From 03c262a8c35b7d54b5803b6329451dd7d0e2b7aa Mon Sep 17 00:00:00 2001 From: Tobias Mueller Date: Wed, 18 Oct 2023 11:02:28 +0200 Subject: [PATCH] blue-merle: generate a temporary IMEI before the the SIM switch After shutting down the modem and before replacing the SIM, we generate a temporary random IMEI to prevent accidental disclosure of the new IMSI under the old IMEI. It should not happen but we do not control the modem as much as we'd like, e.g. fully power it down. So it may not be necessary but we consider it defense in depth. --- files/usr/bin/blue-merle | 8 ++++++++ files/usr/bin/blue-merle-switch-stage1 | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/files/usr/bin/blue-merle b/files/usr/bin/blue-merle index 72b45de..2563180 100644 --- a/files/usr/bin/blue-merle +++ b/files/usr/bin/blue-merle @@ -44,6 +44,14 @@ while [[ "$answer" -eq 1 ]]; do fi done +## We have just disabled the modem so it should not log on to any network. +## We set a random IMEI now only to have it overwritten very soon after +## the SIM card has been replaced. We intend to prevent an accidential +## leak of the new SIM's IMSI with the old IMEI just in case the modem +## accidentally tried to log in to the network. +python3 /lib/blue-merle/imei_generate.py -r + + echo -n "Please now replace the SIM card and press any key to continue. " read answer diff --git a/files/usr/bin/blue-merle-switch-stage1 b/files/usr/bin/blue-merle-switch-stage1 index 7d1e7c9..901fca1 100644 --- a/files/usr/bin/blue-merle-switch-stage1 +++ b/files/usr/bin/blue-merle-switch-stage1 @@ -61,6 +61,12 @@ while [[ "$answer" -eq 1 ]]; do fi done +## We generate a random IMEI to prevent a leak of the +## new SIM's IMSI under the old IMEI in case the modem +## still talks to the network +python3 /lib/blue-merle/imei_generate.py -r + + mcu_send_message "Replace the SIM card. Then pull the switch." echo done > /tmp/blue-merle-stage1