There are many ways you may wish to approach examining a SIM Card elementary file (EF) and to the university students that wrote and asked for some ideas here are some observations. I would recommend, assuming you have access to SIM reading tools, that it is useful to target a particular EF in the GSM standard GSM11.11. Importantly, as there have been numerous versions and revisions of GSM11.11 it is an essential task to check the various versions and revisions taking account of any changes to the technical requirements for the EF: for instance
a) access conditions
To illustrate some of the points raised by this blog discussion I have selected the SIM forbidden list found in elementary file (EF) FPLMN (Forbidden PLMNs) 7F20:6F7B (7F21:6F7B). PLMNs MCC/MNC populated in this EF are those that the MS shall not camp on and provide a location update.
ETS GSM11.11 v4.21.1 December 1999GSM 11.11 v8.14.0 June 2007
Extracted and Harvested Data
It is inescapable, thus unavoidable, that validating data that has been extracted and harvested cannot be performed based upon using one tool. Moreover, tools vary in the way they present harvested data and will require the examiner to pay particular attention to ensure the output data (although presented in various arrangements) should be identical. If parity isn't possible then analysis of the tools should be undertaken. It is worth mentioning at this juncture, so as to avoid unduly raising concerns, many tools once released into the marketplace do not allow users to update the product. Changes to SIM techncial specifications or new services or new/change to operators may simply not be included in a tool.
SIMSpy Trace file Output (Text file)
Other tools present data in varying layouts within the program:
In conclusion, students asked for some observations and I hope the above may help. Care should be taken when reading the binary not to corrupt content in the EF; to consider the use of reverse-nibble; writing scripts; APDU/PDU and so on, in addition to the automatic and manual tests to be conducted. Moreover, any discovery could also extend to the use of EF-FPLMN to cell site analysis and call record analysis.