simtrace

simtrace@lists.osmocom.org

345 discussions

by Gabriel K. Gegenhuber

Hi all, I've got my hands on a simtrace2 device - first of all thanks for your great work and thanks for making this project open source! So far I've tried out the sniffing functionality which is working flawlessly - however I struggle to get the remote-sim functionality working. I've built (make BOARD=simtrace APP=cardem) the cardemulation-firmware of the current master-branch (0.4.131-8f70) and flashed the resulting simtrace-cardem-dfu.bin using dfu-util. Furthermore I compiled the host binaries, triggered a reset on my simtrace2 device to make sure it's in runtime mode and then executed the remote-sim program (sudo ./simtrace2-remsim -V 1d50 -P 60e3 -C 1 -I 0 -A `sudo ./simtrace2-list | cut -d = -f 2 | cut -d , -f 1 | tail -1`). The simtrace2 device, as well as an USB-CCID compliant omnikey cardreader are attached to my linux computer as described in the QMOD manual. During runtime mode the red LED on the simtrace2 is blinking, while the green LED is off. I noticed that when the simtrace2-remsim program tries to send an ATR to the simtrace2 device via usb (cardem_request_set_atr), the libusb_bulk_transfer function is blocking, before returning LIBUSB_ERROR_TIMEOUT. The serial debugging-output I got on the simtrace2 doesn't show any futher information (last state is "-I- USB is now configured"). When I reset the usb-modem that is connected to the simtrace2 device I get the following messages on the debug-serial: -I- Changed to ISO 7816-3 state 1 reset de-asserted -I- WT updated to 9600 -I- Changed to ISO 7816-3 state 0 reset asserted -I- Changed to ISO 7816-3 state 1 reset de-asserted [...] while the simtrace2-remsim program is also receiving some garbage: URB: -> 03 00 00 00 00 00 0c 00 04 00 00 00 unknown simtrace msg type 0x00 URB: -> 03 00 00 00 00 00 0c 00 08 00 00 00 unknown simtrace msg type 0x00 URB: -> 03 00 00 00 00 00 0c 00 04 00 00 00 unknown simtrace msg type 0x00 [...] I've also tried several older versions/commits - however I didn't get any of them working properly. When using version 0.4.13-ba2a (from this commit: https://git.osmocom.org/simtrace2/commit/?id=ba2ad563cc0e389213a3f6f6ebe79d…) I was able to send the ATR to the simtrace and directly entered the main loop on the host program. The serial debugging-output (after a manual modem-reset) also looked somehow more promising, but didn't work either: -I- 0: VCC activated -I- 0: CLK activated -I- 0: RST released -I- 0: computed Fi(1) Di(1) ratio: 372 -I- 0: send_tpdu_header: 00 a4 00 04 02 -I- 0: VCC deactivated -I- 0: CLK deactivated -I- 0: VCC activated -I- 0: CLK activated -I- 0: VCC deactivated -I- 0: CLK deactivated [...] I've also tried a few different modems/dongles (Huawei, ZTE) which also didn't really change anything. Am I missing something? Is the remote-sim functionality supposed to work on the current master branch? If not, could anyone hint me to a version/commit that should work? Would love to get some feedback - thanks in advance and keep up the good work! Greetings from Vienna, Gabriel

6 years, 12 months

Problem in accessing SIMTrace 2

by Andrei Mikhailov

Dears, I have received SIMTrace 2 just now and I tried to connect it to PC with the same parameter as for previous version of SIMTrace. But I found that USB VENDOR ID and USB PRODUCT ID were changed. For the previous version they were 0x16c0 and 0x0762 correspondingly. All host sources at git://git.osmocom.org/simtrace.git repository use this parameters. Now I can see that VENDOR ID is 0x1d50 and PRODUCT ID is 0x60e3. Could you please help me to find USB connectivity parameters for the SIMTrace device which I received? -- /Best regards, Andrei Mikhailov /

