Comments (6)
gp --key-enc 7655100AFC4AB7CE438DBE15471E3A6A --key-mac 5FFF6485DD05DC87BC2C727BE323A0BA --key-dek 1A06C7874AFB614DD29A989BE01B7669 --install applet.cap
I have this at the end:
Error: STRICT WARNING: Card cryptogram invalid!
Card: AF127048A5AB94EA
Host: A1059F4186659AB6
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
For this, I see you that you have successfully unlocked the card (see logs below). Once you unlock the card the old keys are not valid anymore. The new keys would be (as mentioned in the log) 404142434445464748494A4B4C4D4E4F. And, when you try to execute the following command gp --key-enc 7655100AFC4AB7CE438DBE15471E3A6A --key-mac 5FFF6485DD05DC87BC2C727BE323A0BA --key-dek 1A06C7874AFB614DD29A989BE01B7669 --install applet.cap
you got that error because the keys were wrong.
NOTE: Once you unlock the card, there is not need to provide --key-enc, --key-dek or --key-mac anymore as it will use the default key (404142434445464748494A4B4C4D4E4F)
jsm@jsm-Latitude-E6530:~/SIM/CoIMS_Wiki$ gp --key-enc 7655100AFC4AB7CE438DBE15471E3A6A --key-mac 5FFF6485DD05DC87BC2C727BE323A0BA --key-dek 1A06C7874AFB614DD29A989BE01B7669 --unlock
[main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[main] INFO pro.javacard.gp.GPSession - Using card master keys: ENC=7655100AFC4AB7CE438DBE15471E3A6A (KCV: D1A494) MAC=5FFF6485DD05DC87BC2C727BE323A0BA (KCV: 01CE33) DEK=1A06C7874AFB614DD29A989BE01B7669 (KCV: 98F550) for null
[main] INFO pro.javacard.gp.GPSession - Diversified card keys: ENC=7655100AFC4AB7CE438DBE15471E3A6A (KCV: D1A494) MAC=5FFF6485DD05DC87BC2C727BE323A0BA (KCV: 01CE33) DEK=1A06C7874AFB614DD29A989BE01B7669 (KCV: 98F550) for SCP02
[main] INFO pro.javacard.gp.GPSession - Session keys: ENC=B2AA8E526E512135054165A1A202F163 MAC=D1D31078C771787284DD213AF86C8C98 RMAC=DEEF29690B938AD42315294EBE7E9069, card keys=ENC=7655100AFC4AB7CE438DBE15471E3A6A (KCV: D1A494) MAC=5FFF6485DD05DC87BC2C727BE323A0BA (KCV: 01CE33) DEK=1A06C7874AFB614DD29A989BE01B7669 (KCV: 98F550) for SCP02
Default 404142434445464748494A4B4C4D4E4F set as master key for A000000003000000
Now to the Oneplus not sending SIP REGISTER part, I see the following in the pcap, i.e. UE IP type is set to IPv4v6 in the open5gs WebUI. I would suggest to change it to IPv4 only. And, then restart the phone and attempt IMS register again.
Can you tell me if the CoIMS config is OK ?
Yes, you did not have to install the applet as the Sysmocom ISIM (black card) already come pre-installed with that applet. All you need is to push the certificates.
Do I have to disable ims script on the card too ?
Technically its not needed. You are free to do it if you like. I dont think it should affect whether a phone registers or not
Is it ok to use the test PLMN 00101 ?
Definitely yes, I use it all the time
from docker_open5gs.
Hi @herlesupreeth,
Thank you for your fast answer!
Now I have 3 more UE connecting to IMS servers and I performed my first calls and video calls!
I tried your advice to only push the certificate to sysmoISIM-SJA2 and it works.
So do you know why they didn't push it by default to make the applet working ? (Note I discovered ARA-M with this project la week...)
Thanks again,
Julien
from docker_open5gs.
So do you know why they didn't push it by default to make the applet working ?
The certificate you push to ARA-M applet is a certificate I used to sign the CoIMS app you download from App Store. Since that certificate is tied to that app, it does make much sense for Sysmocom to push the certificate by default. This way whomsoever buys the SIM card can push they own certificates with which they sign their Android app which requires Carrier Privileges
from docker_open5gs.
Ok, I think i understand. Please tell me if I am wrong.
sysmoISIM-SJA2 already have the ARA-M needed to do IMS on PLMN 00101
CoIMS app is useful to check if IMS is active on a sim card. But to use it we need to load a certificate on the sim, this way the ARA-M will allow CoIMS app to read params in the secured sim files.
I just tested with a SIM card sysmoISIM-SJA2 where I only change the PLMN to 00101 and it connects and it works!
The problem I had when I wrote the issue was in fact not from the SIM configuration but from apn conf.
For others, I put here again the image I found in another post with the correct apn configuration:
from docker_open5gs.
ARA-M applet is like a storage where one can write SHA1 or other certificates and it has no relation to IMS.
Google as part of AOSP has outlined something called Carrier Privileges, which is a special privilege given to an Android app to override certain settings. And, in order to provide an Android app Carrier Privilege, Android device first reads the certificates stored in ARA-M. Then, if the any of the certificate in ARA-M matches with the certificate with which Android app is signed then the app get Carrier Privilege. Using Carrier Privilege one can override IMS settings etc.
CoIMS app is the Android app I talked above.
from docker_open5gs.
Ok it's clear, thank you very much for your help!
I close the issue.
Have a nice day
from docker_open5gs.
Related Issues (20)
- VoNR Rx interface HOT 1
- MME not responding to Create Bearer Request after device wake up HOT 3
- PCSCF blocking with latest configs HOT 4
- Add multiple user on open5gs without using WebUI HOT 2
- Does the SMSC module support sending emojis? HOT 5
- VoLTE_UEs HOT 3
- using latest rtpengine for hss-cx branch HOT 1
- VONR : SIP REGISTERING : 403 Forbidden - HSS User Unknown HOT 19
- VOLTE, INVITE create 408 Request Timeout HOT 14
- VOLTE: Unable to establish calls between two UEs using new PCSCF HOT 4
- Config for 30Mhz bw on 5G in gnb.yml HOT 5
- ./kamailio: Operation not permitted HOT 3
- The new version does not support calls from Xiaomi and Huawei devices, while the old kamailio version 5.3 supports them ! HOT 1
- ims/volte stops working after expiry of timers (4g setup) HOT 12
- Call dropped by rtp timeout and no response for sip bye HOT 15
- NAS is forcibly encrypted though NEA = NULL HOT 1
- IMS register fail for pcrf error log "AAASendMessage(): Can't find a suitable connected peer in the routing table" HOT 5
- ogs_gtp_xact_update_tx() failed HOT 6
- No IMS registration HOT 30
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker_open5gs.