How to send a APDU over NowSMS

How to send a APDU over NowSMS SearchSearch

SMS & MMS Technical Forum » MMS & SMS Technical Discussions (unsupported) » How to send a APDU over NowSMS « Previous || Next »
Author Message
Andrew
New member
Username: Andrewru

Post Number: 1
Registered: 08-2010
Posted on Friday, August 20, 2010 - 10:11 am:   

Hi!
There was a similar thread in the archive but without an answer. But the answer is urgently needed.
I need to send OTA Remote File management commands to change IMSI on the SIM card.
My APDU code as following lists:
and my question is whatever I fill these codes to the "Send Binary Message", always get +CMS Error 500,
how can I fill the UserDataHeader, BinaryData, PID and DCS?

Thanks for your help.
...........................
A0C2000051 (ISO ENv)
D14F (11.14 SMS-PP)
02028381 (devices Ids)
0606983311111111 (SCA)
0B41 (begin of the SMS TPDU)
E40A9833111111117F16080317095345322F
(begin of the GSM 03.48 )
027000002A15020124245241440000000000001C85B29743E45727
(begin of the commands that upadte the IMSI file)
280102000C5472616E73666F726D657273
Des - NowSMS Support
Board Administrator
Username: Desosms

Post Number: 2447
Registered: 08-2008
Posted on Friday, August 20, 2010 - 04:05 pm:   

Hi Andrew,

This is outside of my area of expertise, but I think you want to send this:

UDH = 027000

Data = 002A15020124245241440000000000001C85B29743E45727
280102000C5472616E73666F726D657273

pid = 7f
dcs = f6

(It looks like your example has DCS=16 in the SMS TPDU header, which is ok for sending via a modem, but is not a legal value if sending via SMPP. F6 has the same meaning.)

Whether or not your operator will allow you to send these commands over a GSM modem may be an issue.

--
Des
NowSMS Support
Andrew
New member
Username: Andrewru

Post Number: 2
Registered: 08-2010
Posted on Monday, August 23, 2010 - 04:41 am:   

Thank you very much for your help.
I have connection of NowSMS to SMSC over SMPP, and I want to use it to send SMS.
In that way, what pid and dcs do i need?
As i understand UDH will be 027000?
And data = 002A15020124245241440000000000001C85B29743E45727
280102000C5472616E73666F726D657273 ?
Des - NowSMS Support
Board Administrator
Username: Desosms

Post Number: 2455
Registered: 08-2008
Posted on Monday, August 23, 2010 - 04:58 pm:   

Since you mentioned "+CMS ERROR 500", I assumed you were referring to sending out via a GSM modem connection.

For SMPP, you would use the same settings that I posted in the previous message.

UDH is always 027000 for these messages. (NowSMS requires that you separate the UDH off of the message data when submitting to NowSMS via HTTP. When you do this, NowSMS simply concatenates the UDH and the data, and sets the UDHI flag.)

Do note that you might run into an issue if you are sending a message where the UDH and data length exceeds 140 bytes. Please see the following thread for a solution to the long message SIM data download problem: http://support.nowsms.com/discus/messages/1/59837.html

--
Des
NowSMS Support
Andrew
New member
Username: Andrewru

Post Number: 3
Registered: 08-2010
Posted on Wednesday, August 25, 2010 - 03:14 am:   

Thanks a lot for your help.
So about UDH=027000, DCS=F6 and pid=7F it's cleared.
One more thing.
What about these parts of APDU SMS-PP.
--------------------------------
A0C2000051 (ISO ENv)
D14F (11.14 SMS-PP)
02028381 (devices Ids)
0606983311111111 (SCA)
0B41 (begin of the SMS TPDU)
E40A9833111111117F16080317095345322F
------------------------------------------
Do i need to attach them to the (begin of the GSM 03.48 ) without UDH to the Data?
And in that way the parameter Data will be
A0C2000051D14F0202838106069833111111110B41E40A9833111111117F16080317095345322F + 002A15020124245241440000000000001C85B29743E45727
280102000C5472616E73666F726D657273 ?

