TerminalProfile » History » Revision 4
« Previous |
Revision 4/6
(diff)
| Next »
ahuemer, 02/19/2016 10:49 PM
typos
Using [wiki:SIMtrace], you can sniff the initial communication between a 3G phone and a USIM in order to get the phone terminal profile (it should even be before the PIN check).
It is also decoded in wireshark.
The terminal profile CAT command header (CLA=80, INS=10, P1=00, P2=00) is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102221/ ETSI TS 102 221] §11.2.1.
The terminal profile CAT command body is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102223/ ETSI TS 102 223] §5.2.
It tells the USIM what it can do on the phone.
You can post here the data in order to make a database of which phone is capable of what. * TAC = first 8 digits of IMEI * firmware = any information about the software running in the baseband * terminal profile = only the data bytes * example: 8010000011XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX9000, 80100000 is the header, 11 are the number of data bytes following (in hex), XX are the important data bytes, 9000 are the status words/bytes
brand | model | TAC | firmware | terminal profile | ||||||
Sony Ericsson | K800i | 35399601 | CXC1722434_TEMS R2B | {{{fff7ffff7f0f00df7f00001f2203104603}}} | ||||||
Samsung | Nexus S | 35503104 | i9020XXKD1 | {{{7f0affff1f000003940000000000000000400000}}} |
Updated by ahuemer about 8 years ago · 4 revisions