10 Dec
2015
10 Dec
'15
5:13 p.m.
On Thu Nov 5 09:05:15 UTC 2015, Harald Welte wrote:
> RuntimeError: SW match failed ! Expected 9000 and
got 6a86.
According to ISO 7816-4, this 6a86 means
'incorrect P1 or P2
parameter'.
> At this point I don't have any more ideas what
to try, if anyone would
> have any suggestions I would apreciate it.
Please activate (or hack some code for) tracing the
actual APDUs that
pySim excahnges with the card. IIRC, pySim already has that option.
Once you see the raw APDUs, you can compare their
encoding
(particularly
P1/P2) with those described in the relevant ETSI/3GPP (U)SIM
specifications.
I enhanced my local copy of pySim (zecke/tmp) to show the raw PDUs.
And I added a method to check the Status of the PIN and ADM register.
On one card I messed up the ADM, so pySim-prog.py shows
whey query for SIM 1:
send_apdu_raw -> 00200001
< received
status word 63c3
So that is SW1='63' with SW2='CX': Counter (verification failed:
'X'
indicates the number of further allowed retries
Which means I have three more attempts for the PIN1, but
send_apdu_raw -> 0020000A
< received
status word 63c0
Ahhrg, I do not have any additional attempt to verify the ADM-Key.
Trying to verify ADM results in
send_apdu_raw -> 0020000A083132333435363738
< received status word 6983
an ugly SW1='69' with SW2='83': Authentication method blocked.
So I can no longer verify the ADM-Key on that card.
--> Is there any way to unblock the card?
On the second card I was able to successfully verify the ADM and change
the IMSI...
Cheers,
Flo
9:28 p.m.
New subject: PySIM: SW match failed
Maybe I am wrong but the ADM2 key is not there for this reason? Can we use it to unlock a
failed ADM1 usim?
Regards,
Csaba
----- Original Message -----
From: Holger Freyther <holger(a)freyther.de>
To: Florian <openbsc(a)flocom.net>
Cc: openbsc(a)lists.osmocom.org
Sent: Thu, 10 Dec 2015 17:25:48 +0100 (CET)
Subject: Re: PySIM: SW match failed
On 10 Dec 2015, at 17:13, Florian
<openbsc(a)flocom.net> wrote:
--> Is there any way to unblock the card?
I am not aware of it.
holger
15 Dec
15 Dec
1:04 p.m.
New subject: PySIM: SW match failed
Hi Florian,
I can confirm that the "zecke/tmp" branch is working for programming.
Can you please share your modifications with Harald and the list so these modifications
can get into the code?
Until we find a way to program these cards again, at least an indicator and warning system
should be in place to warn the users how many tries are left for the ADM.
Regards,
Csaba
----- Eredeti üzenet -----
Feladó: "Florian" <openbsc(a)flocom.net>
Címzett: openbsc(a)lists.osmocom.org
Elküldött üzenetek: Csütörtök, 2015. December 10. 17:13:13
Tárgy: Re: PySIM: SW match failed
On Thu Nov 5 09:05:15 UTC 2015, Harald Welte wrote:
> RuntimeError: SW match failed ! Expected 9000 and
got 6a86.
According to ISO 7816-4, this 6a86 means
'incorrect P1 or P2
parameter'.
> At this point I don't have any more ideas what
to try, if anyone would
> have any suggestions I would apreciate it.
Please activate (or hack some code for) tracing the
actual APDUs that
pySim excahnges with the card. IIRC, pySim already has that option.
Once you see the raw APDUs, you can compare their
encoding
(particularly
P1/P2) with those described in the relevant ETSI/3GPP (U)SIM
specifications.
I enhanced my local copy of pySim (zecke/tmp) to show the raw PDUs.
And I added a method to check the Status of the PIN and ADM register.
On one card I messed up the ADM, so pySim-prog.py shows
whey query for SIM 1:
send_apdu_raw -> 00200001
< received
status word 63c3
So that is SW1='63' with SW2='CX': Counter (verification failed:
'X'
indicates the number of further allowed retries
Which means I have three more attempts for the PIN1, but
send_apdu_raw -> 0020000A
< received
status word 63c0
Ahhrg, I do not have any additional attempt to verify the ADM-Key.
Trying to verify ADM results in
send_apdu_raw -> 0020000A083132333435363738
< received status word 6983
an ugly SW1='69' with SW2='83': Authentication method blocked.
So I can no longer verify the ADM-Key on that card.
--> Is there any way to unblock the card?
On the second card I was able to successfully verify the ADM and change
the IMSI...
Cheers,
Flo
4:44 p.m.
New subject: PySIM: SW match failed
Hi Sipos,
On Tue, Dec 15, 2015 at 01:04:41PM +0100, Sipos Csaba wrote:
I can confirm that the "zecke/tmp" branch is
working for programming.
Great. Now the question is if Sylvain wants to merge zecke/tmp
(basically only one small patch disabling the FCI-reading)?
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
3059
days inactive
3064
days old
4 comments
4 participants
participants (4)
-
Florian -
Harald Welte -
Holger Freyther -
Sipos Csaba