We cannot simply skip anything that has 0xFF as first byte to detect
the padding after the end of a TLV object:
0xFF may very well be a valid first octet of a multi-octet TAG:
Tags of private class (11) with constructed (1) payload will have 0xFF
as first octet.
So let's expand the check to only detect padding in case of either only
a single byte FF being left, or two FF following each other [with
whatever suffix].
Change-Id: I5d64ce9ef1d973804daabae0b15c2e2349e6fab9
When calling from_dict() on a hierarchy of nested BER_TLV_IE,
only the first/outer layer of TLV_IE_Collection would get its
'decoded' initialized correctly from the dict. Subsequent layers
were not, as the 'decoded=' was passed as parameter during instance
initialization. If we first instantiate the class and then call the
from_dict() method, the recursive initialization down the full hierarchy
works as expected.
Change-Id: I795a33ed8dfa8454dc9079c189ab7b2ba64a3b72
There are instances where a TLV IE is used as just a flag, i.e.
length zero and no value part. In those situations, it would require
a lot of boilerplate code to require the TLV_IE class definitions to
have _to_bytes/_from_bytes methods that do nothing.
So instead, add a shortcut: If we want to encode 'None', then return
b'', and if we want to decode b'' return None.
Change-Id: Ie8eb2830e8eefa81e94b8b8b157062c085aeb777
GSM-R SIM cards have an additional directory (DF.EIRENE) with a number
of files. This is all specified in the following document:
UIC Reference P38 T 9001 5.0 "FFFIS for GSM-R SIM Cards"
Change-Id: I4034d09292a08d277d4abcbed9a0ec2808daaacb
In change Id410489841bb9020ddbf74de9114d808b1d5adb6, the RuntimeState
class automatically adds additional files to the CardApplications for
ISIM and USIM. This works only once. The second time an exception will
be thrown because the added files are already in the CardApplication.
Currently there is no way generate new card applications during
initialization because the card applications are just objects that are
created once in ts_31_10x.py. Lets turn them into classes and create the
objects during initialization. This way we get fresh objects when we
re-initialize.
Change-Id: Ibb4f6242e7a92af84a905daa727b1b87016e7819
Similar to the fix in Ie1aeaab29701946233ed73db3331039690d695da
for update_binary(), read_binary() also contained a bug when treating
non-zero offsets.
Change-Id: Ic5c2f0ad1c1ec9c4e9c97e72895382f7b6fa9470
Related: OS#5254
Currently a card must be present in the reader until the user can enter
pySim-shell. Removing and plugging another card is in theory already
possible, but then the new card will operate on the old card and runtime
state object. It might also be useful to enter pySim-shell before the
card is plugged to execute some other commands for preperation before.
So lets allow to "equip" pySim-shell with a card and rs object at
runtime.
Related: SYS#5617
Change-Id: I9cf532d9da8203065463c7201e7064de6c7ab1b5
The select response decoder is using b2h() wrongly. b2h expects
a bytearray but we call it with an integer. In the following two
lines we try to convert an integer to an integer.
Change-Id: Ib6448d3bd7a0dc7f25e5ee82a42266b3313e2a95
In Icc240d5c8c04198640eb118565ea99f10ba27466 we introduced support for
writing files > 255 bytes by splitting the write into multiple chunks.
However, at the same time, that commit broke support for writing data at
non-zero offsets. Unfortunately, this is used extensively within
pySim-prog e.g. for writing K + OP/OPc data to sysmoISIM-SJA2 and sysmoUSIM-SJS1
cards.
This commit fixes the related problem.
Change-Id: Ie1aeaab29701946233ed73db3331039690d695da
Fixes: Icc240d5c8c04198640eb118565ea99f10ba27466
Closes: OS#5254
Before:
EXCEPTION of type 'NotImplementedError' occurred with message: ''
After:
EXCEPTION of type 'NotImplementedError' occurred with message: 'EF(EF.SST) encoder not yet implemented. Patches welcome.'
Change-Id: Ie8a10a8847f7c7c6a3332fb9f78de18c9f7f41d0
The card_detect function in cards.py allows to specify the card type or
use the hints "auto" and "auto_once" to trigger autodetection of the
card. However, "auto_once" has no effect and is not used by any caller,
so lets remove it.
Change-Id: Iea726f51e5ddb43d8a4da2672552fff38e29b006
* introduce type annotations
* introduce + derive implementations from base class
* move shared code to base class
Change-Id: I7168506cbebb1ebb67f47453419b860824912051
The FairwavesSIM programming fails when the card is accessed with USIM
APDUs. To keep it working temporarly switch to SIM APDUs during
programming.
Change-Id: I8f02625d2b620ecdf4b2afc27a8750119b707152
The constructor gets an sl object on initalization. The card handler
will then carry out the reader operation wait_for_card().
In cases where an mechanically automated card reader is used it may
be useful to go without those operations and let the caller carry out
the appropriate reader operations. So Lets make the sl object
optional for the CardHandlerAuto class. If it is not present, simply
do not carry out the pre programmed reader operation.
Change-Id: I0f793aec51751b7c7b87d55b66326cce9970274e
Related: SYS#5617
Make sure that a reader is disconnected before connecting it. This will
efectively prevent resource leakage in the lower PCSC layers when the
reader is connected multiple times during bulk provisioning
Change-Id: I266e56f2330da25c680a76f4c0ca630a38e1f61b
There may be corner cases where an execption contains no error message.
In this case it might still be helpful to display the type of the
exeption calss to get at least an idea of what kind of error we are
dealing with.
Change-Id: I6e6b3acd17e40934050b9b088960a2f851120b26
In OOP, we usually use capital letters for class names. The card handler
class should be no execption.
Change-Id: I4b2c06b1c607c993c9aaf0d57ad2352bb6b36e74
The T0 protocol (selected in transport/pcsc.py) does not support extended APDU, so 255 bytes is the maximum number of bytes that can be transmitted at a time. We can divide large data into 255 byte chunks. The read_binary function already has code to read more than 255 bytes, so we can just adapt it to the update_binary function.
