Skip to content

eSIM security #1128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 16, 2025
Merged

eSIM security #1128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/SUMMARY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@
# πŸ§™β€β™‚οΈ Generic Hacking

- [Brute Force - CheatSheet](generic-hacking/brute-force.md)
- [Esim Javacard Exploitation](generic-hacking/esim-javacard-exploitation.md)
- [Exfiltration](generic-hacking/exfiltration.md)
- [Reverse Shells (Linux, Windows, MSFVenom)](generic-hacking/reverse-shells/README.md)
- [MSFVenom - CheatSheet](generic-hacking/reverse-shells/msfvenom.md)
Expand Down
89 changes: 89 additions & 0 deletions src/generic-hacking/esim-javacard-exploitation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# eSIM / Java Card VM Exploitation

{{#include ../banners/hacktricks-training.md}}

## Overview
Embedded SIMs (eSIMs) are implemented as **Embedded UICC (eUICC)** smart-cards that run a **Java Card Virtual Machine (JC VM)** on top of a secure element.
Because profiles and applets can be provisioned *over-the-air* (OTA) via Remote SIM Provisioning (RSP), any memory-safety flaw inside the JC VM instantly becomes a remote code-execution primitive **inside the most privileged component of the handset**.

This page describes a real-world full compromise of Kigen’s eUICC (Infineon SLC37 ESA1M2, ARM SC300) caused by missing type-safety checks in the `getfield` and `putfield` bytecodes. The same technique can be re-used against other vendors that omit on-card byte-code verification.

## Attack Surface
1. **Remote Application Management (RAM)**
eSIM profiles may embed arbitrary Java Card applets. Provisioning is performed with standard APDUs that can be tunnelled through SMS-PP (Short Message Service Point-to-Point) or HTTPS. If an attacker owns (or steals) the **RAM keys** for a profile, they can `INSTALL`/`LOAD` a malicious applet remotely.
2. **Java Card byte-code execution**
After installation, the applet executes inside the VM. Missing run-time checks allow memory corruption.

## The Type-Confusion Primitive
`getfield` / `putfield` are supposed to operate only on **object references**. In Kigen eUICC the instructions never validate whether the operand on the stack is an *object* or an *array* reference. Because an `array.length` word lives at the exact same offset as the first instance field of a normal object, an attacker can:

1. Create a byte-array `byte[] buf = new byte[0x100];`
2. Cast it to `Object o = (Object)buf;`
3. Use `putfield` to overwrite *any* 16-bit value inside an adjacent object (including VTABLE / ptr translation entries).
4. Use `getfield` to read *arbitrary* memory once internal pointers are hijacked.

```java
// Pseudo-bytecode sequence executed by the malicious applet
// buf = newarray byte 0x100
// o = (Object) buf // illegal but not verified
// putfield <victimObject+offset>, 0xCAFE // arbitrary write
// ... set up read-what-where gadgets ...
```
The primitive provides **arbitrary read / write** in the eUICC address space – enough to dump the device-unique ECC private key that authenticates the card to the GSMA ecosystem.

## End-to-End Exploitation Workflow
1. **Enumerate firmware** – Use undocumented `GET DATA` item `DF1F`:
```
80 CA DF 1F 00 // β†’ "ECu10.13" (vulnerable)
```
2. **Install malicious applet OTA** – Abuse publicly-known keys of the TS.48 Generic Test Profile and push SMS-PP fragments that transport the CAP file (`LOAD`) followed by an `INSTALL`:
```
// simplified APDU chain
80 E6 02 00 <data> // LOAD (block n)
80 E6 0C 00 <data> // INSTALL for load
```
3. **Trigger type-confusion** – When the applet is selected it performs the write-what-where to hijack a pointer table and leak memory through normal APDU responses.
4. **Extract GSMA certificate key** – Private EC key is copied to the applet’s RAM and returned in chunks.
5. **Impersonate the eUICC** – The stolen key pair + certificates let the attacker authenticate to *any* RSP server as a legitimate card (EID binding may still be required for some operators).
6. **Download and modify profiles** – Plaintext profiles contain highly sensitive fields such as `OPc`, `AMF`, OTA keys and even additional applets. The attacker can:
* Clone a profile to a second eUICC (voice/SMS hijack);
* Patch Java Card applications (e.g. insert STK spyware) before re-uploading;
* Extract operator secrets for large-scale abuse.

## Cloning / Hijacking Demonstration
Installing the same profile on **PHONE A** and **PHONE B** results in the Mobile Switching Centre routing incoming traffic to whichever device most recently registered. One session of Gmail 2FA SMS interception is enough to bypass MFA for the victim.

## Automated Test & Exploit Toolkit
The researchers released an internal tool with a `bsc` (*Basic Security Check*) command that immediately shows whether a Java Card VM is vulnerable:
```
scard> bsc
- castcheck [arbitrary int/obj casts]
- ptrgranularity [pointer granularity/tr table presence]
- locvaraccess [local variable access]
- stkframeaccess [stack frame access]
- instfieldaccess [instance field access]
- objarrconfusion [object/array size field confusion]
```
Modules shipped with the framework:
* `introspector` – full VM and memory explorer (~1.7 MB Java)
* `security-test` – generic verification bypass applet (~150 KB)
* `exploit` – 100 % reliable Kigen eUICC compromise (~72 KB)

## Mitigations
1. **On-card byte-code verification** – enforce full control-flow & data-flow type tracking instead of stack-top only.
2. **Hide array header** – place `length` outside of overlapping object fields.
3. **Harden RAM keys policy** – never ship profiles with public keys; disable `INSTALL` in test profiles (addressed in GSMA TS.48 v7).
4. **RSP server side heuristics** – rate-limit profile downloads per EID, monitor geographic anomalies, validate certificate freshness.

## Quick Checklist for Pentesters
* Query `GET DATA DF1F` – vulnerable firmware string `ECu10.13` indicates Kigen.
* Check if RAM keys are known ‑> attempt OTA `INSTALL`/`LOAD`.
* After applet installation, brute-force simple cast primitive (`objarrconfusion`).
* Try to read Security Domain private keys – success = full compromise.

## References
- [Security Explorations – eSIM security](https://security-explorations.com/esim-security.html)
- [GSMA TS.48 Generic Test Profile v7.0](https://www.gsma.com/get-involved/working-groups/gsma_resources/ts-48-v7-0-generic-euicc-test-profile-for-device-testing/)
- [Java Card VM Specification 3.1](https://docs.oracle.com/en/java/javacard/3.1/jc-vm-spec/F12650_05.pdf)

{{#include ../banners/hacktricks-training.md}}