Skip to main content
Digital Forensics

Mobile Forensics – Understanding Subscriber Identify Modules (SIM)

By March 11, 2024No Comments

Mobile Forensics - Subscriber Identify Modules (SIM)

SIM or Integrated Circuit Card (ICC) is a microcontroller‐based smart card that stores important data including all the listed below

  • Integrated circuit card identifier (ICCID)
  • International mobile subscriber identity (IMSI)
  • Service provider name (SPN)
  • Mobile country code (MCC)
  • Mobile network code (MNC)
  • Mobile subscriber identification number (MSIN)
  • Mobile international subscriber directory number (MSISDN)
  • Abbreviated dialing numbers (ADN)
  • Last dialed numbers (LDN)
  • Short message service (SMS)
  • Text Message parameters (SMSP)
  • Text message status (SMSS)
  • Phase ID (Phase)
  • SIM Service table (SST)
  • HPLMN search period (HPLMNSP)
  • PLMN selector (PLMNsel)
  • Forbidden PLMNs (FPLMN)
  • Capability configuration parameter (CCP)
  • Access control class (ACC)
  • Broadcast control channels (BCCH)
  • Language preference (LP)
  • Card holder verification (CHV1 and CHV2)
  • Ciphering key (Kc)
  • Ciphering key sequence number
  • Emergency call code
  • Fixed dialing numbers (FDN)
  • Dialing Extension (EXT1 & EXT2)
  • Groups (GID1 & GID2)
  • Preferred network messages (CBMI)
  • Calls per unit (PUCT)
  • Accumulated Call Meter (ACM)
  • Call Limit (ACMmax)
  • Location Information (LOCI)
  • Local area identity (LAI)
  • Own dialing number
  • Temporary mobile subscriber identity (TMSI)
  • Routing area identifier (RIA) network code
  • Service dialing numbers (SDNs)
  • Depersonalization Keys
SIM_Anatomy_Files structure

SIM Anatomy and File Structure

SIM Fundamental File Components

Master File (MF

The top-level file component on a SIM card is called the Master File (MF). In addition to acting as the root directory, it offers the structure for managing and organising other file components. The MF includes details about the organisation of the file system on the SIM card, including where specific files are located and their connections to other files.
The File Control Information (FCI), which includes crucial information including the file number, file size, and access restrictions, is often used to identify the MF. It serves as a portal for accessing other file components kept on the SIM card.

Dedicated File (DF)

Dedicated Files (DF) are specific SIM card directories that contain files for a given functionality or application. Each DF acts as a container for related Elementary Files (EF) and is given a special file identifier (FID) to identify it.
Numerous features, including the phonebook, SMS messages, network settings, service providers, and more, can be represented by DFs. They offer a hierarchical file organisation, making it simpler to manage and access specific data on the SIM card.

Elementary File (EF)

The smallest data storage components of a SIM card are called Elementary Files (EF). These files give detailed information on a certain function or data piece. Each EF is housed in a Dedicated File and given a special file identification (FID).
Examples of EFs include:
i). EF-ICCID: The Integrated Circuit Card Identifier (EF-ICCID) is a number that is stored on each SIM card and serves as a unique identification.
ii). EF-IMSI: Contains the International Mobile Subscriber Identity (IMSI), which uniquely identifies the subscriber within the mobile network.
iii). EF-ADN: Saves/stores the phonebook entries, including peoples names and phone numbers.
iv). EF-SMS: Messages from the Short Message Service are stored here, enabling text message sending and receiving.
v). EF-LOCI: Identifiers for the current location region and the network are stored here along with the location information.

SIM card Anatomy

The anatomy of a SIM (Subscriber Identity Module) card involves a sophisticated structure designed to securely store the subscriber’s information necessary for authenticating and identifying subscribers on mobile networks. Here’s a breakdown of the key components and features of a SIM card:

 

  1. Physical Structure
  • Form Factors: SIM cards come in various sizes: Full-size (1FF), Mini-SIM (2FF), Micro-SIM (3FF), and Nano-SIM (4FF). The functionality across these sizes remains the same, with the main difference being the size of the plastic surrounding the chip.
  • Chip: The heart of the SIM card is a small integrated circuit (IC) chip, which contains the electrical components and circuits necessary for the SIM card’s operation. This chip is where all the subscriber’s information is stored and processed.

 

  1. File Structure

SIM cards use a file system, which is standardized by the European Telecommunications Standards Institute (ETSI), that organizes data in a hierarchical structure with three main types of files:

  • Master File (MF): The root directory of the SIM card that contains Dedicated Files (DF) and Elementary Files (EF).
  • Dedicated Files (DF): Directories under the MF that can contain other DFs or EFs. They are used to categorize data logically (e.g., telecommunications, GSM data).
  • Elementary Files (EF): The lowest level of files where actual user data is stored. EFs contain specific information like SMS messages, contact lists, and service provider information.

 

  1. Stored Data
  • International Mobile Subscriber Identity (IMSI): A unique number associated with all cellular   networks, identifying the user of a cellular network and is stored on the SIM card.
  • Mobile Country Code (MCC) and Mobile Network Code (MNC): These codes identify the subscriber’s home country and mobile network.
  • Integrated Circuit Card Identifier (ICCID): A unique identifier for the SIM card itself.
  • Location Area Identity (LAI): Information about the location area where the SIM card is registered.
  • Authentication Key (Ki): A secret key used for authentication between the SIM card and the network.
  • SMS messages and contact lists: Stored directly on the SIM card, though the capacity for such data is limited compared to the phone’s memory.

 

  1. Security Features
  • Personal Identification Number (PIN) and PIN Unblocking Key (PUK): Security mechanisms to protect the information on the SIM card. The PIN is required to access the SIM card, while the PUK is needed to reset the PIN if it is entered incorrectly multiple times.
  • Digital Signature and Encryption: SIM cards use encryption to protect the confidentiality and integrity of the communication between the SIM card and the network.

 

  1. Communication with the Mobile Device
  • Contact Points: The SIM card communicates with the mobile device through several contact points on its surface. These contacts connect to the device’s SIM card reader.
  • Commands and Responses: The device and the SIM card communicate through a set of standardized commands and responses, allowing the device to request information from the SIM card and the card to provide the necessary data or perform actions as requested.

Recommended For You

Digital Forensics

Mobile Forensics – Android & IOS Images

Sajin Shivdas
Sajin ShivdasJuly 30, 2024
Iphone15promax15_teardown Digital Forensics

Mobile Forensics-iPhone 15 Pro Max Teardown

Sajin Shivdas
Sajin ShivdasApril 8, 2024
Digital_forensics_101 Digital Forensics

History of Digital Forensics

Sajin Shivdas
Sajin ShivdasApril 2, 2024