7 years

CLA

by tchen

I noticed the modem issued command with CLA 0 (usim) or a0 (gsm)... just wondering what cause it to use 0 or a0??? Or does it try different CLA automatically

7 years, 1 month

RESET error counter (0x2c) or unblock chv

by Thomas Chen

i am getting somethin like 00 2c 00 01 00 00 20 00 01 00 00 2c 00 81 00 i see somewhere 0x20 is defined as "verify chv" and 0x2c is defined as "unblock chv" but i also see somewhere else saying 0x2c is "reset error counter" can someone point me to where these commands are defined, and what kind of response are expected from SIM ??? thanks tom --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

7 years, 1 month

Migrating simtrace2.git to gerrit / build verification

by Harald Welte

Hi Kevin and wider SIMtrace community, I've finally managed to set up a build verification jobs for the simtrace2 firmware, and in the process migrate simtrace2.git to gerrit. * https://jenkins.osmocom.org/jenkins/job/master-simtrace2/ is automatically * building the master branch for all apps/boards, * building the master branch of the host software * executing actual unit tests (currently only cardem) in "firmware/test" * https://jenkins.osmocom.org/jenkins/job/gerrit-simtrace2/ is triggered by gerrit and will perform automatic verification of any patches submitted for review (using the above-mentioned tests) In case anyone hasn't worked with gerrit before, please see https://osmocom.org/projects/cellular-infrastructure/wiki/gerrit for detailed information on how to set it up. @Kevin: You don't appear to have a gerrit account yet, so I couldn't give you the proper credentials. Let me know once you created the account, so I can give you credentials so you can continue to push to kredon/simtrace or related branches. Write access to the git.osmocom.org/simtrace2.git repository has been removed, only gerrit will replicate to that repository. I've also pushed tons of Kevin's fixes to master, leaving mainly the work on the "trace" firmware in "kredon/simtrace". You can rebase your branch cleanly on top of master. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

7 years, 1 month

Save the Date: OsmoCon 2018 on October 18-19, 2018

by Harald Welte

== OsmoCon 2018 == OsmoCon (Osmocom Conference) 2018 is the technical conference for Osmocom users, operators and developers! We are happy to announce the date of OsmoCon 2018. It has been scheduled on October 18 + 19, 2018 and will happen in Berlin, Germany. For the second time, the Osmocom Conference brings together users, operators and developers of the Osmocom Open Source cellular infrastructure projects, such as OsmoBTS, OsmoBSC, OsmoSGSN, OpenGGSN and others. Join us for two days of presentations and discussions with the main developers behind Open Source Mobile Communications, as well as commercial and non-profit users of the Osmocom cellular infrastructure software. You can find some initial information in our wiki at http://osmocom.org/projects/osmo-dev-con/wiki/OsmoCon2018 which will be updated as more information becomes available. == Call for Participation == We're also at the same time announcing the Call for Participation and call on everyone with experiences to share around the Osmocom member projects to submit talks, workshops, discussions or other proposals. You can find the CfP at https://pretalx.sysmocom.de/osmocon2018/cfp We are particularly looking for contributions about: * updates on features/functionality/status of individual Osmocom projects * success stories on how Osmocom projects are deployed in practice * migration from OsmoNITB to the post-NITB architecture * tutorials / workshops on how to setup / analyze Osmocom projects * statistics, reporting, operations aspects of Osmocom projects * third-party open source utilities to be used with Osmocom projects Looking forward to meeting many existing and new Osmocom users at OsmCon this October! Regards, Harald Welte -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

