Hi folks,
Seems not all phones use 3V signaling if the PHONE-side VCC pin is tied to 3V. This one insists on 1.8V : BLU SAMBA JR PLUS
Is this trick of tying VCC to 3V standard behavior?
For future version of the board, it might be interesting to tie the VCC pin to an ADC input, to detect different voltage levels so the firmware can wait until phone decides to use 3V.
Cheers Tom
Excerpts from Tom Schouten's message of 2013-07-26 22:55:32 +0200:
Hi folks,
Seems not all phones use 3V signaling if the PHONE-side VCC pin is tied to 3V. This one insists on 1.8V : BLU SAMBA JR PLUS
how does the phone behave?
Is this trick of tying VCC to 3V standard behavior?
no, it is not standard. It just works (most of the time). And it should not damage the SIM nor the phone.
For future version of the board, it might be interesting to tie the VCC pin to an ADC input, to detect different voltage levels so the firmware can wait until phone decides to use 3V.
this will be done in the next board
Cheers Tom
On 07/26/2013 05:05 PM, Kevin Redon wrote:
Excerpts from Tom Schouten's message of 2013-07-26 22:55:32 +0200:
Hi folks,
Seems not all phones use 3V signaling if the PHONE-side VCC pin is tied to 3V. This one insists on 1.8V : BLU SAMBA JR PLUS
how does the phone behave?
if the at91 doesn't respond, the phone goes through the following power/reset sequence, about 1 second apart:
1.8V 3V 3V 1.8V
the at91 seems to mostly interpret the 1.8V serial line correctly, so the phone just starts talking at 1.8V until this eventually goes wrong.
Is this trick of tying VCC to 3V standard behavior?
no, it is not standard. It just works (most of the time). And it should not damage the SIM nor the phone.
For future version of the board, it might be interesting to tie the VCC pin to an ADC input, to detect different voltage levels so the firmware can wait until phone decides to use 3V.
this will be done in the next board
good ( next to some GPIOs maybe ;)
for the MITM, there seem to be a couple of variables to play with (as compared to passive sniffing) that make it a little more reliable:
- wait for X number of power cycles, i.e. don't send ATR until the 3V3 one comes up - manipulate ATR: it seems possible to set the voltage class explicitly
The power-wait works for the BLU phone I mentioned, and the Nexus One. N1 also starts out with a different voltage (about 2.3V, weird..)
Hi Tom,
On Fri, Jul 26, 2013 at 04:55:32PM -0400, Tom Schouten wrote:
For future version of the board, it might be interesting to tie the VCC pin to an ADC input, to detect different voltage levels so the firmware can wait until phone decides to use 3V.
this is more or less what we intended to do from the beginning, but somehow there was an error in the schematic so we had to resort on this.
If I remember correctly off my head the story goes like this:
So the original idea was to always forward the same VCC voltage from the phone to the sim card by means of a switch, and alternatively provide the SIM-side VCC with voltage from a regulator.
However, as both the regolator output and the forward-switch output were connected together, and the regulator could not deal with voltage beping present at its output while being disabled, the circuit never worked as expected.
We didn't touch the simtrace v1.x hardware for a long time, as Kevin started work on a completely different v2.x hardware years ago. However, due to lack of time and other projects, this never really emerged beyond the early design phase (as far as I know).
If I was to do an updated version of simtrace, I would also move to an at91sam3s instead of the at91sam7s, as the former has more USB endpoints enabling the CCID + CDC-ACM simultaneous operation for the MITM mode.
Regards, Harald
-
Harald Welte -
Kevin Redon -
Tom Schouten