eSIM.me的eUICC卡
可以将带有 SIM 卡槽的Android设备变成兼容 eSIM 的设备的产品。将eSIM.me提供的eUICC卡插入安卓设备,通过Google Play商店安装eSIM.me app,作为控制eUICC的LPA
如果你有一个双 SIM 卡终端,有两个卡槽和两张 eSIM.me 卡,你可以让两个插槽都兼容 eSIM。
eSIM.me app(LPA )通过OMAPI来写卡
在下面的日志中,您可以看到如何使用 ISD-R AID (a0000005591010ffffffff8900000100) 打开逻辑通道
I/esim.me ( 5121): AndroidOmapiApi. Check isReaderAvailable : SIM1 I/SecureElement-Terminal-SIM1( 2133): ATR : 3b9f96803fc7828031e073fe211b57aa8660f0010004fb I/SecureElementService( 2133): openLogicalChannel() AID = a0000005591010ffffffff8900000100, P2 = 0 W/SecureElement-Terminal-SIM1( 2133): Enable access control on logical channel for esim.me I/SecureElement-AccessControlEnforcer( 2133): checkCommand() : Access = ALLOWED APDU Access = ALLOWED Reason = Unspecified I/SecureElement-Terminal-SIM1( 2133): Sent : 81cadf2000 I/SecureElement-Terminal-SIM1( 2133): Received : df20082618f36467f9a02d9000 I/SecureElement-AraController( 2133): Refresh tag unchanged. Using access rules from cache. I/SecureElement-AccessControlEnforcer( 2133): getAccessRule() appCert = 8d48ecfaf44c5752145ee28b3eb7429cc6627e98 I/SecureElement-AccessControlEnforcer( 2133): getAccessRule() appCert = a2afbbf5681bb26e40c8d69da6c72dd3a62cda7dbd74c5c2f26e7ff1fa819905 I/SecureElement-AccessRuleCache( 2133): findAccessRule() Case C REF_DO: AID_REF_DO: 4f00 Hash_REF_DO: c1148d48ecfaf44c5752145ee28b3eb7429cc6627e98 , com.android.se.security.ChannelAccess I/SecureElement-AccessRuleCache( 2133): [mPackageName=esim.me, mAccess=ALLOWED, mApduAccess=ALLOWED, mUseApduFilter=false, mApduFilter=null, mCallingPid=0, mReason=, mNFCEventAllowed=ALLOWED, mPrivilegeAccess=UNDEFINED] I/SecureElementService( 2133): openLogicalChannel() Success. Channel: 1
OMAPI 应该响应来自未经授权的应用程序的访问请求,但访问规则设置为只接受来自(包括)eSIM.me 应用程序的访问请求。
从下面的日志中可以看到eSIM.me的ARA-M中设置的访问规则的详细信息。
上述日志中eSIM.me应用程序签名的哈希值(SHA1:8d48ecfaf44c5752145ee28b3eb7429cc6627e98)在第二条规则中设置为完全权限(AID_REF_DO:4f00)
I/SecureElement-Terminal-SIM1( 2108): Sent : 81caff4000 I/SecureElement-Terminal-SIM1( 2108): Received : ff4081b4e222e1184f00c114a4ec39717cecd7f1e84e913b22b0555fe7dfdd8ae306d00101d10101e222e1184f00c1148d48ecfaf44c5752145ee28b3eb7429cc6627e98e306d00101d10101e222e1184f00c11446bcaf2247253f695f19d60eece158099fe52c62e306d00101d10101e222e1184f00c114fa4abb42827a0fbceb891ddc0d34f658c21ff88ce306d00101d10101e222e1184f00c11435cc639bb5826fde0d0ef088b0f20cb69f0c49ade306d00101d101019000 I/SecureElement-AccessRuleCache( 2108): Add Access Rule: REF_DO: AID_REF_DO: 4f00 Hash_REF_DO: c114a4ec39717cecd7f1e84e913b22b0555fe7dfdd8a , com.android.se.security.ChannelAccess I/SecureElement-AccessRuleCache( 2108): [mPackageName=, mAccess=ALLOWED, mApduAccess=ALLOWED, mUseApduFilter=false, mApduFilter=null, mCallingPid=0, mReason=, mNFCEventAllowed=ALLOWED, mPrivilegeAccess=UNDEFINED] I/SecureElement-AccessRuleCache( 