Dear Osmocom community,
as the pandemic continues and physical meetings are out of the question
for the forseeable future, it would be a good idea to have a periodic
virtual online meeting of the interested Osmocom community.
I was thinking of a format where we would serve two major purposes:
1) technical talks about osmocom relevant topics - ideally
current/recent developments
* can be pre-recorded to avoid any problems with technical setup,
streaming, ...
* should ideally have a Q+A session at their initial "airing" during
one OsmoDevCall
2) unstructured solicited social event (USSE)
* random chat in audio (optionally video)
* not recorded, obviously
The recording of the technical presentation should then be permanently
made available (like the presentations of our prior OsmoCon /
OsmoDevCon).
Not every OsmoDevCall would neccessarily need the two parts, but I think
it would be great if we can make that happen. We could also have e.g. a
two-weekly schedule for the USSE and a monthly schedule for the
technical presentation.
We'd need somebody to volunteer to "manage" the "broadcast" side of
this, preferably somebody with at least some prior exposure to online
events (like the c3voc).
I'm using https://osmocom.org/issues/4928 to collect a tentative list
of topics. Feel free to add your ideas there, as well as any comment/
feedback you may have.
Regards,
Harald
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hello list,
we are working on extensions to pySim for the sjs2 card mainly to make our 5G phones to accept our network.
How should we send this patches?
Via this mailing list or should we wait a little longer until Harald finished restructuring the mailing lists?
Best Regards
Bjoern
Hello esteemed masters of Osmocom and Sysmocom,
As I am doing some experiments with sysmoISIM-SJA2 cards in order to
make a contingency plan in case I am not able to buy cards from Grcard
beyond the 5 sample cards I got in February (my contact person there
hasn't been responding to email for the past 3 days), I have noticed a
discrepancy between this card's ATR and the file characteristics byte
it returns in response to SELECT in the GSM 11.11 SIM protocol,
regarding allowed levels for clock stop.
My sysmoISIM-SJA2 cards (bought from the webshop in late Jan into
early Feb) return the following ATR:
3B 9F 96 80 1F 87 80 31 E0 73 FE 21 1B 67 4A 4C 75 30 34 05 4B A9
The TA byte for T=15 indicates allowed voltage classes and allowed
levels for clock stop. On this card this byte equals 0x87, meaning
all 3 voltage classes (good), but also indicating that when the clock
is stopped, it should be HIGH.
However, the file characteristics byte returned in response to SELECT
(both MF and DF_GSM) in the GSM 11.11 SIM protocol is 0xB1; decoding
this byte per 3GPP TS 51.011, it says "clock stop allowed, no preferred
level". Thus the file characteristics byte says that there is no
preferred level, yet ATR says that HIGH level is preferred - or not
just preferred, but required? (7816-3 seems to say it is only a
preference, not a requirement; I seem to recall some other spec that
said it's a requirement, but I can't find it now.)
This discrepancy poses a potential problem if these cards are to be
used in classic GSM/2G dumbphones whose original firmwares are based
on the reference from TI. That reference fw code does not look at ATR
for the purpose of determining allowed clock stop levels (most classic
SIMs didn't have that T=15 TA byte in their ATR, it became commonly
present when UICC/USIM stuff came along), instead it looks at the file
characteristics byte returned in response to SELECT of DF_GSM.
Furthermore, if the file characteristics byte says that there is no
preferred level for clock stop, TI's reference fw configures the hw to
leave the clock LOW during idle. I can only reason that other classic
dumbphone firmwares (from other chip vendors) may very likely do the
same: GSM SIM specs (11.11 and 51.011) don't require ME implementations
to look at T=15 bytes in ATR, instead they direct MEs to follow the
file characteristics byte.
Can someone from Sysmocom officially confirm whether or not it is OK
to operate sysmoISIM-SJA2 cards with clock stop at LOW level, contrary
to ATR asking it to be HIGH? I have done a limited test of putting
one of these cards into an FCDEV3B (with this aspect of the firmware
left unmodified, so the clock line was low during idle) and the SIM
interface appeared to still be alive after some deep sleep (clock stop)
cycles. However, it was a very limited test, and I don't have my own
network set up yet to make a more thorough test - and in any case, an
official confirmation would be much better than anecdotal observations.
TIA,
Mychaela
Dear Osmocom community,
This topic has been past due for way too many years by now:
A re-organization of our major mailing lists.
I would like to propose the following changes. Pleas let me know if you
have any comments or feedback. I'm aware that renaming will mean people
have to update their mail filter rules, but I think we're long past the
point where the names of some of our lists started to confuse users.
== openbsc(a)lists.osmocom.org ==
* openbsc doesn't exist anymore since OsmoNITB, which is also obsolete
* does already cover anything "Osmocom CNI" related
* Proposed new name: osmocom-cni(a)lists.osmocom.org
== osmocom-net-gprs(a)lists.osmocom.org ==
This date back to when GPRS was a highly experimental add-on to our GSM
code base. This list should simply be merged with openbsc@ as osmocom-cni(a)lists.osmocom.org
== simtrace(a)lists.osmocom.org ==
Historically was created to cover only the simtrace project.
We should rename this to osmocom-simcard(a)lists.osmocom.org or something
along those lines.
I would like to suggest it covers
* SIMtrace / SIMtrace2 hardware + firmware
* pySim and related tools for working with SIM/USIM/UICC cards
* any other information / discussion related to SIM/USIM/UICC cards,
like OTA, ARA-M, ...
== osmodevcon(a)lists.osmocom.org ==
This has been a private list for people attending OsmoDevCon
I would like to open up list membership to the general public, and ensure
it also covers the new OsmoDevCall. We could then have discussions regarding
feedback, topics, scheduling, etc. on that list.
Maybe rename it to osmocom-events(a)lists.osmocom.org instead?
To differentiate: osmocom-event-orga(a)lists.osmocom.org should remain a
private list related to organizational / administrative topics of those
involved with organizing future events.
== nextepc(a)lists.osmocom.org ==
Should have been renamed to open5gs(a)lists.osmocom.org quite some time
ago, I simply forgot about it. My apologies.
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hello esteemed masters of Osmocom,
(asking here because Harald's proposed osmocom-simcard list hasn't
been created yet)
I have some questions and experience-based corrections related to the
gold nuggets contained in this wiki page:
https://osmocom.org/projects/cellular-infrastructure/wiki/GrcardSIM2
First let me establish relevance: even though Sysmocom stopped selling
these GR2 cards ages ago and it looks like the wider Osmocom community
also stopped playing with them once sysmoUSIM-SJS1 came out, these
same GrcardSIM2 cards are still available from Grcard in the present
day. A week and a half ago I received 5 sample cards (plain white, no
printing, unprogrammed) from Grcard that return the same ATR as is
listed for sysmoSIM-GR2, and all of the card-model-specific
proprietary commands described on the above wiki page work exactly the
same on these cards as they once worked on sysmoSIM-GR2. I am now in
the process of ordering a batch of 200 of these cards from Grcard,
with my own custom printing applied (so they will look pretty, not
plain white and not black like sysmoISIM-SJA2) - essentially I am
bringing back an exact equivalent of the discontinued sysmoSIM-GR2.
With relevance thus established, let's move on technical questions:
* The wiki page describes a file named EF.WEKI, file ID 0001 under
DF.GSM. Whoever wrote this wiki page, how did you get this fancy
name EF.WEKI? Was there some kind of document from Grcard that
described this card-model-specific proprietary file? Does that
document still exist somewhere? Can there be some way for mere
mortals like me to see that document?
