Ichwan Sontani

SIM Access Control Class

2012-01-26T15:50:00.001+07:00

Access between the Mobile Phone and GSM Network can be controlled through the SIM Card. There is one file inside the SIM named EF ACC 6F78 (Access Control Class) which contain parameters to control this.

15 classes are defined inside this file. The first 10 classes are randomly allocated for normal subscribers, the rest 5 classes are allocated for specific high priority users. The class allocation
is depent on the requirements of Mobile Operator.

In some cases, Mobile Operator will enable the Class based on the last digit of IMSI. For example, if one SIM has "0" as the last digit, then Class 0 will be enabled. With this method the Mobile Operator
can manage the usage of Radio Access channels.

The size of EF ECC is 2 bytes (16 bits) which each bit represents the enabled class, except for the 3rd bit which set to "0" (disable). The 3rd bit represent Class 10.

Below is the figure of class allocation in this file :

Byte 1:
b8 b7 b6 b5 b4 b3 b2 b1
15 14 13 12 11 10 09 08 Number of the ACC (except for bit b3)

Byte 2:
b8 b7 b6 b5 b4 b3 b2 b1
07 06 05 04 03 02 01 00 Number of the ACC

In normal condition the radio site will give access with SIM with classes 0- 9 enabled. In other condition radio site will give priority for classes 11- 15 enabled SIM. Some examples for high priority users
are Emergency Call, Police Department, etc.

References :
- Universal Mobile Telecommunications System (UMTS); LTE; Characteristics of the Universal Subscriber Identity Module (USIM) application (3GPP TS 31.102 version 8.5.0 Release 8)
- Digital cellular telecommunications system; Service accessibility (GSM 02.11 version 5.0.0)

How to control your call

2011-11-30T16:22:00.002+07:00

Do you know that we can limit our SIM outgoing call only to certain numbers? yup it's true. Sometime we need to limit access for outgoing call made from SIM. Let me give you one example, let's say we give our children a mobile phone and SIM and we want to control to which numbers only they can make call. We can do this with Fixed Dialing Number (FDN).

With FDN we can control the destination number of outgoing call and as result we can control the bill as well :)

Inside the SIM there is a file named EF FDN (6F3B) wich contain records to store phone numbers. The number of records and capacity are following the SIM Phonebook records. Outgoing call can only be made to the listed numbers in these records.

To activate FDN you need to put PIN2 then you can start to store phone numbers. you can ask your operators for your PIN2.

Here are the steps to activate FDN. I am using Nokia 2626 menu as example :
- menu - setting - security - fixed dialing number - on
- put your PIN2
- then you can put phone numbers in the list

Use your PIN !

2011-11-28T17:16:00.001+07:00

Use your PIN!

One of the basic security feature provided by your SIM is PIN Protection. It is simple but unluckily most of SIM users are not using it. Let me tell you something. What happen if someday you lost your SIM and it is found by somebody else and using it.

It is Okay if it is a prepaid SIM then you don't have to be worry because it has limited credit. But if it is a post paid then it will be disaster :) you have to pay for what you didn't use.

That's why it is better to activate the PIN inside your SIM. There are 2 PINs inside your SIM : PIN1 and PIN2. Most operators will have a common number for PIN1 like "1111" or "1234". Also usually many operators will not activate the PIN in new SIM untill the user activate it. After the PIN was activated then you can change it by yourself.

Here are several steps to activate PIN in your SIM. I am using Nokia 2626 menu as example.

- Activate your PIN code request

Menu - Setting - Security setting - PIN code request

Then you will asked to put your PIN.

Select "On".

And after that, when everytime you start your SIM it will ask you to put the PIN number. After you successfully activate your PIN, better to change it.

Here are the steps :

- Setting - Security setting - Access code - Change PIN code.
- Put your current PIN.
- Put your new PIN.
- Confirm your new PIN.
- Done

USIM Authentication

2009-08-27T15:05:00.003+07:00

Cellular network technologies is still in it's evolution from 1G, 2G, 3G, 3.5G, and now reaching 4G. Mobile phones have become the most famous communication tools.

The usage of a mobile phone also increase from it's previous function to deliver voice and clear text. Now the mobile phones can also provide enterainment, multimedia messaging service,
mobile internet access, location based services, and so on.