Or NowSMS generates these parts of APDU SMS-PP by itself. And I need to begin Data with only begin of the GSM 03.48 without UDH?
Des - NowSMS Support
Board Administrator
Username: Desosms

Post Number: 2460
Registered: 08-2008
Posted on Wednesday, August 25, 2010 - 07:23 pm:   

You can't generate any of that.

It's not really a NowSMS issue, you just don't get access to that level of things, especially when submitting via SMPP.

Keep in mind, however, that I know a lot about sending SMS messages, but I have no practical experience sending the type of messages that you are sending. So it is possible that some of these other data elements are required, but they are required in the data portion of the message.

What I do know is that the UDH is always 0270000. And technically, the UDH is the first few bytes of the user data portion of the message.

I also know that the SMS TPDU is defined in ETSI GSM 03.40. The SMS TPDU fields are generated automatically by either the SMPP server (or by NowSMS if sending via a modem).

And I know that when sending an SMS message via GSM modem, the SCA precedes the TPDU (or is left blank to indicate default service centre), and is an indication to the modem which service centre to use to send the message. The SCA has no relevance when sending via SMPP.

The part that is outside my area of expertise is what you label as ISO ENv, 11.14 SMS-PP, and device Ids.

I'm guessing that you're looking at ETSI GSM 11.14, and perhaps looking at how you send an SMS message from an SIM toolkit application? Or perhaps looking at the format in which you receive an SMS message in a SIM toolkit application?

I believe these GSM 11.14 headers are part of the SIM toolkit messaging interface, and not actually sent over the air. If they are sent over the air, they need to be in the message data somewhere.

Does any of this make sense?

If not, can you give me specific pointers to where these fields are defined, and what they mean to you in your context?

--
Des
NowSMS Support
Andrew
New member
Username: Andrewru

Post Number: 4
Registered: 08-2010
Posted on Monday, September 06, 2010 - 04:30 am:   

Well, thank u very much for your help.
I've achieved my goal and updated IMSI using NowSMS and OTA Remote File Management.
So to update IMSI i need to compose header and encrypt commands using GSM 03.48. Then i need to send this packet using NowSMS without UDH.
And all works! Thanks a lot.
Alex Kaing
New member
Username: Alexkaing

Post Number: 1
Registered: 03-2011
Posted on Tuesday, March 22, 2011 - 03:29 am:   

Hi all,

I have read this topic, it is very interesting and match with what i need now. But some place i don understand.
Question:
I want to change SMS center on SIM via OTA.
What is the UDH, Data ...?
I want to change SMSC to +855101000000.
Could you please let know how to convert my new SMSC to data for sending ?

Looking forward to hear from you. :-)

Thanks
Alex
Andrew
New member
Username: Andrewru

Post Number: 5
Registered: 08-2010
Posted on Tuesday, March 22, 2011 - 04:40 am:   

Hi Alex,
I've made changing data on SIM via OTA.
From my skill it's very necessary to cooperate with SIM manufacture. Because you need to know SPI, KIK, KID, TAR, etc. that is used on the SIM card. Without that info you will be unable to make any changes via OTA.
Alex Kaing
New member
Username: Alexkaing

Post Number: 2
Registered: 03-2011
Posted on Friday, March 25, 2011 - 08:16 am:   

Thanks Andrew for your fast response,

Do you know another option (software) to check SPI, KIK, KID, TAR beside SIM manufacture ?

Thanks
Alex
Andrew
New member
Username: Andrewru

Post Number: 6
Registered: 08-2010
Posted on Monday, March 28, 2011 - 08:14 am:   

Hi Alex.
No, I don't know such software. From my point of view there is no such software. In my case, for example, TAR in the SIM had value 111111h, it was vendor specific. And only vendor told me this value of TAR.
B.R. Andrew
S.S.Sudhakar
Posted on Tuesday, January 03, 2012 - 12:47 pm:   

hi andrew,

Can you post sample meesage you used for RFM using nowsms.

