This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Mychaela Falconia mychaela.falconia at gmail.comHello again everyone, The mystery I reported this morning regarding the test_rfm function of shadysim.py working on sysmoUSIM-SJS1 but not on sysmoISIM-SJA2 has been solved. I have written my own suite of C tools to replace the Python tool for my purposes, and in the process of studying the Python code for the purpose of recreating its logic in C I found the bug that makes the original code not work with the new SIMs. The bug is in the padding logic. When the application message payload is encrypted with any variant of DES (including the two-key 3DES used on Sysmocom SIMs), the length of the ciphertext has to be a multiple of 8 bytes - hence if the plaintext length is not a multiple of 8 bytes, the plaintext needs to be padded. But what should happen if the plaintext length going into the cipher just happens to be a perfect multiple of 8 bytes? The correct answer (ought to be obvious) is to apply no padding at all, i.e., zero bytes of padding. However, the Python code in shadysim.py adds 8 bytes of padding, and sets the number of padding bytes in the header to 8. The resulting encrypted message should be considered malformed per standard specs, but sysmoUSIM-SJS1 cards are liberal in what they accept in this instance, thus the bug went unnoticed. The newer sysmoISIM-SJA2 cards do not accept such malformed messages with invalid padding, and it just so happens that the message generated by the test_rfm function has 40 bytes of plaintext going into the cipher, perfectly divisible by 8 - hence the test_rfm function fails on the new cards. I am not able to produce a patch for shadysim.py because Python is a read-only language for me: I can kinda-sorta read Python code and figure out what it's doing, so I can reproduce its logic in C or Bourne shell (my two languages), but writing or modifying Python code is a territory I don't feel ready to venture into. My new C tools for OTA SIM programming which do work with both sysmoUSIM-SJS1 and sysmoISIM-SJA2 cards reside here: https://www.freecalypso.org/hg/fc-ota-tools/ These tools go as far as generating the hex string of bytes to feed to the SIM in an ENVELOPE command; to actually interact with the SIM in a CCID "reader" and send this ENVELOPE command, fc-simtool needs to be used: https://www.freecalypso.org/hg/fc-pcsc-tools/ In hacking fellowship, Mother Mychaela