- gerrit-log - lists.osmocom.org

[XS] Change in osmo-ttcn3-hacks[master]: NGAP_Emulation: Use specific record types for AMF/RAN IDs
by laforge 27 Feb '26

27 Feb '26

Attention is currently required from: pespin. laforge has posted comments on this change by pespin. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/42232?usp=email ) Change subject: NGAP_Emulation: Use specific record types for AMF/RAN IDs ...................................................................... Patch Set 1: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/42232?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Change-Id: Ibd85be865a3a61c97d312df76ab3d1ae7ae32a6a Gerrit-Change-Number: 42232 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Comment-Date: Fri, 27 Feb 2026 13:04:55 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

1 0

[M] Change in pysim[master]: docs/smpp-ota-tool: Add documentation/tutorial
by laforge 27 Feb '26

27 Feb '26

Attention is currently required from: dexter. laforge has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42237?usp=email ) Change subject: docs/smpp-ota-tool: Add documentation/tutorial ...................................................................... Patch Set 1: (10 comments) File docs/smpp-ota-tool.rst: https://gerrit.osmocom.org/c/pysim/+/42237/comment/6f384f16_3412eeb9?usp=em… : PS1, Line 5: cards an eUICC must not be a card, in fact most often it is not. I would just write "of SIM/USIM/UICC/eUICC." or something like that. https://gerrit.osmocom.org/c/pysim/+/42237/comment/a1dca5bb_cf9dcc7e?usp=em… : PS1, Line 6: SMPP : server "... SMPP server (such as a production SMSC of a live cellular network) as well." I think it makes sense to clarify that one can use this in a production setup if one is an operator and has SMPP access to ones own SMSC. https://gerrit.osmocom.org/c/pysim/+/42237/comment/a433b6d8_ae166f51?usp=em… : PS1, Line 17: a se it's not "a set" but "sets of keys".. Somehow the paragraph doesn't really make it clear that the SCP80 keys must be used. You just say that the SCP80 protocol is used, and not that therem ight be different sets of keys for different SCPs and one of the SCP80 keysets must be used. https://gerrit.osmocom.org/c/pysim/+/42237/comment/5a0511ef_2bd90920?usp=em… : PS1, Line 17: card we have many more instances of "card" in the document, it seems. Maybe add an initial paragraph at the top that whenever "SIM" is used, any of UICC/USIM/ISIM/eUICC/eSIM is actually meant? Or one could also do the same with the word "card": Define the word "card" in the context of this document as "any SIM/USIM/ISIM/UICC/eUICC/eSIM whether or not it is in a physical card or solder form-factor"? https://gerrit.osmocom.org/c/pysim/+/42237/comment/c23d3254_fea15b03?usp=em… : PS1, Line 26: The KIK is not used in the scope of SCP80. oh, are you sure? That means you cannot deploy new SCP80 (or other) keys via SCP80? I would have assumed that using RAM one could also issue PUT KEY and then the KIK would be used? Do you have a spec reference for your statement that it's not used? https://gerrit.osmocom.org/c/pysim/+/42237/comment/29e48c59_b5678c82?usp=em… : PS1, Line 28: programmed into the issuer security domain (ISD) the keyset doesn't have to be in the ISD. I think any security domain (whether issuer or supplementary) could in theory specify its own material? Might be best to just say "security domain" without being too specific. https://gerrit.osmocom.org/c/pysim/+/42237/comment/d24b1c40_3c72e02a?usp=em… : PS1, Line 84: A0A40000027F20 might be worth using formatting instructions to use monospaced font for all APDUs or other hex-strings https://gerrit.osmocom.org/c/pysim/+/42237/comment/24338766_a56d9080?usp=em… : PS1, Line 86: is received by the SIM RFM application and then executed. This method poses some limitations that have to be taken into might be worth stating that he SIM RFM application is "on the card" https://gerrit.osmocom.org/c/pysim/+/42237/comment/72d2a4ae_e9bf2c30?usp=em… : PS1, Line 115: : To prevent this, we may include a replay protection counter within the message. In this case, the MSL indicates that a : replay protection counter is not required. However, to extended the security of our messages, we may chose to use a : counter anyway. In the following example, we will encode a counter value of 100. We will instruct the card to make sure : that the value we send is higher than the counter value that is currently stored in the card. it might be worth mentioning at some earlier point that the MSL of the card may be different for different card types/profiles, and that cards beyond lab/experimentation use should ideally have a MSL that makes the use of the counter mandatory. It's just the sysmoISIM-SJS1/SJA2/SJA5 that do not have a MSL requiring a counter as that makes it easier for lab/research type use. https://gerrit.osmocom.org/c/pysim/+/42237/comment/7d9b144f_664ade33?usp=em… : PS1, Line 162: overlap "... it will not wrap on overflow ... -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42237?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: If0d18a263f5a6dc035b90f5c5c6a942d46bbba49 Gerrit-Change-Number: 42237 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-CC: Jenkins Builder Gerrit-CC: laforge <laforge(a)osmocom.org> Gerrit-Attention: dexter <pmaier(a)sysmocom.de> Gerrit-Comment-Date: Fri, 27 Feb 2026 13:04:29 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No

