https://osmocom.org/https://osmocom.org/favicon.ico?16647414092021-01-10T04:53:03ZOpen Source Mobile CommunicationspySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=207332021-01-10T04:53:03ZBrandon
<ul></ul> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=213712021-02-21T13:52:18Zmerlinchlosta
<ul></ul><p>Just a quick observation:</p>
<p>sysmoISIM-SJA2 has Services 123 (5G Security Parameters) & 124 set by default but no EF_5G_Auth_Keys and EF_SUCI_Calc_Info files present. My Qualcomm modems don't fall back to IMSI then but instead show a USIM failure and apparently stop searching/connecting anything 5G.</p>
<p>So either disabling the services or writing the files is a must with these modems and 5G-SA.</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=213722021-02-21T16:30:09Zlaforge
<ul></ul><p>On Sun, Feb 21, 2021 at 01:52:18PM +0000, merlinchlosta [REDMINE] wrote:</p>
<blockquote>
<p>sysmoISIM-SJA2 has Services 123 (5G Security Parameters) & 124 set by default but no EF_5G_Auth_Keys and EF_SUCI_Calc_Info files present.</p>
</blockquote>
<p>Those files defintiely exist. how did you check for those files presence and how did you determine<br />they don't? Please let me know so we can clarify.</p>
DF_5GS should exist in ADF_USIM, and below DF_5GS there are
<ul>
<li>EF_5GS3GPPLOCI</li>
<li>EF_5GSN3GPPLOCI</li>
<li>EF_5GS3GPPNSC</li>
<li>EF_5GSN3GPPNSC</li>
<li>EF_5GAUTHKEYS</li>
<li>EF_UAC_AIC</li>
<li>EF_SUCI_CalcInfo</li>
<li>EF_OPL5G</li>
<li>EF_SNSI</li>
<li>EF_Routing_Indicator</li>
</ul>
<blockquote>
<p>So either disabling the services or writing the files is a must with these modems and 5G-SA.</p>
</blockquote>
Yes, you either need to
<ol>
<li>disable the services in the SST (if not needed), or</li>
<li>actually write your related information/configuration to the files (which do exist)</li>
</ol>
<p>The same is true for virtually all the files on the cards. We generally try to create<br />all files that are ever specified anywhere in 3GPP specs, as creation of new files is only<br />possible during card personalization and not later at runtime. It's then up to the user to<br />enable/disable those services they need / want in EF.SST, EF.UST and EF.IST.</p>
<p>Regards,<br /> Harald</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=213772021-02-22T07:19:26Zmerlinchlosta
<ul></ul><p>I've added the following code in pySim-read, just after USIM initialization (I'm not very familiar with SIM, want to make sure I'm in the right… directory?)</p>
<pre><code class="python syntaxhl"> <span class="c1"># Check whether we have th AID of USIM, if so select it by its AID
</span> <span class="c1"># EF.UST - File Id in ADF USIM : 6f38
</span> <span class="k">if</span> <span class="s">'9000'</span> <span class="o">==</span> <span class="n">card</span><span class="p">.</span><span class="n">select_adf_by_aid</span><span class="p">():</span>
<span class="c1"># Select USIM profile
</span> <span class="n">usim_card</span> <span class="o">=</span> <span class="n">UsimCard</span><span class="p">(</span><span class="n">scc</span><span class="p">)</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_UST available (just to check): %s"</span> <span class="o">%</span> <span class="nb">str</span><span class="p">(</span><span class="n">usim_card</span><span class="p">.</span><span class="n">file_exists</span><span class="p">(</span><span class="s">'6F38'</span><span class="p">)))</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_SUCI_Calc_Info available: %s"</span> <span class="o">%</span> <span class="nb">str</span><span class="p">(</span><span class="n">usim_card</span><span class="p">.</span><span class="n">file_exists</span><span class="p">(</span><span class="s">'4F07'</span><span class="p">)))</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_5G_Auth_Keys available: %s"</span> <span class="o">%</span> <span class="nb">str</span><span class="p">(</span><span class="n">usim_card</span><span class="p">.</span><span class="n">file_exists</span><span class="p">(</span><span class="s">'4F05'</span><span class="p">)))</span>
