FreeCalypso > hg > fc-pcsc-tools
view simtool/sjs1_hacks.c @ 225:208ae1633f6c
simtool code: sysmo.c renamed to sjs1_hacks.c,
comments changed to clarify that these special commands
apply only to the recently discontinued SJS1 cards
and not to the SJA2 successor.
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Wed, 10 Mar 2021 19:39:33 +0000 |
parents | simtool/sysmo.c@c0cd0d4635bb |
children |
line wrap: on
line source
/* * This module implements a few special commands for the recently * discontinued sysmoUSIM-SJS1 card model from Sysmocom. These commands * are NOT applicable to the successor sysmoISIM-SJA2 card model! */ #include <sys/types.h> #include <string.h> #include <strings.h> #include <stdio.h> #include <stdlib.h> #include "simresp.h" #include "curfile.h" #include "file_id.h" /* * SJS1 is natively a UICC, supporting the classic GSM 11.11 SIM protocol * only as a backward compatibility mode. The makers of that UICC CardOS * clearly did not want people to do administrative programming via the * GSM 11.11 SIM protocol, instead their vision was that admin programming * should only be done in UICC mode. Toward this end, SJS1 cards do not * accept VERIFY CHV commands with CLA=0xA0 P2=0x0A for ADM1 authentication, * instead they only accept VERIFY PIN with CLA=0x00 for this purpose. * * They did leave one open loophole, however: if the UICC-style VERIFY PIN * command with P2=0x0A for ADM1 authentication is given as the very first * command in the card session, then it can be followed either by other * UICC protocol commands (making a UICC card session), or by CLA=0xA0 * protocol commands, making a GSM 11.11 SIM session with ADM1 authentication. * In other words, they allow one special exception to the general rule * where SIM and UICC protocol commands are never allowed to mix in the * same card session. */ cmd_verify_sjs1_adm1(argc, argv) char **argv; { u_char cmd[13]; int rc; /* UICC-style VERIFY PIN command APDU */ cmd[0] = 0x00; cmd[1] = 0x20; cmd[2] = 0x00; cmd[3] = 0x0A; cmd[4] = 8; rc = encode_pin_entry(argv[1], cmd + 5); if (rc < 0) return(rc); rc = apdu_exchange(cmd, 13); if (rc < 0) return(rc); if (sim_resp_sw != 0x9000) { fprintf(stderr, "bad SW response: %04X\n", sim_resp_sw); return(-1); } return(0); } /* * Early sysmoUSIM-SJS1 cards (those sold in 2017, but not the very last * ones sold in late 2020) were shipped with a misprogrammed MSISDN record. * Our fix-sysmo-msisdn command fixes this particular misprogramming. */ cmd_fix_sysmo_msisdn() { int rc; unsigned n; u_char newrec[34]; rc = select_op(DF_TELECOM); if (rc < 0) return(rc); rc = select_op(EF_MSISDN); if (rc < 0) return(rc); rc = parse_ef_select_response(); if (rc < 0) return(rc); if (curfile_structure != 0x01) { fprintf(stderr, "error: EF_MSISDN is not linear fixed\n"); return(-1); } if (curfile_record_len != 34) { fprintf(stderr, "error: expected EF_MSISDN record length of 34 bytes, got %u\n", curfile_record_len); return(-1); } rc = readrec_op(1, 0x04, 34); if (rc < 0) return(rc); for (n = 0; n < 18; n++) { if (sim_resp_data[n] != 0xFF) { fprintf(stderr, "error: non-FF data in the first 18 bytes of alpha tag area\n"); return(-1); } } if (sim_resp_data[18] == 0xFF && sim_resp_data[19] == 0xFF) { printf( "last 2 bytes of alpha tag area are clear - already fixed?\n"); return(0); } if (sim_resp_data[18] != 0x07 || sim_resp_data[19] != 0x91) { fprintf(stderr, "error: bytes 18 & 19 don't match expected bogus programming\n"); return(-1); } memset(newrec, 0xFF, 34); memcpy(newrec + 20, sim_resp_data + 18, 8); return update_rec_op(1, 0x04, newrec, 34); }