Based on the data behaviour, 3G services can be described as follows :

- Conversation, such as voice, video telephony, video gaming
- Streaming, such as multimedia, video on demand, webcast
- Interactive, such as web browsing, network gaming
- Background, such as Email, SMS

As the services of 3G Mobile Phones has increase, the security of data also has become critical issue. Security mechanism in 3G Network is not just about subcriber authentication into the network. But it is also about how to secure 3G Services run on the network.

In this article, I will describe how a USIM application can be authenticated into 3G Network.
Authentication will perfomed in challenge - respond method combined with key establishment
for network authentication.

Initialization

After UICC activation the ME will SELECT USIM application in EF DIR. If no USIM application is listed or EF DIR not exist, then the ME will try ro select GSM application.

After a successful USIM application selection, the USIM AID (Application Identifier)
will stored in USIM. The last activated USIM application will remain in UICC until the UICC is reset.

UICC

Is a physical processor chip where USIM application reside. Usually the memory capacity to store USIM application are range from 64K to 256K.

Application Selection

USIM is an application reside in UICC card. It contain many security parameters needed for an UICC to access into UMTS network.USIM will perform some related security procedures before a 3G Subscriber can gain access into the network. I will describe just some of them.

1. Authentication algorithm computation.
The ME will select a USIM application using AUTHENTICATE command and
the response is sent back to ME. In 3G context is used when 3G authentication
variables are available such as RAND, XRES, CK, IK, AUTN.

2. IMSI Request
The ME perform READ procedure on EF IMSI.
This is also the procedure of User Identity request.

3. Access Control information request.
The ME perform READ procedure on EF ACC.

4. Higher Priority PLMN search period request.
The ME perform READ procedure on EF HPPLMN

5. Location Information
In this procedure, the ME perform request and update activity
which ME perform READ procedure on EF Keys. And the ME also
perform UPDATE procedure with EF Keys.

6. Forbidden PLMN
Also in this procedure, the ME perform request and update activity
on EF PLMN.

7. GSM Chiper Key
This procedure will be performed if service n 27 in UST ( USIM Service Table )
is available. The request and update procedure is on EF KC.

8. GPRS Chiper Key
This procedure will be performed if service n 27 in UST ( USIM Service Table )
is available. The request and update procedure is on EF KCGPRS.

Service n 27 in EF UST is where GSM Access Service

9. Initialization value of Hyperframe number
The ME perform READ and UPDATE procedure on EF START-HFN

10. Maximum value of START.
The ME perform READ procedure on EF THRESHOLD.

11. HPLMN Selector with Access Technology Request
The ME perform READ procedure on EF HPLMN w ACT

12. Packet Switch Location Information
The ME perform READ and UPDATE procedure on EF PSLOCI

13. Chiper and Integrity key for Packet Switch Domain
The ME perform READ and UPDATE procedure on EF KeysPS

14. LSA Information.
This procedure will be performed by the ME if service n 23
in EF UST is activated. The ME performs READ procedure with
EF SAI, EF SLL and it's associated LSA Descriptor files
and UPDATE procedure with EF SLL.

15. Voice Group Call Services.
This procedure will be perfomed by the ME if service n 57
in EF UST is activated.

Voice group call service
The ME perform READ procedure with EFVGCSS

Voice group call service status
The ME perform READ and UPDATE procedure on EFVGCSS

17. Voice broadcast services
This procedure will be perfomed by the ME if service n 58
in EF UST is activated.

Voice group call service
The ME perform READ procedure with EFVBS

Voice group call service status
The ME perform READ and UPDATE procedure on EFVBS

Source : Universal Mobile Telecommunications System (UMTS); LTE; Characteristics of the Universal Subscriber Identity Module (USIM) application (3GPP TS 31.102 version 8.6.0 Release 8)

Smart Card Security Mechanism

2009-08-14T14:48:00.002+07:00

As a smart card used to stored data, so how the data can be write, read, and updated ? For that purpose the process have to pass some security mechanism. The security mechanism for every access level is diffrence based on data's security level.

Below is the security mechanisms based on the type of Smart Cards :

Memory Card

Because this type of smart card is just to store data without the capability to calculate or process it, so the security mechanism is more simple. Usually after the card detected by the reader, card will challenge the reader to read PIN stored inside it. The reader will calculate the PIN as part of the authentication process.