Regards,
Sudhakar
sashidharan
New member
Username: Sashidharanvit

Post Number: 1
Registered: 01-2012
Posted on Tuesday, January 31, 2012 - 08:59 am:   

Hi Andrew,

Can you be a bit clear regarding the way you achieved your aim of changing IMSI of SIM!!

(i.e, Could you give me step by step way of doing it)


I am planning to do it and that would benefit me greatly

Thanks And Regards,

R.Sashidharan
Andrew
New member
Username: Andrewru

Post Number: 7
Registered: 08-2010
Posted on Wednesday, February 01, 2012 - 03:18 am:   

I've developed a program that connects to SMS Center over SMPP. Then, regarding to the vendor information of the SPI, TAR and etc. of the SIM cards, I've made an APDU. After that I can send APDUs over SMPP and change IMSI on the SIM cards over OTA. The only weakness of this method is that I do not have an opportunity to get PoR from the SIM card when I change IMSI or SPN or etc. on the SIM card.
sashidharan
New member
Username: Sashidharanvit

Post Number: 2
Registered: 01-2012
Posted on Friday, February 03, 2012 - 05:19 am:   

Hi Andrew,

Thank You for the Reply!!

Could you please guide me and give me important links and pdfs you read to make the APDU which changes imsi no of the sim card

Thanks and Regards,

R.Sashidharan
Andrew
New member
Username: Andrewru

Post Number: 8
Registered: 08-2010
Posted on Friday, February 03, 2012 - 05:21 am:   

Hi. The main recommendation is 3GPP TS 03.48.
B.R. Andrew
sashidharan
New member
Username: Sashidharanvit

Post Number: 3
Registered: 01-2012
Posted on Friday, February 03, 2012 - 05:52 am:   

That is

how did you write commands which update the imsi file

In your case you have written
280102000C5472616E73666F726D657273

What the above data means could you explain this??
Andrew
New member
Username: Andrewru

Post Number: 9
Registered: 08-2010
Posted on Monday, February 06, 2012 - 03:51 am:   

Here are commands that update IMSI on SIM-card
Select file
A0A40000023F00
Select file
A0A40000027F20
Select file
A0A40000026F07
Change IMIS on selected file
A0D6000009082905935846345718
All this commands are gathered in sms message and are sent to mobile phone. Depending of the sim's manufacture these commands must be chyphered.
sashidharan
New member
Username: Sashidharanvit

Post Number: 4
Registered: 01-2012
Posted on Monday, February 06, 2012 - 05:58 am:   

Hi Andrew

Thanks for the Reply man!!

But what i actually want is how the octets are actually formed and where is the old and new updated imsi in the message given by you

Could you explain in detail the octets and say what do they do??
Andrew
New member
Username: Andrewru

Post Number: 10
Registered: 08-2010
Posted on Monday, February 06, 2012 - 06:09 am:   

To update IMSI u must select necessary file on file system of the sim card.
First u must select directory 3F00. The command to select this catalog is A0A40000023F00. Then u need to select subdirectory 7F20. So the command is A0A40000027F20. Next u must select file where old IMSI stored. This file is 6F07. Ok, now when active selested file is our file with old IMSI we change data in that file to new IMSI. The command is A0D6000009081111111111111111.
Now new IMSI of the sim-card is 1111111111111111. Thats it. Old IMSI we overwrite.

And one thing to mention. The file system of different manufactores are not the same. So u need to select necessary file depending of your sim card file system
sashidharan
New member
Username: Sashidharanvit

Post Number: 5
Registered: 01-2012
Posted on Monday, February 06, 2012 - 07:55 am:   

Hi Andrew

Thanks for your guidance

good explanation given

Still one thing i have a doubt is

Using Nowsms, how will you send this message??

