Hi all,
I come to all of you as I'm trying to use simtrace to capture the UE-SIM traffic with a 4G+ SIM card, called "next gen SIM card" (the ones with NFC). The only thing I see is the ATR, and the mobile never detects the SIM card. I try also to read the SIM card plugin directly into the SCR3310 card reader, but the reader didn't recognize the SIM card (no led activity).
At the beginning I thought this must be a new standard for the NFC/SIM cards, but reading 3GPP TS 31.101 V13.2.0 (2016-06), I understood only Class B and C operating conditions should be supported by 3G MEs (page 10 of the document), and using transmission protocols T=0 and T=1. So looks like nothing has change in the protocols/electrical conditions.
I look for 3GPP specs folder searching for something related with this NFC/SIM (http://www.3gpp.org/DynaReport/31-series.htm), but nothing appear. Also searching in google about this simcards I just found Orange document describing the business strategy to use NFC services/wallet;
"On February 21st 2011 many of the world’s leading mobile operators (15 in total) including Orange announced their collective commitment to SIM-based mobile NFC and intention to launch commercial mobile NFC services. In November 2011, the Chinese MNOs increased the momentum of support to SIM based NFC. In January, GSMA communicated that more than 60 MNOs now support these initiatives."
Source: https://www.orange.com/en/content/download/12418/258640/version/1/file/Orang...
But still didn't found any technical spec for this sim cards. Most strange for me is that plugging this SIM card in an old Samsung Galaxy S3 is working normally, so ask myself why plugging in SCR3310 reader or simtrace is not working.
Can anyone help me with this SIM cards specifications? Does anyone been able to read with SIM readers?
Best Regards, Pedro
Hi all,
Just to update, I found something interesting, the Single Wire Protocol: NFC applications on the UICC can communicate to the NFC chip using the SWP interface. Reading on GSMA docs, I found the ETSI TS 102 613 "UICC - Contactless Front-end (CLF) Interface". So looks like is not about 3GPP, but ETSI standards. Also very interesting the GSMA "Requirements for Single Wire Protocol NFC Handsets": http://www.gsma.com/digitalcommerce/wp-content/uploads/2012/03/gsmarequireme...
I continue trying to identify why SCR3310 and simtrace aren't able to read this SIM cards (UICC). Reading simtrace AT91SAM datasheet, it just states "ISO7816, T0 or T1 protocols for interfacing with smart cards", while SCR3310 v2 technical specifications are; -T=1, T=0 protocol support -ISO 7816 Class A, B and C SmartCard -and CT-API (through wrapper on top of PC/SC)
I will continue analyzing the ATR for this SIM cards.
Regards, Pedro
2017-02-27 17:03 GMT+01:00 Pedro Cabrera pedrocab@gmail.com:
Hi all,
I come to all of you as I'm trying to use simtrace to capture the UE-SIM traffic with a 4G+ SIM card, called "next gen SIM card" (the ones with NFC). The only thing I see is the ATR, and the mobile never detects the SIM card. I try also to read the SIM card plugin directly into the SCR3310 card reader, but the reader didn't recognize the SIM card (no led activity).
At the beginning I thought this must be a new standard for the NFC/SIM cards, but reading 3GPP TS 31.101 V13.2.0 (2016-06), I understood only Class B and C operating conditions should be supported by 3G MEs (page 10 of the document), and using transmission protocols T=0 and T=1. So looks like nothing has change in the protocols/electrical conditions.
I look for 3GPP specs folder searching for something related with this NFC/SIM (http://www.3gpp.org/DynaReport/31-series.htm), but nothing appear. Also searching in google about this simcards I just found Orange document describing the business strategy to use NFC services/wallet;
"On February 21st 2011 many of the world’s leading mobile operators (15 in total) including Orange announced their collective commitment to SIM-based mobile NFC and intention to launch commercial mobile NFC services. In November 2011, the Chinese MNOs increased the momentum of support to SIM based NFC. In January, GSMA communicated that more than 60 MNOs now support these initiatives."
Source: https://www.orange.com/en/content/download/12418/258640/ version/1/file/Orange%2BNFC%2Band%2BOrange%2BMoney%2BFact% 2BSheet%2B-%2BFebruary%2B2013.pdf
But still didn't found any technical spec for this sim cards. Most strange for me is that plugging this SIM card in an old Samsung Galaxy S3 is working normally, so ask myself why plugging in SCR3310 reader or simtrace is not working.
Can anyone help me with this SIM cards specifications? Does anyone been able to read with SIM readers?
Best Regards, Pedro
I think the best way to analyze this is to understand the exact voltage, clock rate and Fi/Di values your card is operating on on the working reader(s). Most likely at least one of the parameters is different on the non-working readers.
You should be able to figure all the related values out if you talk CCID directly to the USB device, or extend / "hack up" the ccid driver you're using. Alternatively, an oscilloscopse should also be able to tell you related information.