Microprocessor Card

A microprocessor card has a capability to perform it's own enryption method and algorithm to protect the data stored inside it. The security mechanism of a microprocessor card difference based on how the data can be accessed.

Why it is more complicated to protect data inside a microprocessor card ? Because the data stored inside a microprocessor card are more critical. For example a Cardholder data inside a credit card.

SIM Application Toolkit

2008-11-13T11:00:00.003+07:00

SIM Application Toolkit

Have you ever use Mobile Banking menu in your Mobile Phone ? In your Mobile Phone there are some interactive menus which let your Mobile Phone 'talk' with the network. This menus displayed in your Mobile Phone screen in a 'scroll down' menu. By entering one menu, then you will come into the sub menus. This capability is provided by two direction communication between SIM Card and Mobile Phone and just a part of mechanism named SIM Application Toolkit (SAT). SAT provide mechanism which reside in the SIM Card to communnicate and interact with Mobile Phone. SAT action is initiated by Mobile Phone. SAT can only work during the network operation phase of GSM.

Some simple facts of SAT are :

- SAT applications is a set of commands inside SIM Card which define how the SIM Card interact with the outside world through Mobile Phone.

- SAT is designed as client server application. SIM Card act as a client and network act as a sever. As A server, network provide services to SIM Card which previously asked by the SIM Card. If the SIM Card indicating that it support SAT commands, then Mobile Phone will execute the next command.

- Mobile Phone act as interface to trigger SAT commands.

- SIM Card send command to Mobile Phone in TLV format.

SAT Mechanism

Profile Download

This mechanism allow MObile Phone to ask to SIM Card what SAT capability it can provide. The Mobile Phone knows SIM Card SAT capability by reading EF Phase. One of the initialization steps on the Mobile Phone is by reading this EF. By using initialization, a Mobile Phone can get information about capabilities those can be provided by SIM Card inside it.

Proactive SIM

Proactive SIM give order mechanism to the SIM Card so it can ask Mobile Phone to execute certain actions. These actions include :

- Displaying text from SIM Card to Mobile Phone's screen.
- Sending a Short Message
- Make a voice call to a number that held by the SIM Card.
- Make a data call to a number and bearer capabilities that held ny the SIM Card.
- Playing tone.
- Provide a dialogue with the user.
- SIM initialization request and change notification to EFs.
- Provide local information from the Mobile Phone to the SIM Card.

Data Download to SIM

This command allow network to use SMS or cell broadcast to transfer information to the SIM Card.
Information transfer over SIM- ME uses the ENVELOPE command. If the Mobile Phone receive SMS with
protocol identifier equal to SIM Data Download and coding scheme equals to class 2 message, then the Mobile Phone will pass the SMS directly to the SIM Card without intervension of Mobile Phone's user.

Menu Selection

A set of menu entries is provided by the SIM Card in Proactive SIM command. The menu shows some menu applications so the user can enter the menu appliaction and then this menu selection will transfer command to the SIM Card.

Call Control by the SIM

When this SAT service activated in a Mobile Phone, whena user make a call, it will result in a phone number, supplementary service, and unstructured supplementary service data (USSD) strings first sent to the SIM Card. The SIM Card can decide wether it will alow this action or selectively bar it.

Mobile Originated Short Message Control by SIM

This SAT service use the same mechanism like Call Control. But this service applied to the SMS. Before a Mobile Phone sending any SMS, it will ask SIM Card authorization. The SIM Card will return with an answer which can be authorization or refusal.

Event Download

A set to monitor for is supplied by SIM Card in proactive SIM command. This mechanism is used to transfer details of event to the SIM. Events that a Mobile Phone can report to the SIM card area include incoming calls, location status, and availability of the screen for applications.

Security

Multiple Card

One event and a set of proactive commands are supplied to monitor card behaviour.

Timer Expiration

SIM Card has capability to manage timers which running physically in the Mobile Phone with proactive command. This mechanism is used to inform the SIM when a timer exprires.

Bearer Independent Protocol

Reference : 3GPP TS 11.14 , Specification of SIM Application Toolkit (SAT) for the SIM -ME Interface

Inside Your SIM Card

2008-05-06T15:47:00.011+07:00

Today many GSM Network subscribers have SIM Cards inside their Mobile Phones in order to be authenticated to GSM Network. Well, in other words, you need a SIM card to connect to your GSM Network then make a call and utilizing Mobile Services such as Short Message Services (SMS), or Content Browsing.

