Comp128-1,2,3 support in EAP-SIM

Arran Cudbard-Bell a.cudbardb at
Tue Sep 24 18:47:23 CEST 2013

Looking for someone to test some new code (in master branch).

Someone [1] has claimed to of decompiled a SIM validation program to
figure out the algorithms for Comp128-2 and Comp128-3.

The reason why this is particularly useful, is because Comp128-1 is 
horribly broken, and versions 2 and 3 which are meant to be more secure 
were not released to the public domain.

The only way you could properly (with a randomly generated challenge) 
authenticate SIMs using Comp128-2 and Comp128-3 was with a commercial 
AuC (Authentication centre) which cost $$$$$/$$$$$$.

To try out the code, you need to know the Ki of a SIM. You can then set
control:EAP-Sim-Ki to the 64bit Ki value and 
control:EAP-Sim-Algo-Version (to 1, 2 or 3).

which rlm_eap_sim will then use in preference to the normal triplets.

As part of these changes, the other SIM triplets will now be looked for in
the control list, whereas they were previously looked for in the reply list.

update control {
	EAP-Sim-RAND1 := &reply:EAP-Sim-RAND1
	EAP-Sim-RAND2 := &reply:EAP-Sim-RAND2
	EAP-Sim-RAND3 := &reply:EAP-Sim-RAND3
	EAP-Sim-SRES1 := &reply:EAP-Sim-SRES1
	EAP-Sim-SRES2 := &reply:EAP-Sim-SRES2
	EAP-Sim-SRES3 := &reply:EAP-Sim-SRES3
	EAP-Sim-Kc1 := &reply:EAP-Sim-Kc1
	EAP-Sim-Kc2 := &reply:EAP-Sim-Kc2
	EAP-Sim-Kc3 := &reply:EAP-Sim-Kc3

Will fix up any existing configurations if you want to use the code from the
master branch (which will become 3.1).

If no one comes forward for testing, then i'll buy the hardware and do it myself,
just if someone works at a telecoms provider, id imagine it'd be pretty easy to
get hold of a test SIM, and Ki.

Note: Comp128-4 (milenage) is still unknown (please contact one of the developers 
if you have access to it's specification), but just algorithms 1-3 are still useful.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list