7 years, 3 months

Compiling and running simtrace firmware with a recent toolchain

by Denis 'GNUtoo' Carikli

Hi, The simtrace firmware is in the OpenPCD git repository at: > git://git.osmocom.org/openpcd.git I used the last revision at the time of writing: > dc2983d firmware: Makefiles: enable changing toolchain With a fairly recent gcc version: > $ arm-none-eabi-gcc --version > arm-none-eabi-gcc (Arch Repository) 7.3.0 > Copyright (C) 2017 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There > is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A > PARTICULAR PURPOSE. Compiling the firmware the usual way works, with many warnings: > $ make BOARD=SIMTRACE DEBUG=1 TARGET=main_simtrace \ > CROSS_COMPILE=arm-none-eabi- [...] Installing that firmware went fine: > $ sudo dfu-util -d 16c0:0762 -a0 -D ./main_simtrace.bin -R > dfu-util 0.9 > > Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc. > Copyright 2010-2016 Tormod Volden and Stefan Schmidt > This program is Free Software and has ABSOLUTELY NO WARRANTY > Please report bugs to http://sourceforge.net/p/dfu-util/tickets/ > > dfu-util: Invalid DFU suffix signature > dfu-util: A valid DFU suffix will be required in a future dfu-util > release!!! Opening DFU capable USB device... > ID 16c0:0762 > Run-time device DFU version 0100 > Claiming USB DFU Interface... > Setting Alternate Setting #0 ... > Determining device status: state = dfuIDLE, status = 0 > dfuIDLE, continuing > DFU mode device DFU version 0100 > Device returned transfer size 256 > Copying data from PC to DFU device > Download [=========================] 100% 23084 bytes > Download done. > state(7) = dfuMANIFEST, status(0) = No error condition is present > state(2) = dfuIDLE, status(0) = No error condition is present > Done! > dfu-util: can't detach > Resetting USB to switch back to runtime mode Unfortunately with the new compiler the device gets re-enumerated continuously: > usb 4-1: new full-speed USB device number 3 using uhci_hcd > usb 4-1: new full-speed USB device number 4 using uhci_hcd > usb 4-1: new full-speed USB device number 5 using uhci_hcd [...] Here's what I have on the serial port: > [000000] > [000001] (C) 2006-2011 by Harald Welte <hwelte(a)hmw-consulting.de> > This software is FREE SOFTWARE licensed under GNU GPL > [000002] Version 0.5.30-dc29 compiled 20180309-165435 by gnutoo@second-laptop > > [000003] > DEBUG Interface: > 0) Set Pull-up 1) Clear Pull-up 2) Toggle LED1 3) Toggle LED2 > 9) Reset > [000004] RSTC_SR=0x00010000 > [000005] LARGE req_ctx[00] initialized at 002055AC, Data: 00200A68 => 00200E28 > [000006] LARGE req_ctx[01] initialized at 002055C0, Data: 00200E28 => 002011E8 > [000007] LARGE req_ctx[02] initialized at 002055D4, Data: 002011E8 => 002015A8 > [000008] LARGE req_ctx[03] initialized at 002055E8, Data: 002015A8 => 00201968 > [000009] LARGE req_ctx[04] initialized at 002055FC, Data: 00201968 => 00201D28 > [00000A] LARGE req_ctx[05] initialized at 00205610, Data: 00201D28 => 002020E8 > [00000B] LARGE req_ctx[06] initialized at 00205624, Data: 002020E8 => 002024A8 > [00000C] LARGE req_ctx[07] initialized at 00205638, Data: 002024A8 => 00202868 > [00000D] LARGE req_ctx[08] initialized at 0020564C, Data: 00202868 => 00202C28 > [00000E] LARGE req_ctx[09] initialized at 00205660, Data: 00202C28 => 00202FE8 > [00000F] LARGE req_ctx[10] initialized at 00205674, Data: 00202FE8 => 002033A8 > [000010] LARGE req_ctx[11] initialized at 00205688, Data: 002033A8 => 00203768 > [000011] LARGE req_ctx[12] initialized at 0020569C, Data: 00203768 => 00203B28 > [000012] LARGE req_ctx[13] initialized at 002056B0, Data: 00203B28 => 00203EE8 > [000013] LARGE req_ctx[14] initialized at 002056C4, Data: 00203EE8 => 002042A8 > [000014] LARGE req_ctx[15] initialized at 002056D8, Data: 002042A8 => 00204668 > [000015] LARGE req_ctx[16] initialized at 002056EC, Data: 00204668 => 00204A28 > [000016] LARGE req_ctx[17] initialized at 00205700, Data: 00204A28 => 00204DE8 > [000017] LARGE req_ctx[18] initialized at 00205714, Data: 00204DE8 => 002051A8 > [000018] LARGE req_ctx[19] initialized at 00205728, Data: 002051A8 => 00205568 > [000019] Inititalizing usbcmd_gen_init > [00001A] udp_open(440): entering > [00001B] USART Initializing > [00001C] pio_irq_register(109): registering handler 001079bc for PIOA 7 > [00001D] RST > [00001E] computed Fi(1) Di(1) ratio: 372 > [000000] > [000001] (C) 2006-2011 by Harald Welte <hwelte(a)hmw-consulting.de> > This software is FREE SOFTWARE licensed under GNU GPL > [000002] Version 0.5.30-dc29 compiled 20180309-165435 by gnutoo@second-laptop > > [000003] > DEBUG Interface: > 0) Set Pull-up 1) Clear Pull-up 2) Toggle LED1 3) Toggle LED2 > 9) Reset > [000004] RSTC_SR=0x00010200 > [000005] LARGE req_ctx[00] initialized at 002055AC, Data: 00200A68 => 00200E28 > [000006] LARGE req_ctx[01] initialized at 002055C0, Data: 00200E28 => 002011E8 > [000007] LARGE req_ctx[02] initialized at 002055D4, Data: 002011E8 => 002015A8 > [000008] LARGE req_ctx[03] initialized at 002055E8, Data: 002015A8 => 00201968 > [000009] LARGE req_ctx[04] initialized at 002055FC, Data: 00201968 => 00201D28 > [00000A] LARGE req_ctx[05] initialized at 00205610, Data: 00201D28 => 002020E8 > [00000B] LARGE req_ctx[06] initialized at 00205624, Data: 002020E8 => 002024A8 > [00000C] LARGE req_ctx[07] initialized at 00205638, Data: 002024A8 => 00202868 > [00000D] LARGE req_ctx[08] initialized at 0020564C, Data: 00202868 => 00202C28 > [00000E] LARGE req_ctx[09] initialized at 00205660, Data: 00202C28 => 00202FE8 > [00000F] LARGE req_ctx[10] initialized at 00205674, Data: 00202FE8 => 002033A8 > [000010] LARGE req_ctx[11] initialized at 00205688, Data: 002033A8 => 00203768 > [000011] LARGE req_ctx[12] initialized at 0020569C, Data: 00203768 => 00203B28 > [000012] LARGE req_ctx[13] initialized at 002056B0, Data: 00203B28 => 00203EE8 > [000013] LARGE req_ctx[14] initialized at 002056C4, Data: 00203EE8 => 002042A8 > [000014] LARGE req_ctx[15] initialized at 002056D8, Data: 002042A8 => 00204668 > [000015] LARGE req_ctx[16] initialized at 002056EC, Data: 00204668 => 00204A28 > [000016] LARGE req_ctx[17] initialized at 00205700, Data: 00204A28 => 00204DE8 > [000017] LARGE req_ctx[18] initialized at 00205714, Data: 00204DE8 => 002051A8 > [000018] LARGE req_ctx[19] initialized at 00205728, Data: 002051A8 => 00205568 > [000019] Inititalizing usbcmd_gen_init > [00001A] udp_open(440): entering > [00001B] USART Initializing > [00001C] pio_irq_register(109): registering handler 001079bc for PIOA 7 > [00001D] RST > [00001E] computed Fi(1) Di(1) ratio: 372 > [000000] So it gets reset in a loop. I can get it to work with the following diff: --- a/firmware/src/simtrace/tc_etu.c +++ b/firmware/src/simtrace/tc_etu.c @@ -96,8 +96,8 @@ void tc_etu_init(void) ((unsigned int) 1 << AT91C_ID_TC0)); /* Connect TCLK0 to XC0 */ - tcb->TCB_BMR &= ~(AT91C_TCB_TC0XC0S); - tcb->TCB_BMR |= AT91C_TCB_TC0XC0S_TCLK0; +// tcb->TCB_BMR &= ~(AT91C_TCB_TC0XC0S); +// tcb->TCB_BMR |= AT91C_TCB_TC0XC0S_TCLK0; /* Register Interrupt handler */ AT91F_AIC_ConfigureIt(AT91C_BASE_AIC, AT91C_ID_TC0, @@ -124,5 +124,5 @@ void tc_etu_init(void) tcetu->TC_CCR = AT91C_TC_CLKEN; /* Reset to start timers */ - tcb->TCB_BCR = 1; +// tcb->TCB_BCR = 1; } With the diff I