SIM card basically is an EPROM which has Operating System (OS) and Applications inside it. This can be compared to your PC which has OS such as MS Windows, UNIX, etc and many Applications. But you can not imagine that SIM Card also has Applications just like MS Office or Image Editor. Applications inside the SIM Card are more simple. Most of the Applications that owned by SIM Card are to support SIM Card so it can be connected to the GSM Network and to make SIM Card communicate with your Mobile Phone. One example of SIM Card Application is when you use content browsing some drag drop menus displayed on your Mobile Phone's screen.

Files and Directories

SIM Card has many files inside it which needed by SIM Card to connect to GSM Network.
File Structure of SIM Card can be compared to UNIX hierarcial file system which in UNIX
many Applications and information of devices stored as files. The UNIX file structure
can be represented by this file tree structure :

\root
|
|
+---- \etc
|
+---- \bin
|
+---- \usr
|
+---- \tmp

Similar to UNIX, we will find Files and Directories inside a SIM Card in a hierarcial structure. A file contain information or data, and a directory contain files. How a Mobile Phone or a Card Reader access these files and directories is related to the security features which managed by SIM Card Operating System. Every file and directory have their
owned security feature based on some technical requirements.

SIM Card also manages files and directories inside it in hierarcial structure. The logical model of files and directories is related with how Operating System inside the SIM Card manage them. If in UNIX every file and directory has it's name, in SIM Card logical model, every files and directory have it's file ID. File ID used to addresed or identify
the file. The first byte of File ID identify the file's type.

The Logial Model of a SIM Card devided into :

Master File (MF)
An MF can be compare to /root directory in UNIX. An MF act as a "root" for DF and EF. The File ID of an MF is 3F.

Dedicated File (DF)
DF can be refer to directory which contain files inside it. Some EF which have related functional purpose grouped into the same DF. So the functional grouping of a DF refer to it self and all it's complete EF subtree. A DF also act as a 'second door' to access an EF. So to access an EF you need to access the MF and the 'main door' and then DF as the 'second door'. This is quite similar to UNIX file system. For example files that handle device configuration grouped into /dev directory. Because of it's function, a DF does not contain data, it only contain header part.

File ID of DF are :

7F -> First level Dedicated File
5F -> Second level Dedicated File

The are several DFs inside the SIM Card, but in this article I will describe only two DFs which mandatory
for GSM subscriber requirements :

File Name

File ID

Function

DF Telcom

7F10

Contain EFs those hold telecom service features

DF GSM

7F20

Contain applications for both GSM and/or DCS 1800

Elementary File (EF)
An EF consist of header and body part. The body part contain data which have attributes related to the security aspects, file size, record length, and how the data can be accessed. The first information that read from an EF is it's File Structure. Starting from the File Structure then can be known the file type, record length, and access method of an EF. The total data length that stored in the body of an EF is indicated in it's header.

File ID of EF are :

2F -> EF under Master File

6F -> EF under first level DF
4F -> EF under second level EF

EF grouping

Inside the SIM Card, EFs grouped under MF and DF. This grouping based on functional purpose of an EF. For example EF that support or hold data for telecom service features will be grouped under DF Telecom (7F10). The existing of these EF are may Mandatory or Optional. Mandatory EF means that this EF should be exist inside the SIM Card for the minimum requirement based on 3GPP TS 11.11 document. Optional EF means that this EF maybe
exist inside the SIM Card based on the Network Operator specific requirement. Below, I will describe all of EFs those have Mandatory requirement based on 3GPP TS 11.11 document. Well, here they are :

EF under Master File

File Name

File ID

Size

EF ICCID

2FE2

10 bytes

EF under DF GSM

File Name	File ID	Size
EF LP	6F05	1-n bytes n = nth language code
EF IMSI	6F07	9 bytes
EF KC	6F20	9 bytes
EF HPPLMN	6F31	1 byte
EF SST	6F38	X bytes X >= 2
EF BCCH	6F74	16 bytes
EF ACC	6F78	2 bytes
EF FPLMN	6F7B	12 bytes
EF LOCI	6F7E	11 bytes
EF AD	6FAD	3 + X bytes
EF Phase	6FAE	1 byte

EF under DF Telecom

File Name	File ID	Size
EF ADN	6F3A	X + 14 bytes
EF FDN	6F0B	X + 14 bytes
EF SMS	6F3C	176 bytes
EF MSISDN	6F40	X + 14 bytes

The File Structure of EF are :

Elementary Files usually has attributes that related with file size, how the file can be accessed, record length, etc. File Structure of an EF represent security feature of EF and how it will be managed.

