An example on how to personalize a Smartjac SMAOT Multipurpose card (USIM / ISIM / CSIM) with Milenage algorithm support, with Ki and OPc value, using Gemalto Card Admin.

This lesson applies to our multi application UICC cards SMAOT100100 and SMAOT100200.

Card ATR (Answer To Reset) : 3B9F96801FC78031E073FE211B640750120082900084

Default codes:
GPIN: 1234
LPIN: 5678
ADM1: 11111111
PUK: 12345678

Software used is Gemalto Card Admin version 2.8. Please make sure you use this version if you need to work with CSIM or ISIM files. Contact our support if you need help to upgrade.

Start Card Admin and put the USIM card in the smart card reader

Selecting correct Card Type first time you insert the card in the card reader

media 1357890661405

1. Select your card
2. Select Card Type "3G/GSM/CDMA OP Card"
3. Click "Apply"

Select Mode

media 1357891050905

Leave as is and click "Select"

The software will now scan files in a range defined in Tools/Options/3G Scan Configuration. However this scan is not enough in order to see all DF's and EF's on our card so we will need to scan the card again.

 

Scan card

media 1357891352467

Right-click on 3F00 - MF and select "Scan 3G"

Click "Yes" on the popup window warning.

 

Scan result

media 1357891631122

You will now see more files and directories. As you can see the ISIM application directory is now visible. You should also see files 6FFC and 6FFD under ADF USIM application directory. These are the files where the authentication keys are kept. The Key Ki is put in 6FFC and the OPc is put in file 6FFD. in case you want to read and/or update the content of the files, you will need to change the access rights in file 6F06, in this case the records 10 and 11. (the column SE01 in Card Admin shows what security record the files uses)

 

Checking EF's security record number SE01

media 1357892456932

So in this screenshot 10 means that you will have to go to tab / record 10 in file 6F06 that keeps Access Rules for the files.

 

Verify ADMIN code

media 1357894720487

APDU Exchange window: Use this window to send any of the APDU commands handled by the card in byte code.

Click on the ikon for APDU exchange [A] and then verify the Admin code as shown on the screen-shot. Click "Exchange" and you should get SW1=90 SW2=00 as a confirmation that the verification was succesful.

First time:

Create a macro file and add APDU macros to it:

  1. Click File and select New to create a new macro file.

  2. Specify the name and location of the macro file (with a .amf file extension) and click Save to create a new file.

  3. Enter a description of the macro in the Macro Name box.

  4. Enter the APDU command in the fields as in screenshot

  5. Click Exchange to send the APDU command to the card.

  6. Click Add to add the macro to the file.

 

Verify GPIN

media 1357895699726

Verify GPIN1 by right-clicking on AFD USIM, select "Secret codes...", select GPIN1 in secret code management window, enter 1234 (default for SMAOT cards. If you have a pre-personalized card from us, then GPIN1 is probably disabled). Click on "Verify".

 

Edit ARR [Access Rule Reference] file

media 1357895521657

1. Open ARR [Access Rule Reference] file by double-clicking on file 6F06.
2. Go to record 10 (tab 10) and change Read to ALWAYS, then click "Check and Modify"
3. Go to record 11 and change Read to ALWAYS and Update to ALWAYS, click "Check and Modify"
4. Click on "Update"

Note: on our standard 3G Milenage SMAOT cards, records 16 and 17 are the records to be changed.

You may change these records back to original settings after editing the files 6FFC and 6FFD if you need to keep these files secured.

 

Entering a new Ki and OPc

In this example we will update the Ki to 00112233445566778899AABBCCDDEEFF and OPc to 0ED47545168EAFE2C39C075829A7B61F (based on OP being 01020304050607080910111213141516. OPc is calculated as OPc=AES128(Ki,OP) XOR OP. In SMAOT cards you will need to calculate a CRC value and add it to the end of the Ki and OPc value. If you have a CRC calculator or a tool to calculate CRC values then use CRC-CCITT (XModem) 16 bit calculations with CRC polynom 1021. In our case we will use online tools to calculate this.

Calculating CRC value for Ki

putting ki7

Go to http://depa.usst.edu.cn/chenjq/www2/software/crc/CRC_Javascript/CRCcalculation.htm and click button CCITT-16 and enter the Ki value. The checksum in our case is 1248

Calculating CRC value for OPc

putting ki8

The CRC value / checksum for OPc is 0355

Another site to calculate CRC is: http://www.lammertbies.nl/comm/info/crc-calculation.html

Fill Ki value + checksum in file 6FFC

putting ki9

Fill in value and click "Update"

Fill OPc value + checksum in file

putting ki10

Fill in the OPc value + checksum after the first byte "01". Click "Update"

Do Authentication

putting ki11

Right-click USIM - ADF USIM and select "Authenticate..." to check that your values was correctly set and your checksum values are correct.

Authentication

putting ki12

Choose algorithm and fill in your key (and OPc value if you chose Milenage, this time without checksums) and click "Authenticate" to verify your values.

Tip! If you don't want to calculate the OPc value from the OP value...

putting ki13

...or you don't have the tools to do so, then you can actually use the OP value in file 6FFD. Change the first byte to "00" and enter the OP value after that. You still have to calculate the CRC checksum. In this case it is 47 85.

Note!

Don't forget to edit IMSI and ACC. Both most have values (ACC must be different from 00 00) in order for the card to succesfully register on the network.

 

Keyword Search

Newsletter signup

Subscribe to our mailing list
* indicates required
By subscribing you accept our
 
 
 

This Site

Webstore menu