<span class="p">(</span><span class="n">res</span><span class="p">,</span> <span class="n">sw</span><span class="p">)</span> <span class="o">=</span> <span class="n">card</span><span class="p">.</span><span class="n">read_binary</span><span class="p">(</span><span class="s">'6F38'</span><span class="p">)</span>
<span class="k">if</span> <span class="n">sw</span> <span class="o">==</span> <span class="s">'9000'</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_UST: %s"</span> <span class="o">%</span> <span class="n">res</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_UST: Can't read, response code = %s"</span> <span class="o">%</span> <span class="p">(</span><span class="n">sw</span><span class="p">,))</span>
<span class="p">(</span><span class="n">res</span><span class="p">,</span> <span class="n">sw</span><span class="p">)</span> <span class="o">=</span> <span class="n">card</span><span class="p">.</span><span class="n">read_binary</span><span class="p">(</span><span class="s">'4F07'</span><span class="p">)</span>
<span class="k">if</span> <span class="n">sw</span> <span class="o">==</span> <span class="s">'9000'</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_SUCI_Calc_Info: %s"</span> <span class="o">%</span> <span class="n">res</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_SUCI_Calc_Info: Can't read, response code = %s"</span> <span class="o">%</span> <span class="p">(</span><span class="n">sw</span><span class="p">,))</span>
<span class="p">(</span><span class="n">res</span><span class="p">,</span> <span class="n">sw</span><span class="p">)</span> <span class="o">=</span> <span class="n">card</span><span class="p">.</span><span class="n">read_binary</span><span class="p">(</span><span class="s">'4F05'</span><span class="p">)</span>
<span class="k">if</span> <span class="n">sw</span> <span class="o">==</span> <span class="s">'9000'</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_5G_Auth_Keys: %s"</span> <span class="o">%</span> <span class="n">res</span><span class="p">)</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">print</span><span class="p">(</span><span class="s">"EF_5G_Auth_Keys: Can't read, response code = %s"</span> <span class="o">%</span> <span class="p">(</span><span class="n">sw</span><span class="p">,))</span>
</code></pre>
<p>Output:<br /><pre>
Using PC/SC reader interface
Reading ...
Autodetected card type: sysmoISIM-SJA2
ICCID: 8988211000000448822
...
EF_UST available (just to check): True
EF_SUCI_Calc_Info available: False
EF_5G_Auth_Keys available: False
EF_UST: beff9f9de73e0408400170330000000000000000
Traceback (most recent call last):
File "./pySim-read.py", line 267, in <module>
(res, sw) = card.read_binary('4F07')
File "/home/merlin/tools/pysim/pySim/cards.py", line 189, in read_binary
return self._scc.read_binary(ef_path, length, offset)
File "/home/merlin/tools/pysim/pySim/commands.py", line 128, in read_binary
r = self.select_file(ef)
File "/home/merlin/tools/pysim/pySim/commands.py", line 119, in select_file
data, sw = self._tp.send_apdu_checksw(self.cla_byte + "a4" + self.sel_ctrl + "02" + i)
File "/home/merlin/tools/pysim/pySim/transport/__init__.py", line 104, in send_apdu_checksw
raise RuntimeError("SW match failed! Expected %s and got %s." % (sw.lower(), rv[1]))
RuntimeError: SW match failed! Expected 9000 and got 6a82.
