Hi all!
I'm currently adding unit tests for the various pySim encoder/decoder classes
for the variouus SIM/UICC/USIM/ISIM files. [1]
In order to increase the test coverage, I would appreciate any help in obtaining test
data, particularly for the more "exotic" (or recently introduced) files, related to DF.5GS,
ADF.ISIM or even DF.WLAN or the like.
So if you have any SIM cards with related files populated, I would appreciate some test
data. You can simply send me a copy+paste of the respective 'read_binary' / 'read_records'
command, or a partial 'export'. In the latter case, please make sure to redact/remove your
IMSI/ICCID/MSISDN/Kc data to prevent leaking privacy related information.
Thanks in advance.
Regards,
Harald
[1] https://gerrit.osmocom.org/c/pysim/+/24012
--
- Harald Welte <laforge(a)gnumonks.org> https://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hello,
Recently I acquired a SIMtrace2 card unit with ATSAM3S in order to build a
P.O.C. of the communication of the SIM card and the modem remotely, but I
could not make the application to communicate via USB with the SIMtrace2.
I followed this steps (all of them)
https://osmocom.org/projects/simtrace2/wiki/Cardem
After I run this command:
osmo-remsim-client-st2 --usb-vendor 1d50 --usb-product 60e3 --usb-path
1-2.2 --usb-config 1 --client-id 1 --client-slot 1 --server-ip 127.0.0.1
--server-port 9998 -d DMAIN,1:DST2,1:DRSPRO,1
I'm stuck in this error (even running as sudo):
DMAIN DEBUG fsm.c:456 CLIENT_MAIN(main){INIT}: Allocated
DRSPRO DEBUG fsm.c:456 RSPRO_CLIENT(server){INIT}: Allocated
DRSPRO DEBUG fsm.c:456 RSPRO_CLIENT(server){INIT}: Allocated
DRSPRO DEBUG remsim_client_main.c:185 RSPRO_CLIENT(server){INIT}: Received
Event SRVC_E_ESTABLISH
DRSPRO DEBUG ../rspro_client_fsm.c:355 RSPRO_CLIENT(server){INIT}:
state_chg to REESTABLISH
DRSPRO INFO ../rspro_client_fsm.c:308 RSPRO_CLIENT(server){REESTABLISH}:
Creating TCP connection to server at localhost:9998
DMAIN ERROR user_simtrace2.c:430 can't open USB device
Additional information:
- Host S.O.: Debian 10 armhf. Also tried on Ubuntu 22 x64
- I've tried to recompile software following `Get and compile the
software`, but these steps really doesn't work. Then I tried aclocal,
autoconf, automake --add-missing & ./configure but nothing of them can rid
of the error: cannot find input file: `include/Makefile.in'
- SIMtrace2 firmware: $ sudo simtrace2-list
USB matches: 2
1d50:60e3 Addr=8, Path=1-1.3, Cfg=1, Intf=0, Alt=0: 255/2/0
(CardEmulator Modem 1)
1d50:60e3 Addr=8, Path=1-1.3, Cfg=2, Intf=0, Alt=0: 255/255/0
(0.8.1.58-773d)
Sorry if this issue was addressed in another email, I even tried looking in
the archives but the archives page is not very user friendly.
Thanks for your support, Bruno Natali
Hi Mychaela
Can you tell me what the intent of the C1 capacitor is for?
Previously when I probe the signals I just solder fly wires on to the
SIM socket on the FPC, but this capacitor intrigues me.
Thanks
Hello fellow SIM tracers,
I just built this little gadget that allows one to observe (easily,
safely, non-invasively) what voltages each given phone puts out toward
the SIM:
https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/sim-fpc-p…
It is a trivial PCB adapter that connects together a SIM socket, an FPC
connector that fits existing SIMtrace FPC cables, and a set of plain
old 2.54 mm header pins exposing each signal on the SIM-ME interface.
This adapter is purely passive, hence it doesn't need power, it does
not contain any components that can be damaged by high voltages (in
fact, there is not one ESD-sensitive component on this PCB!), and it
does not introduce any Heisenbug effects into the SIM-ME interface
under test. The usage scenario should be obvious: I insert a fitting
SIMtrace FPC cable into the phone under test, the other end of that
FPC cable plugs into my PCB, the SIM socket on my adapter is either
filled with an actual SIM or left empty depending on the test to be
performed, and I observe the voltage between GND and VCC pins.
