From holger at freyther.de Thu Jul 13 13:44:58 2017 From: holger at freyther.de (Holger Freyther) Date: Thu, 13 Jul 2017 15:44:58 +0200 Subject: Simtrace In-Reply-To: <3ED0BBE6-A9E7-464A-8E22-065B7F4D439D@privoro.com> References: <3ED0BBE6-A9E7-464A-8E22-065B7F4D439D@privoro.com> Message-ID: <7F568E7C-CD35-48DD-A48E-23FAA2DE03B3@freyther.de> > On 2. Jun 2017, at 23:52, Vishal Vaidhyanathan wrote: > > Hi, Hey! > We purchased the Simtrace HW kit from you guys and I tried to sniff the communication between the sim and an iPhone 6. After installing the firmware and running simtrace, I was able to view the results on Wireshark. Looking into the results, all the field?s like EF.ICCID, EF.IMSI and EF.Keys had the same number (APDU Payload). this is a community mailinglist and you are unlikely to have purchased anything from the girls and guys on this mailinglist. > I got the numbers like ICCID and IMSI and it didn?t match them. Do you have any idea where the issue might be? Please let me know In which way it didn't match? Why do you think the data shown in wireshark is wrong? Do you need to BCD decode the data you received? holger From Vishal.Vaidhyanathan at privoro.com Fri Jul 14 16:07:08 2017 From: Vishal.Vaidhyanathan at privoro.com (Vishal Vaidhyanathan) Date: Fri, 14 Jul 2017 16:07:08 +0000 Subject: Baud rate Message-ID: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> Hi, What is the BAUD rate of the phone clock? You must know it for sniffing the communication between the phone and SIM card. And does Wireshark output all the communication between the phone and the SIM card? Please let me know. Thanks, Vishal -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: From holger at freyther.de Fri Jul 14 16:40:54 2017 From: holger at freyther.de (Holger Freyther) Date: Fri, 14 Jul 2017 18:40:54 +0200 Subject: Baud rate In-Reply-To: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> References: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> Message-ID: <34AF426A-9498-42D8-9130-2E5B289C946E@freyther.de> > On 14. Jul 2017, at 18:07, Vishal Vaidhyanathan wrote: > > Hi, Hi Vishal, > > What is the BAUD rate of the phone clock? You must know it for sniffing the communication between the phone and SIM card. And does Wireshark output all the communication between the phone and the SIM card? Please let me know. It depends on the ATR. SIMtrace firmware sniffes and then adjusts clock. Have a look at the sourcecode. What do you think is missing in wireshark? holger From holger at freyther.de Fri Jul 14 16:54:49 2017 From: holger at freyther.de (Holger Freyther) Date: Fri, 14 Jul 2017 18:54:49 +0200 Subject: Baud rate In-Reply-To: References: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> <34AF426A-9498-42D8-9130-2E5B289C946E@freyther.de> Message-ID: <578EC19A-BD85-4D88-8DED-0CECDC460A6A@freyther.de> > On 14. Jul 2017, at 18:50, Vishal Vaidhyanathan wrote: > > Hi Holger, Hi! please don't take a public discussion private. It is considered rude in the FOSS community. But I (and others) offer consulting services too. > So I receive the ATR at 9600 Baud rate. After that I send the APDU commands in the exact order I see in Wireshark. One SIM card responds exactly as I see in Wireshark. Few other SIM cards don?t respond after ATR. So I want to know how the phone does it and want to verify that Wireshark is not missing something after ATR. This is the reason I want to know the baud rate of the phone clock. > > Where exactly should I look at the source to figure out the Baud rate of the phone? http://git.osmocom.org/openpcd/tree/firmware/src/simtrace/iso7816_uart.c#n117 follow the usage of the fi_table and di_table -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: From Vishal.Vaidhyanathan at privoro.com Fri Jul 14 17:13:52 2017 From: Vishal.Vaidhyanathan at privoro.com (Vishal Vaidhyanathan) Date: Fri, 14 Jul 2017 17:13:52 +0000 Subject: Baud rate In-Reply-To: <578EC19A-BD85-4D88-8DED-0CECDC460A6A@freyther.de> References: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> <34AF426A-9498-42D8-9130-2E5B289C946E@freyther.de> <578EC19A-BD85-4D88-8DED-0CECDC460A6A@freyther.de> Message-ID: <723B662C-D823-418A-8CD6-543A0AAC783E@privoro.com> Hi, Sorry