Started by upstream project "gerrit-pysim" build number 3,0573057gerrit-pysimjob/gerrit-pysim/COMMENT_TYPEDISTROGERRIT_BRANCHmasterGERRIT_CHANGE_NUMBER42624GERRIT_HOSTgerrit.osmocom.orgGERRIT_PATCHSET_NUMBER1GERRIT_PATCHSET_REVISION816b31eb07ec975275a03fa0f521d228d44ac6f4GERRIT_PATCHSET_UPLOADER_NAMEdexterGERRIT_PORT29418GERRIT_PROJECTpysimGERRIT_REFSPECrefs/changes/24/42624/1GERRIT_REPO_URLssh://jenkins@gerrit.osmocom.org:29418/pysimPIPELINE_BUILD_URLhttps://jenkins.osmocom.org/jenkins/job/gerrit-pysim/3057/PROJECT_NAMEpysimBRANCH_CImaster00009967489967481.0061506150<_ _class='hudson.plugins.git.util.Build'>2772167d6aca365b64c84b2485a70cb43bbf3a4e4f2d167d6aca365b64c84b2485a70cb43bbf3a4e4f2d**167d6aca365b64c84b2485a70cb43bbf3a4e4f2d167d6aca365b64c84b2485a70cb43bbf3a4e4f2d**3050816b31eb07ec975275a03fa0f521d228d44ac6f4816b31eb07ec975275a03fa0f521d228d44ac6f4master816b31eb07ec975275a03fa0f521d228d44ac6f4816b31eb07ec975275a03fa0f521d228d44ac6f4master816b31eb07ec975275a03fa0f521d228d44ac6f4816b31eb07ec975275a03fa0f521d228d44ac6f4masterssh://jenkins@gerrit.osmocom.org:29418/pysimfalse#30509967481081954gerrit-pysim-build #30503050falsefalse305089964SUCCESS1776330561869https://jenkins.osmocom.org/jenkins/job/gerrit-pysim-build/3050/- pySim-prog.py816b31eb07ec975275a03fa0f521d228d44ac6f41776253811000https://jenkins.osmocom.org/jenkins/user/pmaierpmaier@sysmocom.depmaier@sysmocom.depySim-prog: fix Insecure PRNG for SIM Authentication Keys (CWE-338)
Root Cause:
pySim-prog.py uses Python's random module (Mersenne Twister MT19937) to
generate Ki and OPC — the root authentication keys for SIM cards. MT19937
is a deterministic PRNG that is not cryptographically secure. Its internal
state (624 × 32-bit words, 19,937 bits) can be fully recovered after
observing 624 consecutive outputs.
Impact:
1. SIM Card Cloning: An attacker who determines the PRNG state can predict
all Ki/OPC values generated before and after. With these keys, SIM cards
can be cloned.
2. Network Authentication Bypass: Ki/OPC are used in the Milenage algorithm
for 3G/4G/5G authentication. Predictable keys mean an attacker can
authenticate as any subscriber whose SIM was provisioned with the weak RNG.
3. Batch Compromise: In bulk provisioning scenarios (pySim-prog's primary
use case), hundreds or thousands of SIMs may be programmed sequentially.
Compromising one batch means recovering the PRNG state to predict all keys.
Fix:
Replace random.randrange() with os.urandom()
Change-Id: Id3e00d3ec5386f17c1525cacfc7d3f5bba43381f
2026-04-15 13:50:11 +0200816b31eb07ec975275a03fa0f521d228d44ac6f4pySim-prog: fix Insecure PRNG for SIM Authentication Keys (CWE-338)editpySim-prog.py
githttps://jenkins.osmocom.org/jenkins/user/pmaierpmaier@sysmocom.de3050https://jenkins.osmocom.org/jenkins/job/gerrit-pysim-build/JOB_TYPE=distcheck,a1=default,a3=default,a4=default,label=osmocom-gerrit/3050/3050https://jenkins.osmocom.org/jenkins/job/gerrit-pysim-build/JOB_TYPE=docs,a1=default,a3=default,a4=default,label=osmocom-gerrit/3050/3050https://jenkins.osmocom.org/jenkins/job/gerrit-pysim-build/JOB_TYPE=pylint,a1=default,a3=default,a4=default,label=osmocom-gerrit/3050/3050https://jenkins.osmocom.org/jenkins/job/gerrit-pysim-build/JOB_TYPE=test,a1=default,a3=default,a4=default,label=simtester/3050/