Transparent

An EF with Transparent File Structure consist of a sequence of bytes. This sequence of bytes used when the file need to be updated or read which indicates the starting bytes position and the number of bytes to be updated or read. Starting bytes position known as relative address (offset). The first byte in a Transparent EF has an offset '00 00'

Linier Fixed

An EF with Linier Fixed File Structure consist of sequence of records which have the same fixed record length. The first record is starting from record number 1.

Cyclic

An EF with Cyclic File Strucutre used to store records in chronological order. When all records have used to store data, then the next data will be overwrite the oldest information. All records in a Cyclic EF has a fixed number of quantity and the fixed record length. In a Cyclic EF there is a link between record number 1 and the last record (n). When the pointer is set to the last record (n), then the next record would be record number 1.

Security Features

SIM Card which reside inside your Mobile Phone contain data that needed to logon to the network then after that you can make your call or sending your SMS. The Security Features supported by SIM Card utilized to enable the following :

SIM Card authentication to the network

After your Mobile Phone turned on, then the network send Random Signal or RAND (128 bit) to your Mobile Phone, then your Mobile Phone pass the RAND to your SIM Card using RUM GSM ALGORITHM command. Other value for the input of RAND calculation is KI (128 bit). The calculation of RAND and KI utilized A38 Algorithm. In this process, IMSI is used to retrived KI in the network.

The result of RAND and KIcalculation that done by SIM Card is Signal Respond or SRES (32 bit) and Kc.
SRES passed to the Mobile Phone and then to the network. The network will compare this SRES with SRES that
owned by the network. The comparison of these SRES values provide authentication. The Kc value will be used
by SIM Card for any future enchipered communication.

File Access Condition.

Every EF has it's own specific access condition for each command. The differentiation of access condition for each command based on the security level of each file. File access condition will limit your access to an EF. For example for several EFs, READ command will have ALWAYS access condition for READ command which mean that you can READ this EF with input any parameter key. But for some EFs, they have NEVER access condition for READ command which mean you can not READ this EF.

Level Access Condition
------------- ----------------------------
Level 0 ALWAYS
Level 1 CHV1
Level 2 CHV2
Level 3 RFU
Level 4 ADM 1
..... ......
Level 14 ADM 14
Level 15 NEVER

For more complete and detail SIM Card specification, please refer to 3GPP RS 11.11 Digital Cellular Tellecommunication System (Pahse 2+), Specification of SIM-ME Interface. But this document is quite hard to understand, except for you those has been long period involved in smart card industries.

Reference : 3GPP RS 11.11 Digital Cellular Tellecommunication System (Pahse 2+), Specification of SIM-ME Interface, en.wikipedia.org

CDMA Authentication

2008-04-25T14:37:00.006+07:00

The first digital cellular technology is known as Interim Standard 95 (IS- 95) which was introduced by Qualcomm. It is a 2G Mobile Tellecommunication Standard that use CDMA technology which has multiple access scheme for digital radio, to send voice, data, and signalling.

Today many of the CDMA subscribers use Removeable User Identity Module or RUIM card inside their Mobile Phones. RUIM Card hold data those needed by subscriber to be authenticated into the network. Authentication is process to validate subscribers that done by the network. Just like if you go back home from a long vacation in the midnight, maybe your parrents, or your wife will ask you some questions to you before they really sure that it is really you and then let you in.

Subscriber Authentication

IMSI_M is an MIN based IMSI which uses the lower 10 digits to store the MIN. IMSI_M is used in IS-95A system. IMSI_M is a true IMSI which similar to IMSI for GSM which used in IS-95B system. In the authentication process if IMSI_M is personalized, the "MIN" part of IMSI_M will be used as parameter input for authentication calculation. Together with A-Key and RANDSSD, ESN is input for CAVE Algorithm (Cellular Authentication and Voice Encryption)
to generate 128 bit SSD (Shared Secret Data). SSD has two parts which is 64 bit SSD_A for creating authentication signatures, and 64 bit SSD_B for creating keys to encrypt voice and data message.