Regards, Harald
Before proceed with oscilloscope, I do a last test using simtrace and a Samsung Galaxy S3 with this UICC and surprisingly it works, so I have the ATR APDU: 3b 9f 96 c0 0a 3f c7 a0 80 31 e0 73 fe 21 1b 65 d0 01 74 0e a1 81 0f 9c
From there; Fi=512, Di=32, Protocol T=0, class accepted by the card: A, B
and C ( https://smartcard-atr.appspot.com/parse?ATR=3b9f96c00a3fc7a08031e073fe211b65... )
After this, I test over and over again with the same UICC card and an iPhone6 but never got ATR response, just got "ATR APDU: " and iPhone don't recognize SIM card. SCR3310 reader never recognizes the card, always "Card state: Card inserted, Unresponsive card" response.
I test simtrace/iPhone6 and SCR reader using same UICC type from other operator with same results (but working with simtrace/S.Galaxy S3)
Regards, Pedro
2017-03-01 13:16 GMT+01:00 Harald Welte laforge@gnumonks.org:
I think the best way to analyze this is to understand the exact voltage, clock rate and Fi/Di values your card is operating on on the working reader(s). Most likely at least one of the parameters is different on the non-working readers.
You should be able to figure all the related values out if you talk CCID directly to the USB device, or extend / "hack up" the ccid driver you're using. Alternatively, an oscilloscopse should also be able to tell you related information.
Regards, Harald
--
- Harald Welte laforge@gnumonks.org
http://laforge.gnumonks.org/
================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
Hi,
I've been testing the NFC sim with oscilloscope with this results:
- I use the new Omnikey 3121 reader, it was able to read the sim card. Vcc = 5V, Vpp = 3V, CLK = 5 Mhz.
- I try again to read same sim card with SCR 3310, but no way to do it; no green LED, Vcc = 0. I check with an old GRcard SIM, Vcc = 5V, Vpp = 0V, CLK = 5Mhz.
As SCR 3310 reader is unable to read this NFC sim cards, could be because are not implementing OpenCard Framework API (implemented only by Omnikey reader) ?
After test with both readers, I get back to iPhone:
- Using the sim card without simtrace: Vcc = 1.8V, Vpp = 0V and 5Mhz CLK.
- simtrace w/ iPhone SE: * only 2 times wasn't unable to recognize the sim card ("NO SIM card" message), that I guess could be mechanical problems due to wires, cables and so on. * when was able to read the sim, Vcc is always 3V (as in specs), Vpp = 0V and CLK 5 Mhz, but never was able to trace; or just nothing after "ATR APDU:" or gets stuck after a few very strange lines in which bytes CLA doesn't make sense:
APDU: 00 00 04 b0 00 ff ff APDU: 02 90 00 *00 a4 00 04* APDU: *02 a4 6f 07* 61 22 00 APDU: c0 00 00 22 c0 62 20
Looks like order or synchronization is lost, as you can see a regular APDU highlighted between two lines. Could be this issue related with the T=0 implementation?: "*Unfortunately, the Rx Timeout feature of the USART is not working in T=0 mode, so I had to re-implement Rx timeout (waiting time) handling by means of the TC (timer/counter) block 0. Due to technical limitations, we will wait up to one byte (12 etu) more than we should*."
Regards, Pedro
2017-03-02 21:30 GMT+01:00 Pedro Cabrera pedrocab@gmail.com:
Before proceed with oscilloscope, I do a last test using simtrace and a Samsung Galaxy S3 with this UICC and surprisingly it works, so I have the ATR APDU: 3b 9f 96 c0 0a 3f c7 a0 80 31 e0 73 fe 21 1b 65 d0 01 74 0e a1 81 0f 9c
From there; Fi=512, Di=32, Protocol T=0, class accepted by the card: A, B and C (https://smartcard-atr.appspot.com/parse?ATR= 3b9f96c00a3fc7a08031e073fe211b65d001740ea1810f9c)
After this, I test over and over again with the same UICC card and an iPhone6 but never got ATR response, just got "ATR APDU: " and iPhone don't recognize SIM card. SCR3310 reader never recognizes the card, always "Card state: Card inserted, Unresponsive card" response.
I test simtrace/iPhone6 and SCR reader using same UICC type from other operator with same results (but working with simtrace/S.Galaxy S3)
Regards, Pedro
2017-03-01 13:16 GMT+01:00 Harald Welte laforge@gnumonks.org:
I think the best way to analyze this is to understand the exact voltage, clock rate and Fi/Di values your card is operating on on the working reader(s). Most likely at least one of the parameters is different on the non-working readers.
You should be able to figure all the related values out if you talk CCID directly to the USB device, or extend / "hack up" the ccid driver you're using. Alternatively, an oscilloscopse should also be able to tell you related information.
Regards, Harald
--
- Harald Welte laforge@gnumonks.org
http://laforge.gnumonks.org/
================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
-
Harald Welte -
Pedro Cabrera