1 0

[M] Change in pysim[master]: contrib/smpp-ota-tool: define commandline arguments in global scope
by laforge 27 Feb '26

27 Feb '26

Attention is currently required from: dexter. laforge has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42236?usp=email ) Change subject: contrib/smpp-ota-tool: define commandline arguments in global scope ...................................................................... Patch Set 1: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42236?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I2d9782e3f5b1cac78c22d206fdcac4118c7d5e7c Gerrit-Change-Number: 42236 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-CC: Jenkins Builder Gerrit-Attention: dexter <pmaier(a)sysmocom.de> Gerrit-Comment-Date: Fri, 27 Feb 2026 12:50:58 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

1 0

[S] Change in pysim[master]: contrib/smpp-ota-tool: use '-' instead of '_' in command line args
by laforge 27 Feb '26

27 Feb '26

Attention is currently required from: dexter. laforge has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42235?usp=email ) Change subject: contrib/smpp-ota-tool: use '-' instead of '_' in command line args ...................................................................... Patch Set 1: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42235?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Icbe9d753d59263997e9ca34d46ed0daca36ca16c Gerrit-Change-Number: 42235 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-CC: Jenkins Builder Gerrit-Attention: dexter <pmaier(a)sysmocom.de> Gerrit-Comment-Date: Fri, 27 Feb 2026 12:50:38 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

1 0

[XS] Change in pysim[master]: contrib/smpp-ota-tool: fix description string (copy+paste error)
by laforge 27 Feb '26

27 Feb '26

Attention is currently required from: dexter. laforge has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42234?usp=email ) Change subject: contrib/smpp-ota-tool: fix description string (copy+paste error) ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42234?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I559844bfa1ac372370ef9d148f2f8a6bf4ab4ef5 Gerrit-Change-Number: 42234 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: dexter <pmaier(a)sysmocom.de> Gerrit-Comment-Date: Fri, 27 Feb 2026 12:50:23 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

1 0

[M] Change in pysim[master]: tests/pySim-smpp2sim_test: add testcases for AES128 and AES256
by laforge 27 Feb '26

27 Feb '26

Attention is currently required from: dexter. laforge has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42189?usp=email ) Change subject: tests/pySim-smpp2sim_test: add testcases for AES128 and AES256 ...................................................................... Patch Set 4: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42189?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I1f10504f3a29a8c74a17991632d932819fecfa5a Gerrit-Change-Number: 42189 Gerrit-PatchSet: 4 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: dexter <pmaier(a)sysmocom.de> Gerrit-Comment-Date: Fri, 27 Feb 2026 12:50:15 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes

1 0

[XS] Change in pysim[master]: contrib/smpp-ota-tool: fix description string (copy+paste error)
by dexter 27 Feb '26

27 Feb '26

dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/42234?usp=email ) Change subject: contrib/smpp-ota-tool: fix description string (copy+paste error) ...................................................................... contrib/smpp-ota-tool: fix description string (copy+paste error) Change-Id: I559844bfa1ac372370ef9d148f2f8a6bf4ab4ef5 Related: SYS#6868 --- M contrib/smpp-ota-tool.py 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/34/42234/1 diff --git a/contrib/smpp-ota-tool.py b/contrib/smpp-ota-tool.py index 91b6dd2..9fac76b 100755 --- a/contrib/smpp-ota-tool.py +++ b/contrib/smpp-ota-tool.py @@ -167,7 +167,7 @@ return h2b(resp), h2b(sw) if __name__ == '__main__': - option_parser = argparse.ArgumentParser(description='CSV importer for pySim-shell\'s PostgreSQL Card Key Provider', + option_parser = argparse.ArgumentParser(description='Tool to send OTA SMS RFM/RAM messages via SMPP', formatter_class=argparse.ArgumentDefaultsHelpFormatter) option_parser.add_argument("--host", help="Host/IP of the SMPP server", default="localhost") option_parser.add_argument("--port", help="TCP port of the SMPP server", default=2775, type=int) -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42234?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I559844bfa1ac372370ef9d148f2f8a6bf4ab4ef5 Gerrit-Change-Number: 42234 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de>

