Defcon 21 – The Secret Life of SIM Cards

. welcome everyone my name is Eric Butler and I'm Karl Koecher we're here to talk to you about SIM cards this is a project that started for me last year when I heard about tor camp this is a hacker camping trip you could think Def Con but outdoors and with tents instead of hotel rooms this was the second one the first one was a lot of fun and I was looking for a way to get more involved and I thought it would be great because it's in the middle of nowhere to run a cell phone network there was no GSM service out on the Washington coast and so I got some I pitched the idea to some friends and we got people together and we decided we could make this happen and my part of the project specifically was to procure SIM cards so I didn't know anything about what a SIM card was so it stands for subscriber identity module SIM cards contain identity information usually the IMSI the international mobile subscriber identity and ki which is the key used to authenticate with a cell network and to create session keys SIM cards are smart cards that are designed to be secure and tamper resistant so the idea is that the key information can't be extracted from the card even if you have physical possession SIM card they're designed not to be cloned on there been some issues about in the past anyone who has a GSM phone definitely has a SIM card and now even the carriers that traditionally didn't have them like Verizon are switching over to using them as part of their LTE migration and while I was learning about this I found that SIM cards can also run apps so what is that all about so long ago long before the iPhone before Android really before there was any concept of mobile development there was this idea that applications would live in your sim card and so the phones would be dumb hosts you could easily move your sim card between all these phones and all your contacts and all your apps would move with it and the telco like this because it put them in complete control over everything that you could run so fortunately um that didn't happen and we live in a little bit more open world today so you might think that this is an obsolete technology but it's actually still quite interesting because this technology is still around almost a decade later mostly unchanged a lot of these standards came about in the mid 90s and still work today are still supported today by modern smartphones Android iPhone and so I wanted to really understand how this worked and uncovered the mystery and really the motivation was that SIM cards it turns out our little tiny computers in your that everyone has in their pocket that you don't control and may not know very much about and everyone's walking around with these things so I thought there was an interesting opportunity because I wanted to have SIM cards for this tour camp Network and I thought why not get cards that would support running these apps this ended up being a lot of work it turns out most places that want to sell you SIM cards want to sell you about 500,000 to start we were looking for about 500 a lot of them were looking for us to sign an NDA which we didn't want to do because we wanted to be able to talk about everything we learned some of the cards that we found would support apps but didn't have any GSM support so they wouldn't help for what we needed there was very little documentation on not only where to get cards but how to program them what you can do with them and so we put a lot of time into collecting a lot of information together and we're hoping people can learn from our misery and build some interesting things with sort of a forgotten technology so the SIM cards that we ended up getting were actually have an AVR processor in them not unlike an Arduino they have 64 K of memory and tiny amount of RAM they run what's called Java card which we're going to talk about in a a bit and there's somewhere between 20 and 30 megahertz so there are definitely little computers although definitely have a lot of limitations one of the things that I was really hoping was when people arrived at the conference there's a registration tent where you pull up and this is where you get your badge and the schedule and I wanted to have the SIM cards right there at the entrance to really encourage people to use the network and so this is what you saw when you arrived you had a little pocket from us our cell phone company was called chez detail and we gave you not only a SIM card but all of the private key information and everything else that you usually don't have when you get a SIM card from a carrier so we really wanted to make this a very open thing that people could hack on the the cell phone network was a huge hit we gave away almost 500 SIM cards and we had over 400 phones connect to the network we had a lot of people using SMS saying where are you it was a big campground so people are trying to find each other we had free outbound calling anywhere in the world so people were not only calling people in the camp but also someone called their mom in Australia and it was really great and so in some ways our network was more functional than a lot of other network so that would've been very expensive to do and we even had an FCC license for the weekend so it's like a very legit a thing Thanks so Simmons are often called applets they run on the simcard CPU completely separate from the phone in many cases the phone doesn't even see what's going on the SIM card has its direct connection to the baseband in many cases again without going through the phone's operating system sim application can be remotely installed by the carrier which we're going to cover a little bit later and most carrier SIM cards today support the technologies that we're going to talk about it's very common cards can have multiple apps running on them that is managed by a card manager master application and referenced