FreeCalypso > hg > fc-sim-tools

view simtool/sjs1_hacks.c @ 99:97ba63d9361a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
scripts/fcsim1-sst: turn off STK & OTA services In the initial unprogrammed state of the cards from Grcard, SST has services 25 through 29 set to allocated and activated. However, these cards appear to not actually support OTA, ENVELOPE commands do nothing (just return SW 9000), and they were never observed issuing any proactive SIM commands, even after a feature-generous TERMINAL PROFILE. Therefore, let's list these STK & OTA services as allocated, but not activated in our FCSIM1 SST.
author Mychaela Falconia <falcon@freecalypso.org>
date Wed, 05 May 2021 04:26:07 +0000
parents ddd767f6e15b
children
line wrap: on
line source

/*
 * This module implements a few special commands for the recently
 * discontinued sysmoUSIM-SJS1 card model from Sysmocom.  These commands
 * are NOT applicable to the successor sysmoISIM-SJA2 card model!
 */

#include <sys/types.h>
#include <string.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include "simresp.h"
#include "curfile.h"
#include "file_id.h"

/*
 * SJS1 is natively a UICC, supporting the classic GSM 11.11 SIM protocol
 * only as a backward compatibility mode.  The makers of that UICC CardOS
 * clearly did not want people to do administrative programming via the
 * GSM 11.11 SIM protocol, instead their vision was that admin programming
 * should only be done in UICC mode.  Toward this end, SJS1 cards do not
 * accept VERIFY CHV commands with CLA=0xA0 P2=0x0A for ADM1 authentication,
 * instead they only accept VERIFY PIN with CLA=0x00 for this purpose.
 *
 * They did leave one open loophole, however: if the UICC-style VERIFY PIN
 * command with P2=0x0A for ADM1 authentication is given as the very first
 * command in the card session, then it can be followed either by other
 * UICC protocol commands (making a UICC card session), or by CLA=0xA0
 * protocol commands, making a GSM 11.11 SIM session with ADM1 authentication.
 * In other words, they allow one special exception to the general rule
 * where SIM and UICC protocol commands are never allowed to mix in the
 * same card session.
 */

cmd_verify_sjs1_adm1(argc, argv)
	char **argv;
{
	u_char cmd[13];
	int rc;

	/* UICC-style VERIFY PIN command APDU */
	cmd[0] = 0x00;
	cmd[1] = 0x20;
	cmd[2] = 0x00;
	cmd[3] = 0x0A;
	cmd[4] = 8;
	rc = encode_pin_entry(argv[1], cmd + 5);
	if (rc < 0)
		return(rc);
	rc = apdu_exchange(cmd, 13);
	if (rc < 0)
		return(rc);
	if (sim_resp_sw != 0x9000) {
		fprintf(stderr, "bad SW response: %04X\n", sim_resp_sw);
		return(-1);
	}
	return(0);
}

/*
 * Early sysmoUSIM-SJS1 cards (those sold in 2017, but not the very last
 * ones sold in late 2020) were shipped with a misprogrammed MSISDN record.
 * Our fix-sysmo-msisdn command fixes this particular misprogramming.
 */

cmd_fix_sysmo_msisdn()
{
	int rc;
	unsigned n;
	u_char newrec[34];

	rc = select_op(DF_TELECOM);
	if (rc < 0)
		return(rc);
	rc = select_op(EF_MSISDN);
	if (rc < 0)
		return(rc);
	rc = parse_ef_select_response();
	if (rc < 0)
		return(rc);
	if (curfile_structure != 0x01) {
		fprintf(stderr, "error: EF_MSISDN is not linear fixed\n");
		return(-1);
	}
	if (curfile_record_len != 34) {
		fprintf(stderr,
		"error: expected EF_MSISDN record length of 34 bytes, got %u\n",
			curfile_record_len);
		return(-1);
	}
	rc = readrec_op(1, 0x04, 34);
	if (rc < 0)
		return(rc);
	for (n = 0; n < 18; n++) {
		if (sim_resp_data[n] != 0xFF) {
			fprintf(stderr,
		"error: non-FF data in the first 18 bytes of alpha tag area\n");
			return(-1);
		}
	}
	if (sim_resp_data[18] == 0xFF && sim_resp_data[19] == 0xFF) {
		printf(
		"last 2 bytes of alpha tag area are clear - already fixed?\n");
		return(0);
	}
	if (sim_resp_data[18] != 0x07 || sim_resp_data[19] != 0x91) {
		fprintf(stderr,
	"error: bytes 18 & 19 don't match expected bogus programming\n");
		return(-1);
	}
	memset(newrec, 0xFF, 34);
	memcpy(newrec + 20, sim_resp_data + 18, 8);
	return update_rec_op(1, 0x04, newrec, 34);
}