Steps:

1) In nowsms web interface, go to binary sms and select other

2) what to type in to: imsi or msisdn no

3) with or without udh:027000

4) binary data: A0A40000023F00A0A40000027F20A0A40000026F07
+
A0D6000009082905935846345718

5) pid = 7f
dcs = f6

IMP:
Is this the correct way or any other thing i need to do??
Pls Reply??
Andrew
New member
Username: Andrewru

Post Number: 11
Registered: 08-2010
Posted on Monday, February 06, 2012 - 08:13 am:   

Can't say how to make it in NowSMS, because I use my own written programm. But 2 years ago, I used NowSMS to send sms with commands of changing IMSI. And IMSI was successful changed on the sim card. Nowdays I unfortunately forgot it.
As I remmeber:
pid = 7f
dcs = f6
udh: 027000 NowSMS puts by itself (or may be not)
destination address must be MSISDN
binary data: not only A0A40000023F00A0A40000027F20A0A40000026F07
+
A0D6000009082905935846345718
You need to read 3GPP TS 03.48. Before this data you need to put CHL,SPI,Kic,KID,TAR,CNTR and so on. And only after that in Data block these commands.
Depending of SPI this data block with our commands must be chyphered or not.
sashidharan
New member
Username: Sashidharanvit

Post Number: 6
Registered: 01-2012
Posted on Tuesday, February 07, 2012 - 10:59 am:   

Hi andrew,

Thank you so much for the info

but in gsm 3.48 they have given command format

spi,kic,kid,cntr etc can be coded by our own

the details are given in the pdf

Then why we need to consult vendor for those values

and i think ciphering is not needed for demo purposes - my view(may be wrong)

Pl clarify how to create your own program which changes imsi no(which programming you followed)

Also do you know about stk

Somebody are saying we need to download stk which will do the change of imsi of simcard(could you clarify on this too)

Thanks and Regards,

R.Sashidharan
Andrew
New member
Username: Andrewru

Post Number: 12
Registered: 08-2010
Posted on Tuesday, February 07, 2012 - 11:40 am:   

Manufactorer of the sim-card when producing the sim card follows the recommendations of GSM 3.48.
When he produce the sim card he programing it with defined by himself parameteres of SPI, Kic, KID, TAR, PCNTR. If you want that sim card applied your cjmmands to change IMSI, you must sent this parametres equil of what manufactorer made. In other way the sim card would not apply these commands. So if vendor made chiphering enabled, you must chipher these commands.
Dont know about stk.
sashidharan
New member
Username: Sashidharanvit

Post Number: 7
Registered: 01-2012
Posted on Tuesday, February 07, 2012 - 11:42 am:   

Pl clarify how to create your own program which changes imsi no(which programming you followed)

would you eloborate on this please??

Regards

R.Sashidharan
Andrew
New member
Username: Andrewru

Post Number: 13
Registered: 08-2010
Posted on Tuesday, February 07, 2012 - 11:50 am:   

Well, the program is not very difficult. You need transport to deliver sms to the subscriber. I choosed SMPP, developed SMPP client to connect to SMSC center. Then you need to programm proper to vendor info OTA packet with commands to change IMSI and sent this packet over SMPP.
sashidharan
New member
Username: Sashidharanvit

Post Number: 8
Registered: 01-2012
Posted on Tuesday, February 07, 2012 - 11:55 am:   

That means you have created a similar to nowsms web interface to send the apdu to the simcard!!!

One more thing is there any hack of knowing the details of sim(like spi etc) or changing those values also!!

