Looking for someone to test some new code (in master branch).
Someone [1] has claimed to of decompiled a SIM validation program to
figure out the algorithms for Comp128-2 and Comp128-3.
The reason why this is particularly useful, is because Comp128-1 is
horribly broken, and versions 2 and 3 which are meant to be more secure
were not released to the public domain.
The only way you could properly (with a randomly generated challenge)
authenticate SIMs using Comp128-2 and Comp128-3 was with a commercial
AuC (Authentication centre) which cost $$$$$/$$$$$$.
To try out the code, you need to know the Ki of a SIM. You can then set
attributes:
control:EAP-Sim-Ki to the 64bit Ki value and
control:EAP-Sim-Algo-Version (to 1, 2 or 3).
which rlm_eap_sim will then use in preference to the normal triplets.
As part of these changes, the other SIM triplets will now be looked for in
the control list, whereas they were previously looked for in the reply list.
update control {
EAP-Sim-RAND1 := &reply:EAP-Sim-RAND1
EAP-Sim-RAND2 := &reply:EAP-Sim-RAND2
EAP-Sim-RAND3 := &reply:EAP-Sim-RAND3
EAP-Sim-SRES1 := &reply:EAP-Sim-SRES1
EAP-Sim-SRES2 := &reply:EAP-Sim-SRES2
EAP-Sim-SRES3 := &reply:EAP-Sim-SRES3
EAP-Sim-Kc1 := &reply:EAP-Sim-Kc1
EAP-Sim-Kc2 := &reply:EAP-Sim-Kc2
EAP-Sim-Kc3 := &reply:EAP-Sim-Kc3
}
Will fix up any existing configurations if you want to use the code from the
master branch (which will become 3.1).
If no one comes forward for testing, then i'll buy the hardware and do it
myself,
just if someone works at a telecoms provider, id imagine it'd be pretty easy to
get hold of a test SIM, and Ki.
Note: Comp128-4 (milenage) is still unknown (please contact one of the
developers
if you have access to it's specification), but just algorithms 1-3 are still
useful.
[1] http://www.hackingprojects.net/2013/04/secrets-of-sim.html
Arran Cudbard-Bell <a.cudba...@freeradius.org>
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
