- simtrace - lists.osmocom.org

firmware 0.5.3-6ea9-dirty Ubuntu howto
by pkix 11 Nov '14

11 Nov '14

Problem: Latest official simtrace firmware v0.5 fails to trace some smart cards. The APDU output is meaningless and tracing stops after displaying few garbage APDUs. There is unofficial firmware "0.5.3-6ea9-dirty" which tries to fix the problem. Here are step-by-step instructions how to try out firmware "0.5.3-6ea9-dirty". Updating simtrace firmware: sudo apt-get install dfu-util wget http://lists.osmocom.org/pipermail/simtrace/attachments/20140624/a17d1070/a… sudo dfu-util -d 16c0:0762 -a0 -D ./attachment-0001.bin -R Now connect debug interface and press "reset" button on simtrace. You should see: sudo cu -l /dev/ttyUSB0 -s 115200 [000002] Version 0.5.3-6ea9-dirty compiled 20140624-112040 by min@Wolfgang Patching simtrace host software: sudo apt-get install libusb-1.0-0-dev wget https://launchpad.net/~osmobuntu/+archive/ubuntu/ppa/+files/libosmocore-dev… wget https://launchpad.net/~osmobuntu/+archive/ubuntu/ppa/+files/libosmocore_0.5… sudo dpkg -i libosmocore_0.5.3+git1-1_amd64.deb sudo dpkg -i libosmocore-dev_0.5.3+git1-1_amd64.deb git clone git://git.osmocom.org/simtrace cd simtrace git checkout e179a32048e cd host wget http://lists.osmocom.org/pipermail/simtrace/attachments/20141023/4e37cb7d/a… patch -p2 < attachment.bin make sudo ./simtrace Report success or failure to mxu(a)sanjole.com .

1 0

Does SIMtrace work with 3G/4G USIM?
by Shafiul Alam 10 Nov '14

10 Nov '14

Dear Correspondence, For my academic research, I am interested on the SIMTrace product. I need to know about the transmitted data between 3G/4G USIM and the ME. Does SIMtrace help me to know that? Kind regards, Shafi ________________________________ *(Mohammed Shafiul Alam Khan)* PhD Student, Information Security Group (ISG), Royal Holloway, University of London (RHUL), Egham, Surrey TW20 0EX, UK. Mobile # *074 5920 8017* Official E-mail # Mohammed.Khan.2013(a)live.rhul.ac.uk AND Faculty (On Leave), Institute of Information Technology, University of Dhaka, Dhaka, BANGLADESH

2 1

sniffing hangs / too fast sim? / parsing problem?
by Lukas Kuzmiak 24 Oct '14

24 Oct '14

Hey guys, this problem has been around for ages (from my perspective) .. and I don't seem to understand if it's a SW issue or a HW issue. I start the ./simtrace .. and then insert the SIM into the phone (or vice versa), boot up the phone and start sniffing (log below). It works for a second or two and then the stuff get broken into weird parts .. I could probably fix that in apdu_split.c but the other issue is that it stops sniffing completely at that point for some reason. Any idea why that happens? Thanks! Lukas Entering main loop ATR APDU: 3b 9e 96 80 1f c7 80 31 e0 73 fe 21 1b 66 d0 01 7b 8f 0d 00 f8 PPS(Fi=9/Di=6) APDU: 00 a4 00 04 02 3f 00 61 2e APDU: 00 c0 00 00 2e 62 2c 82 02 78 21 83 02 3f 00 a5 09 80 01 71 83 04 00 00 95 d5 8a 01 05 8b 03 2f 06 02 c6 09 90 01 40 83 01 01 83 01 81 81 04 00 01 50 f2 90 00 APDU: 00 a4 08 04 02 2f e2 61 1b APDU: 00 c0 00 00 1b 62 19 82 02 41 21 83 02 2f e2 a5 03 80 01 71 8a 01 05 8b 03 2f 06 01 80 02 00 0a 90 00 APDU: 00 b0 00 00 0a 98 94 22 14 51 02 31 21 51 f0 90 00 APDU: 00 a4 00 04 02 2f 05 61 1b APDU: 00 c0 00 00 1b 62 19 82 02 41 21 83 02 2f 05 a5 03 80 01 71 8a 01 05 8b 03 2f 06 05 80 02 00 08 90 00 APDU: 00 b0 00 00 08 64 65 65 6e 66 72 ff ff 90 00 APDU: 80 10 00 00 1e ff ff ff ff 7f 9f 00 df ff 00 00 1f e2 00 00 00 83 fb 00 07 06 01 60 00 11 00 00 00 00 18 91 44 APDU: 80 12 00 00 44 d0 42 81 03 01 25 00 82 02 81 82 05 0c 53 4d 53 20 53 65 72 76 69 63 65 73 8f 0e 01 49 6e 66 6f 20 53 65 72 76 69 63 65 73 8f 0b 02 57 7c 72 74 65 72 62 75 63 68 8f 06 03 45 4d 61 69 6c 8f 04 04 46 61 78 90 00 APDU: 00 a4 00 04 02 2f 00 61 21 APDU: 00 c0 00 00 21 62 1f 82 05 42 21 00 26 02 83 02 2f 00 a5 03 80 01 71 8a 01 05 8b 03 2f 06 04 80 02 00 4c 88 01 f0 00 00 APDU: b2 01 04 26 b2 61 1e APDU: 4f 10 a0 00 00 00 87 APDU: 10 02 ff 33 ff ff 89 APDU: 01 01 01 00 50 0a 4f APDU: 32 2d 47 65 72 6d 61 APDU: 6e 79 ff ff ff ff ff APDU: ff 90 00 00 b2 02 04 APDU: 26 b2 ff ff ff ff ff

3 4

sniffing EMV
by Andris Berzins 02 Sep '14

02 Sep '14

1 0

MITM / USB CCID card reader
by Stathis mozbery se lew 22 Jul '14

22 Jul '14

Dear list, I would like to ask the currently status of MITM implementation on SIMtrace? On some prior postings on the list I found about some previous works on it: git://git.gnumonks.org/at91work.git https://github.com/zwizwa/at91work/tree/apdu_phone I am also intresting in turning the simtrace into a USB CCID based smart card reader in order to use http://openbsc.osmocom.org/trac/wiki/osmo-sim-auth with the SIMtrace. In the usb-device-ccid-project directory when I am trying to use "make" i am getting the following error: user@ubuntu:~/at91work/usb-device-ccid-project$ make cc -g -Os -I../at91lib/boards/simtrace -I../at91lib/peripherals -I../at91lib/components -I../at91lib -Dat91sam7s128 -D__ASSEMBLY__ -Dflash_dfu -c -o obj/flash_dfu_board_cstartup.o ../at91lib/boards/simtrace/board_cstartup.S ../at91lib/boards/simtrace/board_cstartup.S: Assembler messages: ../at91lib/boards/simtrace/board_cstartup.S:55: Error: unknown pseudo-op: `.arm' ../at91lib/boards/simtrace/board_cstartup.S:137: Error: no such instruction: `ldr r4,=_sstack' ../at91lib/boards/simtrace/board_cstartup.S:138: Error: too many memory references for `mov' ../at91lib/boards/simtrace/board_cstartup.S:139: Error: no such instruction: `ldr r0,=LowLevelInit' ../at91lib/boards/simtrace/board_cstartup.S:140: Error: too many memory references for `mov' ../at91lib/boards/simtrace/board_cstartup.S:141: Error: no such instruction: `bx r0' ../at91lib/boards/simtrace/board_cstartup.S:144: Error: no such instruction: `ldr r0,=_efixed' ../at91lib/boards/simtrace/board_cstartup.S:145: Error: no such instruction: `ldr r1,=_srelocate' ../at91lib/boards/simtrace/board_cstartup.S:146: Error: no such instruction: `ldr r2,=_erelocate' ../at91lib/boards/simtrace/board_cstartup.S:148: Error: too many memory references for `cmp' ../at91lib/boards/simtrace/board_cstartup.S:149: Error: no such instruction: `ldrcc r3,[r0],' ../at91lib/boards/simtrace/board_cstartup.S:150: Error: no such instruction: `strcc r3,[r1],' ../at91lib/boards/simtrace/board_cstartup.S:151: Error: no such instruction: `bcc 1b' ../at91lib/boards/simtrace/board_cstartup.S:154: Error: no such instruction: `ldr r0,=_szero' ../at91lib/boards/simtrace/board_cstartup.S:155: Error: no such instruction: `ldr r1,=_ezero' ../at91lib/boards/simtrace/board_cstartup.S:156: Error: expecting operand after ','; got nothing ../at91lib/boards/simtrace/board_cstartup.S:158: Error: too many memory references for `cmp' ../at91lib/boards/simtrace/board_cstartup.S:159: Error: no such instruction: `strcc r2,[r0],' ../at91lib/boards/simtrace/board_cstartup.S:160: Error: no such instruction: `bcc 1b' ../at91lib/boards/simtrace/board_cstartup.S:176: Error: no such instruction: `ldr r0,=main' ../at91lib/boards/simtrace/board_cstartup.S:177: Error: too many memory references for `mov' ../at91lib/boards/simtrace/board_cstartup.S:178: Error: no such instruction: `bx r0' ../at91lib/boards/simtrace/board_cstartup.S:182: Error: no such instruction: `b 1b' make: *** [obj/flash_dfu_board_cstartup.o] Error 1 Thanks for any replies and for your time With Best regards Stathis

2 1

Fast SIM cards loosing bytes
by Dean Chester 24 Jun '14

24 Jun '14

Hi, I see earlier in the archives that reducing the buffer size in the firmware will resolve this. Hasn't this already been done though in new releases of the firmware? As I have pulled the latest version from the openpcd git repo and built it. If not what have people reduced the buffer size to? And has it had any fixes? Sent from my iPad

5 14

questions for softsim and simtrace
by qb 08 Apr '14

08 Apr '14

dear list, how can we connect a real sim card and connect it to a real phone via simtrace? i mean the following physically sim --pcsc reader--softsim--pc--usb--simtrace--phone but how about software side? -- bruce lee

1 0

some help for simtrace and btsap(sap client)
by qb 06 Apr '14

06 Apr '14

good day . does some1 are working on this? run softsim on one pc and simtrace on another pc or openwrt liked systme? -- 这是通过Aico Mail手机客户端发送的邮件。Aico Mail旨在丰富人们的沟通与生活，提供全新的移动办公体验。

1 0

OsmoDevCon 2014: CFP
by Sylvain Munaut 05 Feb '14

05 Feb '14

Dear all, Time has come to fill out the "Talks/Discussions/Workshop / Hacking" section of the wiki page. If you have something you'd like to present, talk about or hack on, add it there. A simple descriptive title along with an estimated duration is enough. I guess we'll collect those for 2/3 weeks and then start making the schedule. Cheers, Sylvain

1 0

Detecting "Silent SMS" with Simtrace
by Mell Kuss 23 Jan '14

23 Jan '14

2 1

[RFC] [ADMIN] Making lists subscriber-only?
by Harald Welte 15 Jan '14

15 Jan '14

Dear all, so far the osmocom.org mailing lists have always been in a 'non-members are manually moderated' mode. This has created a lot of work for manual list moderation, where a lot of the messages caught are simply spam, and only the occasional valid message is being received. I'd like to thank the list moderators for taking care of this. However, in more recent discussions, we were considering to move the lists to a completely closed mode, i.e. postings would automatically be rejected from non-members. The automatic response would contain a description of how to subscribe in 'nomail' mode, i.e. to subscribe in a way to be able to post to the list, while still not receiving any incoming traffic. The latter should be fine for occasional posters who don't want the bulk e-mail that goes with a full/regular subscription. Please provide feedback in case you disagree with that change. Unless there is major opposition, we will likely transition to the 'closed' mode within one month. Thanks, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

7 6

DFU mode, wireshark
by Martin Kaiser 12 Jan '14

12 Jan '14

Dear all, recently, we added a dissector for USB DFU to wireshark. It recognizes packets based on product ID + vendor ID. I tested this with my simtrace (v1.0) board and it works like a charm when I add 0x16c0, 0x0762. However, I saw that for the simtrace board, prod id/vendor id is the same for DFU mode and sniffer mode. I guess that for sniffer mode (or any other mode than DFU), it doesn't really make sense to capture the raw USB packets. Therefore, I tend to add 0x16c0, 0x0762 and link it to USB DFU. Are you ok with this? Thanks, Martin