Change-Id: Icc240d5c8c04198640eb118565ea99f10ba27466
There are the classes IsimCard and UsimCard, which inheret from Card,
which is the base class for a normal non ISIM/USIM simcard. Card also
has methods in it that are related to simcards, so it is not just any
"Card", it is a SimCard and should be called that way.
Change-Id: I2077ded44bc2297b8d478c5bd1895951b494efcc
The USIM EF.AD has quite some more bits, it should have a separate
implementation and not reuse te DF.GSM/EF.AD implementation.
Change-Id: Iaf195cb63d5d12fc906a7e7cd85e3fd44589a41e
This adds an easy way for files to make use of the pySim.tlv parser.
All a file has to do is to specify a _tlv member which points to
either a TLV_IE or a TLV_IE_Collection instance.
Change-Id: I59f456b4223ec88081e91cee168b654c69bcb5f4
This introduces a new TLV library that heavily builds upon python object
oriented concepts. Contrary to classic TLV parsers it doesn't focus on
the structure of Tag, Length and binary Value only, but it supports
actual decoding/interpretation of the value part into some kind of JSON
serializable dict. The latter can be achieved by imperative
encode/decode methods, or by using our existing declarative 'construct'
based approach.
The TLV library supports both BER-TLV and COMPREHENSION-TLV for both
nested and non-nested TLV definitions.
As an example we include TLV definitions for a number of CAT (Card
Application Toolkit) IEs.
Change-Id: I7fc1699443bc9d8a4e7cdd2687af9af7cc03c30e
If we want to use construct parse results to generate JSON serializable
dicts, we need to
* apply the filter_dict() operation recursively, and
* simplify the construct Container and ListContainer classes to
a simple dict and/or list.
We introduce a pySim.construct.parse_construct() helper which is
subsequently used from all pySim.filesystem caller sites.
Change-Id: I319414eb69808ef65895293832bb30519f45949d
The existing {comprehension,ber}tlv_parse_tag() functions are
decoding the tag to a high level of detail. However, all the 3GPP
specs seem to deal with the 'raw' version, i.e something like
0xD1 as a single-byte tag with the class + constructed fields already
shifted next to the actual tag value.
Let's accommodate that with new *_parse_tag_raw() functions.
Change-Id: Ib50946bfb3b3ecd7942c423ac0f98b6c07649224
We cannot re-activate a deactivated file after we have selected somethng
else, as SELECT will fail on the deactivated file. Hence, the
deactivate_file command needs to be used with a file name as argument.
Change-Id: Ief4d2bf8ea90497a8f25d1986aeea935c615f9bb
According to ETSI TS 102 221 Section 7.2.2.3.1 Table 7.1 the UICC
may respond with SW 6Cxx to tell us to re-issue the command with
a modified P3/Le.
Change-Id: Ia7e6202bbd0f61034a985ecf76d0542d959922ce
There's little point in having a getter+setter for a property if
all it does is assigning a value to an attribute of self. That
works without any property methods
Change-Id: Id214cc83a29e8aa88f4e1413e07b419285c1b7ff
The code uses self.sel_ctrl everywhere except in the two @property
methods, where the _sel_ctrl variable is used. Let's just abandon
those property methods and make sure all users directly use the
[public] sel_ctrl member variable.
Change-Id: I10362300c1cf7b493d89bf71bbd3a10c80ef9a49
The encoder/decoder functions in class EF_PCSCF look rather unfinshed
because of problems with dec_addr_tlv(), since those problems are fixed
by a previous patch we can now finish the decoder function and fix the
decoder as well.
Change-Id: I7613b8b71624dc5802aca93163788a2a2d4ca345
Related: OS#4963
The function dec_addr_tlv() takes an encoded FQDN or IPv4 address and
fromats it into a human readable string that contains the human readable
form and the encoded hex form. Unfortunately this limits the usecase of
dec_addr_tlv. Lets split the string generation into a separate function
so that we can use dec_addr_tlv universally
Change-Id: Id017b0786089adac4d6c5be688742eaa9699e529
Related: OS#4963
The method update_record as a "force_len" parameter, which is somewhat
irretatating. Some explainatory comments and a reformat of the if
statement will help to make it more understandable to the api user.
In the non force_len case the method determines the record length from
the select response and throws an exception if the data input does not
match that length. This makes sense if the data input exceeds the
record length of the file but if the data input is less then the record
length the situation is fixable by padding the input with 0xff. This
also a quite common case because in some situation it is not guaranteed
that the data will fill the entire record.
Change-Id: I9a5df0e46c3dd2e87d447c5c01cf15844b0eed07
Related: OS#4963
Even though Card, UsimCard and IsimCard are abstract classes which are
normally only used to inherit from mit may make sense to pre-populate
the name property with some meaningful value.
Change-Id: Id643e1f83718aea073e7200aecbf2db2def8652f
This will replace the hand-crafted codec for EF_SPN
by a struct definition using the construct library.
Old encoders are updated and kept for API compatibility
but are not used internally anymore.
New data structures:
* Rpad(Adapter): Right-padded bytestring (0xff, adjustable)
* GsmStringAdapter(Adapter): Codec for "SMS default 7-bit
coded alphabet as defined int TS 23.038" using
the gsm0338 library.
* GsmString(n): Convenient wrapper of both above
Adjustments:
* utils: update+deprecate old dec_spn(), enc_spn()
* remove refs to deprecated functions
Change-Id: Ia1d3a3835933bac0002b7c52511481dd8094b994
The encoder for EF_SPN is passing the 'spn' parameter (which is a list)
directly to enc_spn without taking it apart first.
Change-Id: I0a405793c8909d4279e634b93dcb76e5cb2963f3
Related: OS#4963
This adds support for a new EF file type: BER-TLV files. They are
different from transparent and linear fixed EFs in that they neither
operate on a byte stream nor fixed-sized records, but on BER-TLV encoded
objects. One can specify a tag value, and the card will return the
entire TLV for that tag.
