pySim/transport: fix GET RESPONSE behaviour

The current behavior we implement in the method __send_apdu_T0 is incomplete. Some details discussed in ETSI TS 102 221, section 7.3.1.1.4, clause 4 seem to be not fully implemented. We may also end up sending a GET RESPONSE in other APDU cases than case 4 (the only case that uses the GET RESPONSE command). Related: OS#6970 Change-Id: I26f0566af0cdd61dcc97f5f502479dc76adc37cc
pySim-prog/pySim-read: add pySimLogger and verbose cmdline argument
2026-03-17 02:48:34 +03:00 · 2026-03-10 16:58:27 +01:00 · 2026-03-10 16:58:27 +01:00 · 2026-03-10 16:58:27 +01:00 · 2026-03-10 16:58:27 +01:00 · 2026-03-10 09:23:03 +00:00
14 changed files with 86 additions and 36 deletions
--- a/contrib/csv-to-pgsql.py
+++ b/contrib/csv-to-pgsql.py
@@ -285,10 +285,7 @@ if __name__ == '__main__':
    option_parser.add_argument("--admin", action='store_true', help="perform action as admin", default=False)
    opts = option_parser.parse_args()

-    PySimLogger.setup(print, {logging.WARN: "\033[33m"})
-    if (opts.verbose):
-        PySimLogger.set_verbose(True)
-        PySimLogger.set_level(logging.DEBUG)
+    PySimLogger.setup(print, {logging.WARN: "\033[33m"}, opts.verbose)

    # Open CSV file
    cr = open_csv(opts)
--- a/pySim-prog.py
+++ b/pySim-prog.py
@@ -44,6 +44,11 @@ from pySim.legacy.ts_51_011 import EF
 from pySim.card_handler import *
 from pySim.utils import *

+from pathlib import Path
+import logging
+from pySim.log import PySimLogger
+
+log = PySimLogger.get(Path(__file__).stem)

 def parse_options():

@@ -185,6 +190,7 @@ def parse_options():
                      default=False, action="store_true")
    parser.add_argument("--card_handler", dest="card_handler_config", metavar="FILE",
                      help="Use automatic card handling machine")
+    parser.add_argument("--verbose", help="Enable verbose logging", action='store_true', default=False)

    options = parser.parse_args()

@@ -770,6 +776,9 @@ if __name__ == '__main__':
    # Parse options
    opts = parse_options()

+    # Setup logger
+    PySimLogger.setup(print, {logging.WARN: "\033[33m"}, opts.verbose)
+
    # Init card reader driver
    sl = init_reader(opts)

--- a/pySim-read.py
+++ b/pySim-read.py
@@ -46,11 +46,17 @@ from pySim.utils import dec_imsi, dec_iccid
 from pySim.legacy.utils import format_xplmn_w_act, dec_st, dec_msisdn
 from pySim.ts_51_011 import EF_SMSP

+from pathlib import Path
+import logging
+from pySim.log import PySimLogger
+
+log = PySimLogger.get(Path(__file__).stem)
+
 option_parser = argparse.ArgumentParser(description='Legacy tool for reading some parts of a SIM card',
                                        formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+option_parser.add_argument("--verbose", help="Enable verbose logging", action='store_true', default=False)
 argparse_add_reader_args(option_parser)

-
 def select_app(adf: str, card: SimCard):
    """Select application by its AID"""
    sw = 0
@@ -75,6 +81,9 @@ if __name__ == '__main__':
    # Parse options
    opts = option_parser.parse_args()

+    # Setup logger
+    PySimLogger.setup(print, {logging.WARN: "\033[33m"}, opts.verbose)
+
    # Init card reader driver
    sl = init_reader(opts)

--- a/pySim-shell.py
+++ b/pySim-shell.py
@@ -107,12 +107,12 @@ Online manual available at https://downloads.osmocom.org/docs/pysim/master/html/
            kwargs = {'include_ipy': True}

        self.verbose = verbose
-        self._onchange_verbose('verbose', False, self.verbose);
+        PySimLogger.setup(self.poutput, {logging.WARN: YELLOW})
+        self._onchange_verbose('verbose', False, self.verbose)