have the following on serial: > [000000] > [000001] (C) 2006-2011 by Harald Welte <hwelte(a)hmw-consulting.de> > This software is FREE SOFTWARE licensed under GNU GPL > [000002] Version 0.5.30-dc29-dirty compiled 20180309-165717 by gnutoo@second-laptop > > [000003] > DEBUG Interface: > 0) Set Pull-up 1) Clear Pull-up 2) Toggle LED1 3) Toggle LED2 > 9) Reset > [000004] RSTC_SR=0x00010000 > [000005] LARGE req_ctx[00] initialized at 00205630, Data: 00200AEC => 00200EAC > [000006] LARGE req_ctx[01] initialized at 00205644, Data: 00200EAC => 0020126C > [000007] LARGE req_ctx[02] initialized at 00205658, Data: 0020126C => 0020162C > [000008] LARGE req_ctx[03] initialized at 0020566C, Data: 0020162C => 002019EC > [000009] LARGE req_ctx[04] initialized at 00205680, Data: 002019EC => 00201DAC > [00000A] LARGE req_ctx[05] initialized at 00205694, Data: 00201DAC => 0020216C > [00000B] LARGE req_ctx[06] initialized at 002056A8, Data: 0020216C => 0020252C > [00000C] LARGE req_ctx[07] initialized at 002056BC, Data: 0020252C => 002028EC > [00000D] LARGE req_ctx[08] initialized at 002056D0, Data: 002028EC => 00202CAC > [00000E] LARGE req_ctx[09] initialized at 002056E4, Data: 00202CAC => 0020306C > [00000F] LARGE req_ctx[10] initialized at 002056F8, Data: 0020306C => 0020342C > [000010] LARGE req_ctx[11] initialized at 0020570C, Data: 0020342C => 002037EC > [000011] LARGE req_ctx[12] initialized at 00205720, Data: 002037EC => 00203BAC > [000012] LARGE req_ctx[13] initialized at 00205734, Data: 00203BAC => 00203F6C > [000013] LARGE req_ctx[14] initialized at 00205748, Data: 00203F6C => 0020432C > [000014] LARGE req_ctx[15] initialized at 0020575C, Data: 0020432C => 002046EC > [000015] LARGE req_ctx[16] initialized at 00205770, Data: 002046EC => 00204AAC > [000016] LARGE req_ctx[17] initialized at 00205784, Data: 00204AAC => 00204E6C > [000017] LARGE req_ctx[18] initialized at 00205798, Data: 00204E6C => 0020522C > [000018] LARGE req_ctx[19] initialized at 002057AC, Data: 0020522C => 002055EC > [000019] Inititalizing usbcmd_gen_init > [00001A] udp_open(440): entering > [00001B] USART Initializing > [00001C] pio_irq_register(109): registering handler 001079bc for PIOA 7 > [00001D] RST > [00001E] computed Fi(1) Di(1) ratio: 372 > [00001F] ISO_SW Initializing > [000020] pio_irq_register(109): registering handler 00107fb0 for PIOA 8 > [000021] pio_irq_register(109): registering handler 00107fdc for PIOA 25 > [000022] VCC_PHONE off > [000023] USART Entering Rx Mode > [000024] RST > [000025] computed Fi(1) Di(1) ratio: 372 > [000026] MODE: SNIFFER > > [000027] RST > [000028] computed Fi(1) Di(1) ratio: 372 > [000029] main(76): entering main (idle) loop > [00002A] Heart beat 00000000 > [00002B] Heart beat 00000001 > [00002C] Heart beat 00000002 > [00002D] Heart beat 00000003 > [00002E] Heart beat 00000004 > [00002F] Heart beat 00000005 And I could even get some packet trace from my Galaxy SIII (i9300): > GSM SIM 80 3 9f : 00d2 > GSM SIM 67 ISO/IEC 7816-4 SELECT File MF > GSM SIM 67 ISO/IEC 7816-4 SELECT /EF.ELP > GSM SIM 90 ISO/IEC 7816-4 GET RESPONSE > GSM SIM 75 ISO/IEC 7816-4 READ BINARY Offset=0 > GSM SIM 67 ISO/IEC 7816-4 SELECT File EF.ICCID > GSM SIM 90 ISO/IEC 7816-4 GET RESPONSE > GSM SIM 75 ISO/IEC 7816-4 READ BINARY Offset=0 > GSM SIM 85 ETSI TS 102.221 TERMINAL PROFILE > GSM SIM 67 ISO/IEC 7816-4 SELECT File EF.DIR > GSM SIM 93 ISO/IEC 7816-4 GET RESPONSE > GSM SIM 103 ISO/IEC 7816-4 READ RECORD RecordNr=1 > GSM SIM 81 ISO/IEC 7816-4 SELECT Application a0000000871002ff33ff018900000100 > GSM SIM 108 ISO/IEC 7816-4 GET RESPONSE > GSM SIM 67 ISO/IEC 7816-4 SELECT File MF Denis.