As indicated in the spec, the magic tag value 0x5C (92) will return a
list of tags existing in the file.
Change-Id: Ibfcce757dcd477fd0d6857f64fbb4346d6d62e63
The Access Mode (AM) and Security Condition (SC) DOs are incredibly
convoluted, so we need a lot of code to properly decode them.
Change-Id: If4f0725a849d41fd93de327ed00996d8179f2b0e
This will allow us to match INS -> name and add more related
bits in the future (e.g. for decoding APDU traces)
Change-Id: I314ff15186dc05778ea12363cac0a310b6c7713c
Represents DataObject (DO) in the sense of ISO 7816-4. Contrary to
'normal' TLVs where one simply has any number of different TLVs that may
occur in any order at any point, ISO 7816 has the habit of specifying
TLV data but with very specific ordering, or specific choices of tags at
specific points in a stream. This is represented by DataObjectChoice,
DataObjectCollection and DataObjectSequence classes.
Change-Id: Iac18e7665481c9323cc7d22a3cd93e3da7869deb
When the Access Technology Identifier encoder sets the bits for E-UTRAN
it does not respect that bit "100" is also a valid bit combination that
encodes E-UTRAN WB-S1 and E-UTRAN NB-S1. Lets encode this bit
combination if the user is just specifying "E-UTRAN" without further
spefication of WB or NB.
The decoder only looks at bit 14 and decodes "1xx" always to "E-UTRAN".
This is not specific enough. Lets make sure that the decoder is
complementary to the encoder.
Change-Id: Ibfe8883a05f9ad6988d8e212cb9a598229954296
Related: OS#4963
The function dec_xplmn_w_act(), which is also used by
format_xplmn_w_act() is using integer numbers as MCC/MNC representation.
This causes various problems since the information about leading zeros
gets lost.
Change-Id: I57f7dff80f48071ef9a3732ae1088882b127a6d4
The dec_plmn function takes an hexstring and returns the decoded MCC and
MNC as integer values. The result is then used by the json encoder in
EF_PLMNsel, which means the json output will contrary to the input, use
integer values instead of strings.
This is not correct since there may be leading zeros (e.g. mnc 01 and
001 both exist are different) which must be retained in order to know
the correct length of the MNC.
Related: OS#4963
Change-Id: I393e04836814d992d2a6d0a4e4e01850976d6e81
To prevent missunderstandings when using enc_plmn(), specify the input
and return parameters as Hexstr.
Change-Id: I57cf8e2de357650aef2a06fbffc7615ccb2a45b4
Related: OS#4963
Previous implementation waits 300ms for response after
each command issued. But many commands finish earlier.
This patch improves the command execution time by frequently
checking for the response to complete (i.e. ends with
OK or ERROR), or the occurence of a timeout (default 200ms).
Timeout can be adapted per command to support long response
times of certain commands like AT+COPS=? (network search)
Execution time benchmark (20 AT commands/responses):
Previous: 6.010s (100.0%)
New code: 0.045s ( 0.7%)
Change-Id: I69b1cbc0a20d54791e5800bf27ebafc2c8606d93
Let's just use the scope limited TemporaryDirectory() instead, so
the temporary directory will be removed by Python automatically.
pySim/filesystem.py:679:16: E0602: Undefined variable 'shutil' (undefined-variable)
Change-Id: I4ea833fd79f4342c33899124379be509ba1e35ed
pySim/transport/__init__.py:86:15: E1101:
Instance of 'LinkBase' has no '_send_apdu_raw' member;
maybe 'send_apdu_raw'? (no-member)
Change-Id: I14fcdceca5d1e35491b6ad98f96b4276b69b2fc1
This method has been removed [1] in Python 3.0:
pySim/cards.py:581:14: E1101: Instance of 'dict' has no 'iteritems' member (no-member)
pySim/cards.py:591:24: E1101: Instance of 'dict' has no 'iteritems' member (no-member)
[1] https://wiki.python.org/moin/Python3.0#Built-In_Changes
Change-Id: Iba7ad9ed2a9b197ecedaaed1c6744fe1c721515a
Fixes the following pylint's warnings:
pySim/cards.py:494:18: E1101: Class '_MagicSimBase' has no '_files' member (no-member)
pySim/cards.py:509:6: E1101: Instance of '_MagicSimBase' has no '_files' member (no-member)
pySim/cards.py:529:26: E1101: Instance of '_MagicSimBase' has no '_files' member (no-member)
pySim/cards.py:537:5: E1101: Instance of '_MagicSimBase' has no '_ki_file' member (no-member)
pySim/cards.py:547:5: E1101: Instance of '_MagicSimBase' has no '_ki_file' member (no-member)
pySim/cards.py:548:8: E1101: Instance of '_MagicSimBase' has no '_ki_file' member (no-member)
pySim/cards.py:559:26: E1101: Instance of '_MagicSimBase' has no '_files' member (no-member)
pySim/cards.py:560:11: E1101: Instance of '_MagicSimBase' has no '_files' member (no-member)
pySim/cards.py:576:14: E1101: Instance of '_MagicSimBase' has no '_files' member (no-member)
Change-Id: I4db9d21258d6e04140962134c540e36631466322
pySim/card_key_provider.py:67:2: E1111:
Assigning result of a function call, where the function
has no return (assignment-from-no-return)
Change-Id: I43bab69f53300fbe837944735cd999fab5405d7a
Some modems may reject AT+CSIM if PDU contains lower
case hex digits [a-f]. Modem response is "ERROR"
without any error code.
This patch converts each PDU to upper case.
Tested with Sierra Wireless EM7565.
Example:
AT+CSIM=14,"00a40004023F00"
ERROR
AT+CSIM=14,"00A40004023F00"
+CSIM: 4,"612F"
OK
Change-Id: I318e36abc7ae975c62d32b7fe0ec949bf5997d13
The json input that is used with EF.MSISDN seems to be somewhat
ambigious. The original code accepts {"msisdn": "+4916012345678"}
only while the output is {"msisdn": [1, 1, "+4916012345678"]}. Lets
add a check and also accept the latter version.