* The wiki page describes byte 3 of EF.WEKI as selecting COMP128
algorithm version. It lists 0 as selecting COMP128v1 and 1 as
selecting COMP128v2, and these two codes are correct - confirmed by
programming these codes, doing a RUN GSM ALGO command, and comparing
returned SRES and Kc against osmo-auc-gen. However, the page lists 3
as selecting COMP128v3, and this part is not correct - writing 3 in
there results in COMP128v2 being selected, just like code 1. Instead
I need to write 2 into the lower nibble of this byte in order to get
COMP128v3 SRES and Kc in response to RUN GSM ALGO.
* The COMP128 selection code is just the lower nibble of byte 3 of
EF.WEKI - the upper nibble is something else that currently eludes my
understanding. The wiki page instructs users to write 0 into the
upper nibble, and so does pySim-prog - yet in the initial
"unprogrammed" state of the cards I received from Grcard, this upper
nibble is set to 2, not 0. I could not see any observable difference
in card behaviour whether the upper nibble is set to 0 or 2 - either
way the lower nibble selects COMP128 version for RUN GSM ALGO
operations.
* The wiki page gives the impression that EF.WEKI is 19 bytes long in
total. However, the actual size of this transparent EF on the card is
35 bytes, i.e., there is another 16-byte field (some other key?) after
Ki. Of the people who were once privileged with proper official
documentation for these cards, might anyone be able to tell what this
other key is for? Could it perhaps be some kind of key for OTA?
Before someone tells me that I should direct these questions to Grcard,
given that I am buying cards from them, let me assure everyone that
yes, of course I am doing everything I can to pry this information out
of them. However, they seem to have the same attitude as most Chinese
companies where they just want you to buy their product and not ask
any technical questions, and whatever answers they do give are so
terse that they feel like non-answers. But there is also the undeniable
fact that once upon a time these cards were resold by Sysmocom, once
upon a time this Osmocom community right here worked with these cards,
and someone in this community (or on Sysmocom staff) must have gotten
enough documentation to write the wiki page and pySim-prog support for
them. Thus I feel at least somewhat justified in asking this community
for help with bringing back this lost knowledge.
On a happier note, my fc-pcsc-tools suite (fc-simtool and its limited-
function companion fc-uicc-tool) is advancing quite a bit in
functionality. I don't know how it compares to pysim-shell since I
gave up trying to get the latter to run under Slackware (just too many
difficult dependencies), but from what I read in mailing list posts,
pysim-shell seems to be rather UICC-centric - I couldn't tell if it is
supposed to work on non-UICC GSM 11.11 protocol cards or not. In
contrast, my fc-simtool (written in C, zero dependencies beyond
libpcsclite) speaks the classic GSM 11.11 SIM protocol and does
everything that is possible within this protocol, including innovative
hacks like brute force search of the file ID space. This tool should
be ideal for cards like GrcardSIM2 which are non-UICC and for which
the classic GSM 11.11 SIM protocol is native. The companion utility
fc-uicc-tool for the UICC protocol is quite minimal in functionality,
just enough to satisfy the few areas of curiosity I had in relation to
that protocol and the cards I have around that speak it. These new
C-language SIM tools live here:
https://www.freecalypso.org/hg/fc-pcsc-tools/
The code is 100% my own original work and there is a LICENSE file at
the top of the repository declaring it as public domain, so there
should be no problem with Free Software status of the work.
In hacking fellowship,
Mother Mychaela
Hey all,
short FYI regarding jenkins.osmocom.org: two new raspberry pi nodes are
available, in order to reduce wait times for free build slots during
heavy osmo-trx development.
All three pis execute the jenkins jobs on top of raspbian10 now, unlike
the old setup where it was on top of debian 9 in a LXC running in
raspbian10. In other words, the LXC layer is gone now, and there might
be slight differences related to debian9 vs. debian 10 packages. For all
the jobs running in docker instead of directly on the host, there should
be no difference at all.
Details are in OS#5055.
Best,
Oliver
--
- Oliver Smith <osmith(a)sysmocom.de> https://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Director: Harald Welte
Dear all,
I am pleased to announce new tagged releases for Osmocom Cellular
Network Infrastructure components.
