Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CoIMS app not functional in Samsung mobile. #13

Open
ncreddy2001 opened this issue May 18, 2023 · 33 comments
Open

CoIMS app not functional in Samsung mobile. #13

ncreddy2001 opened this issue May 18, 2023 · 33 comments

Comments

@ncreddy2001
Copy link

Hi @herlesupreeth
Im trying to replicate the tutorial in open5gs (EPC + IMS) VoLTE Setup with Kamailio IMS and Open5GS i had issue regarding enabling VoLTE on an samsung mobile using CoIMS application,

Setup information:

  • Ubantu 18.04 (vm)
  • Open5gs + kamailio + SRSeNB
  • band 7
  • Samsung A52 5G
  • sysmoISIM-SJA2

Initially i had issues connecting UE's to EPC with APN 'IMS' then followed this tutorial to enable CoIMS on the sim using pySIM_tools while making changes on the mobile phone using CoIMS i had issues opening Samsung IMS settings option in the menu can you please suggest any other alternative to enable VoLTE.

WhatsApp.Video.2023-05-18.at.3.19.52.PM.mp4
@herlesupreeth
Copy link
Owner

I would suggest you re-program your SIM and use PLMN 001 01 as that has highest chances of working via this method.

But in general its hard to get this method to work in Samsung as they have locked access to the 'IMS Settings" secret menu from Android 10 and above. So can't use this method if your device is running Android 10 or above.

@ncreddy2001
Copy link
Author

Thankyou @herlesupreeth i will try to change MNC MCC and try again.

@dushy-3474
Copy link

@ncreddy2001 , did your issue get fixed? I am having the same problem even though I have used PLMN 001 01.

@dushy-3474
Copy link

dushy-3474 commented Feb 2, 2024

@herlesupreeth
We are trying to register IMS on open5gs/kamailio. The simcards that we are using now are sysmoISIM-SJA2 cards.
They have ISIM applet.

  • We were able to register the phone to 4g but IMS registration is not happening.
  • When I checked the pcap log on epc, PDN connectivity Req for the second default bearer for "ims" was not getting triggered by the UE.
  • We tried the CoIMS method to add carrier privileges to the simcard and ran into the same issue desicribed in the discussion above, which is Samsung M135G and android version is 13.
  • When checked the ADB logs, could see that UE was trying to access ISIM applet.
  • One more point is that we have an older sysmocom simcard sysmoUSIM-SJS1 where the IMS registration is successful, These simcard dont have ISIM applet.
  • So we followed the instructions to lock the ISIM applet given in sysmocom usermanual which is deactivating the IMS related services in ADF.USIM and locking the ADF.ISIM.
  • After this too, the IMS registration was not happening and from ADB log , we could see that it was still trying to access this applet.

The question is, is there a way to delete the ISIM applet?

I can provide you with abd logs if you want. And in pcap logs, Its just that PDN conn req is not getting triggered with ims apn and hence no SIP traces regarding ims.

Any pointers to this issue will be very helpful.

@herlesupreeth
Copy link
Owner

The question is, is there a way to delete the ISIM applet?

I dont think you can delete ISIM application from the SIM card. But if you use this script https://github.com/osmocom/pysim/blob/master/scripts/deactivate-ims.script (make sure to change the ADM key as per your SIM card) it should disable ISIM application completely. And, if Samsung device tries to access ISIM even after that then its not following 3GPP specification.

@laf0rge
Copy link

laf0rge commented Feb 2, 2024

I would recommend to go one step furthe to actually LOCK the ISIM application at the GlobalPlatform level. This way even the SELECT of the ADF.ISIM will fail.

Both the method described by @herlesupreeth and the lock of the ISIM application are documented in the official user manual; See the section titled "Locking the ISIM applicaiton" in the sysmoISIM user manual.

@dushy-3474
Copy link

dushy-3474 commented Feb 2, 2024

I would recommend to go one step furthe to actually LOCK the ISIM application at the GlobalPlatform level. This way even the SELECT of the ADF.ISIM will fail.

Both the method described by @herlesupreeth and the lock of the ISIM application are documented in the official user manual; See the section titled "Locking the ISIM applicaiton" in the sysmoISIM user manual.


Thanks both of you for the reply.
@laf0rge,
How to change the ADM key?

And yes I have gone through the CoIMS blog by @herlesupreeth and redmine wiki of sysmocom.
and we tried the second method already.

We used the commands:
./pySim-shell.py -p0 --script ./scripts/deactivate-ims.script
java -jar ./gp.jar --key-enc KIC1 --key-mac KID1 --key-dek KIK1 --lock-applet A0000000871002FFFFFFFF8907090000

After doing this we were not able to select ADF.ISIM but were able to see it in 00:MF>
and
Phone is still trying to load ADF.ISIM and getting error there. And it does not trigger pdn connectivity.
From gp.jar we can see that isim applet is locked.
From pysimshell, we can see that ADF.isim is there but we can not select it.