2 1

OsmoDevCon 2014 / Date / Venue
by Harald Welte 01 Jan '14

01 Jan '14

Hi all, time is moving fast, and I want to start some initial discussion and planning for OsmoDevCon 2014. There are basically four questions which I'm raising below. Please provide your feedback to the osmocom-event-orga mailing list only, to avoid cross-posting over all the project lists. = Who? = My intention is to keep it an 'active developer/contributer only' event, like we had it before. I would also want to keep the group relatively small, to keep the 'Osmocom family' atmosphere. If desired, we could have one half or full day of public prsentations in a larger auditorium, but the developer meeting should be a close group, as known so far. = Where? = If we keep the number of attendees within the same range as this year, then I'm sure we could again hold it at the same venue. I know it is not perfect, but it is a place that we have access to, 24 hours per day, and free of cost for community projects like osmocom.org. If the community wants a larger event, then this is something that would require more funds and much more time organizing. And that is something that I personally could not offer to take care of, sorry. I'm happy to attend and support any larger events, but I'm unable to take care of fundraising and venue research. = When? = Q1/2014. In January, I'm not aware of any 'blocker' events. February, there is Fosdem (Feb 1 + Feb 2), and MWC from Feb 24 through Feb 27. In March there is CeBIT (March 10-14) and Easter holidays (with EasterHegg March 17-21). Did I miss any other FOSS / mobile event that might clash in Q1? So my preference woudl be to do it either late January (23-26) or in February (6-9 or 13-16). Any preferences regarding preferred schedule? Once we have some concencus here on the list [and we want to do it in the same size / venue], I'll talk to IN-Berlin. = What? = I think that question is easy to answer, if we have the above three figured out... There's no shortage of topics, I suppose. You can start adding your suggestions to http://openbsc.osmocom.org/trac/wiki/OsmoDevCon2014 Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 1

3FF Probe - using dual sim card adapter
by Dean Chester 07 Dec '13

07 Dec '13

Hi, I saw in an earlier post that tsaitgaist recommeneded dual sim card adapters for using as probes has anyone had any success with these and cutting the correct lines if so which lines do I need to cut in order to use this as a probe? What instructions should I follow so that I can trace my sim card. I'm using this as another solution as I have had no success using the 3FF probe in my iPhone 4s for tracing. Kind Regards, Dean Chester

2 1

SIMTrace Host Software in Python
by Dean Chester 20 Nov '13

20 Nov '13

Hi, I've been working on developing the host software in python to make it cross platform, its still in the early stages at the moment. Its available here: https://github.com/deanchester/simtrace This is my first ever open source project, feedback would be good. Its still in the early stages of development but I hope people will in time start to use it. Kind Regards, Dean Chester

1 0

Osmocom CardOS project gets its own list
by Harald Welte 15 Nov '13

15 Nov '13

Dear all, in recent weeks several people have contacted me that they would be interested in attempting to bring the idea of a CardOS forward. To provide them a place where they can share ideas and code, I have created the osmocom-cos(a)lists.osmocom.org mailing list. So anyone interested in this development: Please feel free to subscribe that new list: http://lists.osmocom.org/mailman/listinfo/osmocom-cos Regards, -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

SIMtrace 3FF / micro-SIM adapter available
by Harald Welte 18 Oct '13

18 Oct '13

Hi! I really don't want to feel this list to be abused for advertisements, but in this case I'm sure it is of actual help to a number of people on this list: The sysmocom web shop finally has a 3FF (micro-SIM) adapter cable available: http://shop.sysmocom.de/products/simtrace-fpc-3ff Please note that (as opposed to the regular mini-SIM) we only have one of the possible four orientations available. This is primarily due to the high manufacturing cost of low-volume flexible PCB projects. We would like to hear from you 1) if you need this adapter in different orientation (which, for which phone) 2) for which phone model you have used this new 3FF adapter successfully 3) what kind of problems you may have encountered using it. Thanks to Kevin Redon for doing the PCB layout of this part. It is freely available as part of the simtrace.git repository since commit eee3243ddaa9e13bc7509a962fade8636b6ed2ab. On a related note: For nanoSIM, I think we would have to go for dual-layer PCB with vias placed inside the actual card contact pads. This will make production cost even more expensive than the microSIM adapter. So unless there's significant interest in a nanoSIM adapter, it's unlikely that we'd have some made. Please let us know if you absolutely want one, and if you're happy to pay even more (e.g. 25-30 EUR) for only that adapter. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

2 1

possible PPS error
by Kevin Redon 09 Oct '13

09 Oct '13

Hi, I just got a SIM card which can not be detected by the phone when having simtrace in the middle. The phone is a Samsung Galaxy SIII, simtrace v1.2p, with current firmware. The SIM card works when plugged in the phone directly, and SIMtrace with this phone work with other SIM cards. This SIM cards allows high transfer rates, and the phone tries to do the PPS exchange, but somehow fails and the tells no SIM card is detected.

1 0

iPhone Terminal Profile
by Matt S 19 Sep '13

19 Sep '13

Does anyone have a Terminal Profile handy for an iPhone 4 or 4S? I dont' have the microSIM SimTrace adapter, and the database here: https://terminal-profile.osmocom.org/ doesn't appear to have been updated in a while. Thanks!

2 1

MITM voltage fix using ATR
by Tom Schouten 10 Sep '13

10 Sep '13

Hi List, When using MITM it is possible to set the SIMtrace<->phone voltage levels using ATR, giving a clear-cut way to solve the incorrect I/O level problem: See byte TA(3) C7->C2 orig ATR from card: http://smartcard-atr.appspot.com/parse?ATR=3B9F95801FC78031E073FE2113574A33… modded to select only 3V: http://smartcard-atr.appspot.com/parse?ATR=3B9F95801FC28031E073FE2113574A33… Cheers, Tom

1 0

INS=STATUS + car reset question
by Tom Schouten 05 Sep '13

05 Sep '13

Hi List, I'm running into the following command sequence in a Nexus One Android 2.3 phone: C-APDU:80F20001FF (STATUS) R-APDU:6C12 (Incorrect Parameter P3) After which the phone power-cycles the card. I'm wondering whether this is is desired behavior, or if it's a bug in the new MITM code. Phone seems to reset the card quite often when in USIM mode. Running the card in SIM mode, this doesn't happen. Cheers Tom

2 4

board questions regarding MitM
by Tom Schouten 28 Aug '13

28 Aug '13

Hi List, When the SIMtrace ciruit operates in MitM mode, the RST and VCC lines coming from the phone are very noisy from I/O line crosstalk in the flex cable. I see about 2V peak-to-peak on the scope! I am expecting it leads to spurious reset/poweroff detections. It might be helpful to add a filter on the AT91 side for RST and VCC. Maye an R/C filter that can be enabled by an I/O pin using 0/HI-Z switching? Another idea is to do enable the internal AT91 pin pullups. Just loading RST and VCC a bit might be enough. ( Another alternative is to filter RST and VCC measurements in software. I tried this but results are not very meaningful at this point.. ) Cheers, Tom

2 2

simtrace arduino due?
by Tom Schouten 16 Aug '13

16 Aug '13

Just an idea.. What about building a next version based on the Arduino Due? It's based on a SAM3X8E http://arduino.cc/en/Main/arduinoBoardDue

2 1

SIMtrace MITM/emulator
by Tom Schouten 16 Aug '13

16 Aug '13

Hi List, What is the current status of the MITM support? Anyone working on it behind the scenes? Also, I'd like to gauge how much work would be necessary to implement an emulator mode, with emulator running on PC. I.e. SIMtrace used to doe ATR handshake and then hand over all APDU to host PC over USB. Cheers Tom

5 26

MITM
by Tom Schouten 09 Aug '13

09 Aug '13

Hi List, Here are some bare-minimum code contributions for iso7816-3 slave side protocol. https://github.com/zwizwa/at91work/tree/apdu_phone git@github.com:zwizwa/at91work.git branch apdu_phone Relevant files are in: iso7816-slave-cdc-project/ src/ I spent a bit more time on this than expected on low-level platform stuff, leaving me with no time to smooth the rough edges at the PC interface side. It's a start, though. Features: - non-blocking iso7816-3 state machine for slave-side protocol (reusable in COS?) - low-level AT91 USART is abstracted as iso7816_port.h - line-oriented ASCII HEX protocol over CDC USB serial, easy to use in (python) scripts - transport is separate from state machine, easy to replace with other discussed mechanisms - works for me on Nexus One and BLU SAMBA JR plus Non-features: - hardcoded ATR - hardcoded power cycle skipping to select correct operating voltage - not using SIMtrace SIM slot (see mim.py for using a PC card reader to complete MITM) - did not test with DFU but should work (I used Atmel SAM-ICE) - standalone firmware, not integrated with CCID / sniffer - git history is messy. i'd just flatten it for further work

2 6

SIMtrace phone-side VCC
by Tom Schouten 30 Jul '13

30 Jul '13

Hi folks, Seems not all phones use 3V signaling if the PHONE-side VCC pin is tied to 3V. This one insists on 1.8V : BLU SAMBA JR PLUS Is this trick of tying VCC to 3V standard behavior? For future version of the board, it might be interesting to tie the VCC pin to an ADC input, to detect different voltage levels so the firmware can wait until phone decides to use 3V. Cheers Tom

3 4

ask about design sim card reader
by anak galer 25 Jul '13

25 Jul '13

hello , anyone have schematic design sim reader PC/SC , yesterday i'm make some reader but not support with PC/SC apps in here (http://git.osmocom.org/osmo-sim-auth | A smart card reader compatible with pcsc-lite) i think my card support with phoenix reader? and anyone can explain the differences between the PC / SC with phoenix sim reader or etc Regards

2 1

Fwd: Cellphone can't detect sim card
by Tali Budur 24 Jul '13

24 Jul '13

Hi! I have built 2 units of simtrace hardware recently. All the components came from digikey, I used the bom list from git. The PCBs are electrically tested. When I connected it to the pc, simtrace application can communicate with the device and I can debug it via the FTDI connection. The problem is, when I connect it to a cellphone, cellphone can not detect a sim card. Simtrace can detect vcc on, vcc off and rst signals from the cellphone however, cellphone can not detect the sim card. I used several different cell phones and sim cards. I also checked the connection between the cellhpone and simtrace. Couldn't find a problem. May I kindly request your help to solve the problem? Thanks,

2 1

rebooting the smartphone.
by Francisco Marinho 23 Jul '13

23 Jul '13

hi guys I have a problem with the simtrace, when I restart the smartphone some APDU are smaller than 8 bits, this is a know issue? Francisco Marinho

1 0

SIM tracer for Saleae Logic
by Tom Schouten 10 Jul '13

10 Jul '13

Hi List, This might be of interest to folks here. A couple of days ago I found out the Saleae Logichas an SDK that allows you to live stream raw sample data straight into a C++ application. Quite neat, as it can go to fairly high sample rates. Here is a proof of concept version of a live APDU protocol sniffer using the SL: https://github.com/zwizwa/sl-apdu Essentially it's just a UART state machine with some hardcoded ATR parsing (for the specific SIM card I have) which calls into apdu_split from git://git.osmocom.org/simtrace.git after the ATR handshake. I had a look at the ISO7816 parser in the SIMtrace firmware, but it's fairly tied to the hardware. With some refactoring it's probably easy to reuse. ( The sl-apdu repo has a first attempt to a dirty stub approach to run the original AT91 code. Probably not be the way to go.. ) Cheers Tom

1 0

Not able to open the SIMtrace user manual
by Shreyas Hegde 22 Jun '13

22 Jun '13

The user-manual downloaded fromhttp:// bb.osmocom.org/trac/attachment/wiki/SIMtrace/usermanual.pdf is indicated as damaged by PDF readers. Thanks and Regards Shreyas

2 1

Windows usage
by Hugo Soares 17 Jun '13

17 Jun '13

Hi guys, I'm thinking of making an application on top of simtrace, but my focus would be on Windows users. I'd like to know if the application runs ok on Windows systems. -- Atenciosamente, Hugo Frederico Soares

4 8

Incomplete trace (due to high-speed SIM?)
by Arthur Léna 22 May '13

22 May '13

Hello. I am trying to trace the communication between a Free Mobile (french operator) and an iPhone 4S. I am using the simtrace tool and libosmocore library taken from the Ubuntu PPA repository given in the user manual (ppa:holger+lp/osmocom). I tried booting the iPhone using 2 different SIMs (this one from Free Mobile and another one) and the trace seems very short using the Free Mobile in comparison to the other one. By parsing the ATRs of both SIMs, I found out that the communication is done at 312500 bits/s with the Free Mobile SIM and only 78125 bits/s (for a clock running at 5MHz). Could this explain the loss of entire ADPUs by the tracer? If yes, is there a way to remedy to this problem (firmware update for example). Best regards, Arthur Léna FYI: the ATRS of both SIM cards Free Mobile: 3B 9E 96 80 1F C7 80 31 E0 73 FE 21 1B 66 D0 01 77 97 0D 00 EC TA(1) = 0x96 Fi=512, Di=32, 16 cycles/ETU (250000 bits/s at 4.00 MHz, 312500 bits/s for fMax=5 MHz) A1: 3B 3F 94 00 80 69 AF 03 0F 07 A4 00 00 06 0E 83 3E 9F 16 TA(1) = 0x94 Fi=512, Di=8, 64 cycles/ETU (62500 bits/s at 4.00 MHz, 78125 bits/s for fMax=5 MHz)