Because sim manufactures would also use software to write these values to the sim card isnt it???
Andrew
New member
Username: Andrewru

Post Number: 14
Registered: 08-2010
Posted on Wednesday, February 08, 2012 - 03:39 am:   

Don't know about the hack. I worked in cooperation with vendor. May be there is. But it is not easy to encrypt your commands not knowing DES, or 3DES etc. key. If there is no chiphering on the sim card, may be there is the way to hack the sim card.
suman jha
New member
Username: Sumanjha

Post Number: 1
Registered: 04-2012
Posted on Wednesday, April 04, 2012 - 06:55 am:   

Hi Andrew ,

I have formed the packet with Kic, KID, TAR etc, but facing problem in encryption.
pls suggest me how to proceed for encryption.I will have all required data from vendor.
Any encryption tools need to use ?
---
Thanks
Suman Jha
Andrew
New member
Username: Andrewru

Post Number: 15
Registered: 08-2010
Posted on Wednesday, April 04, 2012 - 09:49 am:   

Yes, you can use some encryption tools. Depends on the encryption algorithm programmed by Vendor in your SIM-card (DES, 3DES, etc). You need to encrypt all data that goes after TAR. Also you need Kic (e.g. 8 bytes if DES in CBC mode is used) as key to encrypt the data.
suman jha
New member
Username: Sumanjha

Post Number: 2
Registered: 04-2012
Posted on Thursday, April 05, 2012 - 11:26 am:   

thanks Andrew ,

I have formed the packet that is mentioned bellow.

1) with smpp what will be User Data.
2) SMPP packet already having PID and DCS , so what value need to put for that.

can you please share one sample submit_sm packet having sim data download packet.

APDU Command(ENVELOPE)
A0 C2 00 00 5C D1 5A 02 02 83 81 06 06 91 54 52 97 99 99
(TPDU Tag,len,First Octet, OA , PID , DCS ,Time Stamp)
0B 4C 44 03 80 99 F9 7F F6 00 10 30 71 31 02 02
(User data len , header, CHL,SPI,KIC,KID,TAR and secure data)
3D 02 70 00 00 38 11 15 00 15 00 00 00 00 E1 69 4D A5 2F AC FD 0A 91 F5 49 18 93 83 57 B7 DF 19 8A AB A8 54 0C 7E 30 18 2B 55 EC D0 39 26 1F AB 7B 87 CD 81 29 6C AE CA D9 7A 59 CF 78 50
Andrew
New member
Username: Andrewru

Post Number: 16
Registered: 08-2010
Posted on Thursday, April 05, 2012 - 11:46 am:   

Here is Submit_sm from Wireshark with message to change SMSC in sim card over OTA
00 00 00 90 (Length)
00 00 00 04 (submit_sm)
00 00 00 00 00 00 00 02 (sequence)
00 (service type)
00 (Ton)
01 (Npi)
31 32 33 34 35 36 37 00 (Originator Address)
01 (Ton)
01 (Npi)
37 39 30 34 34 33 39 38 39 32 34 00 (Reciepent Address)
40 (Message mode, type, gsm)
7f (Protocol ID)
01 (Priority level)
00 (imm deliver)
00 (validity period)
01 (delivery options)
01 (delivery options)
f6 (data coding)
01 (predefined msg)
5d (length)

Message
02 70 00 00
58 (length)
0d (length)
04 00 (spi)
01 (kik)
01 (kid)
11 11 11 (TAR)
95 71 bb 74 52 9d 3c b8 83 ed ee d5 11 c8 9b f0
88 91 b7 23 92 7c ed e1 c1 28 78 ee 4f e8 fb 1f
f9 b2 7c c7 8c 9c aa fa 79 bd e0 ee d2 1e 99 3d
82 3a 22 9a 49 1b 36 df 6b 66 9b 57 37 07 34 b9
49 8e 69 31 d1 da 66 a2 ae 33 a1 b4 1e ec 4c e7
(this is block of encrypted data)
suman jha
New member
Username: Sumanjha

Post Number: 3
Registered: 04-2012
Posted on Saturday, April 07, 2012 - 05:35 pm:   

Hi Andrew,

Thank you very much.
so it is now clear that we need to send message text from header(02 70 00 ...).
I have encrypted the data with provided example by vendor.
can you please suggest any encryption tools/link that can give encrypted hex data.
Required encryption is Triple DES in outer CBC mode.

my email id is sumanjha.j@gmail.com , please send a test mail to me.