Find more information about the release here [1].
Osmocom "Latest" repositories in OBS [2] should already contain packages
for the new versions.
OpenEmbedded related meta-layers such as meta-telephony usual
stable/testing branch "201705" [3] have also been updated to build
recipes for new versions.
Regards,
Pau
[1] https://osmocom.org/news/132
[2] https://osmocom.org/projects/cellular-infrastructure/wiki/Latest_Builds
[3] https://git.osmocom.org/meta-telephony/log/?h=201705
--
- Pau Espin Pedrol <pespin(a)sysmocom.de> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Director: Harald Welte
Hello fellow GSM hackers,
Would anyone here happen to have a sysmoSIM-GR2 card (once sold by
Sysmocom aeons ago, but long since discontinued) which they would be
willing to sell? I have a friend who has sysmoSIM-GR1 and
sysmoUSIM-GR1 (other long-discontinued historical cards from aeons
ago), but no sysmoSIM-GR2. I am looking for just one card (doesn't
matter if it is fully intact, broken out 2FF, or even cut down to
3FF), and I am willing to pay premium price for it, plus I will pay
for private courier shipping to bypass USPS which can't be trusted
with anything valuable these days. So if anyone has one of these
cards which they would be willing to part with, and could use a little
money, please give me a holler. Oh, and if the card's SUPER ADM PIN
has been changed to something other than the default 88888888, I will
need to be given that key.
Background info: I am trying to get some new cards from Grcard, and I
ordered samples. These samples were originally scheduled to arrive in
USA next week, but then some snafu happened, and the shipment got
returned to the sender. I was given a non-answer as to what the
problem issue is, and I basically have to wait an indefinitely long
time (at least past LNY 2-week holiday, plus however much longer after
that) to get a resent package - and it looks like they are going to
resend via a slower method too. Meanwhile I have implemented Grcard2
custom commands in fc-simtool based on this wiki page:
https://osmocom.org/projects/cellular-infrastructure/wiki/GrcardSIM2
I am now looking for a way to test my Grcard2 command implementation
against some card that is *known* to speak Grcard2 protocol and not
some other (hence sysmoSIM-GR2 would be ideal), and when I receive the
new sample cards from Grcard at some future time (probably many weeks
or even months out), I will be able to compare, and determine if they
are also Grcard2 or something else. (If the new cards turn out to be
different from both Grcard1 and Grcard2, I will call them Grcard3. :)
Hopeful,
Mother Mychaela of FreeCalypso
Hello Osmocom community,
Has anyone here ever played with the RFM (Remote File Management)
feature on sysmoUSIM-SJS1 and sysmoISIM-SJA2 cards? I know that a lot
of people play with RAM (Remote Application Management) for installing
Java applets, but I am more interested in RFM for doing a different
kind of OTA programming - I am seeking to recreate the workflow of
traditional GSM network operators where "blank" (not yet activated,
but ready to activate) SIM cards sit on store shelves with their IMSI
and secret keys (Ki/K/OPc etc) already programmed at the factory,
but blank EF_MSISDN because the future user's phone number is not
known yet. Customers activate these SIMs by reading the ICCID from
the card to customer service over the phone, or salespeople in stores
scan the ICCID barcode - and then the operator's customer management
system matches that ICCID with its knowledge of the IMSI and secret
keys, and the service gets activated on the new SIM. And then the
operator's network uses SMS-PP SIM data download to program the
EF_MSISDN record in the newly activated SIM - I know full well that a
phone does not need to know its own MSISDN to make and receive calls,
but every classic GSM dumbphone has a menu command for "Show my number"
or whatever it's called, this command displays the MSISDN record from
the SIM, and traditional operators program this record OTA so that
this menu command will work. I am seeking to recreate this OTA
programming step.