2 1

Feedback on micro-SIM (3ff) FPC adapter cables
by Harald Welte 04 May '13

04 May '13

Hi all, as we are getting more and more inquiries for micro-SIM (3FF) FPC adapters for the SIMtrace, I would like to inquire on this list before we go into productin. My main inquiry is about the orientation. As you know, the current mini-SIM adapters come in four flavors, one for each of the possible orientations. Hoewever, as there are still few phones with 3FF SIM card support, I was hoping we don't need to produce 3FF FPC adapter cables for all four orientations. Does anyone on this list know which orientations exist and which don't? This would help us to proceed quickly with manufacturing the adapters, without spending extensive amounts of time researching on required orientations. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

2 1

SIMtrace Hardware Kit (Sysmocom)
by Joe Loxley 02 May '13

02 May '13

Good morning, I was wondering where I would be able to the following item, if it is through yourselves then please can I obtain a quote for 1 unit. SIMtrace Hardware Kit (Sysmocom) Regards Joe Loxley Business Account Manager <http://www.upgrade.co.uk/> Upgrade Options Ltd Clocktower Greenhills Rural Enterprise Centre Greenhills Estate Tilford Surrey GU10 2DZ Direct Dial: Group Dial: Switchboard: Fax: E-mail: Web: +44 (0)871 231 1905 +44 (0)871 231 1908 +44 (0)871 231 1900 +44 (0)871 231 1921 joel(a)upgrade.co.uk <mailto:joel@upgrade.co.uk> www.upgrade.co.uk <http://www.upgrade.co.uk> For e-commerce services including EDi, FTP and XML providing access to real time stock, accounting and order processing contact your account manager today. Why not subscribe to our e-mail newsletter? Send a blank e-mail with "SUBSCRIBE" in the subject line to: subscribe(a)mail.upgrade.co.uk <mailto:subscribe@mail.upgrade.co.uk?subject=SUBSCRIBE> View a sample at www.upgrade.co.uk/offers/sample.html <http://www.upgrade.co.uk/offers/sample.html> DISCLAIMER: Click here to view online <http://www.upgrade.co.uk/disclaimer.asp> Follow @upgradeoptions <http://twitter.com/upgradeoptions> Follow @upgradeoptions <http://twitter.com/upgradeoptions> Tweet <http://twitter.com/share> <http://api.addthis.com/oexchange/0.8/forward/facebook/offer?pco=tbxnj-1 .0&url=http%3A%2F%2Fwww.upgrade.co.uk&pubid=xa-4e70a80a51439ff5> <http://api.addthis.com/oexchange/0.8/forward/twitter/offer?pco=tbxnj-1. 0&url=http%3A%2F%2Fwww.upgrade.co.uk&pubid=xa-4e70a80a51439ff5> <http://www.addthis.com/bookmark.php?source=tbxnj-1.0&=250&pubid=xa-4e70 a80a51439ff5&url=http%3A%2F%2Fwww.upgrade.co.uk%20> <> <http://api.qrserver.com/v1/create-qr-code/?data=http%3A%2F%2Fwww2.upgra de.co.uk%2Fsupport%2Fcare&size=110x110>

2 1

Create File APDU for GRCard SIM
by Matt S 23 Apr '13

23 Apr '13

Hello, I'm struggling to get the 'CREATE FILE' APDU to work on a GRCard SIM. I'm using the cyberflex-shell in interactive mode to send apdu's. Even though I verify ADM pin 5, and follow the format on the wiki ( http://openbsc.osmocom.org/trac/wiki/GrcardSIM), I still get the reponse 0x9804 from the cards. I must be missing a step? Below is my failed session with a SIM, trying to create FID 0xabcd under 3f00/7f20. Any guidance is greatly appreciated. ATR: 3b 99 18 00 11 88 22 33 44 55 66 77 60 (;....."3DUfw`) (ISO 7816-4) > raw a0 20 00 05 08 44 44 44 44 44 44 44 44 -------------------------------------------------------------------------------- Beginning transaction 0 >> 0000: a0 20 00 05 08 44 44 44 44 44 44 44 44 . ...DDDDDDDD << 0000: 90 00 .. Ending transaction 0 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Beginning transaction 1 >> 0000: a0 a4 00 00 02 3f 00 .....?. << 0000: 9f 17 .. Ending transaction 1 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Beginning transaction 2 >> 0000: a0 a4 00 00 02 7f 20 ...... << 0000: 9f 17 .. Ending transaction 2 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Beginning transaction 3 >> 0000: 80 cf 00 01 0a ab cd 01 31 01 00 00 00 00 ff ........1...... << 0000: 98 04 .. Ending transaction 3 --------------------------------------------------------------------------------

2 2

SIM detection failing on Samsung Galaxy S III
by Rupert Lloyd 17 Mar '13

17 Mar '13

We received a simtrace board a few weeks ago and have been able to successfully use it on a Google NexusOne and iPhone 4s (using a dual SIM adapter). When we have tried it on two different Samsung Galaxy S III devices both were unable to detect the sim card. We verified that we could read the same sim cards when placed in other devices. Has anyone else had success or failures on using recent 3G/4G devices? Are there more tests I could run to isolate the cause? Rupert

2 1

Timestamp at log entry
by Hugo Soares 15 Mar '13

15 Mar '13

Hi all, Is it possible to get some kind of time measurement with log entries? I'd like to check how much time the sim spends processing a command. Which files of firmware should I start looking for this? Thanks! -- Atenciosamente, Hugo Frederico Soares

1 0

getting MAC failure using osmo-sim-auth for 3G/USIM authentication
by Rupert Lloyd 11 Mar '13

11 Mar '13

Good Afternoon, I am trying to perform USIM/3G authentication using osmo-sim-auth and ran into the same problem as Stefanos: http://lists.osmocom.org/pipermail/simtrace/2012-November/000406.html I followed Benoit's advice to view the details as follows (using the inputs from the web page): > rand_bin = stringToByte(a2b_hex('00000000000000000000000000000000')) > autn_bin = stringToByte(a2b_hex('ec9320c2c2000000e1dd22c1ad3e2d3d')) > u.authenticate(RAND=rand_bin, AUTN=autn_bin,ctx='3G') > u.coms() ['INTERNAL AUTHENTICATE apdu: 00 88 00 81 22 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 EC 93 20 C2 C2 00 00 00 E1 DD 22 C1 AD 3E 2D 3D', 'sw1, sw2: 98 62 - undefined status', (152, 98), []]

3 3

Host usage under Windows
by Hugo Soares 04 Mar '13

04 Mar '13

Hi guys! Some time ago I stopped by asking what would one do to compile under Windows, and it was suggested to use cygwin to build the application and than use it with cygwin dll to run it under linux. Well, I'm having some issues to do that...

5 20

[ANNOUNCE] OsmoDevCon 2013-04-04 till 2013-04-07, Berlin
by Harald Welte 26 Feb '13

26 Feb '13

Dear fellow Osmcoom developers, it is my pleasure to finally announce the date + venue of OsmoDevCon 2013: Date: April 04 through April 07, 2013 Place: IN-Berlin, Lehrter Str. 53, Berlin Like last year, this is an event for developers of the various Osmocom proejects. Reservation and confirmation of reservation is required. The event is free of charge. The Room is made available by IN-Berlin e.V., an Internet related non-profit organization. Lunch catering will be sponsored (so far by sysmocom GmbH, but if any other sponsors come up, we are happy to share the cost). So all you have to cover is your own travel + accomodation costs, as well as breakfast and dinner. If you are an active developer and cannot afford travel/accomodation, please let me know and I'll see if we can do something about it. If you would like to attend, please send a message to laforge(a)gnumonks.org applying for registration of the event. The registration deadline is March 5, i.e. one week from now. There is no detailed schedule of talks yet. I will start a separate discussion suggesting / collecting topics in the next couple of days. More information is (and will be made) available at http://openbsc.osmocom.org/trac/wiki/OsmoDevCon2013 Further discussion regarding the event should be directed at the osmocom-event-orga(a)lists.osmocom.org mailing list, to avoid cross-posting over the various project-specific lists. Best regards and happy hacking, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

USB commands
by Samuel Weinbeck 20 Feb '13

20 Feb '13

Hi all, I am playing around with the USB commands in SIMTrace but I'm having a bit of trouble. I wrote a short python script to send a GET_VERSION command. However, only the first one is received by the board. If I run it, the first time I will see a GET_VERSION in the debug terminal. If I try again, however many times, I do not see any output. Why is this? The script: ---snip--- #!/usr/bin/python import usb.core import usb.util cmd="\x01\x00\x00\x00" dev=usb.core.find(idVendor=0x16c0, idProduct=0x0762) dev.set_configuration() dev.write(1, cmd, 0) ---snip---

2 2

Initialization log
by Hugo Soares 07 Feb '13

07 Feb '13

Hi guys, My group bought a SIMTrace board from you and we're waiting for it to arrive. In the meantime, would you mind sending a log collected with it? Log should have the initial communication (including ATR) until network registration. Is that too much trouble? -- Atenciosamente, Hugo Frederico Soares

2 1

PLL
by Samuel Weinbeck 31 Jan '13

31 Jan '13

I'm wondering if the SIMTRACE board can be made to operate faster with the PLL provided by the Atmel microcontroller. I'm looking around in src/start/Cstartup_SAM7.c but I'm a bit confused by the values. The Atmel PLL filter calculator doesn't allow dividing by 24 and multiplying by 125 with Fin=18.432MHz, R1=1000, C1=10nF, C2=1nF.

1 0

Buffer size
by Samuel Weinbeck 31 Jan '13

31 Jan '13

Where in the firmware can the buffer size be decreased?

2 2

simtrace freeze
by Stefanos Malliaros 10 Jan '13

10 Jan '13

Good evening. I have the same problem as i have read that some other have My simtrace seems to freeze and stop processing. i read a solution of changing the buffer size. should i try to do that or update to the latest firmware? Thanks Stefanos Malliaros

2 2

usim adapter
by "Roger Jardi Cedó" 17 Dec '12

17 Dec '12

Dear all, I'm traying to snoop a samsung galaxy s3, but I've noticed this mobile has usim and it is uncompatible withe the PCB SIM adapter. Is there a PCB usim adapter or another kind of adapter permitting connect the SIMtrace device? Thanks in advance!!!! ;) Roger Jardí Personal de Suport a la Recerca Grup de recerca CRISES Departament d'Enginyeria Informàtica i Matemàtiques Universitat Rovira i Virgili Despatx 132 Av. Països Catalans 26 43007 TARRAGONA Tel. +34 977 55 82 70

3 4

sim emulation
by "Roger Jardi Cedó" 11 Dec '12

11 Dec '12

Dear all, I'am asking how can I emulate a sim/smartcard with my SIMtrace. Could you say to me if I need an extra software or change any jumper etc? I have not found no documentation about that... Thank you very much. Roger Jardí Personal de Suport a la Recerca Grup de recerca CRISES Departament d'Enginyeria Informàtica i Matemàtiques Universitat Rovira i Virgili Despatx 132 Av. Països Catalans 26 43007 TARRAGONA Tel. +34 977 55 82 70

3 2

T=0 and T=1 sniffer
by "Roger Jardi Cedó" 21 Nov '12

21 Nov '12

Dear all, I'am new in this mailing list. I'am a PhD. student at the University Rovira i Virgili studying smart cards (SC). I would like to log transmitted apdus between reader and SC (like credit card, ID card, sim, etc). I've recently bought a cheap sniffer (season interface) but I have problems with it, I lose data sniffing any smart card type (iso-7816). I'm asking if your device (v1.1) is valid for this purpose. Note that v2 would be compatible with credit card sized smart cards (ID-1 and ID-000 smart card slots (with presence detection): so to be able to also sniff credit card sized smart cards). However, I've read too that v1.1 is capable to read smart card with both modes (T=0 and T=1) with proper accessories (http://shop.sysmocom.de/products/fullsize-sim-fpc and http://shop.sysmocom.de/products/sim-adapter). It is possible? With this device, I will log any smart card type? Roger Jardí Personal de Suport a la Recerca Grup de recerca CRISES Departament d'Enginyeria Informàtica i Matemàtiques Universitat Rovira i Virgili Despatx 132 Av. Països Catalans 26 43007 TARRAGONA Tel. +34 977 55 82 70

5 8

Re: simtrace Digest, Vol 19, Issue 6
by Stefanos Malliaros 19 Nov '12

19 Nov '12

actually the error is 98 62 which is invalid mac. i have checked tha apdu and it is correct (as the 31.102 describes). the MAC as i read is produced y the f1. MAC = f1_K (SQN || RAND || AMF) i think that the SQN i import is the problem then On 11/19/2012 01:00 PM, simtrace-request(a)lists.osmocom.org wrote: > Send simtrace mailing list submissions to > simtrace(a)lists.osmocom.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.osmocom.org/mailman/listinfo/simtrace > or, via email, send a message with subject or body 'help' to > simtrace-request(a)lists.osmocom.org > > You can reach the person managing the list at > simtrace-owner(a)lists.osmocom.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of simtrace digest..." > > > Today's Topics: > > 1. Re: osmo-sim-auth (Harald Welte) > 2. Re: osmo-sim-auth (Stefanos Malliaros) > 3. Re: osmo-sim-auth (benoit michau) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 18 Nov 2012 12:08:33 +0100 > From: Harald Welte <laforge(a)gnumonks.org> > To: Stefanos Malliaros <stefmalli89(a)gmail.com> > Cc: simtrace(a)lists.osmocom.org > Subject: Re: osmo-sim-auth > Message-ID: <20121118110832.GP8595(a)prithivi.gnumonks.org> > Content-Type: text/plain; charset=us-ascii > > On Fri, Nov 16, 2012 at 01:08:18PM +0200, Stefanos Malliaros wrote: >> /and i get as response the number 152 which in hex is 98. > 98xx is a security related parameter. Did you make sure to disable the > PIN? osmo-sim-auth does not support cards with active PIN. >

1 0

Fwd: Re: T=0 and T=1 sniffer
by "Roger Jardi Cedó" 19 Nov '12

19 Nov '12

1 0

osmo-sim-auth
by Stefanos Malliaros 18 Nov '12

18 Nov '12

Good evening. I would like to ask some questions about osmo-sim-auth. First of all i have installed it and i am capable of doing 2g authentications with the parameters -r -s However i face some problems with the 3g authentication. I have checked my cards through windows and they are usim. When i run the command /./osmo-sim-auth.py -r 00000000000000000000000000000000 -a ec9320c2c2120000c8b7de2a3449f1bd /i get as response the following/ Traceback (most recent call last): File "./osmo-sim-auth.py", line 114, in <module> handle_usim(options, rand_bin, autn_bin) File "./osmo-sim-auth.py", line 44, in handle_usim if len(ret) == 1: TypeError: object of type 'NoneType' has no len() /I tried to find where the problem is and i have found that the problem is possibly in the if statement in file USIM.py in line 296 ( /if self.coms()[2][0] in (0x9F, 0x61):/) i put before that line the following to see the value that is compared in the if /print self.coms()[2][0] /and i get as response the number 152 which in hex is 98. I also put a print 'aaaa' below the if statement to see if the print will be executed. Unfortunately the i didn't see the 'aaaa' message on the screen. Do you know what should i do or where to search to fix this problem? Thanks.

