OTA RFM on sysmoISIM-SJA2 cards

[Mychaela Falconia]

Hello Osmocom community,

Has anyone here ever played with the RFM (Remote File Management)
feature on sysmoUSIM-SJS1 and sysmoISIM-SJA2 cards?  I know that a lot
of people play with RAM (Remote Application Management) for installing
Java applets, but I am more interested in RFM for doing a different
kind of OTA programming - I am seeking to recreate the workflow of
traditional GSM network operators where "blank" (not yet activated,
but ready to activate) SIM cards sit on store shelves with their IMSI
and secret keys (Ki/K/OPc etc) already programmed at the factory,
but blank EF_MSISDN because the future user's phone number is not
known yet.  Customers activate these SIMs by reading the ICCID from
the card to customer service over the phone, or salespeople in stores
scan the ICCID barcode - and then the operator's customer management
system matches that ICCID with its knowledge of the IMSI and secret
keys, and the service gets activated on the new SIM.  And then the
operator's network uses SMS-PP SIM data download to program the
EF_MSISDN record in the newly activated SIM - I know full well that a
phone does not need to know its own MSISDN to make and receive calls,
but every classic GSM dumbphone has a menu command for "Show my number"
or whatever it's called, this command displays the MSISDN record from
the SIM, and traditional operators program this record OTA so that
this menu command will work.  I am seeking to recreate this OTA
programming step.

I just got the needed KI[CD][23] OTA keys for my sysmoUSIM-SJS1 cards
(thanks Sysmocom support!), and I am able to exercise RFM successfully
on these cards by uncommenting these lines in the shadysim.py script:

# for RFM testing
ac.test_rfm()
exit(0)

It appears that the "tribal" knowledge (not written in any formal
document, AFAICT) of how to use the RFM feature on sysmoUSIM-SJS1
cards exists only in the following code stanzas in shadysim.py, code
that never executes unless you uncomment that ac.test_rfm() call:

	def send_wrapped_apdu_rfm_sim(self, data):
		# TAR RFM SIM:  B00010, sysmoSIM SJS1: MSL = 6, second keyset
		return self.send_wrapped_apdu_internal(data, 'B00010', 6, 2, 2)

	def send_wrapped_apdu_rfm_usim(self, data):
		# TAR RFM USIM: B00011, sysmoSIM SJS1: MSL = 6, third keyset
		return self.send_wrapped_apdu_internal(data, 'B00011', 6, 3, 3)

It was only thanks to the above code lines and comments that I learned
that I need to use keyset 2 for SIM RFM, and how else would we know
the needed magic TAR if not for the above code and comments?

In any case, the RFM test function of shadysim.py works like a charm
on my sysmoUSIM-SJS1 cards with the right keys (successfully displays
the IMSI read out via RFM), and I am now going to work on my own C code
that will replace Python and do what I need.  However, I also tried
the exact same shadysim.py RFM test function on the newer
sysmoISIM-SJA2 cards, and it does NOT work.  I run the exact same
shadysim.py (modified only to uncomment the RFM test) that works
against sysmoUSIM-SJS1, but when I run it against sysmoISIM-SJA2 and
specify the respective card's KIC2 and KID2 from the webshop key data
email, I get this output:

ICCID: 8988211000000471501f
('', '')

Here is the output with a good sysmoUSIM-SJS1:

ICCID: 8988211000000386808f
('089910070000306808', '9000')

Given that the code stays exactly the same and I am merely specifying
different keys as needed for each card, there must be something
different about the new sysmoISIM-SJA2 cards with respect to RFM.
Perhaps the TAR is different?  Perhaps the association of which keyset
goes for what is different?  Some other differences like different
crypto algorithms being used?  Perhaps a migration from 3DES to AES?

I am fine with just using sysmoUSIM-SJS1 for development of my C tools
(tools which will hopefully be extended later to work with other
vendors' SIMs beyond just Sysmocom), but it would be nice to fill in
the knowledge gap regarding sysmoISIM-SJA2 and get these cards to work
as well.

In hacking fellowship,
Mother Mychaela