I am attaching a zip file in which log12.txt is the adb logcat for working and non working scenarios.
Working sim does not have ISIM and non working sim has ISIM, if that helps.
Uploading logcat.zip…

Is there any additional setting needed?
Does "GlobalPlatform level" means anything else?

@dushy-3474
Copy link

logcat.zip

@laf0rge
Copy link

laf0rge commented Feb 3, 2024 via email

@dushy-3474
Copy link

exports.zip
Hi

The exports are attached in files labeled "sja2_export" and "sjs1 _export" respectively

Thank you.

@laf0rge
Copy link

laf0rge commented Feb 4, 2024 via email

@dushy-3474
Copy link

On Sat, Feb 03, 2024 at 09:31:25AM -0800, dushy-3474 wrote: The exports are attached in files labeled "sja2_export" and "sjs1 _export" respectively
The export clearly shows that ADF.ISIM of your sysmoISIM-SJA2 is still operational and not LOCKED. This is contrary to your earlier statement that you did lock the application. Please make sure you have disabled (LOCKED) the ISIM application.

-- - Harald Welte @.***> https://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

Hello Harald,

Please ignore previously attached file. Attaching new set of files to compare.

Regards,
Dushyanth
new_exports.zip

@dushy-3474
Copy link

dushy-3474 commented Feb 5, 2024

Hello Harald,

We have been debugging the UE behaviour from the ADB logs.

I have attached the adb log file, when ISIM application is locked for SJA2 UICC cards.
We can see following (potential??) errors in the log file when ISIM is accessed.

02-02 12:18:03.732 1811 1811 D IsimUiccRecords: [ISIM-0] EF_ISIM_IMPU LOADED
02-02 12:18:03.732 1811 1811 E IsimUiccRecords: [ISIM-0] Record Load Exception: com.android.internal.telephony.CommandException: OPERATION_NOT_ALLOWED
02-02 12:18:03.732 1811 1811 D IsimUiccRecords: [ISIM-0] Broadcasting intent ACTION_ISIM_LOADED
...

02-02 12:18:04.116 2123 2334 E TelephonyManagerWrapper: use backup impu : xxxxx
02-02 12:18:04.116 2123 2334 E SimManager<0>: isIsimDataValid: IMPU_NOT_EXISTS
02-02 12:18:04.116 2123 2334 E SimManager<0>: isIsimDataValid: IMPI_NOT_EXIST
02-02 12:18:04.116 2123 2334 E SimManager<0>: isIsimDataValid: HOME_DOMAIN_NOT_EXIST
02-02 12:18:04.116 2123 2334 E SimManager<0>: onSimStateChange: invalid ISIM!
02-02 12:18:04.117 2123 2334 E #IMSCR : 02-02 12:18:04 0x10000005:0,INVLD ISIM,13
02-02 12:18:04.118 2123 2334 I SimManager_slot0: slot[0]: notifySimReady: state [INVALID_ISIM]
02-02 12:18:04.118 2123 2400 E TelephonyManagerWrapper: use backup impi : null
02-02 12:18:04.118 2123 2400 I SimManager<0>: getDerivedImpi:
02-02 12:18:04.119 2123 2334 E #IMSCR : 02-02 12:18:04 0x1000001F:0,NOTI SIM EVT
02-02 12:18:04.119 2123 2334 I SimManager<0>: send ACTION_IMS_ON_SIMLOADED
02-02 12:18:04.123 2123 2400 E TelephonyManagerWrapper: use backup impu : xxxxx

Also while doing a quick search in Android source code, in fileframeworks/opt/telephony/src/java/com/android/internal/telephony/uicc/IsimUiccRecords.java, we see a "todo" that mentions locked state of ISIM is not handled well. Do you have any idea on this, or if are we looking at the correct version of Android source code?

https://cs.android.com/android/platform/superproject/main/+/main:frameworks/opt/telephony/src/java/com/android/internal/telephony/uicc/IsimUiccRecords.java;drc=d393955ed678ce50ec7c0ae578f110d242a77f65;l=178?q=IsimUiccRecords

/***
****Please see the code_snippet.png that is attached below. Could not post the code
***/

If above observations are correct, may be the locking of ISIM will not work in current Android. One alternative is to configure correct EFs in the ADF.ISIM. IMPU, IMPI and domain name are possibly straight forward configurations. Do you know if the authentication key and SQN also needs to be configured or not? Is this the same key and SQN as what is present in ADF.USIM? If we configure these, do you know or tested if the VoLTE will work correctly or not? Do you have any example scripts to configure the ADF.ISIM?

Regards,
Dushyanth
code_snippet
04-sysmo-sja2-adblog.zip

@herlesupreeth
Copy link
Owner

One alternative is to configure correct EFs in the ADF.ISIM. IMPU, IMPI and domain name are possibly straight forward configurations.