3 4

Serial console
by Samuel Weinbeck 12 Nov '12

12 Nov '12

What are the correct settings to access the debug terminal on the SIMtrace hardware? I cannot find this documented on the website.

2 4

Modifying simtrace firmware
by Samuel Weinbeck 09 Nov '12

09 Nov '12

Hello, I am interested in modifying the firmware of the simtrace device to perform modifications on the data sent back to the phone. Is there any documentation on how this can be done? I could not find any on the website. I looked at the source a little bit but I am hoping someone here can give me a jump-start on the best way to do this. Thanks, Sam W.

3 2

simtrace v1.1 class c support
by DOREEN ssssss 26 Oct '12

26 Oct '12

Hi, is there a way to bring class c support to hardware revision 1.1 (hardware mod)? Or is beta schematic of hardware revision 2.0 available? gz me

2 1

Code offer
by Vlastimil Páviček 25 Oct '12

25 Oct '12

Hello, some years ago I have developed a working SIM card emulator for Silver Wafer Card (PIC16F877 and 24LC256). It supports GSM 11.11 and GSM 11.14 standards and is fully functional inside cell phone (so far I have been using it for 10+ years). Unfortunately it is written in somewhat rusty PIC assembly -- still it might be usable for your purposes. I have published it on "https://github.com/vlp/ssim", so feel free to have a look. Best regards VLP

3 3

Re: simtrace Digest, Vol 18, Issue 3
by Stefanos Malliaros 18 Oct '12

18 Oct '12

Thanks for all the answers. Everything is fine up to now. May i ask if you know a list of the available apdu commands for SIM and USIM? Thanks On 10/18/2012 01:00 PM, simtrace-request(a)lists.osmocom.org wrote: > Send simtrace mailing list submissions to > simtrace(a)lists.osmocom.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.osmocom.org/mailman/listinfo/simtrace > or, via email, send a message with subject or body 'help' to > simtrace-request(a)lists.osmocom.org > > You can reach the person managing the list at > simtrace-owner(a)lists.osmocom.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of simtrace digest..." > > > Today's Topics: > > 1. SIMtrace hardware questions (Stefanos Malliaros) > 2. Re: SIMtrace hardware questions (Kevin Redon) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 17 Oct 2012 21:57:58 +0300 > From: Stefanos Malliaros <stefmalli89(a)gmail.com> > To: simtrace(a)lists.osmocom.org > Subject: SIMtrace hardware questions > Message-ID: <507EFFB6.3050600(a)gmail.com> > Content-Type: text/plain; charset=UTF-8; format=flowed > > Good evening. > > I am interested in your SIMtrace hardware board and i would like to ask > a few questions if possible. ( http://bb.osmocom.org/trac/wiki/SIMtrace) > > First of all i am interested in sniffing data between both SIM and USIM. > As a result, i would like to ask if your product fully works with these > cards and if i will be able to capture all the data between the mobile > terminal and the (U)SIM. (eg. usim authentication) > > Furthermore, i have some queries about the wireshark integration. > The wireshark intefration supports the GSMTAP protocol. this protocol is > used in order to parse the data between the SIM card and the mobile > terminal. Does this protocol also supports parsing data between the USIM > and the mobile terminal? > > Thanks > > Stefanos > > > > ------------------------------ > > Message: 2 > Date: Thu, 18 Oct 2012 00:47:05 +0200 > From: Kevin Redon <ml(a)mail.tsaitgaist.info> > To: simtrace <simtrace(a)lists.osmocom.org> > Subject: Re: SIMtrace hardware questions > Message-ID: <1350513125-sup-6210@dennou> > Content-Type: text/plain; charset=UTF-8 > > Hi, > > Excerpts from Stefanos Malliaros's message of Wed Oct 17 20:57:58 +0200 2012: >> Good evening. >> >> I am interested in your SIMtrace hardware board and i would like to ask >> a few questions if possible. ( http://bb.osmocom.org/trac/wiki/SIMtrace) >> >> First of all i am interested in sniffing data between both SIM and USIM. >> As a result, i would like to ask if your product fully works with these >> cards and if i will be able to capture all the data between the mobile >> terminal and the (U)SIM. (eg. usim authentication) > Yes, SIMtrace is capable of sniffing the communication between (U)SIM and mobile. > To be more precise, 2 transmission protocols exist: T=0, and T=1. > T=0 is the default and most common protocol used. It is fully supported by SIMtrace. > If the (U)SIM and phone both support T=1, and the (U)SIM prefers T=1 and the phone follows this preference, or the phone wants to use it (because it's faster), then T=1 can be used. > It is not too different to T=0, but the sniffing and decoding is not implemented in SIMtrace. > The hardware supports it, but not the software (yet). This is still a todo for the moment, but low priority because rarely used. > Also there have been some corner cases concerning T=0 with high or curious data rates. This lead to faulty decoding but was fixed for the known cases. > If you have such a corner case, please tell the mailing list, and it should be fixed. > >> Furthermore, i have some queries about the wireshark integration. >> The wireshark intefration supports the GSMTAP protocol. this protocol is >> used in order to parse the data between the SIM card and the mobile >> terminal. Does this protocol also supports parsing data between the USIM >> and the mobile terminal? > Only the APDU (messages exchanged using T=0 or T=1) decoding for SIM has been implemented into wireshark. > Most of the commands in USIM are similar to SIM, but there are some exceptions where the parsing will go wrong (USIM only APDU type, and some commands). > > regards, > kevin > > > > > ------------------------------ > > _______________________________________________ > simtrace mailing list > simtrace(a)lists.osmocom.org > https://lists.osmocom.org/mailman/listinfo/simtrace > > > End of simtrace Digest, Vol 18, Issue 3 > ***************************************

2 1

SIMtrace hardware questions
by Stefanos Malliaros 18 Oct '12

18 Oct '12

Good evening. I am interested in your SIMtrace hardware board and i would like to ask a few questions if possible. ( http://bb.osmocom.org/trac/wiki/SIMtrace) First of all i am interested in sniffing data between both SIM and USIM. As a result, i would like to ask if your product fully works with these cards and if i will be able to capture all the data between the mobile terminal and the (U)SIM. (eg. usim authentication) Furthermore, i have some queries about the wireshark integration. The wireshark intefration supports the GSMTAP protocol. this protocol is used in order to parse the data between the SIM card and the mobile terminal. Does this protocol also supports parsing data between the USIM and the mobile terminal? Thanks Stefanos

2 1

Oct 3, 8pm / Osmocom Berlin User Group meeting?
by Nico Golde 09 Oct '12

09 Oct '12

Hi all! I *think* Harald is pretty busy and also unlikely to attend prospective meeting tomorrow. Also there is bank holiday tomorrow in Germany and at least I personally will use that to stay away from technology for a bit, so I won't come. Nevertheless, I thought I'd write this email to remind people that in theory there is a meeting tomorrow and discuss if other people attend. I personally would propose to shift the meeting to next week (for purely selfish reasons ;). As far as I know, there is no formal presentation tomorrow. Anyway, will anyone attend tomorrow or is everyone in favor of shifting a week? In case it takes place, for the people who did not attend so far, the usual snippet from Harald's mails: Oct 3, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Cheers Nico

5 5

Sept 19, 8pm / Osmocom Berlin User Group meeting
by Harald Welte 19 Sep '12

19 Sep '12

Hi all! This is the announcement for the next Osmocom Berlin meeting. Sept 19, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin There is no formal presentation scheduled for this meeting. If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

2 1

Introducing libosmosim
by Harald Welte 16 Sep '12

16 Sep '12

Hi! I've been hacking away a bit on a new library 'libosmosim' whihc is scheduled to become part of libosmocore. In fact, as the automake integration has been cleaned up, I'll probably merge it master any day now. The idea of this library is to * understand the EF/DF hierarchy if GSM SIM, ETSI UICC and 3GPP USIM * provide encoding and decoding routines for at least the most important EFs * decode the binary data into a generic data structure which can be used by some form of a GUI application * be able to re-encode from the generic parsed structure into the binary form, possibly after modification from the UI * be able to transact APDUs via T0 and T1 on PC/SC and other reader interfaces, e.g. the OsmocomBB SIM interface So the primary purpose of this is to be able to have a tool for meaningful (human-readable/writable) modification of all files on a programmable SIM card, such as the sysmoSIM-GR1 (and other cards where you have the ADM PIN that gives you write permission). Other useful purposes on the horizon of the library could be: * implementation of a generic SIM/UICC/USIM simulator based on user-created input, or based on 'ripped' SIM cards (well, you have to provide the key in some way). The current status is still quite experimental, but you can already see the major parts: * mapping of APDU and TPDU (only T=0 so far) on to 'struct msgb struct osim_file_ops encode and decode callbacks for a given file struct osim_file_desc node in the hierarchical description of filesystem tree struct osim_decoded_data the runtime representation of a decoded file: struct osim_decoded_element one decoded element in a decoded file struct osim_card_sw status + bitmask + human readable description struct osim_card_profile full description profile of card, including filesystem hierarchy, status words and card-specific commands struc osim_reader_hdl represents a card reader (currently a slot in a reader, not sure really how to represent multi-slot readers like sim-banks yet). primarily consist of osim_reader_ops struc osim_card_hdl representing a card inside a reader struc osim_chan_hdl currently just a dummy. intended for logical channel support most of the existing code is in src/sim/*.c, while some not-yet-cleaned-up example code is in utils/osmo-sim-test.c. There are gaps everywhere all over the place, and I think it will take quite some time to fill those gaps. Current roadmap: * properly integrate all parts, so with a single call you can read in the tree of all EFs of a card into their in-memory representation * verify that the APIs for encoding/decoding functions work the way they are before writing 'all' the EF decode/encode routines * add more decoded element types, such as location area codes and the like So if you survived this mail until this point, I think you are a prime candidate for contributing some code. Let me know if you're interested in helping out. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

4 11

[terminal profile] Additional informations.
by Denis 'GNUtoo' Carikli 10 Sep '12

10 Sep '12

Hi, I'd like to add the baseband revision which is: '1.7.4.0 (Date: Jan 5 2011, Time: 11:14:34)' to that entry: https://terminal-profile.osmocom.org/decode.php?tp=1700e8421100000080000000… In additionnal information(it wasn't clear at the execution of terminal profile that I could put the baseband version there...). By the way I'd like to test the impact of having free libraries/deamons(like fsogsmd, free android RILs like the samsung-ril+libsamsung-ipc) that resides on the Application processor, and which talk to the baseband(compared to the default non-free libraries), if I do that, should I leave a note in "additionnal information"? if so, what should I tell? Denis.