Here is that test being performed with a Nokia 2190E, one of the very
first GSM phones sold in USA, circa 1995 or 1996:
https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/N2190-tes…https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/N2190-tes…
And here are some test results:
* Nokia 2190E, PCS band equivalent of 2110, powered by a 5-cell NiMH
battery: always puts out 5V toward the SIM.
* Ericsson I888, powered by a 4-cell NiMH battery: likewise always
puts out 5V toward the SIM (will probably be a little under 5.0V, but
still within 5V spec, under low battery conditions), but I would not
classify this phone as "Phase 1": it supports SMS, USSD, CSD via IrDA,
and EFR speech codec.
* Nokia 6190, PCS band equivalent of 6110 (first ARM-based GSM phone
ever?), powered by a 3-cell NiMH battery: tries 3V first, if the SIM
is "3V technology SIM" or "1.8V technology SIM", then the phone stays
at 3V, but if there is no good ATR at 3V, then it tries 5V.
If a phone is powered by a 3-cell NiMH or 1-cell Li-ion battery, then
the only way it can put out 5V is by going through a boost converter,
which are of course bad for battery life - thus it seems that once
phones went to these lower-voltage batteries, then they started
preferring 3V SIMs at the same time (while still supporting 5V SIMs in
those days!), whereas phones powered by higher-voltage batteries (4 or
more Ni-Cd or NiMH cells) keep it simple and always put out 5V, it
seems.
Now Nokia 2190E is a really finicky phone in terms of which SIMs it
accepts: as the r/vintagemobilephones community on Reddit figured out,
there is just one T-Mobile MVNO (LycaMobile) whose SIMs it accepts,
while all others are rejected - and the worst part is, it rejects my
current Themyscira SIMs too! (My SIMs are FCSIM1, equivalent of old
sysmoSIM-GR2.) So what is so special about those LycaMobile SIMs
which this phone accepts while rejecting all others? Examining that
SIM in a card reader, I see nothing special, same deal as most
operator-issued SIMs these days: native UICC/USIM/ISIM, has GSM 11.11
support for backward compat, GSM 11.11 SELECT on MF/DF indicates "1.8V
technology SIM", ATR indicates all 3 voltage classes supported.
Now that I have proven what I previously only suspected (the fact that
this ancient Nokia always puts out 5V toward the SIM), SIMtrace2 is
definitely out - however, I now also have a SIMtrace1 board, graciously
donated by Kevin, and I am going to see if I can find some time to get
SIMtrace1 software working and try sniffing Nokia 2190E to SIM comms
in the working and not-working cases.
M~
I just recently made some changes to my 1.4 firmware to support
Man-in-the-Middle modification of ATR because some device apparently
changes the Vcc to 1.8v after reading the ATR that indicates the card
supports Class C. I don't have access to the device that exhibit
this behavior so I was using a USB Smartcard reader to test it, and my
Oscilloscope capture shows that the PC was using 5v vddio mode. The
SIMtrace 1 are 5v tolerant, and the last time I looked at Cstartup.asm
I believe we set the internal pull-ups to disabled, which is "safe"
according to the Atmel part documentation. So long as 5v IO levels
are not "on"/"fed" into the PIO lines while the device is in reset,
this is probably not an issue for SIMtrace 1 boards.
> From: Mychaela Falconia <mychaela.falconia(a)gmail.com>
> To: simtrace(a)lists.osmocom.org
> Cc:
> Bcc:
> Date: Tue, 25 Oct 2022 20:03:23 -0800
> Subject: My progress with 5V SIM investigation
> Hello SIMtrace community,
>
> I mentioned earlier on this list, and also in last week's OsmoDevCall,
> that I play with some old phones that *may* be putting out 5V toward
> the SIM, which SIMtrace2 hw does not tolerate - 5V exceeds the absolute
> maximum rating spec of SAM3S chip.
