# pySIM 写白卡流程

**pySIM 官方操作手册**：https://osmocom.org/projects/pysim/wiki

1、安装 libccid、pcscd 工具包

```
$ sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev python-pyscard
```

2、扫描白卡读写设备

```
$ pcsc_scan
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00

Mon Dec  9 21:10:21 2019
 Reader 0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00
  Card state: Card inserted,
  ATR: 3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5

ATR: 3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
+ TS = 3B --> Direct Convention
+ T0 = 9F, Y(1): 1001, K: 15 (historical bytes)
  TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
    250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
  TD(2) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
  TA(3) = C7 --> Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ Historical bytes: 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01
  Category indicator byte: 80 (compact TLV data object)
    Tag: 3, len: 1 (card service data byte)
      Card service data byte: A0
        - Application selection: by full DF name
        - BER-TLV data objects available in EF.DIR
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card with MF
    Tag: 7, len: 3 (card capabilities)
      Selection methods: BE
        - DF selection by full DF name
        - DF selection by path
        - DF selection by file identifier
        - Implicit DF selection
        - Short EF identifier supported
        - Record number supported
      Data coding byte: 21
        - Behaviour of write functions: proprietary
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 2
      Command chaining, length fields and logical channels: 13
        - Logical channel number assignment: by the card
        - Maximum number of logical channels: 4
    Tag: 6, len: 7 (pre-issuing data)
      Data: 43 20 07 18 00 00 01
+ TCK = A5 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
	sysmoUSIM-SJS1 (Telecommunication)
	http://www.sysmocom.de/products/sysmousim-sjs1-sim-usim

```

3、安装 pySIM 白卡读写软件

```
$ sudo apt-get install python-pip python-yaml
$ pip install -i https://pypi.tuna.tsinghua.edu.cn/simple pytlv
$ git clone git://git.osmocom.org/pysim pysim
$ cd pysim
```

4、读卡

```
$ ./pySim-read.py -p0
Using PC/SC reader (dev=0) interface
Reading ...
ICCID: 8988211000000318025
IMSI: 901700000031802
SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
PLMNsel: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
PLMNwAcT:
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused

OPLMNwAcT:
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused

HPLMNAcT:
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused

ACC: 0004
MSISDN: Not available
AD: 00000002
Done !
```

5、根据 UDM udm-ue-key.xml 中的 SUPI、Key、OPc，以及 USIM 自身的 ADM Key、ICCID 等信息写卡。

```bash
# USIM1
# supi: 466920100001101
# key: 12 34 56 78 90 12 34 56 78 90 12 34 56 78 90 12
# OPc: 21 2E 3B 94 27 9C B0 F8 09 5A 55 E8 EF 55 69 F7
# ADM Key: 55427724
# ICCID: 8988211000000350168
./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 55427724 -x 466 -y 92 -i 466920100001101 -s 8988211000000350168 -o 212E3B94279CB0F8095A55E8EF5569F7 -k 12345678901234567890123456789012

# USIM2
# supi: 466920100001102
# key: 12 34 56 78 90 12 34 56 78 90 12 34 56 78 90 12
# OPc: 21 2E 3B 94 27 9C B0 F8 09 5A 55 E8 EF 55 69 F7
# ADM Key: 64538902
# ICCID: 8988211000000350176
./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 64538902 -x 466 -y 92 -i 466920100001102 -s 8988211000000350176 -o 212E3B94279CB0F8095A55E8EF5569F7 -k 12345678901234567890123456789012

# USIM3
# supi: 466920100001103
# key: 12 34 56 78 90 12 34 56 78 90 12 34 56 78 90 12
# OPc: 21 2E 3B 94 27 9C B0 F8 09 5A 55 E8 EF 55 69 F7
# ADM Key: 19250183
# ICCID: 8988211000000350184
./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 19250183 -x 466 -y 92 -i 466920100001103 -s 8988211000000350184 -o 212E3B94279CB0F8095A55E8EF5569F7 -k 12345678901234567890123456789012
```