2 1

Sept 5, 8pm / Osmocom Berlin User Group meeting
by Harald Welte 05 Sep '12

05 Sep '12

Hi all! This is the announcement for the next Osmocom Berlin meeting. Sept 05, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin There is no formal presentation scheduled for this meeting. If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Regards, Harald [p.s.: I myself will not be able to attend tonight, but I'm sure you will be able to do just fine (or even better?)] -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

Aug 22, 8pm / Osmocom Berlin User Group meeting
by Harald Welte 21 Aug '12

21 Aug '12

Hi all! This is the announcement for the next Osmocom Berlin meeting. Aug 22, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin There is no formal presentation scheduled for this meeting. However, updates will be provided on various current developments, such as * Progress on the CC32RS512 smart card (osmo-cos) * Possibly: Status of current attempts to get CSD implemented in OpenBSC If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

Re: August 8, 8pm / Osmocom meeting in Berlin
by Harald Welte 07 Aug '12

07 Aug '12

Hi Matihas, On Mon, Aug 06, 2012 at 11:17:27PM +0200, Mathias K. wrote: > Where is the conference number? ;-). It would be nice to meet this > event virtually for none berlin citizens. Sorry, I don't really like the idea of having an unknown number of people listening in on conversations we have face to face. > Maybe there is some planning, maybe there is no reason/possibility to > do that. But there are some interesting topics that i want to hear, > maybe discuss. I suggest that you post any comments / questions / topics to the respective mailing lists. -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

August 8, 8pm / Osmocom meeting in Berlin
by Harald Welte 06 Aug '12

06 Aug '12

Hi all! This is the announcement for the next Osmocom Berlin meeting. Aug 08, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin Harald will be giving a short presentation on contemporary smartphone hardware architecture. Furthermore, updates and discussions on various current developments will be exchanged, such as * Demo of OsmoPCU on sysmoBTS * Status of new SMSC * Planning phase of custom calypso board If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Updates and the blog post can be found here: http://openbsc.osmocom.org/trac/blog/osmug-20120808 -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

Problem in installing wireshark simtrace on openSUSE 12.1
by Anand Prakash 02 Aug '12

02 Aug '12

Dear All, I have installed openSUSE 12.1 KDE and VMware perfectly, now I am trying to install wireshark simtrace by usig following 3 steps which are as follows... *1>* zypper addrepo http://download.opensuse.org/repositories/home, :/zecke23/openSUSE_11.4/ home:zecke23.repo *Result: *Repository succesfully added. *2>*zypper refresh This command also succesfully worked. *3>* zypper install wireshark simtrace *Result:* This command encounter the following results.... Loading repository data... Reading installed packages... Resolving package dependencies... * " Problem: nothing provides libgnutls.so.26 needed by wireshark-1.6.5-18.1.i586"* * Solution 1: do not install wireshark-1.6.5-18.1.i586, Solution 2: break wireshark by ignoring some of its dependencies.* Please suggest me for the problem, " Problem: nothing provides libgnutls.so.26 needed by wireshark-1.6.5-18.1.i586" -- *Thanks & regards* *Anand Prakash*

3 2

installing simtrace on suse linux enterprise server 10
by Rishabh Agarwal 27 Jul '12

27 Jul '12

Hello every one, I have a machine running suse linux enterprise server 10 SP2. Can I install simtrace and wire shark on it if yes then how? Please help. Thanks, Rishabh

2 2

Poll: Osmocom meeting 25th of July?
by Harald Welte 23 Jul '12

23 Jul '12

Hi all! On Wednesday, 25th of July we would have the next Osmocom meeting berlin. However, neither Holger nor I will be in Berlin on that day to host the event. I also know that Tobias will not be in Berlin. Nonetheless, if there are other people that want to meet up, there is no reason to not hold it! So I would like to get some feedback on who would want to attend next wednesday. If there are a couple of people, I'll try to find somebody who can open the CCCB for you. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

5 6

TODAY: Jul 11, 8pm / Osmocom meeting in Berlin
by Harald Welte 11 Jul '12

11 Jul '12

Hi all! This is the announcement for the next Osmocom Berlin meeting. Jul 11, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin There is no formal presentation scheduled for this meeting. However, updates will be provided on various current developments, such as * Progress in development of GPRS PCU * Status of Osmocom UMA/GAN controller development * Planning phase of custom calypso board * OsmoSDR roadmap If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Updates and the blog post can be found here: http://openbsc.osmocom.org/trac/blog/osmug-20120711 Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

help on pc-phone interface
by Gabriele.rago 28 Jun '12

28 Jun '12

Hello all, I would do a sim-emulator software that runs on my PC. First thing to do is a an interface to connect my PC with sim slot phone. So I am using this simple interface : I took a CP2102 module, see this page for example http://esaid.free.fr/Cdotnet/USB_serial.htm, then I have put a diode between TXD and RXD, then I have connected RXD to I/O of phone sim slot, DSR of CP2102 module to RESET of phone sim slot and connected the two grounds.          __________                                                       |         |________   TXD                               +5V------|         |     |                                        DP------|  CP2102 |___ \/__   RXD   -------  I/O phone sim slot  DM------|         |                                              GND-----|         |---------  DSR   ------- RESET phone sim slot          |         |                                                      |_________|--------   GND   ------- GND  phone sim slot I have tested this interface with a phone , I can detect reset from phone then I send this ATR: 3B 16 95 D0 01 7B BD 0D 00 ( this is the ATR I can read form a real sim card with a phoenix reader), but I don't have any response from phone. Any help is appreciated, thanks.

4 3

TOMORROW: Jun 27, 8pm / Osmocom meeting in Berlin
by Holger Hans Peter Freyther 26 Jun '12

26 Jun '12

Hi all! This is the announcement for the next Osmocom Berlin meeting. Jun 27, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin Nico will talk about SAP (SIM Access Profile) in osmocomBB. If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around. Updates and the blog post can be found here[1]. Regards, Holger [1] http://openbsc.osmocom.org/trac/blog/osmug-20120627

1 0

TODAY: May 23, 7pm / Osmocom meeting in Berlin
by Harald Welte 23 May '12

23 May '12

Hi all! This is the announcement for the 4th incarnation of our bi-weekly Osmocom Berlin meeting. May 23, 7pm @ CCC Berlin, Marienstr. 11, 10113 Berlin There is no particular schedule for now, but if there is interest we can do an introduction + demo of the new sysmoBTS. Also, I'll have my SIMtrace with me, to read out TERMINAL PROFILE from phones for https://terminal-profile.osmocom.org/ . So if you have any phones to read out: Please bring them (with charged battery or charger!) So we'll just meet + talk. There seem to be some SMSC related questions that we would want to adress, so you have been warned ;) If you are interested to show up, feel free to do so. There is no registration required. The meeting is free as in "free beer", despite no actual free beer being around ;) Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

Collaborative database of TERMINAL PROFILE
by Harald Welte 21 May '12

21 May '12

Hi all! Kevin has done a wonderful job of creating a tool for collaborative collection of TERMINAL PROFILE data of mobile phones. See: https://geekblog.kevredon.org/?p=592 https://terminal-profile.osmocom.org/ I'm looking forward to see contributions by all SIMtrace owners. After all, you no longer need to be a programmer to contribute now. All you need is a SIMtrace and a couple of phones, which is probably true for most people on this list. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

3 4

FIXED: ATR + first APDU in one message
by Harald Welte 18 May '12

18 May '12

Hi! FYI: the last git commit (6ea973b79ef8f53a250313f34218680a7b5fb1b4) in the firmware directory has fixed the problem that for certain cards, the first APDU was transmitted together with the ATR in the first GSMTAP message. I am currently trying to fix some other bugs (particularly the known issue regarding high-speed cards) and will make a v0.6 firmware release once that is done. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

7816 implementation in SIMtrace
by Eran Duchan 18 May '12

18 May '12

Hi list, A few questions regarding the 7816 driver, while I wait for my SIMtrace board to arrive: 1) It is stated in the hardware section that the datasheet for the SAM7S does not specify working as a slave, and this is indeed the case. How did this slave implementation come about? Trial and error or is this an officially supported mode? 2) The SAM3S also has no mention of 7816 slave mode, and I noticed v2.0 of the hardware will be based on this uC. Has this been verified to work? 3) I'm trying to understand why compute_fidi_ratio() returns a multiplication of fi, di instead of division if di > 8. Didn't see anything that states this requirement in the SAM7S datasheet (table 31-5). Thanks! Eran

2 4

May 09, 7pm / Osmocom meeting in Berlin
by Harald Welte 02 May '12

02 May '12

Hi all! This is the announcement for the 3rd incarnation of our bi-weekly Osmocom Berlin meeting. May 09, 7pm @ CCC Berlin, Marienstr. 11, 10113 Berlin The schedule is as follows: 19:00 Introduction / Workshop on Osmocom SIMtrace (Kevin Redon) Kevin will introduce SIM/USIM/UICC cards, present what SIMtrace is and how it works, as well as how to use it to trace communication between SIM card and phone. 20:00 Informal discussions If you are interested to show up, feel free to do so. There is no registration required. If the initial part is not interesting to you, feel free to join us later at 20:00. The meeting is free as in "free beer", despite no actual free beer being around ;) Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

[PATCH] eabi: Remove EABI functions to fix building with EABI toolchains
by Holger Hans Peter Freyther 08 Apr '12

08 Apr '12

These symbols are not referenced on an arm-elf gcc 4.7, they are used when building with an arm-eabi gcc 4.7 and then cause linking issues. The linking to libgcc can not be omitted as the irq code is using ffs. Remove the EABI symbols. The alternative would be to declare the EABI as weak inside the lib1funcs. Link error: multiple definition of `__udivsi3' multiple definition of `__aeabi_uidiv' Exported symbols: nm lib/lib1funcs.o 00000000 t Ldiv0 00000010 T __div0 --- firmware/lib/lib1funcs.S | 99 ---------------------------------------------- 1 file changed, 99 deletions(-) diff --git a/firmware/lib/lib1funcs.S b/firmware/lib/lib1funcs.S index 92a6c56..87890db 100644 --- a/firmware/lib/lib1funcs.S +++ b/firmware/lib/lib1funcs.S @@ -205,105 +205,6 @@ Boston, MA 02111-1307, USA. */ .endm -ENTRY(__udivsi3) -ENTRY(__aeabi_uidiv) - - subs r2, r1, #1 - moveq pc, lr - bcc Ldiv0 - cmp r0, r1 - bls 11f - tst r1, r2 - beq 12f - - ARM_DIV_BODY r0, r1, r2, r3 - - mov r0, r2 - mov pc, lr - -11: moveq r0, #1 - movne r0, #0 - mov pc, lr - -12: ARM_DIV2_ORDER r1, r2 - - mov r0, r0, lsr r2 - mov pc, lr - - -ENTRY(__umodsi3) - - subs r2, r1, #1 @ compare divisor with 1 - bcc Ldiv0 - cmpne r0, r1 @ compare dividend with divisor - moveq r0, #0 - tsthi r1, r2 @ see if divisor is power of 2 - andeq r0, r0, r2 - movls pc, lr - - ARM_MOD_BODY r0, r1, r2, r3 - - mov pc, lr - - -ENTRY(__divsi3) -ENTRY(__aeabi_idiv) - - cmp r1, #0 - eor ip, r0, r1 @ save the sign of the result. - beq Ldiv0 - rsbmi r1, r1, #0 @ loops below use unsigned. - subs r2, r1, #1 @ division by 1 or -1 ? - beq 10f - movs r3, r0 - rsbmi r3, r0, #0 @ positive dividend value - cmp r3, r1 - bls 11f - tst r1, r2 @ divisor is power of 2 ? - beq 12f - - ARM_DIV_BODY r3, r1, r0, r2 - - cmp ip, #0 - rsbmi r0, r0, #0 - mov pc, lr - -10: teq ip, r0 @ same sign ? - rsbmi r0, r0, #0 - mov pc, lr - -11: movlo r0, #0 - moveq r0, ip, asr #31 - orreq r0, r0, #1 - mov pc, lr - -12: ARM_DIV2_ORDER r1, r2 - - cmp ip, #0 - mov r0, r3, lsr r2 - rsbmi r0, r0, #0 - mov pc, lr - - -ENTRY(__modsi3) - - cmp r1, #0 - beq Ldiv0 - rsbmi r1, r1, #0 @ loops below use unsigned. - movs ip, r0 @ preserve sign of dividend - rsbmi r0, r0, #0 @ if negative make positive - subs r2, r1, #1 @ compare divisor with 1 - cmpne r0, r1 @ compare dividend with divisor - moveq r0, #0 - tsthi r1, r2 @ see if divisor is power of 2 - andeq r0, r0, r2 - bls 10f - - ARM_MOD_BODY r0, r1, r2, r3 - -10: cmp ip, #0 - rsbmi r0, r0, #0 - mov pc, lr #ifdef CONFIG_AEABI -- 1.7.9.5