---
Thanks
Suman Jha
Andrew
New member
Username: Andrewru

Post Number: 17
Registered: 08-2010
Posted on Monday, April 09, 2012 - 12:58 pm:   

Hi, Suman
There are plenty of soft in web to make different encryption. Can not advice something particulary. I only have to mention that this software must encrypt exact bytes (not text).
suman jha
New member
Username: Sumanjha

Post Number: 4
Registered: 04-2012
Posted on Tuesday, April 10, 2012 - 12:53 pm:   

Thank you very much Andrew,

For changing IMSI command is
A0 A4 00 00 02 3F 00
A0 A4 00 00 02 7F 20
A0 A4 00 00 02 6F 07
A0 D6 00 00 09 08 69 95 30 00 90 05 00 00

and for changing EF_SMSP (6F42) (Path: 3F00 > 7F10> 6F42)
A0 A4 00 00 02 3F 00
A0 A4 00 00 02 7F 10
A0 A4 00 00 02 6F 42
Please help me to make the command to change EF_SMSP.

----
Thanks
Suman Jha
suman jha
New member
Username: Sumanjha

Post Number: 5
Registered: 04-2012
Posted on Tuesday, April 17, 2012 - 04:15 am:   

Hi Andrew ,

Plz provide me command to change SMSC without encryption. It will be a great help

---
Suman Jha
Andrew
New member
Username: Andrewru

Post Number: 18
Registered: 08-2010
Posted on Tuesday, April 17, 2012 - 04:20 am:   

It would be something like that:
A0A40000027F10 A0A40000026F42 A0DC010430FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5FFFFFFFFFFFFFFFFFFFFFFFF0791 9720900892F3FFFFFFFF00FFFF
suman jha
New member
Username: Sumanjha

Post Number: 6
Registered: 04-2012
Posted on Tuesday, May 08, 2012 - 07:08 am:   

Thanks a lot Andrew,

I formed the packet and changing the IMSI and SMSC address is reflecting in the SIM.

One more clarification , Encryption will be perform on
5 byte CNTR, 1 byte PCNTR , RC/CC/DS(0,4 or 8 bytes) ,Data(Command )

Can you please help me to calculate Redundancy Check (RC).

---
~Suman
suman jha
New member
Username: Sumanjha

Post Number: 7
Registered: 04-2012
Posted on Wednesday, May 09, 2012 - 09:43 am:   

Thank you very much for your support.
I have done it and encryption is also working without any tools.

---
Suman
Sergey Tarasov
New member
Username: Coderts

Post Number: 1
Registered: 08-2012
Posted on Wednesday, August 22, 2012 - 03:25 pm:   

Hi, Andrew.
Thank you very much for your explanation of this problem - it's really very usefull. But I need to change IMSI on several SIM-cards and have a question.

How to check that IMSI successfully changed on SIM-card via OTA? Maybe some information returns on sms delivery report?

Another ways of checking seem to be unsafe (maybe i'm mistaken):
1) Subscriber can't register in HLR which stores his old IMSI yet. So we can only change it on HLR and hope that IMSI was changed on SIM.
2) But if we change IMSI on HLR to new being not sure that it was changed on SIM, subscriber will be lost forever. Of course we can rollback it, but it's look like a cheat and doesn't solve all problems.

Thanks for the help.
Andrew
New member
Username: Andrewru

Post Number: 19
Registered: 08-2010
Posted on Thursday, August 23, 2012 - 03:36 am:   

If SIM card support PoR you can send commands to change IMSI with PoR flag enabled. PoR that returns from SIM card will contain answer of command executing. But PoR will not come back over SMPP. You can recieve PoR only if you connect to MSC via MAP.

