simtrac hw

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at

ml at ml at
Mon Nov 22 14:24:55 UTC 2010

On 22.11.2010 13:47, Sébastien Lorquet wrote:
> MITM is useful to create a generic tool that is able to rewrite APDUs
> on-the-fly. Like a live apdu patcher.
In this direction, we could interrupt the I/O line between reader and SC
after the interesting header has been detected, and send our custom
response. Thus the MitM would replaces the responses instead of patching
them. This could lead having different states between SC and reader
(general issue with MitM).
Having to possibility to separately control the SC and reader could
enable use to put them in the right state with additional APDU.

I did not mesure/test timings of SCs, so I can't tell it it's feasible,
but with a fast processor (18MHz), may be ?
With the interrupt solution (instead of patching and forwarding) the
timing would modified only for the custom responses.
This is good if the reader only does MitM detection on the average
timing, but bad if it uses peaks as an alert. I don't know which is the
most common (if there is)

> So the voltage is not important. My opinion is that in practice, all
> SIMs vendors, that will want their cards to work on the largest number
> of phones, will support all the 3 voltage classes (5,3.3,1.8V). If not,
> you cannot destroy a card by applying any of these 3 supply voltages.
To be able to be compatible with all 3 classes, we could use multiple
level shifter. It would make the hw more complicated and expensive, but
would be the right way (if it's worse doing it)

More information about the baseband-devel mailing list