Gitiles
Code Review Sign In
gerrit.osmocom.org / pysim / 23888dab85165f44bfd8ee649dbfc869e881545d / . / pySim / cards.py
blob: 55282aa42cb7a26f2ec03d79250cf12fa0cd61d2 [file] [log] [blame]
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]1#!/usr/bin/env python
2# -*- coding: utf-8 -*-
3
4""" pySim: Card programmation logic
5"""
6
7#
8# Copyright (C) 2009-2010 Sylvain Munaut <tnt@246tNt.com>
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]9# Copyright (C) 2011 Harald Welte <laforge@gnumonks.org>
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]10# Copyright (C) 2017 Alexander.Chemeris <Alexander.Chemeris@gmail.com>
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]11#
12# This program is free software: you can redistribute it and/or modify
13# it under the terms of the GNU General Public License as published by
14# the Free Software Foundation, either version 2 of the License, or
15# (at your option) any later version.
16#
17# This program is distributed in the hope that it will be useful,
18# but WITHOUT ANY WARRANTY; without even the implied warranty of
19# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20# GNU General Public License for more details.
21#
22# You should have received a copy of the GNU General Public License
23# along with this program. If not, see <http://www.gnu.org/licenses/>.
24#
25
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]26from pySim.ts_51_011 import EF, DF
27from pySim.utils import *
Alexander Chemeris8ad124a2018-01-10 14:17:55 +0900[diff] [blame]28from smartcard.util import toBytes
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]29
30class Card(object):
31
32 def __init__(self, scc):
33 self._scc = scc
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]34 self._adm_chv_num = 4
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]35
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]36 def reset(self):
37 self._scc.reset_card()
38
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]39 def verify_adm(self, key):
40 '''
41 Authenticate with ADM key
42 '''
43 (res, sw) = self._scc.verify_chv(self._adm_chv_num, key)
44 return sw
45
46 def read_iccid(self):
47 (res, sw) = self._scc.read_binary(EF['ICCID'])
48 if sw == '9000':
49 return (dec_iccid(res), sw)
50 else:
51 return (None, sw)
52
53 def read_imsi(self):
54 (res, sw) = self._scc.read_binary(EF['IMSI'])
55 if sw == '9000':
56 return (dec_imsi(res), sw)
57 else:
58 return (None, sw)
59
60 def update_imsi(self, imsi):
61 data, sw = self._scc.update_binary(EF['IMSI'], enc_imsi(imsi))
62 return sw
63
64 def update_acc(self, acc):
65 data, sw = self._scc.update_binary(EF['ACC'], lpad(acc, 4))
66 return sw
67
68 def update_hplmn_act(self, mcc, mnc, access_tech='FFFF'):
69 """
70 Update Home PLMN with access technology bit-field
71
72 See Section "10.3.37 EFHPLMNwAcT (HPLMN Selector with Access Technology)"
73 in ETSI TS 151 011 for the details of the access_tech field coding.
74 Some common values:
75 access_tech = '0080' # Only GSM is selected
76 access_tech = 'FFFF' # All technologues selected, even Reserved for Future Use ones
77 """
78 # get size and write EF.HPLMNwAcT
79 r = self._scc.select_file(EF['HPLMNwAcT'])
80 size = int(r[-1][4:8], 16)
81 hplmn = enc_plmn(mcc, mnc)
82 content = hplmn + access_tech
83 data, sw = self._scc.update_binary(EF['HPLMNwAcT'], content + 'ffffff0000' * (size/5-1))
84 return sw
85
Philipp Maierc8ce82a2018-07-04 17:57:20 +0200[diff] [blame]86 def update_oplmn_act(self, mcc, mnc, access_tech='FFFF'):
87 """
88 See note in update_hplmn_act()
89 """
90 # get size and write EF.OPLMNwAcT
91 data = self._scc.read_binary(EF['OPLMNwAcT'], length=None, offset=0)
92 size = len(data[0])/2
93 hplmn = enc_plmn(mcc, mnc)
94 content = hplmn + access_tech
95 data, sw = self._scc.update_binary(EF['OPLMNwAcT'], content + 'ffffff0000' * (size/5-1))
96 return sw
97
98 def update_plmn_act(self, mcc, mnc, access_tech='FFFF'):
99 """
100 See note in update_hplmn_act()
101 """
102 # get size and write EF.PLMNwAcT
103 data = self._scc.read_binary(EF['PLMNwAcT'], length=None, offset=0)
104 size = len(data[0])/2
105 hplmn = enc_plmn(mcc, mnc)
106 content = hplmn + access_tech
107 data, sw = self._scc.update_binary(EF['PLMNwAcT'], content + 'ffffff0000' * (size/5-1))
108 return sw
109
Philipp Maier5bf42602018-07-11 23:23:40 +0200[diff] [blame]110 def update_plmnsel(self, mcc, mnc):
111 data = self._scc.read_binary(EF['PLMNsel'], length=None, offset=0)
112 size = len(data[0])/2
113 hplmn = enc_plmn(mcc, mnc)
Philipp Maieraf9ae8b2018-07-13 11:15:49 +0200[diff] [blame]114 data, sw = self._scc.update_binary(EF['PLMNsel'], hplmn + 'ff' * (size-3))
115 return sw
Philipp Maier5bf42602018-07-11 23:23:40 +0200[diff] [blame]116
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]117 def update_smsp(self, smsp):
118 data, sw = self._scc.update_record(EF['SMSP'], 1, rpad(smsp, 84))
119 return sw
120
Philipp Maieree908ae2019-03-21 16:21:12 +0100[diff] [blame]121 def update_ad(self, mnc):
122 #See also: 3GPP TS 31.102, chapter 4.2.18
123 mnclen = len(str(mnc))
124 if mnclen == 1:
125 mnclen = 2
126 if mnclen > 3:
127 raise RuntimeError('unable to calculate proper mnclen')
128
129 data = self._scc.read_binary(EF['AD'], length=None, offset=0)
130 size = len(data[0])/2
131 content = data[0][0:6] + "%02X" % mnclen
132 data, sw = self._scc.update_binary(EF['AD'], content)
133 return sw
134
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]135 def read_spn(self):
136 (spn, sw) = self._scc.read_binary(EF['SPN'])
137 if sw == '9000':
138 return (dec_spn(spn), sw)
139 else:
140 return (None, sw)
141
142 def update_spn(self, name, hplmn_disp=False, oplmn_disp=False):
143 content = enc_spn(name, hplmn_disp, oplmn_disp)
144 data, sw = self._scc.update_binary(EF['SPN'], rpad(content, 32))
145 return sw
146
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]147
148class _MagicSimBase(Card):
149 """
150 Theses cards uses several record based EFs to store the provider infos,
151 each possible provider uses a specific record number in each EF. The
152 indexes used are ( where N is the number of providers supported ) :
153 - [2 .. N+1] for the operator name
154 - [1 .. N] for the programable EFs
155
156 * 3f00/7f4d/8f0c : Operator Name
157
158 bytes 0-15 : provider name, padded with 0xff
159 byte 16 : length of the provider name
160 byte 17 : 01 for valid records, 00 otherwise
161
162 * 3f00/7f4d/8f0d : Programmable Binary EFs
163
164 * 3f00/7f4d/8f0e : Programmable Record EFs
165
166 """
167
168 @classmethod
169 def autodetect(kls, scc):
170 try:
171 for p, l, t in kls._files.values():
172 if not t:
173 continue
174 if scc.record_size(['3f00', '7f4d', p]) != l:
175 return None
176 except:
177 return None
178
179 return kls(scc)
180
181 def _get_count(self):
182 """
183 Selects the file and returns the total number of entries
184 and entry size
185 """
186 f = self._files['name']
187
188 r = self._scc.select_file(['3f00', '7f4d', f[0]])
189 rec_len = int(r[-1][28:30], 16)
190 tlen = int(r[-1][4:8],16)
191 rec_cnt = (tlen / rec_len) - 1;
192
193 if (rec_cnt < 1) or (rec_len != f[1]):
194 raise RuntimeError('Bad card type')
195
196 return rec_cnt
197
198 def program(self, p):
199 # Go to dir
200 self._scc.select_file(['3f00', '7f4d'])
201
202 # Home PLMN in PLMN_Sel format
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]203 hplmn = enc_plmn(p['mcc'], p['mnc'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]204
205 # Operator name ( 3f00/7f4d/8f0c )
206 self._scc.update_record(self._files['name'][0], 2,
207 rpad(b2h(p['name']), 32) + ('%02x' % len(p['name'])) + '01'
208 )
209
210 # ICCID/IMSI/Ki/HPLMN ( 3f00/7f4d/8f0d )
211 v = ''
212
213 # inline Ki
214 if self._ki_file is None:
215 v += p['ki']
216
217 # ICCID
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]218 v += '3f00' + '2fe2' + '0a' + enc_iccid(p['iccid'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]219
220 # IMSI
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]221 v += '7f20' + '6f07' + '09' + enc_imsi(p['imsi'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]222
223 # Ki
224 if self._ki_file:
225 v += self._ki_file + '10' + p['ki']
226
227 # PLMN_Sel
228 v+= '6f30' + '18' + rpad(hplmn, 36)
229
Alexander Chemeris21885242013-07-02 16:56:55 +0400[diff] [blame]230 # ACC
231 # This doesn't work with "fake" SuperSIM cards,
232 # but will hopefully work with real SuperSIMs.
233 if p.get('acc') is not None:
234 v+= '6f78' + '02' + lpad(p['acc'], 4)
235
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]236 self._scc.update_record(self._files['b_ef'][0], 1,
237 rpad(v, self._files['b_ef'][1]*2)
238 )
239
240 # SMSP ( 3f00/7f4d/8f0e )
241 # FIXME
242
243 # Write PLMN_Sel forcefully as well
244 r = self._scc.select_file(['3f00', '7f20', '6f30'])
245 tl = int(r[-1][4:8], 16)
246
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]247 hplmn = enc_plmn(p['mcc'], p['mnc'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]248 self._scc.update_binary('6f30', hplmn + 'ff' * (tl-3))
249
250 def erase(self):
251 # Dummy
252 df = {}
253 for k, v in self._files.iteritems():
254 ofs = 1
255 fv = v[1] * 'ff'
256 if k == 'name':
257 ofs = 2
258 fv = fv[0:-4] + '0000'
259 df[v[0]] = (fv, ofs)
260
261 # Write
262 for n in range(0,self._get_count()):
263 for k, (msg, ofs) in df.iteritems():
264 self._scc.update_record(['3f00', '7f4d', k], n + ofs, msg)
265
266
267class SuperSim(_MagicSimBase):
268
269 name = 'supersim'
270
271 _files = {
272 'name' : ('8f0c', 18, True),
273 'b_ef' : ('8f0d', 74, True),
274 'r_ef' : ('8f0e', 50, True),
275 }
276
277 _ki_file = None
278
279
280class MagicSim(_MagicSimBase):
281
282 name = 'magicsim'
283
284 _files = {
285 'name' : ('8f0c', 18, True),
286 'b_ef' : ('8f0d', 130, True),
287 'r_ef' : ('8f0e', 102, False),
288 }
289
290 _ki_file = '6f1b'
291
292
293class FakeMagicSim(Card):
294 """
295 Theses cards have a record based EF 3f00/000c that contains the provider
296 informations. See the program method for its format. The records go from
297 1 to N.
298 """
299
300 name = 'fakemagicsim'
301
302 @classmethod
303 def autodetect(kls, scc):
304 try:
305 if scc.record_size(['3f00', '000c']) != 0x5a:
306 return None
307 except:
308 return None
309
310 return kls(scc)
311
312 def _get_infos(self):
313 """
314 Selects the file and returns the total number of entries
315 and entry size
316 """
317
318 r = self._scc.select_file(['3f00', '000c'])
319 rec_len = int(r[-1][28:30], 16)
320 tlen = int(r[-1][4:8],16)
321 rec_cnt = (tlen / rec_len) - 1;
322
323 if (rec_cnt < 1) or (rec_len != 0x5a):
324 raise RuntimeError('Bad card type')
325
326 return rec_cnt, rec_len
327
328 def program(self, p):
329 # Home PLMN
330 r = self._scc.select_file(['3f00', '7f20', '6f30'])
331 tl = int(r[-1][4:8], 16)
332
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]333 hplmn = enc_plmn(p['mcc'], p['mnc'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]334 self._scc.update_binary('6f30', hplmn + 'ff' * (tl-3))
335
336 # Get total number of entries and entry size
337 rec_cnt, rec_len = self._get_infos()
338
339 # Set first entry
340 entry = (
Philipp Maier45daa922019-04-01 15:49:45 +0200[diff] [blame]341 '81' + # 1b Status: Valid & Active
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]342 rpad(b2h(p['name'][0:14]), 28) + # 14b Entry Name
Philipp Maier45daa922019-04-01 15:49:45 +0200[diff] [blame]343 enc_iccid(p['iccid']) + # 10b ICCID
344 enc_imsi(p['imsi']) + # 9b IMSI_len + id_type(9) + IMSI
345 p['ki'] + # 16b Ki
346 lpad(p['smsp'], 80) # 40b SMSP (padded with ff if needed)
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]347 )
348 self._scc.update_record('000c', 1, entry)
349
350 def erase(self):
351 # Get total number of entries and entry size
352 rec_cnt, rec_len = self._get_infos()
353
354 # Erase all entries
355 entry = 'ff' * rec_len
356 for i in range(0, rec_cnt):
357 self._scc.update_record('000c', 1+i, entry)
358
Sylvain Munaut5da8d4e2013-07-02 15:13:24 +0200[diff] [blame]359
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]360class GrcardSim(Card):
361 """
362 Greencard (grcard.cn) HZCOS GSM SIM
363 These cards have a much more regular ISO 7816-4 / TS 11.11 structure,
364 and use standard UPDATE RECORD / UPDATE BINARY commands except for Ki.
365 """
366
367 name = 'grcardsim'
368
369 @classmethod
370 def autodetect(kls, scc):
371 return None
372
373 def program(self, p):
374 # We don't really know yet what ADM PIN 4 is about
375 #self._scc.verify_chv(4, h2b("4444444444444444"))
376
377 # Authenticate using ADM PIN 5
Jan Balkec3ebd332015-01-26 12:22:55 +0100[diff] [blame]378 if p['pin_adm']:
Philipp Maiera3de5a32018-08-23 10:27:04 +0200[diff] [blame]379 pin = h2b(p['pin_adm'])
Jan Balkec3ebd332015-01-26 12:22:55 +0100[diff] [blame]380 else:
381 pin = h2b("4444444444444444")
382 self._scc.verify_chv(5, pin)
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]383
384 # EF.ICCID
385 r = self._scc.select_file(['3f00', '2fe2'])
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]386 data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]387
388 # EF.IMSI
389 r = self._scc.select_file(['3f00', '7f20', '6f07'])
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]390 data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]391
392 # EF.ACC
Alexander Chemeris21885242013-07-02 16:56:55 +0400[diff] [blame]393 if p.get('acc') is not None:
394 data, sw = self._scc.update_binary('6f78', lpad(p['acc'], 4))
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]395
396 # EF.SMSP
Harald Welte23888da2019-08-28 23:19:11 +0200[diff] [blame^]397 if p.get('smsp'):
398 r = self._scc.select_file(['3f00', '7f10', '6f42'])
399 data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 80))
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]400
401 # Set the Ki using proprietary command
402 pdu = '80d4020010' + p['ki']
403 data, sw = self._scc._tp.send_apdu(pdu)
404
405 # EF.HPLMN
406 r = self._scc.select_file(['3f00', '7f20', '6f30'])
407 size = int(r[-1][4:8], 16)
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]408 hplmn = enc_plmn(p['mcc'], p['mnc'])
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]409 self._scc.update_binary('6f30', hplmn + 'ff' * (size-3))
410
411 # EF.SPN (Service Provider Name)
412 r = self._scc.select_file(['3f00', '7f20', '6f30'])
413 size = int(r[-1][4:8], 16)
414 # FIXME
415
416 # FIXME: EF.MSISDN
417
418 def erase(self):
419 return
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]420
Harald Weltee10394b2011-12-07 12:34:14 +0100[diff] [blame]421class SysmoSIMgr1(GrcardSim):
422 """
423 sysmocom sysmoSIM-GR1
424 These cards have a much more regular ISO 7816-4 / TS 11.11 structure,
425 and use standard UPDATE RECORD / UPDATE BINARY commands except for Ki.
426 """
427 name = 'sysmosim-gr1'
428
Philipp Maier087feff2018-08-23 09:41:36 +0200[diff] [blame]429 @classmethod
430 def autodetect(kls, scc):
431 try:
432 # Look for ATR
433 if scc.get_atr() == toBytes("3B 99 18 00 11 88 22 33 44 55 66 77 60"):
434 return kls(scc)
435 except:
436 return None
437 return None
Sylvain Munaut5da8d4e2013-07-02 15:13:24 +0200[diff] [blame]438
Holger Hans Peter Freyther4d91bf42012-03-22 14:28:38 +0100[diff] [blame]439class SysmoUSIMgr1(Card):
440 """
441 sysmocom sysmoUSIM-GR1
442 """
443 name = 'sysmoUSIM-GR1'
444
445 @classmethod
446 def autodetect(kls, scc):
447 # TODO: Access the ATR
448 return None
449
450 def program(self, p):
451 # TODO: check if verify_chv could be used or what it needs
452 # self._scc.verify_chv(0x0A, [0x33,0x32,0x32,0x31,0x33,0x32,0x33,0x32])
453 # Unlock the card..
