TerminalProfile » History » Revision 3
Revision 2 (tsaitgaist, 02/19/2016 10:49 PM) → Revision 3/6 (tsaitgaist, 02/19/2016 10:49 PM)
Using [wiki:SIMtrace], you can sniff the initial communication between a 3G phone and a USIM is order to get the phone terminal profile (it should even be before the PIN check). It is also decoded in wireshark. The terminal profile CAT command header (CLA=80, INS=10, P1=00, P2=00) is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102221/ ETSI TS 102 221] §11.2.1. The terminal profile CAT command body is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102223/ ETSI TS 102 223] §5.2. It tells the USIM what it can do on the phone. You can post here the data in order to make a database of which phone is capable of what. * TAC = first 8 digits of IMEI * firmware = any information about the software running in the basband * terminal profile = only the data bytes * example: 8010000011XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX9000, 80100000 is the header, 11 are the number of data bytes following (in hex), XX are the important data bytes, 9000 910f are the status words/bytes ||brand||model||TAC||firmware||terminal profile|| ||Sony Ericsson||K800i||35399601||CXC1722434_TEMS R2B||{{{fff7ffff7f0f00df7f00001f2203104603}}}|| ||Samsung||Nexus S||35503104||i9020XXKD1||{{{7f0affff1f000003940000000000000000400000}}}||