>
> As the first step in the investigation, I cobbled together a simple
> PCB design for a purely passive adapter that connects a SIM socket to
> FPC cables from current Sysmocom SIMtrace kits, plus 2.54 mm headers
> on both sides of the SIM socket providing convenient probing access to
> all signals. This trivial design can be found in my fc-small-hw Hg
> repository:
>
> https://www.freecalypso.org/hg/fc-small-hw/
>
> Look in the sim-fpc-pasv directory inside the Hg repo. I haven't sent
> this little PCB out to fab yet, but I plan on doing so when my budget
> allows it, hopefully no later than a week from now. When I get this
> adapter board fabbed and assembled, I will test it with my current
> collection of old phones (Ericsson I888, Nokia 5190 and 6190) and see
> if any of these phones put out 5V toward the SIM.
>
> Nokia 5190 and 6190 are powered by 3-cell NiMH batteries, but they
> still might put out 5V toward the SIM if they include a charge pump or
> some other boost converter. At least in TI chipset history, prior to
> our well-known Calypso+Iota chipset, their previous ABB chip Nausica
> (used in the legendary TSM30, apparently) could put out either 3V or
> 5V toward the SIM, selection under fw control, while powered by a
> 3-cell NiMH or 1-cell Li-ion battery, doing some kind of boost
> conversion for 5V. (I never found a datasheet for that ancient ABB,
> so I don't know the full details.) It will be interesting to know
> what Nokia 5190 and 6190 do in this regard. It will also be
> interesting to see what Ericsson I888 puts out: it is an older,
> higher-voltage beast, powered by a 4-cell NiMH battery, and if the
> designers felt like operating the SIM in "5V" or Class A mode, they
> could have used raw battery voltage without conversion, as the spec is
> 4.5 V minimum IIRC.
>
> During last week's OsmoDevCall Kevin said that he had some SIMtrace1
> boards with ARM7S, which the datasheet says is 5V-tolerant, and I
> recall him saying that he could send me one. To Kevin: I greatly
> appreciate your offer, and I may indeed take you up on it in another
> few weeks - but let me build my sim-fpc-pasv adapter first, and see
> what voltages are actually put out by phones in my collection.
>
> Now the really interesting phone would be Nokia 2190 - supposedly one
> of the very first PCS1900 band GSM phones sold in USA, from around
> 1995. That one is powered by a 5-cell NiMH battery and thus seems
> very likely to put out 5V toward the SIM, possibly always, without
> ever switching down to 3V. I don't have one to test, aside from a
> sealed box which I am reluctant to cut open (told it may be worth
> a fortune some day, the usual story), but another person on Reddit
> says that these phones are very finicky in terms of which SIMs they
> accept. I sent him a few of my FCSIM1 cards, equivalent to
> sysmoSIM-GR2, a pure GSM 11.11 SIM without any UICC at all, very
> old-fashioned, and my contact tells me that Nokia 2190 rejects these
> SIMs too! It was my desire to use SIMtrace to see what's happening
> with that finicky 2190 that prompted my investigation into 5V
> tolerance - and when I get my sim-fpc-pasv adapter built, I will get
> back in touch with my Nokia 2190 contact person from Reddit and see
> how he would like to proceed.
>
> M~
> _______________________________________________
> simtrace mailing list -- simtrace(a)lists.osmocom.org
> To unsubscribe send an email to simtrace-leave(a)lists.osmocom.org
Hello SIMtrace community,
I mentioned earlier on this list, and also in last week's OsmoDevCall,
that I play with some old phones that *may* be putting out 5V toward
the SIM, which SIMtrace2 hw does not tolerate - 5V exceeds the absolute
maximum rating spec of SAM3S chip.
As the first step in the investigation, I cobbled together a simple
PCB design for a purely passive adapter that connects a SIM socket to
FPC cables from current Sysmocom SIMtrace kits, plus 2.54 mm headers
on both sides of the SIM socket providing convenient probing access to
all signals. This trivial design can be found in my fc-small-hw Hg
repository:
https://www.freecalypso.org/hg/fc-small-hw/
Look in the sim-fpc-pasv directory inside the Hg repo. I haven't sent
this little PCB out to fab yet, but I plan on doing so when my budget
allows it, hopefully no later than a week from now. When I get this
adapter board fabbed and assembled, I will test it with my current
collection of old phones (Ericsson I888, Nokia 5190 and 6190) and see
if any of these phones put out 5V toward the SIM.
