Idea Transcript
CellularPrivacy / Android-IMSI-Catcher-Detector
Dismiss
Join GitHub today GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together. Sign up
SIM card File System Access #96 Open
New issue
E3V3A opened this issue Aug 2, 2014 · 56 comments
E3V3A commented Aug 2, 2014
Contributor
Assignees No one assigned
We need to be able to access the SIM card filesystem in order to work some magic while collecting relevant and necessary network /> ...
and some more...to select AID.
scintill commented Dec 21, 2014
Contributor
I have a solution with ddi injecting into the com.android.phone process, code here (the repository is now mis-named, as the active code doesn't use SEEK.) It's been tested on 3-5 phones. As I recall, on one it silently fails injecting (logs show part of the process working, then no further logs and the SIM file reading doesn't work; I was stumped by this several weeks ago and haven't looked at it again.) I also have a report (and maybe seen for myself a time or two) that it doesn't work for the first time, but does if the test activity is re-launched. This may just be a timing issue, of not waiting long enough between injecting and trying to call the new service. I am thinking I will have the injected code signal back to the application when it's ready, which could help. In theory it could work on all pre-Lollipop devices (I assume ART breaks ddi) with root, but may need adjustment on some versions, or for vendors that change the telephony code (such as Mediatek, which is accounted for in the current code.) So, we've got something working, but it needs more polishing, and I haven't really had the time or insight to do it yet. If we get AT commands working robustly on most devices, we might implement SIM file reading on top of that instead. The code is structured to be adaptable to different methods of SIM I/O.
E3V3A commented Dec 21, 2014
Contributor
Joey, Was that on my phone? Did you try it on other Samsungs? (Which?) If we get AT commands working robustly on most devices, we might implement SIM file reading on top of that instead. The code is structured to be adaptable to different methods of SIM I/O. We will use both (and more). We'll have to use whatever is available on the device AIMSICD is running on, and for whatever stuff we want to look at.
thomascannon commented Dec 22, 2014 I currently do not have anything technical to add yet beyond the great work and opinions expressed here. But wanted to add some other thoughts. It is hard now to access the SIM directly, and will surely get harder. The SIM is sometimes used as a secure element for things like 2FA precisely because it is hard for malware to access it, so it is in the user's interest for Google to protect access to it. So I think a lot of energy will be burned trying to find and maintain workarounds for a menagerie of handsets. Another option is to select one or a few devices that will be fully researched and developed for, and every year or so select the next device in the upgrade path. Selection criteria would highly rate any device which is more easily hackable, such as MTK based. The energy saved could be better spent developing new features and making a more complete solution. One downside is that the target device might not be your daily driver, and while it can operate as a standalone solution, you might need to discover if your daily driver is being specifically targeted with IMSI selection.
rena2019 commented Jun 23, 2015 @E3V3A can you please share the GlobalPlatformOrg.7z again?
SecUpwN commented Jun 23, 2015
Owner
can you please share the GlobalPlatformOrg.7z again? May I ask you if you're just interested in that .zip , or actually helping with this Issue, @rena2019? I've seen your Twitter account and noticed you're from a town near me. Herzlich Willkommen im Projekt! ;-)
E3V3A commented Jun 24, 2015
Contributor
can you please share the GlobalPlatformOrg.7z again? @rena2019, we've already got SIM access, so we just need someone to do the code. So those doc's are not gonna help you and you can download them yourself at their website. (They've been updated.)
rena2019 commented Jun 24, 2015 @SecUpwN I'm interested in all the mobile stuff. yesterday I read about Open Moblie API and found this site. @E3V3A Are all documents inside your zip also available free for download from GP site?
SecUpwN referenced this issue Jan 12, 2016
Main Screen: Operator shows N/A #749 AhmedYasssen commented Mar 8, 2017 WoW, I haven't understand anything up there, how can get a course to read this???
AhmedYasssen commented Mar 8, 2017 What was that??
Closed