EAP-SIM on a mobile phone
Following its roll-out as a new authentication method to the WiFi community network of a major mobile operator in France in 2012, EAP-SIM has attracted quite some attention over there.
Yet the limited level of support of this technology in mobile devices available on the market has left many users struggling to get it to work effectively.
EAP-SIM is supported on the iPhone and the iPad since iOS 5 — and there are reports that it can be made to work on iOS 4.
On the other hand, it has taken Google 3 years to acknowledge and react to the lack of official EAP-SIM support on Android. After hundreds of sometimes infuriated messages, it looks like they started to work on implementing it in June 2013!
In Google’s defense, one can say that EAP-SIM can work on Android — as long as your phone manufacturer or mobile operator has implemented it in the phone’s software.
Still, it is unacceptable that Google’s Android flagship devices, the Nexus family, don’t support EAP-SIM natively.
Especially when there isn’t much work to do to implement properly.
Windows Phone 8+ and BlackBerry are reported to support EAP-SIM as far as I could gather.
EAP-SIM on a desktop computer
But this article isn’t about EAP-SIM on mobile devices. Instead it will show how to connect to a WiFi network using EAP-SIM on a desktop computer running Linux.
Hardware
The requirements are:
- a SIM card of an operator supporting EAP-SIM (e.g. Free)
- a computer with a WiFi adapter
- a SIM card reader (or “smartcard reader”)
I suppose that items 1. and 2. are already in your possession.
Regarding the SIM card reader, many models can be used, ranging from high-end devices to dirt cheap readers.
Let’s say that we want to do this experiment on a shoestring: we’ll settle on a $2 SIM card reader that is just good enough.
Go to eBay and grab one of these transparent blue SIM readers (don’t know if the other models are compatible).
This is a very low-tech smartcard reader, based on the so-called Phoenix architecture. Because of — or in spite of — this simplicity, it can be quite tricky to get it to work at times. (Or is it the OpenCT driver that is at fault?)
Wait for a couple of weeks for the little package from eBay to arrive and now you’ve got everything needed to proceed 🙂
Software
First, we’ll set up the software for the SIM card reader:
- Install the following packages (on Ubuntu):
openct pcscd pcsc-tools libpcsclite-dev libnl-dev
- Plug in the SIM reader and run dmesg to determine the associated TTY:
[85418.604327] usb 7-2: new full-speed USB device number 2 using uhci_hcd [85419.040763] USB Serial support registered for pl2303 [85419.040824] pl2303 7-2:1.0: pl2303 converter detected [85419.052517] usb 7-2: pl2303 converter now attached to ttyUSB0 [85419.052552] usbcore: registered new interface driver pl2303 [85419.052556] pl2303: Prolific PL2303 USB to serial adaptor driver
- Add this piece of configuration to /etc/openct.conf (with the right TTY device):
reader phoenix { driver = phoenix; device = serial:/dev/ttyUSB0; }; - Restart OpenCT:
/etc/init.d/openct restart
- Insert the SIM card into the reader and check that it is correctly detected by OpenCT:
root@desktop:~# openct-tool atr Detected Phoenix reader Card present, status changed ATR: 3b 9f 95 80 1f c7 80 31 e0 73 fe 21 1b 64 07 54 61 00 82 90 00 f0
- Check that it is also correctly detected by PCSC-Lite:
root@desktop:~# pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr> Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: OpenCT 00 00 Wed Aug 28 17:55:25 2013 Reader 0: OpenCT 00 00 Card state: Card inserted, ATR: 3B 9F 95 80 1F C7 80 31 E0 73 FE 21 1B 64 07 54 61 00 82 90 00 F0
At this point, you’ve confirmed that your $2 SIM reader works fine on your computer. Let’s continue to the core of the EAP-SIM set-up: the so-called “WPA supplicant”, which handles all the WiFi authentication phases.
