simtrac hw

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.

Sébastien Lorquet squalyl at gmail.com
Mon Nov 22 12:47:40 UTC 2010


MITM is useful to create a generic tool that is able to rewrite APDUs
on-the-fly. Like a live apdu patcher.

A sniffer only *listens* the sim<->reader lines, without writing anything.
It's "passive" in the sense that all it does is listening.

The timing is VERY important, a man in the middle will introduce latencies
that can be *very* easily detected. It is essential that in a sniffer, all
lines between the sim and the reader are directly, electrically connected,
without any repeating hardware in the middle.

> the other thing is that all cards are not 3.3v some are 1.8
In ALL situations, Vcc shall just be forwarded from the reader to the card.
You can use an ADC line and a voltage divider to measure this line. This is
important since a cold reset can be executed by the reader, and that will
interrupt Vcc.

And I see that the 3rd edition of ISO7816-3 now mandates that:
"No card shall be damaged when the interface device applies a class not
supported by the card".

So the voltage is not important. My opinion is that in practice, all SIMs
vendors, that will want their cards to work on the largest number of phones,
will support all the 3 voltage classes (5,3.3,1.8V). If not, you cannot
destroy a card by applying any of these 3 supply voltages.

Sebastien

On Mon, Nov 22, 2010 at 1:21 PM, Scott Weisman <sweisman at pobox.com> wrote:

> Thanks Harald. Is there a doc somewhere to explain what that means? I'm
> confused, because to me "reader" and "sniffer" have sufficiently overlapping
> meanings. What does a SIM sniffer sniff?
>
> What benefit is there to support a MITM use case?
>
> Scott
>
> On Mon, Nov 22, 2010 at 1:29 PM, Harald Welte <laforge at gnumonks.org>wrote:
>
>> Hi Scott,
>>
>> On Mon, Nov 22, 2010 at 09:33:40AM +0200, Scott Weisman wrote:
>>
>> > I'm no expert on this (I think that's pretty obvious), but wouldn't it
>> just
>> > be easier to buy one of the supported Osmocom phones, which already has
>> all
>> > the hardware needed and a library of code, and make the code with that?
>>
>> it will simply not work.  the phone only implements the READER side
>> interface,
>> but not the CARD site interface.
>>
>> --
>> - Harald Welte <laforge at gnumonks.org>
>> http://laforge.gnumonks.org/
>>
>> ============================================================================
>> "Privacy in residential applications is a desirable marketing option."
>>                                                  (ETSI EN 300 175-7 Ch.
>> A6)
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/baseband-devel/attachments/20101122/a23e36b8/attachment.htm>


More information about the baseband-devel mailing list