454 data, sw = self._scc._tp.send_apdu_checksw("0020000A083332323133323332")
455
456 # TODO: move into SimCardCommands
Holger Hans Peter Freyther4d91bf42012-03-22 14:28:38 +0100[diff] [blame]457 par = ( p['ki'] + # 16b K
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]458 p['opc'] + # 32b OPC
459 enc_iccid(p['iccid']) + # 10b ICCID
460 enc_imsi(p['imsi']) # 9b IMSI_len + id_type(9) + IMSI
Holger Hans Peter Freyther4d91bf42012-03-22 14:28:38 +0100[diff] [blame]461 )
462 data, sw = self._scc._tp.send_apdu_checksw("0099000033" + par)
463
464 def erase(self):
465 return
466
Sylvain Munaut053c8952013-07-02 15:12:32 +0200[diff] [blame]467
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]468class SysmoSIMgr2(Card):
469 """
470 sysmocom sysmoSIM-GR2
471 """
472
473 name = 'sysmoSIM-GR2'
474
475 @classmethod
476 def autodetect(kls, scc):
Alexander Chemeris8ad124a2018-01-10 14:17:55 +0900[diff] [blame]477 try:
478 # Look for ATR
479 if scc.get_atr() == toBytes("3B 7D 94 00 00 55 55 53 0A 74 86 93 0B 24 7C 4D 54 68"):
480 return kls(scc)
481 except:
482 return None
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]483 return None
484
485 def program(self, p):
486
487 # select MF
488 r = self._scc.select_file(['3f00'])
489
490 # authenticate as SUPER ADM using default key
491 self._scc.verify_chv(0x0b, h2b("3838383838383838"))
492
493 # set ADM pin using proprietary command
494 # INS: D4
495 # P1: 3A for PIN, 3B for PUK
496 # P2: CHV number, as in VERIFY CHV for PIN, and as in UNBLOCK CHV for PUK
497 # P3: 08, CHV length (curiously the PUK is also 08 length, instead of 10)
Jan Balkec3ebd332015-01-26 12:22:55 +0100[diff] [blame]498 if p['pin_adm']:
499 pin = p['pin_adm']
500 else:
501 pin = h2b("4444444444444444")
502
503 pdu = 'A0D43A0508' + b2h(pin)
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]504 data, sw = self._scc._tp.send_apdu(pdu)
505
506 # authenticate as ADM (enough to write file, and can set PINs)
Jan Balkec3ebd332015-01-26 12:22:55 +0100[diff] [blame]507
508 self._scc.verify_chv(0x05, pin)
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]509
510 # write EF.ICCID
511 data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))
512
513 # select DF_GSM
514 r = self._scc.select_file(['7f20'])
515
516 # write EF.IMSI
517 data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
518
519 # write EF.ACC
520 if p.get('acc') is not None:
521 data, sw = self._scc.update_binary('6f78', lpad(p['acc'], 4))
522
523 # get size and write EF.HPLMN
524 r = self._scc.select_file(['6f30'])
525 size = int(r[-1][4:8], 16)
526 hplmn = enc_plmn(p['mcc'], p['mnc'])
527 self._scc.update_binary('6f30', hplmn + 'ff' * (size-3))
528
529 # set COMP128 version 0 in proprietary file
530 data, sw = self._scc.update_binary('0001', '001000')
531
532 # set Ki in proprietary file
533 data, sw = self._scc.update_binary('0001', p['ki'], 3)
534
535 # select DF_TELECOM
536 r = self._scc.select_file(['3f00', '7f10'])
537
538 # write EF.SMSP
Harald Welte23888da2019-08-28 23:19:11 +0200[diff] [blame^]539 if p.get('smsp'):
540 data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 80))
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]541
542 def erase(self):
543 return
544
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]545class SysmoUSIMSJS1(Card):
546 """
547 sysmocom sysmoUSIM-SJS1
548 """
549
550 name = 'sysmoUSIM-SJS1'
551
552 def __init__(self, ssc):
553 super(SysmoUSIMSJS1, self).__init__(ssc)
554 self._scc.cla_byte = "00"
Philipp Maier2d15ea02019-03-20 12:40:36 +0100[diff] [blame]555 self._scc.sel_ctrl = "0004" #request an FCP
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]556
557 @classmethod
558 def autodetect(kls, scc):
Alexander Chemeris8ad124a2018-01-10 14:17:55 +0900[diff] [blame]559 try:
560 # Look for ATR
561 if scc.get_atr() == toBytes("3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5"):
562 return kls(scc)
563 except:
564 return None
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]565 return None
566
567 def program(self, p):
568
Philipp Maiere9604882017-03-21 17:24:31 +0100[diff] [blame]569 # authenticate as ADM using default key (written on the card..)
570 if not p['pin_adm']:
571 raise ValueError("Please provide a PIN-ADM as there is no default one")
572 self._scc.verify_chv(0x0A, h2b(p['pin_adm']))
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]573
574 # select MF
575 r = self._scc.select_file(['3f00'])
576
Philipp Maiere9604882017-03-21 17:24:31 +0100[diff] [blame]577 # write EF.ICCID
578 data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))
579
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]580 # select DF_GSM
581 r = self._scc.select_file(['7f20'])
582
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]583 # set Ki in proprietary file
584 data, sw = self._scc.update_binary('00FF', p['ki'])
585
Philipp Maier1be35bf2018-07-13 11:29:03 +0200[diff] [blame]586 # set OPc in proprietary file
Daniel Willmann67acdbc2018-06-15 07:42:48 +0200[diff] [blame]587 if 'opc' in p:
588 content = "01" + p['opc']
589 data, sw = self._scc.update_binary('00F7', content)
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]590
591 # write EF.IMSI
592 data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
593
Philipp Maier2d15ea02019-03-20 12:40:36 +0100[diff] [blame]594 # EF.PLMNsel
595 if p.get('mcc') and p.get('mnc'):
596 sw = self.update_plmnsel(p['mcc'], p['mnc'])
597 if sw != '9000':
598 print("Programming PLMNsel failed with code %s"%sw)
599
600 # EF.PLMNwAcT
601 if p.get('mcc') and p.get('mnc'):
602 sw = self.update_plmn_act(p['mcc'], p['mnc'])
603 if sw != '9000':
604 print("Programming PLMNwAcT failed with code %s"%sw)
605
606 # EF.OPLMNwAcT
607 if p.get('mcc') and p.get('mnc'):
608 sw = self.update_oplmn_act(p['mcc'], p['mnc'])
609 if sw != '9000':
610 print("Programming OPLMNwAcT failed with code %s"%sw)
611
Philipp Maieree908ae2019-03-21 16:21:12 +0100[diff] [blame]612 # EF.AD
613 if p.get('mcc') and p.get('mnc'):
614 sw = self.update_ad(p['mnc'])
615 if sw != '9000':
616 print("Programming AD failed with code %s"%sw)
Philipp Maier2d15ea02019-03-20 12:40:36 +0100[diff] [blame]617
Daniel Willmann1d087ef2017-08-31 10:08:45 +0200[diff] [blame]618 # EF.SMSP
Harald Welte23888da2019-08-28 23:19:11 +0200[diff] [blame^]619 if p.get('smsp'):
620 r = self._scc.select_file(['3f00', '7f10'])
621 data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 104), force_len=True)
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]622
Alexander Chemerise0d9d882018-01-10 14:18:32 +0900[diff] [blame]623 def erase(self):
624 return
625
626
627class FairwavesSIM(Card):
628 """
629 FairwavesSIM
630
631 The SIM card is operating according to the standard.
632 For Ki/OP/OPC programming the following files are additionally open for writing:
633 3F00/7F20/FF01 – OP/OPC:
634 byte 1 = 0x01, bytes 2-17: OPC;
635 byte 1 = 0x00, bytes 2-17: OP;
636 3F00/7F20/FF02: Ki
637 """
638
639 name = 'Fairwaves SIM'
640 # Propriatary files
641 _EF_num = {
642 'Ki': 'FF02',
643 'OP/OPC': 'FF01',
644 }
645 _EF = {
646 'Ki': DF['GSM']+[_EF_num['Ki']],
647 'OP/OPC': DF['GSM']+[_EF_num['OP/OPC']],
648 }
649
650 def __init__(self, ssc):
651 super(FairwavesSIM, self).__init__(ssc)
652 self._adm_chv_num = 0x11
653 self._adm2_chv_num = 0x12
654
655
656 @classmethod
657 def autodetect(kls, scc):
658 try:
659 # Look for ATR
660 if scc.get_atr() == toBytes("3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 44 22 06 10 00 00 01 A9"):
661 return kls(scc)
662 except:
663 return None
664 return None
665
666
667 def verify_adm2(self, key):
668 '''
669 Authenticate with ADM2 key.
670
671 Fairwaves SIM cards support hierarchical key structure and ADM2 key
672 is a key which has access to proprietary files (Ki and OP/OPC).
673 That said, ADM key inherits permissions of ADM2 key and thus we rarely
674 need ADM2 key per se.