3 2

Unable to compile firmware
by Marnix Janse 07 Apr '12

07 Apr '12

Greetings to you all. This is my first message to this mailinglist. I received the SIMtrace hardware this week and I seem to get stuck at the point of making the firmware at this point: make BOARD=SIMTRACE DEBUG=1 TARGET=main_simtrace I am following the usernamual2.pdf,and I am trying to use my head, so far without too much success. The step before that is going fine: make -f Makefile.dfu BOARD=SIMTRACE Can anyone point me in the right direction on what toolchain to use and help me with the make-ussues below? Thank you, Marnix ------------------------------------------------------------------------------------------------------------------------------------------------ - I tried: - Linux-builds: CentOS 6.2 64-bitsVM, a CentOS 6.2 32-bitsVM and finally an Ubuntu 11.10 32-bits VM. - ARM-toolchain: GNU-arm (from the Wiki) and the CodeSourcery (advised at the openpcd website) - Result: With GNUarm: marnix@ubuntu:~/openpcd/firmware$ make BOARD=SIMTRACE DEBUG=1 TARGET=main_simtrace -------- begin (mode: RUN_FROM_ROM) -------- arm-elf-gcc (GCC) 3.4.3 Copyright (C) 2004 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Assembling (ARM-only): src/start/Cstartup_app.S arm-elf-gcc -c -mcpu=arm7tdmi -I. -x assembler-with-cpp -DRUN_FROM_ROM -D__AT91SAM7S128__ -Wa,-adhlns=src/start/Cstartup_app.lst,--gdwarf-2 -Iinclude/ -D__ASSEMBLY__ src/start/Cstartup_app.S -o src/start/Cstartup_app.o /home/marnix/gnuarm/bin/../lib/gcc/arm-elf/3.4.3/../../../../arm-elf/bin/as: unrecognized option '--gdwarf-2' make: *** [src/start/Cstartup_app.o] Error 1 When I change DEBUG-format from dwarf-2 to stabs I get this error: DEBUGF = stabs #DEBUGF = dwarf-2 Linking: main_simtrace.elf arm-elf-gcc -mcpu=arm7tdmi -I. -gstabs -DRUN_FROM_ROM -D__MS_types__ -D__LIBRFID__ -DDEBUG -DSIMTRACE -D__AT91SAM7S128__ -Isrc/simtrace -Iinclude -Isrc -O2 -Wall -Wextra -Wcast-align -Wimplicit -Wunused -Wpointer-arith -Wswitch -Wredundant-decls -Wreturn-type -Wshadow - Wbad-function-cast -Wsign-compare -Waggregate-return -Wa,-adhlns=src/start/Cstartup_app.lst -I../../librfid//include/ -ffunction-sections -fdata-sections -MD -MP -MF .dep/main_simtrace.elf.d src/start/Cstartup_app.o lib/changebit.o lib/clearbit.o lib/setbit.o lib/testchangebit.o lib/testclearbit.o lib/testsetbit.o lib/lib1funcs.o lib/div64.o lib/lib_AT91SAM7.o lib/vsprintf.o lib/ctype.o lib/string.o src/os/pcd_enumerate.o src/os/fifo.o src/os/dbgu.o src/os/led.o src/os/req_ctx.o src/os/trigger.o src/os/main.o src/os/syscalls.o src/os/usb_handler.o src/os/usb_benchmark.o src/os/tc_cdiv.o src/os/pit.o src/os/pwm.o src/os/pio_irq.o src/os/usbcmd_generic.o src/os/wdt.o src/os/blinkcode.o src/os/system_irq.o src/os/flash.o src/simtrace/iso7816_uart.o src/simtrace/tc_etu.o src/simtrace/sim_switch.o src/simtrace/spi_flash.o src/simtrace/main_simtrace.o --output main_simtrace.elf - nostartfiles -Wl,-Map=main_simtrace.map,--cref -lc -lgcc -L../../librfid//src/.libs/ -Wl,--gc-sections -Wl,--entry=_startup -Tlink/AT91SAM7S128-ROM-sam7dfu-app.ld src/simtrace/sim_switch.o(.bss.stats+0x0): In function `sim_switch_init': src/simtrace/sim_switch.c:69: multiple definition of `stats' src/simtrace/iso7816_uart.o(.bss.stats+0x0):src/simtrace/iso7816_uart.c:668: first defined here src/simtrace/spi_flash.o(.bss.stats+0x0): In function `spiflash_id': src/simtrace/spi_flash.c:137: multiple definition of `stats' src/simtrace/iso7816_uart.o(.bss.stats+0x0):src/simtrace/iso7816_uart.c:668: first defined here src/simtrace/main_simtrace.o(.bss.stats+0x0): In function `_main_func': src/simtrace/main_simtrace.c:220: multiple definition of `stats' src/simtrace/iso7816_uart.o(.bss.stats+0x0):src/simtrace/iso7816_uart.c:668: first defined here collect2: ld returned 1 exit status make: *** [main_simtrace.elf] Error 1 With CodeSourceryARM-toolchain: Linking: main_simtrace.elf arm-none-eabi-gcc -mcpu=arm7tdmi -I. -gdwarf-2 -DRUN_FROM_ROM -D__MS_types__ -D__LIBRFID__ -DDEBUG -DSIMTRACE -D__AT91SAM7S128__ -Isrc/simtrace -Iinclude -Isrc -O2 -Wall -Wextra -Wcast-align -Wimplicit -Wunused -Wpointer-arith -Wswitch -Wredundant-decls -Wreturn-type - Wshadow -Wbad-function-cast -Wsign-compare -Waggregate-return -Wa,-adhlns=src/start/Cstartup_app.lst -I../../librfid//include/ -ffunction-sections -fdata-sections -MD -MP -MF .dep/main_simtrace.elf.d src/start/Cstartup_app.o lib/changebit.o lib/clearbit.o lib/setbit.o lib/testchangebit.o lib/testclearbit.o lib/testsetbit.o lib/lib1funcs.o lib/div64.o lib/lib_AT91SAM7.o lib/vsprintf.o lib/ctype.o lib/string.o src/os/pcd_enumerate.o src/os/fifo.o src/os/dbgu.o src/os/led.o src/os/req_ctx.o src/os/trigger.o src/os/main.o src/os/syscalls.o src/os/usb_handler.o src/os/usb_benchmark.o src/os/tc_cdiv.o src/os/pit.o src/os/pwm.o src/os/pio_irq.o src/os/usbcmd_generic.o src/os/wdt.o src/os/blinkcode.o src/os/system_irq.o src/os/flash.o src/simtrace/iso7816_uart.o src/simtrace/tc_etu.o src/simtrace/sim_switch.o src/simtrace/spi_flash.o src/simtrace/main_simtrace.o --output main_simtrace.elf -nostartfiles -Wl,-Map=main_simtrace.map,--cref -lc -lgcc -L../../librfid//src/.libs/ -Wl,--gc-sections -Wl,--entry=_startup -Tlink/AT91SAM7S128-ROM-sam7dfu-app.ld /root/CodeSourcery/Sourcery_CodeBench_Lite_for_ARM_EABI/bin/../lib/gcc/arm-none-eabi/4.6.1/libgcc.a(_udivsi3.o): In function `__aeabi_uidiv': (.text+0x0): multiple definition of `__udivsi3' lib/lib1funcs.o:/root/openpcd/firmware/lib/lib1funcs.S:183: first defined here /root/CodeSourcery/Sourcery_CodeBench_Lite_for_ARM_EABI/bin/../lib/gcc/arm-none-eabi/4.6.1/libgcc.a(_udivsi3.o): In function `__aeabi_uidiv': (.text+0x0): multiple definition of `__aeabi_uidiv' lib/lib1funcs.o:/root/openpcd/firmware/lib/lib1funcs.S:183: first defined here collect2: ld returned 1 exit status make: *** [main_simtrace.elf] Error 1

3 6

New v0.5 simtrace firmware release
by Harald Welte 26 Mar '12

26 Mar '12

Hi all! Just in time before OsmoDevCon, I managed to releaes a new version of the SIMtrace firmware. The list of changes is quite extensive and should address a number of the reliability problems that people have experienced. The changes include: * don't activate pass-through and LDO supply for the sim card at the same time, leading in power leaking from simtrace into phones * fix a watchdog timer misconfiguration leading to occasional watchdog resets * fix detection of sim insert/removal * better VCC_PHONE detection * reduce the amount of debug logging on the serial console and replace it by statistics (count of bytes, overruns, parity errors, etc) * statistics can be read from the UART by pressing 't'. * no longer crash the simtrace firmware if no simtrace host program is running Using this v0.5 firmware and a pretty aggressiv program causing lots of traffic (hunz' simdump) on a cm3121 reader at card Fi(9) Di(4) ratio 64 didn't cause any lost bytes or SIMtrace resets for me anymore. Any feedback is appreciated. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

3 7

question
by Krzysztof Zajac 26 Mar '12

26 Mar '12

Hello, I'm interesting of this device to sniff APDUs. Can we talk a bit more details? BR Krzysztof Z.

2 1

Loosing 1 byte on each chunk of URB transfer
by Myonium 21 Mar '12

21 Mar '12

Hi It seems to me that simtrace looses a byte between 2 URB transfers from the device. To trace the problem down, I wrote a little test-program, running the same APDU against the smart card. I’m using simtrace to trace the card on the HW level and at the very same time I trace on the PCSC layer of the OS. Of cause the 2 APDU traces should give exactly the same results. Surprisimgly I found that the simtrace is swallowing one byte between two URB chunks transferred. Please find below the 2 logs A.) PCSC trace, B.) simtrace output. In this example simtrace is missing 1 byte (“7F”) between the two URB chunks a.) and b.). This missing byte causes to scrow up the analyser (APDU number 5). The same problem occurs also between the next two URB chunks b.) and c.): This time a “00” gets lost ... etc etc. A.) The PCSC traces as reference: ======================================= 1.) transmitted: 80 C2 00 00 28 D8 00 01 6F 00 F5 EF BF B1 8C 76 16 00 0E 43 6F 6E 74 65 6E 74 4D 61 6E 61 67 65 72 00 C0 4B 4E 7F BD 00 04 4D 53 43 4D received: 61 05 2.) transmitted: 00 C0 00 00 05 received: 01 00 00 00 05 90 00 3.) transmitted: 80 C2 00 00 12 D8 00 05 6F 00 C0 4B 4E 7F BD DE EC 00 04 4D 53 43 4D received: 61 0F 4.) transmitted: 00 C0 00 00 0F received: 00 D2 5D 1C 11 27 00 07 37 2E 31 2E 30 2E 30 90 00 5.) transmitted: 80 C2 00 00 14 D8 00 05 6F 00 C0 4B 4E 7F BD 81 87 00 04 4D 53 43 4D 05 00 received: 61 1A 6.) transmitted: 00 C0 00 00 1A received: 00 D2 5D 1C 45 A3 00 00 00 10 2E 4E 45 54 57 01 13 51 21 9C 77 14 27 14 FF FF 90 00 7.) transmitted: 80 C2 00 00 12 D8 00 05 6F 00 C0 4B 4E 7F BD FA 3B 00 04 4D 53 43 4D received: 61 12 8.) transmitted: 00 C0 00 00 12 received: 00 D2 5D 1C 45 A3 00 00 00 08 83 17 65 55 19 7E A5 EB 90 00 9.) transmitted: 80 C2 00 00 1E D8 00 05 6F 00 C0 4B 4E 7F BD 24 FE 00 04 4D 53 43 4D 00 00 00 08 FC 66 34 93 BD 58 68 54 received: 90 00 10.) transmitted: 80 C2 00 00 13 D8 00 05 6F 00 C0 4B 4E 7F BD 6D 08 00 04 4D 53 43 4D 02 received: 61 0A 11.) transmitted: 00 C0 00 00 0A received: 00 D2 5D 1C 61 C0 00 00 00 05 90 00 B.) The simtrace output: ================================================ simtrace - GSM SIM and smartcard tracing (C) 2010 by Harald Welte <laforge(a)gnumonks.org> Entering main loop URB: 01 01 00 00 3b 16 96 41 73 74 72 69 64 ATR APDU: 3b 16 96 41 73 74 72 69 64 a.) URB: 01 00 00 00 80 c2 00 00 28 c2 d8 00 01 6f 00 f5 ef bf b1 8c 76 16 00 0e 43 6f 6e 74 65 6e 74 4d 61 6e 61 67 65 72 00 c0 4b 4e 7f bd 00 04 4d 53 43 4d 61 05 00 c0 00 00 05 c0 01 00 00 00 05 90 00 80 c2 00 00 12 c2 d8 00 05 6f 00 c0 4b 4e 7f bd de ec 00 04 4d 53 43 4d 61 0f 00 c0 00 00 0f c0 00 d2 5d 1c 11 27 00 07 37 2e 31 2e 30 2e 30 90 00 80 c2 00 00 14 c2 d8 00 05 6f 00 c0 4b 4e 1.) APDU: 80 c2 00 00 28 d8 00 01 6f 00 f5 ef bf b1 8c 76 16 00 0e 43 6f 6e 74 65 6e 74 4d 61 6e 61 67 65 72 00 c0 4b 4e 7f bd 00 04 4d 53 43 4d 61 05 2.) APDU: 00 c0 00 00 05 01 00 00 00 05 90 00 3.) APDU: 80 c2 00 00 12 d8 00 05 6f 00 c0 4b 4e 7f bd de ec 00 04 4d 53 43 4d 61 0f 4.) APDU: 00 c0 00 00 0f 00 d2 5d 1c 11 27 00 07 37 2e 31 2e 30 2e 30 90 00 b.) URB: 01 00 00 00 bd 81 00 04 4d 53 43 4d 05 00 61 1a 00 c0 00 00 1a c0 00 d2 5d 1c 45 a3 00 00 00 10 2e 4e 45 54 57 01 13 51 21 9c 77 14 27 14 ff ff 90 00 80 c2 00 00 12 c2 d8 00 05 6f 00 c0 4b 4e 7f bd fa 3b 00 04 4d 53 43 4d 61 12 00 c0 00 00 12 c0 00 d2 5d 1c 45 a3 00 00 00 08 83 17 65 55 19 7e a5 eb 90 00 80 c2 00 00 1e c2 d8 00 05 6f 00 c0 4b 4e 7f bd 24 fe 00 04 4d 53 43 4d 00 00 5.) APDU: 80 c2 00 00 14 d8 00 05 6f 00 c0 4b 4e bd 81 00 04 4d 53 43 4d 05 00 61 1a 00 c0 APDU: 00 00 1a c0 00 d2 5d APDU: 1c 45 a3 00 00 00 10 APDU: 2e 4e 45 54 57 01 13 APDU: 51 21 9c 77 14 27 14 APDU: ff ff 90 00 80 c2 00 APDU: 00 12 c2 d8 00 05 6f APDU: 00 c0 4b 4e 7f bd fa APDU: 3b 00 04 4d 53 43 4d APDU: 61 12 00 c0 00 00 12 APDU: c0 00 d2 5d 1c 45 a3 APDU: 00 00 00 08 83 17 65 APDU: 55 19 7e a5 eb 90 00 c.)URB: 01 04 00 00 08 fc 66 34 93 bd 58 68 54 d.)URB: 01 04 00 00 90 00 80 c2 00 00 13 c2 d8 00 05 6f 00 c0 4b 4e 7f bd 6d 08 00 04 4d 53 43 4d 02 61 0a 00 c0 00 00 0a c0 00 d2 5d 1c 61 c0 00 00 00 05 90 00 APDU: 80 c2 00 00 1e d8 00 05 6f 00 c0 4b 4e 7f bd 24 fe 00 04 4d 53 43 4d 00 00 08 fc 66 34 93 bd 58 68 54 90 00 80 APDU: c2 00 00 13 c2 d8 00 APDU: 05 6f 00 c0 4b 4e 7f APDU: bd 6d 08 00 04 4d 53 APDU: 43 4d 02 61 0a 00 c0 APDU: 00 00 0a c0 00 d2 5d APDU: 1c 61 c0 00 00 00 05 URB: 01 01 00 00 3b 16 96 41 73 74 72 69 64 ATR APDU: 3b 16 96 41 73 74 72 69 64 ========================================================== Is this a problem of simtrace or the firmware? Am I using a wrong firmware? Thanks, Ben

