithms of the KASUMI block cipher in Universal Mobile Telecommunications System (UMTS).

In Mobile Financial Services, USIM seems to be a mandetory Security Element for user authentication, authorization and stored credentials. With the integration of NFC Handset and USIM, users will be able to make proximity payments where the NFS handset enables contactless payment and USIM enables independent security element. This is the evolution of the SIM for 3G devices. It can allow for multiple phone numbers to be assigned to the USIM, thus giving more than one phone number to a device.

Service Provider Data

Some additional information the service provider might store:


Service Providers that use SIM Cards in the United States

  • T-Mobile
  • Cingular/AT&T

Sim Card Text Encoding

Originally the middle-European GSM network used only a 7-bit code derived from the basic ASCII code. However as GSM spread worldwide it was concluded that more characters, such as the major characters of all living languages, should be able to be represented on GSM phones. Thus, there was a movement towards a 16-bit code known as UCS-2 which is now the standard in GSM text encoding. This change in encoding can make it more difficult to accurately obtain data form SIM cards of the older generation which use the 7-bit encoding. This encoding is used to compress the hexadecimal size of certain elements of the SIMs data, particularly in SMS and Abbreviated Dialing Numbers.

Authentication Key (Ki)

The authentication key or Ki is a 128 bit key used in the authentication and cipher key generation process. In a nutshell, the key is used to authenticate the SIM on the GSM network. Each SIM contains this key which is assigned to it by the operator during the personalization process. The SIM card is specially designed so the Ki can't be compromised using a smart-card interface. However, flaws in the GSM cryptography have been discovered that do allow the extraction of the Ki from the SIM card, and essentially SIM card duplication.

See also

References