Using hexadecimal ADM1_PIN when flashing a SIM card

so the first step of validating the verify_adm command argument is the pySim.utils.is_hexstr_or_decimal method. That method seems to correctly detect a hex-string as you don’t get an error message about its exceptions.

The problem is

        if opts.ADM1:
            # use specified ADM-PIN
            pin_adm = sanitize_pin_adm(opts.ADM1)
        else:
            iccid = self._cmd.rs.identity['ICCID']
            # try to find an ADM-PIN if none is specified
            result = card_key_provider_get_field('ADM1', key='ICCID', value=iccid)
            pin_adm = sanitize_pin_adm(result)

where we always pass the opts.ADM1 (the use rinput) as the first argument to sanitize_pin_adm:

def sanitize_pin_adm(pin_adm, pin_adm_hex=None) -> Hexstr:
    """
    The ADM pin can be supplied either in its hexadecimal form or as
    ascii string. This function checks the supplied opts parameter and
    returns the pin_adm as hex encoded string, regardless in which form
    it was originally supplied by the user
    """

    if pin_adm is not None:
        if len(pin_adm) <= 8:
            pin_adm = ''.join(['%02x' % (ord(x)) for x in pin_adm])
            pin_adm = rpad(pin_adm, 16)

        else:
            raise ValueError("PIN-ADM needs to be <=8 digits (ascii)")

    if pin_adm_hex is not None:
        if len(pin_adm_hex) == 16:
            pin_adm = pin_adm_hex
            # Ensure that it's hex-encoded
            try:
                try_encode = h2b(pin_adm)
            except ValueError as exc:
                raise ValueError("PIN-ADM needs to be hex encoded using this option") from exc
        else:
            raise ValueError("PIN-ADM needs to be exactly 16 digits (hex encoded)")

    return pin_adm

So as can be seen above, we actually would have to pass a hex-encoded ADM1 PIN as second argument. The point is, the caller site doesn’t really know. And it’s a bi hard to reliably guess, after all something like 12345678 could either be

  • an 8-digit decimal code which we need to translate to 3132333435363738 hex before sending it to the card, or
  • an 8-digit hexadecimal (4-byte) code that transpareltly needs to be passed to the card

So the real solutoin is likely to add support for something like a 0x prefix. So if the user specifies 12345678 it’s decimal, and if the user specifies 0x12345678 it’s hexadecimal.

Would you be interested in working on a related patch?