Hello,
I am interested in modifying the firmware of the simtrace device to
perform modifications on the data sent back to the phone. Is there any
documentation on how this can be done? I could not find any on the
website. I looked at the source a little bit but I am hoping someone
here can give me a jump-start on the best way to do this.
Thanks,
Sam W.
Hello,
some years ago I have developed a working SIM card emulator for Silver Wafer Card (PIC16F877 and 24LC256).
It supports GSM 11.11 and GSM 11.14 standards and is fully functional inside cell phone (so far I have been using it for 10+ years).
Unfortunately it is written in somewhat rusty PIC assembly -- still it might be usable for your purposes.
I have published it on "https://github.com/vlp/ssim", so feel free to have a look.
Best regards
VLP
Thanks for all the answers. Everything is fine up to now.
May i ask if you know a list of the available apdu commands for SIM and
USIM?
Thanks
On 10/18/2012 01:00 PM, simtrace-request(a)lists.osmocom.org wrote:
> Send simtrace mailing list submissions to
> simtrace(a)lists.osmocom.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.osmocom.org/mailman/listinfo/simtrace
> or, via email, send a message with subject or body 'help' to
> simtrace-request(a)lists.osmocom.org
>
> You can reach the person managing the list at
> simtrace-owner(a)lists.osmocom.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of simtrace digest..."
>
>
> Today's Topics:
>
> 1. SIMtrace hardware questions (Stefanos Malliaros)
> 2. Re: SIMtrace hardware questions (Kevin Redon)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 17 Oct 2012 21:57:58 +0300
> From: Stefanos Malliaros <stefmalli89(a)gmail.com>
> To: simtrace(a)lists.osmocom.org
> Subject: SIMtrace hardware questions
> Message-ID: <507EFFB6.3050600(a)gmail.com>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Good evening.
>
> I am interested in your SIMtrace hardware board and i would like to ask
> a few questions if possible. ( http://bb.osmocom.org/trac/wiki/SIMtrace)
>
> First of all i am interested in sniffing data between both SIM and USIM.
> As a result, i would like to ask if your product fully works with these
> cards and if i will be able to capture all the data between the mobile
> terminal and the (U)SIM. (eg. usim authentication)
>
> Furthermore, i have some queries about the wireshark integration.
> The wireshark intefration supports the GSMTAP protocol. this protocol is
> used in order to parse the data between the SIM card and the mobile
> terminal. Does this protocol also supports parsing data between the USIM
> and the mobile terminal?
>
> Thanks
>
> Stefanos
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 18 Oct 2012 00:47:05 +0200
> From: Kevin Redon <ml(a)mail.tsaitgaist.info>
> To: simtrace <simtrace(a)lists.osmocom.org>
> Subject: Re: SIMtrace hardware questions
> Message-ID: <1350513125-sup-6210@dennou>
> Content-Type: text/plain; charset=UTF-8
>
> Hi,
>
> Excerpts from Stefanos Malliaros's message of Wed Oct 17 20:57:58 +0200 2012:
>> Good evening.
>>
>> I am interested in your SIMtrace hardware board and i would like to ask
>> a few questions if possible. ( http://bb.osmocom.org/trac/wiki/SIMtrace)
>>
>> First of all i am interested in sniffing data between both SIM and USIM.
>> As a result, i would like to ask if your product fully works with these
>> cards and if i will be able to capture all the data between the mobile
>> terminal and the (U)SIM. (eg. usim authentication)
> Yes, SIMtrace is capable of sniffing the communication between (U)SIM and mobile.
> To be more precise, 2 transmission protocols exist: T=0, and T=1.
> T=0 is the default and most common protocol used. It is fully supported by SIMtrace.
> If the (U)SIM and phone both support T=1, and the (U)SIM prefers T=1 and the phone follows this preference, or the phone wants to use it (because it's faster), then T=1 can be used.
> It is not too different to T=0, but the sniffing and decoding is not implemented in SIMtrace.
> The hardware supports it, but not the software (yet). This is still a todo for the moment, but low priority because rarely used.
> Also there have been some corner cases concerning T=0 with high or curious data rates. This lead to faulty decoding but was fixed for the known cases.
> If you have such a corner case, please tell the mailing list, and it should be fixed.
>
>> Furthermore, i have some queries about the wireshark integration.
>> The wireshark intefration supports the GSMTAP protocol. this protocol is
>> used in order to parse the data between the SIM card and the mobile
>> terminal. Does this protocol also supports parsing data between the USIM
>> and the mobile terminal?
> Only the APDU (messages exchanged using T=0 or T=1) decoding for SIM has been implemented into wireshark.
> Most of the commands in USIM are similar to SIM, but there are some exceptions where the parsing will go wrong (USIM only APDU type, and some commands).
>
> regards,
> kevin
>
>
>
>
> ------------------------------
>
> _______________________________________________
> simtrace mailing list
> simtrace(a)lists.osmocom.org
> https://lists.osmocom.org/mailman/listinfo/simtrace
>
>
> End of simtrace Digest, Vol 18, Issue 3
> ***************************************
Good evening.
I am interested in your SIMtrace hardware board and i would like to ask
a few questions if possible. ( http://bb.osmocom.org/trac/wiki/SIMtrace)
First of all i am interested in sniffing data between both SIM and USIM.
As a result, i would like to ask if your product fully works with these
cards and if i will be able to capture all the data between the mobile
terminal and the (U)SIM. (eg. usim authentication)
Furthermore, i have some queries about the wireshark integration.
The wireshark intefration supports the GSMTAP protocol. this protocol is
used in order to parse the data between the SIM card and the mobile
terminal. Does this protocol also supports parsing data between the USIM
and the mobile terminal?
Thanks
Stefanos
Hi all!
I *think* Harald is pretty busy and also unlikely to attend
prospective meeting tomorrow.
Also there is bank holiday tomorrow in Germany and at least
I personally will use that to stay away from technology for
a bit, so I won't come.
Nevertheless, I thought I'd write this email to remind
people that in theory there is a meeting tomorrow and
discuss if other people attend.
I personally would propose to shift the meeting to next week
(for purely selfish reasons ;).
As far as I know, there is no formal presentation tomorrow.
Anyway, will anyone attend tomorrow or is everyone in favor
of shifting a week?
In case it takes place, for the people who did not attend so
far, the usual snippet from Harald's mails:
Oct 3, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin
If you are interested to show up, feel free to do so. There is no
registration required. The meeting is free as in "free beer", despite
no actual free beer being around.
Cheers
Nico
Hi all!
This is the announcement for the next Osmocom Berlin meeting.
Sept 19, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin
There is no formal presentation scheduled for this meeting.
If you are interested to show up, feel free to do so. There is no
registration required. The meeting is free as in "free beer", despite
no actual free beer being around.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi!
I've been hacking away a bit on a new library 'libosmosim' whihc is
scheduled to become part of libosmocore. In fact, as the automake
integration has been cleaned up, I'll probably merge it master any day
now.
The idea of this library is to
* understand the EF/DF hierarchy if GSM SIM, ETSI UICC and 3GPP USIM
* provide encoding and decoding routines for at least the most important
EFs
* decode the binary data into a generic data structure which can be used
by some form of a GUI application
* be able to re-encode from the generic parsed structure into the
binary form, possibly after modification from the UI
* be able to transact APDUs via T0 and T1 on PC/SC and other reader
interfaces, e.g. the OsmocomBB SIM interface
So the primary purpose of this is to be able to have a tool for
meaningful (human-readable/writable) modification of all files on a
programmable SIM card, such as the sysmoSIM-GR1 (and other cards where
you have the ADM PIN that gives you write permission).
Other useful purposes on the horizon of the library could be:
* implementation of a generic SIM/UICC/USIM simulator based on
user-created input, or based on 'ripped' SIM cards (well, you have to
provide the key in some way).
The current status is still quite experimental, but you can already see
the major parts:
* mapping of APDU and TPDU (only T=0 so far) on to 'struct msgb
struct osim_file_ops
encode and decode callbacks for a given file
struct osim_file_desc
node in the hierarchical description of filesystem tree
struct osim_decoded_data
the runtime representation of a decoded file:
struct osim_decoded_element
one decoded element in a decoded file
struct osim_card_sw
status + bitmask + human readable description
struct osim_card_profile
full description profile of card, including filesystem
hierarchy, status words and card-specific commands
struc osim_reader_hdl
represents a card reader (currently a slot in a reader,
not sure really how to represent multi-slot readers like
sim-banks yet). primarily consist of osim_reader_ops
struc osim_card_hdl
representing a card inside a reader
struc osim_chan_hdl
currently just a dummy. intended for logical channel support
most of the existing code is in src/sim/*.c, while some
not-yet-cleaned-up example code is in utils/osmo-sim-test.c. There are
gaps everywhere all over the place, and I think it will take quite some
time to fill those gaps.
Current roadmap:
* properly integrate all parts, so with a single call you can read in
the tree of all EFs of a card into their in-memory representation
* verify that the APIs for encoding/decoding functions work the way
they are before writing 'all' the EF decode/encode routines
* add more decoded element types, such as location area codes and the
like
So if you survived this mail until this point, I think you are a prime
candidate for contributing some code. Let me know if you're interested
in helping out.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi,
I'd like to add the baseband revision which is:
'1.7.4.0 (Date: Jan 5 2011, Time: 11:14:34)'
to that entry:
https://terminal-profile.osmocom.org/decode.php?tp=1700e8421100000080000000…
In additionnal information(it wasn't clear at the execution of
terminal profile that I could put the baseband version there...).
By the way I'd like to test the impact of having free
libraries/deamons(like fsogsmd, free android RILs like
the samsung-ril+libsamsung-ipc) that resides on the Application
processor, and which talk to the baseband(compared to the default
non-free libraries), if I do that, should I leave a note in "additionnal
information"? if so, what should I tell?
Denis.
