SIMtrace » History » Revision 3
« Previous |
Revision 3/62
(diff)
| Next »
laforge, 02/19/2016 10:48 PM
add notes on building the fimrware
PageOutline = Osmocom SIMtrace =
Osmocom SIMtrace is a software and hardware system for passively tracing SIM-ME communication between the SIM card and the mobile phone.
It works by utilizing the T=0 capable USART of the usb-attached AT91SAM7 microcontroller.
The USART passively receives the bytes as they are exchanged on the ISO 7816-3 / TS 11.11 interface between SIM and phone.
The received bytes are sent via USB to the PC, where a program called {{{simtrace}}} on the PC gathers data from the USB device,
parses the APDUs and forwards them via [wiki:GSMTAP] to the [wiki:wireshark] protocol analyzer.
There is no ready-built hardware for this yet. They only existing implementations used an Olimex SAM7-P64 development board
with some of the I/O lines hooked up to the mechanical SIM card adapters from [wiki:RebelSIM_Scanner]. We are thinking of
doing some custom hardware, but nothing is certain yet.
=== Interconnections ===
The hardware schematics are very, very simple:
- Connect SIM-RST with PA7
- Connect SIM-I/O with PA6 and PA1
- Connect SIM-CLK with PA2 and PA4
- Connect SIM-GND with GND
=== Mode of operation ===
The USART of the AT91SAM7S is capable of T=0. However, the documentation only mentions it in clock-master mode, like you
would run it in a smart card reader to actively talk to a smart card. However, by using the USART input clock multiplexer,
you can use an externally-generated CLK like the one from the SIM card socket of the phone.
The Firmware for the AT91SAM7S device was written by reusing a lot of the code for the [http://www.openpcd.org/ OpenPCD]
RFID reader.
There is a {{{simtrace}}} branch in the git://git.gnumonks.org/openpcd.git repository containing the latest firmware code.
Eventually, the OS part of OpenPCD/OpenPICC/SIMtrace will be separated. At that point, the firmware source can become
part of simtrace.git
=== Building the firmware ===
Precondition: You need to set your PATH in a way that contains an arm-elf toolchain, i.e. the same way that you build [OsmocomBB].
{{{
$ git clone git://git.gnumonks.org/openpcd.git
$ cd openpcd/firmware
$ git checkout simtrace
$ make -f Makefile.dfu BOARD=OLIMEX
$ make BOARD=SIMTRACE DEBUG=1 TARGET=main_simtrace
$ cat dfu.bin main_simtraece.bin > main_simtrace.samba
}}}
=== TODO ===
The {{{simtrace}}} program is part of the git://git.osmocom.org/simtrace.git repository. It will bind to the USB device
and send GSMTAP frames using UDP/IPv4 to localhost.
It will also print hexdumps of the frames to the console, looking like this:
{{{
APDU: (9): a0 a4 00 00 02 6f 07 9f 0f
APDU: (22): a0 c0 00 00 0f 00 00 00 09 6f 07 04 00 15 00 15 01 02 00 00 91 78
APDU: (9): a0 a4 00 00 02 6f 38 9f 0f
APDU: (22): a0 c0 00 00 0f 00 00 00 09 6f 38 04 00 15 00 55 01 02 00 00 91 78
APDU: (16): a0 b0 00 00 09 ff 3f ff ff 00 00 3f 03 00 91 78
APDU: (9): a0 a4 00 00 02 6f ad 9f 0f
APDU: (8): a0 b0 00 00 01 00 91 78
APDU: (9): a0 a4 00 00 02 6f 07 9f 0f
APDU: (16): a0 b0 00 00 09 08 49 06 20 11 49 00 11 06 91 78
APDU: (9): a0 a4 00 00 02 6f 7e 9f 0f
APDU: (18): a0 b0 00 00 0b ff ff ff ff 64 f0 00 ff fe 00 03 91 78
APDU: (9): a0 a4 00 00 02 6f 78 9f 0f
APDU: (9): a0 b0 00 00 02 00 01 91 78
APDU: (9): a0 a4 00 00 02 6f 74 9f 0f
APDU: (23): a0 b0 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 91 78
APDU: (9): a0 a4 00 00 02 6f 20 9f 0f
APDU: (16): a0 b0 00 00 09 ff ff ff ff ff ff ff ff 07 91 78
APDU: (9): a0 a4 00 00 02 6f 30 9f 0f
APDU: (22): a0 c0 00 00 0f 00 00 00 f0 6f 30 04 00 11 00 55 01 02 00 00 91 78
}}}
There is an experimental patch, also part of the simtrace.git package. You will have to apply this against the latest
wireshark developer version.
Protocol parsing is far from being complete, patches are always welcome!
Updated by laforge about 8 years ago · 3 revisions