Change-Id: I8f8dd68aac25d3fa3bc1aab06b855f8ec6640258
Related: OS#4963
I always assumed BER-TLV files are transparent EF with BER-TLV contents.
However, this is wrong. ETS TS 102 221 Section 8.2.2.4 specifies them.
TS 102 221 Section 11.3 describes the specific RETRIEVE DATA, SET DATA
commands, which are not yet implemented in pySim.
Change-Id: Ie4701d9f72b05c8a5810e287e55a20f6ea86a574
The encoding of EF.MSISDN is a bit unstrutured. The encoder function
does not return a valid result since it lacks the parameters
Capability/Configuration2 Record Identifier and Extension5 Record
Identifier, which are mandatory but can be set to 0xFF. Also the
encoder gets its input from pySim-shell, so it should have some
more input validation, especially when the user encodes an empty
string. The encoder and decoder function also do not have unit-tests.
Since the encoder now adds the missing two bytes by isself this does
not have to be done manually anymore, so cards.py needs to be
re-aligned.
For pySim-shell.py the encoder is used from ts_51_011.py. Unfortunately
it is used wrongly there. The optional Alpha Identifier is required
here as well.
Related: OS#4963
Change-Id: Iee5369b3e3ba7fa1155facc8fa824bc60e33b55b
Ideally that shared definition would be used by all programs,
rather than copy+pasting it. Unfortunately pySim-{read,prog}
are still using optparse and first need to be converted to
argparse.
Change-Id: If77f53850e1ca65f42cf1dca3e0f460dac1b0d1a
the helpstring of update_record_decoded mentions hex bytes for the data
parameter, but it should be mentioned as abstract json data like in
update_binary_decoded
Change-Id: Ibae2ab49054ac5dd6fcccddd28c98d886403dac9
Related: OS#4963
the export summary is printed after the log entry for the last file
without separation. This is confusing because it looks like if the
summary would refer to the last file only. Lets add a headline to make
clear that the last few lines are the "Export summary"
Change-Id: I90771e525b2b114bdb41a8e90d298ca991c09c3d
Related: OS#4963
Also serves as example for RFU (reserved for future use) fields
which should not always be reset to zero in case they have been
set on the uSIM for some reason.
See pySim/ts_51_011.py, class EF_AD.
* Add definitions for RFU {Flag, Bits, Byte, Bytes}
* Use IntEnum for OP_MODE (convenient auto completion)
* Remove obsolete definitions and imports
* Update test results for all SIMs (opmode strings are shortened)
Change-Id: I65e0a426f80a619fec38856a30e590f0e726b554
This adds support for AUTHENTICATE to the USIM and ISIM application,
based on the newly-introduced 'construct' encoder/decoder support.
Change-Id: Id5697463e29c3dceff98bcf80f5400f7f2bcaa6c
'construct' is a declarative symmetric encoder/decoder for user
specified binary formats. It should come in extremely handy in
tools like pySim.
We start the integration by adding transport methods for transceiving
APDUs with built-in encoding of the command data and decoding of the
response data.
Change-Id: Ibf457aa8b9480a8db5979defcfafd67674303f6c
Use ``--opmode=OPMODE`` in cmdline mode or column ``OPMODE`` in csv mode
to specify OPMODE as listed below.
Details:
The ``EF_AD`` field contains administrative data (AD).
It consists of four bytes ``B1``, ``B2``, ``B3``, ``B4``,
and optionally further bytes for future use.
Previous implementation only sets the MNC field appropriately
(located in `B4`) and sets all other bits/bytes to 0.
However, `B1` also defines the *UE operation mode* (see below).
For type approval operations, such as testing with a test uSIM,
this value could be set to `0x80` rather than `0x00`(= normal operation).
This may unlock some UE capabilities that are restricted in
normal operation mode.
Excerpt from [ETSI TS 131 102, 4.2.18](https://www.etsi.org/deliver/etsi_ts/131100_131199/131102/04.15.00_60/ts_131102v041500p.pdf):
```
B1 - UE operation mode:
Coding:
Initial value
- '00' normal operation.
- '80' type approval operations.
- '01' normal operation + specific facilities.
- '81' type approval operations + specific facilities.
- '02' maintenance (off line).
- '04' cell test operation.
B2 - Additional information:
Coding:
Reserved for future use
B3 - Additional information:
Coding:
- B3.b1: OFM setting (Ciphering Indicator)
- B3.others: Reserved for future use
B4 - Length of MNC in the IMSI:
Coding:
- B4.b4..B4.b1: length: '0010' (= 2) or '0011' (=3)
- B4.others: Reserved for future use
```
**Legend:** Byte X, bit Y: BX.bY
Further reading: https://nickvsnetworking.com/usim-basics/
Change-Id: Ie9040c6b127c268878a0845ed73d0918ec6bbb08
This means we can skip a lot of code that manually converts from
bytes to hex before JSON serialization.
Change-Id: I9c9eff0556d9d196e64553b5276e162f69d0c18f
This allows the user to edit the file/record contents in its
JSON representation inside the standard system text editor.
Change-Id: Icf6a6e8529e7664c5645519fb4bdd55b35f34664
The ``EF_ACC`` field defines the access control class (ACC)
for a subscriber.
Without this patch, the implementation adds padding 1 towards
the most significant bits if the input is shorter than 2 bytes.