- Download the latest release of hostapd:
user@desktop:~$ wget http://hostap.epitest.fi/releases/hostapd-2.0.tar.gz
- Extract the archive and and go the the wpa_supplicant folder:
user@desktop:wpa_supplicant$ cp defconfig .config
- Edit the newly created .config file so that it contains:
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) CONFIG_EAP_SIM=y # PC/SC interface for smartcards (USIM, GSM SIM) # Enable this if EAP-SIM or EAP-AKA is included CONFIG_PCSC=y
- Build the WPA supplicant program:
user@desktop:wpa_supplicant$ make
- Create a configuration file wpa_supplicant_eap-sim.conf, with the correct PIN number:
cred={ imsi="none" # anything but blank value } network={ ssid="FreeWifi_secure" key_mgmt=WPA-EAP IEEE8021X eap=SIM pin="1234" pcsc="" } - Disconnect from any WiFi network, make sure that no other wpa_supplicant is running on your computer at the same time and run (wlan0 being the WiFi interface):
root@desktop:wpa_supplicant# iwconfig wlan0 essid "FreeWifi_secure" && ./wpa_supplicant -i wlan0 -c wpa_supplicant_eap-sim.conf
- On the output, you will see that it worked correctly if it says:
Successfully initialized wpa_supplicant wlan0: Trying to associate with xx:xx:xx:xx:xx:xx (SSID='FreeWifi_secure' freq=2417 MHz) wlan0: Associated with xx:xx:xx:xx:xx:xx wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started EAP: buildIdentity: identity configuration was not available wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=18 wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 18 (SIM) selected wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully wlan0: WPA: Key negotiation completed with xx:xx:xx:xx:xx:xx [PTK=CCMP GTK=TKIP] wlan0: CTRL-EVENT-CONNECTED - Connection to xx:xx:xx:xx:xx:xx completed (auth) [id=0 id_str=]
- On another terminal, run a DHCP client for the WiFi interface:
root@desktop:~# dhclient wlan0
Ta da, success!
You’re now connected to the FreeWifi_secure network, with an IP address giving access to the Internet.
Total cost: $2 for the SIM reader + €2 per month for the mobile phone subscription.
Oh No! More Gadgets 
could it work also with the integrated 3g modem as a smartcard reader?
Thank you so much ! Super useful !
How to setting EAP-sim with usb broadband modem?
You have to use a SIM card reader which is supported by PC/SC lite, either directly or via OpenCT.
I don’t think USB modems qualify as they probably don’t expose their SIM card reader to the USB host.
The SIM is necessary all the time or not? Can I authenticate and the put the sim back on my phone?
Does this work on raspberry pi?
Please help!!
I reckon that the remote EAP-SIM authenticator will periodically ask to renew the authentication.
So you have to have a dedicated SIM in practice.
As for the question whether it works on a Raspberry Pi: yes, it does, simply run Linux on it and install the required packages.
Hello, thanks for your help, I got the adapter, I am at point 5, but on point 6 I am stuck at:
pcsc_scan
PC/SC device scanner
V 1.4.20 (c) 2001-2011, Ludovic Rousseau
Compiled with PC/SC lite version: 1.8.3
Using reader plug’n play mechanism
Scanning present readers…
Waiting for the first reader…
dmesg: usbcore: registered new interface driver usbserial
[ 293.103520] usbcore: registered new interface driver usbserial_generic
[ 293.103642] usbserial: USB Serial support registered for generic
[ 293.108591] usbcore: registered new interface driver pl2303
[ 293.108771] usbserial: USB Serial support registered for pl2303
[ 293.108914] pl2303 1-1.4:1.0: pl2303 converter detected
[ 293.115223] usb 1-1.4: pl2303 converter now attached to ttyUSB0
any ideas? Thanks again
How about making it work without the reader?
What I have in mind is extracting some sort of password from the SIM card and then using some emulator to make it work. The first question is whether it is possible in principle. That is, whther the necessary data can be extracted from the SIM. If yes then the second question would be how.
(It’s not 2$ that is the problem, it’s the fact that I have to take it out of the phone.)
No, you definitely can’t “extract” any secret from the SIM card, that’s exactly the purpose of this “security token”.
Or ask the NSA / GCHQ for the Ki secret key for your SIM card, I’m pretty sure that they have it — in addition to your telecom operator 🙂
As I said to Michael previously, in practice the EAP-SIM WPA supplicant needs to have a direct access to the SIM, in order to send the proper APDU commands.
In theory, one could think of the phone acting as a “SIM proxy”, relaying APDU to/from an external component.
The Bluetooth SIM Access Profile (aka SAP, SIM, rSAP) would be a perfect match for this task. Unfortunately, hardly any phone support this Bluetooth profile.
I have an idea how to overcome that (using some kind of *hardware* SIM proxy) but i don’t have the time to work on this.
For the record, I do confirm that a SAP-enabled phone *can* be used to authenticate to a EAP-SIM network.
So the SIM card doesn’t have to leave your phone, as you mentioned @xi.
Test environment: homemade PS/SC driver for pcsclite, connected to a Nokia C1-01.
