On Thu Nov 5 09:05:15 UTC 2015, Harald Welte wrote:
RuntimeError: SW match failed ! Expected 9000 and got 6a86.
According to ISO 7816-4, this 6a86 means 'incorrect P1 or P2 parameter'.
At this point I don't have any more ideas what to try, if anyone would have any suggestions I would apreciate it.
Please activate (or hack some code for) tracing the actual APDUs that pySim excahnges with the card. IIRC, pySim already has that option.
Once you see the raw APDUs, you can compare their encoding (particularly P1/P2) with those described in the relevant ETSI/3GPP (U)SIM specifications.
I enhanced my local copy of pySim (zecke/tmp) to show the raw PDUs. And I added a method to check the Status of the PIN and ADM register. On one card I messed up the ADM, so pySim-prog.py shows
whey query for SIM 1:
send_apdu_raw -> 00200001
< received status word 63c3
So that is SW1='63' with SW2='CX': Counter (verification failed: 'X' indicates the number of further allowed retries Which means I have three more attempts for the PIN1, but
send_apdu_raw -> 0020000A
< received status word 63c0
Ahhrg, I do not have any additional attempt to verify the ADM-Key. Trying to verify ADM results in
send_apdu_raw -> 0020000A083132333435363738
< received status word 6983
an ugly SW1='69' with SW2='83': Authentication method blocked. So I can no longer verify the ADM-Key on that card.
--> Is there any way to unblock the card?
On the second card I was able to successfully verify the ADM and change the IMSI...
Cheers,
Flo