EasyLPAC icon indicating copy to clipboard operation
EasyLPAC copied to clipboard
Published 3 months ago verified publisher icon creamlike1024

[BUG] 5ber compatibility issue

Open joeyoropesa-dev opened this issue 1 year ago • 1 comments

These are errors that are coming from lpac after trying to connect to 5ber card.

SCardTransmit() failed: 8010002F
SCardTransmit() failed: 0000045D

And after getting this error, I'm getting this error

SCardTransmit() failed: 0000045D
SCardTransmit() failed: 0000045D

joeyoropesa-dev avatar Oct 02 '24 15:10 joeyoropesa-dev

Please report it to https://github.com/estkme-group/lpac

creamlike1024 avatar Oct 04 '24 05:10 creamlike1024

Please check if 0.7.7.1(https://github.com/creamlike1024/EasyLPAC/releases/tag/0.7.7.1) can be used with 5ber. Go to Settings -> lpac ISD-R AID and click 5ber to set 5ber's custom AID Screenshot 2025-01-05 at 8 55 41 PM

creamlike1024 avatar Jan 05 '25 12:01 creamlike1024

Works fine for me with 5ber standard SIM and custom AID

borghorst avatar Jan 05 '25 14:01 borghorst

Please check if 0.7.7.1(https://github.com/creamlike1024/EasyLPAC/releases/tag/0.7.7.1) can be used with 5ber. Go to Settings -> lpac ISD-R AID and click 5ber to set 5ber's custom AID Screenshot 2025-01-05 at 8 55 41 PM

Is that custom AID for 5ber Ultra and new generation of Standard editions by 5ber.eSIM

Or somehow there is an tool we can use to extract AID from the card.

joeyoropesa-dev avatar Jan 05 '25 18:01 joeyoropesa-dev

@joeyoropesa-dev I implemented this for 5ber Standard, but it should work for 5ber Ultra too. I'm not sure though, as I don't own the Ultra. So it would be awesome, if you (or somebody else) could test it with the Ultra.

We could certainly write a function / tool / script for testing AIDs, but I think it's not worth the effort right now. Only 5ber is incompatible yet, as far as I know.. and that's "fixed" now.

@creamlike1024 Would you be okay with an automated approach, like iterating over known AIDs? So you don't need to click the 5ber button? Or maybe identify 5ber cards automatically (via. ATR or similar)?

Root-Core avatar Jan 05 '25 21:01 Root-Core

@joeyoropesa-dev I implemented this for 5ber Standard, but it should work for 5ber Ultra too. I'm not sure though, as I don't own the Ultra. So it would be awesome, if you (or somebody else) could test it with the Ultra.

We could certainly write a function / tool / script for testing AIDs, but I think it's not worth the effort right now. Only 5ber is incompatible yet, as far as I know.. and that's "fixed" now.

@creamlike1024 Would you be okay with an automated approach, like iterating over known AIDs? So you don't need to click the 5ber button? Or maybe identify 5ber cards automatically (via. ATR or similar)?

I don't know a reliable method to determine if a card is a 5ber, as EasyLPAC is only a GUI frontend for lpac, and all interactions with euicc are completed by lpac. The error message caused by lpac using "incorrect" AID for 5ber is ambiguous, and lpac is unwilling to support cards like 5ber that do not comply with specifications, so support for 5ber can only be in this awkward situation.

creamlike1024 avatar Jan 05 '25 23:01 creamlike1024

Yeah.. I had a version of lpac that tried first the default AID and then the 5ber AID. So it was actually automatic.. but it would not be accepted, so I changed it to the current implementation. The logic was quiet simple and could be used here too. Try reading with the default, then with the 5ber AID. If both fail, throw the error.

It's not the cleanest solution and the current solution isn't that bad. So it might be okay in it's current form.

Root-Core avatar Jan 06 '25 03:01 Root-Core

@joeyoropesa-dev I implemented this for 5ber Standard, but it should work for 5ber Ultra too. I'm not sure though, as I don't own the Ultra. So it would be awesome, if you (or somebody else) could test it with the Ultra.

We could certainly write a function / tool / script for testing AIDs, but I think it's not worth the effort right now. Only 5ber is incompatible yet, as far as I know.. and that's "fixed" now.

@creamlike1024 Would you be okay with an automated approach, like iterating over known AIDs? So you don't need to click the 5ber button? Or maybe identify 5ber cards automatically (via. ATR or similar)?

Tested and I can confirm that this AID is fully compatible with 5ber.eSIM Ultra other editions too. 5ber compatibility has been fixed. Thank you all for your efforts making this possible!

Btw how did you manage to find out what AID was behind eUICC chip for 5ber eSIM cards. If this method gets shared with us, that would make things much more easier in the future to find out what AID eSIM adapters have to be used in these purposes.

Also, could we extract now eSIM profiles from the adapter? Thank you in advance!

joeyoropesa-dev avatar Jan 06 '25 13:01 joeyoropesa-dev

TBH, it was just from a commit at the NekokoLPA.

But it's quiet easy.. just use a script to iterate over the AIDs. Assuming that the A0 00 00 05 59 is fixed, as defined in ISO/IEC 7816-5:2004, and most probably the 10 10 FF FF FF FF 89 part, we only have 2 bytes left to check: 00 00 01 00. There are also some other reserved AIDs that could be skipped. So after a maximum of around 65k iterations, you should know the AID.

Or just decompile the official app.

They certainly could implement better security mechanisms, but I think they wont. It seems 5ber doesn't develop the Firmware themself and changing the AID could be done simply via. a hex editor. And then again.. after decompiling / sniffing the official app, these mechanisms could easily be implemented in lpac.

Root-Core avatar Jan 06 '25 14:01 Root-Core