www.konca.com banner
您的位置: 首页 -> 手机&6688 -> kvSIM相关内容专题
kvSIM相关内容专题
About kvSIM
by Konca Fung, 2004年12月26日
 

  本人不打算再更新kvSIM(我发布的最高版本是 kvSIM 0.11 alpha),所以在本文中公布kvSIM的源代码和就相关的文档、知识作一个整理,希望对有兴趣的朋友有所帮助。

I will not improve the patch "kvSIM" any more (The last version I issued is "kvSIM 0.11 alpha), so I open the source code of kvSIM and place some document I collected here.

 
  kvSIM 0.11 alpha 源代码
kvSIM 0.11 alpha Source Code
GSM网络登录步骤
GSM Network Login Step
SIM卡通信接口
SIM card interface
其它
Others
 
kvSIM 0.11 alpha 源代码
kvSIM 0.11 alpha Source Code
 

你必须遵守以下条款才能使用该源代码:

  1. 不应用于商业目的;
  2. 对该补丁进行完善或移植到其他手机机型时,保留补丁名字为kvSIM,且在发布时至少保留如下的原作者信息:
  • 原作者: Konca Fung
  • 原作者主页: www.konca.com
 

You can use the source code only under the license following:

  1. Without commercial purpose.
  2. Do not change the name of this patch out of "kvSIM", include the origin author information following when improving or migrating this patch to other mobile model:
  • Origin Author: Konca Fung
  • Origin Author Homepage: www.konca.com
  kvsim_slck_011_src.rar (105KB)
编译环境:Tasking C166
  kvsim_slik_011_src.rar (105KB)
Compile Env: Tasking C166
 
GSM网络登录步骤
GSM Network Login Step
 

1. 手机开机后会从SIM卡中读取IMSI(15个数字)和TMSI(4字节);
2. 手机登录网络时,将会IMSI或TMSI发给网络;
3. 网络判断到该IMSI或TMSI有效,要生成一个128bit的RAND,然后发给手机;
4. 手机收到RAND后,将RAND发给SIM卡;
5. SIM以里面的KI为密钥对RAND进行A3A8运算,生成(SRES+Kc);
6. 手机读取(SRES+Kc)(32bit+64bit),并将SRES发给网络;
7. 网络自己进行一次A3A8运算,如果结果与手机返回的SRES相同,则认为该用户合法。

1. The mobile will read IMSI(15 digits)and TMSI(4 bytes) from SIM card when it started up.
2. When mobile start to login GSM network, it send IMSI or TMSI to GSM network.
3. When IMSI or TMSI is valid, the network will generate a "RAND" (128 bit) and send it to mobile.
4. Mobile send the received "RAND" to SIM card.
5. SIM card do a A3A8 algorithm calculation on the "RAND" with "KI" in it. And the result is (SRES+KC).
6. The mobile read (SRES+Kc)(32bit+64bit), and send the SRES to GSM network.
7. The GSM network do a A3A8 algorithm calculation itself, and if the result and the received SRES is the same, the network will accept the user's login.

 
SIM卡通信接口
SIM card interface
     手机以APDU(Application Protocol Data Unit)的数据格式与SIM卡进行通信,格式是:
  [A0 INS P1 P2 P3 dd dd dd ...]
A0是固定的,INS是指令,P1,P2,P3是参数,P3一般用于指定后面所跟的数据的长度。
  如A3A8的运算的APDU格式命令是:
[A0 88 00 00 10 xx xx xx .... xx ] (xxxx表示16字节的RAND)。
  详情请见 Also see
GSM Technical Specification 11.11

The mobile communicate with SIM card in the data format of "APDU"(Application Protocol Data Unit):

[A0 INS P1 P2 P3 dd dd dd ...]. The A0 is fixed, INS for instruction, P1, P2, P3 for parameters.

 


  6688i的系统中有个叫CHIPKARTE_PL的任务,负责向SIM发命令和处理命令的返回。
  kvSIM的原理就是在Send Cmd处记录数据,并在Recv Rsp处按需要对数据进行修改。

There is a task named "CHIPKARTE_PL" in the OS of SL45i. And its duty is Sending to or Recieving instruction from SIM card.

kvSIM will record the data at "Send Cmd" step and change the result at "Recv Rsp" step accordingly.

 
其它
Others
  GSM smart card emulator 33.5K

一个DOS下的GSM SIM卡模拟器,有源代码。
A GSM SIM card emulator run on DOS (with source code).

  ISO7816 58.2K 智卡(SIM卡)规范
Smart Card (SIM Card) specification