Menu
▾
▴
Programming you own USIM card
Before you can connect to your own LTE network, you need the following things:
- Programmable USIM card with Milenage support (XOR is not supported at the moment)
- A PCSC compatible smart card reader/programmer with APDU support
- PySIM
You cannot use any operator's issued SIM cards, because you need to know the Ki key, and there is no way to retrieve this key 99.9% of the time, because it is only known by the operator itself. Because the LTE standard requires mutual authentication of both the MS and the network, it is not possible to create "open" networks neither. The only way is to have your own programmable SIM and program it for yourself.
Note that programmable SIMs which only supports GSM, are also not going to work.
Get the SIM card
This is probably the hardest question. Big SIM card manufacturers like Gemalto are not handling orders like a few pieces. A lot of companies are selling test USIMs, but these are quite expensive and their support with the SIM programmer software is a question. The following list contains tested USIM card suppliers that works with OpenLTE:
- Sysmocom's sysmoUSIM-GR1 SIM card (not manufactured anymore):
http://shop.sysmocom.de/products/sysmousim-gr1
Note: PySIM supported
- SysmoUSIM-SJS1 SIM + USIM Card (10-pack):
http://shop.sysmocom.de/products/sysmousim-sjs1
Note: Support of this card added to PySIM master branch at 2015-08-20.
- Milenage capable test USIM (Ebay):
Note: No PySIM support, but the seller is willing to preprogram the cards, ask for it!
Important: in order to be able to test OpenLTE, you need USIM cards that you know the OPC and K key. In the above list, the second and third option not necessarily means you will get this information, so please make sure to ask the seller to preprogram the cards, and send this information to you.
Get the SIM programmer
You need a SIM card programmer which is compatible with the PCSC application on Linux. To have a more or less complete list of the compatible devices, please visit this page:
http://pcsclite.alioth.debian.org/ccid/supported.html
Don't forget that you need a programmer with APDU support. Personally I use SCM Microsystems Inc. SCR 3310, you can find it and many of the above list on Ebay.
Get the software (PySIM, PCSCd, Pyscard)
First install dependencies:
sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev
Connect your SIM card reader, plug thhe programmable SIM card in, and check connectivity by running the following command:
sudo pcsc_scan
If your reader and card got recognised, you will see something similar:
PC/SC device scanner
V 1.4.22 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.10
Using reader plug'n play mechanism
Scanning present readers...
0: OMNIKEY AG CardMan 3121 01 00
Wed Dec 24 14:56:32 2014
Reader 0: OMNIKEY AG CardMan 3121 01 00
Card state: Card inserted,
ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2
ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2
+ TS = 3B --> Direct Convention
+ T0 = 9F, Y(1): 1001, K: 15 (historical bytes)
TA(1) = 95 --> Fi=512, Di=16, 32 cycles/ETU
125000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 156250 bits/s
TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
TD(2) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
TA(3) = C7 --> Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ Historical bytes: 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00
Category indicator byte: 80 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: E0
- Application selection: by full DF name
- Application selection: by partial DF name
- BER-TLV data objects available in EF.DIR
- EF.DIR and EF.ATR access services: by GET RECORD(s) command
- Card with MF
Tag: 7, len: 3 (card capabilities)
Selection methods: FE
- DF selection by full DF name
- DF selection by partial DF name
- DF selection by path
- DF selection by file identifier
- Implicit DF selection
- Short EF identifier supported
- Record number supported
Data coding byte: 21
- Behaviour of write functions: proprietary
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
Command chaining, length fields and logical channels: 13
- Logical channel number assignment: by the card
- Maximum number of logical channels: 4
Tag: 5, len: 7 (card issuer's data)
Card issuer data: 12 29 11 02 01 00 00
+ TCK = C2 (correct checksum)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 9F 95 80 1F C7 80 31 E0 73 FE 21 13 57 12 29 11 02 01 00 00 C2
sysmocom sysmoUSIM-GR1
http://sysmocom.de/
Hit Ctrl+C to exit pcsc_scan.
Pyscard
Now you need to download and install Pyscard:
http://pyscard.sourceforge.net/
Download and extract the latest Pyscard version:
https://sourceforge.net/projects/pyscard/files/pyscard/
Go to the extracted Pyscard folder (where the setup.py file is located) and run the following command:
sudo /usr/bin/python setup.py build_ext install
PySIM
Now get the code of PySIM:
git clone git://git.osmocom.org/pysim pysim
cd pysim
and run the /pySim-read.py to read your card:
./pySim-read.py
if you done everything allright, you will see something similar:
Reading ...
ICCID: 8901901550000123456
IMSI: 901550000123456
SMSP: fffffffffffffffffffffffffdffffffffffffffffffffffff069186770700f9ffffffffffffffff
ACC: ffff
MSISDN: Not available
Done !
Sometimes it is necessary to give the program the number of the card programmer:
./pySim-read.py -p 0 or ./pySim-read.py -p 1
Now we are ready to program the USIM finally.
Important:
In order to program the SysmoUSIM-SJS1 (orange) USIM cards, you must use the "zecke/tmp" branch of Pysim. Please note that with the "zecke/tmp" branch you can program but cannot read the cards. If you want to read the cards you will need to swtich back to the "master" branch. If you are not using the "zecke/tmp" branch or you are not giving the ADM1 pin correctly, you can permanently damage your card!!!
To change branch to "zecke/tmp", use this command:
git checkout zecke/tmp
Example to program a Sysmo-USIM GR1 card:
Use the following command to program your USIM (use "-p 0" or "-p 1" at the end like previously):
./pySim-prog.py -t sysmoUSIM-GR1 -j 0 --op=63bfa50ee6523365ff14c1f45f88737d -p 1
You will see something similar:
Insert card now (or CTRL-C to cancel)
Generated card parameters :
> Name : Magic
> SMSP : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
> ICCID : 8901901550000123456
> MCC/MNC : 901/55
> IMSI : 901550000123456
> Ki : 98f7b38ac0d2887637e67d9fd1234567
> OPC : 49cd0845dd1b0d819a496e27a16c0916
> ACC : None
Programming ...
Done !
Example to program a SysmoUSIM-SJS1 (orange) card:
./pySim-prog.py -p 0 -x 101 -y 02 -t sysmoUSIM-SJS1 -i 101020000000003 -s 8988211000000012345 --op=11111111111111111111111111111111 -k 8BAF473F2F8FD09487CCCBD7097C6862 -a 53770832
Insert card now (or CTRL-C to cancel)
Generated card parameters :
> Name : Magic
> SMSP : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
> ICCID : 8988211000000012345
> MCC/MNC : 101/2
> IMSI : 101020000000003
> Ki : 8BAF473F2F8FD09487CCCBD7097C6862
> OPC : 8e27b6af0e692e750f32667a3b14605d
> ACC : None
Programming ...
Done !
Where -a is the part where you need to give the ADM1 for this specific SIM card. Again, if you are not using the "zecke/tmp" branch or not giving the proper ADM1 pin when you try to program the Sysmo-USIm S1J1 (orange) SIMs, you will likely end up with a permamnently damaged card!
You are ready with programming you own SIM card. Record the Ki value as you will need it in the next step:
