Gitiles
Code Review Sign In
gerrit.osmocom.org / pysim / 52f59aca780f7c7a8e82142fb53c179156acc19b / . / pySim / cards.py
blob: a72a52f7e7cf0257e6a2d3b568c8f54b012c566b [file] [log] [blame]
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]1#!/usr/bin/env python
2# -*- coding: utf-8 -*-
3
4""" pySim: Card programmation logic
5"""
6
7#
8# Copyright (C) 2009-2010 Sylvain Munaut <tnt@246tNt.com>
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]9# Copyright (C) 2011 Harald Welte <laforge@gnumonks.org>
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]10# Copyright (C) 2017 Alexander.Chemeris <Alexander.Chemeris@gmail.com>
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]11#
12# This program is free software: you can redistribute it and/or modify
13# it under the terms of the GNU General Public License as published by
14# the Free Software Foundation, either version 2 of the License, or
15# (at your option) any later version.
16#
17# This program is distributed in the hope that it will be useful,
18# but WITHOUT ANY WARRANTY; without even the implied warranty of
19# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20# GNU General Public License for more details.
21#
22# You should have received a copy of the GNU General Public License
23# along with this program. If not, see <http://www.gnu.org/licenses/>.
24#
25
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]26from pySim.ts_51_011 import EF, DF
27from pySim.utils import *
Alexander Chemeris8ad124a2018-01-10 14:17:55 +0900[diff] [blame]28from smartcard.util import toBytes
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]29
30class Card(object):
31
32 def __init__(self, scc):
33 self._scc = scc
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]34 self._adm_chv_num = 4
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]35
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]36 def reset(self):
37 self._scc.reset_card()
38
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]39 def verify_adm(self, key):
40 '''
41 Authenticate with ADM key
42 '''
43 (res, sw) = self._scc.verify_chv(self._adm_chv_num, key)
44 return sw
45
46 def read_iccid(self):
47 (res, sw) = self._scc.read_binary(EF['ICCID'])
48 if sw == '9000':
49 return (dec_iccid(res), sw)
50 else:
51 return (None, sw)
52
53 def read_imsi(self):
54 (res, sw) = self._scc.read_binary(EF['IMSI'])
55 if sw == '9000':
56 return (dec_imsi(res), sw)
57 else:
58 return (None, sw)
59
60 def update_imsi(self, imsi):
61 data, sw = self._scc.update_binary(EF['IMSI'], enc_imsi(imsi))
62 return sw
63
64 def update_acc(self, acc):
65 data, sw = self._scc.update_binary(EF['ACC'], lpad(acc, 4))
66 return sw
67
68 def update_hplmn_act(self, mcc, mnc, access_tech='FFFF'):
69 """
70 Update Home PLMN with access technology bit-field
71
72 See Section "10.3.37 EFHPLMNwAcT (HPLMN Selector with Access Technology)"
73 in ETSI TS 151 011 for the details of the access_tech field coding.
74 Some common values:
75 access_tech = '0080' # Only GSM is selected
76 access_tech = 'FFFF' # All technologues selected, even Reserved for Future Use ones
77 """
78 # get size and write EF.HPLMNwAcT
79 r = self._scc.select_file(EF['HPLMNwAcT'])
80 size = int(r[-1][4:8], 16)
81 hplmn = enc_plmn(mcc, mnc)
82 content = hplmn + access_tech
83 data, sw = self._scc.update_binary(EF['HPLMNwAcT'], content + 'ffffff0000' * (size/5-1))
84 return sw
85
Philipp Maier5bf42602018-07-11 23:23:40 +0200[diff] [blame]86 def update_plmnsel(self, mcc, mnc):
87 data = self._scc.read_binary(EF['PLMNsel'], length=None, offset=0)
88 size = len(data[0])/2
89 hplmn = enc_plmn(mcc, mnc)
Philipp Maieraf9ae8b2018-07-13 11:15:49 +0200[diff] [blame]90 data, sw = self._scc.update_binary(EF['PLMNsel'], hplmn + 'ff' * (size-3))
91 return sw
Philipp Maier5bf42602018-07-11 23:23:40 +0200[diff] [blame]92
Alexander Chemeriseb6807d2017-07-18 17:04:38 +0300[diff] [blame]93 def update_smsp(self, smsp):
94 data, sw = self._scc.update_record(EF['SMSP'], 1, rpad(smsp, 84))
95 return sw
96
97 def read_spn(self):
98 (spn, sw) = self._scc.read_binary(EF['SPN'])
99 if sw == '9000':
100 return (dec_spn(spn), sw)
101 else:
102 return (None, sw)
103
104 def update_spn(self, name, hplmn_disp=False, oplmn_disp=False):
105 content = enc_spn(name, hplmn_disp, oplmn_disp)
106 data, sw = self._scc.update_binary(EF['SPN'], rpad(content, 32))
107 return sw
108
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]109
110class _MagicSimBase(Card):
111 """
112 Theses cards uses several record based EFs to store the provider infos,
113 each possible provider uses a specific record number in each EF. The
114 indexes used are ( where N is the number of providers supported ) :
115 - [2 .. N+1] for the operator name
116 - [1 .. N] for the programable EFs
117
118 * 3f00/7f4d/8f0c : Operator Name
119
120 bytes 0-15 : provider name, padded with 0xff
121 byte 16 : length of the provider name
122 byte 17 : 01 for valid records, 00 otherwise
123
124 * 3f00/7f4d/8f0d : Programmable Binary EFs
125
126 * 3f00/7f4d/8f0e : Programmable Record EFs
127
128 """
129
130 @classmethod
131 def autodetect(kls, scc):
132 try:
133 for p, l, t in kls._files.values():
134 if not t:
135 continue
136 if scc.record_size(['3f00', '7f4d', p]) != l:
137 return None
138 except:
139 return None
140
141 return kls(scc)
142
143 def _get_count(self):
144 """
145 Selects the file and returns the total number of entries
146 and entry size
147 """
148 f = self._files['name']
149
150 r = self._scc.select_file(['3f00', '7f4d', f[0]])
151 rec_len = int(r[-1][28:30], 16)
152 tlen = int(r[-1][4:8],16)
153 rec_cnt = (tlen / rec_len) - 1;
154
155 if (rec_cnt < 1) or (rec_len != f[1]):
156 raise RuntimeError('Bad card type')
157
158 return rec_cnt
159
160 def program(self, p):
161 # Go to dir
162 self._scc.select_file(['3f00', '7f4d'])
163
164 # Home PLMN in PLMN_Sel format
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]165 hplmn = enc_plmn(p['mcc'], p['mnc'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]166
167 # Operator name ( 3f00/7f4d/8f0c )
168 self._scc.update_record(self._files['name'][0], 2,
169 rpad(b2h(p['name']), 32) + ('%02x' % len(p['name'])) + '01'
170 )
171
172 # ICCID/IMSI/Ki/HPLMN ( 3f00/7f4d/8f0d )
173 v = ''
174
175 # inline Ki
176 if self._ki_file is None:
177 v += p['ki']
178
179 # ICCID
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]180 v += '3f00' + '2fe2' + '0a' + enc_iccid(p['iccid'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]181
182 # IMSI
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]183 v += '7f20' + '6f07' + '09' + enc_imsi(p['imsi'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]184
185 # Ki
186 if self._ki_file:
187 v += self._ki_file + '10' + p['ki']
188
189 # PLMN_Sel
190 v+= '6f30' + '18' + rpad(hplmn, 36)
191
Alexander Chemeris21885242013-07-02 16:56:55 +0400[diff] [blame]192 # ACC
193 # This doesn't work with "fake" SuperSIM cards,
194 # but will hopefully work with real SuperSIMs.
