SIM card writer

To add a new user with a given SIM card, you will need several pieces of information for each SIM card.

  • IMSI

    • unique identifier for SIM card

    • manufacturer provides

  • MSISDN

    • an arbitrary number representing the user’s “phone number”

    • could be the last 5 or more digits of the IMSI- make this up if not provided to you

  • IP Address

    • this value sets a private static IP for each SIM card

    • you’re also free to set this

  • Key

    • user’s private key used in LTE encryption

    • manufacturer provides

  • OPC

    • “carrier” private key used in LTE encryption

    • manufacturer provides

  • APN (optional)

    • access point name

Card Reader Software XCRFID

SIM Card Reader / Writer

This interface shows the card reader GUI

Select Card Reader

Select Card Reader/Writer Device

Click the dropdown button

Software show available smart card R/W connected to host computer

Read Sim Card Reader

Software shows smart card R/W Read Card button

Press Read Button

Software shows smart card R/W card details

GSM Parameters

Software shows smart card R/W left panel displays GSM Parameters

Software shows smart card R/W right panel displays GSM Parameters
You can set LTE parameters same with GSM by clicking the "Same with LTE" button

You can set LTE parameters same with GSM by clicking the "Same with LTE" button

Let’s take a look at the information that’s stored on USIM

Figure display the ICCID of SIM Card

ICCID

Because a USIM is just an application running on a Universal Integrated Circuit Card, it’s got a ICCID or Universal Integrated Circuit Card ID. Generally this is the long barcode / string of numbers printed on the card itself.

The network generally doesn’t care about this value, but operators may use it for logistics like shipping out cards.

Figure display the PIN & PUK of SIM Card

PIN & PUK

PINs and PUKs are codes to unlock the card. If you get the PIN wrong too many times you need the longer PUK to unlock it.

These fields can be written to (when authenticated to the card) but not read directly, only challenged. (You can try a PIN, but you can’t see what it’s set too).

As we mentioned before the terminal will ask the card if that’s correct, but the terminal doesn’t know the PIN either.

Figure display the IMSI of SIM Card

IMSI Each subscriber has an IMSI, an International Mobile Subscriber Identity.

IMSIs are hierarchical, starting with 3 digit Mobile Country Code MCC, then the Mobile Network Code (MNC) (2/3 digits) and finally a Mobile Subscription Identification Number (MSIN), a unique number allocated by the operator to the subscribers in their network.

This means although two subscribers could theoretically have the same MSIN they wouldn’t share the same MNC and MCC so the ISMI would still be unique.

The IMSI never changes, unless the subscriber changes operators when they’ll be issued a new USIM card by the new operator, with a different IMSI (differing MNC).

The MSIN isn’t the same as the phone number / MSISDN Number, but an IMSI generally has a MSISDN associated with it by the network. This allows you to port / change MSISDN numbers without changing the USIM/SIM.

Figure display the KI of SIM Card

K – Subscriber Key

Subscriber’s secret key known only to the Subscriber and the Authentication Center (AuC/ HSS).

All the authentication rests on the principle that this one single secret key (K) known only to the USIM and the AuC/HHS.

Figure display the OP of SIM Card

OP – Operator Code

Operator Code – same for all SIMs from a single operator.

Used in combination with K as an input for some authentication / authorisation crypto generation.

Because the Operator Code is common to all subscribers in the network, if this key were to be recovered it could lead to security issues, so instead OPc is generally used.

Figure display the OPc of SIM Card

OPc – Operator Code (Derived)

Instead of giving each USIM the Operator Code a derived operator code can be precomputed when the USIM is written with the K key.

This means the OP is not stored on the USIM.

OPc=Encypt-Algo(OP,Key)

Figure display the PLMN of SIM Card

PLMN (Public Land Mobile Network)

The PLMN is the combination of MCC & MNC that identifies the operator’s radio access network (RAN) from other operators.

While there isn’t a specific PLMN field in most USIMs it’s worth understanding as several fields require a PLMN.

Figure display the HPLMN of SIM Card

HPLMNwAcT (HPLMN selector with Access Technology)

Contains in order of priority, the Home-PLMN codes with the access technology specified.

This allows the USIM to work out which PLMN to attach to and which access technology (RAN), for example if the operator’s PLMN was 50599 we could have:

  • 50599 E-UTRAN

  • 50599 UTRAN

To try 4G and if that fails use 3G.

In situations where operators might partner to share networks in different areas, this could be set to the PLMN of the operator first, then it’s partnered operator second.

Figure display the OPLMNwACT of SIM Card

OPLMNwACT (Operator controlled PLMN selector with Access Technology)

This is a list of PLMNs the operator has a roaming agreement with in order of priority and with the access technology.

An operator may roam to Carrier X but only permit UTRAN access, not E-TRAN.

Figure display the EHPLMN of SIM Card

EHPLMN (Equivalent HPLMN)

Used to define equivalent HPMNs, for example if two carriers merge and still have two PLMNs.

Figure display the FPLMN of SIM Card

FPLMN (Forbidden PLMN list)

A list of PLMNs the subscriber is not permitted to roam to.

Figure display the HPPLMN of SIM Card

HPPLMN (Higher Priority PLMN search period)

How long in seconds to spend between each PLMN/Access Technology in HPLMNwAcT list.

Figure display the ACC of SIM Card

ACC (Access Control Class)

The ACC allows values from 0-15, and determines the access control class of the subscriber.

In the UK the ACC values is used to restrict civilian access to cell phone networks during emergencies.

Ordinary subscribers have ACC numbers in the range 0 – 9. Higher priority users are allocated numbers 12-14.

During an emergency, some or all access classes in the range 0 – 9 are disabled.

This means service would be could be cut off to the public who have ACC value of 0-9, but those like first responders and emergency services would have a higher ACC value and the network would allow them to attach.

Figure display the AD of SIM Card

AD (Administrative Data)

Like the ACC field the AD field allows operators to drive test networks without valid paying subscribers attaching to the network.

The defined levels are:

  • ’00’ normal operation.

  • ’80’ type approval operations.

  • ’01’ normal operation + specific facilities.

  • ’81’ type approval operations + specific facilities.

  • ’02’ maintenance (off line).

  • ’04’ cell test operation.

Figure display the GID 1 and 2 of SIM Card

GID 1 / 2 – Group Identifier

Two group identifier fields that allow the operator to identify a group of USIMs for a particular application.

Figure display the SPN of SIM Card

SPN (Service Provider Name)

The SPN is an optional field containing the human-readable name of the network.

The SPN allows MVNOs to provide their own USIMs with their name as the operator on the handset.

Figure display the ECC of SIM Card

ECC (Emergency Call Codes)

Codes up to 6 digits long the subscriber is allowed to dial from home screen / in emergency / while not authenticated etc.

Figure display the MSISDN of SIM Card

MSISDN

Mobile Station International Subscriber Directory Number. The E.164 formatted phone number of the subscriber.

This is optional, as porting may overwrite this, so it doesn’t always match up.

Figure Shows Smart Card Reader and Rewritable USIM

Figure demonstrates how USIM attached to reader

Figure show the size of a SIM card

PreviousOther ServicesNexteNode B

Last updated