However, it should be padded with 0, otherwise additional ACCs
are allocated to the subscriber. (Probably only a single bit
shall be set to 1)
Excerpt from [ETSI TS 131 102, 4.2.15](https://www.etsi.org/deliver/etsi_ts/131100_131199/131102/04.15.00_60/ts_131102v041500p.pdf):
```
EF_ACC: Two bytes: B1, B2
B1.b8...B1.b4: high priority users (class 15...11)
B1.b3: always 0
B1.b2...B1.b2 and B2.b7...B2.b0: normal priority users (class 9...0) - to be evenly distributed across subscribers
```
**Legend:** Byte X, bit Y: BX.bY
Change-Id: I1b8dc01a6c48adad1ed8158de59b12519ed688e9
The function fixup_fcp_proprietary_tlv_map() addes propritary TLV
tags in the range of d0 to ff to the TLV map. However, the spec defines
this range as b7 and b8 of the first tag byte set to 1. This results
in a range from c0 to ff. See also ETSI TS 102 221, section 11.1.1.4.6.0
Change-Id: I8359527c9ff303b257b181b87dc440f27735ece9
Related: OS#4963
This function is being used e.g. for ADF.USIM/EF.FPLMN entries.
The EF_PLMNsel class also already uses a function by this name, we just
haven't had any actual implementation around.
Change-Id: Iacb45c90bb6491ebb89a477a85ef1f3129b38788
the print statements in read_binary_decoded and update_binary_decoded
should have been removed a long time ago.
Change-Id: I9ccc61c426a755fae9008d0717d579fa2da0ef7c
The EF.AD class only had a partial decoder and no encoder before this
patch.
You can now do things like
pySIM-shell (MF/ADF.USIM/EF.AD)> read_binary_decoded
{
"ms_operation_mode": "normal_and_specific_facilities",
"specific_facilities": {
"ofm": false
},
"len_of_mnc_in_imsi": 2
}
pySIM-shell (MF/ADF.USIM/EF.AD)> update_binary_decoded '{"ms_operation_mode": "normal_and_specific_facilities", "specific_facilities": {"ofm": false}, "len_of_mnc_in_imsi": 3}'
not quite all that elegant yet, but working at all.
Change-Id: Id2cb66cb26b6bd08befe9f8468b0b0773da842b1
Prior to this patch, any SwMatchError raised within the 'transport'
would not be interpreted.
EXCEPTION of type 'SwMatchError' occurred with message: 'SW match failed! Expected 9000 and got 6982.'
vs (now)
EXCEPTION of type 'SwMatchError' occurred with message: 'SW match failed! Expected 9000 and got 6982: Command not allowed - Security status not satisfied'
Change-Id: I08b7f2b6bd422f7f2f36094bc8a29b187ff882a6
* move existing docs to sphinx / autodoc
* add more api documentation
* improve wording on some exception strings
Change-Id: Ia41e14d643d452d92fc8d3c2fb9c4ac9021402e9
"data" is an awfully generic term. Anything stored on a card is data.
This specific code deals with resolving key/pin material from an
external source.
Change-Id: I4c8e1be3e766f7c0565c07b39d48abf8adc375af
As we can notice during 'export': Some files had been defined
as LinFixed but are Transparent - and vice versa. Let's fix those
an bring our definitions in sync with the specs.
Change-Id: I365ece7b82a1c79b3af87a79ff964d7989362789
When the CardFile hierarchy talks about 'application' it means CardADF.
When the RuntimeState and CardProfile talk about 'application' they mean
a CardApplication.
Let's clarify this in the file names, and make CardADF have an optional
reference to the CardApplication, so that application specific status
word interpretation really works.
Change-Id: Ibc80a41d79dca547f14d5d84f447742e6b46d7ca
* add type annotations in-line with PEP484
* convert existing documentation to follow the
"Google Python Style Guide" format understood by
the sphinx.ext.napoleon' extension
* add much more documentation all over the code base
Change-Id: I6ac88e0662cf3c56ae32d86d50b18a8b4150571a
In Change-Id I848a766e6d00be497c7db905475e0681cce197ac we added a CardDF
instance for DF_5GS. That DF should not have provided a
decode_select_response() method, and instead fall back to that of the
base class, which calls the method of the parent directory (ADF_USIM).
The difference is illustrated below
pySIM-shell (MF/ADF.USIM/EF.IMSI)> select DF.5GS
"622e8202782183025fc0a509800171830400018d088a01058c056611111111c60f90017083010183018183010a83010b"
vs. (with this patch):
pySIM-shell (MF/ADF.USIM)> select DF.5GS
{
"file_descriptor": {
"shareable": true,
"file_type": "df",
"structure": "no_info_given"
},
"file_identifier": "5FC0",
"proprietary_info": {
"uicc_characteristics": "71",
"available_memory": 101640
},
"life_cycle_status_int": "operational_activated",
"security_attrib_compact": "6611111111",
"pin_status_template_do": "90017083010183018183010A83010B"
}
Change-Id: I80612711bbc8c47285a828a0759b20beea6619f1
At the moment we only have a basic version of a verify_chv commnad, but
in order to handle any CHV/PIN related situation we also need commands
to enable, disable, change and unblock CHV.
- fix verify_chv commnad: more distinct parameter names, better help
strings, correct pin code encoding and add external source lookup
- Add unblock_chv, change_chv, enable_chv and disable_chv commands
- add/fix related functions in commands.py
Change-Id: Ic89446e6bd2021095e579fb6b20458df48ba6413
Related: OS#4963
When a record or a binary file is written the card goes throth a full
flash/eeprom write cycle at this location, even when the data does not
change. This can be optimized by reading before writing in order to
compere if the data we are about to write is actually different.
Change-Id: Ifd1b80d3ede15a7caa29077a37ac7cf58c9053f1
Related: OS#4963
It can be hard to manage ADM pins when working with different cards at
the same time. To make this easier, add an automatic way to determine
the ADM pin for each card from a CSV file.
- add a CardData clas model that can be extended to to get the data from
various different sources. For now use CSV-Files. Also add a way how
multiple CardData classes can be registered so that one global get
function can query all registered CardData classes at once.
- automatically check for CSV-File in home directory and use it as
default CardData source unless the user specifies a CSV file via
commandline argument.
- extend the verify_adm command so that it automatically queries the
ADM pin if no argument is given. Also do not try to authenticate if
no ADM pin could be determined.
