19 Sep
2023
19 Sep
'23
9:02 p.m.
Hello fellow SIM tracers,
I have my new incarnation of SIMtrace mostly working:
https://www.freecalypso.org/hg/simtrace-ice/
The Hg repository is named simtrace-ice, but the host program binaries
installed by the sw package are named simtrace3-*, following the
installed binary namespace usage convention established by previously
existing simtrace2-*.
Quoting from the README file at the top of the just-linked source
repository, FreeCalypso SIMtrace3 (aka SIMtrace-ice) is an alternative
implementation of Osmocom SIMtrace principal idea, using an iCE40 FPGA
instead of AT91SAMx MCU as the ISO 7816-3 sniffing receiver. The
signals going to the FPGA are outputs from a unidirectional voltage-
translating buffer (Nexperia 74LVC4T3144) whose inputs are connected
to the SIM interface being sniffed. The sniffing apparatus is thus
electrically clean, making only a Hi-Z connection to the SIM interface
being sniffed, and I expect it to work correctly with all voltages
from 1.8 to 5 V.
This new SIMtrace3 gadget is more than just a proposal - most parts of
it have already been implemented and proven working. The multivolt
sniffer board remains to be assembled/populated (I got the PCB and the
components on hand, I just need to make a visit to Technotronix to get
it assembled), but the FPGA gateware and the host programs receiving
and decoding the sniffed bits have already been proven working, using
an FCDEV3B forced into Class B voltage mode to work without the
mv-sniffer component.
The hardware setup is quite minimal: the FPGA board is off-the-shelf
Lattice iCEstick, readily available from various distributors, and the
SIMtrace3-specific custom hw bit will be reduced to just one very
simple board in the final version. The SIMtrace3 sniffer pod will
passively interconnect the SIM interface under study between the FPC
connector (existing SIMtrace FPC cables), a physical 2FF SIM socket
and the Hi-Z input pins of the dual-supply buffer, while the output
side of that buffer will go to header pins, to be connected to the
Icestick board. The 74LVC4T3144 buffer IC will be the only active
component on this board!
My initial emphasis is on sniffing, but my longer plans include cardem
too. I prefer having separate hw setups for the two functions, hence
my design calls for two separate "pod" boards, a sniffing pod and a
cardem pod. The cardem pod will be the sniffing pod (same multivolt
buffer, supporting all voltages) minus the SIM socket, plus a 74LVC1G07
OD buffer for driving the SIM I/O line from the FPGA-emulated card.
The FPGA gateware will of course be different too, but I expect it to
fit into the HX1K FPGA on the same iCEstick board.
It should also be noted that whether people like my design or not, the
name SIMtrace3 is now effectively claimed for this design whose
gateware and host software have already been implemented and whose hw
components are in the process of being finished and polished. If the
people behind SIMtrace1/2 (the original) totally dislike my idea and
would rather build some other successor to SIMtrace2, please call your
version SIMtrace4 - otherwise there will be two different designs each
claiming to be SIMtrace3, which won't help anyone.
M~