Wiki » History » Revision 5
Revision 4 (tsaitgaist, 05/22/2018 07:52 AM) → Revision 5/44 (tsaitgaist, 06/01/2018 06:30 PM)
h1. Osmocom SIMtrace 2 Osmocom SIMtrace 2 is a software and hardware system for passively tracing SIM-ME communication between the SIM card and the mobile phone, and remote SIM operation. It is a followup of the "SIMtrace project":https://osmocom.org/projects/simtrace/wiki/SIMtrace, providing more functionalities (e.g. remote SIM operation) and supporting multiple boards (e.g. SIMtrace with SAM3S, "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html). h2. Hardware The SIMtrace 2 firmware supports several boards. The firmware is written for a "ATSAM3S4B":https://www.microchip.com/wwwproducts/en/ATSAM3S4B micro-controller, replacing the old "AT91SAM7S64":https://www.microchip.com/wwwproducts/en/AT91SAM7S64 used by "SIMtrace":https://osmocom.org/projects/simtrace/wiki/SIMtrace and not recommended for new designs. Note: The SAM3S is now also marked as not recommended for new designs. It can further be replaced by the pin-compatible SAM4S, in the future. h3. SIMtrace The SAM3S is pin compatible with the SAM7S. This allows to continue using the same "SIMtrace":https://osmocom.org/projects/simtrace/wiki/SIMtrace_Hardware board, just by replacing the micro-controller. Note: This hardware is open source. h3. sysmoQMOD The SAM3S micro-controller with SIMtrace 2 firmware is also used on the "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html board to provide remote SIM operation capabilities. Note: This hardware is not open source. h2. Firmware The SIMtrace 2 firmware source code is available "here":https://git.osmocom.org/simtrace2/ but is still under development. Once ready binary files will also be released. The SIMtrace 2 firmware is a complete rewrite and can only be flashed on hardware with SAM3S ARM Cortex-M3-based micro-controllers. It is not compatible with the older "SIMtrace hardware":https://osmocom.org/projects/simtrace/wiki/SIMtrace_Hardware using SAM7S ARM7TDMI-based micro-controllers. h3. Flashing h4. DFU SIMtrace 2 comes with a USB DFU bootloader pre-installed which allows to flash the application firmware over USB using the @dfu-util@ utility. To get @dfu-util@: <pre> sudo apt-get install dfu-util </pre> To flash the firmware: <pre> sudo dfu-util --device 1d50:60e3 --cfg 1 --alt 1 --reset --download ./bin/simtrace-trace-dfu.bin </pre> To prevent using @sudo@ in order to use @dfu-util@ on SIMtrace 2, grant access permission to the USB device to the current user: <pre> # create osmocom group sudo groupadd osmocom # add current user to osmocom group (user needs to re-login for this change to take effect) sudo adduser $USERNAME osmocom # grant access permission to SIMtrace 2 for osmocom group sudo tee -a /etc/udev/rules.d/10-osmocom.rules << EOF # SIMtrace 2 SUBSYSTEM=="usb", ATTRS{idVendor}=="1d50", ATTR{idProduct}=="60e3", MODE="0660", GROUP="osmocom" EOF # reload udev rules sudo udevadm control --reload-rules sudo udevadm trigger </pre> @dfu-util@ should reset the board and use the DFU bootloader. Try the command a second time if it did not work at first. If this still does not work, power up the board while pressing the *BOOTLOADER* button. If the USB DFU bootloader is missing, defective, or needs to be updated, use the JTAG or SAM-BA methods to flash the bootloader firmware. h4. SAMBA The SAM3S micro-controller comes with an embedded bootloader called SAMBA, allowing to flash firmwares over USB. The SAMBA bootloader can be used to flash the DFU bootloader. To activate the SAMBA bootloader: # short the *ERASE* pin on the top of the board with the nearby 3V3 pin using a jumper # connect SIMtrace 2 over USB to power it up (no LED will light up) # using @lsusb@ you should find the following entry: <pre> ID 03eb:6124 Atmel Corp. at91sam SAMBA bootloader </pre> # using @journalctl -f@ ensure SIMtrace 2 has been recognized as USB ACM device: <pre> kernel: usb 2-2: new full-speed USB device number 4 using xhci_hcd kernel: usb 2-2: New USB device found, idVendor=03eb, idProduct=6124 kernel: usb 2-2: New USB device strings: Mfr=0, Product=0, SerialNumber=0 kernel: cdc_acm 2-2:1.0: ttyACM0: USB ACM device kernel: usbcore: registered new interface driver cdc_acm kernel: cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters </pre> # remove the jumper shorting *ERASE* to 3V3 # install the @bossac@ utility to flash using the SAMBA protocol <pre> sudo apt install bossac </pre> # flash the USB DFU firmware using @bossac@ (note: @erase@ ensures no main application remains so to force booting the USB DFU bootloader; @boot=1@ ensures the micro-controller will boot from the internal flash instead of the embedded bootloader next time it is powered up) <pre> sudo bossac --port /dev/ttyACM0 --erase --write ./bin/simtrace-dfu-flash.bin --verify --boot=1 </pre> # to prevent using @sudo@, grant to current user the permission to access USB serial devices (e.g. @/dev/ttyACM0@). Note: this change only takes effect after re-logging-in <pre> sudo adduser $USERNAME dialout </pre> Once the USB DFU bootloader is flashed, when re-pluging SIMtrace 2 over USB, you can flash the main application firmware using the DFU method. h4. JTAG It is also possible to flash or debug SIMtrace 2 over JTAG using the ARM 20-pin JTAG header on the top of the board. To flash the USB DFU firmware using JTAG: # install the JTAG utility @openOCD@ <pre> sudo apt install openocd </pre> # flash the USB DFU bootloader firmware <pre> openocd --file interface/jlink.cfg --file target/at91sam3sXX.cfg --command "init" --command "halt" --command "flash erase_sector 0 0 15" --command "flash write_bank 0 ./bin/simtrace-dfu-flash.bin 0" --command "at91sam3 gpnvm set 1" --command "reset" --command "shutdown" </pre> #* replace @interface/jlink.cfg@ with the configuration file for your JTAG debugging adapter #* @erase_sector@ will erase flash bank 0 (with a size of 256 KiB), to ensure no main application firmware remains in flash #* @at91sam3 gpnvm set 1@ ensures the micro-controller will boot from the internal flash (i.e. not from the embedded SAMBA bootloader) Once the USB DFU bootloader is flashed, when re-pluging SIMtrace 2 over USB, you can flash the main application firmware using the DFU method. h3. Development To compile the firmware using the source code, or participate in the development, please refer to the instructions provided in the "README":https://git.osmocom.org/simtrace2/tree/firmware/README.txt . h2. Host PC Software TODO
