shadysim.py: fix: do not apply redundant 8 * '00' padding

When the application message payload is encrypted with any variant
of DES, the length of the ciphertext has to be a multiple of 8 bytes
- hence if the plaintext length is not a multiple of 8 bytes, the
plaintext needs to be padded.

If the ciphertext is already aligned, the current logic would append
8 redundant padding octets.  The resulting encrypted message should
be considered malformed per standard specs, but sysmoUSIM-SJS1 cards
are liberal in what they accept in this instance thus the bug went
unnoticed.  The newer sysmoISIM-SJA2 cards do not accept such
malformed messages with invalid padding.

This bug was discovered and reported by the Mother Mychaela, see:
https://lists.osmocom.org/pipermail/openbsc/2021-February/013414.html

README.md

@@ -35,10 +35,10 @@ Use the hello-stk example to get started.
 
 	$ mkdir javacard
 	$ cd javacard
+	$ git clone https://git.osmocom.org/sim/sim-tools
 	$ git clone https://git.osmocom.org/sim/hello-stk
 	$ cd hello-stk
-	$ git submodule update --init --recursive
-	$ ant
+	$ make
 
 To install the applet onto a SIM card, first set the type of reader you are using.
 

shadysim/shadysim.py

@@ -114,10 +114,10 @@ class AppLoaderCommands(object):
 		# Padding if Ciphering is used
 		if ((spi_1 & 0x04) != 0): # check ciphering bit
 			len_cipher = 6 + len_sig + (len(data) / 2)
-			pad_cnt = 8 - (len_cipher % 8) # 8 Byte blocksize for DES-CBC (TODO: different padding)
-			# TODO: there is probably a better way to add "pad_cnt" padding bytes
-			for i in range(0, pad_cnt):
-				data = data + '00';
+			# 8 Byte blocksize for DES-CBC (TODO: different padding)
+			if len_cipher % 8 > 0:
+				pad_cnt = 8 - (len_cipher % 8)
+				data += '00' * pad_cnt
 
 		# CHL + SPI first octet
 		part_head = ('%02x' % (0x0D + len_sig)) + ('%02x' % (spi_1))