This lesson applies to our multi application UICC cards SMAOT100NFC.
Card ATR (Answer To Reset) : 3B9F96803FC7008031E073FE211B6408050300829000EF
Software used is Gemalto Card Admin version 2.8. Please make sure you use this version if you need to work with CSIM or ISIM files. Contact our support if you need help to upgrade.
Leave as is and click "Select"
The software will now scan files in a range defined in Tools/Options/3G Scan Configuration. However this scan is not enough in order to see all DF's and EF's on our card so we will need to scan the card again.
Right-click on 3F00 - MF and select "Scan 3G"
Click "Yes" on the popup window warning.
You will now see more files and directories. As you can see the ISIM application directory is now visible. You should also see files 6FFC and 6FFD under ADF USIM application directory. These are the files where the authentication keys are kept. The Key Ki is put in 6FFC and the OPc is put in file 6FFD. in case you want to read and/or update the content of the files, you will need to change the access rights in file 6F06, in this case the records 10 and 11 (can be 13 and 14 also). (the column SE01 in Card Admin shows what security record the files uses)
So in this screenshot 10 means that you will have to go to tab / record 10 in file 6F06 that keeps Access Rules for the files.
APDU Exchange window: Use this window to send any of the APDU commands handled by the card in byte code.
Click on the ikon for APDU exchange [A] and then verify the Admin code as shown on the screen-shot. Click "Exchange" and you should get SW1=90 SW2=00 as a confirmation that the verification was succesful.
Create a macro file and add APDU macros to it:
Click File and select New to create a new macro file.
Specify the name and location of the macro file (with a .amf file extension) and click Save to create a new file.
Enter a description of the macro in the Macro Name box.
Enter the APDU command in the fields as in screenshot
Click Exchange to send the APDU command to the card.
Click Add to add the macro to the file.
1. Open ARR [Access Rule Reference] file by double-clicking on file 6F06.
2. Go to record 10 (tab 10 (or 13)) and change Read to ALWAYS, then click "Check and Modify"
3. Go to record 11 (or 14) and change Read to ALWAYS and Update to ALWAYS, click "Check and Modify"
4. Click on "Update"
You may change these records back to original settings after editing the files 6FFC and 6FFD if you need to keep these files secured.
In this example we will update the Ki to 77777777777777777777777777777777 and OPc to DB46EEF88A1A4F3BB05B1AD880DA07F2. With SMAOT100NFC cards you will need to calculate a CRC value and add it to the end of the Ki and OPc value. If you have a CRC calculator or a tool to calculate CRC values then use CRC-CCITT (0xFFFF) 16 bit calculations with CRC polynom 1021. In our case we will use online tools to calculate this.
Go to http://www.lammertbies.nl/comm/info/crc-calculation.html and click button "Hex" and enter the Ki value and click "Calculate CRC". The checksum in our case is CA39.
The CRC value / checksum for OPc is B8FD
Fill in value and click "Update"
Fill in the OPc value + checksum after the first byte "01". Click "Update"
Choose algorithm and fill in your key (and OPc value if you chose Milenage, this time without checksums) and click "Authenticate" to verify your values.
...or you don't have the tools to do so, then you can actually use the OP value in file 6FFD. Change the first byte to "00" and enter the OP value after that. You still have to calculate the CRC checksum.
Don't forget to edit IMSI and ACC. Both most have values (ACC must be different from 00 00) in order for the card to succesfully register on the network.
Created : 2016-05-25 11:49:51, Last Modified : 2017-06-15 13:50:09