TerminalProfile » History » Revision 4
Revision 3 (tsaitgaist, 02/19/2016 10:49 PM) → Revision 4/6 (ahuemer, 02/19/2016 10:49 PM)
Using [wiki:SIMtrace], you can sniff the initial communication between a 3G phone and a USIM in is order to get the phone terminal profile (it should even be before the PIN check). It is also decoded in wireshark. The terminal profile CAT command header (CLA=80, INS=10, P1=00, P2=00) is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102221/ ETSI TS 102 221] §11.2.1. The terminal profile CAT command body is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102223/ ETSI TS 102 223] §5.2. It tells the USIM what it can do on the phone. You can post here the data in order to make a database of which phone is capable of what. * TAC = first 8 digits of IMEI * firmware = any information about the software running in the baseband basband * terminal profile = only the data bytes * example: 8010000011XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX9000, 80100000 is the header, 11 are the number of data bytes following (in hex), XX are the important data bytes, 9000 are the status words/bytes ||brand||model||TAC||firmware||terminal profile|| ||Sony Ericsson||K800i||35399601||CXC1722434_TEMS R2B||{{{fff7ffff7f0f00df7f00001f2203104603}}}|| ||Samsung||Nexus S||35503104||i9020XXKD1||{{{7f0affff1f000003940000000000000000400000}}}||
