TerminalProfile » History » Version 1
tsaitgaist, 02/19/2016 10:49 PM
defined + 1 entry
1 | 1 | tsaitgaist | Using [wiki:SIMtrace], you can sniff the initial communication between a 3G phone and a USIM is order to get the phone terminal profile (it should even be before the PIN check). |
---|---|---|---|
2 | It is also decoded in wireshark. |
||
3 | |||
4 | The terminal profile CAT command header (CLA=80, INS=10, P1=00, P2=00) is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102221/ ETSI TS 102 221] §11.2.1. |
||
5 | The terminal profile CAT command body is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102223/ ETSI TS 102 223] §5.2. |
||
6 | It tells the USIM what it can do on the phone. |
||
7 | |||
8 | You can post here the data in order to make a database of which phone is capable of what. |
||
9 | * TAC = first 8 digits of IMEI |
||
10 | * firmware = any information about the software running in the basband |
||
11 | * terminal profile = only the data bytes |
||
12 | * example: 8010000011XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX910f, 80100000 is the header, 11 are the number of data bytes following (in hex), XX are the important data bytes, 910f are the status words/bytes |
||
13 | |||
14 | ||brand||model||TAC||firmware||terminal profile|| |
||
15 | ||Sony Ericsson||K800i||35399601||CXC1722434_TEMS R2B||fff7ffff7f0f00df7f00001f2203104603|| |