195 if p.get('acc') is not None:
196 v+= '6f78' + '02' + lpad(p['acc'], 4)
197
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]198 self._scc.update_record(self._files['b_ef'][0], 1,
199 rpad(v, self._files['b_ef'][1]*2)
200 )
201
202 # SMSP ( 3f00/7f4d/8f0e )
203 # FIXME
204
205 # Write PLMN_Sel forcefully as well
206 r = self._scc.select_file(['3f00', '7f20', '6f30'])
207 tl = int(r[-1][4:8], 16)
208
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]209 hplmn = enc_plmn(p['mcc'], p['mnc'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]210 self._scc.update_binary('6f30', hplmn + 'ff' * (tl-3))
211
212 def erase(self):
213 # Dummy
214 df = {}
215 for k, v in self._files.iteritems():
216 ofs = 1
217 fv = v[1] * 'ff'
218 if k == 'name':
219 ofs = 2
220 fv = fv[0:-4] + '0000'
221 df[v[0]] = (fv, ofs)
222
223 # Write
224 for n in range(0,self._get_count()):
225 for k, (msg, ofs) in df.iteritems():
226 self._scc.update_record(['3f00', '7f4d', k], n + ofs, msg)
227
228
229class SuperSim(_MagicSimBase):
230
231 name = 'supersim'
232
233 _files = {
234 'name' : ('8f0c', 18, True),
235 'b_ef' : ('8f0d', 74, True),
236 'r_ef' : ('8f0e', 50, True),
237 }
238
239 _ki_file = None
240
241
242class MagicSim(_MagicSimBase):
243
244 name = 'magicsim'
245
246 _files = {
247 'name' : ('8f0c', 18, True),
248 'b_ef' : ('8f0d', 130, True),
249 'r_ef' : ('8f0e', 102, False),
250 }
251
252 _ki_file = '6f1b'
253
254
255class FakeMagicSim(Card):
256 """
257 Theses cards have a record based EF 3f00/000c that contains the provider
258 informations. See the program method for its format. The records go from
259 1 to N.
260 """
261
262 name = 'fakemagicsim'
263
264 @classmethod
265 def autodetect(kls, scc):
266 try:
267 if scc.record_size(['3f00', '000c']) != 0x5a:
268 return None
269 except:
270 return None
271
272 return kls(scc)
273
274 def _get_infos(self):
275 """
276 Selects the file and returns the total number of entries
277 and entry size
278 """
279
280 r = self._scc.select_file(['3f00', '000c'])
281 rec_len = int(r[-1][28:30], 16)
282 tlen = int(r[-1][4:8],16)
283 rec_cnt = (tlen / rec_len) - 1;
284
285 if (rec_cnt < 1) or (rec_len != 0x5a):
286 raise RuntimeError('Bad card type')
287
288 return rec_cnt, rec_len
289
290 def program(self, p):
291 # Home PLMN
292 r = self._scc.select_file(['3f00', '7f20', '6f30'])
293 tl = int(r[-1][4:8], 16)
294
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]295 hplmn = enc_plmn(p['mcc'], p['mnc'])
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]296 self._scc.update_binary('6f30', hplmn + 'ff' * (tl-3))
297
298 # Get total number of entries and entry size
299 rec_cnt, rec_len = self._get_infos()
300
301 # Set first entry
302 entry = (
303 '81' + # 1b Status: Valid & Active
304 rpad(b2h(p['name'][0:14]), 28) + # 14b Entry Name
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]305 enc_iccid(p['iccid']) + # 10b ICCID
306 enc_imsi(p['imsi']) + # 9b IMSI_len + id_type(9) + IMSI
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]307 p['ki'] + # 16b Ki
Sylvain Munaut8ca49e92011-12-10 09:57:50 +0100[diff] [blame]308 lpad(p['smsp'], 80) # 40b SMSP (padded with ff if needed)
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]309 )
310 self._scc.update_record('000c', 1, entry)
311
312 def erase(self):
313 # Get total number of entries and entry size
314 rec_cnt, rec_len = self._get_infos()
315
316 # Erase all entries
317 entry = 'ff' * rec_len
318 for i in range(0, rec_cnt):
319 self._scc.update_record('000c', 1+i, entry)
320
Sylvain Munaut5da8d4e2013-07-02 15:13:24 +0200[diff] [blame]321
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]322class GrcardSim(Card):
323 """
324 Greencard (grcard.cn) HZCOS GSM SIM
325 These cards have a much more regular ISO 7816-4 / TS 11.11 structure,
326 and use standard UPDATE RECORD / UPDATE BINARY commands except for Ki.
327 """
328
329 name = 'grcardsim'
330
331 @classmethod
332 def autodetect(kls, scc):
333 return None
334
335 def program(self, p):
336 # We don't really know yet what ADM PIN 4 is about
337 #self._scc.verify_chv(4, h2b("4444444444444444"))
338
339 # Authenticate using ADM PIN 5
Jan Balkec3ebd332015-01-26 12:22:55 +0100[diff] [blame]340 if p['pin_adm']:
341 pin = p['pin_adm']
342 else:
343 pin = h2b("4444444444444444")
344 self._scc.verify_chv(5, pin)
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]345
346 # EF.ICCID
347 r = self._scc.select_file(['3f00', '2fe2'])
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]348 data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]349
350 # EF.IMSI
351 r = self._scc.select_file(['3f00', '7f20', '6f07'])
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]352 data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]353
354 # EF.ACC
Alexander Chemeris21885242013-07-02 16:56:55 +0400[diff] [blame]355 if p.get('acc') is not None:
356 data, sw = self._scc.update_binary('6f78', lpad(p['acc'], 4))
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]357
358 # EF.SMSP
359 r = self._scc.select_file(['3f00', '7f10', '6f42'])
Sylvain Munaut8ca49e92011-12-10 09:57:50 +0100[diff] [blame]360 data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 80))
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]361
362 # Set the Ki using proprietary command
363 pdu = '80d4020010' + p['ki']
364 data, sw = self._scc._tp.send_apdu(pdu)
365
366 # EF.HPLMN
367 r = self._scc.select_file(['3f00', '7f20', '6f30'])
368 size = int(r[-1][4:8], 16)
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]369 hplmn = enc_plmn(p['mcc'], p['mnc'])
Harald Welte3156d902011-03-22 21:48:19 +0100[diff] [blame]370 self._scc.update_binary('6f30', hplmn + 'ff' * (size-3))
371
372 # EF.SPN (Service Provider Name)
373 r = self._scc.select_file(['3f00', '7f20', '6f30'])
374 size = int(r[-1][4:8], 16)
375 # FIXME
376
377 # FIXME: EF.MSISDN
378
379 def erase(self):
380 return
Sylvain Munaut76504e02010-12-07 00:24:32 +0100[diff] [blame]381
Harald Weltee10394b2011-12-07 12:34:14 +0100[diff] [blame]382class SysmoSIMgr1(GrcardSim):
383 """
384 sysmocom sysmoSIM-GR1
385 These cards have a much more regular ISO 7816-4 / TS 11.11 structure,
386 and use standard UPDATE RECORD / UPDATE BINARY commands except for Ki.
387 """
388 name = 'sysmosim-gr1'
389
Sylvain Munaut5da8d4e2013-07-02 15:13:24 +0200[diff] [blame]390
Holger Hans Peter Freyther4d91bf42012-03-22 14:28:38 +0100[diff] [blame]391class SysmoUSIMgr1(Card):
392 """
393 sysmocom sysmoUSIM-GR1
394 """
395 name = 'sysmoUSIM-GR1'
396
397 @classmethod
398 def autodetect(kls, scc):
399 # TODO: Access the ATR
400 return None
401
402 def program(self, p):
403 # TODO: check if verify_chv could be used or what it needs
404 # self._scc.verify_chv(0x0A, [0x33,0x32,0x32,0x31,0x33,0x32,0x33,0x32])
405 # Unlock the card..
406 data, sw = self._scc._tp.send_apdu_checksw("0020000A083332323133323332")
407
408 # TODO: move into SimCardCommands
Holger Hans Peter Freyther4d91bf42012-03-22 14:28:38 +0100[diff] [blame]409 par = ( p['ki'] + # 16b K
Alexander Chemeris7be92ff2013-07-10 11:18:06 +0400[diff] [blame]410 p['opc'] + # 32b OPC
411 enc_iccid(p['iccid']) + # 10b ICCID
412 enc_imsi(p['imsi']) # 9b IMSI_len + id_type(9) + IMSI
Holger Hans Peter Freyther4d91bf42012-03-22 14:28:38 +0100[diff] [blame]413 )
414 data, sw = self._scc._tp.send_apdu_checksw("0099000033" + par)
415
416 def erase(self):
417 return
418
Sylvain Munaut053c8952013-07-02 15:12:32 +0200[diff] [blame]419
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]420class SysmoSIMgr2(Card):
421 """
422 sysmocom sysmoSIM-GR2
423 """
424
425 name = 'sysmoSIM-GR2'
426
427 @classmethod
428 def autodetect(kls, scc):
Alexander Chemeris8ad124a2018-01-10 14:17:55 +0900[diff] [blame]429 try:
430 # Look for ATR
431 if scc.get_atr() == toBytes("3B 7D 94 00 00 55 55 53 0A 74 86 93 0B 24 7C 4D 54 68"):
432 return kls(scc)
433 except:
434 return None
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]435 return None
436
437 def program(self, p):
438
439 # select MF
440 r = self._scc.select_file(['3f00'])
441
442 # authenticate as SUPER ADM using default key
443 self._scc.verify_chv(0x0b, h2b("3838383838383838"))
444
445 # set ADM pin using proprietary command
446 # INS: D4
447 # P1: 3A for PIN, 3B for PUK
448 # P2: CHV number, as in VERIFY CHV for PIN, and as in UNBLOCK CHV for PUK
449 # P3: 08, CHV length (curiously the PUK is also 08 length, instead of 10)
Jan Balkec3ebd332015-01-26 12:22:55 +0100[diff] [blame]450 if p['pin_adm']:
451 pin = p['pin_adm']
452 else:
453 pin = h2b("4444444444444444")
454
455 pdu = 'A0D43A0508' + b2h(pin)
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]456 data, sw = self._scc._tp.send_apdu(pdu)
457
458 # authenticate as ADM (enough to write file, and can set PINs)
Jan Balkec3ebd332015-01-26 12:22:55 +0100[diff] [blame]459
460 self._scc.verify_chv(0x05, pin)
Sylvain Munaut2fc205c2013-12-23 17:22:56 +0100[diff] [blame]461
462 # write EF.ICCID
463 data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))
464
465 # select DF_GSM
466 r = self._scc.select_file(['7f20'])
467
468 # write EF.IMSI
469 data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
470
471 # write EF.ACC
472 if p.get('acc') is not None:
473 data, sw = self._scc.update_binary('6f78', lpad(p['acc'], 4))
474
475 # get size and write EF.HPLMN
476 r = self._scc.select_file(['6f30'])
477 size = int(r[-1][4:8], 16)
478 hplmn = enc_plmn(p['mcc'], p['mnc'])
479 self._scc.update_binary('6f30', hplmn + 'ff' * (size-3))
480
481 # set COMP128 version 0 in proprietary file
482 data, sw = self._scc.update_binary('0001', '001000')
483
484 # set Ki in proprietary file
485 data, sw = self._scc.update_binary('0001', p['ki'], 3)
486
487 # select DF_TELECOM
488 r = self._scc.select_file(['3f00', '7f10'])
489
490 # write EF.SMSP
491 data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 80))
492
493 def erase(self):
494 return
495
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]496class SysmoUSIMSJS1(Card):
497 """
498 sysmocom sysmoUSIM-SJS1
499 """
500
501 name = 'sysmoUSIM-SJS1'
502
503 def __init__(self, ssc):
504 super(SysmoUSIMSJS1, self).__init__(ssc)
505 self._scc.cla_byte = "00"
Philipp Maier41460862017-03-21 12:05:30 +0100[diff] [blame]506 self._scc.sel_ctrl = "000C"
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]507
508 @classmethod
509 def autodetect(kls, scc):
Alexander Chemeris8ad124a2018-01-10 14:17:55 +0900[diff] [blame]510 try:
511 # Look for ATR
512 if scc.get_atr() == toBytes("3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5"):
513 return kls(scc)
514 except:
515 return None
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]516 return None
517
518 def program(self, p):
519
Philipp Maiere9604882017-03-21 17:24:31 +0100[diff] [blame]520 # authenticate as ADM using default key (written on the card..)
521 if not p['pin_adm']:
522 raise ValueError("Please provide a PIN-ADM as there is no default one")
523 self._scc.verify_chv(0x0A, h2b(p['pin_adm']))
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]524
525 # select MF
526 r = self._scc.select_file(['3f00'])
527
Philipp Maiere9604882017-03-21 17:24:31 +0100[diff] [blame]528 # write EF.ICCID
529 data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))
530
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]531 # select DF_GSM
532 r = self._scc.select_file(['7f20'])
533
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]534 # set Ki in proprietary file
535 data, sw = self._scc.update_binary('00FF', p['ki'])
536
Philipp Maier1be35bf2018-07-13 11:29:03 +0200[diff] [blame]537 # set OPc in proprietary file
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]538 content = "01" + p['opc']
539 data, sw = self._scc.update_binary('00F7', content)
540
541
542 # write EF.IMSI
543 data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
544
Daniel Willmann1d087ef2017-08-31 10:08:45 +0200[diff] [blame]545 # EF.SMSP
546 r = self._scc.select_file(['3f00', '7f10'])
547 data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 104), force_len=True)
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]548
Alexander Chemerise0d9d882018-01-10 14:18:32 +0900[diff] [blame]549 def erase(self):
550 return
551
552
553class FairwavesSIM(Card):
554 """
555 FairwavesSIM
556
557 The SIM card is operating according to the standard.
558 For Ki/OP/OPC programming the following files are additionally open for writing:
559 3F00/7F20/FF01 – OP/OPC:
560 byte 1 = 0x01, bytes 2-17: OPC;
561 byte 1 = 0x00, bytes 2-17: OP;
562 3F00/7F20/FF02: Ki
563 """
564
565 name = 'Fairwaves SIM'
566 # Propriatary files
567 _EF_num = {
568 'Ki': 'FF02',
569 'OP/OPC': 'FF01',
570 }
571 _EF = {
572 'Ki': DF['GSM']+[_EF_num['Ki']],
573 'OP/OPC': DF['GSM']+[_EF_num['OP/OPC']],
574 }
575
576 def __init__(self, ssc):
577 super(FairwavesSIM, self).__init__(ssc)
578 self._adm_chv_num = 0x11
579 self._adm2_chv_num = 0x12
580
581
582 @classmethod
583 def autodetect(kls, scc):
584 try:
585 # Look for ATR
586 if scc.get_atr() == toBytes("3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 44 22 06 10 00 00 01 A9"):
587 return kls(scc)
588 except:
589 return None
590 return None
591
592
593 def verify_adm2(self, key):
594 '''
595 Authenticate with ADM2 key.
596
597 Fairwaves SIM cards support hierarchical key structure and ADM2 key
598 is a key which has access to proprietary files (Ki and OP/OPC).
599 That said, ADM key inherits permissions of ADM2 key and thus we rarely
600 need ADM2 key per se.
601 '''
602 (res, sw) = self._scc.verify_chv(self._adm2_chv_num, key)
603 return sw
604
605
606 def read_ki(self):
607 """
608 Read Ki in proprietary file.
609
610 Requires ADM1 access level
611 """
612 return self._scc.read_binary(self._EF['Ki'])
613
614
615 def update_ki(self, ki):
616 """
617 Set Ki in proprietary file.
618
619 Requires ADM1 access level
620 """
621 data, sw = self._scc.update_binary(self._EF['Ki'], ki)
622 return sw
623
624
625 def read_op_opc(self):
626 """
627 Read Ki in proprietary file.
628
629 Requires ADM1 access level
630 """
631 (ef, sw) = self._scc.read_binary(self._EF['OP/OPC'])
632 type = 'OP' if ef[0:2] == '00' else 'OPC'
633 return ((type, ef[2:]), sw)
634
635
636 def update_op(self, op):
637 """
638 Set OP in proprietary file.
639
640 Requires ADM1 access level
641 """
642 content = '00' + op
643 data, sw = self._scc.update_binary(self._EF['OP/OPC'], content)
644 return sw
645
646
647 def update_opc(self, opc):
648 """
649 Set OPC in proprietary file.
650
651 Requires ADM1 access level
652 """
653 content = '01' + opc
654 data, sw = self._scc.update_binary(self._EF['OP/OPC'], content)
655 return sw
656
657
658 def program(self, p):
659 # authenticate as ADM1
660 if not p['pin_adm']:
661 raise ValueError("Please provide a PIN-ADM as there is no default one")
662 sw = self.verify_adm(h2b(p['pin_adm']))
663 if sw != '9000':
664 raise RuntimeError('Failed to authenticate with ADM key %s'%(p['pin_adm'],))
665
666 # TODO: Set operator name
667 if p.get('smsp') is not None:
668 sw = self.update_smsp(p['smsp'])
669 if sw != '9000':
670 print("Programming SMSP failed with code %s"%sw)
671 # This SIM doesn't support changing ICCID
672 if p.get('mcc') is not None and p.get('mnc') is not None:
673 sw = self.update_hplmn_act(p['mcc'], p['mnc'])
674 if sw != '9000':
675 print("Programming MCC/MNC failed with code %s"%sw)
676 if p.get('imsi') is not None:
677 sw = self.update_imsi(p['imsi'])
678 if sw != '9000':
679 print("Programming IMSI failed with code %s"%sw)
680 if p.get('ki') is not None:
681 sw = self.update_ki(p['ki'])
682 if sw != '9000':
683 print("Programming Ki failed with code %s"%sw)
684 if p.get('opc') is not None:
685 sw = self.update_opc(p['opc'])
686 if sw != '9000':
687 print("Programming OPC failed with code %s"%sw)
688 if p.get('acc') is not None:
689 sw = self.update_acc(p['acc'])
690 if sw != '9000':
691 print("Programming ACC failed with code %s"%sw)
Jan Balke3e840672015-01-26 15:36:27 +0100[diff] [blame]692
693 def erase(self):
694 return
695
696
Todd Neal9eeadfc2018-04-25 15:36:29 -0500[diff] [blame]697class OpenCellsSim(Card):
698 """
699 OpenCellsSim
700
701 """
702
703 name = 'OpenCells SIM'
704
705 def __init__(self, ssc):
706 super(OpenCellsSim, self).__init__(ssc)
707 self._adm_chv_num = 0x0A
708
709
710 @classmethod
711 def autodetect(kls, scc):
712 try:
713 # Look for ATR
714 if scc.get_atr() == toBytes("3B 9F 95 80 1F C3 80 31 E0 73 FE 21 13 57 86 81 02 86 98 44 18 A8"):
715 return kls(scc)
716 except:
717 return None
718 return None
719
720
721 def program(self, p):
722 if not p['pin_adm']:
723 raise ValueError("Please provide a PIN-ADM as there is no default one")
724 self._scc.verify_chv(0x0A, h2b(p['pin_adm']))
725
726 # select MF
727 r = self._scc.select_file(['3f00'])
728
729 # write EF.ICCID
730 data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))
731
732 r = self._scc.select_file(['7ff0'])
733
734 # set Ki in proprietary file
735 data, sw = self._scc.update_binary('FF02', p['ki'])
736
737 # set OPC in proprietary file
738 data, sw = self._scc.update_binary('FF01', p['opc'])
739
740 # select DF_GSM
741 r = self._scc.select_file(['7f20'])
742
743 # write EF.IMSI
744 data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
745
746
747# In order for autodetection ...
Harald Weltee10394b2011-12-07 12:34:14 +0100[diff] [blame]748_cards_classes = [ FakeMagicSim, SuperSim, MagicSim, GrcardSim,
Alexander Chemerise0d9d882018-01-10 14:18:32 +0900[diff] [blame]749 SysmoSIMgr1, SysmoSIMgr2, SysmoUSIMgr1, SysmoUSIMSJS1,
Todd Neal9eeadfc2018-04-25 15:36:29 -0500[diff] [blame]750 FairwavesSIM, OpenCellsSim ]
Alexander Chemeris8ad124a2018-01-10 14:17:55 +0900[diff] [blame]751
752def card_autodetect(scc):
753 for kls in _cards_classes:
754 card = kls.autodetect(scc)
755 if card is not None:
756 card.reset()
757 return card
758 return None