10

I was already worked with smart cards and I am familiar with APDU commands (that are defined in ISO/IEC 7816 and Global Platform specifications).

Now I want to know if there is any way to send an APDU command to my USIM/SIM card that is inserted to my mobile phone? (Samsung A3 with Android v4.4.4 kitkat installed.)

I already searched in the Google and I found some related topics and tools named SIM Toolkit Application and Seek for Android. But I don't really understand what are these? Are these items two applications that I must install on my mobile phone? or are those two tools that was installed on the USIM/SIM card already and receive commands from the mobile phone?

What is the difference between Proactive commands , APDU commands and AT commands?

Should I learn android to develop SIM card applications or I just need Java Card specifications and ETSI standards?

Thanks in advance.

MJay
  • 987
  • 1
  • 13
  • 36
Jean
  • 687
  • 1
  • 9
  • 25

2 Answers2

14

There can be two different types of applets present on your SIM card.

Common applets

Common applets written in plain JavaCard. This is the type of applet you are used to from the world of common smart cards. It has the process method and smart card is the passive subject in the communication: your app sends APDU commands and the card responses.

You can communicate with these applets using a special set of Android libraries called SEEK for Android. Have a look at this tutorial to learn how to create such a phone application.

Starting on API level 21 there is also a way to communicate to SIM using Telephony Manager. However, there is one huge obstacle: your app needs MODIFY_PHONE_STATE permission, which can be granted only to system apps. A reqular, non-system app isn't allowed to use it.

SIM Toolkit Applets

A SIM card is much more than just a common smart card and writing an applet for a SIM card can be much more complicated than for a common smart card if you want to use all the possibilities the SIM card offers. I recommend you to read this paper - it is someone's bachelor thesis, but it is the best overview for a beginner I have found all over the Internet. I also recommend this video from the DefConn conference.

The role of the applet loaded on the SIM card is different: the applet is no longer a passive entity. The phone asks your applet regularly: "Is there anything new I can do for you?" and your applet can reply: "Yes, send this SMS, please" or "Tell me what time it is" etc. Moreover, your applet can become a listener of some events: incoming call, received SMS, time interval elapsed etc. Yes, the SIM card seems to be passive from the technical point of view, but its role is in fact an active one: it is the SIM card who sends commands to the phone.

These commands are called "proactive commands" or SIM Application Toolkit commands. Structure is the same - CLA INS P1 P2 LC data LE; the meaning is different.

You can send them from your applet using classes in a special JavaCard package called sim.toolkit.

(SIM Application Toolkit is a standard that specifies the proactive commands in the same way Global Platform specifies the applet's lifecycle.)

Example of SIM Toolkit applet:

import sim.toolkit.ToolkitInterface;
import sim.toolkit.ToolkitRegistry;
...
import javacard.framework.ISOException;

public class STKTest extends Applet implements ToolkitInterface {

public static void install(byte[] bArray, short bOffset, byte bLength) {
    // GP-compliant JavaCard applet registration
    new STKTest().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
}
//this method handles standard APDU commands
public void process(APDU apdu) {
    // Good practice: Return 9000 on SELECT
    if (selectingApplet()) {
        return;
    }

    apdu.setIncomingAndReceive();
    final byte[] buf = apdu.getBuffer();
    switch (buf[ISO7816.OFFSET_INS]) {
    case (byte) 0x00:
        //do something
        break;
    }
}
//this method handles the SIM Toolkit commands
public void processToolkit(byte event) throws ToolkitException {
    switch (event) {

    case ToolkitConstants.EVENT_TIMER_EXPIRATION:
        //do something
        break;
    }
}

}

Yes, you should learn Android - you will need it to use the SEEK library. Your question is very broad, please ask me for any details, if you want.

vojta
  • 5,591
  • 2
  • 24
  • 64
  • Thanks dear vojta. **1-** So, _SEEK for Android_ is a library that I use to write applet for my mobile set (and not for SIM/USIM) to communicate with the applets on the USIM/SIM, right? **2-** Do you have any idea what is _SIM Toolkit Applicatin_ (aka STK)? – Jean May 20 '15 at 04:18
  • Are Proactive commands similar with regular APDU commands? I mean does they have a 4 byte mandatory header containing CLA,INS,P1 and P2? or they are totally different? – Jean May 20 '15 at 04:22
  • In the section 1 you emphasized that common smart cards are passive role in the communication. that's right. but does that mean that USIM/SIM cards can have a active role in communication with the phone or they also wait for commands always and they can't start a communication? you said that phone asks the applet regularly "Is there anything new I can do for you?"(**the same application that is written using SEEK for android library?**) and the applet on the SIM respond to it. so the SIM is passive yet. is not it? – Jean May 20 '15 at 04:43
  • I know these are a lot of questions, but I'm a little confused and I really need your guidance. I appreciate your time and your consideration. :) There is one more question and I will ask it later. thanks in advance again. – Jean May 20 '15 at 05:13
  • Dear vojta, May we have a short conversation here please? http://chat.stackoverflow.com/rooms/78277/sim-applications-development – Jean May 20 '15 at 06:09
  • Thanks for the link to SEEK. However, as I understand the docs, it requires running a modified Android build, correct? Can I thus infer that stock Android lacks the mechanisms for (or even actively prevents) this kind of low-level SIM access? – user149408 Aug 05 '15 at 11:16
  • @user149408 Hi! No, you do not need a modified Android build. Your app needs to be built with a special SDK and there must be a few special libraries provided by the vendor of your phone, that is all. I used SEEK successfully with a standard Sony Xperia L with no extra modifications, for example. – vojta Aug 05 '15 at 11:22
  • @vojta thanks for the clarification. In the meantime I found out that Android's telephony manager now also has methods to send commands to the SIM card, but they require API level 21 (Lollipop) or higher. – user149408 Aug 05 '15 at 13:57
  • @user149408 Wow, that is interesting! Could you please post a link to what you found? So I could update my answer. – vojta Aug 05 '15 at 13:59
  • @vojta http://developer.android.com/reference/android/telephony/TelephonyManager.html#iccTransmitApduBasicChannel%28int,%20int,%20int,%20int,%20int,%20java.lang.String%29 – user149408 Aug 05 '15 at 14:04
  • @Jean, you will find more details about proactive commands in ETSI 102.223 (toolkit) – Bjoern May 27 '16 at 12:48
  • Thanks to all, I have a question. In tutorial link i saw," The development phone is flashed with SmartCard API", does each handset has to flashed to install smartcard api app? – Mohsen Gorgani Nov 29 '17 at 07:59
  • Hi dear Vojta, I hope all is well. Sorry for asking questions in comments. This is a temporary comment. Do you have any idea about sending APDU commands to Javacards in POS devices? I need to have a secure communication between my applet and a POS device and I also want to install applets on Javacards using POS devices. Is there any library for that (Handing SCP01 secure channel communication and installing applets)? (The POS is from Ingenico Corp) – Ebrahim Ghasemi Aug 24 '19 at 07:38
6

Starting on API level 22 (Android 5.1) there is another Option called "Carrier Privileges". It allows non-system apps to send APDUs to the SIM card using Android TelephonyManager. See: https://developer.android.com/reference/android/telephony/TelephonyManager.html#hasCarrierPrivileges()

For example mobile network operator (MNO) Apps that are distributed on Google Play can use this. But again it's not open for everybody. In this case you need to be granted access by the SIM. The Access Rules on the SIM are managed by the MNO who issued it. See also: http://source.android.com/devices/tech/config/uicc.html

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Sirie A.
  • 61
  • 1
  • 2