5 19

SIM Trace Appears to Stop Processing APDUs
by Jonathan Thomas 21 Mar '12

21 Mar '12

Environment: We have tested on three systems with both Ubuntu and OpenSUSE. Additionally, we have tested with both VMs and as a core system install. Software Installed: Installed the latest using the instructions from the user manual. Issue: With testing against all three of the SIMTrace modules we purchased we have found the trace appears to lock-up or freeze randomly through processing of the APDUs. Since the phone still functions properly I am assuming that the communication between the SIM and the phone are still intact, it is just an issue with the output to screen/file output. Has anyone else experienced this issue? We will try and flash the firmware, but since we saw this issue with all of the hardware we purchased we assumed there might be some other issue. Thank you. Jonathan

4 7

sysmosim - Greencard
by Arjen Smit 09 Mar '12

09 Mar '12

Dear all, Hopefully this is the right list for some questions on the SysmoSIM (aka Greencard). I have set the PIN1, PUK1, PIN1, PUK1, ADM1, AUK1, ADM2, AUK2 using the non-standard APDU (80 D4 ..) successfully using the cyberflex-shell. Verification of CHV1 and CHV2 are fine as well. (A0 20 00 01 08 ...) However verification of ADM2 (which I need because I want to change the Authentication algorithm) A0 20 00 0B 08 30 30 30 30 30 30 30 30 returns status : 98 02 (no chv initialized). It looks like I use the wrong APDU sequence for verifying ADM2 (I tried some other sequences as well (e.g A0 20 00 0A .. to A0 20 00 0D ..) but no luck. My main question is : What APDU sequence is needed to verify ADM2 ? Secondary less important questions: -When thinking about AUK1, AUK2, what are these used for ? -Do the cards support 03.48 OTA specs (if yes, can the Kic, Kid be set ?) -Are there actually any specs of these cards available ? (google gives www.elektroda.pl/rtvforum/download.php?id=351846 which matches the ATR of the card, however this spec is of little use though). Thanks in advance for your help. /Arjen

2 2

What can be logged?
by Florian Borggräfe 06 Mar '12

06 Mar '12

Hello, i have a question about the functionality of the Osmoscon SimTrace hardware system. Can I log everything, also packets like silent SMS (https://en.wikipedia.org/wiki/SMS#Silent_SMS)? Thank you for your request. Flo

3 3

1.1p board not recognized
by Martin Kaiser 19 Feb '12

19 Feb '12

Dear all, I'm struggling to get started with a 1.1p board. When I connect it via USB (with no simcard inserted and no connection to a phone), the red led is on. Sometimes, both leds remain off after connecting the board when I have a simcard inserted and a phone connected. On one box (debian lenny), the board is never recognized by lsusb or kernel messages. Do I need anything special (other than basic usb support) compiled into the kernel for libusb to do its work in user space? I tried dfu-util -l, the board wasn't listed. On a second box (debian squeeze) there's log messages when the usb is connected Feb 15 22:34:44 greta kernel: [186232.651806] usb 1-1.1: new full speed USB device using ehci_hcd and address 13 Feb 15 22:34:44 greta kernel: [186232.745566] usb 1-1.1: New USB device found, idVendor=16c0, idProduct=0762 Feb 15 22:34:44 greta kernel: [186232.745573] usb 1-1.1: New USB device strings: Mfr=4, Product=5, SerialNumber=0 Feb 15 22:34:44 greta kernel: [186232.745577] usb 1-1.1: Product: SimTrace SIM Sniffer - Runtime Mode Feb 15 22:34:44 greta kernel: [186232.745581] usb 1-1.1: Manufacturer: sysmocom - systems for mobile communications GmbH Feb 15 22:34:44 greta kernel: [186232.745694] usb 1-1.1: configuration #1 chosen from 1 choice lsusb doesn't show anything either the red led is on after connecting, simtrace (linked against libusb-1.0) says "can't open USB device" After some more tries, dfu-util recognizes the board root@greta:~# dfu-util -l dfu-util - (C) 2007-2008 by OpenMoko Inc. This program is Free Software and has ABSOLUTELY NO WARRANTY dfu-util does currently only support DFU version 1.0 Found DFU: [0x16c0:0x0762] devnum=17, cfg=0, intf=0, alt=0, name="SimTrace DFU Interface - Application Partition" Found DFU: [0x16c0:0x0762] devnum=17, cfg=0, intf=0, alt=1, name="SimTrace DFU Interface - Bootloader Partition" Found DFU: [0x16c0:0x0762] devnum=17, cfg=0, intf=0, alt=2, name="SimTrace DFU Interface - RAM" However, I'm not able to write a firmware. I tried the main_simtrace.bin that Harald posted to this list some days ago. root@greta:~# dfu-util -d 16c0:0762 -a0 -D /home/martin/tmp/main_simtrace.bin -R dfu-util - (C) 2007-2008 by OpenMoko Inc. This program is Free Software and has ABSOLUTELY NO WARRANTY dfu-util does currently only support DFU version 1.0 Opening USB Device 0x16c0:0x0762... Found Runtime: [0x16c0:0x0762] devnum=17, cfg=0, intf=0, alt=0, name="SimTrace DFU Interface - Application Partition" Claiming USB DFU Interface... Setting Alternate Setting #0 ... Determining device status: state = dfuERROR, status = 8 dfuERROR, clearing status Determining device status: state = dfuIDLE, status = 0 dfuIDLE, continuing Transfer Size = 0x0100 bytes_per_hash=417 Starting download: [#################################################dfu_download: usb_control_msg returned -32: error sending control message: Broken pipe Error during download Retrying multiple times, I always get the same error. I tried resetting the board with the bootloader button pressed, this didn't change anything. While trying to flash the firmware, there was no sim inserted and no phone connected. Does anyone have an idea what else I can try to track down the problems and get the board up and running? Thanks in advance, Martin

3 5

Corrupted git repository?
by Myonium 16 Feb '12

16 Feb '12

Hi I’m not very familiar with git, but there is something strange with the git repository “git://git.gnumonks.org/openpcd.git”: First of all the the identical revision number “4f7ca20bf40b911c035264d86ef0359d20e7ac88” appears several times: git rev-parse --all 4f7ca20bf40b911c035264d86ef0359d20e7ac88 4f7ca20bf40b911c035264d86ef0359d20e7ac88 4f7ca20bf40b911c035264d86ef0359d20e7ac88 f49cbc1f2503f737a96296993133aec065910935 4f7ca20bf40b911c035264d86ef0359d20e7ac88 3aa065ac48f21ce7c4d0879686fb07b04a60771f 45c13574ff89e3139567943e6a6cae82e754eab0 0febfc567d3f9441811a5490f0ea4d960798d313 Compiling “4f7ca20bf40b911c035264d86ef0359d20e7ac88” results in a not working firmware, even so the changes (PPS changes from Harald) are all correct. (I applied these changes to the v0.4 firmware (revision ebf16b4ddf0dcbadf96aebdec3304f703917fdc7) and it works all nicely.) Could somebody have a look ... Regards, Ben

1 0

SIM dissector now wireshark mainline
by Harald Welte 06 Feb '12

06 Feb '12

Hi all! JFYI, the SIM protocol dissector has finally been merged into wirshark mainline (svn rev. 40854). This means that the daily builds from https://www.wireshark.org/download/automated/osx/ and https://www.wireshark.org/download/automated/win32/ will now work out-of-the-box for SIM card tracing, without applying any patches. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

Getting started - unable to connect to the device
by Mat 31 Jan '12

31 Jan '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, I have a v1.1p production board, and I am having problems getting started. I am running Arch Linux, so some things may be different from a Debian base. I have not yet tried interfacing the board from a Ubuntu/Debian workstation. I have succesfully compiled SIMtrace and its dependencies. The problem is at no point have I gotten a connection to the board. dmesg shows nothing and lsusb never shows the device. I have libusb configured on this system and programmed other avr devices. I tried to access the board with SAM-BA by following the firmware page. I only see the red LED faintly light when I'm jumping VCC to test, but nothing once I reconnect USB. I am right to assume that with a newly acquired board, I have to flash it with the firmware? Do you have any clues to help me talk to the SIMTrace board? I haven't found much explanation of bootloader and reset buttons on the wiki... Should I simply try with and Ubuntu/Debian workstation? Thanks, Mat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk8ks/kACgkQsluIOvRklphpcQEAvZNvtBPS376K5emsLfsYQhhk pQTKYwNy7US8/W8Z4GwBAKE8Qyu8URJmF4gZ1kzJgdzFQuo2918GmNaXSCTvT0nS =5g4w -----END PGP SIGNATURE-----

6 10

Problems
by Martin Paljak 29 Jan '12

29 Jan '12

Hello, I have a v1.1p running Version 0.4 compiled 20120113-094258 by ich@sanmingze, connected between a Nokia 1616 and a macbook pro. Host side software (including libusb) is from Git and running inside a VMWare Fusion Debian 6 32bit VM. The SIM card is: http://smartcard-atr.appspot.com/parse?ATR=3b9f95801f438031e073362113574a33… Everything seems to work every now and then (I got a successful trace of the things that interest me yesterday) but it doesn't seem to be predictable. After following the "a problematic sim" thread I added more logging to the simtrace application and generated a log. The symptom is that everything works from phone startup, but then stalls. After some time (when starting the OTA SIM application) simtrace ends with "error usb bulk in .. -9" The serial debug console doesn't show more than the initial startup. Do I understand correctly that the fix proposed in "a problematic sim" is for the firmware, which is not yet present in my version? I attach the output from simtrace with the additional logging. Any ideas? Is it OK to use simtrace from virtual machine or is bare hardware required/best ? Thanks, Martin

4 9

LTE SIM traces, anyone?
by Harald Welte 26 Jan '12

26 Jan '12

Hi all, I was wondering if anyone has access to a LTE device (like a 4G USB dongle) and has been able to trace the communication between the SIM card and the device yet. If so, it would be great to get some traces. Feel free to patch out the IMSI, PIN number or any other private details (or simply filter those messages, if you care to). Thanks in advance, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