about that. Didn?t realize I was taking it private. I?ve a couple more questions. If the ATR comes back at 9600, doesn?t it stay the same until we send PPS? So I went through that link, according to that, after ATR, we use the Fi and Di values to calculate UART Baud rate and send commands in that rate? But I want to know what baud rate the phone uses? Does it change using PPS? Wireshark doesn?t show any PPS after ATR. Does that mean the phone read the ATR and adjusted the clock accordingly? Basically I?m trying to sniff the entire phone communication to SIM in a file and I need the correct Baud rate to do that? Thanks, Vishal > On Jul 14, 2017, at 9:54 AM, Holger Freyther wrote: > > >> On 14. Jul 2017, at 18:50, Vishal Vaidhyanathan wrote: >> >> Hi Holger, > > Hi! > > please don't take a public discussion private. It is considered rude in the FOSS community. But I (and others) offer consulting services too. > > >> So I receive the ATR at 9600 Baud rate. After that I send the APDU commands in the exact order I see in Wireshark. One SIM card responds exactly as I see in Wireshark. Few other SIM cards don?t respond after ATR. So I want to know how the phone does it and want to verify that Wireshark is not missing something after ATR. This is the reason I want to know the baud rate of the phone clock. >> >> Where exactly should I look at the source to figure out the Baud rate of the phone? > > > http://git.osmocom.org/openpcd/tree/firmware/src/simtrace/iso7816_uart.c#n117 > > follow the usage of the fi_table and di_table -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: From holger at freyther.de Fri Jul 14 17:23:11 2017 From: holger at freyther.de (Holger Freyther) Date: Fri, 14 Jul 2017 19:23:11 +0200 Subject: Baud rate In-Reply-To: <723B662C-D823-418A-8CD6-543A0AAC783E@privoro.com> References: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> <34AF426A-9498-42D8-9130-2E5B289C946E@freyther.de> <578EC19A-BD85-4D88-8DED-0CECDC460A6A@freyther.de> <723B662C-D823-418A-8CD6-543A0AAC783E@privoro.com> Message-ID: <3D61E237-392E-469D-B9B6-699F8E931354@freyther.de> > On 14. Jul 2017, at 19:13, Vishal Vaidhyanathan wrote: > > Hi, Hi! > Sorry about that. Didn?t realize I was taking it private. I?ve a couple more questions. If the ATR comes back at 9600, doesn?t it stay the same until we send PPS? Right. > So I went through that link, according to that, after ATR, we use the Fi and Di values to calculate UART Baud rate and send commands in that rate? But I want to know what baud rate the phone uses? Does it change using PPS? Wireshark doesn?t show any PPS after ATR. Does that mean the phone read the ATR and adjusted the clock accordingly? Basically I?m trying to sniff the entire phone communication to SIM in a file and I need the correct Baud rate to do that? You are right. If you look at process_byte it will not forward PTS related bytes (goto out_silent). At least in the debug output of the SIMtrace you should be able to see fi/di changes. holger From Vishal.Vaidhyanathan at privoro.com Fri Jul 14 20:50:27 2017 From: Vishal.Vaidhyanathan at privoro.com (Vishal Vaidhyanathan) Date: Fri, 14 Jul 2017 20:50:27 +0000 Subject: Baud rate In-Reply-To: <3D61E237-392E-469D-B9B6-699F8E931354@freyther.de> References: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> <34AF426A-9498-42D8-9130-2E5B289C946E@freyther.de> <578EC19A-BD85-4D88-8DED-0CECDC460A6A@freyther.de> <723B662C-D823-418A-8CD6-543A0AAC783E@privoro.com> <3D61E237-392E-469D-B9B6-699F8E931354@freyther.de> Message-ID: <3DDBAB61-E04D-45AF-8CF7-4125E16A2878@privoro.com> Hi Holger, Well I looked into the code and figured ATMEL MCU used here takes Fi/Di as an input parameter for setting it?s UART. My question how do you figure the phone clock speed and baud rate? I know that Baud Rate = Phone clock speed/(Fi/Di). So I need to know these parameters to sniff communication. My Goal is to sniff the entire process of phone communication with SIM and store in a File. For that I need to know the phone?s clock speed and Baud rate of UART at different times. Thanks, Vishal > On Jul 14, 2017, at 10:23 AM, Holger Freyther wrote: > > >> On 14. Jul 2017, at 19:13, Vishal Vaidhyanathan wrote: >> >> Hi, > > Hi! > > >> Sorry about that. Didn?t realize I was taking it private. I?ve a couple more questions. If the ATR comes back at 9600, doesn?t it stay the same until we send PPS? > > Right. > >> So I went through that link, according to that, after ATR, we use the Fi and Di values to calculate UART Baud rate and send commands in that rate? But I want to know what baud rate the phone uses? Does it change using PPS? Wireshark doesn?t show any PPS after ATR. Does that mean the phone read the ATR and adjusted the clock accordingly? Basically I?m trying to sniff the entire phone communication to SIM in a file and I need the correct Baud rate to do that? > > You are right. If you look at process_byte it will not forward PTS related bytes (goto out_silent). At least in the debug output of the SIMtrace you should be able to see fi/di changes. > > holger > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: From ml at mail.tsaitgaist.info Sun Jul 16 21:54:34 2017 From: ml at mail.tsaitgaist.info (=?iso-8859-1?Q?K=E9vin?= Redon) Date: Sun, 16 Jul 2017 23:54:34 +0200 Subject: Baud rate In-Reply-To: <3DDBAB61-E04D-45AF-8CF7-4125E16A2878@privoro.com> References: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> <34AF426A-9498-42D8-9130-2E5B289C946E@freyther.de> <578EC19A-BD85-4D88-8DED-0CECDC460A6A@freyther.de> <723B662C-D823-418A-8CD6-543A0AAC783E@privoro.com> <3D61E237-392E-469D-B9B6-699F8E931354@freyther.de> <3DDBAB61-E04D-45AF-8CF7-4125E16A2878@privoro.com> Message-ID: <20170716215434.GA19102@coil> On Fri, Jul 14, 2017 at 08:50:27PM +0000, Vishal Vaidhyanathan wrote: > Hi Holger, > > Well I looked into the code and figured ATMEL MCU used here takes Fi/Di as an input parameter for setting it?s UART. My question how do you figure the phone clock speed and baud rate? the ISO7816 mode of the USART peripheral is used, where the micro-controller doesn't need to know the clock speed. compared to UART where both sides need to know the clock speed (asynchronous mode), in ISO7816 mode there is a dedicated clock signal provided by the phone (synchronous mode) and the bit is sampled on the rising edge of the clock (no matter the frequency). the phone (i.e. the master) can change the frequency (1 to 5 MHz at the beginning) while communicating. if you are using a simple UART adapter you would have to synchronise to the clock signal (or measure its frequency using a timer, most of the time this works too). From Vishal.Vaidhyanathan at privoro.com Mon Jul 17 18:58:26 2017 From: Vishal.Vaidhyanathan at privoro.com (Vishal Vaidhyanathan) Date: Mon, 17 Jul 2017 18:58:26 +0000 Subject: Baud rate In-Reply-To: <3D61E237-392E-469D-B9B6-699F8E931354@freyther.de> References: <5FC6945A-F41F-4121-BE63-FCD96CB41C9E@privoro.com> <34AF426A-9498-42D8-9130-2E5B289C946E@freyther.de> <578EC19A-BD85-4D88-8DED-0CECDC460A6A@freyther.de> <723B662C-D823-418A-8CD6-543A0AAC783E@privoro.com> <3D61E237-392E-469D-B9B6-699F8E931354@freyther.de> Message-ID: <55D708EF-C36E-4A5E-BE2F-EB99D58C88FA@privoro.com> Hi Holger, You said simtrace doesn?t show PTS related information. Is there an option to enable it and see it on Wireshark? How do I enable debug mode? Thanks, Vishal > On Jul 14, 2017, at 10:23 AM, Holger Freyther wrote: > > >> On 14. Jul 2017, at 19:13, Vishal Vaidhyanathan wrote: >> >> Hi, > > Hi! > > >> Sorry about that. Didn?t realize I was taking it private. I?ve a couple more questions. If the ATR comes back at 9600, doesn?t it stay the same until we send PPS? > > Right. > >> So I went through that link, according to that, after ATR, we use the Fi and Di values to calculate UART Baud rate and send commands in that rate? But I want to know what baud rate the phone uses? Does it change using PPS? Wireshark doesn?t show any PPS after ATR. Does that mean the phone read the ATR and adjusted the clock accordingly? Basically I?m trying to sniff the entire phone communication to SIM in a file and I need the correct Baud rate to do that? > > You are right. If you look at process_byte it will not forward PTS related bytes (goto out_silent). At least in the debug output of the SIMtrace you should be able to see fi/di changes. > > holger > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: