diff --git a/docs/sim.html b/docs/sim.html
index e9826fe..86d0528 100644
--- a/docs/sim.html
+++ b/docs/sim.html
@@ -344,7 +344,7 @@ I prefer the mini SIM and use an adapter card for larger phones.
The original ATTINY85 (1) is shown upside down.
Bend the legs straight and shorten them, so they still fit into a programmer's socket. (2)
-The use P400 sand paper to sand off the bottom of the case until you reach copper plate. (3)
+Use P400 sand paper to sand off the bottom of the chip's case, until you reach the copper plate. (3)
Make a hole into the PBC and solder the chip upside down into that hole.
Pin 1 is marked on the PCB.
@@ -416,7 +416,7 @@ You may want to use a PIN to select the card whenever you turn on the phone.
Use the phone to enable a PIN that does not start with "000".
When you restart your phone, you may enter that PIN, to select the first card.
Alternatively you may enter the PIN 0000 or 0001, to select the first card, no matter what the PIN was.
-Or you may enter the PIN 0002 .. 0008, to select second to eight card.
+Or you may enter the PIN 0002 .. 0008, to select second to eighth card.
@@ -425,7 +425,7 @@ In order to do that, you need to set a PIN, so the phone will ask for a PIN when
Choose any PIN you like, but not a PIN stat starts with 000.
Turn on the phone and you will be asked for a PIN.
Enter the PIN 9991 to alter the first subscriber data.
-Enter the PIN 9992 .. 9998 to alter second to eigtht subscriber data.
+Enter the PIN 9992 .. 9998 to alter second to eighth subscriber data.
The subscriber data is shown in the telephone directory and can be altered by changing the numbers in that directory.
@@ -458,10 +458,10 @@ To program one of the following service cards, change the subscriber data to the
| Type | FUTLN =
Subscriber | Sicherungs-
code | Karten-
kennung | Sonderheiten-
schlüssel | Wartungs-
schlüssel |
|---|
Siemens C5
service mode | - | - | - | 900 | 1000 |
-Phillips Miniporty
service mode | - | - | - | 900 | 1000 |
-Phillips Miniporty
cell monitor | - | - | - | 900 | 1728 or
2729 |
-Phillips Porty
service mode | 0 | 0 | 0 | 2304 | - |
-Phillips Porty
cell monitor | - | - | - | 898 | - |
+Philips Miniporty
service mode | - | - | - | 900 | 1000 |
+Philips Miniporty
cell monitor | - | - | - | 900 | 1728 or
2729 |
+Philips Porty
service mode | 0 | 0 | 0 | 2304 | - |
+Philips Porty
cell monitor | - | - | - | 898 | - |
diff --git a/src/sim/main.c b/src/sim/main.c
index fdc352a..4a975b8 100644
--- a/src/sim/main.c
+++ b/src/sim/main.c
@@ -28,6 +28,7 @@
#include
#include
#include
+#include
#include
#include "../libdebug/debug.h"
#include "../liboptions/options.h"
@@ -101,7 +102,7 @@ void print_help(const char *arg0)
printf(" -A --authenticate 0x...\n");
printf(" Give 64 Bit value for authentication response. (default = all bits 1)\n");
printf("\nCommands are:\n");
- printf(" sniff - To passively sniff ATR and message\n");
+ printf(" sniff - To passively sniff SIM card communication\n");
printf(" sim - To simulate a SIM card\n");
}
@@ -225,7 +226,7 @@ size_t eeprom_length(void)
int main_loop(serial_t *serial, int sniffer)
{
- int rc, cts, last_cts = 0;
+ int rc, cts = 0, last_cts = 0;
uint8_t byte;