by an AI D applet ID and on a modern SIM card the GSM support is basically just another app so it's it's written in a similar way that what we're going to talk about today so what can one of these applets do most phones including modern smartphones Android and iPhone today will support basic user interface it will show up on the phone to display menus text you can do user input you can sometimes play sounds and this also works on a lot of dumb phones which is interesting for the developing world some phones will let the sim launch URLs some phones you can send us a message initiate calls use data service you can receive events so you might in some cases be able to detect when the user is dialing something and maybe even rewrite that number there are a lot of other options or over 200 unique features that have hands that can declare to the sim part this is what I support and in some cases you can even run arbitrary 80 commands send directly to the GSM modem just a few examples of similar to the while on the far left we have m-pesa which is a very very popular mobile payment system in Kenya with over 15 million users and almost all of that is based on the sim a plate technology it's also sometimes used for menus to top-up your phone or to get other information not very common in the US but it's much more common in other Play so it's not at all surprising if you've never seen this on your phone if you live here but if you're coming from somewhere else you might have seen this before alright so how do these applications actually work so with any good telco technology it is a maddeningly complex stack of technologies at sort of the bottom layer is the smart cards themselves which SIM cards are a particular type of there's Java card which came out of Sun in the late 90s which lets you write smart card applications with a variant of Java and this is what most SIM cards support today for writing applets and there's the sim toolkit API which lets the sim card talk to the phone and push events and receive events as well and then there's this standard called global platform which was originally developed by visa to allow third parties to develop applications and load them onto the card so a bit about smart cards they're designed for secure storage and computation and one of the key ideas with smart cards is that the secret Keys do not leave the card so you can ask the card to do things on your behalf like sign things encrypting x' decrypt things so these are widely used for like corporate logins a US government uses them a lot they're used for satellite TV DRM they're used for ecash in some parts of the world all sorts of things and basically the way that these work is that there are these things called a PD use which are just command and response packets and typically these are just you know a stream of bytes and you sort of have an instruction a class of instruction a couple of 1 byte parameters and maybe some variable length data so that's that's the basic interface that smart cards have so Java card it's Java not really so there's no garbage collection you can call new but it won't clean after itself there are no characters there are no strings no floats and no multi-dimensional arrays so this gets interesting and if you're lucky you might have some int otherwise you're stuck with bytes and shorts of course there's no standard java api is for like file i/o or threads or anything crazy like that one interesting thing about this is that they envision these cards as being very simple and so what regular JVMs do when they load class files is they verify that the class files are correct and so that they can't violate any of the safety and security properties that Java tries to provide Java cards do not have to verify the apps that are loaded on to them that is sort of delegated to whoever installs the applications which as you'll see later typically means that you can't load apps onto arbitrary Java cards there are exceptions though so everyone loves exceptions so that's how you return errors back to the smart card interface one interesting thing to note when you're developing for these is that instance and class variables are saved an EEPROM so those survived through power cycles but they have a limited write endurance anywhere from a thousand to 500,000 write cycles so depending on the card you might not want to update these these variables a lot so how do you actually build these things so they're there some commercial we we looked into how to actually write these apps for our shady tell Sims and there are a lot of commercial IDs for this but they start around 3,000 bucks so that was a non-starter for us but as it turns out you can download the Java card development kit from Oracle for free still that was it was kind of surprising but thanks Oracle for that you can actually build these with eclipse what you have to do is you have to remove the standard Java Runtime library and add in the Java card runtime library so it knows about the right class and things like that and then you have to do some craziness with the command line but we made some tools to make this whole process easier so what about SDK apps so SDK apps are generally um they are Java card apps and sort of the way that they work is that they first get loaded onto the card and then the app when it gets instantiated on the card registers itself with the sim toolkit runtime and this sim toolkit runtime whenever the phone boots up is informed of the phone's capabilities using those 200 feature bets that we are talking about this runtime then lets all the applications know or it tells the phone what all the applications are on on the card and then you have this menu of applications that you can select and when you select one it actually dispatches an event to your particular Java card application and then the app can do some IO back and forth through the standard sim toolkit API