J2ME - SIM

[sunil_talent]

Hi All,
IN J2ME Using JSR 177 or any API , Is it possible to access

1. IMSI
2. ICCID
3. MSISDN

[JacksonZih]

Hi sunil,
Take a look at this very up to date answer:
http://discussion.forum.nokia.com/fo...d.php?t=103064

I think JSR-177 is just a way to protect sensitive that the data user sets. Will be used for generating digital signatures and handle cryptography, etc.

[hartti]

If APDU package of the SATSA API is supported on the device it is remotely possible. There are a number of problems however
In general, APDU requires signing. For (U)SAT APDU commands you need operator signing. Also the command APDUs have to be "whitelisted" on the SIM card.
And MSISDN might not be on the card anyway (that is operator dependent).

In summary, you need to have good relations with the operator and a specially prepared SIM card.

So technically the answer is no.

Hartti

[havholj]

Hi

I'm also facing the same problem in my master thesis. I need to get the IMSI from a GSM SIM using SATSA. I'm cooperating with a major telecom operator and will soon get the necessary certificate, to be able to run my MIDlet on a SATSA-APDU enabled device.

As far as I know, you (hartti) are the only person I know who actually has been able to communicate with the SIM throught SATSA. What have you achieved?
- Have you been able to verify CHV by exchanging regular APDUs?
- Have you tried some other GSM security functions like retrieving IMSI or GSM algorithms computation according to GSM 11.11?

So far I've just been simulating the SIM by using the cref-simulator in Java card kit, since I don't have the proper certificate yet.. But when we get the certificate we will buy one of the S40 Nokia phones mentioned in you blog
http://blogs.forum.nokia.com/view_entry.html?id=225, and try! Hopefully it will work

Regards
Havard

[hartti]

First of all, there is quite a lot of access control to be solved when using APDU. If you plan to use SAT (SIM Application Toolkit) method you need to have your MIDlet signed to operator domain. For other APDU use the midlet needs to be signd to at least trusted 3rd party domain.
Additionally the SIM card has to specially prepared, for example all the command APDUs you want to use have to be listed on the Access control lists. For more detailed description of these requirements, see Appendix A of the SATSA specification.

Some time ago I tested quickly if I could access the IMSI number of the SIM card, but of course, as the SIM card was a normal SIM from an operator, and did not contain the list of acceptable APDUs, I was not able to access that information.

Hartti

[zakhooi]

Is there anyone who has been able to extract the IMSI and has example code and a cref eeprom image?

[hartti]

From the SIM card using APDU? Not possible, unless the SIM has been prepared to accept the required command APDUs for that specific applet on the SIM.

Hartti

[zakhooi]

Hartti, I understand the limitations and I was hoping someone did manage to get his hand on a prepared SIM. Surely someone has tested the features specified in JSR177 and did some tests.

[hartti]

From your question it looks like you ar elooking for some "generic" prepared SIM for APDU use. The issue is that the SIM has to be prepard for the specific purpose. The specific commands which are allowed to be sent to a specific applet on the SIM (which might also needed to be installed on the SIM)needs to be stored on the SIM Access Control Lists. SO if someone has a prepared SIm for his/her use, it likely will not work with your MIDlet as the command APDU and receiveing Applet are different.

Hartti

[zakhooi]

Yes that is exactly why I was also asking for the cref eeprom, so I could run this in for example WTK2.5.1, in that case both APDU and the receiving applet would be the same. I would really like to see a sample of this before trieng to obtain a prepaired SIM.

[GattusoMatrazzi]

Are you saying that there is no way for a java applet stored in a sim card to extract those information unless you have good relationship with the operator and unless the sim card is prepared?

[zakhooi]

We are not talking about a java applet stored in a sim card, were talking about a midlet running on the phone.

[shawty]

Unfortunately though, thats what it boils down to.

You have a caplet on the sim. This caplet responds to APDU data blocks sent from your J2ME midlet running in user space on the device.

The caplet then uses the facilities of the sim toolkit to issue AT calls etc, using the defined telecom STK APDU commands in an envelope.

From the caplet point of view, you only need to sign your own code, beacuse your asking the sim toolkit to do the rest, and that will be already signed by the operator.

As for talking to your own caplet from the midlet, then again you only need minimum signing to allow your own custom APDU conversation to take place.

Gem-Alto have a pretty good description in thier developer guidelines
http://developer.gemalto.com/fileadm...Guidelines.pdf

Cheers

Shawty