FreeCalypso > hg > fc-sim-tools

comparison simtool/sjs1_hacks.c @ 10:ddd767f6e15b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fc-simtool ported over
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 14 Mar 2021 07:11:25 +0000
parents
children
comparison
equal deleted inserted replaced
9:c9ef9e91dd8e 10:ddd767f6e15b
1 /*
2 * This module implements a few special commands for the recently
3 * discontinued sysmoUSIM-SJS1 card model from Sysmocom. These commands
4 * are NOT applicable to the successor sysmoISIM-SJA2 card model!
5 */
6
7 #include <sys/types.h>
8 #include <string.h>
9 #include <strings.h>
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include "simresp.h"
13 #include "curfile.h"
14 #include "file_id.h"
15
16 /*
17 * SJS1 is natively a UICC, supporting the classic GSM 11.11 SIM protocol
18 * only as a backward compatibility mode. The makers of that UICC CardOS
19 * clearly did not want people to do administrative programming via the
20 * GSM 11.11 SIM protocol, instead their vision was that admin programming
21 * should only be done in UICC mode. Toward this end, SJS1 cards do not
22 * accept VERIFY CHV commands with CLA=0xA0 P2=0x0A for ADM1 authentication,
23 * instead they only accept VERIFY PIN with CLA=0x00 for this purpose.
24 *
25 * They did leave one open loophole, however: if the UICC-style VERIFY PIN
26 * command with P2=0x0A for ADM1 authentication is given as the very first
27 * command in the card session, then it can be followed either by other
28 * UICC protocol commands (making a UICC card session), or by CLA=0xA0
29 * protocol commands, making a GSM 11.11 SIM session with ADM1 authentication.
30 * In other words, they allow one special exception to the general rule
31 * where SIM and UICC protocol commands are never allowed to mix in the
32 * same card session.
33 */
34
35 cmd_verify_sjs1_adm1(argc, argv)
36 char **argv;
37 {
38 u_char cmd[13];
39 int rc;
40
41 /* UICC-style VERIFY PIN command APDU */
42 cmd[0] = 0x00;
43 cmd[1] = 0x20;
44 cmd[2] = 0x00;
45 cmd[3] = 0x0A;
46 cmd[4] = 8;
47 rc = encode_pin_entry(argv[1], cmd + 5);
48 if (rc < 0)
49 return(rc);
50 rc = apdu_exchange(cmd, 13);
51 if (rc < 0)
52 return(rc);
53 if (sim_resp_sw != 0x9000) {
54 fprintf(stderr, "bad SW response: %04X\n", sim_resp_sw);
55 return(-1);
56 }
57 return(0);
58 }
59
60 /*
61 * Early sysmoUSIM-SJS1 cards (those sold in 2017, but not the very last
62 * ones sold in late 2020) were shipped with a misprogrammed MSISDN record.
63 * Our fix-sysmo-msisdn command fixes this particular misprogramming.
64 */
65
66 cmd_fix_sysmo_msisdn()
67 {
68 int rc;
69 unsigned n;
70 u_char newrec[34];
71
72 rc = select_op(DF_TELECOM);
73 if (rc < 0)
74 return(rc);
75 rc = select_op(EF_MSISDN);
76 if (rc < 0)
77 return(rc);
78 rc = parse_ef_select_response();
79 if (rc < 0)
80 return(rc);
81 if (curfile_structure != 0x01) {
82 fprintf(stderr, "error: EF_MSISDN is not linear fixed\n");
83 return(-1);
84 }
85 if (curfile_record_len != 34) {
86 fprintf(stderr,
87 "error: expected EF_MSISDN record length of 34 bytes, got %u\n",
88 curfile_record_len);
89 return(-1);
90 }
91 rc = readrec_op(1, 0x04, 34);
92 if (rc < 0)
93 return(rc);
94 for (n = 0; n < 18; n++) {
95 if (sim_resp_data[n] != 0xFF) {
96 fprintf(stderr,
97 "error: non-FF data in the first 18 bytes of alpha tag area\n");
98 return(-1);
99 }
100 }
101 if (sim_resp_data[18] == 0xFF && sim_resp_data[19] == 0xFF) {
102 printf(
103 "last 2 bytes of alpha tag area are clear - already fixed?\n");
104 return(0);
105 }
106 if (sim_resp_data[18] != 0x07 || sim_resp_data[19] != 0x91) {
107 fprintf(stderr,
108 "error: bytes 18 & 19 don't match expected bogus programming\n");
109 return(-1);
110 }
111 memset(newrec, 0xFF, 34);
112 memcpy(newrec + 20, sim_resp_data + 18, 8);
113 return update_rec_op(1, 0x04, newrec, 34);
114 }