        # pylint: disable=unexpected-keyword-arg
        super().__init__(persistent_history_file='~/.pysim_shell_history', allow_cli_args=False,
                         auto_load_commands=False, startup_script=script, **kwargs)
-        PySimLogger.setup(self.poutput, {logging.WARN: YELLOW})
        self.intro = style(self.BANNER, fg=RED)
        self.default_category = 'pySim-shell built-in commands'
        self.card = None
@@ -1175,13 +1175,7 @@ if __name__ == '__main__':
    opts = option_parser.parse_args()

    # Ensure that we are able to print formatted warnings from the beginning.
-    PySimLogger.setup(print, {logging.WARN: YELLOW})
-    if opts.verbose:
-        PySimLogger.set_verbose(True)
-        PySimLogger.set_level(logging.DEBUG)
-    else:
-        PySimLogger.set_verbose(False)
-        PySimLogger.set_level(logging.INFO)
+    PySimLogger.setup(print, {logging.WARN: YELLOW}, opts.verbose)

    # Register csv-file as card data provider, either from specified CSV
    # or from CSV file in home directory
--- a/pySim/global_platform/scp.py
+++ b/pySim/global_platform/scp.py
@@ -266,11 +266,13 @@ class SCP02(SCP):
        super().__init__(*args, **kwargs)

    def dek_encrypt(self, plaintext:bytes) -> bytes:
-        cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB)
+        # See also GPC section B.1.1.2, E.4.7, and E.4.1
+        cipher = DES3.new(self.sk.data_enc, DES.MODE_ECB)
        return cipher.encrypt(plaintext)

    def dek_decrypt(self, ciphertext:bytes) -> bytes:
-        cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB)
+        # See also GPC section B.1.1.2, E.4.7, and E.4.1
+        cipher = DES3.new(self.sk.data_enc, DES.MODE_ECB)
        return cipher.decrypt(ciphertext)

    def _compute_cryptograms(self, card_challenge: bytes, host_challenge: bytes):
--- a/pySim/log.py
+++ b/pySim/log.py
@@ -63,7 +63,7 @@ class PySimLogger:
        raise RuntimeError('static class, do not instantiate')

    @staticmethod
-    def setup(print_callback = None, colors:dict = {}):
+    def setup(print_callback = None, colors:dict = {}, verbose_debug:bool = False):
        """
        Set a print callback function and color scheme. This function call is optional. In case this method is not
        called, default settings apply.
@@ -72,10 +72,20 @@ class PySimLogger:
                             have the following format: print_callback(message:str)
            colors : An optional dict through which certain log levels can be assigned a color.
                     (e.g. {logging.WARN: YELLOW})
+            verbose_debug: Enable verbose logging and set the loglevel DEBUG when set to true. Otherwise the
+                           non-verbose logging is used and the loglevel is set to INFO. This setting can be changed
+                           using the set_verbose and set_level methods at any time.
        """
        PySimLogger.print_callback = print_callback
        PySimLogger.colors = colors

+        if (verbose_debug):
+            PySimLogger.set_verbose(True)
+            PySimLogger.set_level(logging.DEBUG)
+        else:
+            PySimLogger.set_verbose(False)
+            PySimLogger.set_level(logging.INFO)
+
    @staticmethod
    def set_verbose(verbose:bool = False):
        """
--- a/pySim/transport/init.py
+++ b/pySim/transport/init.py
@@ -301,24 +301,53 @@ class LinkBaseTpdu(LinkBase):

        prev_tpdu = tpdu
        data, sw = self.send_tpdu(tpdu)
+        log.debug("T0: case #%u TPDU: %s => %s %s", case, tpdu, data or "(no data)", sw or "(no status word)")