1 0

[S] Change in pysim[master]: contrib/smpp-ota-tool: use '-' instead of '_' in command line args
by dexter 27 Feb '26

27 Feb '26

dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/42235?usp=email ) Change subject: contrib/smpp-ota-tool: use '-' instead of '_' in command line args ...................................................................... contrib/smpp-ota-tool: use '-' instead of '_' in command line args Some commandline arguments have an underscore in their name. Let's replace those with dashes. Change-Id: Icbe9d753d59263997e9ca34d46ed0daca36ca16c Related: SYS#6868 --- M contrib/smpp-ota-tool.py M tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh 2 files changed, 5 insertions(+), 5 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/35/42235/1 diff --git a/contrib/smpp-ota-tool.py b/contrib/smpp-ota-tool.py index 9fac76b..203f37c 100755 --- a/contrib/smpp-ota-tool.py +++ b/contrib/smpp-ota-tool.py @@ -187,12 +187,12 @@ option_parser.add_argument("--algo-auth", choices=algo_auth_choices, default='triple_des_cbc2', help="OTA auth algorithm") option_parser.add_argument('--kic', required=True, type=is_hexstr, help='OTA key (KIC)') - option_parser.add_argument('--kic_idx', default=1, type=int, help='OTA key index (KIC)') + option_parser.add_argument('--kic-idx', default=1, type=int, help='OTA key index (KIC)') option_parser.add_argument('--kid', required=True, type=is_hexstr, help='OTA key (KID)') - option_parser.add_argument('--kid_idx', default=1, type=int, help='OTA key index (KID)') + option_parser.add_argument('--kid-idx', default=1, type=int, help='OTA key index (KID)') option_parser.add_argument('--cntr', default=0, type=int, help='replay protection counter') option_parser.add_argument('--tar', required=True, type=is_hexstr, help='Toolkit Application Reference') - option_parser.add_argument("--cntr_req", choices=CNTR_REQ.decmapping.values(), default='no_counter', + option_parser.add_argument("--cntr-req", choices=CNTR_REQ.decmapping.values(), default='no_counter', help="Counter requirement") option_parser.add_argument('--no-ciphering', action='store_true', default=False, help='Disable ciphering') option_parser.add_argument("--rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc', @@ -202,7 +202,7 @@ option_parser.add_argument('--por-no-ciphering', action='store_true', default=False, help='Disable ciphering (PoR)') option_parser.add_argument("--por-rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc', help="PoR check (rc=redundency check, cc=crypt. checksum, ds=digital signature)") - option_parser.add_argument("--por_req", choices=POR_REQ.decmapping.values(), default='por_required', + option_parser.add_argument("--por-req", choices=POR_REQ.decmapping.values(), default='por_required', help="Proof of Receipt requirements") option_parser.add_argument('--src-addr', default='12', type=str, help='SMS source address (MSISDN)') option_parser.add_argument('--dest-addr', default='23', type=str, help='SMS destination address (MSISDN)') diff --git a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh index 0881319..cb12fb2 100755 --- a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh +++ b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh @@ -49,7 +49,7 @@ R_APDU_EXPECTED=$2 echo "Sending: $C_APDU" - COMMANDLINE="$PYSIM_SMPPOTATOOL --verbose --port $PYSIM_SMPP2SIM_PORT --kic $KIC --kid $KID --kic_idx $KEY_INDEX --kid_idx $KEY_INDEX --algo-crypt $ALGO_CRYPT --algo-auth $ALGO_AUTH --tar $TAR --apdu $C_APDU" + COMMANDLINE="$PYSIM_SMPPOTATOOL --verbose --port $PYSIM_SMPP2SIM_PORT --kic $KIC --kid $KID --kic-idx $KEY_INDEX --kid-idx $KEY_INDEX --algo-crypt $ALGO_CRYPT --algo-auth $ALGO_AUTH --tar $TAR --apdu $C_APDU" echo "Commandline: $COMMANDLINE" R_APDU=`$COMMANDLINE 2> $PYSIM_SMPPOTATOOL_LOG` if [ $? -ne 0 ]; then -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42235?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Icbe9d753d59263997e9ca34d46ed0daca36ca16c Gerrit-Change-Number: 42235 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de>

1 0

[M] Change in pysim[master]: contrib/smpp-ota-tool: define commandline arguments in global scope
by dexter 27 Feb '26

27 Feb '26

dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/42236?usp=email ) Change subject: contrib/smpp-ota-tool: define commandline arguments in global scope ...................................................................... contrib/smpp-ota-tool: define commandline arguments in global scope The commandline arguments are currently defined under __main__ in a private scope. From there they are not reachable to the sphinx argparse module. We have to define the arguments globally at the top. (like in the other applications) Related: SYS#7881 Change-Id: I2d9782e3f5b1cac78c22d206fdcac4118c7d5e7c --- M contrib/smpp-ota-tool.py 1 file changed, 42 insertions(+), 41 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/36/42236/1 diff --git a/contrib/smpp-ota-tool.py b/contrib/smpp-ota-tool.py index 203f37c..28c13bf 100755 --- a/contrib/smpp-ota-tool.py +++ b/contrib/smpp-ota-tool.py @@ -30,6 +30,48 @@ logger = logging.getLogger(Path(__file__).stem) +option_parser = argparse.ArgumentParser(description='Tool to send OTA SMS RFM/RAM messages via SMPP', + formatter_class=argparse.ArgumentDefaultsHelpFormatter) +option_parser.add_argument("--host", help="Host/IP of the SMPP server", default="localhost") +option_parser.add_argument("--port", help="TCP port of the SMPP server", default=2775, type=int) +option_parser.add_argument("--system-id", help="System ID to use to bind to the SMPP server", default="test") +option_parser.add_argument("--password", help="Password to use to bind to the SMPP server", default="test") +option_parser.add_argument("--verbose", help="Enable verbose logging", action='store_true', default=False) +algo_crypt_choices = [] +algo_crypt_classes = OtaAlgoCrypt.__subclasses__() +for cls in algo_crypt_classes: + algo_crypt_choices.append(cls.enum_name) +option_parser.add_argument("--algo-crypt", choices=algo_crypt_choices, default='triple_des_cbc2', + help="OTA crypt algorithm") +algo_auth_choices = [] +algo_auth_classes = OtaAlgoAuth.__subclasses__() +for cls in algo_auth_classes: + algo_auth_choices.append(cls.enum_name) +option_parser.add_argument("--algo-auth", choices=algo_auth_choices, default='triple_des_cbc2', + help="OTA auth algorithm") +option_parser.add_argument('--kic', required=True, type=is_hexstr, help='OTA key (KIC)') +option_parser.add_argument('--kic-idx', default=1, type=int, help='OTA key index (KIC)') +option_parser.add_argument('--kid', required=True, type=is_hexstr, help='OTA key (KID)') +option_parser.add_argument('--kid-idx', default=1, type=int, help='OTA key index (KID)') +option_parser.add_argument('--cntr', default=0, type=int, help='replay protection counter') +option_parser.add_argument('--tar', required=True, type=is_hexstr, help='Toolkit Application Reference') +option_parser.add_argument("--cntr-req", choices=CNTR_REQ.decmapping.values(), default='no_counter', + help="Counter requirement") +option_parser.add_argument('--no-ciphering', action='store_true', default=False, help='Disable ciphering') +option_parser.add_argument("--rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc', + help="message check (rc=redundency check, cc=crypt. checksum, ds=digital signature)") +option_parser.add_argument('--por-in-submit', action='store_true', default=False, + help='require PoR to be sent via SMS-SUBMIT') +option_parser.add_argument('--por-no-ciphering', action='store_true', default=False, help='Disable ciphering (PoR)') +option_parser.add_argument("--por-rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc', + help="PoR check (rc=redundency check, cc=crypt. checksum, ds=digital signature)") +option_parser.add_argument("--por-req", choices=POR_REQ.decmapping.values(), default='por_required', + help="Proof of Receipt requirements") +option_parser.add_argument('--src-addr', default='12', type=str, help='SMS source address (MSISDN)') +option_parser.add_argument('--dest-addr', default='23', type=str, help='SMS destination address (MSISDN)') +option_parser.add_argument('--timeout', default=10, type=int, help='Maximum response waiting time') +option_parser.add_argument('-a', '--apdu', action='append', required=True, type=is_hexstr, help='C-APDU to send') + class SmppHandler: client = None @@ -167,47 +209,6 @@ return h2b(resp), h2b(sw) if __name__ == '__main__': - option_parser = argparse.ArgumentParser(description='Tool to send OTA SMS RFM/RAM messages via SMPP', - formatter_class=argparse.ArgumentDefaultsHelpFormatter) - option_parser.add_argument("--host", help="Host/IP of the SMPP server", default="localhost") - option_parser.add_argument("--port", help="TCP port of the SMPP server", default=2775, type=int) - option_parser.add_argument("--system-id", help="System ID to use to bind to the SMPP server", default="test") - option_parser.add_argument("--password", help="Password to use to bind to the SMPP server", default="test") - option_parser.add_argument("--verbose", help="Enable verbose logging", action='store_true', default=False) - algo_crypt_choices = [] - algo_crypt_classes = OtaAlgoCrypt.__subclasses__() - for cls in algo_crypt_classes: - algo_crypt_choices.append(cls.enum_name) - option_parser.add_argument("--algo-crypt", choices=algo_crypt_choices, default='triple_des_cbc2', - help="OTA crypt algorithm") - algo_auth_choices = [] - algo_auth_classes = OtaAlgoAuth.__subclasses__() - for cls in algo_auth_classes: - algo_auth_choices.append(cls.enum_name) - option_parser.add_argument("--algo-auth", choices=algo_auth_choices, default='triple_des_cbc2', - help="OTA auth algorithm") - option_parser.add_argument('--kic', required=True, type=is_hexstr, help='OTA key (KIC)') - option_parser.add_argument('--kic-idx', default=1, type=int, help='OTA key index (KIC)') - option_parser.add_argument('--kid', required=True, type=is_hexstr, help='OTA key (KID)') - option_parser.add_argument('--kid-idx', default=1, type=int, help='OTA key index (KID)') - option_parser.add_argument('--cntr', default=0, type=int, help='replay protection counter') - option_parser.add_argument('--tar', required=True, type=is_hexstr, help='Toolkit Application Reference') - option_parser.add_argument("--cntr-req", choices=CNTR_REQ.decmapping.values(), default='no_counter', - help="Counter requirement") - option_parser.add_argument('--no-ciphering', action='store_true', default=False, help='Disable ciphering') - option_parser.add_argument("--rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc', - help="message check (rc=redundency check, cc=crypt. checksum, ds=digital signature)") - option_parser.add_argument('--por-in-submit', action='store_true', default=False, - help='require PoR to be sent via SMS-SUBMIT') - option_parser.add_argument('--por-no-ciphering', action='store_true', default=False, help='Disable ciphering (PoR)') - option_parser.add_argument("--por-rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc', - help="PoR check (rc=redundency check, cc=crypt. checksum, ds=digital signature)") - option_parser.add_argument("--por-req", choices=POR_REQ.decmapping.values(), default='por_required', - help="Proof of Receipt requirements") - option_parser.add_argument('--src-addr', default='12', type=str, help='SMS source address (MSISDN)') - option_parser.add_argument('--dest-addr', default='23', type=str, help='SMS destination address (MSISDN)') - option_parser.add_argument('--timeout', default=10, type=int, help='Maximum response waiting time') - option_parser.add_argument('-a', '--apdu', action='append', required=True, type=is_hexstr, help='C-APDU to send') opts = option_parser.parse_args() logging.basicConfig(level=logging.DEBUG if opts.verbose else logging.INFO, -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42236?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I2d9782e3f5b1cac78c22d206fdcac4118c7d5e7c Gerrit-Change-Number: 42236 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de>

