for the MITM, there seem to be a couple of variables to play with (as
compared to passive sniffing) that make it a little more reliable:
- wait for X number of power cycles, i.e. don't send ATR until the 3V3
one comes up
- manipulate ATR: it seems possible to set the voltage class explicitly
The power-wait works for the BLU phone I mentioned, and the Nexus One.
N1 also starts out with a different voltage (about 2.3V, weird..)