Change-Id: I51835ccb16bcbce35e7f3765e8927a4451509e77
Related: OS#4963
When the ADF is selected, then this is done by the AID. At the moment
only the first 7 bytes of the AID are used to select the ADF.
sysmo-isim-sja2 tolerates this, but sysmo-usim-sjs1 does not. The Cards
class already has methods to deal with this problem. The method
select_adf_by_aid takes an ADF name and completes the AID from an
internal list. This can be extended to support partial hexadecimal AIDs
as well.
Change-Id: If99b143ae5ff42a889c52e8023084692e709e1b1
Related: OS#4963
The class ShellCommands defined in ADF_USIM overloads useful CommandSet
classes defined in the superclass, making their commands inaccessible.
Also ts_31_102 does not have such a class definition in the ADF_ISIM
class, so lets remove this class.
Change-Id: I0e67c570fc4f17641d990a9cd239632ecf622de3
Related: OS#4963
Some cards may have additional propritary EF files which pySim-shell
does not support. If the user knows the exact FID the file can still be
selected and it is possible to read the file type and memory model from
the select response. This info can be used to create a new file object
at runtime that will work like any other EF/DF.
Change-Id: Iafff97443130f8bb8c5bc68f51d2fe1d93fff07c
Related: OS#4963
The Change I83d718ff9c3ff6aef47930f38d7f50424f9b880f removes the
keyword arguments from the CardProfile class constructor. This requires
us to use the keywords during instantiation since we can not rely on
the position anymore.
Change-Id: Ia62597c59287848662dbbedcc38ba90f183c4aca
The do_update_... functions do always print the returned data. However,
there may be no data. If this is the case than an empty line is printed.
This may cause ugly log output, especially when working with scripts.
Change-Id: Ia9715d46ec957544cfbeea98d2fe15eb74f5b884
Related: OS#4963
Having lists and dictionaries as default argument values is a bad
idea, because the same instance of list/dict will be used by all
objects instantiated using such constructor:
def appendItem(itemName, itemList=[]):
itemList.append(itemName)
return itemList
print(appendItem('notebook'))
print(appendItem('pencil'))
print(appendItem('eraser'))
Output:
['notebook']
['notebook', 'pencil']
['notebook', 'pencil', 'eraser']
Change-Id: I83d718ff9c3ff6aef47930f38d7f50424f9b880f
currently ADF.ISIM and ADF.USIM are always added regardless if there is
a matching application on the card or not. Lets check what applications
are actually installed and add ADF.ISIM and ADF.USIM dynamically.
Change-Id: I42ee23375f98e6322708c1c4db6d65e1425feecd
Related: OS#4963
In the method add_application() the method name should be append()
instead of add().
Change-Id: Ic8ad62567968e09786eac86f219b56a3d3200511
Related: OS#4963
The SW_match function takes a given status word and compares it against
a pattern that may contain wildcards (x or ?). This works by creating a
masked version of the SW using a pattern first (each hex digit is
replaced by a wildcard charafter if the pattern has a wildcard in the
same position). Once this is done, the resulting masked version is
compared at the pattern. However, the current implementation can not
work, since it compares the input SW against the pattern to decide
wihich chrafters should be masked. The input SW never contains wildcard
charafters.
Change-Id: I805ad32160fcfcb8628bf919b64f7eee0fe03c7e
Related: OS#4963
The _scc.veryif_adm() method already does status word checking
internally and also raises an execption should the authentication be
unsuccessful, so we do not have to put an additional status word check +
execition when we use the method from cards.
Change-Id: I785d27e4d49a9cda1a771b56ce5ac9c1f1d1e79a
Related: OS#4963
At the moment we use the send_apdu_checksw() method to send the APDU for
ADM authentication. This method only checks if the command returns with
sw = 9000. If not it raises an exception that the sw is not as expected.
The user may think that this is a problem with thr reader, pcscd or
pySim in the first place and may try multiple times until the card is
permanently locked. A better execption string that also displays the
tries which are left may be helpful.
Change-Id: Icf428831094f8c1045eefaa8cb2b92e6a36b0c13
Related: OS#4963
The file identifier of a file is strictly defined as a two digit
hexadecimal number. Do not allow adding child files that violate this
constraint.
Change-Id: I096907285b742e611d221b03ba067ea2522e7e52
Related: OS#4963
The __main__ function in filesystem.py seems to be some experimental
testcode from the very beginning of pySim-shell. Lets drop it.
Change-Id: I34f459469dfc45711ad0928c83184d7f99e0f5e3
Related: OS#4963
The method add_file of class CardDF does some constraint checking
to the basic file parameters (e.g. fid). Since one might also expect
those checks in the superclass CardFile lets leave a comment to make
the code better understandable.
Change-Id: Iebae28909fe6aade3bd4024112a222819572d735
Related: OS#4963
It is better to use the term "fid" instead of "name" when a reserved FID
is detected.
Change-Id: I054f3b3a156f0164c62610cfde1aec2145c20925
Related: OS#4963
pysim-shell does not have a convinient way to list the files available
in one directory. Tab completion currently is the only way to obtain a
list of the available files. Lets add a dir command to print a file
list.
Change-Id: Ic06a60e0a0ec54d9bb26e151453ceb49d69e3df7
Related: OS#4963
The flags NAMES, FIDS and APPS do not properly distinguish between
applications and normal files. With APPS it is only possible to exclude
or include the selectable applications in a list with NAMES or FIDS, but
it is not possible to get only the application names or identifiers.
- remove the APPS flag
- rename NAMES to FNAMES and make it only normal file related
- add ANAMES and relate it only to application (ADF) names
- add AIDS and relate it only to application identifiers
Change-Id: Id07e0dcbab10cd78c1b78d37319b7b0e5e83b64d
Related: OS#4963
At the moment we can only request pySim-shell to dump a specific record
of a file. However, it may be useful to dump multiple records of a
record oriented file at once.
Change-Id: Id62db2cba4e3dfb6a7b3e6be8b892c16d11a8e3e
Related: OS#4963
The file identifier (and allso application ids for ADFs), are
hexadecimal. We should be case insensitive when accepting hex
identifiers but file names should still be full matched.