and so the basically the way that this code looks is you have a class that has so with Java card there are two standard methods there's install which is responsible for instantiating the class and registering it with the Java card runtime and the sim toolkit runtime and there's also this process method which takes in these apt use and does whatever computation you need there for sim toolkit process is not typically used there's typically process toolkit is called and these are for events that get delivered from the phone you can also request a timer event to be sent back to you so you can periodically wake up so for for a tour camp what we wanted to do is create some sample SDK apps to get people interested in this and sort of get people involved with the sim cards so we have this a simple app that made that you know said credits on there and it would bring up this list of people involved in the creation of the GSM network at tour camp but this and that's all it did the first time you run it but the second time you run it it would ask if you wanted hence for the crypto challenge that we were running and the interesting thing about this is that we were able to store the hints on secure hardware so you couldn't extract them and we also had some tamper resistant flags that were stored again and secure hardware to mark whether you had viewed any of the the hints or not and as will describe later we also had a way to remotely query what hence people had viewed although we never got around to implementing that so what does this code actually look like I warn you it's ugly so if you want to create strings you might remember there are no characters and no strings so you have to create a byte array of individual bytes or individual characters this is by far the most painful part of writing apps well except for debugging them that's even more painful but we'll get to that and so basically the the way that these that this tour camp mapped work is so install gets called by the Java card runtime when it gets installed that registers itself with a runtime so you can select the app it also registers itself with the the sim toolkit and a lot of this code here is just for reference later in the slides that will be available from our website so you don't have to memorize any of this right now and then sort of the when when events get handed down from from the phone you get a single byte that says what kind of event it is usually it's like a menu selection or something and in this case it checks to see if the hints that were given if we've displayed any hints if not we just show the credits otherwise we mark that this app has been run before and then we we show the the menu for the hints constructing constructing you ice to send back to the phone is really ugly you basically have this byte array of type length values and you have this API sort of that lets you pin stuff to this byte array and you have to send this byte array back and it's it's kind of nightmarish but it works so that's basically what it's doing here is creating these menu items and sending it back to the phone and then also that remote query capability we had we use the standard Java card process method to expose an instruction that would let you query the card for what hen's had been viewed so to build Java card apps you have to target an older version of Java but you start out using a standard compiler so targeting 1.1 byte code and 1.3 source compatibility once the standard Java compiler creates the class file you then need to convert it to something that is compatible Java card and the SDK includes a tool to do that there is an application ID we mentioned earlier that you can have multiple cards or multiple apps on a card so this is where you specify the ID your app is going to use a cap file is similar it you can set at the end of that it creates a cap file which is sort of similar to a jar file it's a zip file of byte code and we've created make files and other scripts to make this all much easier so you don't have to remember any of these commands you just I make and it'll go one of the big questions that I had when I started this project was how do we actually communicate with the SIM cards physically and I found that really there are two types of readers that you have to to consider the most common type is called pcs CPC smart card API these are usually designed to be used with full-sized smart cards so you know when you sometimes when you get a sim card it comes in a full size card and you punch it out what we usually do is we save that plastic housing and put a piece of tape on the back so we can put the sim card back in when we want to interface with it these are the same types of readers that you would use for any other smart card for corporate login for VPN access anything like that the other type of reader is a serial reader these are usually smaller and are just the size of a standard size SIM card they're often sold for backing up like the contacts on your SIM card but I don't really think anybody does that anymore but they are cheap and easy to get it doesn't really matter which reader you get but the PCs 3d readers are more compatible because if you're going to try to use any official software commercial software it's almost certainly built for that API and there is also an open source stack for PCs see that a lot of tools use so I highly recommend getting one of those the reader I use is this one it was eight dollars and it folds up nice and small so it's very convenient so at this point we had written some horrible-looking code we had compiled it with the java compiler we converted it to this cap file and so we felt like we had this thing ready to go we had some SIM cards but we couldn't really get it to load we found a lot of references to a tool called GP shell which is a global platform shell couldn't get that to work this is sort of a funny story our sim vendor