675 '''
676 (res, sw) = self._scc.verify_chv(self._adm2_chv_num, key)
677 return sw
678
679
680 def read_ki(self):
681 """
682 Read Ki in proprietary file.
683
684 Requires ADM1 access level
685 """
686 return self._scc.read_binary(self._EF['Ki'])
687
688
689 def update_ki(self, ki):
690 """
691 Set Ki in proprietary file.
692
693 Requires ADM1 access level
694 """
695 data, sw = self._scc.update_binary(self._EF['Ki'], ki)
696 return sw
697
698
699 def read_op_opc(self):
700 """
701 Read Ki in proprietary file.
702
703 Requires ADM1 access level
704 """
705 (ef, sw) = self._scc.read_binary(self._EF['OP/OPC'])
706 type = 'OP' if ef[0:2] == '00' else 'OPC'
707 return ((type, ef[2:]), sw)
708
709
710 def update_op(self, op):
711 """
712 Set OP in proprietary file.
713
714 Requires ADM1 access level
715 """
716 content = '00' + op
717 data, sw = self._scc.update_binary(self._EF['OP/OPC'], content)
718 return sw
719
720
721 def update_opc(self, opc):
722 """
723 Set OPC in proprietary file.
724
725 Requires ADM1 access level
726 """
727 content = '01' + opc
728 data, sw = self._scc.update_binary(self._EF['OP/OPC'], content)
729 return sw
730
731
732 def program(self, p):
733 # authenticate as ADM1
734 if not p['pin_adm']:
735 raise ValueError("Please provide a PIN-ADM as there is no default one")
736 sw = self.verify_adm(h2b(p['pin_adm']))
737 if sw != '9000':
738 raise RuntimeError('Failed to authenticate with ADM key %s'%(p['pin_adm'],))
739
740 # TODO: Set operator name
741 if p.get('smsp') is not None:
742 sw = self.update_smsp(p['smsp'])
743 if sw != '9000':
744 print("Programming SMSP failed with code %s"%sw)
745 # This SIM doesn't support changing ICCID
746 if p.get('mcc') is not None and p.get('mnc') is not None:
747 sw = self.update_hplmn_act(p['mcc'], p['mnc'])
748 if sw != '9000':
749 print("Programming MCC/MNC failed with code %s"%sw)
750 if p.get('imsi') is not None:
751 sw = self.update_imsi(p['imsi'])
752 if sw != '9000':
753 print("Programming IMSI failed with code %s"%sw)
754 if p.get('ki') is not None:
755 sw = self.update_ki(p['ki'])
756 if sw != '9000':
757 print("Programming Ki failed with code %s"%sw)
758 if p.get('opc') is not None:
759 sw = self.update_opc(p['opc'])
760 if sw != '9000':
761 print("Programming OPC failed with code %s"%sw)
762 if p.get('acc') is not None:
763 sw = self.update_acc(p['acc'])
764 if sw != '9000':
765 print("Programming ACC failed with code %s"%sw)
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]766
767 def erase(self):
768 return
769
770
Todd Neal9eeadfc2018-04-25 15:36:29 -0500[diff] [blame]771class OpenCellsSim(Card):
772 """
773 OpenCellsSim
774
775 """
776
777 name = 'OpenCells SIM'
778
779 def __init__(self, ssc):
780 super(OpenCellsSim, self).__init__(ssc)
781 self._adm_chv_num = 0x0A
782
783
784 @classmethod
785 def autodetect(kls, scc):
786 try:
787 # Look for ATR
788 if scc.get_atr() == toBytes("3B 9F 95 80 1F C3 80 31 E0 73 FE 21 13 57 86 81 02 86 98 44 18 A8"):
789 return kls(scc)
790 except:
791 return None
792 return None
793
794
795 def program(self, p):
796 if not p['pin_adm']:
797 raise ValueError("Please provide a PIN-ADM as there is no default one")
798 self._scc.verify_chv(0x0A, h2b(p['pin_adm']))
799
800 # select MF
801 r = self._scc.select_file(['3f00'])
802
803 # write EF.ICCID
804 data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))
805
806 r = self._scc.select_file(['7ff0'])
807
808 # set Ki in proprietary file
809 data, sw = self._scc.update_binary('FF02', p['ki'])
810
811 # set OPC in proprietary file
812 data, sw = self._scc.update_binary('FF01', p['opc'])
813
814 # select DF_GSM
815 r = self._scc.select_file(['7f20'])
816
817 # write EF.IMSI
818 data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
819
Philipp Maierc8ce82a2018-07-04 17:57:20 +0200[diff] [blame]820class WavemobileSim(Card):
821 """
822 WavemobileSim
823
824 """
825
826 name = 'Wavemobile-SIM'
827
828 def __init__(self, ssc):
829 super(WavemobileSim, self).__init__(ssc)
830 self._adm_chv_num = 0x0A
831 self._scc.cla_byte = "00"
832 self._scc.sel_ctrl = "0004" #request an FCP
833
834 @classmethod
835 def autodetect(kls, scc):
836 try:
837 # Look for ATR
838 if scc.get_atr() == toBytes("3B 9F 95 80 1F C7 80 31 E0 73 F6 21 13 67 4D 45 16 00 43 01 00 8F"):
839 return kls(scc)
840 except:
841 return None
842 return None
843
844 def program(self, p):
845 if not p['pin_adm']:
846 raise ValueError("Please provide a PIN-ADM as there is no default one")
847 sw = self.verify_adm(h2b(p['pin_adm']))
848 if sw != '9000':
849 raise RuntimeError('Failed to authenticate with ADM key %s'%(p['pin_adm'],))
850
851 # EF.ICCID
852 # TODO: Add programming of the ICCID
853 if p.get('iccid'):
854 print("Warning: Programming of the ICCID is not implemented for this type of card.")
