Gathering SIM operator MCC/MNC without reading EFad

Wed Oct 23 00:27:32 PDT 2013

Hey Dan,

>>
>> The generic implementation of load_operator_identifier() in MMSim (the
>> one reading the MCC/MNC of the operator which issued the SIM card)
>> currently relies on reading the 'MNC length' field from the EFad file in
>> the SIM card. Once it knows the MNC length, it will just get the [3+MNC
>> length] bytes long prefix of the IMSI string.
>>
>> Now, the 'MNC length' field in the EFad file is *optional*; so even in
>> successful reads of EFad, the field may just be unavailable. I was
> 
> It's optional in the GSM specifications (11.11) but has been mandatory
> in USIM specifications (131.102) since at least 2001.  So we'll only
> encounter this case when the SIM is really old.  (Unless they have still
> recently distributed non-USIMs in places where 3G networks took longer
> to deploy, like Africa or India?)
> 

I've got 2 SIMs myself, one from Orange (3 years old) and one for
Vodafone (less than one year old); and none of those come with the MNC
length field in EFad. I've also checked this in an AT&T card from the
US, and this one also didn't have the mnc length field in EFad.

>> looking for a way to handle this case, when I found that the IMSI is
>> defined as follows (3GPP TS23.003):
>>
>>   IMSI is composed of three parts:
>>   i) Mobile Country Code (MCC) consisting of three digits. The MCC
>> identifies uniquely the country of domicile of the mobile subscriber;
>>   ii) Mobile Network Code (MNC) consisting of two or three digits for
>> GSM applications. The MNC identifies the home GSM PLMN of the mobile
>> subscriber. The length of the MNC (two or three digits) depends on the
>> value of the MCC. A mixture of two and three digit MNC codes within a
>> single MCC area is not recommended and is outside the scope of this
>> specification.
>>   iii) Mobile Subscriber Identification Number (MSIN) identifying the
>> mobile subscriber within a GSM PLMN
>>
>> In particular, it explicitly states that there shouldn't be any MCC
>> which allows both 2 and 3 digit MNCs. With that in mind, I compiled a
>> list of MCC values with 3 digit MNCs (using the m-b-p-i). This ends up
>> giving us a method like this:
>>
>> From the list above; the only MCC for which I have doubts is '405'.
>> India has several MCCs assigned: '404' has all 2-digit MNCs; while '405'
>> seems to have both 2-digit and 3-digit MNCs (in the m-b-p-i database I
>> mean). My assumption right now is that the 2-digit MNCs with a '405' MCC
>> really should all have an extra leading zero to make them 3-digit. It
>> would be great if someone could confirm this, though.
> 
> http://www.itu.int/dms_pub/itu-t/opb/sp/T-SP-E.212B-2013-PDF-E.pdf
> 
> Note these two entries, which are separate:
> 
> Reliance Infocomm Ltd, Andhra Pradesh    405 012
> Reliance Infocomm Ltd, Kolkata           405 12
> 
> If we added a leading zero here, these would appear the same network.
> But technically, when coding these into the SIM in EFplmnsel or even in
> the UMTS LAI over-the-air, they would be:
> 
> 405-012 = 04 05 21
> 405-12  = 04 F5 21
> 

Can't we try to detect in this case the 2-digit MNC looking at the 'F'
there? And wouldn't it be '04 15 F2'?

> and thus not the same.  Plus, I think it gets worse.  If you're actually
> parsing the IMSI, you really have no idea whatsoever how many digits the
> operator used.  In this case of 405 12/012, we might certainly get it
> wrong if somebody bought a SIM in Kolkata.
> 

That's quite unfortunate... But doesn't this case fall out of 3GPP
standards then? 3GPP explicitly says that MCC cannot mix MNC lengths.

> Do you have a SIM that has this problem?  Can you check if it's actually
> USIM or not?
> 

How do I check that?

-- 
Aleksander