getting MAC failure using osmo-sim-auth for 3G/USIM authentication

Discussion:

Rupert Lloyd

2013-03-09 21:45:29 UTC

Good Afternoon,

I am trying to perform USIM/3G authentication using osmo-sim-auth and ran
into the same problem as Stefanos:
http://lists.osmocom.org/pipermail/simtrace/2012-November/000406.html

I followed Benoit's advice to view the details as follows (using the inputs

rand_bin = stringToByte(a2b_hex('00000000000000000000000000000000'))
autn_bin = stringToByte(a2b_hex('ec9320c2c2000000e1dd22c1ad3e2d3d'))
u.authenticate(RAND=rand_bin, AUTN=autn_bin,ctx='3G')
u.coms()

From TS 31.102, section 7.3.1 it looks like this means a MAC failure (0x98

0x62)

Can anyone point me to a resource for computing parameters with a valid MAC?

Thanks for your attention,

Rupert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/simtrace/attachments/20130309/0c3ddcad/attachment.html>

benoit michau

2013-03-11 17:25:17 UTC

Permalink

Hello,
to perform a 3G authentication with a USIM, you need to know the
authentication key K and counter SQN within the USIM.
RAND / AUTN generation is explained in TS 33.102, section 6.3.

Post by Rupert Lloyd
Good Afternoon,
I am trying to perform USIM/3G authentication using osmo-sim-auth and ran
http://lists.osmocom.org/pipermail/simtrace/2012-November/000406.html
I followed Benoit's advice to view the details as follows (using the inputs

['INTERNAL AUTHENTICATE apdu: 00 88 00 81 22 10 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 10 EC 93 20 C2 C2 00 00 00 E1 DD 22 C1 AD 3E 2D 3D',
'sw1, sw2: 98 62 - undefined status',
(152, 98),
[]]
From TS 31.102, section 7.3.1 it looks like this means a MAC failure (0x98
0x62)
Can anyone point me to a resource for computing parameters with a valid MAC?
Thanks for your attention,
Rupert

Lukas Kuzmiak

2013-03-11 18:05:08 UTC

Permalink

Hey there,

why would he need K? He's calling Authenticate APDU on the SIM directly.

however, where did you get your AUTN data? 3G authentication is supposed to
be mutual, you have to pass AUTN coming from the correct network, otherwise
the SIM rejects to Authenticate you to the "spoofed" network. Isn't this
your problem?

Cheers!
Lukas

Post by benoit michau
Hello,
to perform a 3G authentication with a USIM, you need to know the
authentication key K and counter SQN within the USIM.
RAND / AUTN generation is explained in TS 33.102, section 6.3.

inputs

Post by Rupert Lloyd

['INTERNAL AUTHENTICATE apdu: 00 88 00 81 22 10 00 00 00 00 00 00 00 00

Post by Rupert Lloyd
00 00 00 00 00 00 00 10 EC 93 20 C2 C2 00 00 00 E1 DD 22 C1 AD 3E 2D 3D',
'sw1, sw2: 98 62 - undefined status',
(152, 98),
[]]
From TS 31.102, section 7.3.1 it looks like this means a MAC failure

(0x98

Post by Rupert Lloyd
0x62)
Can anyone point me to a resource for computing parameters with a valid

MAC?

Post by Rupert Lloyd
Thanks for your attention,
Rupert

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/simtrace/attachments/20130311/061629ba/attachment.html>

Rupert Lloyd

2013-03-11 18:45:41 UTC

Permalink

Post by Lukas Kuzmiak
why would he need K? He's calling Authenticate APDU on the SIM directly.
however, where did you get your AUTN data? 3G authentication is supposed
to be mutual, you have to pass AUTN coming from the correct network,
otherwise the SIM rejects to Authenticate you to the "spoofed" network.
Isn't this your problem

Yes - I was naively using the input vector from the example on
http://openbsc.osmocom.org/trac/wiki/osmo-sim-auth to see what happened (I
am new at this!)

Having read through the specs I think that I understand - the vector needs
to be synchronized with the USIM's stored value of SQN and the MAC will be
generated using an operator-specific variant of f1

Is that correct?

Rupert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/simtrace/attachments/20130311/5df6332b/attachment.html>