PHS8 AT^SCSL Customer SIM Lock permit-all lock | Telit Cinterion IoT Developer Community
August 31, 2015 - 12:17am, 3472 views
Hi!
how could customer simlock (^SCSL) get locked so querying the <password>,<PH-NET PUK> with action=4 or 5 like
AT^SCSL="PN", 4
is impossible (response:
^SCSL: ERROR )
but still the module accepts all SIM cards resp MCC.MNC pairs?
Is there a wildcard of sorts for the <data> in
AT^SCSL=<facility>, <action>[, <password>, <data>]
like
AT^SCSL="PN", 1, "87654321", "*.*"
is what I would like to get?
It's quite mandatory we can lock down the simlock to "free usage of all SIM cards" so user (or malware) can't read out the depersonalization key password and PH-NET PUK
BR
jOERG
Hello,
So you would like to permanently disable the possibility of setting up the SIM lock?
There's no wild card specified. You can set more than one operator while setting up the SIM lock instead.
Could you write more about your use case - maybe there is some other solution.
The passwords are module specific - so the only risk is that the user could set up his own SIM lock.
Regards,
Bartłomiej
Hi Bartłomiej!
Yes exactly, permanent 'disabling' of the SIMlock feature is what I am aiming at.
The usecase is simply to lock the SIMlock option so nobody (and no malware) could engage it and then basically have bricked their own device since nobody knows the unlock code.
I of course will keep a database with unlock codes vs IMEI for all devices we'll build and sell, to recover/rescue such mishaps, but better we lock that pitfall right away rather than hoping for users not playing around with it and then locking out themselves - or worst case somebody writing some virus/malware that locks the modem and renders it useless.
The docs say
I don't see how to accomplish this in any other way than actually engaging the SIMlock so the action=4|5 doesn't reveal the password anymore.
A comprehensive list of all possible MCC.MNC tupels ("000.00:000.01: ... :999.98:999.99") would be ~700kBytes, I honestly doubt that would work.
Any suggestions welcome
BR
jOERG
Hello,
I also doubt that it could be possible to pass all the possible networks to SIM lock command. This feature was not intended for such a usage. I'm afraid that is is not possible to disable the feature.
This lock is designed in a way that it is only possible to set it for the selected and not all the possible networks. And it is always possible to read the password if the lock is not enabled and to activate it then.
If the lock is active, it is of course impossible to read the password or remove it without knowing the password.
Regards,
Bartłomiej
Thank you Bartłomiej!
I now know I didn't miss anything in my considerations and plans. Maybe a next firmware version could add very simple wildcard feature, if only allowing an empty <data> string for "allow-all"
cheers
jOERG