we asked them hey what software do you use and they sent us back a screenshot of this very simple app we'd like choose your file choose your reader and hit go and it will do it and we said oh great can you say that to us Oh No is it available anywhere no no and then eventually they offered us ok for 600 we'll send you this program that we didn't write and we don't own the copyright to so we decided not not to do that and so we kept looking to see what else was out there and we had to start digging into a little more details on the communication protocols they are used to interface with smart cards so this this program that they were trying to tell us was called the sim Alliance loader and they had V 1 but simoleons had come out with V 2 and the sim Alliance is basically an industry group advocates for using apps on SIM cards and they have a bunch of tools the simoleons loader is this crazy Windows Java app that is really intended for experts it is you know it is clearly designed for people who know what they are doing which means not us so we spent a lot of time figuring out how to actually configure the right to key boxes and settings to get our apps to actually load but if you know what you're doing and you're running Windows and you're willing to put up with the slowness it takes like two minutes to load something on a SIM card with this then this program is really available and will actually load stuff on our SIM cards but for a variety of reasons we thought that using this suggesting this to the tour camp attendees was not an acceptable solution for loading apps onto SIM cards plus we had to provision a thousand of these SIM cards and at two minutes a pop it would take quite a while so we wanted to come up with something faster and more portable and thus we started to delve into the world of global platform so what global platform is is it's a standard for loading and managing apps on Java cards and one of the things that it does is it defines the card manager app so this is the protocols and commands used to load and install apps on the SIM card it also covers authentication for loading apps and also encryption between the apps and a of off card party it also talks about some of the off card responsibilities such as the issuer needs to verify apps that get put on there and because of that the issuer so they're they're a bunch of security domains that are defined by global platform and basically the the top-level one is called the issuer security domain and the issuer security domain is responsible for authorizing any code that gets loaded onto the card and so in practice this means that you can't load apps onto your own SIM cards except a couple of days earlier at blackhat Carsten Knoll showed that about 25% of SIM cards use have a I don't know crypto bug I guess you would call it where you can actually that you can actually exploit to load stuff onto these cards so basically the way that that worked is that you you can sign these install commands with a desk key and if that desk key is incorrect it will send you back an error message and sometimes those error messages are also signed so if you don't know the right key you just send random junk and then you get back a signed error response and since it's des you can actually brute-force this and apparently he's able to do that with some rainbow tables and that that's pretty cool it but so going back to global platform when you have a standard unproven unperson alized Java card the issuer security domain is the default app on the card so you can just say hey install this and set all these keys but accessing it on our sim was much harder because the GSM SIM app was the default app and we couldn't even select the global platform app it was totally inaccessible over the the standard APD use so we wanted to figure out exactly how this this operated a brief bit about actually how stuff gets loaded on here so installation is a two-step process you first load the binary which is the install for load command and then you need to instantiate that app by doing the install for install command which basically you give it the application ID of the both of them the binary package that you sent to it the application ID of the main class to use and an application ID that you want assigned to the main instance and the binary that you sent to it basically is just straight from this cap file you just unzip the cap file concatenate everything together and just shove it at the card and that works as I said unfortunately this doesn't really work with our SIM cards in fact though we found out the only way to actually talk to a global platform on our cards is through an over-the-air update mechanism like over SMS packets but fortunately we didn't have to actually send these SMS packets all we had to do was pretend that we were a phone and send it the right apt use to say that incoming SMS was received and here's the installation so what does that actually look like well this is where it gets really complicated and this is where I spent many many hours reverse engineering this so at the top level there's an APD you called cat envelope and cat envelope is basically a way to deliver to the sim toolkit runtime some incoming message either an event it's it's typically an event either an incoming SMS or a menu selection or something else inside that you have an event for a CMS point-to-point download inside that you say who sent it inside that you actually have the SMS message inside that you have a header and you have your user data and the user data consists of a header and also the command and finally at the very bottom is a PDU that actually gets delivered to global platform and so this tiny little this tiny little packet ends up being huge when since when sent over this mechanism and and this is you know the the telecom way just wrap everything in layers of complexity but in case you missed it I