From c49f870a0c1fa03b566828b7d373dc8914160f7d Mon Sep 17 00:00:00 2001
From: nestire <hannes@nitrokey.com>
Date: Mon, 7 Apr 2025 14:48:13 +0200
Subject: [PATCH] fixes #62 imei leak via esim LPA

---
 files/usr/bin/blue-merle               | 3 +++
 files/usr/bin/blue-merle-switch-stage2 | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/files/usr/bin/blue-merle b/files/usr/bin/blue-merle
index 2615e6a..a3acacc 100644
--- a/files/usr/bin/blue-merle
+++ b/files/usr/bin/blue-merle
@@ -107,6 +107,9 @@ if [[ "$old_imei" == "$new_imei" ]]; then
 else
 	mkdir -p /tmp/modem.1-1.2
 	echo "$new_imei" > /tmp/modem.1-1.2/modem-imei
+	# prevent imei leak via the LPA
+        echo "$new_imei" > /root/esim/imei
+        shred -u /root/esim/log.txt # unclear if the imei/imsi will be loged here, just a precaution
 fi
 
 echo "You should now reset the modem or shutdown the device."
diff --git a/files/usr/bin/blue-merle-switch-stage2 b/files/usr/bin/blue-merle-switch-stage2
index 54a88a4..21620cb 100644
--- a/files/usr/bin/blue-merle-switch-stage2
+++ b/files/usr/bin/blue-merle-switch-stage2
@@ -54,6 +54,9 @@ else
 	sleep 5
 	mkdir -p /tmp/modem.1-1.2
 	echo "$new_imei" > /tmp/modem.1-1.2/modem-imei
+	# prevent imei leak via the LPA
+	echo "$new_imei" > /root/esim/imei
+	shred -u /root/esim/log.txt # unclear if the imei/imsi will be loged here, just a precaution
 fi
 
 logger -p notice -t blue-merle-toggle "Changed IMEI from ${old_imei} to ${new_imei}"