Here's a protocol of how I talk to the GSM SIM card using stest from the sio package. It shows one round of computation of A3A8, and extraction of the IMSI. The part including the # and anything after it is a comment. Don't type this in. The first line is by me, the second comed from the card, the third from me etc. $ ./stest -c /dev/ttyS0 # or whatever serial port you use Scan ATR # search for right serial settings ... some data ... # it tells you what serial parameters it has found r # reset 3b 83 00 12 10 96 # ATR t a0 a4 00 00 02 # SelectFile a4 # ok t 7f 20 # gsm_dir 9f 19 # ok, 0x19 bytes result available t a0 c0 00 00 19 # get response c0 00 00 00 00 7f 20 02 00 00 11 00 01 0c 1b 00 12 04 00 83 8a 03 8a 00 03 83 90 00 # boring data t a0 20 00 01 08 # PIN verification 20 # ok t 35 35 35 35 ff ff ff ff # PIN (5555 in this case) 90 00 # ok t a0 88 00 00 10 # execute A3A8, we have 0x10 bytes of data 88 # ok t 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 # this is my challenge RAND 9f 0c # 0x0c bytes response t a0 c0 00 00 0c # get response c0 88 72 d1 02 18 fd 5f 1b 44 a4 60 00 90 00 # one byte command, 4 bytes SRES, 8 bytes Kc, two bytes status t a0 a4 00 00 02 # select file a4 # ok 6f 07 # IMSI t a0 b0 00 00 09 # read data 9f 09 # ok, 9 bytes response t a0 c0 00 00 09 # get data c0 08 29 03 29 83 40 04 32 45 90 00 # one byte command, 9 bytes IMSI, 2 bytes status Andreas