The source code of the driver still has rough edges but it worked as a proof of concept!
Hi gadgetlemming,
I’m trying to configure a Raspberry to acces FreeWifi_secure. Its the second SIM Reader I buy but the dont seem to support PCSC-Lite.
I can acces then with “openct-tool attr” but not with pscs_scan.
Can you give me the exact type of reader you bought please?
Than you for this tuto and best regards
Hi! I think we have the same problem, maybe its something about the config of that tool, but I didnt found anything useful on the internet.. 😦
To get the card working with pcsc_scan you have to uncomment the following lines in /etc/reader.conf.d/reader.conf:
#FRIENDLYNAME “OpenCT”
#DEVICENAME /dev/null
#LIBPATH /usr/lib/openct-ifd.so
#CHANNELID 0
Change DEVICENAME to the correct tty (i.e.: /dev/ttyUSB0).
Do all of this before restarting openct (step 4) or restart openct afterwards.
Thats what I had to do on a Ubuntu 14.4.1.
Also there are two different kind of ~$2 transparent blue sim card readers on ebay: One is dark blue and the other is light blue. I ordered both of them, the dark one is working with exactly the same output as in this tutorial. The lighter one did not arrive until now.
Thanks a lot LesPetitesSuisse for this info. Now I can read my Sim card with PCSClite without problem.
Hi, I only have a /etc/reader.conf.d/openct file, i uncommented and set the config, and restarted openct but nothing happened, also tried creating a file reader.config… the file says : To enable it, uncomment the lines below
# and run update-reader.conf
” but I have no update-reader.conf tool installed
Could you say to me if the dark blue Sim card reader is this one here: http://m.ebay.fr/itm/All-In-One-USB-Memory-Card-Reader-Micro-SD-SDHC-MMC-TF-Sim-Card-Adapter-For-PC-/252378153768?nav=SEARCH
Please? Cordially.
What’s this dark blue sim reader? Do you have a link, please? 😉 Cordialy.
I try with my 2 sim:
# openct-tool atr
Detected Phoenix reader
Card not present
ATR: 3b 18 11 e4 43 01 10 09 05 07 77
# openct-tool atr
Detected Phoenix reader
Card not present
ATR: 3b 7d 94 00 00 57 44 53 26 50 86 93 00 00 00 00 00 00
Give me “Card not present” message
There are some other configuration I miss?
check comment 35 I wrote below, I didn’t see more than two persons (including me) got the problem …
Hi all,
I’ve configured a Raspberry to acces FreeWifi_secure. If you want I can send you a doc (in french) which explain all steps to do that.
Just ask me!
Hey i’m intersting in (i’m french too !)
I’m trying to do this with ubuntu, and then with my OpenWRT Box, so can we exchange ?
My mail is bopnrgibox at removebeforesend_gmail.com
Thanks
Hello,
Yes i’m interested please 🙂
david_poirriere@outlook.fr
Hello, it would be better for in English, but even in french its ok!! Please post a link here!! Thank you!!
You can also send it here free.rasp@yahoo.it if is simpler for you! Thanks again!!
Hi can you please send french explain of this ? thanks
Yes, but where?
Hey could you send it also to me please
davide.zito93@libero.it
Thanks a lot
Hi.
Could you please, send me the doc in french ?
Thank you very much.
waNNMm[at]openmailbox[dot]org
(remove NNM)
Hi i’m very interested too! I am also french. Could you send the doc to cbeuret(at) orange(point)fr ?
It would be really great!
Thanks
Hi,
Could i get the doc for the RPi as well ? cbeuret(at)orange(dot)fr is my mail adress.
Thanks
Hi
Could i get the doc about the RPi too ? cbeuret(at)orange(dot)fr
Thank you
Another request for the document: fb_account2@outlook.com
Thanks
Hello, I’m interested too! Here is my email : beauretlouis@gmail.com
Hi,
Could you please send a copy to me too.
Thank you.
striker_o (at) yahoo (dot) com
Hello. Yes, I would like it!!!!