>1) Subscriber can't register in HLR which stores his old IMSI yet. So we can only change it on HLR and hope that IMSI was changed on SIM.
>2) But if we change IMSI on HLR to new being not sure that it was changed on SIM, subscriber will be lost forever. Of course we can rollback it, >but it's look like a cheat and doesn't solve all >problems.

Yes, it's true. Even PoR can not be 100% garantied that IMSI on SIM card was changed. Because in PoR about half answers can not be recognized as successful or not. Don't know why, may be it is lack of OTA.
So, to achieve successful IMSI changing over OTA and do not kill the subscriber is not a trivial case.
You can work with subscriber manualy by warn him to call back if he can not register. And make roll back to an old IMSI in HLR.
Another way is to monitor Location Update in signalling. And if MSC(HLR) sends "IMSI Uknown" make changeover in HLR.
Sergey Tarasov
New member
Username: Coderts

Post Number: 2
Registered: 08-2012
Posted on Thursday, August 23, 2012 - 10:05 am:   

Thanks :)
I think that event of wrong-IMSI registration on HLR is enough to make a conclusion that IMSI was changed on SIM, so we can change it on HLR immediately.
Andrew
New member
Username: Andrewru

Post Number: 20
Registered: 08-2010
Posted on Thursday, August 23, 2012 - 10:21 am:   

Interesting event. What is the vendor of HLR? Can you see IMSI in this event? Does this event occurs when other PLMN subscriber wants to register?
Sergey Tarasov
New member
Username: Coderts

Post Number: 3
Registered: 08-2012
Posted on Monday, August 27, 2012 - 11:43 am:   

Sorry, but i don't know the vendor, because we are only on the project discussion step.
I'm not sure, but ENHANCED_CHECK_IMEI command (must be supported on MSC) seems to be the easiest way to check IMSI.

Yet another question... Am i right, that we can change IMSI and SMSC at the same time with one OTA-sms?
Andrew
New member
Username: Andrewru

Post Number: 21
Registered: 08-2010
Posted on Monday, August 27, 2012 - 11:51 am:   

I guess so. Didn't try to do that by one sms. But I think that if the length of commands does not exceed maximum length of common sms, then you can change IMSI and SMSC at the same time with one OTA-sms.
suman jha
New member
Username: Sumanjha

Post Number: 8
Registered: 04-2012
Posted on Tuesday, August 28, 2012 - 04:17 am:   

If new IMSI is not registered properly in HLR then you can't send any packet to that SIM , because SIM registration itself will fail.

if new IMSI registration is proper , you can get IMSI through many map packet such as Send Rounting Info for SM(SRI) , Any time interrogation(ATI), ENHANCED_CHECK_IMEI , etc...
Sergey Tarasov
New member
Username: Coderts

Post Number: 4
Registered: 08-2012
Posted on Wednesday, August 29, 2012 - 12:42 am:   

suman jha, as I see, ENHANCED_CHECK_IMEI is outgoing command from MSC (not incoming). The only one problem is that i'm not sure that it will be executed for unsuccessfull IMSI registration - if it will - we can immediately change IMSI on HLR after it and the next registration of subscriber with new IMSI will be successfull. Maybe i'm mistaken.
suman jha
New member
Username: Sumanjha

Post Number: 9
Registered: 04-2012
Posted on Wednesday, August 29, 2012 - 04:38 am:   

Hi Sergey Tarasov,

ENHANCED_CHECK_IMEI or CHECK_IMEI is map packet and If the IMEI is not available in the MSC or in the SGSN, it is requested from the MS and
transferred to the EIR in the service request.

This packet is used between VLR and the MSC and between the MSC and the EIR and between the SGSN and EIR to request check of IMEI.

So as per my understanding it is not related to IMSI.