-        # When we have sent the first APDU, the SW may indicate that there are response bytes
-        # available. There are two SWs commonly used for this 9fxx (sim) and 61xx (usim), where
-        # xx is the number of response bytes available.
-        # See also:
+        # After sending the APDU/TPDU the UICC/eUICC or SIM may response with a status word that indicates that further
+        # TPDUs have to be sent in order to complete the task.
        if sw is not None:
-            while (sw[0:2] in ['9f', '61', '62', '63']):
-                # SW1=9F: 3GPP TS 51.011 9.4.1, Responses to commands which are correctly executed
-                # SW1=61: ISO/IEC 7816-4, Table 5 — General meaning of the interindustry values of SW1-SW2
-                # SW1=62: ETSI TS 102 221 7.3.1.1.4 Clause 4b): 62xx, 63xx, 9xxx != 9000
-                tpdu_gr = tpdu[0:2] + 'c00000' + sw[2:4]
-                prev_tpdu = tpdu_gr
-                d, sw = self.send_tpdu(tpdu_gr)
-                data += d
+            if case == 4 or self.apdu_strict == False:
+                # In case the APDU is a case #4 APDU, the UICC/eUICC/SIM may indicate that there is response data
+                # available which has to be retrieved using a GET RESPONSE command TPDU.
+                #
+                # ETSI TS 102 221, section 7.3.1.1.4 is very cleare about the fact that the GET RESPONSE mechanism
+                # shall only apply on case #4 APDUs but unfortunately it is impossible to distinguish between case #3
+                # and case #4 when the APDU format is not strictly followed. In order to be able to detect case #4
+                # correctly the Le byte (usually 0x00) must be present, is often forgotten. To avoid problems with
+                # legacy scripts that use raw APDU strings, we will still loosely apply GET RESPONSE based on what
+                # the status word indicates. Unless the user explicitly enables the strict mode (set apdu_strict true)
+                while True:
+                    if sw in ['9000', '9100']:
+                        # A status word of 9000 (or 9100 in case there is pending data from a proactive SIM command)
+                        # indicates that either no response data was returnd or all response data has been retrieved
+                        # successfully. We may discontinue the processing at this point.
+                        break;
+                    if sw[0:2] in ['61', '9f']:
+                        # A status word of 61xx or 9fxx indicates that there is (still) response data available. We
+                        # send a GET RESPONSE command with the length value indicated in the second byte of the status
+                        # word. (see also ETSI TS 102 221, section 7.3.1.1.4, clause 4a and 3GPP TS 51.011 9.4.1 and
+                        # ISO/IEC 7816-4, Table 5)
+                        le_gr = sw[2:4]
+                    elif sw[0:2] in ['62', '63']:
+                        # There are corner cases (status word is 62xx or 63xx) where the UICC/eUICC/SIM asks us
+                        # to send a dummy GET RESPONSE command. We send a GET RESPONSE command with a length of 0.
+                        # (see also ETSI TS 102 221, section 7.3.1.1.4, clause 4b and ETSI TS 151 011, section 9.4.1)
+                        le_gr = '00'
+                    else:
+                        # A status word other then the ones covered by the above logic may indicate an error. In this
+                        # case we will discontinue the processing as well.
+                        # (see also ETSI TS 102 221, section 7.3.1.1.4, clause 4c)
+                        break
+                    tpdu_gr = tpdu[0:2] + 'c00000' + le_gr
+                    prev_tpdu = tpdu_gr
+                    data_gr, sw = self.send_tpdu(tpdu_gr)
+                    log.debug("T0: GET RESPONSE TPDU: %s => %s %s", tpdu_gr, data_gr or "(no data)", sw or "(no status word)")
+                    data += data_gr
            if sw[0:2] == '6c':
                # SW1=6C: ETSI TS 102 221 Table 7.1: Procedure byte coding
                tpdu_gr = prev_tpdu[0:8] + sw[2:4]
                data, sw = self.send_tpdu(tpdu_gr)
+                log.debug("T0: repated case #%u TPDU: %s => %s %s", case, tpdu_gr, data or "(no data)", sw or "(no status word)")

        return data, sw

--- a/tests/pySim-prog_test/Fairwaves-SIM.ok
+++ b/tests/pySim-prog_test/Fairwaves-SIM.ok
@@ -1,4 +1,4 @@
-Using PC/SC reader interface
+INFO: Using PC/SC reader interface
 Reading ...
 Autodetected card type: Fairwaves-SIM
 ICCID: 8988219000000117833
--- a/tests/pySim-prog_test/Wavemobile-SIM.ok
+++ b/tests/pySim-prog_test/Wavemobile-SIM.ok
@@ -1,4 +1,4 @@
-Using PC/SC reader interface
+INFO: Using PC/SC reader interface
 Reading ...
 Autodetected card type: Wavemobile-SIM
 ICCID: 89445310150011013678
--- a/tests/pySim-prog_test/fakemagicsim.ok
+++ b/tests/pySim-prog_test/fakemagicsim.ok
@@ -1,4 +1,4 @@
-Using PC/SC reader interface
+INFO: Using PC/SC reader interface
 Reading ...
 Autodetected card type: fakemagicsim
 ICCID: 1122334455667788990
--- a/tests/pySim-prog_test/sysmoISIM-SJA2.ok
+++ b/tests/pySim-prog_test/sysmoISIM-SJA2.ok
@@ -1,4 +1,4 @@
-Using PC/SC reader interface
+INFO: Using PC/SC reader interface
 Reading ...
 Autodetected card type: sysmoISIM-SJA2
 ICCID: 8988211000000467343
--- a/tests/pySim-prog_test/sysmoISIM-SJA5.ok
+++ b/tests/pySim-prog_test/sysmoISIM-SJA5.ok
@@ -1,4 +1,4 @@
-Using PC/SC reader interface
+INFO: Using PC/SC reader interface
 Reading ...
 Autodetected card type: sysmoISIM-SJA5
 ICCID: 8949440000001155314
--- a/tests/pySim-prog_test/sysmoUSIM-SJS1.ok
+++ b/tests/pySim-prog_test/sysmoUSIM-SJS1.ok
@@ -1,4 +1,4 @@
-Using PC/SC reader interface
+INFO: Using PC/SC reader interface
 Reading ...
 Autodetected card type: sysmoUSIM-SJS1
 ICCID: 8988211320300000028
--- a/tests/pySim-prog_test/sysmosim-gr1.ok
+++ b/tests/pySim-prog_test/sysmosim-gr1.ok
@@ -1,4 +1,4 @@
-Using PC/SC reader interface
+INFO: Using PC/SC reader interface
 Reading ...
 Autodetected card type: sysmosim-gr1
 ICCID: 2222334455667788990
Author	SHA1	Message	Date
Philipp Maier	e5f56dd35f	pySim/transport: fix GET RESPONSE behaviour The current behavior we implement in the method __send_apdu_T0 is incomplete. Some details discussed in ETSI TS 102 221, section 7.3.1.1.4, clause 4 seem to be not fully implemented. We may also end up sending a GET RESPONSE in other APDU cases than case 4 (the only case that uses the GET RESPONSE command). Related: OS#6970 Change-Id: I26f0566af0cdd61dcc97f5f502479dc76adc37cc	2026-03-10 16:58:27 +01:00
Philipp Maier	c3edcf7294	pySim-prog/pySim-read: add pySimLogger and verbose cmdline argument pySim-prog and pySim-read do not integrate the pySimLogger yet. As we may add more debug output that should not be visible on normal use, we should ensure that the pySimLogger is correctly set up. Change-Id: Ia2fa535fd9ce4ffa301c3f5d6f98c1f7a4716c74	2026-03-10 16:58:27 +01:00
Philipp Maier	858c9eb421	pySim-shell/cosmetic: remove semicolon Change-Id: I629bacd432491211b939fcd2bed554b44ef441bc	2026-03-10 16:58:27 +01:00
Philipp Maier	a48b9e565a	PySimLogger: add parameter to set initial log-level/verbosity When we initialize a new PySimLogger, we always call the setup method first and then use the set_verbose and set_level method to configure the initial log level and the initial log verbosity. However, we initialize the PySimLogger in all our programs the same way and we end up with the same boilerplate code every time. Let's add a keyword parameter to the setup method where we can pass our opts.verbose (bool) parameter so that the setup method can do the work for the main program. In case the caller wants a different default configuration he still can call set_verbose and set_level methods as needed. Change-Id: I4b8ef1e203186878910c9614a1d900d5759236a8	2026-03-10 16:58:27 +01:00
Philipp Maier	914abe3309	docs/smpp-ota-tool: Add documentation/tutorial We already have documentation that explains how to run pySim-smpp2sim. With smpp-ota-tool we now have a counterpart for pySim-smpp2sim, so let's add documentation for this tool as well. Related: SYS#7881 Change-Id: If0d18a263f5a6dc035b90f5c5c6a942d46bbba49	2026-03-10 09:23:03 +00:00
Philipp Maier	84754b6ebb	contrib/smpp-ota-tool: define commandline arguments in global scope The commandline arguments are currently defined under __main__ in a private scope. From there they are not reachable to the sphinx argparse module. We have to define the arguments globally at the top. (like in the other applications) Related: SYS#7881 Change-Id: I2d9782e3f5b1cac78c22d206fdcac4118c7d5e7c	2026-03-10 09:23:03 +00:00
Philipp Maier	c47005d408	contrib/smpp-ota-tool: use '-' instead of '_' in command line args Some commandline arguments have an underscore in their name. Let's replace those with dashes. Change-Id: Icbe9d753d59263997e9ca34d46ed0daca36ca16c Related: SYS#6868	2026-03-10 09:23:03 +00:00
Philipp Maier	2dfaac6e4f	contrib/smpp-ota-tool: fix description string (copy+paste error) Change-Id: I559844bfa1ac372370ef9d148f2f8a6bf4ab4ef5 Related: SYS#6868	2026-03-10 09:23:03 +00:00
Philipp Maier	a615ba5138	tests/pySim-smpp2sim_test: add testcases for AES128 and AES256 Extend the existing test script so that it can handle multiple testcases. Also add support for switching eUICC profiles. Finally, add a testcases to test OTA-SMS (RFM) with AES128 and AES256 encryption. Change-Id: I1f10504f3a29a8c74a17991632d932819fecfa5a Related: OS#6868	2026-03-10 09:23:03 +00:00
Philipp Maier	8ee10ab1a5	tests/pySim-smpp2sim_test/card_sanitizer: update card backup with new test keyset In our test setup we run the card_sanitizer.py script regualary to ensure that we have consistent start conditions when running our tests. In case a testcase crashes for some reason and leaves messed up files on a test card. The card_sanitizer.py script will ensure that any problem like that is cleaned up over night. For the testcases we are about to add in the patch following this one, we need to provision a new test keyset to one of our test cards. This has been already done manually. However since the card_sanitizer still has the old keys in its backup we will have to update that as well. Change-Id: I5aa8a413b19b3e43a79d03e904daab50b4b1e767 Related: OS#6868	2026-03-10 09:23:03 +00:00
Philipp Maier	f10af30aed	global_platform/scp: fix dek_encrypt/dek_decrypt for SCP02 The methods dek_encrypt/dek_decrypt use the wrong algorithm and the wrong key material. The algorithm should be 3DES rather then single DES and the key must be the DEK session key instead of the static DEK key from which the DEK session key is derived. Related: SYS#7902 Change-Id: I3d0cc7378680b346fa39152c8b7074446d2c869d	2026-03-06 15:51:19 +01:00