</pre><br />Same if I read the other file first, 6a82 seems something like "not found". If I understand correctly, a locked file would still be found?</p>
<p>I've played with the MS Operation Mode as well but besides the card is pretty fresh.</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=213792021-02-22T11:00:11Zlaforge
<ul></ul><p>On Mon, Feb 22, 2021 at 07:19:26AM +0000, merlinchlosta [REDMINE] wrote:</p>
<blockquote>
<p>I've added the following code in pySim-read, just after USIM initialization (I'm not very familiar with SIM, want to make sure I'm in the right… directory?)</p>
</blockquote>
<p>You are not in the right directory. You are in ADF.USIM, not in ADF.USIM/DF.5GS</p>
<p>See 3GPP TS 31.102 for the directory hierarchy.</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=213892021-02-23T09:55:14Zmerlinchlosta
<ul></ul><p>Thanks a lot, the files are there of course.</p>
<p>For anybody googling this, I read ADF.USIM/DF.5GS like this: <a class="external" href="https://github.com/mrlnc/pysim/commit/c7f9afeeeb43dd4f62ced3f1c63aa21983fcdb24">https://github.com/mrlnc/pysim/commit/c7f9afeeeb43dd4f62ced3f1c63aa21983fcdb24</a><br />and updated the UST with something like this in SysmoISIMSJA2.program():<br /><pre>
print("Disabling 5G Security Parameters")
ust_5g = [122, 123, 124, 126]
for service in ust_5g:
sw = self.update_ust(service, 0)
if sw != '9000':
print("Disabling 5G Service %i failed with code %s"% (service, sw))
</pre></p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=215022021-03-06T16:31:00Zmerlinchlosta
<ul></ul>For each key we need some parameters, which is quite annoying via CLI.
<ul>
<li>scheme (profile A or B)</li>
<li>key identifier (currently hardcoded & limited to 1 byte)</li>
<li>key</li>
<li>priority in some way</li>
</ul>
<p>My WIP branch is here: <a class="external" href="https://github.com/mrlnc/pysim/tree/wip-suci">https://github.com/mrlnc/pysim/tree/wip-suci</a></p>
<p>Right now the identifiers & file order are hardcoded to replicate the test file from TS31.121 4.9.4. Changing priority works as expected and is accepted by the modem.</p>
<p>I'll check out the pySim-shell first.</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=215122021-03-07T15:30:12Zlaforge
<ul></ul><p>Hi Merlin,</p>
<p>On Sat, Mar 06, 2021 at 04:31:00PM +0000, merlinchlosta [REDMINE] wrote:</p>
<blockquote>
<p>For each key we need some parameters, which is quite annoying via CLI.</p>
</blockquote>
<p>that's exactly why we started pySim-shell. The core code base is merged by now,<br />also showing a variety of example classes for encoding/decoding some of the files.</p>
<p>Feel free to reach out in case you have any questions regarding pySim-shell.</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=218092021-04-01T12:52:27Zmerlinchlosta
<ul></ul><p>pysim-shell is pretty cool! I integrated SUCI-Calc-Info: <a class="external" href="https://github.com/mrlnc/pysim/tree/wip-shell-suci">https://github.com/mrlnc/pysim/tree/wip-shell-suci</a></p>
Works:
<ul>
<li>Encode + Write</li>
<li>Read + Decode</li>
<li>Testcase replicating the example file from</li>
</ul>
<p>I take the JSON input to encode the file; what would be the right place for documentation of the format?</p>
<pre><code>
pySIM-shell (MF)> select ADF.USIM
pySIM-shell (MF/ADF.USIM)> select DF.5GS
pySIM-shell (MF/ADF.USIM/DF.5GS)> select EF.SUCI_Calc_Info
pySIM-shell (MF/ADF.USIM/DF.5GS/EF.SUCI_Calc_Info)> update_binary_decoded '{"prot_scheme_id_list": [{"priority": 0, "identifier": 2, "key_index": 1}, {"priority": 1, "identifier": 1, "key_index": 2}, {"priority": 2, "identifier": 0, "key_index": 0}], "hnet_pubkey_list": [{"hnet_pubkey_identifier": 27, "hnet_pubkey": "0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1"}, {"hnet_pubkey_identifier": 30, "hnet_pubkey": "5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650"}]}
pySIM-shell (MF/ADF.USIM/DF.5GS/EF.SUCI_Calc_Info)> read_binary_decoded
9000: a006020101020000a14b80011b81210272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd180011e81205a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650a650ffffffffffffffffffffffffff -> {'prot_scheme_id_list': [{'priority': 0, 'identifier': 2, 'key_index': 1}, {'priority': 1, 'identifier': 1, 'key_index': 2}, {'priority': 2, 'identifier': 0, 'key_index': 0}], 'hnet_pubkey_list': [{'hnet_pubkey_identifier': 27, 'hnet_pubkey': '0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1'}, {'hnet_pubkey_identifier': 30, 'hnet_pubkey': '5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650'}]}
{
"prot_scheme_id_list": [
{
"priority": 0,
"identifier": 2,
"key_index": 1
},
{
"priority": 1,
"identifier": 1,
"key_index": 2
},
{
"priority": 2,
"identifier": 0,
"key_index": 0
}
],
"hnet_pubkey_list": [
{
"hnet_pubkey_identifier": 27,
"hnet_pubkey": "0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1"
},
{
"hnet_pubkey_identifier": 30,
"hnet_pubkey": "5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650"
}
]
}
</code></pre>
<p>Export still fails; maybe I didn't register the directory correctly?<br />Output:<br /><pre><code>
################################################################################
# MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI #
################################################################################
# directory: MF/ADF.USIM/DF.5GS (3f00/a0000000871002/5fc0)
# file: EF.5GS3GPPLOCI (4f01)
# bad file: MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI/EF.5GS3GPPLOCI, string indices must be integers
#
################################################################################
# MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI/EF.5GSN3GPPLOCI #
################################################################################
# directory: MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI (3f00/a0000000871002/5fc0/4f01)
# file: EF.5GSN3GPPLOCI (4f02)
# bad file: MF/ADF.USIM/DF.5GS/EF.5GSN3GPPLOCI/EF.5GSN3GPPLOCI, string indices must be integers
</code></pre><br />Fails because <code>
fcp_dec = self._cmd.rs.select(filename, self._cmd)
</code> doesn't return a dict but some hex string.</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=218102021-04-01T13:35:00Zlaforge
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>Assignee</strong> set to <i>dexter</i></li></ul> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=218112021-04-01T13:37:04Zlaforge
<ul></ul><p>merlinchlosta wrote:</p>
<blockquote>
<p>pysim-shell is pretty cool! I integrated SUCI-Calc-Info: <a class="external" href="https://github.com/mrlnc/pysim/tree/wip-shell-suci">https://github.com/mrlnc/pysim/tree/wip-shell-suci</a></p>
</blockquote>
<p>happy to hear you like it.</p>
<blockquote>
<p>I take the JSON input to encode the file; what would be the right place for documentation of the format?</p>
</blockquote>
<p>Unfortunately we haven't yet figured that out. I'm not sure what kind of frameworks would exist in python to help us with documentation. Ideally the documentation would be written in-line next to the code (less chance to go out of date), and then extracted into some kind of spec/reference document.</p>
<blockquote>
<p>Export still fails; maybe I didn't register the directory correctly?</p>
</blockquote>
<p>I've assigned this ticket to <a class="user active" href="https://osmocom.org/users/15">dexter</a> who wrote the export, maybe he can help.</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=218122021-04-01T14:28:47Zmerlinchlosta
<ul></ul><p>applied your comments from github, gerrit PR: <a class="external" href="https://gerrit.osmocom.org/c/pysim/+/23564">https://gerrit.osmocom.org/c/pysim/+/23564</a></p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=218532021-04-07T07:25:56Zmerlinchlosta
<ul></ul><p>Export works as expected since you removed the DF.5GS decode_select_response() in commit 082d4e095688df3cbbb8675e4bf4bdade6a28d14.</p> pySim - Feature #4807: Support for writing EF_SUCI_Calc_Infohttps://osmocom.org/issues/4807?journal_id=220452021-05-03T17:15:29Zdexter
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Hello merlinchlosta,</p>
<p>thanks for contributing to pySim-shell. I see your patch got merged some time ago. I have now tested (decoded) reading and writing of EF_UST and ADF_USIM/EF_SUCI_Calc_Info and as far as I can tell it works fine. So I think we can close this ticket now.</p>
<p>Best regards.<br />Philipp</p>