want to make something clear here you can use this exact mechanism to send arbitrary APD use two SIM cards through this through this SMS capability one thing that came up is whether these cards use individualized keys or a single key and we don't actually know because we haven't tried this on any commercial sense but there is a one thing that one reason why they might not use individualized keys is there's something called cell broadcast and cell broadcast is this sort of variant on SMS that's mostly used these days for emergency alerts that are pushed to your phone and so it's basically a broadcast SMS and so carriers could actually use this to broadcast installation messages and push apps out to your phone as I said normally you need to authenticate to do this if you want to learn how to do it without authenticating or knowing the the private keys go seek Arsenal's talk so once we reverse engineered how this actually worked we wrote this Python script that works on OS X Linux Windows it just works everywhere um and it's kind of easy to use to to load a application on the SIM card all you have to do is just specify what interface you want PC se or serial and say – L furloughed and give it the cap file and it loads it instantiating is a different story and this is this is all sim toolkits fault and Java cards fault so basically what you have to do is you say I want to instantiate this here is the so the module ID is the application ID of the main class that you want to use the instance' ID is used for selection of that applet outside sim toolkit you have to tell the Installer that this is actually a sim toolkit app and you would like that to be registered for sim toolkit as well you have to tell the sim toolkit runtime how many menu entries you want in that main application menu you have to tell it how many characters your biggest menu entry is and you also have to tell the card exactly how much memory you need both in RAM to install the app and in the EEPROM – for all the the instance and class variables and you can you can specify more than it's necessary like we always specify hex 104 256 bytes but this is sort of the way that that cards manage their memory resources and then of course you can also just list the applications on the card with dash T and there are a bunch of different commands that this also supports such as updating the phonebook and oh look how these guys doing so far okay so the DEF CON experience includes a lot of different things but one of it is cutting-edge technical talks it is very hard to get accepted as a speaker the the bar is very very high this is their first time so give them a big round of applause so obviously we have a little bit of a tradition we're going to do a shot onstage with them here we go cheers gentlemen Cheers now we'll see if they can pick up their talk where they left off all right so how do you know if this works yeah we have to do this shit all day so how do I become a goon it's my question all right so how do you know if this actually works well what oh this is your slide okay I'll apparently the shots already go into the head so after all this work of going through the steps of writing the code compiling it converting it learning the protocols on how to install it we finally had something that appeared to succeed what you can see on the left is our state the same Python script also has that command to list applets and at the bottom we see our applet appears to be on the phone but how do you actually see it if it's working most phones have some way to access a SIM menu that will only appear if the SIM card actually has a menu so on the iPhone you go into settings you go to phone and a sim application x' item will appear and on android a sim toolkit item will appear in the main application list and from there you see the menu of all the cards you have installed and can interact so Carl was saying that one of the worst parts of this was writing the code and running out strings but testing is actually pretty bad too so you can imagine this flow is you will you turn off your phone you take out the battery take out the SIM card you put the SIM card into your computer you load some code you take it out you put it back in the phone you put the battery back in wait for the phone to boot and see if it worked and if it doesn't do the whole thing over again and so we were trying to talk about if there was a way that we can do any better and sort of simplify this a little bit or at least speed up the development and it turns out that there is an open source project called seek which provides smartcard api's for Android this can be used for talking to the SIM card talking to other types of smart cards like SD cards that have secured elements inside them and they actually have patches to the Android emulator and so we got this workweek we tried this out network so you can get a pcs C a smart card reader like we talked about before plug it into your computer start the emulator and the sim toolkit icon will show up and you can talk to your sim and test your apps that way without needing to constantly swap between a computer in between a phone the seek project only provides this as patch files but we've gone through the trouble of building it we have binaries for all platforms and are this website for the talk at the end has all that another thing that we were wondering about is could we use the phone as a that this is my slide Karma's a bitch yeah all right so so one of the one of the ideas that we also toyed around with is that you know since everyone has these phones they already have these sim card readers why can't we just use the phone for these readers as it turns out that most radio interfaces don't actually let you talk directly to the sim and this is mostly a good thing because if you are able to talk to the sim then you're able to authenticate to the network and do all sorts of nasty things but in Europe particularly there is this method called the Bluetooth remote sim access profile or protocol and basically what that's used for is your car will have a high-power GSM modem in it for hands-free calling but it uses the sim in your cellphone to authenticate to the network and this is very different than how it works in the u.s. because you know a lot of cell phones don't have SIM cards in the US but this is one way to access the sim over on your on your phone we also toyed around with an idea of writing an app that would run on your phone that could talk to this card and install apps and things like that and to do that we had to reverse engineer this Android app the Android remote sim access profile app they had some weird crypto stuff in there that wasn't actually that secure so we figured out how to break that but we didn't actually get this up and running just yet um by the way very bad idea to install this on your phone it creates a socket that the radio interface uses that just exposes the same car to any app no no permissions needed or anything it's chmod is it no six six six or something it's it's kind of crazy and so Anthony app can do anything at once but so you might think that SDK apps are pretty limited but we think that there's potential for awesomeness here so one idea that we were talking about is having an SMS botnet because these sim cards can actually communicate with the network without the OS getting involved it talks directly to the baseband processor so if it's able to bypass the authentication to load itself onto SIM cards it could just you know start propagating itself through through the cell network and the the main application OS doesn't know what's going on now it might be interesting one thing that we think would be really cool is to integrate Android apps with some apps for example putting your SSH key on the SIM card so that the SIM card actually authenticates you to your SSH server instead of something on your phone or maybe storing your Bitcoin wallet securely or who knows what else there there's many opportunities here but of course you know we probably need carriers to get on onboard to do this securely and then one other idea we had was making an android app that would actually let us push out these sms's to someone else to load code on to their other SIM card so earlier I talked about my main motivation for getting involved with this was because everyone's walking around with these things and we don't know much about them and even though it's kind of obsolete there's still it is too widely widely use the same technology is used for a few different other things there is a little bit newer protocol called swp single single wire protocol and this actually creates a direct connection between one of the unused pads on the sim card and generally an NFC controller and a phone and this is intended to allow NFC payments completely separate it allows you to do NFC payments without the phone being involved so your SIM card can basically have equivalent to like a MasterCard or Visa pay pass applet running on it and when you tap your phone the NFC controller will talk to the SIM card directly and authenticate that payment without the OS being involved at all and so the idea there is that it might be a little bit more secure this is actually used by a company in the u.s. called Isis which is how's it doing a very very slow roll out over the next year or so this is a this is a combination of the telcos and the banks and it's not really clear any one cares about this but they're using SIM cards to power this so it's interesting to know how this all works and I talked earlier about how SIM cards and sim apps were sort of initially going to give control of this whole thing to the carriers this is sort of a way that the carriers are trying to go back to those days by controlling this one little thing payments they can charge whatever fees they want they control who can use it and how it works another technology that use it is quite similar is the secure element found in many Android phones this is often part of the NFC controller it's similar so it's similar to the swp interface used with SIM cards but it's often just in one housing and this is basically a little tiny SIM card inside your phone it generally supports javacard it might be based on global platform and so all the same sort of things we've talked about with how to write apps how to interact with them is the same for this thing in your phone so if you have one of these you now have two little computers in your pocket that you may not control this is used by the ISIS competitor Google Wallet and that's how it does the secured credit card emulation so we think that even if SIM cards are possibly a dead end for writing software and I think that there's still a lot of potential there there's still push by these manufacturers to keep this technology relevant and to try to do new things so it's not going away anytime soon we've hopefully made it easy to get started if you're interested in intrigued and I hope you are it's quite it's quite very few hardware requirements it's not an expensive thing to get started on the readers are usually less than 20 and it will work with pretty much any phone we have some extra SIM cards and we don't have anything official set up but we're hoping to do some sort of iff donation for them so please come see us if you're interested in getting a hold of these as I mentioned earlier it was quite difficult for us to get even mid-size quantities so individual quantities of these is pretty hard to find we've put up a website for the talk with these slides a lots more technical info all of our code our make files our Python scripts those binaries for the patched Android system and a whole lot more and is information how to get in touch with us thank you for coming and I hope you will join us in hacking on SIM cards