To do any network transaction first SIM registration must be success.
Sergey
New member
Username: Coderts

Post Number: 5
Registered: 08-2012
Posted on Wednesday, August 29, 2012 - 10:20 am:   

Hi suman jha,
ENHANCED_CHECK_IMEI contains both IMSI and IMEI fields. I understand that this command was initially created for EIR-systems, but it's available to me by INAP - so i think, that it can be used for passive IMSI-checking.
Ravi Prakash
New member
Username: Raviprakashshahi

Post Number: 1
Registered: 09-2012
Posted on Wednesday, September 19, 2012 - 05:18 pm:   

Hi This is Ravi,
I want to catch the messages which go from Sim Toolkit, because these messages don't get saved in the outbox. Please Help me its very Important
fayçal
New member
Username: Photon

Post Number: 1
Registered: 09-2012
Posted on Tuesday, November 13, 2012 - 04:57 pm:   

Hi everyone !
It is nice to see people working on this issue (IMSI Update via OTA) as it's not a trivial one !
Ravi : If I got what you meant, you want to catch OTA Response SMS. As OTA is done via Class 2 SMS, they are not saved. You can make the entity that sends the Command Packet have an interface for receiving responses(SMS).
In our case, the response goes to our SMS-C which passes it to our OTA Server (in a VAS-like mechanism).

----

I also need some help in this IMSI Change via OTA process... We succeeded in changing IMSI (checked via some SIM Card reader). Response SMS (as stated in ETSI standards) is received correctly. All goes well up to this point.
The issue begins when we check which IMSI the subscriber has... It seems like the user equipment goes into some hybrid state when it is identified in the network using a different IMSI than what it has... We are not even sure if the terminal takes into account the new value of IMSI.

That said, the SIM Card can normally use any of the IMSIs tested. It's a multi-IMSI card. So, I think the configurations on the Inoformations System and HLR side are correct.

My questions are :
1) How can I make my phone reconnect using new IMSI ?

2) How can I make a terminal re-read what's on IMSI file ?

Thanks for your help, all !

I am also happy to anwser any of your questions :)

Regards,
Harry John
New member
Username: Harryjohn

Post Number: 1
Registered: 06-2014
Posted on Tuesday, June 03, 2014 - 06:03 am:   

Can i know how to create a binary data to change the voice mail number in SIM card through OTA. Need the answer urgently.
Abednorton
New member
Username: Emid

Post Number: 1
Registered: 09-2014
Posted on Monday, September 22, 2014 - 04:39 am:   

hi

how can i to get ki on the simcard?
can i get with simcard reader?
for OTA message , do i need to ki?
whats format OTA command message for set SMSC?
im a bit confused for this discution.
RAHUL KUMAR
New member
Username: Coolrahul28

Post Number: 1
Registered: 10-2015
Posted on Saturday, October 17, 2015 - 08:13 am:   

Hi,
I am working on updating IMSI. We have to use SPID as 0201 and KID value as 15 with no ciphering. this mean we need to calculate the Cryptographic Checksum(CC).

The SIM vendor has given ota key of 16 bytes and a sample from them shows CC for a particular packet and CC is of 8 byte there. But when i am applying the algo of 3des with 2 keys i am not able to generate the same CC as given in the sample. Had a brief discussion and they said to use

Please guide how to calculate the CC with the given 16 byte of OTA key and if you can give reference of same library/online tool that can be used.

Thanks for the help
Hassan Yeganeh
New member
Username: Hasanyeganeh

Post Number: 1
Registered: 01-2019
Posted on Sunday, January 06, 2019 - 11:52 am:   

hello guys
i need to calculate CC would you please help me how should i do it?

Add Your Message Here, or click here to create a new discussion topic.
Post:
Bold text Italics Underline Create a hyperlink Insert a clipart image
Posting Information:
This is a private posting area. Only registered users and moderators may post messages here.
Click here to create an account.
Username:
Password:
Options: Automatically activate URLs in message
Action:

Login Login / Register Logout Logout Search Last 30 Days Topics Topics