[BUG] - SIM UICC configuration for Carrier Permissions does not work; alternative with GP

[buchbergerd]

First, thanks for your great work!

Bug Report

Context

• Device: sysmocom sysmoISIM-SJA2
• Software: https://gitea.osmocom.org/sim-card/pysim.git, current master branch
• OS: Ubuntu 22.04 LTS
• Carrier Privileges (Y/N): n/a
• Android Version: n/a
• App Version: n/a
• Git Hash: n/a

Description

When following main/docs/carrier-permissions.md, I got this error doesn't contain expected key command_store_ref_ar_do:

$ python pySim-shell.py -p 0 --csv card_Data.csv
Using reader PCSC[HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00]
Waiting for card...
Info: Card is of type: UICC
Detected UICC Add-on "SIM"
Detected UICC Add-on "RUIM"
AIDs on card:
 USIM: a0000000871002ffffffff8907090000 (EF.DIR)
 ISIM: a0000000871004ffffffff8907090000 (EF.DIR)
 ADF.ISD: a000000003000000
 ARA-M: a00000015141434c00
Detected CardModel: SysmocomSJA2
Welcome to pySim-shell!
(C) 2021-2023 by Harald Welte, sysmocom - s.f.m.c. GmbH and contributors
Online manual available at https://downloads.osmocom.org/docs/pysim/master/html/shell.html 
pySIM-shell (00:MF)> select ADF.ARA-M
null
pySIM-shell (00:MF/ADF.ARA-M)> aram_get_all 
[
    {
        "response_all_ref_ar_do": null
    }
]
pySIM-shell (00:MF/ADF.ARA-M)> aram_store_ref_ar_do --aid FFFFFFFFFFFF --device-app-id E46872F28B350B7E1F140DE535C2A8D5804F0BE3 --android-permissions 0000000000000001 --apdu-always
EXCEPTION of type 'ValueError' occurred with message: Dict [{'ref_ar_do': [{'ref_do': [{'aid_ref_do': 'FFFFFFFFFFFF'}, {'dev_app_id_ref_do': 'E46872F28B350B7E1F140DE535C2A8D5804F0BE3'}]}, {'ar_do': [{'apdu_ar_do': {'generic_access_rule': 'always'}}, {'perm_ar_do': {'permissions': '0000000000000001'}}]}]}] doesn't contain expected key command_store_ref_ar_do
To enable full traceback, run the following command: 'set debug true'
pySIM-shell (00:MF/ADF.ARA-M)> quit

Can you please check and expand the documentation when necessary?

How to Reproduce

Execute shell commands shown above.

Expected Behavior

Store the hash and access rule in ARA-M. As I used the same SIM card that is linked in the tutorial, I did not expect any error.

Actual Behavior

The error message shown above.

Screenshots

n/a

Additional Context

n/a

Possible Fix

Workaround: Using gp worked for me.
I used the version from https://github.com/herlesupreeth/CoIMS_Wiki with the following command:

java -jar gp.jar --key-enc KIC1 --key-mac KID1 --key-dek KIK1 -a 00A4040009A00000015141434C0000 -a 80E2900033F031E22FE11E4F06FFFFFFFFFFFFC114E849B63A7B96E571F788FC5845C4AA3C520D18E8E30DD00101DB080000000000000001

It adds the rule for the hash E849B63A7B96E571F788FC5845C4AA3C520D18E8 (which is the one from your tutorial).
However, this utilizes raw APDUs, which is not very convenient.

[PeterHasse]

While I'm not sure why this error happend, i guess it depends on the pysim version as it works with my test installation we good a nice pull request that updates the documentation to GP way to set the signature.

https://github.com/omnt/OpenMobileNetworkToolkit/blob/main/docs/carrier-permissions.md

@buchbergerd does this solve the issue for you?

[laf0rge]

@buchbergerd what you describe sounds like a pySim-shell bug. Did you report it upstream? Are you sure it occurs with current pysim.git master?