I use the below pySim-prog.py command to configure all relevant EFs required for ISIM to be activated correctly

./pySim-prog.py -p 0 -x 001 -y 01 -s 8988211900000000025 -i 001010123456790 -k 8baf473f2f8fd09487cccbd7097c6862 --op 11111111111111111111111111111111 -o 8E27B6AF0E692E750F32667A3B14605D -a 11111111 --msisdn 9076543210 --epdgid epdg.epc.mnc001.mcc001.pub.3gppnetwork.org --pcscf pcscf.ims.mnc001.mcc001.3gppnetwork.org --ims-hdomain ims.mnc001.mcc001.3gppnetwork.org --impi [email protected] --impu sip:[email protected]

just ensure to change the ADM (-a) as per what you received from Sysmocom for your SIM card

@dushy-3474
Copy link

One alternative is to configure correct EFs in the ADF.ISIM. IMPU, IMPI and domain name are possibly straight forward configurations.

I use the below pySim-prog.py command to configure all relevant EFs required for ISIM to be activated correctly

./pySim-prog.py -p 0 -x 001 -y 01 -s 8988211900000000025 -i 001010123456790 -k 8baf473f2f8fd09487cccbd7097c6862 --op 11111111111111111111111111111111 -o 8E27B6AF0E692E750F32667A3B14605D -a 11111111 --msisdn 9076543210 --epdgid epdg.epc.mnc001.mcc001.pub.3gppnetwork.org --pcscf pcscf.ims.mnc001.mcc001.3gppnetwork.org --ims-hdomain ims.mnc001.mcc001.3gppnetwork.org --impi [email protected] --impu sip:[email protected]

just ensure to change the ADM (-a) as per what you received from Sysmocom for your SIM card

@herlesupreeth
We will try this.

But I was just curious that how other users of sysmocomISIM-SJA2 are testing IMS and volte if locking of ISIM applet does not work.
Are you aware of other ways to make volte work on ISIM-SJA2 sim cards apart from CoIMS method and the above mentioned one. This is bit of hassle for us since we have multiple sim cards and phones which are getting tested in the private LTE network.

Regards,
Dushyanth

@herlesupreeth
Copy link
Owner

But I was just curious that how other users of sysmocomISIM-SJA2 are testing IMS and volte if locking of ISIM applet does not work.

Just to clarify few things, its not an issue of the SIM card in any way. Its the phone vendors who are locking the VoLTE capability behind a pay wall and CoIMS is one of the method (outlined by Google in AOSP) to override that lock and enable VoLTE. So in a way Sysmocom SIM are really helpful in being able to achieve overriding of VoLTE settings via CoIMS (if you buy SIM cards from other vendors you wont be able to able to use CoIMS method)

And, usually locking of ISIM is not needed at all as EFs related to ISIM are programmed and actively used in VoLTE deployments.

This is bit of hassle for us since we have multiple sim cards and phones which are getting tested in the private LTE network.

I dont think there is any other way unless you are ready to approach individual phone vendors to enable VoLTE on the private LTE network you are operating. Or approach GSMA with the settings you want to enable and wait for phone vendor to take that settings from GSMA database and then rollout as a phone update.

@dushy-3474
Copy link

But I was just curious that how other users of sysmocomISIM-SJA2 are testing IMS and volte if locking of ISIM applet does not work.

Just to clarify few things, its not an issue of the SIM card in any way. Its the phone vendors who are locking the VoLTE capability behind a pay wall and CoIMS is one of the method (outlined by Google in AOSP) to override that lock and enable VoLTE. So in a way Sysmocom SIM are really helpful in being able to achieve overriding of VoLTE settings via CoIMS (if you buy SIM cards from other vendors you wont be able to able to use CoIMS method)

And, usually locking of ISIM is not needed at all as EFs related to ISIM are programmed and actively used in VoLTE deployments.

This is bit of hassle for us since we have multiple sim cards and phones which are getting tested in the private LTE network.

I dont think there is any other way unless you are ready to approach individual phone vendors to enable VoLTE on the private LTE network you are operating. Or approach GSMA with the settings you want to enable and wait for phone vendor to take that settings from GSMA database and then rollout as a phone update.

@herlesupreeth

I did not mean to say its a SIM card issue. Was just trying understand the trend.
And thanks a lot for the information.

We are able to do IMS registration and volte is successful.

Regards,
Dushyanth

@herlesupreeth
Copy link
Owner

I did not mean to say its a SIM card issue. Was just trying understand the trend.
And thanks a lot for the information.

I didnt mean offense either :)

We are able to do IMS registration and volte is successful.

Can you please explain what let to successful IMS registration so that others may benefit?? Was it the programming of SIM with the command I shared above?

@dushy-3474
Copy link

I did not mean to say its a SIM card issue. Was just trying understand the trend.
And thanks a lot for the information.

I didnt mean offense either :)

We are able to do IMS registration and volte is successful.

Can you please explain what let to successful IMS registration so that others may benefit?? Was it the programming of SIM with the command I shared above?

@herlesupreeth

Yes I used the command above with appropriate IMSI (we are maintaining mcc mnc as 001 01) to program the ISIM.

After this second PDN connect request was sent for ims APN and IMS registration was successful.

Regards,
Dushyanth

@dushy-3474
Copy link

dushy-3474 commented Apr 30, 2024

Hello @herlesupreeth ,

Is there a way to dynamically not give IMS registration to UEs connecting? For one of the use cases I am testing. I dont want UEs to get Volte. I know One way is to remove IMPU IMPI IMSU from the simcard. But to remove it as a blanket from the open5gs EPC, is there a way? I tried removing ims apn from smf.yaml and upf.yaml. This did not work.

Removing entry from Fhoss is working.
Is there any other way.

Regards,
Dushyanth

@herlesupreeth
Copy link
Owner

Hey @dushy-3474 , I am not sure whether I got your question right. But if you want your phone to stop attempting to connect to IMS you can try the following

  1. Uninstall CoIMS app if you have installed it on the phone
  2. Disable VoLTE/Enhanced 4G/LTE in the phone mobile networks settings

@dushy-3474
Copy link

Hello @herlesupreeth,

Sorry to bother to you again regarding this topic.

The above method of programming IMS ids in the sim cards are working fine on certain model. (Samsun m13 5g).
But on Samsung m13 4g , it is not working.

After the IMS bearer establishment at EPS level is successful, the UE is not sending any register message to p-cscf (No IMS messages on SIP).

And CoIMS app also is not working.

Do you have any idea what might be going wrong.

Regards,
Dushyanth

@herlesupreeth
Copy link
Owner

After the IMS bearer establishment at EPS level is successful, the UE is not sending any register message to p-cscf (No IMS messages on SIP).

Try restarting the phone and attach to the IMS again. Sometime phones give up on attempting to connect to IMS after repeated failed attempts

@dushy-3474
Copy link

@herlesupreeth

Thanks for the response.

Restarting and updating software did not help.

I am able to see the following in the adb log of the UE at regular intervals.
07-10 21:47:47.526 1566 1755 I RegiMgr<1>: [RJIL VoLTE|CONNECTED] tryRegister: pcscf is null. return..
07-10 21:47:47.526 1566 1755 I RegiMgr : slot[1]: [RJIL VoLTE|CONNECTED] regi failed due to empty p-cscf
07-10 21:47:47.527 1566 1755 I RegiMgr : tryRegister: pcscf is null. Notify registration state to CP.

And also one more point is that this happens only in one model of samsung m13 4g. And its working samsung m13 5g.

Is it because samsung m13 4g is not reading the ISIM application of the SIM card where we have programmed the ims uri.?

Regards,
Dushyanth

@herlesupreeth
Copy link
Owner

@dushy-3474 Please attach a pcap taken on the machine running your 4G Core when you attempt to attach the UE to IMS and post it here. Android logs are not very helpful

@dushy-3474
Copy link

@herlesupreeth
Which filter do you want?

@herlesupreeth
Copy link
Owner

herlesupreeth commented Jul 11, 2024

No filters

@dushy-3474
Copy link

dushy-3474 commented Jul 11, 2024

@herlesupreeth

I am attaching the pcap logs.

Filter is sctp or port sip or port 6060 or port 4060
Without filters it turns out to be huge in size.

But if you need I will try.

ims_not_working_1.zip
ims_working_1.zip
diff
In the diff picture left side not working. This PDN connectivity Request message.
I think this difference not related.

Regards,
Dushyanth

@herlesupreeth
Copy link
Owner

Looks like PCO options are missing. Can you also post here the logs of your 4G Core??

image

@dushy-3474
Copy link

dushy-3474 commented Jul 11, 2024

@herlesupreeth

pco

we were suspecting this.

How to collect this logs which appear on the tmux a, or where is this log stored.

@dushy-3474
Copy link

I think The not working UE is send EPCO in PDN connectivity request. and working phone is sending PCO.

@dushy-3474
Copy link

dushy-3474 commented Jul 12, 2024

@herlesupreeth

I got the commit id for EPCO, 01d3db4b6ec9f54f4808d19572f2b20ca8d2df00.

I tried the epco_len code in our version. It wasnt there. But still same issue. epco is not coming from open5gs.

I am attaching the logs.
open5gs_log.zip

Regards,
Dushyanth

@herlesupreeth
Copy link
Owner

Please try with latest version of open5gs and send me the logs. open5gs v2.4.9 is quite old at this point

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants