Tool to (re)configure the sysmoUSIM and sysmoISIM cards
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

839 lines
24 KiB

#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Gadgets to modify SYSMO USIM SJA2 parameters
(C) 2017 by Sysmocom s.f.m.c. GmbH
All Rights Reserved
Author: Philipp Maier
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import sys
from utils import *
from sysmo_usim import *
import math
# Partial File tree:
# The following tree is incomplete, it just contains the propritary files we
# need to perform the tasks implemented below:
#
# [MF 0x3F00]
# |
# +--[DF_SYSTEM 0xA515]
# | |
# | +--[EF_SIM_AUTH_KEY 0x6F20] (regular file)
# |
# +--[ADF_USIM]
# | |
# | +--[USIM_AUTH_KEY 0xAF20] (regular file)
# | |
# | +--[EF_USIM_AUTH_KEY_2G 0xAF22] (link to DF_SYSTEM/EF_SIM_AUTH_KEY)
# |
# +--[ADF_ISIM]
# |
# +--[USIM_AUTH_KEY 0xAF20] (regular file)
# |
# +--[EF_USIM_AUTH_KEY_2G 0xAF22] (link to DF_SYSTEM/EF_SIM_AUTH_KEY)
#
# Note: EF_MILENAGE_CFG and EF_USIM_SQN not yet listed here.
# Propritary files
SYSMO_ISIMSJA2_DF_SYSTEM = [0xA5, 0x15]
SYSMO_ISIMSJA2_EF_SIM_AUTH_KEY = [0x6F, 0x20] # DF_SYSTEM
SYSMO_ISIMSJA2_EF_USIM_AUTH_KEY = [0xAF, 0x20] # ADF.USIM
SYSMO_ISIMSJA2_EF_USIM_AUTH_KEY_2G = [0xAF, 0x22] # ADF.USIM
SYSMO_ISIMSJA2_EF_USIM_AUTH_KEY_GBA = [0xAF, 0x23] # ADF.USIM
SYSMO_ISIMSJA2_EF_MILENAGE_CFG = [0xAF, 0x21] # ADF.USIM
SYSMO_ISIMSJA2_EF_USIM_SQN = [0xAF, 0x30] # ADF.USIM
SYSMO_ISIMSJA2_EF_GBA_SK = [0xAF, 0x31] # ADF.USIM
SYSMO_ISIMSJA2_EF_GBA_REC_LIST = [0xAF, 0x32] # ADF.USIM
SYSMO_ISIMSJA2_EF_GBA_INT_KEY = [0xAF, 0x32] # ADF.USIM
# Authentication algorithms
SYSMO_ISIMSJA2_ALGO_COMP12V1 = 0x01
SYSMO_ISIMSJA2_ALGO_COMP12V2 = 0x02
SYSMO_ISIMSJA2_ALGO_COMP12V3 = 0x03
SYSMO_ISIMSJA2_ALGO_MILENAGE = 0x04
SYSMO_ISIMSJA2_ALGO_SHA1AKA = 0x05
SYSMO_ISIMSJA2_ALGO_XOR = 0x0F
sysmo_isimsja2_algorithms = (
(SYSMO_ISIMSJA2_ALGO_COMP12V1, 'COMP128v1'),
(SYSMO_ISIMSJA2_ALGO_COMP12V2, 'COMP128v2'),
(SYSMO_ISIMSJA2_ALGO_COMP12V3, 'XOR-2G'),
(SYSMO_ISIMSJA2_ALGO_MILENAGE, 'MILENAGE'),
(SYSMO_ISIMSJA2_ALGO_SHA1AKA , 'SHA1-AKA'),
(SYSMO_ISIMSJA2_ALGO_XOR, 'XOR'),
)
class SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY:
"""
Superclass model that generates that handles the header byte of
SYSMO_ISIMSJA2_EF_USIM_AUTH_KEY, SYSMO_ISIMSJA2_EF_USIM_AUTH_KEY_2G
and SYSMO_ISIMSJA2_EF_USIM_AUTH_KEY_GBA.