I just got the needed KI[CD][23] OTA keys for my sysmoUSIM-SJS1 cards
(thanks Sysmocom support!), and I am able to exercise RFM successfully
on these cards by uncommenting these lines in the shadysim.py script:
# for RFM testing
ac.test_rfm()
exit(0)
It appears that the "tribal" knowledge (not written in any formal
document, AFAICT) of how to use the RFM feature on sysmoUSIM-SJS1
cards exists only in the following code stanzas in shadysim.py, code
that never executes unless you uncomment that ac.test_rfm() call:
def send_wrapped_apdu_rfm_sim(self, data):
# TAR RFM SIM: B00010, sysmoSIM SJS1: MSL = 6, second keyset
return self.send_wrapped_apdu_internal(data, 'B00010', 6, 2, 2)
def send_wrapped_apdu_rfm_usim(self, data):
# TAR RFM USIM: B00011, sysmoSIM SJS1: MSL = 6, third keyset
return self.send_wrapped_apdu_internal(data, 'B00011', 6, 3, 3)
It was only thanks to the above code lines and comments that I learned
that I need to use keyset 2 for SIM RFM, and how else would we know
the needed magic TAR if not for the above code and comments?
In any case, the RFM test function of shadysim.py works like a charm
on my sysmoUSIM-SJS1 cards with the right keys (successfully displays
the IMSI read out via RFM), and I am now going to work on my own C code
that will replace Python and do what I need. However, I also tried
the exact same shadysim.py RFM test function on the newer
sysmoISIM-SJA2 cards, and it does NOT work. I run the exact same
shadysim.py (modified only to uncomment the RFM test) that works
against sysmoUSIM-SJS1, but when I run it against sysmoISIM-SJA2 and
specify the respective card's KIC2 and KID2 from the webshop key data
email, I get this output:
ICCID: 8988211000000471501f
('', '')
Here is the output with a good sysmoUSIM-SJS1:
ICCID: 8988211000000386808f
('089910070000306808', '9000')
Given that the code stays exactly the same and I am merely specifying
different keys as needed for each card, there must be something
different about the new sysmoISIM-SJA2 cards with respect to RFM.
Perhaps the TAR is different? Perhaps the association of which keyset
goes for what is different? Some other differences like different
crypto algorithms being used? Perhaps a migration from 3DES to AES?
I am fine with just using sysmoUSIM-SJS1 for development of my C tools
(tools which will hopefully be extended later to work with other
vendors' SIMs beyond just Sysmocom), but it would be nice to fill in
the knowledge gap regarding sysmoISIM-SJA2 and get these cards to work
as well.
In hacking fellowship,
Mother Mychaela
Hi,
I am Matthias, a TTCN-3 tool developer from Nokia.
Thank you for opening your work. Your repository osmo-ttcn3-hacks helped me
to understand how other developers use TTCN-3 for testing. This gave me
valuable insights for tool development.
I hope I can give something back by opening up our internal TTCN-3 tools as
well. Harald suggested to introduce them on this list. I'd appreciate your
feedback.
Our project is called ntt and it provides various tools for working with
TTCN-3 [1]. For example, you can create a tags file:
$ ntt tags ./osmo-ttcn3-hacks/bts >TAGS
Or you can list things. To filter cyclic imports, for example:
$ ntt list imports ./osmo-ttcn3-hacks/bts | tsort 1>/dev/null
But the most interesting piece is probably the TTCN-3 language server: ntt implements the
language server protocol. This makes ntt a universal TTCN-3 language plugin for
virtually any editor or IDE [2].
It's still very much beta, but we are finishing the Go to Definition feature
(as replacement for ctags files). The next feature would be adding various
diagnostics.
It would be great if you could give ntt a try and share your experience or editor
configuration with me.
This is my first open source project and we still have to figure some stuff
out. So please excuse if there are still some rough edges.
Cheers,
Matthias
[1] https://nokia.github.io/ntt/
[2] https://nokia.github.io/ntt/editors/
