Exemplo n.º 1
0
	def program(self, p):

		# authenticate as ADM using default key (written on the card..)
		if not p['pin_adm']:
			raise ValueError("Please provide a PIN-ADM as there is no default one")
		self._scc.verify_chv(0x0A, h2b(p['pin_adm']))

		# select MF
		r = self._scc.select_file(['3f00'])

		# write EF.ICCID
		data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))

		# select DF_GSM
		r = self._scc.select_file(['7f20'])

		# set Ki in proprietary file
		data, sw = self._scc.update_binary('00FF', p['ki'])

		# set Ki in proprietary file
		content = "01" + p['opc']
		data, sw = self._scc.update_binary('00F7', content)


		# write EF.IMSI
		data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))
Exemplo n.º 2
0
	def program(self, p):

		# select MF 
		r = self._scc.select_file(['3f00'])
		
		# authenticate as SUPER ADM using default key
		self._scc.verify_chv(0x0b, h2b("3838383838383838"))

		# set ADM pin using proprietary command
		# INS: D4
		# P1: 3A for PIN, 3B for PUK
		# P2: CHV number, as in VERIFY CHV for PIN, and as in UNBLOCK CHV for PUK
		# P3: 08, CHV length (curiously the PUK is also 08 length, instead of 10)
		if p['pin_adm']:
			pin = p['pin_adm']
		else:
			pin = h2b("4444444444444444")

		pdu = 'A0D43A0508' + b2h(pin)
		data, sw = self._scc._tp.send_apdu(pdu)
		
		# authenticate as ADM (enough to write file, and can set PINs)

		self._scc.verify_chv(0x05, pin)

		# write EF.ICCID
		data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))

		# select DF_GSM
		r = self._scc.select_file(['7f20'])
		
		# write EF.IMSI
		data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))

		# write EF.ACC
		if p.get('acc') is not None:
			data, sw = self._scc.update_binary('6f78', lpad(p['acc'], 4))

		# get size and write EF.HPLMN
		r = self._scc.select_file(['6f30'])
		size = int(r[-1][4:8], 16)
		hplmn = enc_plmn(p['mcc'], p['mnc'])
		self._scc.update_binary('6f30', hplmn + 'ff' * (size-3))

		# set COMP128 version 0 in proprietary file
		data, sw = self._scc.update_binary('0001', '001000')

		# set Ki in proprietary file
		data, sw = self._scc.update_binary('0001', p['ki'], 3)

		# select DF_TELECOM
		r = self._scc.select_file(['3f00', '7f10'])
		
		# write EF.SMSP
		data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 80))
Exemplo n.º 3
0
    def program(self, p):

        # select MF
        r = self._scc.select_file(['3f00'])

        # authenticate as SUPER ADM using default key
        self._scc.verify_chv(0x0b, h2b("3838383838383838"))

        # set ADM pin using proprietary command
        # INS: D4
        # P1: 3A for PIN, 3B for PUK
        # P2: CHV number, as in VERIFY CHV for PIN, and as in UNBLOCK CHV for PUK
        # P3: 08, CHV length (curiously the PUK is also 08 length, instead of 10)
        if p['pin_adm']:
            pin = p['pin_adm']
        else:
            pin = h2b("4444444444444444")

        pdu = 'A0D43A0508' + b2h(pin)
        data, sw = self._scc._tp.send_apdu(pdu)

        # authenticate as ADM (enough to write file, and can set PINs)

        self._scc.verify_chv(0x05, pin)

        # write EF.ICCID
        data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))

        # select DF_GSM
        r = self._scc.select_file(['7f20'])

        # write EF.IMSI
        data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))

        # write EF.ACC
        if p.get('acc') is not None:
            data, sw = self._scc.update_binary('6f78', lpad(p['acc'], 4))

        # get size and write EF.HPLMN
        r = self._scc.select_file(['6f30'])
        size = int(r[-1][4:8], 16)
        hplmn = enc_plmn(p['mcc'], p['mnc'])
        self._scc.update_binary('6f30', hplmn + 'ff' * (size - 3))

        # set COMP128 version 0 in proprietary file
        data, sw = self._scc.update_binary('0001', '001000')

        # set Ki in proprietary file
        data, sw = self._scc.update_binary('0001', p['ki'], 3)

        # select DF_TELECOM
        r = self._scc.select_file(['3f00', '7f10'])

        # write EF.SMSP
        data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 80))
Exemplo n.º 4
0
	def program(self, p):
		# TODO: check if verify_chv could be used or what it needs
		# self._scc.verify_chv(0x0A, [0x33,0x32,0x32,0x31,0x33,0x32,0x33,0x32])
		# Unlock the card..
		data, sw = self._scc._tp.send_apdu_checksw("0020000A083332323133323332")