"""
algo = SYSMO_ISIMSJA2_ALGO_COMP12V1
use_opc = False
sres_dev_func = 1
def __init__(self, content = None):
if content == None:
return
header = content[0]
self.algo = header & 0x0F
self.use_opc = bool((header >> 4) & 1)
if (header >> 5) & 1:
self.sres_dev_func = 2
else:
self.sres_dev_func = 1
def __str__(self):
dump = ""
pfx = " "
dump += pfx + "Algorithm: "
dump += id_to_str(sysmo_isimsja2_algorithms, self.algo)
dump += "\n"
if self.use_opc == True:
dump += pfx + "Milenage: use OPc\n"
else:
dump += pfx + "Milenage: use OP\n"
dump += pfx + "Milenage: use SRES deviation function " + str(self.sres_dev_func) + "\n"
return dump
def encode(self):
out = [0x00]
out[0] = self.algo & 0x0F
if self.use_opc == True:
out[0] |= 1 << 4
out[0] |= ((self.sres_dev_func-1) & 1) << 5
return out
class SYSMO_ISIMSJA2_FILE_EF_SIM_AUTH_KEY(SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY):
key = [0xAA] * 16
opc = [0xBB] * 16
def __init__(self, content = None):
if content == None:
return
SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY.__init__(self, content)
self.key = content[1:17]
self.opc = content[17:33]
def __str__(self):
dump = ""
pfx = " "
dump += SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY.__str__(self)
if self.algo == SYSMO_ISIMSJA2_ALGO_MILENAGE:
dump += pfx + "Key: " + hexdump(self.key) + "\n"
dump += pfx + "OPc: " + hexdump(self.opc)
elif self.algo == SYSMO_ISIMSJA2_ALGO_XOR:
dump += pfx + "Key: " + hexdump(self.key) + "\n"
dump += pfx + "OPc: " + hexdump(self.opc)
elif self.algo == SYSMO_ISIMSJA2_ALGO_SHA1AKA:
dump += pfx + "Root key: " + hexdump(self.key) + "\n"
dump += pfx + "OPc: " + hexdump(self.opc) + " (unused)"
else:
dump += pfx + "Key: " + hexdump(self.key) + "\n"
dump += pfx + "OPc: " + hexdump(self.opc) + " (unused)"
return dump
def encode(self):
out = SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY.encode(self)
out += self.key + self.opc
return out
class SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY):
full_res = True # Return full 8-byte RES or first 4 bytes only
ext_res = False # Return 16 byte RES (ignores full_res, only valid with 3G XOR)
key = [0x00] * 16
opc = [0x00] * 16 # Only for Milenage
def __init__(self, content = None):
if content == None:
return
SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY.__init__(self, content)
header = content[0]
self.full_res = bool((header >> 6) & 1)
self.ext_res = bool((header >> 7) & 1)
self.key = content[1:17]
if len(content) > 17:
self.opc = content[17:33]
def __str__(self):
dump = ""
pfx = " "
dump += SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY.__str__(self)
if self.full_res == True and self.ext_res == False:
dump += pfx + "3G: Return full 8-byte RES\n"
elif self.full_res == False and self.ext_res == False:
dump += pfx + "3G: Return first four bytes of RES\n"
elif self.ext_res == True:
dump += pfx + "3G: Return 16-byte RES (XOR 3G only)\n"
else:
dump += pfx + "(invalid RES length setting)"
if self.algo != SYSMO_ISIMSJA2_ALGO_XOR and self.ext_res:
dump += pfx + "Warning: 16-byte RES is only valid with XOR 3G!\n"
if self.algo == SYSMO_ISIMSJA2_ALGO_MILENAGE:
dump += pfx + "Key: " + hexdump(self.key) + "\n"
dump += pfx + "OPc: " + hexdump(self.opc)
elif self.algo == SYSMO_ISIMSJA2_ALGO_XOR:
dump += pfx + "Key: " + hexdump(self.key) + "\n"
dump += pfx + "OPc: " + hexdump(self.opc)
elif self.algo == SYSMO_ISIMSJA2_ALGO_SHA1AKA:
dump += pfx + "Root key: " + hexdump(self.key) + "\n"
dump += pfx + "OPc: " + hexdump(self.opc) + " (unused)"
else:
dump += pfx + "Key: " + hexdump(self.key) + "\n"
dump += pfx + "OPc: " + hexdump(self.opc) + " (unused)"
return dump
def encode(self):
out = SYSMO_ISIMSJA2_FILE_EF_XSIM_AUTH_KEY.encode(self)
if self.full_res == True:
out[0] |= 1 << 6
if self.ext_res == True:
out[0] |= 1 << 7
out += self.key
# Note: Normally an OPc is only used with milenage, but lets
# write the value anyway, even if it is not used.
out += self.opc
return out
# EF_USIM_AUTH_KEY_2G and EF_USIM_AUTH_KEY_GBA have the same layout as
# EF_USIM_AUTH_KEY, so there is nothing to specialize other than the class name
class SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_2G(SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY):
pass
class SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_GBA(SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY):
pass
class SYSMO_ISIMSJA2_FILE_EF_MILENAGE_CFG:
R1 = 0x40
R2 = 0x00
R3 = 0x20
R4 = 0x40
R5 = 0x60
C1 = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
C2 = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01]
C3 = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02]
C4 = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04]
C5 = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08]
def __init__(self, content = None):
if content == None:
return
if len(content) != 85:
return
self.R1 = content[0]
self.R2 = content[1]
self.R3 = content[2]
self.R4 = content[3]
self.R5 = content[4]
self.C1 = content[5:5+16]
self.C2 = content[21:37]
self.C3 = content[37:53]
self.C4 = content[53:69]
self.C5 = content[69:85]
def __str__(self):
dump = " R1: " + str(hex(self.R1)) + "\n"
dump += " R2: " + str(hex(self.R2)) + "\n"
dump += " R3: " + str(hex(self.R3)) + "\n"
dump += " R4: " + str(hex(self.R4)) + "\n"
dump += " R5: " + str(hex(self.R5)) + "\n"
dump += " C1: " + hexdump(self.C1) + "\n"
dump += " C2: " + hexdump(self.C2) + "\n"
dump += " C3: " + hexdump(self.C3) + "\n"
dump += " C4: " + hexdump(self.C4) + "\n"
dump += " C5: " + hexdump(self.C5)
return dump
def encode(self):
out = [self.R1, self.R2, self.R3, self.R4, self.R5]
out += self.C1 + self.C2 + self.C3 + self.C4 + self.C5
return out
class SYSMO_ISIMSJA2_FILE_EF_USIM_SQN:
# Flag1:
ind_size_bits = 5 # speficy file length by 2^ind_len
sqn_check_enabled = True # perform SQN checks below
sqn_age_limit_enabled = False # perform age limit check: (SQNms-SQN) <= AGE_LIMIT)
sqn_max_delta_enabled = True # perform delta max check: (SWN-SQNms) <= DELTA MAX)
sqn_check_skip_first = True # accept any SQN on the first authentication
# Flag2:
conceal_autn = True # Conceal the value of AUTN
conceal_auts = True # Conceal the value of AUTS
no_amf_clear = False # Do not clear AMF when computing MAC-S
# Data:
max_delta = 2**28 << ind_size_bits
age_limit = 2**28 << ind_size_bits
freshness_data = [0x00] * (6*2**ind_size_bits) # initalize to zero
def __init__(self, content = None):
if content == None:
return
# Check if we have at least the header
if len(content) <= 2:
raise ValueError("unexpected length of %u bytes", len(content))
flag1 = content[0]
self.ind_size_bits = flag1 & 0xf
# The parameter ind_size_bits is not user configurable,
# its a fixed configuration that is specific to the
# card profile and it can be determined by looking at the
# file length (length of the freshness data). If we find
# an ind_size_bits that is intconstant to the file length,
# we automatically set the value to the correct length
ind_size_bits_calculated = int(math.log((len(content) - 14) / 6, 2))
if ind_size_bits_calculated != self.ind_size_bits:
print " Warning: SQN Parameter ind_size_bits is set to " + str(self.ind_size_bits) + ", resetting it to " + str(ind_size_bits_calculated) + "!"
self.ind_size_bits = ind_size_bits_calculated
self.reset() #ensure freshness data is correctly reset
self.sqn_check_enabled = bool((flag1 >> 4) & 1)
self.sqn_age_limit_enabled = bool((flag1 >> 5) & 1)
self.sqn_max_delta_enabled = bool((flag1 >> 6) & 1)
self.sqn_check_skip_first = bool((flag1 >> 7) & 1)
flag2 = content[1]
self.conceal_autn = bool(flag2 & 1)
self.conceal_auts = bool((flag2 >> 1) & 1)
self.no_amf_clear = bool((flag2 >> 2) & 1)
# Check if the data body is complete
if len(content) < 14+(6*2**self.ind_size_bits):
raise ValueError("unexpected length of %u bytes" % len(content))
self.max_delta = list_to_int(content[2:8])
self.age_limit = list_to_int(content[8:14])
self.freshness_data = content[15:(6*2**self.ind_size_bits)]
def __str__(self):
pfx = " "
dump = ""
dump += "%sIND (bits): %u\n" % (pfx, self.ind_size_bits)
if self.sqn_check_enabled:
dump += "%sSQN Check enabled\n" % pfx
else:
dump += "%sSQN Check disabled\n" % pfx
if self.sqn_age_limit_enabled:
dump += "%sSQN Age Limit enabled\n" % pfx
else:
dump += "%sSQN Age Limit disabled\n" % pfx
if self.sqn_max_delta_enabled:
dump += "%sSQN Max Delta enabled\n" % pfx
else:
dump += "%sSQN Max Delta disabled\n" % pfx
if self.sqn_check_skip_first:
dump += "%sSQN Skip first enabled\n" % pfx
else:
dump += "%sSQN Skip first disabled\n" % pfx
if self.conceal_autn:
dump += "%sSQN Conceal AUTN enabled\n" % pfx
else:
dump += "%sSQN Conceal AUTN disabled\n" % pfx
if self.conceal_auts:
dump += "%sSQN Conceal AUTS enabled\n" % pfx
else:
dump += "%sSQN Conceal AUTS disabled\n" % pfx
if self.no_amf_clear:
dump += "%sSQN No AMF clear enabled\n" % pfx
else:
dump += "%sSQN No AMF clear disabled\n" % pfx
dump += "%sMax Delta: %u\n" % (pfx, self.max_delta)
dump += "%sAge Limit: %u\n" % (pfx, self.age_limit)
dump += pfx + "Freshness Data:\n" + hexdump(self.freshness_data, True)
return dump
def encode(self):
out = [0x00, 0x00]
# Flag1:
out[0] = self.ind_size_bits & 0x0f
if self.sqn_check_enabled:
out[0] |= 1 << 4
if self.sqn_age_limit_enabled:
out[0] |= 1 << 5
if self.sqn_max_delta_enabled:
out[0] |= 1 << 6
if self.sqn_check_skip_first:
out[0] |= 1 << 7
# Flag2:
if self.conceal_autn:
out[1] |= 1 << 0
if self.conceal_auts:
out[1] |= 1 << 1
if self.no_amf_clear:
out[1] |= 1 << 2
# Data:
out += int_to_list(self.max_delta, 6)
out += int_to_list(self.age_limit, 6)
out += self.freshness_data
return out
def reset(self):
self.freshness_data = [0x00] * (6*2**self.ind_size_bits)
class Sysmo_isim_sja2(Sysmo_usim):
def __init__(self):
card_detected = False
# Try card model #1
try:
atr = "3B 9F 96 80 1F 87 80 31 E0 73 FE 21 1B 67 4A 4C 75 30 34 05 4B A9"
print "Trying to find card with ATR: " + atr
Sysmo_usim.__init__(self, atr)
card_detected = True
except:
print " * Card not detected!"
if card_detected == True:
return
# Try card model #2
try:
atr = "3B 9F 96 80 1F 87 80 31 E0 73 FE 21 1B 67 4A 4C 75 31 33 02 51 B2"
print "Trying to find card with ATR: " + atr
Sysmo_usim.__init__(self, atr)
card_detected = True
except:
print " * Card not detected!"
if card_detected == True:
return
# Exit when we are not able to detect the card
if card_detected != True:
sys.exit(1)
# Show current milenage parameters
def show_milenage_params(self):
print("Reading Milenage parameters...")
self._init()
print(" * Reading...")
self.sim.card.SELECT_ADF_USIM()
self.sim.select(SYSMO_ISIMSJA2_EF_MILENAGE_CFG)
res = self._read_binary(85)
ef = SYSMO_ISIMSJA2_FILE_EF_MILENAGE_CFG(res.apdu)
print(" * Current Milenage Parameters:")
print(str(ef))
print("")
# Write new milenage parameters
def write_milenage_params(self, params):
print("Programming Milenage parameters...")
if (len(params) < 85):
print("Error: Short milenage parameters!")
return
params_swapped = params[80:85] + params[0:80]
self._init()
print(" * New Milenage Parameters for (EF.MILENAGE_CFG):")
ef_milenage_cfg = SYSMO_ISIMSJA2_FILE_EF_MILENAGE_CFG(params_swapped)
print str(ef_milenage_cfg)
print(" * Programming...")
# Note: The milenage configuration file in ADF_USIM and
# ADF_ISIM are linked, however we write to both locations,
# just to be sure.
self.sim.card.SELECT_ADF_USIM()
self.sim.select(SYSMO_ISIMSJA2_EF_MILENAGE_CFG)
self.sim.update_binary(ef_milenage_cfg.encode())
self.sim.card.SELECT_ADF_ISIM()
self.sim.select(SYSMO_ISIMSJA2_EF_MILENAGE_CFG)
self.sim.update_binary(ef_milenage_cfg.encode())
print("")
# Select DF_SYSTEM/EF_SIM_AUTH_KEY
def __select_ef_sim_auth_key(self):
self.sim.select(GSM_SIM_MF)
self.sim.select(SYSMO_ISIMSJA2_DF_SYSTEM)
self.sim.select(SYSMO_ISIMSJA2_EF_SIM_AUTH_KEY)
# Authentication keys exist in various different files, which are
# similar, thie method simplifies the selection of those files
def __select_xsim_auth_key(self, isim = False, _2G = False):
self.sim.select(GSM_SIM_MF)
if isim:
self.sim.card.SELECT_ADF_ISIM()
else:
self.sim.card.SELECT_ADF_USIM()
if _2G:
self.sim.select(SYSMO_ISIMSJA2_EF_USIM_AUTH_KEY_2G)
else:
self.sim.select(SYSMO_ISIMSJA2_EF_USIM_AUTH_KEY)
# In the SJA2 model the key material and the algorithm configuration
# is distributed over multiple files, which may also have redundant
# contents. Files can also be hard linked to other files so that
# changes in one file may appear in another file as well. The dump
# method provides an overview of contents of all files at once in
# order to help debugging problems
def dump(self):
print("Reading propritary files...")