1 0

[M] Change in pysim[master]: docs/smpp-ota-tool: Add documentation/tutorial
by dexter 27 Feb '26

27 Feb '26

dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/42237?usp=email ) Change subject: docs/smpp-ota-tool: Add documentation/tutorial ...................................................................... docs/smpp-ota-tool: Add documentation/tutorial We already have documentation that explains how to run pySim-smpp2sim. With smpp-ota-tool we now have a counterpart for pySim-smpp2sim, so let's add documentation for this tool as well. Related: SYS#7881 Change-Id: If0d18a263f5a6dc035b90f5c5c6a942d46bbba49 --- M docs/index.rst A docs/smpp-ota-tool.rst M docs/smpp2sim.rst 3 files changed, 173 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/37/42237/1 diff --git a/docs/index.rst b/docs/index.rst index 92be830..a6ed7b9 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -48,6 +48,7 @@ sim-rest suci-keytool saip-tool + smpp-ota-tool Indices and tables diff --git a/docs/smpp-ota-tool.rst b/docs/smpp-ota-tool.rst new file mode 100644 index 0000000..cedee5d --- /dev/null +++ b/docs/smpp-ota-tool.rst @@ -0,0 +1,170 @@ +smpp-ota-tool +============= + +The `smpp-ota-tool` allows users to send OTA-SMS messages containing APDU scripts (RFM, RAM) via an SMPP server. The +intended audience are developers who want to test/evaluate the OTA SMS interface of UICC/eUICC cards. `smpp-ota-tool` +is intended to be used as a companion tool for :ref:`pySim-smpp2sim`, however it should be usable on any other SMPP +server as well. + +From the technical perspective `smpp-ota-tool` takes the role of an SMPP ESME. It takes care of the encoding, encryption +and checksumming (signing) of the RFM/RAM OTA SMS and eventually submits it to the SMPP server. The program then waits +for a response. The response is automatically parsed and printed on stdout. This makes the program also suitable to be +called from shell scripts. + +Applying OTA keys +~~~~~~~~~~~~~~~~~ + +Depending on the card type (UICC/eUICC or eSIM profile) you will receive a set of keys which you can use to communicate +with the card through a secure channel protocol. When using the OTA SMS method, the SCP80 protocol is used. + +A keyset usually consists of three keys: + +#. KIC: the key used for ciphering (encryption/decryption) +#. KID: the key used to compute a cryptographic checksum (signing) +#. KIK: (used to encrypt/decrypt key material when keys are updated) + +From the perspective of SCP80, only KIC and KID are relevant. The KIK is not used in the scope of SCP80. + +When the keyset is programmed into the issuer security domain (ISD) of the card, it is tied to a specific cryptographic +algorithm (3DES, AES128 or AES256) and key version number (KVN). The term "key version number" is misleading, since it +is more of a key identifier. However, it not only uniquely identifies the key itself. It also identifies the key usage +depending on its range. Keys with KVN from 1-15 (0x01-0x0F) are usable with SCP80. This means it is not only important +to know the key material itself. Also the algorithm and the KVN must be known. + +.. note:: SCP80 keysets typically start counting from 1 upwards. Typical configurations use a set of 3 keysets with + KVN numbers 1-3. + +Addressing an Application +~~~~~~~~~~~~~~~~~~~~~~~~~ + +When communicating with a specific application on a card via SCP80, it is important to address that application with +the correct parameters. The following two parameters must be known in advance: + +#. TAR: The Toolkit Application Reference (TAR) number is a three byte value that uniquely addresses an application + on the card. The exact values may vary (see also ETSI TS 101 220, Table D.1). +#. MSL: The Minimum Security Level (MSL) is a bit-field that dictates which of the security measures encoded in the + SPI are mandatory (see also ETSI TS 102 225, section 5.1.1). + +A practical example +~~~~~~~~~~~~~~~~~~~ + +.. note:: This tutorial assumes that pySim-smpp2sim is running on the local machine with its default parameters. + See also :ref:`pySim-smpp2sim`. + +Let's assume that an OTA SMS shall be sent to the SIM RFM application of an sysmoISIM-SJA2. What we want to do is to +select DF.GSM and to get the select response back. + +We have received the following key material from the card vendor: + +:: + + KIC1: F09C43EE1A0391665CC9F05AF4E0BD10 + KID1: 01981F4A20999F62AF99988007BAF6CA + KIK1: 8F8AEE5CDCC5D361368BC45673D99195 + KIC2: 01022916E945B656FDE03F806A105FA2 + KID2: D326CB69F160333CC5BD1495D448EFD6 + KIK2: 08037E0590DFE049D4975FFB8652F625 + KIC3: 2B22824D0D27A3A1CEEC512B312082B4 + KID3: F1697766925A11F4458295590137B672 + KIK3: C7EE69B2C5A1C8E160DD36A38EB517B3 + +Those are three keysets. The enumeration is directly equal to the KVN used. All three keysets are 3DES keys, which +means triple_des_cbc2 is the correct algorithm to use. + +.. note:: The key set configuration can be confirmed by retrieving the key configuration using + `get_data key_information` from within an SCP02 session on ADF.ISD. When doing so, the user will see that + there are actually 4 keysets configured, but only 3 of them are relevant for SCP80. The other key (KVN=122) + is intended to be used with SCP02 only. + +In this example we intend to address the SIM RFM application. Which according to the manual has TAR B00010 and MSL +0x06. When we hold 0x06 = 0b00000110 against the SPI coding chart (see also ETSI TS 102 225, section 5.1.1). We +can deduct that Ciphering and Cryptographic Checksum are mandatory. + +In order to select DF.GSM (0x7F20) and to retrieve the select response, two APDUs are needed. The first APDU is the +select command "A0A40000027F20" and the second is the get-response command "A0C0000016". Those APDUs will be +concatenated and are sent in a single message. The message containing the concatenated APDUs works as a script that +is received by the SIM RFM application and then executed. This method poses some limitations that have to be taken into +account when making requests like this (see also ETSI TS 102 226, section 5). + +With this information we may now construct a commandline for `smpp-ota-tool.py`. We will pass the KVN as kid_idx and +kic_idx (see also ETSI TS 102 225, Table 2, fields `KIc` and `KID`). Both index values should refer to the same +keyset/KVN as keysets should not be mixed. (`smpp-ota-tool` still provides separate parameters anyway to allow testing +with invalid keyset combinations) + +:: + + $ PYTHONPATH=./ ./contrib/smpp-ota-tool.py --kic F09C43EE1A0391665CC9F05AF4E0BD10 --kid 01981F4A20999F62AF99988107BAF6CA --kid_idx 1 --kic_idx 1 --algo-crypt triple_des_cbc2 --algo-auth triple_des_cbc2 --tar B00010 --apdu A0A40000027F20 --apdu A0C0000016 + 2026-02-26 17:13:56 INFO Connecting to localhost:2775... + 2026-02-26 17:13:56 INFO C-APDU sending: a0a40000027f20a0c0000016... + 2026-02-26 17:13:56 INFO SMS-TPDU sending: 02700000281506191515b00010da1d6cbbd0d11ce4330d844c7408340943e843f67a6d7b0674730881605fd62d... + 2026-02-26 17:13:56 INFO SMS-TPDU sent, waiting for response... + 2026-02-26 17:13:56 INFO SMS-TPDU received: 027100002c12b000107ddf58d1780f771638b3975759f4296cf5c31efc87a16a1b61921426baa16da1b5ba1a9951d59a39 + 2026-02-26 17:13:56 INFO SMS-TPDU decoded: (Container(rpl=44, rhl=18, tar=b'\xb0\x00\x10', cntr=b'\x00\x00\x00\x00\x00', pcntr=0, response_status=uEnumIntegerString.new(0, 'por_ok'), cc_rc=b'\x8f\xea\xf5.\xf4\x0e\xc2\x14', secured_data=b'\x02\x90\x00\x00\x00\xff\xff\x7f \x02\x00\x00\x00\x00\x00\t\xb1\x065\x04\x00\x83\x8a\x83\x8a'), Container(number_of_commands=2, last_status_word=u'9000', last_response_data=u'0000ffff7f2002000000000009b106350400838a838a')) + 2026-02-26 17:13:56 INFO R-APDU received: 0000ffff7f2002000000000009b106350400838a838a 9000 + 0000ffff7f2002000000000009b106350400838a838a 9000 + 2026-02-26 17:13:56 INFO Disconnecting... + +The result we see is the select response of DF.GSM and a status word indicating that the last command has been +processed normally. + +As we can see, this mechanism now allows us to perform small administrative tasks remotely. We can read the contents of +files remotely or make changes to files. Depending on the changes we make, there may be security issues arising from +replay attacks. With the commandline above, the communication is encrypted and protected by a cryptographic checksum, +so an adversary can neither read, nor alter the message. However, an adversary could still replay an intercepted +message and the card would happily execute the contained APDUs again. + +To prevent this, we may include a replay protection counter within the message. In this case, the MSL indicates that a +replay protection counter is not required. However, to extended the security of our messages, we may chose to use a +counter anyway. In the following example, we will encode a counter value of 100. We will instruct the card to make sure +that the value we send is higher than the counter value that is currently stored in the card. + +To add a replay connection counter we add the commandline arguments `--cntr-req` to set the counter requirement and +`--cntr` to pass the counter value. + +:: + + $ PYTHONPATH=./ ./contrib/smpp-ota-tool.py --kic F09C43EE1A0391665CC9F05AF4E0BD10 --kid 