From f6a806494c45378094c063812969bae033e2c23d Mon Sep 17 00:00:00 2001 From: Vadim Yanitskiy Date: Mon, 22 Feb 2021 22:24:22 +0100 Subject: [PATCH] shadysim.py: fix: do not apply redundant 8 * '00' padding When the application message payload is encrypted with any variant of DES, the length of the ciphertext has to be a multiple of 8 bytes - hence if the plaintext length is not a multiple of 8 bytes, the plaintext needs to be padded. If the ciphertext is already aligned, the current logic would append 8 redundant padding octets. The resulting encrypted message should be considered malformed per standard specs, but sysmoUSIM-SJS1 cards are liberal in what they accept in this instance thus the bug went unnoticed. The newer sysmoISIM-SJA2 cards do not accept such malformed messages with invalid padding. This bug was discovered and reported by the Mother Mychaela, see: https://lists.osmocom.org/pipermail/openbsc/2021-February/013414.html --- shadysim/shadysim.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/shadysim/shadysim.py b/shadysim/shadysim.py index 6fc9382..3dd8eaa 100755 --- a/shadysim/shadysim.py +++ b/shadysim/shadysim.py @@ -114,8 +114,10 @@ class AppLoaderCommands(object): # Padding if Ciphering is used if ((spi_1 & 0x04) != 0): # check ciphering bit len_cipher = 6 + len_sig + (len(data) / 2) - pad_cnt = 8 - (len_cipher % 8) # 8 Byte blocksize for DES-CBC (TODO: different padding) - data += '00' * pad_cnt + # 8 Byte blocksize for DES-CBC (TODO: different padding) + if len_cipher % 8 > 0: + pad_cnt = 8 - (len_cipher % 8) + data += '00' * pad_cnt # CHL + SPI first octet part_head = ('%02x' % (0x0D + len_sig)) + ('%02x' % (spi_1))