An example on how to personalize a Smartjac SMAOT Multipurpose card (USIM / ISIM / CSIM) with Milenage algorithm support, with Ki and OPc value, using Gemalto Card Admin.
This lesson applies to our multi application UICC cards SMAOT100100 and SMAOT100200.
Card ATR (Answer To Reset) : 3B9F96801FC78031E073FE211B640750120082900084
Default codes:
GPIN: 1234
LPIN: 5678
ADM1: 11111111
PUK: 12345678
Software used is Gemalto Card Admin version 2.8. Please make sure you use this version if you need to work with CSIM or ISIM files. Contact our support if you need help to upgrade.
Start Card Admin and put the USIM card in the smart card reader
Selecting correct Card Type first time you insert the card in the card reader
1. Select your card
2. Select Card Type "3G/GSM/CDMA OP Card"
3. Click "Apply"
Select Mode
Leave as is and click "Select"
The software will now scan files in a range defined in Tools/Options/3G Scan Configuration. However this scan is not enough in order to see all DF's and EF's on our card so we will need to scan the card again.
Scan card
Right-click on 3F00 - MF and select "Scan 3G"
Click "Yes" on the popup window warning.
Scan result
You will now see more files and directories. As you can see the ISIM application directory is now visible. You should also see files 6FFC and 6FFD under ADF USIM application directory. These are the files where the authentication keys are kept. The Key Ki is put in 6FFC and the OPc is put in file 6FFD. in case you want to read and/or update the content of the files, you will need to change the access rights in file 6F06, in this case the records 10 and 11. (the column SE01 in Card Admin shows what security record the files uses)
Checking EF's security record number SE01
So in this screenshot 10 means that you will have to go to tab / record 10 in file 6F06 that keeps Access Rules for the files.
Verify ADMIN code
APDU Exchange window: Use this window to send any of the APDU commands handled by the card in byte code.
Click on the ikon for APDU exchange [A] and then verify the Admin code as shown on the screen-shot. Click "Exchange" and you should get SW1=90 SW2=00 as a confirmation that the verification was succesful.
First time:
Create a macro file and add APDU macros to it:
-
Click File and select New to create a new macro file.
-
Specify the name and location of the macro file (with a .amf file extension) and click Save to create a new file.
-
Enter a description of the macro in the Macro Name box.
-
Enter the APDU command in the fields as in screenshot
-
Click Exchange to send the APDU command to the card.
-
Click Add to add the macro to the file.
Verify GPIN
Verify GPIN1 by right-clicking on AFD USIM, select "Secret codes...", select GPIN1 in secret code management window, enter 1234 (default for SMAOT cards. If you have a pre-personalized card from us, then GPIN1 is probably disabled). Click on "Verify".
Edit ARR [Access Rule Reference] file
1. Open ARR [Access Rule Reference] file by double-clicking on file 6F06.
2. Go to record 10 (tab 10) and change Read to ALWAYS, then click "Check and Modify"
3. Go to record 11 and change Read to ALWAYS and Update to ALWAYS, click "Check and Modify"
4. Click on "Update"
Note: on our standard 3G Milenage SMAOT cards, records 16 and 17 are the records to be changed.
You may change these records back to original settings after editing the files 6FFC and 6FFD if you need to keep these files secured.
Entering a new Ki and OPc
In this example we will update the Ki to 00112233445566778899AABBCCDDEEFF and OPc to 0ED47545168EAFE2C39C075829A7B61F (based on OP being 01020304050607080910111213141516. OPc is calculated as OPc=AES128(Ki,OP) XOR OP. In SMAOT cards you will need to calculate a CRC value and add it to the end of the Ki and OPc value. If you have a CRC calculator or a tool to calculate CRC values then use CRC-CCITT (XModem) 16 bit calculations with CRC polynom 1021. In our case we will use online tools to calculate this.
Calculating CRC value for Ki
Go to http://depa.usst.edu.cn/chenjq/www2/software/crc/CRC_Javascript/CRCcalculation.htm and click button CCITT-16 and enter the Ki value. The checksum in our case is 1248
Calculating CRC value for OPc
The CRC value / checksum for OPc is 0355
Another site to calculate CRC is: http://www.lammertbies.nl/comm/info/crc-calculation.html
Fill Ki value + checksum in file 6FFC
Fill in value and click "Update"
Fill OPc value + checksum in file
Fill in the OPc value + checksum after the first byte "01". Click "Update"
Do Authentication
Right-click USIM - ADF USIM and select "Authenticate..." to check that your values was correctly set and your checksum values are correct.
Authentication
Choose algorithm and fill in your key (and OPc value if you chose Milenage, this time without checksums) and click "Authenticate" to verify your values.
Tip! If you don't want to calculate the OPc value from the OP value...
...or you don't have the tools to do so, then you can actually use the OP value in file 6FFD. Change the first byte to "00" and enter the OP value after that. You still have to calculate the CRC checksum. In this case it is 47 85.
Note!
Don't forget to edit IMSI and ACC. Both most have values (ACC must be different from 00 00) in order for the card to succesfully register on the network.