Project

General

Profile

Actions

Bug #6178

closed

create_ef failed, Expected 9000 and got 6982: Command not allowed - Security status not satisfied

Added by wei 6 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
09/14/2023
Due date:
% Done:

0%

Spec Reference:

Description

Hi, I'm using sysmoISIM-SJA2.
I try to create a EF item using create_ef in pySim-shell.py, here is my command under `MF/ADF.USIM`:

create_ef --ef-arr-file-id 6f06 --ef-arr-record-nr 2 --file-size 60 --structure transparent 6f77
I'm sure 6f77 is not used.
However, I got error EXCEPTION of type 'SwMatchError' occurred with message: SW match failed! Expected 9000 and got 6982: Command not allowed - Security status not satisfied.
Can you help me with some guidance?
I tried verify_adm xxxx command, it return noting and create_ef still failed.
I also tried -A PIN_ADM1_HEX, PIN_ADM1_HEX=PIN1+PIN2+ADM1, but it raise 'UiccCardBase' object has no attribute 'verify_adm'.


Related issues

Related to pySim - Feature #6211: decode security attributes _compact_ in human-readable way, like we decode EF.ARRIn Progressdexter10/06/2023

Actions
Actions #1

Updated by laforge 6 months ago

  • Assignee set to dexter

I guess this is more a question for the sysmocom customer support () than a question / problem of the pySim software.

Can you tell us if you have a SJA2v1 (90170...) or SJA2v2 (99970...)? AFAIR file creation was only supported in the latter version.

Actions #2

Updated by laforge 6 months ago

  • Description updated (diff)
Actions #3

Updated by laforge 6 months ago

Also, you can alwys decode the access control conditions of ADF.USIM if you look at the file control template and/or the related EF.ARR record when SELECTing ADF.USIM. It should tell you under which conditions the creation of new files is permitted for the given currently selected DF.

Actions #4

Updated by wei 6 months ago

laforge wrote in #note-1:

I guess this is more a question for the sysmocom customer support () than a question / problem of the pySim software.

Can you tell us if you have a SJA2v1 (90170...) or SJA2v2 (99970...)? AFAIR file creation was only supported in the latter version.

Thanks for your quick reply, I'm using SJA2v2 (99970...).

Here is the discription of ADF.USIM

pySIM-shell (MF)> select ADF.USIM
{
    "file_descriptor": {
        "file_descriptor_byte": {
            "shareable": true,
            "file_type": "df",
            "structure": "no_info_given" 
        },
        "record_len": null,
        "num_of_rec": null
    },
    "df_name": "a0000000871002ffffffff8907090000",
    "proprietary_information": {
        "uicc_characteristics": "71",
        "available_memory": 96484
    },
    "life_cycle_status_integer": "operational_activated",
    "security_attrib_compact": "00",
    "pin_status_template_do": {
        "ps_do": "70",
        "key_reference": 11
    }
}

Are you referring "security_attrib_compact": "00"? Does this attr mean I have no privilege to create a EF under ADF.USIM?
It would be great if you could share with me which DF are customized EFs placed generally!

Actions #5

Updated by TanguyP 5 months ago

Hey there,

I was facing the same issue as you, but while trying to deactivate option 124 of my SIMs. I knew it worked before and the ADM code was correct, and I found your bug with the same error as me.

I checked for an update to the pysim AUR package (on Manjaro), and lo and behold, there was an update that fixed this error for me. I hope updating your pysim version fixes the error for you as well.

BR

Actions #6

Updated by laforge 5 months ago

  • Status changed from New to Feedback
  • Assignee changed from dexter to wei

Hi @wei, did an update of pySim help you, as suggested by @TanguyP ? In case of doubt we always suggest to test the latest master branch from git.

In terms of "security_attrib_compact": "00" I would suggest you check the relevant spec on the decode of the security attributes.

On a sysmoISIM-SJA5 it reads as follows: "security_attrib_compact": "261a0000". On a SJA2v1 (90170) it indeed reads as "security_attrib_compact": "00". I don't have a SJA2v2 with me here right now.

It would be great to add human-readable decode for those security attributes to pySim-shell... I think we already do that for referenced (via EF.ARR), but not for compact.

Actions #7

Updated by laforge 5 months ago

  • Related to Feature #6211: decode security attributes _compact_ in human-readable way, like we decode EF.ARR added
Actions #8

Updated by laforge 3 months ago

  • Status changed from Feedback to Resolved

closing due to lack of feedback for 2 months. Feel free to reopen

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)