3 4

apdu_split issue described (was: Re: Problems)
by Martin Paljak 25 Jan '12

25 Jan '12

Hello again. I took the place where simtrace fails to produce meaningful output and continued manually. Does the included file and comments make any sense? It will take me some time to bite through the concept of parsing the bytestream into APDU-s in the existing apdu_split code, maybe somebody more familiar recognizes a possible issue or a solution. Best, Martin On Wed, Jan 25, 2012 at 15:55, Martin Paljak <martin(a)martinpaljak.net> wrote: > Hello, > > On Wed, Jan 25, 2012 at 11:40, Martin Paljak <martin(a)martinpaljak.net> wrote: >> Hello, >> >> I have a v1.1p running Version 0.4 compiled 20120113-094258 by >> ich@sanmingze, connected between a Nokia 1616 and a macbook pro. >> Host side software (including libusb) is from Git and running inside a >> VMWare Fusion Debian 6 32bit VM. > > This seems to be a problem of the apdu_split method. After studying > the protocol a bit and taking the URB-s from the generated log file > and feeding it through some python, I can construct APDU-s that > actually look sensible, but which are badly parsed by simtrace (not > parsed at all, thus the "deadlock" feeling without extra logging) or > some bytes get lost in between and the state machine breaks. I'm > looking into it, maybe I can come up with a patch. Here is the > troublesome part from the traffic: > > > URB 20: 01 00 00 00 ff ff ff ff ff 90 00 00 a4 08 04 04 a4 7f ff 6f 07 > 61 1e 00 c0 00 00 1e c0 62 1c 82 02 41 21 83 02 6f 07 a5 03 da 01 02 > 8a 01 05 8b 03 6f 06 05 80 02 00 09 > 88 01 38 90 00 00 a4 08 04 04 a4 7f ff 6f 32 61 1d 00 c0 00 00 1d c0 > 62 1b 82 02 41 21 83 02 6f 32 a5 03 da 01 02 8a 01 05 8b 03 6f 06 05 > 80 02 01 2c 88 00 90 00 00 b0 00 00 00 > b0 ff ff ff ff ff ff ff ff ff ff ff ff > process_usb_msg(), payload: ff ff ff ff ff 90 00 00 a4 08 04 04 a4 7f > ff 6f 07 61 1e 00 c0 00 00 1e c0 62 1c 82 02 41 21 83 02 6f 07 a5 03 > da 01 02 8a 01 05 8b 03 6f 06 05 80 0 > 2 00 09 88 01 38 90 00 00 a4 08 04 04 a4 7f ff 6f 32 61 1d 00 c0 00 00 > 1d c0 62 1b 82 02 41 21 83 02 6f 32 a5 03 da 01 02 8a 01 05 8b 03 6f > 06 05 80 02 01 2c 88 00 90 00 00 b0 > 00 00 00 b0 ff ff ff ff ff ff ff ff ff ff ff ff > APDU: 00 b0 00 00 10 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 90 00 > APDU: 00 a4 08 04 04 7f ff 6f 07 61 1e > APDU: 00 c0 00 00 1e 62 1c 82 02 41 21 83 02 6f 07 a5 03 da 01 02 8a > 01 05 8b 03 6f 06 05 80 02 00 09 88 01 38 90 00 > APDU: 00 a4 08 04 04 7f ff 6f 32 61 1d > APDU: 00 c0 00 00 1d 62 1b 82 02 41 21 83 02 6f 32 a5 03 da 01 02 8a > 01 05 8b 03 6f 06 05 80 02 01 2c 88 00 90 00 > URB 21: 01 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > process_usb_msg(), payload: ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > URB 22: 01 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff 90 00 00 a4 > process_usb_msg(), payload: ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff > ff ff ff ff ff ff ff ff ff ff ff ff ff ff 90 00 00 a4 > URB 23: 01 00 00 00 00 04 02 a4 6f 40 61 20 00 c0 00 00 20 c0 62 1e 82 > 05 42 21 00 18 05 83 02 6f 40 a5 03 da 01 02 8a 01 05 8b 03 6f 06 06 > 80 02 00 78 88 00 90 00 00 a4 00 04 02 a4 6f 3b 61 20 00 c0 00 00 20 > c0 62 1e 82 05 42 21 00 22 64 83 02 6f 3b a5 03 da 01 02 8a 01 05 8b > 03 6f 06 07 80 02 0d 48 88 00 90 00 00 a4 00 04 02 a4 6f 49 61 20 00 > c0 00 00 20 c0 62 1e 82 05 42 21 00 22 0a 83 > process_usb_msg(), payload: 00 04 02 a4 6f 40 61 20 00 c0 00 00 20 c0 > 62 1e 82 05 42 21 00 18 05 83 02 6f 40 a5 03 da 01 02 8a 01 05 8b 03 > 6f 06 06 80 02 00 78 88 00 90 00 00 a4 00 04 02 a4 6f 3b 61 20 00 c0 > 00 00 20 c0 62 1e 82 05 42 21 00 22 64 83 02 6f 3b a5 03 da 01 02 8a > 01 05 8b 03 6f 06 07 80 02 0d 48 88 00 90 00 00 a4 00 04 02 a4 6f 49 > 61 20 00 c0 00 00 20 c0 62 1e 82 05 42 21 00 22 0a 83 > > > How exactly is the stream from the device supposed to be split into > APDU-s, a la PC/SC, with a request and a response? The current format > confuses me a bit. I understand that this is right now totally the > reponsibility of the parser. > > I'm fairly new to the GSM/SIM world, but fairly well versed in layers > above PC/SC (and some CCID), is there some documentation on how to get > a grip on this? > > Best, > Martin

1 0

Patching Wireshark-1.6 with simcard-for-wireshark-1.6.patch is failing
by Jan Henrik Krågtorp 21 Jan '12

21 Jan '12

I am having problems patching Wireshark with the simtracer patch. I am using a Debian VM: root@osmocom:/home/omsocom/simtrace/host# uname -a Linux osmocom 2.6.32-5-686 #1 SMP Thu Nov 3 04:23:54 UTC 2011 i686 GNU/Linux == The patching == root@osmocom:/home/osmocom/wireshark-1.6# cat simcard-for-wireshark-1.6.patch | patch -p 0 patching file epan/dissectors/packet-card_app_toolkit.c patching file epan/dissectors/packet-gsm_sim.c patching file epan/dissectors/packet-gsmtap.c Hunk #2 FAILED at 300. 1 out of 3 hunks FAILED -- saving rejects to file epan/dissectors/packet-gsmtap.c.rej patching file epan/dissectors/Makefile.common == The reject file of the patching attempt == root@osmocom:/home/osmocom/wireshark-1.6# cat epan/dissectors/packet-gsmtap.c.rej --- epan/dissectors/packet-gsmtap.c (revision 38554) +++ epan/dissectors/packet-gsmtap.c (working copy) @@ -300,6 +301,13 @@ col_set_str(pinfo->cinfo, COL_PROTOCOL, "GSMTAP"); + /* Some GSMTAP types are completely unrelated to the Um air interface */ + switch (type) { + case GSMTAP_TYPE_SIM: + call_dissector(sub_handles[GSMTAP_SUB_SIM], payload_tvb, pinfo, tree); + return; + } + if (arfcn & GSMTAP_ARFCN_F_UPLINK) { col_append_str(pinfo->cinfo, COL_RES_NET_SRC, "MS"); col_append_str(pinfo->cinfo, COL_RES_NET_DST, "BTS"); Any advice on how to solve this issue? regards Jan H

2 1

No output when tracing a Gemalto Cryptoflex ,NET card
by jeremy brookfield 16 Jan '12

16 Jan '12

This is my first post to this list so a little introduction, I work in security engineering for a large company that uses smart cards for authentication and encryption. I am having trouble trying to use smart cards from an OSX client over Citrix. The same cards work from a Windows client. Hence the interest in being able to trace all APDUs in a non-OS specific format. When I use simtrace with e.g. Gemalto Cyberflex cards, the APDU are shown as I would expect. However, when the card type is a Gemalto Cryptoflex .NET alI see is the ATR APDU. The Cryptoflex .NET cards are newer and supports a higher baud rate. Could this explain why the APDUs are not shown? There's a somewhat vague statement in the simatrace documentation to this effect.

3 5

git repository up to date?
by Myonium 14 Jan '12

14 Jan '12

Hi Which version of the firmware is on git repository "git://git.gnumonks.org/openpcd.git"? There are v.02 , v.03 and v.04 firmwares mentioned. But I could not find any branches nor version information in the master branch ... I would like to patch the latest osx branch with the ATR /APDU patch ... [1] http://lists.osmocom.org/pipermail/simtrace/2011-December/000193.html However I get strange effects: Only a few bytes are shown on Smartcard inserts and the ATR's reported back to the application on the Mac are incorrect . Btw. does firmware version and simtace client version have to match? Thanks, Ben

2 1

MitM firmware status
by Dominique Parolin 12 Jan '12

12 Jan '12

Hi, as I could not find any udpates since July 2011 about MitM capable firmware here, or on the Wiki page I wanted to check if there is currently active development of a MitM firmware ? I would like to use it to manipulate fields from a physical SIM / UICC in real-time, e.g. non user editable fields like EF OPLMNwAcT. As a next step I would like to develop a tool that simulates a UICC with several applications on it, so that only the authentication is being made by the real UICC / SIM and utilize the simtrace HW as the physical interface. However the key to this is a proper firmware to interact with the ME <-> UICC communication in real time. I have written some classes and decoder for specific fields in Python (using Smartcard and a PCSC compatible reader) that can read and write, authenticate etc. however I lack the ability to write the firmware on my own. Regards, Dominique

5 5

Upgrading from v0.3 to v0.4
by Holger Hans Peter Freyther 10 Jan '12

10 Jan '12

Hi all, for the OSX USB fix (ZLP) I changed the signature of functions provided by the DFU/bootloader part of the firmware. The following procedure works for me. $ sudo dfu-util -a 1 -D ./dfu.bin $ sudo dfu-util -a 0 -D ./main_simtrace.bin reset the device

1 0

simtrace install on ubuntu 11.10
by vette 23 Dec '11

23 Dec '11

I have a fresh ubuntu 11.10 installation and cannot get the simtrace package to install. this command works and I get the expected results: sudo add-apt-repository ppa:holger+lp/osmocom this works too: sudo apt-get update as well as this: sudo apt-get install wireshark but when I do simtrace on the install line by itself or with wireshark, I get: E: Unable to locate package simtrace I see the ppa on launchpad.net has an entry for simtrace under oneiric (ubuntu 11.10), but it isn't finding it.

2 4

a problematic sim?
by Lukas Kuzmiak 18 Dec '11

18 Dec '11

Hello there, I've been playing with simtrace a lot lately, works almost flawlessly :) now i got to a simcard which behaves somehow weirdly: Lukass-MacBook-Air:host lukash$ ./simtrace simtrace - GSM SIM and smartcard tracing (C) 2010 by Harald Welte <laforge(a)gnumonks.org> Entering main loop ATR APDU: 3b 16 95 d0 00 45 f7 01 00 a0 a4 00 00 02 a4 7f 20 9f 20 a0 c0 00 00 20 c0 00 00 00 00 7f 20 02 00 00 00 00 00 13 33 00 18 04 00 83 8a 83 8a 00 01 00 00 06 fd 00 00 00 00 90 00 a0 a4 00 00 02 a4 3f 00 9f 20 a0 a4 00 00 02 a4 7f 20 9f 20 a0 c0 00 00 16 c0 00 00 00 00 7f 20 02 00 00 00 00 00 13 33 00 18 04 00 83 8a 83 8a 90 00 a0 a4 00 00 02 a4 6f b7 94 04 a0 a4 00 00 02 APDU: a4 6f 05 9f 0f a0 c0 it's everytime just this, exactly the same - there's an ATR and some select APDUs mixed together, something's not right. Nothing more appears even if I'm entering the pin, then the phone successfully initializes and authenticates to the network nothing is displayed, I've spent quite some time restarting, reflasing, recompiling everything because I thought my setup was somehow incorrect, but when I left everything as it was and only changed the sim for a different one, everything works just fine. Any idea what might be causing this? I can provide some debug info, just not sure what can be helpful, I have the ftdi cable for osmocom so I can try to connect it and see what's there if needed. P.S.: software and firmware are the latest what's in the git right now, I've patched the sources with that mac os x usb init patch as I only have a mac here. thanks, lukash

3 10

class C (+1.8V) capabilities
by Kevin Redon 18 Dec '11

18 Dec '11

Hi, I found out why class C (+1.8V) capable UICC are still used as class B (+3.3V). This is because the board provides +3.0V on VCC_PHONE, forcing the phone to use class B. this voltage is coming from VCC_SIM. Normally VCC_SIM should only get the power from VCC_PHONE (in sniffing mode), through the power switch FPF2005, or from the LDO AP3332 (in card reader). Currently both are enabled (bug). This should be prevented in software as there is no hardware mechanism to prevent that (fail). Some power from the LDO is going backwards though the power switch, providing +3.0V on VCC_PHONE (another hardware fail). Also, SIMtrace will not be able to decode +1.8V traffic because Vih (voltage input high level) is at +2.3V. One solution would be to power VDDIO at 1.8V, but this is a bad solution as the USB will not work anymore. For the v2 board I intend to have the following: - 1 translator/level shifter for SIM<->CPU, with selectable 1.8/3.3 - 1 translator/level shifter for PHONE<->CPU, with selectable auto/1.8/3.3 - VCC_SIM can be set to VCC_PHONE,1.8V,3.3V - power forward with diode behaviour any correction, comments or recommendation are welcome, kevin

2 2

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

simtrace