Thanks.
simone[dot]zampini[dot]fr[at]gmail[dot]com
Hi Argonat,
I am very interested as well in this tutorial, would it please be possible to forward it to me too ? 🙂
elierpoub[at]gmail[dot]com
@Michael: if you got the same card I got, there’s a bug in the card reader: it doesn’t report the SIM inserted even when it is and it can be read. Maybe it’s the driver, but I suspect it’s some wire not connected on the chip. I had to patch openct to force it to always report the card as inserted. Here’s the patch I made last year (sorry you’ll have to figure it out from this, and have the whitespaces corrected). Worked perfectly after (but you have to insert the SIM, restart openct, then restart pcscd then continue with wpa_supplicant ):
— openct-0.6.20/src/ifd/ifd-smph.c.old 2007-06-21 09:20:36.000000000 +0200
+++ openct-0.6.20/src/ifd/ifd-smph.c 2014-06-19 21:51:51.679347762 +0200
@@ -233,7 +233,9 @@
return -1;
*status = 0;
– *status |= ((tmp & TIOCM_CTS) != TIOCM_CTS) ? IFD_CARD_PRESENT : 0;
+/* HACK: always return card present to work around hardware defect */
+/* *status |= ((tmp & TIOCM_CTS) != TIOCM_CTS) ? IFD_CARD_PRESENT : 0; */
+ *status |= IFD_CARD_PRESENT;
return 0;
}
You patched the c file and I guess you had to rebuild openct again. Did you miss that in the instructions?
Did you have problem running wpa_supplicant without this patch or this patch is just to remove the print “Card not present” before responding ATR?
Used at the time Debian wheezy. openct doesn’t appear to be available on newer Debian (jessie). Shouldn’t be a problem with Ubuntu if the package exists. The patch is really a one liner telling to anything that queries openct (applications too) that the card is always inserted. Else pcscd (querying openct, and in turn queried by wpa_supplicant) will tell there’s no card on my device so EAP-SIM will obviously fail.
I rebuilt the package the usual debian way (well there’s more that one way so…).
Of course you have to have the package sources repositories updated if Ubuntu doesn’t have it. Then:
as root:
apt-get build-dep openct
as normal user:
apt-get source openct
cd openct-0.6.20
dch -i # to bump the package version avoiding reinstallation of the official package. This command is part of the devscripts package.
dpkg-buildpackage -us -uc -b -rfakeroot
as root again: dpkg -i ../openct_*.deb
This patch is independent of anything needed for wpa_supplicant (at the time I had to rebuild it too I think following more or less the instructions on this thread)
@Adel, Thank you very much for your reply. I manage to install the patch the with instructions you have given below. After your patch and @LesPetitesSuisse fix in /etc/reader.conf.d/openct, it was possible to perform pcsc_scan.
The pcsc_scan print do not who prompt unless i press CTRL+C. Please let me know if it is normal?
I see other problem with this SIM card reader that if we remove and insert then nothing work even will kill openct and pcscd. The only way I found that purge and autoremove all the packages and restart the PC and then follow the instructions again.
Now, I also get error while after using iwconfig with wpa_supplicant with eap-sim but that be related since I am using my own enterprise authentication with my own SIM triplets not the freewifi that you are using.
iwconfig wlan0 essid “myinterprise_wifi” && ./wpa_supplicant -i wlan0 -c wpa_supplicant_eap-sim.conf
I want to know how can I debug openct and pcsc tools and pcscd source. I think then I can try fixing the problems reading with these SIM card readers and also know more about my setup.
Thanks.
Hi @gadgetlemming, thank you for this article! Along with your comment about SIM Access Profile, this is exactly what I hoped could be done. Did you publish your experimental PC/SC driver somewhere? I’d like to do the same with my Nokia… Thanks again and please continue blogging, this is nice.
Hi Vincent, sorry for getting back to you so late. Yeah, I do intend to publish it, but that’s only a proof of concept for the moment.
Hi @gadgetlemming! Whatever the state of your code, I hope it can give me food for thought.
Hi @gadgetlemming. i live in France (but am English) and would love to set this up but technically this looks to be rather beyond my technical expertise. I was wondering if you know of a pre-configured commercial WiFi modem that could be used to achieve this? Alternatively can you see any problem with buying a cheap mobile phone that supports EAP and using that in conjunction with the 2€ free.fr subscription?
PS And setting the phone up as a Mobile Hotspot.
I am facing the problem on Ubuntu 12.04 LTS 64 bit as Michael is facing here. Which Ubuntu version did you use?
Same problem on Ubuntu 14.04.3 LTS 64 bit as Michael is facing here. Which Ubuntu version did you use? I guess you did not use sudo with the command then you have perhaps used other distribution.
Anyone have tested with “SFR WiFi Mobile” ?
could it work also with the integrated 3g modem as a smartcard reader?
Pingback: SIM reader issue - ubuntutextbook