int skip_bytes = 0;
int work = 0;
@@ -333,7 +334,7 @@ int main(int argc, char *argv[])
debuglevel = DEBUG_INFO;
add_options();
- rc = options_config_file("~/.osmocom/analog/simsim.conf", handle_options);
+ rc = options_config_file("~/.osmocom/analog/sim.conf", handle_options);
if (rc < 0)
return 0;
@@ -423,7 +424,7 @@ int main(int argc, char *argv[])
} else if (!strcmp(argv[argi], "sim")) {
sniffer = 0;
} else {
- fprintf(stderr, "Unknown command '%s', use '-h' for help!\n", argv[argi]);
+ print_help(argv[0]);
return -EINVAL;
}
@@ -441,6 +442,13 @@ int main(int argc, char *argv[])
print_image();
decode_ebdt(ebdt_data, temp[0], temp[1], temp[2], temp[3], temp[4]);
printf("FUTLN=%s, Sicherungscode=%s, Kartekennung=%s, Sonderheitenschluessel=%s, Wartungsschluessel=%s\n", temp[0], temp[1], temp[2], temp[3], temp[4]);
+ for (i = 0; i < 8; i++)
+ temp[0][i] = eeprom_read(EEPROM_PIN_DATA + i);
+ temp[0][(eeprom_read(EEPROM_FLAGS) >> EEPROM_FLAG_PIN_LEN) & 0xf] = '\0';
+ uint64_t auth_value = 0;
+ for (i = 0; i < 8; i++)
+ auth_value |= eeprom_read(EEPROM_AUTH_DATA + i) << (8 * (7 - i));
+ printf("PIN=%s, auth response=0x%016" PRIx64 "\n", temp[0], auth_value);
printf("Telephone directory has %d entries.\n", directory_size() - 1);
for (i = 0; i < directory_size() - 1; i++) {
uint8_t data[24];
diff --git a/src/sim/sim.c b/src/sim/sim.c
index f4d9d0f..7329801 100644
--- a/src/sim/sim.c
+++ b/src/sim/sim.c
@@ -472,21 +472,21 @@ static void sl_appl(sim_sim_t *sim, uint8_t *data, int length)
PDEBUG(DSIM7, DEBUG_INFO, " SL-APPL app %d\n", app);
- /* if PIN is required */
- if (sim->pin_required) {
- return_pin_not_ok(sim);
- return;
- }
-
- /* check application */
+ /* check and set application */
if (app != APP_NETZ_C && app != APP_RUFN_GEBZ) {
PDEBUG(DSIM7, DEBUG_NOTICE, "SL-APPL invalid app %d\n", sim->app);
return_error(sim);
return;
}
+ sim->app = app;
+
+ /* if PIN is required, we request it, but we've already selected the app */
+ if (sim->pin_required) {
+ return_pin_not_ok(sim);
+ return;
+ }
/* respond */
- sim->app = app;
data = alloc_msg(sim, 0);
tx_sdu(sim, 0, data, 0);
}
@@ -913,7 +913,7 @@ static void aut_1(sim_sim_t *sim)
uint8_t *data;
int i;
- PDEBUG(DSIM7, DEBUG_INFO, " RD-EBDT\n");
+ PDEBUG(DSIM7, DEBUG_INFO, " AUTH-1\n");
/* respond */
data = alloc_msg(sim, 1);
@@ -1337,7 +1337,10 @@ int sim_init_eeprom(void)
eeprom_write(EEPROM_FLAGS, (strlen(PIN_DEFAULT) << EEPROM_FLAG_PIN_LEN) | (MAX_PIN_TRY << EEPROM_FLAG_PIN_TRY));
for (i = 0; i < (int)strlen(PIN_DEFAULT); i++)
eeprom_write(EEPROM_PIN_DATA + i, PIN_DEFAULT[i]);
+ for (i = 0; i < 8; i++)
+ eeprom_write(EEPROM_AUTH_DATA + i, AUTH_DEFAULT >> ((7 - i) * 8));
+ /* now write magic characters to identify virgin or initialized EEPROM */
eeprom_write(EEPROM_MAGIC + 0, 'C');
eeprom_write(EEPROM_MAGIC + 1, '0' + EEPROM_VERSION);
diff --git a/src/sim/sim.h b/src/sim/sim.h
index 855cb0b..3b11552 100644
--- a/src/sim/sim.h
+++ b/src/sim/sim.h
@@ -5,7 +5,7 @@
#define SONDER_DEFAULT "0"
#define WARTUNG_DEFAULT "65535"
#define PIN_DEFAULT "0000"
-#define AUTH_DEFAULT "0xffffffffffffffff"
+#define AUTH_DEFAULT ((uint64_t)0x000000000badefee)
enum l1_state {
L1_STATE_RESET = 0, /* reset is held */