# HG changeset patch
# User Mychaela Falconia <falcon@freecalypso.org>
# Date 1615405173 0
# Node ID 208ae1633f6cc137d2dcdf7eb47dca9d8d29ec58
# Parent  80fc2b2f83c253dbfb38265c768e6111b01e7532
simtool code: sysmo.c renamed to sjs1_hacks.c,
comments changed to clarify that these special commands
apply only to the recently discontinued SJS1 cards
and not to the SJA2 successor.

diff -r 80fc2b2f83c2 -r 208ae1633f6c simtool/Makefile
--- a/simtool/Makefile	Wed Mar 10 06:56:32 2021 +0000
+++ b/simtool/Makefile	Wed Mar 10 19:39:33 2021 +0000
@@ -6,9 +6,9 @@
 	inval_rehab.o lndwrite.o main.o miscadm.o opldump.o oplprog.o \
 	pbcommon.o pbdump.o pberase.o pbrestore.o pbupd_imm.o pbupd_immhex.o \
 	plmnsel.o pnndump.o pnnprog.o readcmd.o readef.o readops.o restorebin.o\
-	savebin.o script.o select.o smserase.o smsp_common.o smsp_dump.o \
-	smsp_erase.o smsp_restore.o smsp_set.o sstlist.o sstprog.o stktest.o \
-	sysmo.o telsum.o usersum.o writecmd.o writeops.o
+	savebin.o script.o select.o sjs1_hacks.o smserase.o smsp_common.o \
+	smsp_dump.o smsp_erase.o smsp_restore.o smsp_set.o sstlist.o sstprog.o \
+	stktest.o telsum.o usersum.o writecmd.o writeops.o
 LIBS=	../libcommon/libcommon.a ../libutil/libutil.a
 INSTBIN=/opt/freecalypso/bin
 
diff -r 80fc2b2f83c2 -r 208ae1633f6c simtool/sjs1_hacks.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/simtool/sjs1_hacks.c	Wed Mar 10 19:39:33 2021 +0000
@@ -0,0 +1,114 @@
+/*
+ * This module implements a few special commands for the recently
+ * discontinued sysmoUSIM-SJS1 card model from Sysmocom.  These commands
+ * are NOT applicable to the successor sysmoISIM-SJA2 card model!
+ */
+
+#include <sys/types.h>
+#include <string.h>
+#include <strings.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "simresp.h"
+#include "curfile.h"
+#include "file_id.h"
+
+/*
+ * SJS1 is natively a UICC, supporting the classic GSM 11.11 SIM protocol
+ * only as a backward compatibility mode.  The makers of that UICC CardOS
+ * clearly did not want people to do administrative programming via the
+ * GSM 11.11 SIM protocol, instead their vision was that admin programming
+ * should only be done in UICC mode.  Toward this end, SJS1 cards do not
+ * accept VERIFY CHV commands with CLA=0xA0 P2=0x0A for ADM1 authentication,
+ * instead they only accept VERIFY PIN with CLA=0x00 for this purpose.
+ *
+ * They did leave one open loophole, however: if the UICC-style VERIFY PIN
+ * command with P2=0x0A for ADM1 authentication is given as the very first
+ * command in the card session, then it can be followed either by other
+ * UICC protocol commands (making a UICC card session), or by CLA=0xA0
+ * protocol commands, making a GSM 11.11 SIM session with ADM1 authentication.
+ * In other words, they allow one special exception to the general rule
+ * where SIM and UICC protocol commands are never allowed to mix in the
+ * same card session.
+ */
+
+cmd_verify_sjs1_adm1(argc, argv)
+	char **argv;
+{
+	u_char cmd[13];
+	int rc;
+
+	/* UICC-style VERIFY PIN command APDU */
+	cmd[0] = 0x00;
+	cmd[1] = 0x20;
+	cmd[2] = 0x00;
+	cmd[3] = 0x0A;
+	cmd[4] = 8;
+	rc = encode_pin_entry(argv[1], cmd + 5);
+	if (rc < 0)
+		return(rc);
+	rc = apdu_exchange(cmd, 13);
+	if (rc < 0)
+		return(rc);
+	if (sim_resp_sw != 0x9000) {
+		fprintf(stderr, "bad SW response: %04X\n", sim_resp_sw);
+		return(-1);
+	}
+	return(0);
+}
+
+/*
+ * Early sysmoUSIM-SJS1 cards (those sold in 2017, but not the very last
+ * ones sold in late 2020) were shipped with a misprogrammed MSISDN record.
+ * Our fix-sysmo-msisdn command fixes this particular misprogramming.
