Gathering SIM operator MCC/MNC without reading EFad

Tue Oct 22 10:56:52 PDT 2013

On Mon, 2013-10-21 at 17:25 +0200, Aleksander Morgado wrote:
> Hey hey,
> 
> The generic implementation of load_operator_identifier() in MMSim (the
> one reading the MCC/MNC of the operator which issued the SIM card)
> currently relies on reading the 'MNC length' field from the EFad file in
> the SIM card. Once it knows the MNC length, it will just get the [3+MNC
> length] bytes long prefix of the IMSI string.
> 
> Now, the 'MNC length' field in the EFad file is *optional*; so even in
> successful reads of EFad, the field may just be unavailable. I was

It's optional in the GSM specifications (11.11) but has been mandatory
in USIM specifications (131.102) since at least 2001.  So we'll only
encounter this case when the SIM is really old.  (Unless they have still
recently distributed non-USIMs in places where 3G networks took longer
to deploy, like Africa or India?)

> looking for a way to handle this case, when I found that the IMSI is
> defined as follows (3GPP TS23.003):
> 
>   IMSI is composed of three parts:
>   i) Mobile Country Code (MCC) consisting of three digits. The MCC
> identifies uniquely the country of domicile of the mobile subscriber;
>   ii) Mobile Network Code (MNC) consisting of two or three digits for
> GSM applications. The MNC identifies the home GSM PLMN of the mobile
> subscriber. The length of the MNC (two or three digits) depends on the
> value of the MCC. A mixture of two and three digit MNC codes within a
> single MCC area is not recommended and is outside the scope of this
> specification.
>   iii) Mobile Subscriber Identification Number (MSIN) identifying the
> mobile subscriber within a GSM PLMN
> 
> In particular, it explicitly states that there shouldn't be any MCC
> which allows both 2 and 3 digit MNCs. With that in mind, I compiled a
> list of MCC values with 3 digit MNCs (using the m-b-p-i). This ends up
> giving us a method like this:
> 
> From the list above; the only MCC for which I have doubts is '405'.
> India has several MCCs assigned: '404' has all 2-digit MNCs; while '405'
> seems to have both 2-digit and 3-digit MNCs (in the m-b-p-i database I
> mean). My assumption right now is that the 2-digit MNCs with a '405' MCC
> really should all have an extra leading zero to make them 3-digit. It
> would be great if someone could confirm this, though.

http://www.itu.int/dms_pub/itu-t/opb/sp/T-SP-E.212B-2013-PDF-E.pdf

Note these two entries, which are separate:

Reliance Infocomm Ltd, Andhra Pradesh    405 012
Reliance Infocomm Ltd, Kolkata           405 12

If we added a leading zero here, these would appear the same network.
But technically, when coding these into the SIM in EFplmnsel or even in
the UMTS LAI over-the-air, they would be:

405-012 = 04 05 21
405-12  = 04 F5 21

and thus not the same.  Plus, I think it gets worse.  If you're actually
parsing the IMSI, you really have no idea whatsoever how many digits the
operator used.  In this case of 405 12/012, we might certainly get it
wrong if somebody bought a SIM in Kolkata.

Do you have a SIM that has this problem?  Can you check if it's actually
USIM or not?

Dan

> Anyway, I got a 'aleksander/mnc-length' branch in upstream git with this
> implementation, which among other things also makes the QMI based modems
> to show the MCC/MNC of the operator which issued the card.
> 
> Anyone got comments on this? I know that maintaining the list of MCCs
> with 3-digit-MNCs hardcoded in code is not the best idea; so suggestions
> more than welcome.
> 