7 years, 4 months

SIM select file (A4) command

by Thomas Chen

i noticed the GSM modem issued a couple SELECT (a4) commands that i cannot find the documentation for would any one be able to help identify these ??? thanks 00 a4 00 04 02 7f ff 00 a4 00 04 02 7f 66 --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

7 years, 5 months

OsmoDevCon 2018 schedule planning

by Harald Welte

Dear Osmocom Community, [please respect the Reply-To and post all follow-up discussion to this to openbsc(a)lists.osmocom.org, so we avoid having long threads cross-posted to several mailing lists.] Like every year in early December, it is time to discuss as schedule for OsmoDevCon in the upcoming year. Note: Ths is about OsmoDevCon, the more private meeting of developers, *NOT* about OsmoCon, the public conference. == When, Who, Where == I propose the following date for OsmoDevCon 2018: April 20 - April 23rd, 2018 * Who: Active developers/contributors of Osmocom projects (as usual) * Where: IN-Berlin, Berlin (as usual) Please let me know ASAP if that proposed date works for everyone who'd want to attend. We can still change it now, but I would want to nail down the date pretty soon. == Format == After the experiment of reducing from 4 to 3 days last year (due to OsmoCon), we will again go for *four days* in 2018. However, we should clearly divide the days in a way that e.g. "GSM/3G" topics are on two days, while SDR+Other topics are on the other days, so people not interested in some topics can skip one or two days, as needed. We could even divide it further like: * 1 day 3GPP RAN (osmo-bts, osmo-bsc, osmo-pcu, virt_phy, fake_trx, ...) * 1 day 3GPP CN (osmo-msc, osmo-hlr, osmo-sip-connector, nextepc, etc.) * 2 days misc Regards, and looking forward to meeting you [again] in 2018, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

7 years, 7 months

SAM3 DFU

by Thomas Chen

question about DFU... working with AT91SAM3 board, i tried, 1. use sam-ba to flash the DFU image (works fine) 2. try to use dfu-util to flash the APP, but it does not seem to write into flash (after reboot we still have the initial DFU image ??) (i am using the same argument as SAM7 -a0 -D filename -R is there any tips you can provide before i start digging ?

7 years, 8 months

← Newer
1
...
11
12
13
14
15
16
17
...
35
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

simtrace