laitimes
return

Qualcomm platform reads eSIM, M2M type eUICC card EID method record 1. Preface 2. QMI Read EID Process 2.1 Send Message: QMI_UIM_GET_EID2.2 Response Received: QMI_UIM_GET_EID3. Read EID for RUIM PDU Interactive Flow 3.1 Open Logical Channel3.2 Select the Application ID (AID) corresponding to the EID 3.3 Read EID3.4 Close the Logical Channel

Reversion history

<col>

Reversion

Date

Author

Description of change

0.1

2020-09-04

Vincent GAO

Initial

<h1 class="pgc-h-arrow-right" data-track="4" >1</h1>

eUICC/eSIM cards are becoming more and more popular, and the special feature of this card is that it has one or more Profiles for different purposes (it can be understood that one eUICC card contains multiple cards, one of which corresponds to one card), and can be activated/deleted/added with dedicated instructions.

illustrate:

eUICC card (contains 2 Profiles, which means it contains 2 cards)

+ Profile A Card A (Activated)

+ Profile B Card B (not activated) // At this point eUICC card equals Card A

+ Profile A Card A (Not Activated)

+ Profile B Card B (Activated) // At this point eUICC Card equals Card B

The advantage of this is that you can make multiple cards into an eUICC card and switch to the required card at any time according to different scenarios; if all the Profiles in the current eUICC card do not meet the requirements, you can also download the required Profiles from the remote server.

If you use eUICC technology, you can do this:

+ Profile: China Mobile

+ Profile: China Telecom

+ Profile: China Unicom // No need to go to the operator to re-apply for the card, an eUICC card can be switched to the desired Profile at any time

<h1 class="pgc-h-arrow-right" data-track="6" >2. QMI's process of reading the EID</h1>

<h1 class="pgc-h-arrow-right" data-track="10" >2.1 Send message: QMI_UIM_GET_EID</h1>

00:32:20.567 [0x1392] QMI Link 3 RX PDU

IFType = 1

QmiLength = 16

QmiCtlFlags = 0

QmiType = UIM

Service_Uim {

ClientId = 4

SduCtlFlags = REQ

TxId = 14

MsgType = QMI_UIM_GET_EID

Version = 0

MsgLegnth = 4

Service_Uim_V1 {

QmiUimGetEidMsg {

QmiUimGetEidReqTlvs[0] {

Type = 0x01

Length = 1

slot {

slot = UIM_SLOT_1 //Specifies read card 1

}

<h1 class="pgc-h-arrow-right" data-track="12" >2.2 Response received: QMI_UIM_GET_EID</h1>

00:32:20.627 [0x1393] QMI Link 3 TX PDU

QmiLength = 39

QmiCtlFlags = 128

SduCtlFlags = RSP

MsgLegnth = 27

QmiUimGetEidRespTlvs[0] {

Type = 0x02

Length = 4

respectively {

result = QMI_RESULT_SUCCESS

error = QMI_ERR_NONE

QmiUimGetEidRespTlvs[1] {

Type = 0x10

Length = 17

eid_value {

eid_value_len = 16 //EID of data, for a total of 16 bytes

eid_value = {

137, 3, 48, 36, 6, 129, 2, 152,

19, 0, 0, 0, 18, 71, 82, 89

<h1 class="pgc-h-arrow-right" data-track="14" >3. Ruim PDU interaction flow for reading EID</h1>

<h1 class="pgc-h-arrow-right" data-track="16" >3.1 Open the Logical Channel</h1>

TX 00 70 00 00 01 //0x70 represents the instruction: MANAGE CHANNEL

RX 70 03 90 00

APDU Parsing

Transaction Start :

slot value:1

MANAGE CHANNEL

Logical Channel: 0

UICC instruction class

CLA - No SM used between terminal and card

P1 - Open logical channel

P2 - Logical channel to be internally assigned by UICC

Assigned Logical Channel: 3

Status Words - 0x90 0x00 - Normal ending of the command

<h1 class="pgc-h-arrow-right" data-track="18" >3.2 Select the Application ID (AID) corresponding to the EID</h1>

TX 03 A4 04 00 10 //0x03 represents the use of (previously opened) Logical Channel: 3

TX A0 00 00 05 59 10 FF FF FF FF FF 89 00 00 02 00 //16 bytes of AID, all m2M type // eUICC cards are the same

RX 61 57

TX 03 C0 00 00 57

RX C0 6F 55 84 10 A0 00 00 05 59 10 10 FF FF FF FF 89 00 00 02 00 A5 41 73 3B 06 07 2A 86 48 86 FC 6B 01 60 0B 06 09 2A 86 48 86 FC 6B 02 02 02 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 02 55 65 0B 06 09 2A 86 48 86 FC 6B 05 04 01 9F 65 01 FF 90 00

SELECT

Logical Channel: 3

P1 - Selection by DF name

P2 - Return FCI

P2 - Activation/Reset

P2 - First or only occurance

File ID: MF (0x3F00)/*Unknown App*

AID: 0xA0 0x00 0x00 0x05 0x59 0x10 0x10 0xFF 0xFF 0xFF

0xFF 0x89 0x00 0x00 0x02 0x00

FCI template:

AID : A0 00 00 05 59 10 10 FF FF FF FF 89 00 00 02 00

Proprietary Information

Unknown TLV : 0x73 0x3B 0x06 ...

Invalid TLV length

<h1 class="pgc-h-arrow-right" data-track="20" >3.3 Read the EID</h1>

TX 83 CA 00 5A 00

RX 6C 12

TX 83 CA 00 5A 12

RX CA 5A 10 89 03 30 24 06 81 02 98 13 00 00 00 12 47 52 59 90 00

Unknown command

Response Data: 0x5A 0x10 0x89 0x03 0x30 0x24 0x06 0x81 0x02 0x98 //16-byte EID

0x13 0x00 0x00 0x00 0x12 0x47 0x52 0x59

<h1 class="pgc-h-arrow-right" data-track="22" >3.4 Close the Logical Channel</h1>

TX 00 70 80 03 00

RX 90 00

P1 - The Close logical channel //P1 value is: 0x80

P2 - The Logical Channel Number 3 //P2 value is: 0x03

Recording M2M
Previous: After 2021, M2M technology has a wide range of applications In the automotive field, the application demand is high, and the application range of M2M technology is wide
Next: Paris HEC/Yale/HKUST/FGV Business M2M Dual Degree Program

Read on