*Holger Hans Peter Freyther* holger at freyther.de
<simtrace%40lists.osmocom.org?Subject=Re%3A%20Incomplete%20trace%20%28due%20to%20high-speed%20SIM%3F%29&In-Reply-To=%3C20130522102301.GP14728%40xiaoyu.lan%3E>
*Wed May 22 12:23:01 CEST 2013*
| On Tue, May 21, 2013 at 03:53:45PM +0200, Arthur Léna wrote:
| >* I tried booting the iPhone using 2 different SIMs (this one from *
| >* Free Mobile and another one) and the trace seems very short using
| *>* the Free Mobile in comparison to the other one. By parsing the ATRs
| *>* of both SIMs, I found out that the communication is done at 312500
| *>* bits/s with the Free Mobile SIM and only 78125 bits/s (for a clock
| *>* running at 5MHz). Could this explain the loss of entire ADPUs by the *
| >* tracer? If yes, is there a way to remedy to this problem (firmware *
| >* update for example).
*| Some people reported success by reducing the size of buffered bytes in
the
| firmware.
| holger
Holger
There appears to be numerous references to "decrease the buffer in the
firmware" to workaround the problem of losing bytes... but
can you clarify which buffer to decrease, in which source file?
I am guessing it's the req_ctx.c / req_ctx.h?
Thanks
Hi!
I really don't want to feel this list to be abused for advertisements,
but in this case I'm sure it is of actual help to a number of people on
this list:
The sysmocom web shop finally has a 3FF (micro-SIM) adapter cable
available: http://shop.sysmocom.de/products/simtrace-fpc-3ff
Please note that (as opposed to the regular mini-SIM) we only have one
of the possible four orientations available. This is primarily due to
the high manufacturing cost of low-volume flexible PCB projects.
We would like to hear from you
1) if you need this adapter in different orientation (which, for which
phone)
2) for which phone model you have used this new 3FF adapter successfully
3) what kind of problems you may have encountered using it.
Thanks to Kevin Redon for doing the PCB layout of this part. It is
freely available as part of the simtrace.git repository since commit
eee3243ddaa9e13bc7509a962fade8636b6ed2ab.
On a related note: For nanoSIM, I think we would have to go for
dual-layer PCB with vias placed inside the actual card contact pads.
This will make production cost even more expensive than the microSIM
adapter. So unless there's significant interest in a nanoSIM adapter,
it's unlikely that we'd have some made. Please let us know if you
absolutely want one, and if you're happy to pay even more (e.g. 25-30
EUR) for only that adapter.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi List,
When the SIMtrace ciruit operates in MitM mode, the RST and VCC lines
coming from the phone are very noisy from I/O line crosstalk in the flex
cable.
I see about 2V peak-to-peak on the scope!
I am expecting it leads to spurious reset/poweroff detections.
It might be helpful to add a filter on the AT91 side for RST and VCC.
Maye an R/C filter that can be enabled by an I/O pin using 0/HI-Z switching?
Another idea is to do enable the internal AT91 pin pullups.
Just loading RST and VCC a bit might be enough.
( Another alternative is to filter RST and VCC measurements in
software. I tried this but results are not very meaningful at this
point.. )
Cheers,
Tom
Hi List,
What is the current status of the MITM support? Anyone working on it
behind the scenes?
Also, I'd like to gauge how much work would be necessary to implement an
emulator mode, with emulator running on PC. I.e. SIMtrace used to doe
ATR handshake and then hand over all APDU to host PC over USB.
Cheers
Tom
Hi List,
Here are some bare-minimum code contributions for iso7816-3 slave side
protocol.
https://github.com/zwizwa/at91work/tree/apdu_phone
git@github.com:zwizwa/at91work.git
branch apdu_phone
Relevant files are in:
iso7816-slave-cdc-project/
src/
I spent a bit more time on this than expected on low-level platform
stuff, leaving me with no time to smooth the rough edges at the PC
interface side. It's a start, though.
Features:
- non-blocking iso7816-3 state machine for slave-side protocol
(reusable in COS?)
- low-level AT91 USART is abstracted as iso7816_port.h
- line-oriented ASCII HEX protocol over CDC USB serial, easy to use in
(python) scripts
- transport is separate from state machine, easy to replace with other
discussed mechanisms
- works for me on Nexus One and BLU SAMBA JR plus
Non-features:
- hardcoded ATR
- hardcoded power cycle skipping to select correct operating voltage
- not using SIMtrace SIM slot (see mim.py for using a PC card reader to
complete MITM)
- did not test with DFU but should work (I used Atmel SAM-ICE)
- standalone firmware, not integrated with CCID / sniffer
- git history is messy. i'd just flatten it for further work