self._init()
# DF_SYSTEM/EF_SIM_AUTH_KEY:
self.__select_ef_sim_auth_key()
res = self._read_binary(self.sim.filelen)
print " * DF_SYSTEM/EF_SIM_AUTH_KEY:"
print SYSMO_ISIMSJA2_FILE_EF_SIM_AUTH_KEY(res.apdu)
# ADF_USIM/EF_USIM_AUTH_KEY_2G:
self.__select_xsim_auth_key(isim = False, _2G = True)
res = self._read_binary(self.sim.filelen)
print " * ADF_USIM/EF_USIM_AUTH_KEY_2G:"
print SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_2G(res.apdu)
# ADF_USIM/EF_ISIM_AUTH_KEY_2G:
self.__select_xsim_auth_key(isim = True, _2G = True)
res = self._read_binary(self.sim.filelen)
print " * ADF_ISIM/EF_ISIM_AUTH_KEY_2G:"
print SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_2G(res.apdu)
# ADF_USIM/EF_USIM_AUTH_KEY:
self.__select_xsim_auth_key(isim = False, _2G = False)
res = self._read_binary(self.sim.filelen)
print " * ADF_USIM/EF_USIM_AUTH_KEY:"
print SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
# ADF_ISIM/EF_ISIM_AUTH_KEY:
self.__select_xsim_auth_key(isim = True, _2G = False)
res = self._read_binary(self.sim.filelen)
print " * ADF_ISIM/EF_ISIM_AUTH_KEY:"
print SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
# ADF_USIM/EF_MILENAGE_CFG:
self.sim.select(GSM_SIM_MF)
self.sim.card.SELECT_ADF_USIM()
self.sim.select(SYSMO_ISIMSJA2_EF_MILENAGE_CFG)
res = self._read_binary(self.sim.filelen)
print " * ADF_USIM/EF_MILENAGE_CFG:"
print SYSMO_ISIMSJA2_FILE_EF_MILENAGE_CFG(res.apdu)
# ADF_ISIM/EF_MILENAGE_CFG:
self.sim.select(GSM_SIM_MF)
self.sim.card.SELECT_ADF_ISIM()
self.sim.select(SYSMO_ISIMSJA2_EF_MILENAGE_CFG)
res = self._read_binary(self.sim.filelen)
print " * ADF_ISIM/EF_MILENAGE_CFG:"
print SYSMO_ISIMSJA2_FILE_EF_MILENAGE_CFG(res.apdu)
# ADF_USIM/EF_USIM_SQN:
self.sim.select(GSM_SIM_MF)
self.sim.card.SELECT_ADF_USIM()
self.sim.select(SYSMO_ISIMSJA2_EF_USIM_SQN)
res = self._read_binary(self.sim.filelen)
print " * ADF_USIM/EF_USIM_SQN:"
print SYSMO_ISIMSJA2_FILE_EF_USIM_SQN(res.apdu)
# ADF_USIM/EF_ISIM_SQN:
self.sim.select(GSM_SIM_MF)
self.sim.card.SELECT_ADF_ISIM()
self.sim.select(SYSMO_ISIMSJA2_EF_USIM_SQN)
res = self._read_binary(self.sim.filelen)
print " * ADF_USIM/EF_ISIM_SQN:"
print SYSMO_ISIMSJA2_FILE_EF_USIM_SQN(res.apdu)
# Show current KI value
def show_ki_params(self):
print("Reading KI value...")
self._init()
# Note: The KI is expected to be the same in all eligible files
print(" * Reading...")
self.__select_xsim_auth_key(isim = False, _2G = True)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_2G(res.apdu)
print(" * Current KI setting:")
print(" KI: " + hexdump(ef.key))
print("")
# Program new KI value
def write_ki_params(self, ki):
print("Writing KI value...")
self._init()
print(" * New KI setting:")
print(" KI: " + hexdump(ki))
print(" * Programming...")
self.__select_xsim_auth_key(isim = False, _2G = True)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_2G(res.apdu)
ef.key = ki
self.sim.update_binary(ef.encode())
self.__select_xsim_auth_key(isim = False, _2G = False)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
ef.key = ki
self.sim.update_binary(ef.encode())
self.__select_xsim_auth_key(isim = True, _2G = False)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
ef.key = ki
self.sim.update_binary(ef.encode())
print("")
# Show current athentication parameters
# (Which algorithim is used for which rat?)
def show_auth_params(self):
print("Reading Authentication parameters...")
self._init()
print(" * Reading...")
self.__select_xsim_auth_key(isim = False, _2G = True)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_2G(res.apdu)
algo_2g = ef.algo
self.__select_xsim_auth_key(isim = False, _2G = False)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
algo_3g = ef.algo
print(" * Current algorithm setting:")
print(" 2G: %d=%s" % (algo_2g, id_to_str(sysmo_isimsja2_algorithms, algo_2g)))
print(" 3G: %d=%s" % (algo_3g, id_to_str(sysmo_isimsja2_algorithms, algo_3g)))
print("")
# Program new authentication parameters
def write_auth_params(self, algo_2g_str, algo_3g_str):
print("Programming Authentication parameters...")
self._init()
if algo_2g_str.isdigit():
algo_2g = int(algo_2g_str)
else:
algo_2g = str_to_id(sysmo_isimsja2_algorithms, algo_2g_str)
if algo_3g_str.isdigit():
algo_3g = int(algo_3g_str)
else:
algo_3g = str_to_id(sysmo_isimsja2_algorithms, algo_3g_str)
print(" * New algorithm setting:")
print(" 2G: %d=%s" % (algo_2g, id_to_str(sysmo_isimsja2_algorithms, algo_2g)))
print(" 3G: %d=%s" % (algo_3g, id_to_str(sysmo_isimsja2_algorithms, algo_3g)))
print(" * Programming...")
self.__select_xsim_auth_key(isim = False, _2G = True)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_2G(res.apdu)
ef.algo = algo_2g
self.sim.update_binary(ef.encode())
self.__select_xsim_auth_key(isim = False, _2G = False)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
ef.algo = algo_3g
self.sim.update_binary(ef.encode())
self.__select_xsim_auth_key(isim = True, _2G = False)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
ef.algo = algo_3g
self.sim.update_binary(ef.encode())
print("")
# Show current OPc value
def show_opc_params(self):
print("Reading OP/c value...")
self._init()
# Note: The OPc is expected to be the same in all eligible files
print(" * Reading...")
self.__select_xsim_auth_key(isim = False, _2G = False)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
if ef.use_opc:
mode_str = "OPc"
else:
mode_str = "OP"
print(" * Current OP/OPc setting:")
print(" %s: %s" % (mode_str, hexdump(ef.opc)))
print("")
# Program new OPc value
def write_opc_params(self, select, op):
if select:
print("Writing OPc value...")
mode_str = "OPc"
else:
print("Writing OP value...")
mode_str = "OP"
self._init()
print(" * New OPc setting:")
print(" %s: %s" % (mode_str, hexdump(op)))
print(" * Programming...")
self.__select_xsim_auth_key(isim = False, _2G = True)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY_2G(res.apdu)
ef.opc = op
ef.use_opc = bool(select)
self.sim.update_binary(ef.encode())
self.__select_xsim_auth_key(isim = True, _2G = False)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
ef.opc = op
ef.use_opc = bool(select)
self.sim.update_binary(ef.encode())
self.__select_xsim_auth_key(isim = False, _2G = False)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_AUTH_KEY(res.apdu)
ef.opc = op
ef.use_opc = bool(select)
self.sim.update_binary(ef.encode())
print("")
# Show current milenage SQN parameters
def show_milenage_sqn_params(self):
print("Reading Milenage Sequence parameters...")
self._init()
print(" * Current SQN Configuration for ADF_USIM:")
self.sim.select(GSM_SIM_MF)
self.sim.card.SELECT_ADF_USIM()
self.sim.select(SYSMO_ISIMSJA2_EF_USIM_SQN)
res = self._read_binary(self.sim.filelen)
print SYSMO_ISIMSJA2_FILE_EF_USIM_SQN(res.apdu)
print(" * Current SQN Configuration for ADF_ISIM:")
self.sim.select(GSM_SIM_MF)
self.sim.card.SELECT_ADF_ISIM()
self.sim.select(SYSMO_ISIMSJA2_EF_USIM_SQN)
res = self._read_binary(self.sim.filelen)
print SYSMO_ISIMSJA2_FILE_EF_USIM_SQN(res.apdu)
print("")
# Reset milenage SQN configuration
def reset_milenage_sqn_params(self):
print(" * Resetting SQN Configuration to defaults...")
self._init()
print(" * Resetting...")
self.sim.select(GSM_SIM_MF)
self.sim.card.SELECT_ADF_USIM()
self.sim.select(SYSMO_ISIMSJA2_EF_USIM_SQN)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_SQN(res.apdu)
ef.reset()
self.sim.update_binary(ef.encode())
self.sim.card.SELECT_ADF_ISIM()
self.sim.select(SYSMO_ISIMSJA2_EF_USIM_SQN)
res = self._read_binary(self.sim.filelen)
ef = SYSMO_ISIMSJA2_FILE_EF_USIM_SQN(res.apdu)
ef.reset()
self.sim.update_binary(ef.encode())
print("")