2108): Add Access Rule: REF_DO: AID_REF_DO: 4f00 Hash_REF_DO: c1148d48ecfaf44c5752145ee28b3eb7429cc6627e98 , com.android.se.security.ChannelAccess I/SecureElement-AccessRuleCache( 2108): [mPackageName=, mAccess=ALLOWED, mApduAccess=ALLOWED, mUseApduFilter=false, mApduFilter=null, mCallingPid=0, mReason=, mNFCEventAllowed=ALLOWED, mPrivilegeAccess=UNDEFINED] I/SecureElement-AccessRuleCache( 2108): Add Access Rule: REF_DO: AID_REF_DO: 4f00 Hash_REF_DO: c11446bcaf2247253f695f19d60eece158099fe52c62 , com.android.se.security.ChannelAccess I/SecureElement-AccessRuleCache( 2108): [mPackageName=, mAccess=ALLOWED, mApduAccess=ALLOWED, mUseApduFilter=false, mApduFilter=null, mCallingPid=0, mReason=, mNFCEventAllowed=ALLOWED, mPrivilegeAccess=UNDEFINED] I/SecureElement-AccessRuleCache( 2108): Add Access Rule: REF_DO: AID_REF_DO: 4f00 Hash_REF_DO: c114fa4abb42827a0fbceb891ddc0d34f658c21ff88c , com.android.se.security.ChannelAccess I/SecureElement-AccessRuleCache( 2108): [mPackageName=, mAccess=ALLOWED, mApduAccess=ALLOWED, mUseApduFilter=false, mApduFilter=null, mCallingPid=0, mReason=, mNFCEventAllowed=ALLOWED, mPrivilegeAccess=UNDEFINED] I/SecureElement-AccessRuleCache( 2108): Add Access Rule: REF_DO: AID_REF_DO: 4f00 Hash_REF_DO: c11435cc639bb5826fde0d0ef088b0f20cb69f0c49ad , com.android.se.security.ChannelAccess I/SecureElement-AccessRuleCache( 2108): [mPackageName=, mAccess=ALLOWED, mApduAccess=ALLOWED, mUseApduFilter=false, mApduFilter=null, mCallingPid=0, mReason=, mNFCEventAllowed=ALLOWED, mPrivilegeAccess=UNDEFINED]
默认文件系统
即使在下载eSIM之前使用eUICC,也需要向终端端显示所需的最低文件系统。GSMA SGP.22规定应提供一个MF和极少量的EF,
但eSIM.me卡的默认文件系统还包括DIR、ICCID、IMSI、MSISDN等。它似乎是一个默认文件系统,
或者它被实现为一个默认配置文件。如果您请求一个处于空状态的配置文件列表,则会返回一个配置文件,
如下面的日志所示。
I/esim.me ( 5121): AndroidOmapiApi. execute APDU command :81E2910003BF2D00
I/SecureElement-AccessControlEnforcer( 2133): checkCommand() : Access = ALLOWED APDU Access = ALLOWED Reason = Unspecified
I/SecureElement-Terminal-SIM1( 2133): Sent : 81e2910003bf2d00
I/SecureElement-Terminal-SIM1( 2133): Received : 613e
I/SecureElement-Terminal-SIM1( 2133): Sent : 81c000003e
I/SecureElement-Terminal-SIM1( 2133): Received : bf2d3ba039e3375a0aXXXXXXXXXXXXXXXXXXXX4f10a0000005591010ffffffff89000012009f70010191076553494d2e6d6592076553494d2e6d659501019000
I/esim.me ( 5121): AndroidOmapiApi. received APDU response :BF2D3BA039E3375A0AXXXXXXXXXXXXXXXXXXXX4F10A0000005591010FFFFFFFF89000012009F70010191076553494D2E6D6592076553494D2E6D659501019000
I/esim.me ( 5121): Profile list object: profileInfoListOk: {
I/esim.me ( 5121): {
I/esim.me ( 5121): iccid: XXXXXXXXXXXXXXXXXXXX,
