Hello fellow SIM tracers,
I have my new incarnation of SIMtrace mostly working:
https://www.freecalypso.org/hg/simtrace-ice/
The Hg repository is named simtrace-ice, but the host program binaries installed by the sw package are named simtrace3-*, following the installed binary namespace usage convention established by previously existing simtrace2-*.
Quoting from the README file at the top of the just-linked source repository, FreeCalypso SIMtrace3 (aka SIMtrace-ice) is an alternative implementation of Osmocom SIMtrace principal idea, using an iCE40 FPGA instead of AT91SAMx MCU as the ISO 7816-3 sniffing receiver. The signals going to the FPGA are outputs from a unidirectional voltage- translating buffer (Nexperia 74LVC4T3144) whose inputs are connected to the SIM interface being sniffed. The sniffing apparatus is thus electrically clean, making only a Hi-Z connection to the SIM interface being sniffed, and I expect it to work correctly with all voltages from 1.8 to 5 V.
This new SIMtrace3 gadget is more than just a proposal - most parts of it have already been implemented and proven working. The multivolt sniffer board remains to be assembled/populated (I got the PCB and the components on hand, I just need to make a visit to Technotronix to get it assembled), but the FPGA gateware and the host programs receiving and decoding the sniffed bits have already been proven working, using an FCDEV3B forced into Class B voltage mode to work without the mv-sniffer component.
The hardware setup is quite minimal: the FPGA board is off-the-shelf Lattice iCEstick, readily available from various distributors, and the SIMtrace3-specific custom hw bit will be reduced to just one very simple board in the final version. The SIMtrace3 sniffer pod will passively interconnect the SIM interface under study between the FPC connector (existing SIMtrace FPC cables), a physical 2FF SIM socket and the Hi-Z input pins of the dual-supply buffer, while the output side of that buffer will go to header pins, to be connected to the Icestick board. The 74LVC4T3144 buffer IC will be the only active component on this board!
My initial emphasis is on sniffing, but my longer plans include cardem too. I prefer having separate hw setups for the two functions, hence my design calls for two separate "pod" boards, a sniffing pod and a cardem pod. The cardem pod will be the sniffing pod (same multivolt buffer, supporting all voltages) minus the SIM socket, plus a 74LVC1G07 OD buffer for driving the SIM I/O line from the FPGA-emulated card. The FPGA gateware will of course be different too, but I expect it to fit into the HX1K FPGA on the same iCEstick board.
It should also be noted that whether people like my design or not, the name SIMtrace3 is now effectively claimed for this design whose gateware and host software have already been implemented and whose hw components are in the process of being finished and polished. If the people behind SIMtrace1/2 (the original) totally dislike my idea and would rather build some other successor to SIMtrace2, please call your version SIMtrace4 - otherwise there will be two different designs each claiming to be SIMtrace3, which won't help anyone.
M~