Change-Id: Ibe283a108ddc9058af77c823b7222db555e1e0f6
Related: OS#4963
since we have added pySim-shell.py that has a lot of locations where the
user can enter hexadecimal data there is an increased need for input
validation. Lets add a central is_hex function that verifies hex
strings.
Change-Id: Ia29a13c9215357dd2adf141f2ef222c823f8456d
Related: OS#4963
When requesting what DF/EF/ADF are selectable it is useful to have some
control of what we do not want in the resulting list.
Change-Id: Idb50a512bfdbfdf2e98f2ce0e89928cb0ff19f5e
Related: OS#4963
The bug that was attempted to be fixed in [1] actually was in the
encoding API - pySim.utils.enc_plmn(). According to 3GPP TS 31.102,
which points to TS 24.008, the three-digit (E)HPLMN shall be encoded
as shown below (ASCII-art interpretation):
0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| MCC Digit 2 | MCC Digit 1 |
+---+---+---+---+---+---+---+---+
| MNC Digit 3 | MCC Digit 3 |
+---+---+---+---+---+---+---+---+
| MNC Digit 2 | MNC Digit 1 |
+---+---+---+---+---+---+---+---+
while pySim.utils.enc_plmn() would produce the following:
0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| MCC Digit 2 | MCC Digit 1 |
+---+---+---+---+---+---+---+---+
| MNC Digit 1 | MCC Digit 3 |
+---+---+---+---+---+---+---+---+
| MNC Digit 3 | MNC Digit 2 |
+---+---+---+---+---+---+---+---+
Initially the _decoding_ API was correct, but then got changed in
[1] to follow buggy pySim's encoding API. As a result, a (E)HPLMN
programmed with pySim-prog.py would look correct if verified by
pySim-read.py, but the actual file content would be wrong.
This situation shows that our 'program-read-match' build verification
approach alone is insignificant. The lack of unit test coverage,
at least for the core parts of the project, makes it possible to have
symmetrical bugs in both encoding and decoding API parts unnoticed.
This problem was found while trying to enable dead unit tests in [3].
Change [1] that introduced a symmetrical bug is reverted in [2].
Change-Id: Ic7612502e1bb0d280133dabbcb5cb146fc6997e5
Related: [1] I799469206f87e930d8888367890babcb8ebe23a9
Related: [2] If6bf5383988ad442e275efc7c5a159327d104879
Related: [3] I4d4facfabc75187acd5238ff4d0f26022bd58f82
This reverts commit bdf3d3597b, which
broke pySim.utils.dec_mnc_from_plmn(). According to 3GPP TS 31.102,
which points to TS 24.008, the three-digit EHPLMN shall be encoded
as shown below (ASCII-art interpretation):
0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| MCC Digit 2 | MCC Digit 1 |
+---+---+---+---+---+---+---+---+
| MNC Digit 3 | MCC Digit 3 |
+---+---+---+---+---+---+---+---+
| MNC Digit 2 | MNC Digit 1 |
+---+---+---+---+---+---+---+---+
So the original implementation was correct, and we even had a unit
test for it. Most likely, the SIM card itself was programmed
incorrectly?
Makes 'testDecMNCfromPLMN_threeDigitMNC' pass again.
Change-Id: If6bf5383988ad442e275efc7c5a159327d104879
As it turns out, we had this set of unit tests since 2018, but
so far they were not executed during the build verification.
Let's fix this:
* run unittest in discovery mode for all files in 'tests/' (commented out);
* rename this file, so it can be automatically detected and executed;
* properly import the API to be tested.
Currently 2 out of 16 unit tests are failing, so we need to get
them passing first and then uncomment the unittest execution.
Change-Id: I4d4facfabc75187acd5238ff4d0f26022bd58f82
This commit fixes two problems (found by semgrep):
* "'foo' and 'bar' in list" is incorrect, because it's interpreted
as "'foo' and ('bar' in list)". Strings with a non-zero length
evaluate to True, thus it's True if at least 'bar' is present.
* Copy-pasted 'E-UTRAN NB-S1' checked two times.
The first condition is redundant, and the whole block can be
re-implemented using two independent 'if' statements.
Change-Id: Iceb66160cfb571db8879d3810c55d252c763d320
pySim has already been migrated to Python 3 in another change [1],
and the build verification has been migrated to Debian 10 with
Python 3.7. However, there is still some backwards compatibility
code left. Let's get rid of it.
[1] Ic78da9c03e99f59d142c93394051bbc2751f0205
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Tweaked-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Change-Id: I430d173535e0cd5bb895b9dfc9070cbc40cfc8ff
Unfortunately, Debian ships old Python (3.5 vs 3.8) and old pyscard
(1.9.4 vs 1.9.9). Calling PCSCCardConnection.disconnect() from a
destructor causes warnings about ignored exceptions:
AttributeError: 'NoneType' object has no attribute 'disconnect'
AttributeError: 'NoneType' object has no attribute 'setChanged'
AttributeError: 'NoneType' object has no attribute 'SCardDisconnect'
TypeError: 'NoneType' object is not callable
All these exceptions happen in pyscard's own destructors.
Change-Id: I9c644bc5fe9791b141a30bfc13647d77937a82ee
This should resolve the following error when using with pycryptodome
instead of pycrypto:
TypeError: new() missing 1 required positional argument: 'mode'
Change-Id: Ibd3ca00d62b864909f5e89e0feb350268157a4ca
Related: OS#5060
In 4f6ca43e1f we started to use
the bytearray type as 'b' type, but PyCrypto insists on getting
a bytes type.
This fixes the following Exception:
TypeError: argument 1 must be read-only bytes-like object, not bytearray
Change-Id: If2a727ed417ffd56c0f7d7b4e9f633d67fde5ced
Closes: OS#5060
pySim-prog was nice when there were only 5 parameters on a SIM that we
could program, and where the use case was pretty limited. Today, we
have SIM/USIM/ISIM cards with hundreds of files and even more parameters
to program. We cannot add a command line argument for each file to
pySim-prog.