I/esim.me ( 5121): isdpAid: A0000005591010FFFFFFFF8900001200,
I/esim.me ( 5121): profileState: 1,
I/esim.me ( 5121): serviceProviderName: eSIM.me,
I/esim.me ( 5121): profileName: eSIM.me,
I/esim.me ( 5121): profileClass: 1
I/esim.me ( 5121): }
I/esim.me ( 5121): }
MCC / MNC 是 262/24
eUICC卡信息
作为参考,我还将在此处粘贴阅读 EuicInfo2 的日志。
I/esim.me ( 5121): AndroidOmapiApi. execute APDU command :81E2910003BF2200
I/SecureElement-AccessControlEnforcer( 2133): checkCommand() : Access = ALLOWED APDU Access = ALLOWED Reason = Unspecified
I/SecureElement-Terminal-SIM1( 2133): Sent : 81e2910003bf2200
I/SecureElement-Terminal-SIM1( 2133): Received : 617b
I/SecureElement-Terminal-SIM1( 2133): Sent : 81c000007b
I/SecureElement-Terminal-SIM1( 2133): Received : bf2278810302010282030202008303040200840d81010082040007701e830239b68503017f3a8603090200870302030088020490a916041481370f5125d0b1d408d4c3b232e6d25e795bebfbaa16041481370f5125d0b1d408d4c3b232e6d25e795bebfb8b010004030100000c0d45442d5a492d55502d303832329000
I/esim.me ( 5121): AndroidOmapiApi. received APDU response :BF2278810302010282030202008303040200840D81010082040007701E830239B68503017F3A8603090200870302030088020490A916041481370F5125D0B1D408D4C3B232E6D25E795BEBFBAA16041481370F5125D0B1D408D4C3B232E6D25E795BEBFB8B010004030100000C0D45442D5A492D55502D303832329000
I/esim.me ( 5121): - EUICC info 2 is: {
I/esim.me ( 5121): profileVersion: 020102,
I/esim.me ( 5121): svn: 020200,
I/esim.me ( 5121): euiccFirmwareVer: 040200,
I/esim.me ( 5121): extCardResource: 81010082040007701E830239B6,
I/esim.me ( 5121): uiccCapability: 011111110011101,
I/esim.me ( 5121): javacardVersion: 090200,
I/esim.me ( 5121): globalplatformVersion: 020300,
I/esim.me ( 5121): rspCapability: 1001,
I/esim.me ( 5121): euiccCiPKIdListForVerification: {
I/esim.me ( 5121): 81370F5125D0B1D408D4C3B232E6D25E795BEBFB
I/esim.me ( 5121): },
I/esim.me ( 5121): euiccCiPKIdListForSigning: {
I/esim.me ( 5121): 81370F5125D0B1D408D4C3B232E6D25E795BEBFB
I/esim.me ( 5121): },
I/esim.me ( 5121): euiccCategory: 0,
I/esim.me ( 5121): ppVersion: 010000,
I/esim.me ( 5121): sasAcreditationNumber: ED-ZI-UP-0822
I/esim.me ( 5121): }
SAS-UP的认证号是ED-ZI-UP-0822,貌似是中国一家叫“东信和平”的智能卡厂商生产的卡。
https://www.gsma.com/security/wp-content/uploads/2021/02/GSMA-SAS_UP-Certificate-Eastcompeace-Zhuhai-China-0822.pdf
原文: https://cheerio-the-bear.hatenablog.com/entry/2022/03/04/172109
SAS for UICC Production (SAS-UP)
SAS for Subscription Management (SAS-SM)
Security Accreditation Scheme (SAS)
The SAS-SM is defined only for activities within eSIM Remote Provisioning and Management:
eSIM life-cycle and processes in the scope of SM-SR
Profile life-cycle and processes in the scope of SM-DP and SM-DP+
SM-DS processes