Nokia 5190 and 6190 are powered by 3-cell NiMH batteries, but they
still might put out 5V toward the SIM if they include a charge pump or
some other boost converter. At least in TI chipset history, prior to
our well-known Calypso+Iota chipset, their previous ABB chip Nausica
(used in the legendary TSM30, apparently) could put out either 3V or
5V toward the SIM, selection under fw control, while powered by a
3-cell NiMH or 1-cell Li-ion battery, doing some kind of boost
conversion for 5V. (I never found a datasheet for that ancient ABB,
so I don't know the full details.) It will be interesting to know
what Nokia 5190 and 6190 do in this regard. It will also be
interesting to see what Ericsson I888 puts out: it is an older,
higher-voltage beast, powered by a 4-cell NiMH battery, and if the
designers felt like operating the SIM in "5V" or Class A mode, they
could have used raw battery voltage without conversion, as the spec is
4.5 V minimum IIRC.
During last week's OsmoDevCall Kevin said that he had some SIMtrace1
boards with ARM7S, which the datasheet says is 5V-tolerant, and I
recall him saying that he could send me one. To Kevin: I greatly
appreciate your offer, and I may indeed take you up on it in another
few weeks - but let me build my sim-fpc-pasv adapter first, and see
what voltages are actually put out by phones in my collection.
Now the really interesting phone would be Nokia 2190 - supposedly one
of the very first PCS1900 band GSM phones sold in USA, from around
1995. That one is powered by a 5-cell NiMH battery and thus seems
very likely to put out 5V toward the SIM, possibly always, without
ever switching down to 3V. I don't have one to test, aside from a
sealed box which I am reluctant to cut open (told it may be worth
a fortune some day, the usual story), but another person on Reddit
says that these phones are very finicky in terms of which SIMs they
accept. I sent him a few of my FCSIM1 cards, equivalent to
sysmoSIM-GR2, a pure GSM 11.11 SIM without any UICC at all, very
old-fashioned, and my contact tells me that Nokia 2190 rejects these
SIMs too! It was my desire to use SIMtrace to see what's happening
with that finicky 2190 that prompted my investigation into 5V
tolerance - and when I get my sim-fpc-pasv adapter built, I will get
back in touch with my Nokia 2190 contact person from Reddit and see
how he would like to proceed.
M~
Hello various Osmocom mailing lists,
as previously announced (https://osmocom.org/news/191):
* The binary packages are being built on Osmocom's own OBS server now.
* We will stop pushing packages to the openSUSE OBS server at the end of
October (in one week).
If you are using Osmocom binary packages, please make sure that you have
configured the new repository URLs.
See the wiki for details:
https://osmocom.org/projects/cellular-infrastructure/wiki/Binary_Packages
Regards,
Harald
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Dear Osmocom community,
after a rather extended 2022 summer break, we're happy to announce the
next incarnation of OsmoDevCall. Based on the recent polls, the timing
has shifted to *every 3rd wednesday of the month*!
when:
October 19, 2022 at 20:00 CEST
where:
https://meeting5.franken.de/b/har-xbc-bsx-wvs
In this edition, I will be presenting a SIMtrace2 tutorial, showing SIM
card protocol tracing, decoding with the new pySim-trace as well as the
card emulation firmware.
This meeting will have the following schedule:
20:00 meet + greet
20:10 presentation as outlined above
21:00 unstructured supplementary social event [*]
Attendance is free of charge and open to anyone with an interest
in Osmocom or open source cellular technologies.
More information about OsmoDevCall, including the schedule
for further upcoming events can be found at
https://osmocom.org/projects/osmo-dev-con/wiki/OsmoDevCall
Looking forward to meeting you soon!
Best regards,
Harald
[*] this is how we started to call the "unstructured" part of osmocom
developer conferences in the past, basically where anyone can talk about
anything, no formal schedule or structure.
--
- Harald Welte <laforge(a)osmocom.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