+ */
+
+cmd_fix_sysmo_msisdn()
+{
+	int rc;
+	unsigned n;
+	u_char newrec[34];
+
+	rc = select_op(DF_TELECOM);
+	if (rc < 0)
+		return(rc);
+	rc = select_op(EF_MSISDN);
+	if (rc < 0)
+		return(rc);
+	rc = parse_ef_select_response();
+	if (rc < 0)
+		return(rc);
+	if (curfile_structure != 0x01) {
+		fprintf(stderr, "error: EF_MSISDN is not linear fixed\n");
+		return(-1);
+	}
+	if (curfile_record_len != 34) {
+		fprintf(stderr,
+		"error: expected EF_MSISDN record length of 34 bytes, got %u\n",
+			curfile_record_len);
+		return(-1);
+	}
+	rc = readrec_op(1, 0x04, 34);
+	if (rc < 0)
+		return(rc);
+	for (n = 0; n < 18; n++) {
+		if (sim_resp_data[n] != 0xFF) {
+			fprintf(stderr,
+		"error: non-FF data in the first 18 bytes of alpha tag area\n");
+			return(-1);
+		}
+	}
+	if (sim_resp_data[18] == 0xFF && sim_resp_data[19] == 0xFF) {
+		printf(
+		"last 2 bytes of alpha tag area are clear - already fixed?\n");
+		return(0);
+	}
+	if (sim_resp_data[18] != 0x07 || sim_resp_data[19] != 0x91) {
+		fprintf(stderr,
+	"error: bytes 18 & 19 don't match expected bogus programming\n");
+		return(-1);
+	}
+	memset(newrec, 0xFF, 34);
+	memcpy(newrec + 20, sim_resp_data + 18, 8);
+	return update_rec_op(1, 0x04, newrec, 34);
+}
diff -r 80fc2b2f83c2 -r 208ae1633f6c simtool/sysmo.c
--- a/simtool/sysmo.c	Wed Mar 10 06:56:32 2021 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,89 +0,0 @@
-/*
- * This module implements special commands for programmable and
- * semi-programmable (made-up term for the version without ADM keys)
- * SIM cards made by Sysmocom.
- */
-
-#include <sys/types.h>
-#include <string.h>
-#include <strings.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "simresp.h"
-#include "curfile.h"
-#include "file_id.h"
-
-cmd_verify_sjs1_adm1(argc, argv)
-	char **argv;
-{
-	u_char cmd[13];
-	int rc;
-
-	/* UICC-style VERIFY PIN command APDU */
-	cmd[0] = 0x00;
-	cmd[1] = 0x20;
-	cmd[2] = 0x00;
-	cmd[3] = 0x0A;
-	cmd[4] = 8;
-	rc = encode_pin_entry(argv[1], cmd + 5);
-	if (rc < 0)
-		return(rc);
-	rc = apdu_exchange(cmd, 13);
-	if (rc < 0)
-		return(rc);
-	if (sim_resp_sw != 0x9000) {
-		fprintf(stderr, "bad SW response: %04X\n", sim_resp_sw);
-		return(-1);
-	}
-	return(0);
-}
-
-cmd_fix_sysmo_msisdn()
-{
-	int rc;
-	unsigned n;
-	u_char newrec[34];
-
-	rc = select_op(DF_TELECOM);
-	if (rc < 0)
-		return(rc);
-	rc = select_op(EF_MSISDN);
-	if (rc < 0)
-		return(rc);
-	rc = parse_ef_select_response();
-	if (rc < 0)
-		return(rc);
-	if (curfile_structure != 0x01) {
-		fprintf(stderr, "error: EF_MSISDN is not linear fixed\n");
-		return(-1);
-	}
-	if (curfile_record_len != 34) {
-		fprintf(stderr,
-		"error: expected EF_MSISDN record length of 34 bytes, got %u\n",
-			curfile_record_len);
-		return(-1);
-	}
-	rc = readrec_op(1, 0x04, 34);
-	if (rc < 0)
-		return(rc);
-	for (n = 0; n < 18; n++) {
-		if (sim_resp_data[n] != 0xFF) {
-			fprintf(stderr,
-		"error: non-FF data in the first 18 bytes of alpha tag area\n");
-			return(-1);
-		}
-	}
-	if (sim_resp_data[18] == 0xFF && sim_resp_data[19] == 0xFF) {
-		printf(
-		"last 2 bytes of alpha tag area are clear - already fixed?\n");
-		return(0);
-	}
-	if (sim_resp_data[18] != 0x07 || sim_resp_data[19] != 0x91) {
-		fprintf(stderr,
-	"error: bytes 18 & 19 don't match expected bogus programming\n");
-		return(-1);
-	}
-	memset(newrec, 0xFF, 34);
-	memcpy(newrec + 20, sim_resp_data + 18, 8);
-	return update_rec_op(1, 0x04, newrec, 34);
-}