On Thu, Dec 15, 2011 at 10:24:14PM +0100, Lukas Kuzmiak wrote:
- I've connected a osmocom-like ftdi cable and gathered a trace from there
(not sure if i can somehow enable more debug msgs, haven't done any special setup, if you want me to take it with some more verbosity being set somehow
- please let me know. trace is attached).
enabling more debugging requires some code changes and recompilation of the firmware, sorry.
The trace you have attached looks pretty normal, i.e. reasonable Fi/Di values, and no RST flood or something like that.
- I've put one printf() into the apdu_split_in method, it seems the buffer
is somehow getting scrambled from the beginning, it shows something like:
Lukass-MacBook-Air:host lukash$ ./simtrace simtrace - GSM SIM and smartcard tracing (C) 2010 by Harald Welte laforge@gnumonks.org
Entering main loop unknown simtrace msg type 0xa4 apdu_split_in() reached. APDU: a4 6f 05 9f 0f a0 c0 apdu_split_in() reached. apdu_split_in() reached. .... and so on (tons of times).
so the APDUs are somehow going back and forth (as apdu_split_in is being called over and over) but simtrace is having some troubles displaying/parsing them.
the interesting question would be to actually print the new APDU bytes as they come in from USB, i.e. what goes into the splitter. Just osmo_hexdump() the buffer so we can see if the APDU splitter is broken or the information coming from the SIMtrace hardware/firmware is already broken.
I guess you know this: But please also make sure that you always capture from the very first power up of the SIM card, i.e. plug in simtrace and start the PC program before you power up the phone. OTherwise there may be some initial handshake (PPS/PTS) that we miss and thus decoding fails
I've found some more simcards behaving like this, Harald - if you want me to send you one for testing please send me your address, I'll be happy to do that - or I can bring it to 28c3 too - I'll leave that up to u.
I don't know where you are located and how lon a letter would take to reach Berlin. My address can be found at http://bb.osmocom.org/trac/wiki/Contact
28c3 would of course also work, but I cannot promis I will find time to look at it during the event itself.
Regards, Harald