		# TODO: move into SimCardCommands
		par = ( p['ki'] +			# 16b  K
			p['opc'] +				# 32b  OPC
			enc_iccid(p['iccid']) +	# 10b  ICCID
			enc_imsi(p['imsi'])		#  9b  IMSI_len + id_type(9) + IMSI
			)
		data, sw = self._scc._tp.send_apdu_checksw("0099000033" + par)
Exemplo n.º 5
0
	def program(self, p):
		# TODO: check if verify_chv could be used or what it needs
		# self._scc.verify_chv(0x0A, [0x33,0x32,0x32,0x31,0x33,0x32,0x33,0x32])
		# Unlock the card..
		data, sw = self._scc._tp.send_apdu_checksw("0020000A083332323133323332")

		# TODO: move into SimCardCommands
		par = ( p['ki'] +			# 16b  K
			p['opc'] +				# 32b  OPC
			enc_iccid(p['iccid']) +	# 10b  ICCID
			enc_imsi(p['imsi'])		#  9b  IMSI_len + id_type(9) + IMSI
			)
		data, sw = self._scc._tp.send_apdu_checksw("0099000033" + par)
Exemplo n.º 6
0
	def program(self, p):
		# Go to dir
		self._scc.select_file(['3f00', '7f4d'])

		# Home PLMN in PLMN_Sel format
		hplmn = enc_plmn(p['mcc'], p['mnc'])

		# Operator name ( 3f00/7f4d/8f0c )
		self._scc.update_record(self._files['name'][0], 2,
			rpad(b2h(p['name']), 32)  + ('%02x' % len(p['name'])) + '01'
		)

		# ICCID/IMSI/Ki/HPLMN ( 3f00/7f4d/8f0d )
		v = ''

			# inline Ki
		if self._ki_file is None:
			v += p['ki']

			# ICCID
		v += '3f00' + '2fe2' + '0a' + enc_iccid(p['iccid'])

			# IMSI
		v += '7f20' + '6f07' + '09' + enc_imsi(p['imsi'])

			# Ki
		if self._ki_file:
			v += self._ki_file + '10' + p['ki']

			# PLMN_Sel
		v+= '6f30' + '18' +  rpad(hplmn, 36)

			# ACC
			# This doesn't work with "fake" SuperSIM cards,
			# but will hopefully work with real SuperSIMs.
		if p.get('acc') is not None:
			v+= '6f78' + '02' + lpad(p['acc'], 4)

		self._scc.update_record(self._files['b_ef'][0], 1,
			rpad(v, self._files['b_ef'][1]*2)
		)

		# SMSP ( 3f00/7f4d/8f0e )
			# FIXME

		# Write PLMN_Sel forcefully as well
		r = self._scc.select_file(['3f00', '7f20', '6f30'])
		tl = int(r[-1][4:8], 16)

		hplmn = enc_plmn(p['mcc'], p['mnc'])
		self._scc.update_binary('6f30', hplmn + 'ff' * (tl-3))
Exemplo n.º 7
0
	def program(self, p):
		# Go to dir
		self._scc.select_file(['3f00', '7f4d'])

		# Home PLMN in PLMN_Sel format
		hplmn = enc_plmn(p['mcc'], p['mnc'])

		# Operator name ( 3f00/7f4d/8f0c )
		self._scc.update_record(self._files['name'][0], 2,
			rpad(b2h(p['name']), 32)  + ('%02x' % len(p['name'])) + '01'
		)

		# ICCID/IMSI/Ki/HPLMN ( 3f00/7f4d/8f0d )
		v = ''

			# inline Ki
		if self._ki_file is None:
			v += p['ki']

			# ICCID
		v += '3f00' + '2fe2' + '0a' + enc_iccid(p['iccid'])

			# IMSI
		v += '7f20' + '6f07' + '09' + enc_imsi(p['imsi'])

			# Ki
		if self._ki_file:
			v += self._ki_file + '10' + p['ki']

			# PLMN_Sel
		v+= '6f30' + '18' +  rpad(hplmn, 36)

			# ACC
			# This doesn't work with "fake" SuperSIM cards,
			# but will hopefully work with real SuperSIMs.
		if p.get('acc') is not None:
			v+= '6f78' + '02' + lpad(p['acc'], 4)

		self._scc.update_record(self._files['b_ef'][0], 1,
			rpad(v, self._files['b_ef'][1]*2)
		)

		# SMSP ( 3f00/7f4d/8f0e )
			# FIXME

		# Write PLMN_Sel forcefully as well
		r = self._scc.select_file(['3f00', '7f20', '6f30'])
		tl = int(r[-1][4:8], 16)

		hplmn = enc_plmn(p['mcc'], p['mnc'])
		self._scc.update_binary('6f30', hplmn + 'ff' * (tl-3))
Exemplo n.º 8
0
    def program(self, p):
        # Home PLMN
        r = self._scc.select_file(['3f00', '7f20', '6f30'])
        tl = int(r[-1][4:8], 16)

        hplmn = enc_plmn(p['mcc'], p['mnc'])
        self._scc.update_binary('6f30', hplmn + 'ff' * (tl - 3))