In CDMA network, the Mobile Station use SSD_A and the broadcast RAND as input for CAVE Algorithm to generate 18 bit Authentication Signature (AUTH_SIGNATURE), and send it to the Base Station. Base on this Authentication Signature, the Base Station will verify that the subscriber is authorized.

If IMSI_T is personalized, the 32 bit subset of IMSI_T will be used for authentication. IMSI is usually 15 digits long.

The following data is the minimum requirement for a RUIM card to be authenticated into the network :

IMSI_M, International Mobile Subscriber Identifier
MIN based IMSI, using the lower 10 digits to store MIN. Mobile Identification Number (MIN) it self is 34 bit number of digital representation of 10 bit number that assigned to a Mobile Phone.

IMSI_T
This is the true IMSI no associated with MIN. Just like IMSI in GSM system it contain 15 digits or fewer.

CDMA Home SID/ NID, System ID/ Network ID
This 5 bytes identifies SID and NID when the Mobile Station operates in CDMA mode. This is a unique number to identify a network in a wireless system.

PRL (Preferred Roaming List)
PRL is a database used during the CDMA Subscriber authentication into the network. It contain additional parameters such as bands, sub bands, and network provider identifier.

A-Key
A-Key is a 64 bit key stored in the RUIM and HLR/ AuC. It's used to generate or update Mobile Phone's Shared Secret Data.

References :
3GPP2 C.S0023-C, Removeable User Identity Module for Spread Spectrum System, Version 1.0, May 2006
www.gsm-security.net

GSM Authentication

2008-04-01T12:51:00.003+07:00

Most of us have been very familiar with a gagdet named Mobile Phone, or many of us called it Hand Phone (well of course you have to grab your phone with your hand, not with your feet), or Cellular Phone. Also most of us have been very familiar with the Cellular Services those provided using our Cell Phone such SMS, HSDPA, Video Call, etc.

But have we ever wonder, how our Cell Phone can be authenticated, and log-on to the cellular network, and your cellular operator Logo displayed ? Well authetication process in GSM Network follow several steps below :

Mobile Phone turned on, of course you have to turned it on first.

Mobile Service Switching Center (MSC) requests 5 tripples from the Home Location Register (HLR). HLR creates 5 tripples using A8 algorithm. These 5 tripples each contain a 128 bit Random Challenge (RAND), a 32 bit matching Signed Response (SRES), and a 64 bit chipering key used as Session Key (Kc).

HLR sends 5 tripples to MSC. MSC sends 5 tripples to the Base Transceiver Station (BTS). BTS sends RAND to the Mobile Phone.

Mobile Phone receives RAND from BTS and pass it to SIM Card using RUN GSM ALGORITHM command. As a calculation result, SIM Card return the SRES and Kc value. SRES Kc passed to the Mobile Phone. Kc will be kept for any future enchiphered communication. Subscriber Authentication Key (Ki) is used in this process. Ki used as one input parameter in A3 algorithm which authenticate Mobile Phone to the network, and for A8 algorithm calculation to generate the encryption key.

Mobile Phone sends SRES to BTS, and SRES forwarded to MSC. MSC receive SRES and verify it. This verification process provide authentication.

Terms

A3, authentication algorithm. Used for authenticating the subscriber.

A8, chiper key algorithm. Used to generate Kc.

A5, chiper algorithm. Used to enchipering/ dechipering data.

HLR, Home Location Register. An entity of GSM Network which handling database contain subscriber data that authorized to authentication to the network. HLRs are devided based on each area.

Ki, Subscriber Authentication Key, a 128 bit key stored inside SIM card. Used as one input parameter for authentication and chiper key algorithm.

MSC, Mobile Service Switching Center. An entity of GSM Network that responsible to handling voice call and SMS.

RAND, Random Challenge, a 128 bit value result from A8 algorithm calculation that provided by MSC

SRES, Signed Respond. A 32 bit value that provided by MSC as a result of A8 algorithm calculation.

References :
3GPP TS11.11 Digital Cellular Tellecommunication System ( Phase 2+ ) Specification of Subscriber Identity Module - Mobile Equipment Interface, version 8.14.0, release 1999.
www.gsm-security.net