Knowledge Base - SMAOT UICC: (2G XOR) Quick Guide

Quick Guide on personalising Smartjac 2G SIM cards with XOR algorithm

Let's get started!

2G quickguide1
  1. Start Card ADMIN by choosing Start > Programs > Gemalto > CardAdmin>CardAdmin.
  2. Have a 2G card from Smartjac ready; Do not punch the SIM card out of the plastic card as it needs to be in CR80 format to be entered in smart card reader.

Insert your 2G card in the smart card reader

2G quickguide2

The first time the card is inserted in the card reader, Card Admin will not recognize the Card ID (the ATR signature from the card), so you'll need to select the ID and a correct predefined Card Type.

  1. Click on the pull-down menu and select the ATR
  2. Select "2G OP Card" from the Predefined Card Types
  3. Click on "Apply"

If you accidentally chose the wrong card type, please look a this article on how to change it.


Select Mode window

2G quickguide3

Leave defaults and Click "Select"


Verifying Secret Codes

2G quickguide4

CHV1: 1234
CHV2: 5678

In order to view and edit files on the SIM card you'll need to verify the secret codes. Best practice is to verify them all at once before you start browsing the card and open files. The secret codes for this particular card can be found here.

The CHV / PIN or ADM secret codes are often required to use a command on a file (for example, Read, Update). The secret code to be verified for a given command is specified as an access condition when the file is first created.

To verify a secret code:

  1. Click on the Secret Codes icon on the top menu bar / or right click on the Master File (MF)
  2. Select the code to be verified in the list box.
  3. Select to verify the code in Hex or ASCII.
  4. Check the Hide codes values box if you want to mask the code values as “*”. If you want the code values to show, leave this box unchecked.

Note: If you have checked this box, enter the value carefully as an incorrect value will decrement the ratification counter of the secret code.
6. Enter the code value in the Secret Codes box and click Verify. The result and the corresponding status words are displayed in the status bar below.

For all cards, if you specify an incorrect value for the secret code, the Counter (ratification counter (Counter assigned to each CHV and ADM code in the card. It records the number of consecutive times the code has been incorrectly entered. If the ratification counter reaches 0 after a pre-determined number of attempts (chosen when the secret code is first created), the secret code is "blocked". If the secret code is entered correctly before it is blocked, the ratification counter is reset to its initial value, otherwise it must be unblocked using the Unblock CHV command. The purpose of the ratification counter is to prevent exhaustive secret code attacks.)) is decremented. If the Counter reaches 0, the card is blocked. In this case, select the Unblock tab.


Verifying ADM code using APDU command

2G quickguide5

As these cards are non-gemalto cards, and as the commands to verify Admin codes are different between different suppliers of SIM cards, we'll need to verify ADM codes by sending a specific APDU command.

  1. Click on the "Exchange APDU..." button on the top-menu bar.

Verify ADM code on 2G card

2G quickguide6
  1. APDU commands can be saved in a Macro file. If necessary, create a new Macro file to store your APDU commands. This way you don't need to enter the APDU command manually everytime. After entering all APDU data you just add a new command to the file by entering a name and then click "Add".
  2. Enter APDU command A0200000 08 as showed in the screenshot above.
  3. Enter the Admin code 3131313131313131 in the Data in field.
  4. Click on the "Exchange" button

Make sure you got SW1=90 SW2=00 response from the exchange. (Success)

That's it. You have now succesfully verified the ADM code and you can proceed with editing files (EF's).


Personalisation sample - Editing some mandatory files

We will proceed by editing some of the files necessary to have a functional SIM card:

  1. Ki
  2. ACC
  3. IMSI

Putting the Authentication Key (Ki)

2G quickguide7

On the Smartjac 2G cards the authentication key is stored under MF / EF_220C

The Card Admin scans some predefined ranges and for that reason some files can not be seen unless you specifically select them.

  1. Click on 3F00 - MF - Master File
  2. Right-click on the right panel and select "Select..." on the pop-up menu
  3. Enter 220C in the File Identifier
  4. Click "Select"
  5. Close the Select window

Open the file that stores the Ki key: 220C

2G quickguide8
  1. Double-click on 220C to open it
  2. A warning appears that the file is non-readable because of Access rights settings on that file preventing you to read the data in the file. This is ok and is as it should be for security reasons. Click on OK button.

Setting the Ki

2G quickguide9

Enter the value of the Ki you want to use. The Ki is 16 bytes and the 2 last bytes are the CRC checksum.
How to calculate this checksum is explained in the Appendix here.

In the case of Ki being 000102030405060708090A0B0C0D0E0F the checksum is 513D

Click on "Update" button
Click on "Close" button



2G quickguide10

Each mobile belongs to one out of ten randomly allocated mobile populations, defined as Access Classes 0 to 9. Moreover, some mobiles may be members of one or more out of 5 special categories (Access Classes 11 to 15). Both these access classes are stored in the SIM.
If the mobile belongs to at least one access class allowed by the network, it can make calls. Otherwise all access attempts will be barred. So you need to set a value in this file. If you don't know, just set 00 01 (Normal priority level 0 allocated)
6F 78h, Access Control Class, is a transparent file containing the mobile’s random access class and possibly a special access class.

  1. Select the DF: 7F20 - GSM - GSM directory and on the panel to the right you will find the EF_6F78 file holding the ACC value.
  2. Double click on ACC
  3. Select first line (0)
  4. Click on "Allocated"
  5. Click on "Update" button
  6. Click on "Close" button


2G quickguide11
  1. Select the DF: 7F20 - GSM - GSM directory and on the panel to the right you will find the EF_6F07 file holding the IMSI value.
  2. Double click on IMSI
  3. If the SIM card is "non-personalized" (i.e. only have some default or empty values) , you will get an "Incorrect data read" error. This is OK. Just click "OK" button.

Enter IMSI data

2G quickguide12

Enter MCC, MNC and Subscriber number and click "Update" button.

Click "Close" button




Created : 2016-06-22 16:31:03, Last Modified : 2017-06-15 13:49:36

User Comments

Keyword Search

Newsletter signup

Subscribe to our mailing list
* indicates required
By subscribing you accept our


Below you'll find our PGP public key. Use it to exchange encrypted messages with us.

Version: PGP Universal 3.4.2 (Build 502)



This Site

Webstore menu