An example on how to personalize a Smartjac SMAOT 3G card with Milenage algorithm support, with Ki and OPc value, using Gemalto Card Admin.

Start Card Admin and put the USIM card in the smart card reader

putting ki1

Choose Generic UICC applet and click Select. Make sure the Card Type is correct! Note that for our Multi-application cards (USIM/ISIM/CSIM) the card should be recognized as  3G/GSM/CDMA Card. 

If it's the first time you use the card with Card Admin, you may have to select the card type. Please look a this article on how to do it.

 

Open tree and scan 3G

putting ki2

Right-click on 3F00 - MF and select "Scan 3G"

Activate ADF-USIM

putting ki3

Right-click USIM - ADF USIM and choose "Activation"

Ki and OP/OPc files

putting ki4

Scroll down and you will find file 6FFC and file 6FFD. The Key Ki is put in 6FFC and the OPc is put in file 6FFD. in case you want to read the content of the files, you will need to change the access rights in file 6F06, in this case the  records 16 and 17. (the column SE01 in Card Admin shows what security record the files uses)

 

Verifying Adm1 code

putting ki5

Click on the ikon for APDU exchange and then verify the Admin code as shown on the screen-shot. Click "Exchange" and you should get SW1=90 SW2=00 as a confirmation that the verification was succesful.

 

Change Access Rights

putting ki6

Open file 6F06. Go to tab 16 and 17, change Read/DeleteChild from "NEVER" to "ALWAYS" by editing the field and clicking "Check and Modify", Also change "Update/Create EF" in tab 17 to ALWAYS. Click "Update" when all changes are done. Tthe security record depends on the card. Please check what records the files in your card specifically uses).

 

Entering a new Ki and OPc

In this example we will update the Ki to 00112233445566778899AABBCCDDEEFF and OPc to 0ED47545168EAFE2C39C075829A7B61F (based on OP being 01020304050607080910111213141516. OPc is calculated as OPc=AES128(Ki,OP) XOR OP. In SMAOT cards you will need to calculate a CRC value and add it to the end of the Ki and OPc value. If you have a CRC calculator or a tool to calculate CRC values then use CRC-CCITT (XModem) 16 bit calculations with CRC polynom 1021. In our case we will use online tools to calculate this.

Calculating CRC value for Ki

putting ki7

Go to http://depa.usst.edu.cn/chenjq/www2/software/crc/CRC_Javascript/CRCcalculation.htm and click button CCITT-16 and enter the Ki value. The checksum in our case is 1248

Calculating CRC value for OPc

putting ki8

The CRC value / checksum for OPc is 0355

Another site to calculate CRC is: http://www.lammertbies.nl/comm/info/crc-calculation.html

Fill Ki value + checksum in file 6FFC

putting ki9

Fill in value and click "Update"

Fill OPc value + checksum in file

putting ki10

Fill in the OPc value + checksum after the first byte "01". Click "Update"

Do Authentication

putting ki11

 

 

Right-click USIM - ADF USIM and select "Authenticate..." to check that your values was correctly set and your checksum values are correct.

 

Authentication

putting ki12

Choose algorithm Milenage and fill in your key and OPc value (this time without checksums) and click "Authenticate" to verify your values.

Tip! If you don't want to calculate the OPc value from the OP value...

putting ki13

...or you don't have the tools to do so, then you can actually use the OP value in file 6FFD. Change the first byte to "00" and enter the OP value after that. You still have to calculate the CRC checksum. In this case it is 47 85.

 

Note!

Don't forget to edit IMSI and ACC. Both most have values (ACC must be different from 00 00) in order for the card to succesfully register on the network.