01981F4A20999F62AF99988107BAF6CA --kid_idx 1 --kic_idx 1 --algo-crypt triple_des_cbc2 --algo-auth triple_des_cbc2 --tar B00010 --apdu A0A40000027F20 --apdu A0C0000016 --cntr-req counter_must_be_higher --cntr 100 + 2026-02-26 17:16:39 INFO Connecting to localhost:2775... + 2026-02-26 17:16:39 INFO C-APDU sending: a0a40000027f20a0c0000016... + 2026-02-26 17:16:39 INFO SMS-TPDU sending: 02700000281516191515b000103a4f599e94f2b5dcfbbda984761b7977df6514c57a580fb4844787c436d2eade... + 2026-02-26 17:16:39 INFO SMS-TPDU sent, waiting for response... + 2026-02-26 17:16:39 INFO SMS-TPDU received: 027100002c12b0001049fb0315f6c6401b553867f412cefaf9355b38271178edb342a3bc9cc7e670cdc1f45eea6ffcbb39 + 2026-02-26 17:16:39 INFO SMS-TPDU decoded: (Container(rpl=44, rhl=18, tar=b'\xb0\x00\x10', cntr=b'\x00\x00\x00\x00d', pcntr=0, response_status=uEnumIntegerString.new(0, 'por_ok'), cc_rc=b'\xa9/\xc7\xc9\x00"\xab5', secured_data=b'\x02\x90\x00\x00\x00\xff\xff\x7f \x02\x00\x00\x00\x00\x00\t\xb1\x065\x04\x00\x83\x8a\x83\x8a'), Container(number_of_commands=2, last_status_word=u'9000', last_response_data=u'0000ffff7f2002000000000009b106350400838a838a')) + 2026-02-26 17:16:39 INFO R-APDU received: 0000ffff7f2002000000000009b106350400838a838a 9000 + 0000ffff7f2002000000000009b106350400838a838a 9000 + 2026-02-26 17:16:39 INFO Disconnecting... + +The card has accepted the message. The message got processed and the card has set its internal to 100. As an experiment, +we may try to re-use the counter value: + +:: + + $ PYTHONPATH=./ ./contrib/smpp-ota-tool.py --kic F09C43EE1A0391665CC9F05AF4E0BD10 --kid 01981F4A20999F62AF99988107BAF6CA --kid_idx 1 --kic_idx 1 --algo-crypt triple_des_cbc2 --algo-auth triple_des_cbc2 --tar B00010 --apdu A0A40000027F20 --apdu A0C0000016 --cntr-req counter_must_be_higher --cntr 100 + 2026-02-26 17:16:43 INFO Connecting to localhost:2775... + 2026-02-26 17:16:43 INFO C-APDU sending: a0a40000027f20a0c0000016... + 2026-02-26 17:16:43 INFO SMS-TPDU sending: 02700000281516191515b000103a4f599e94f2b5dcfbbda984761b7977df6514c57a580fb4844787c436d2eade... + 2026-02-26 17:16:43 INFO SMS-TPDU sent, waiting for response... + 2026-02-26 17:16:43 INFO SMS-TPDU received: 027100000b0ab0001000000000000006 + 2026-02-26 17:16:43 INFO SMS-TPDU decoded: (Container(rpl=11, rhl=10, tar=b'\xb0\x00\x10', cntr=b'\x00\x00\x00\x00\x00', pcntr=0, response_status=uEnumIntegerString.new(6, 'undefined_security_error'), cc_rc=b'', secured_data=b''), None) + Traceback (most recent call last): + File "/home/user/work/git_master/pysim/./contrib/smpp-ota-tool.py", line 238, in <module> + resp, sw = smpp_handler.transceive_apdu(apdu, opts.src_addr, opts.dest_addr, opts.timeout) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/home/user/work/git_master/pysim/./contrib/smpp-ota-tool.py", line 162, in transceive_apdu + raise ValueError("Response does not contain any last_response_data, no R-APDU received!") + ValueError: Response does not contain any last_response_data, no R-APDU received! + 2026-02-26 17:16:43 INFO Disconnecting... + +As we can see, the card has rejected the message with an `undefined_security_error`. The replay-protection-counter +ensures that a message can only be sent once. + +.. note:: The replay-protection-counter is implemented as a 5 byte integer value (see also ETSI TS 102 225, Table 3). + When the counter has reached its maximum, it will not overlap nor can it be reset. + +smpp-ota-tool syntax +~~~~~~~~~~~~~~~~~~~~ + +.. argparse:: + :module: contrib.smpp-ota-tool + :func: option_parser + :prog: contrib/smpp-ota-tool.py diff --git a/docs/smpp2sim.rst b/docs/smpp2sim.rst index cd86900..0ae64e7 100644 --- a/docs/smpp2sim.rst +++ b/docs/smpp2sim.rst @@ -55,3 +55,5 @@ SMSPPDownload(DeviceIdentities({'source_dev_id': 'network', 'dest_dev_id': 'uicc'}),Address({'ton_npi': 0, 'call_number': '0123456'}),SMS_TPDU({'tpdu': '400290217ff6227052000000002d02700000281516191212b0000127fa28a5bac69d3c5e9df2c7155dfdde449c826b236215566530787b30e8be5d'})) INFO root: ENVELOPE: d147820283818604001032548b3b400290217ff6227052000000002d02700000281516191212b0000127fa28a5bac69d3c5e9df2c7155dfdde449c826b236215566530787b30e8be5d INFO root: SW 9000: 027100002412b000019a551bb7c28183652de0ace6170d0e563c5e949a3ba56747fe4c1dbbef16642c + +.. note:: for sending OTA SMS messages :ref:`smpp-ota-tool` may be used. -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42237?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: If0d18a263f5a6dc035b90f5c5c6a942d46bbba49 Gerrit-Change-Number: 42237 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de>

1 0

2026

2025

2024

2023

2022

gerrit-log