Instead, this introduces an interactive command-line shell / REPL,
in which one can navigate the file system of the card, read and update
files both in raw format and in decoded/parsed format.
The idea is primarily inspired by Henryk Ploatz' venerable
cyberflex-shell, but implemented on a more modern basis using
the cmd2 python module.
See https://lists.osmocom.org/pipermail/simtrace/2021-January/000860.html
and https://lists.osmocom.org/pipermail/simtrace/2021-February/000864.html
for some related background.
Most code by Harald Welte. Some bug fixes by Philipp Maier
have been squashed.
Change-Id: Iad117596e922223bdc1e5b956f84844b7c577e02
Related: OS#4963
The code was written long ago, when the python3 bytearray type
probably didn't exist yet, or was at least not known. Let's stop
using string types with binary bytes inside, and instead standardize
on two types:
* bytearray for binary data
* string for hexadecimal nibbles representing that binary data
Change-Id: I8aca84b6280f9702b0e2aba2c9759b4f312ab6a9
This method, like select_adf(), only selects a single file ID
and unlike select_path() returns the actual status words returned by the
card.
Change-Id: I8bc86654c6d79f2428e196cc8a401e12d93a676b
In reality, the function is not a simple avstraction around the SELECT
command, but it iterates over a list/path and selects at each element.
Change-Id: I63e01155de4ae47aeed8500708c0eb6580c7b8d1
This allows callers further up the stack to catch the exception and
interpret it in some way (like decoding the number of remaining tries
in case of authentication errors)
Change-Id: Ia59962978745aef7038f750fa23f8dfc820645f4
SJS1 and SJA2 card types don't use the generic verify_adm()
method of the Card base class, so they must override it with their
own methods. Only this way application code can call card.verify_adm()
irrespective of the card type.
Change-Id: I05f7f3280873f006310266867f04a9ce1b0a63af
The SerialSimLink only has an _sl member if serial initalization was
successfull. If we close a serial connection, check if we even have the
_sl member. Otherwise move on silently.
Change-Id: Ic3f3f5e50d780f424da7d0be5733d7167bb7159c
The most common reason for pySim to crash is when it is executed without
commandline parameters. Then pySim will expect a serial reader on
/dev/ttyUSB0 since this is the default. Lets check if /dev/ttyUSB0 even
exists before trying to open it.
Change-Id: I7545c728b531e9a796eee8f80f0b08d4097f8399
Failed reader initializations happen frome time to time, mostly because
of messed up commandline arguments. This results in ugly crashes very
often. Lets control this a bit by catching the exception string and
print it.
Change-Id: I313017355da01bbef7c3d3f1899555aadb509319
This commit fixes the incorrect parsing of MNC from PLMN.
Previously its was parsing PLMN string 130062 as MCC 310 MNC 260,
whereas it should be MCC 310 MNC 026.
(The SIM was programmed with MCC 310 and MNC 026)
Change-Id: I799469206f87e930d8888367890babcb8ebe23a9
This EF contains one or more records, with each record able
to hold a public SIP Identity (SIP URI) of the user. EF.IMPU consist of URI TLV data
object values see IETF RFC 3261. The URI shall be encoded to an octet string according
to UTF-8 encoding rules as specified in IETF RFC 3629
./pySim-prog.py -p 0 -x 001 -y 01 -s 8988211900000000004 -i 001011234567895 -k 8baf473f2f8fd09487cccbd7097c6862 --op 11111111111111111111111111111111 -o 8E27B6AF0E692E750F32667A3B14605D -a 85524953 -n isim.test --msisdn 0598765432100 --epdgid epdg.epc.mnc001.mcc001.pub.3gppnetwork.org --pcscf pcscf.ims.testop.org --ims-hdomain ims.testop.org --impi 1234567895@ims.testop.org --impu sip:5987654321@ims.testop.org
Change-Id: If10bc2e50eca390b81755b5cc7211e695233612d
This EF contains the private user identity of the user. EF.IMPI consist of
NAI TLV data object values see IETF RFC 2486. The NAI shall be encoded to
an octet string according to UTF-8 encoding rules as specified in IETF RFC 3629
./pySim-prog.py -p 0 -x 001 -y 01 -s 8988211900000000004 -i 001011234567895 -k 8baf473f2f8fd09487cccbd7097c6862 --op 11111111111111111111111111111111 -o 8E27B6AF0E692E750F32667A3B14605D -a 85524953 -n isim.test --msisdn 0598765432100 --epdgid epdg.epc.mnc001.mcc001.pub.3gppnetwork.org --pcscf pcscf.ims.testop.org --ims-hdomain ims.testop.org --impi 1234567895@ims.testop.org
Change-Id: Ic1ccf99b5aa45297ef1e43a43373df603f756379
IMS public user identity (IMPU)
As per TS1.103, this EF contains one or more records, with each record able
to hold a public SIP Identity (SIP URI) of the user. EF.IMPI consist of URI TLV data
object values see IETF RFC 3261. The URI shall be encoded to an octet string according
to UTF-8 encoding rules as specified in IETF RFC 3629
Reading of EF.IMPU is achieved by first selecting the ISIM application using its AID.
This is followed by selecting EF.IMPU with File ID - 6f04 in ADF.ISIM
Change-Id: Icf78a564aeaf4254658d3b018ff57dfc4b987e6f
IMS private user identity (IMPI)
As per TS1.103 version 14.2.0, this EF contains the private user identity of the user.
EF.IMPI consist of NAI TLV Data object.The NAI shall be encoded to an octet string
according to UTF-8 encoding rules as specified in IETF RFC 3629.
Reading of EF.IMPI is achieved by first selecting the ISIM application using its AID.
This is followed by selecting EF.IMPI with File ID - 6f02 in ADF.ISIM
Change-Id: I8d8e76e3f6b9ca7a0be262fee99cd5a397edbefa
Harald Welte
Philipp Maier
andrew-ma
Vadim Yanitskiy