855
856 # KI (Presumably a propritary file)
857 # TODO: Add programming of KI
858 if p.get('ki'):
859 print("Warning: Programming of the KI is not implemented for this type of card.")
860
861 # OPc (Presumably a propritary file)
862 # TODO: Add programming of OPc
863 if p.get('opc'):
864 print("Warning: Programming of the OPc is not implemented for this type of card.")
865
866 # EF.SMSP
867 if p.get('smsp'):
868 sw = self.update_smsp(p['smsp'])
869 if sw != '9000':
870 print("Programming SMSP failed with code %s"%sw)
871
872 # EF.IMSI
873 if p.get('imsi'):
874 sw = self.update_imsi(p['imsi'])
875 if sw != '9000':
876 print("Programming IMSI failed with code %s"%sw)
877
878 # EF.ACC
879 if p.get('acc'):
880 sw = self.update_acc(p['acc'])
881 if sw != '9000':
882 print("Programming ACC failed with code %s"%sw)
883
884 # EF.PLMNsel
885 if p.get('mcc') and p.get('mnc'):
886 sw = self.update_plmnsel(p['mcc'], p['mnc'])
887 if sw != '9000':
888 print("Programming PLMNsel failed with code %s"%sw)
889
890 # EF.PLMNwAcT
891 if p.get('mcc') and p.get('mnc'):
892 sw = self.update_plmn_act(p['mcc'], p['mnc'])
893 if sw != '9000':
894 print("Programming PLMNwAcT failed with code %s"%sw)
895
896 # EF.OPLMNwAcT
897 if p.get('mcc') and p.get('mnc'):
898 sw = self.update_oplmn_act(p['mcc'], p['mnc'])
899 if sw != '9000':
900 print("Programming OPLMNwAcT failed with code %s"%sw)
901
Philipp Maier6e507a72019-04-01 16:33:48 +0200[diff] [blame]902 # EF.AD
903 if p.get('mcc') and p.get('mnc'):
904 sw = self.update_ad(p['mnc'])
905 if sw != '9000':
906 print("Programming AD failed with code %s"%sw)
907
Philipp Maierc8ce82a2018-07-04 17:57:20 +0200[diff] [blame]908 return None
909
910 def erase(self):
911 return
912
Todd Neal9eeadfc2018-04-25 15:36:29 -0500[diff] [blame]913
914# In order for autodetection ...
Harald Weltee10394b2011-12-07 12:34:14 +0100[diff] [blame]915_cards_classes = [ FakeMagicSim, SuperSim, MagicSim, GrcardSim,
Alexander Chemerise0d9d882018-01-10 14:18:32 +0900[diff] [blame]916 SysmoSIMgr1, SysmoSIMgr2, SysmoUSIMgr1, SysmoUSIMSJS1,
Philipp Maierc8ce82a2018-07-04 17:57:20 +0200[diff] [blame]917 FairwavesSIM, OpenCellsSim, WavemobileSim ]
Alexander Chemeris8ad124a2018-01-10 14:17:55 +0900[diff] [blame]918
919def card_autodetect(scc):
920 for kls in _cards_classes:
921 card = kls.autodetect(scc)
922 if card is not None:
923 card.reset()
924 return card
925 return None