        # Get total number of entries and entry size
        rec_cnt, rec_len = self._get_infos()

        # Set first entry
        entry = (
            '81' +  #  1b  Status: Valid & Active
            rpad(b2h(p['name'][0:14]), 28) +  # 14b  Entry Name
            enc_iccid(p['iccid']) +  # 10b  ICCID
            enc_imsi(p['imsi']) +  #  9b  IMSI_len + id_type(9) + IMSI
            p['ki'] +  # 16b  Ki
            lpad(p['smsp'], 80)  # 40b  SMSP (padded with ff if needed)
        )
        self._scc.update_record('000c', 1, entry)
Exemplo n.º 9
0
	def program(self, p):
		# Home PLMN
		r = self._scc.select_file(['3f00', '7f20', '6f30'])
		tl = int(r[-1][4:8], 16)

		hplmn = enc_plmn(p['mcc'], p['mnc'])
		self._scc.update_binary('6f30', hplmn + 'ff' * (tl-3))

		# Get total number of entries and entry size
		rec_cnt, rec_len = self._get_infos()

		# Set first entry
		entry = (
			'81' +								#  1b  Status: Valid & Active
			rpad(b2h(p['name'][0:14]), 28) +	# 14b  Entry Name
			enc_iccid(p['iccid']) +				# 10b  ICCID
			enc_imsi(p['imsi']) +				#  9b  IMSI_len + id_type(9) + IMSI
			p['ki'] +							# 16b  Ki
			lpad(p['smsp'], 80)					# 40b  SMSP (padded with ff if needed)
		)
		self._scc.update_record('000c', 1, entry)
Exemplo n.º 10
0
	def program(self, p):
		# We don't really know yet what ADM PIN 4 is about
		#self._scc.verify_chv(4, h2b("4444444444444444"))

		# Authenticate using ADM PIN 5
		if p['pin_adm']:
			pin = p['pin_adm']
		else:
			pin = h2b("4444444444444444")
		self._scc.verify_chv(5, pin)

		# EF.ICCID
		r = self._scc.select_file(['3f00', '2fe2'])
		data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))

		# EF.IMSI
		r = self._scc.select_file(['3f00', '7f20', '6f07'])
		data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))

		# EF.ACC
		if p.get('acc') is not None:
			data, sw = self._scc.update_binary('6f78', lpad(p['acc'], 4))

		# EF.SMSP
		r = self._scc.select_file(['3f00', '7f10', '6f42'])
		data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 80))

		# Set the Ki using proprietary command
		pdu = '80d4020010' + p['ki']
		data, sw = self._scc._tp.send_apdu(pdu)

		# EF.HPLMN
		r = self._scc.select_file(['3f00', '7f20', '6f30'])
		size = int(r[-1][4:8], 16)
		hplmn = enc_plmn(p['mcc'], p['mnc'])
		self._scc.update_binary('6f30', hplmn + 'ff' * (size-3))

		# EF.SPN (Service Provider Name)
		r = self._scc.select_file(['3f00', '7f20', '6f30'])
		size = int(r[-1][4:8], 16)
Exemplo n.º 11
0
    def program(self, p):
        # We don't really know yet what ADM PIN 4 is about
        #self._scc.verify_chv(4, h2b("4444444444444444"))

        # Authenticate using ADM PIN 5
        if p['pin_adm']:
            pin = p['pin_adm']
        else:
            pin = h2b("4444444444444444")
        self._scc.verify_chv(5, pin)

        # EF.ICCID
        r = self._scc.select_file(['3f00', '2fe2'])
        data, sw = self._scc.update_binary('2fe2', enc_iccid(p['iccid']))

        # EF.IMSI
        r = self._scc.select_file(['3f00', '7f20', '6f07'])
        data, sw = self._scc.update_binary('6f07', enc_imsi(p['imsi']))

        # EF.ACC
        if p.get('acc') is not None:
            data, sw = self._scc.update_binary('6f78', lpad(p['acc'], 4))

        # EF.SMSP
        r = self._scc.select_file(['3f00', '7f10', '6f42'])
        data, sw = self._scc.update_record('6f42', 1, lpad(p['smsp'], 80))

        # Set the Ki using proprietary command
        pdu = '80d4020010' + p['ki']
        data, sw = self._scc._tp.send_apdu(pdu)

        # EF.HPLMN
        r = self._scc.select_file(['3f00', '7f20', '6f30'])
        size = int(r[-1][4:8], 16)
        hplmn = enc_plmn(p['mcc'], p['mnc'])
        self._scc.update_binary('6f30', hplmn + 'ff' * (size - 3))

        # EF.SPN (Service Provider Name)
        r = self._scc.select_file(['3f00', '7f20', '6f30'])
        size = int(r[-1][4:8], 16)