Trying to use simtrace with 4FF NFC/SIM cards

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/simtrace@lists.osmocom.org/.

Pedro Cabrera pedrocab at gmail.com
Fri Mar 17 01:45:57 UTC 2017


Hi,

I've been testing the NFC sim with oscilloscope with this results:

- I use the new Omnikey 3121 reader, it was able to read the sim card. Vcc
= 5V, Vpp = 3V, CLK = 5 Mhz.

- I try again to read same sim card with SCR 3310, but no way to do it; no
green LED, Vcc = 0. I check with an old GRcard SIM, Vcc = 5V, Vpp = 0V, CLK
= 5Mhz.

As SCR 3310 reader is unable to read this NFC sim cards, could be because
are not implementing OpenCard Framework API (implemented only by Omnikey
reader) ?

After test with both readers, I get back to iPhone:

- Using the sim card without simtrace: Vcc = 1.8V, Vpp = 0V and 5Mhz CLK.

- simtrace w/ iPhone SE:
        * only 2 times wasn't unable to recognize the sim card ("NO SIM
card" message), that I guess could be mechanical problems due to wires,
cables and so on.
       * when was able to read the sim, Vcc is always 3V (as in specs), Vpp
= 0V and CLK 5 Mhz, but never was able to trace; or just nothing after "ATR
APDU:" or gets stuck after a few very strange lines in which bytes CLA
doesn't make sense:

APDU: 00 00 04 b0 00 ff ff
APDU: 02 90 00 *00 a4 00 04*
APDU: *02 a4 6f 07* 61 22 00
APDU: c0 00 00 22 c0 62 20

Looks like order or synchronization is lost, as you can see a regular APDU
highlighted between two lines. Could be this issue related with the T=0
implementation?: "*Unfortunately, the Rx Timeout feature of the USART is
not working in T=0 mode, so I had to re-implement Rx timeout (waiting time)
handling by means of the TC (timer/counter) block 0. Due to technical
limitations, we will wait up to one byte (12 etu) more than we should*."

Regards,
Pedro


2017-03-02 21:30 GMT+01:00 Pedro Cabrera <pedrocab at gmail.com>:

> Before proceed with oscilloscope, I do a last test using simtrace and a
> Samsung Galaxy S3 with this UICC and surprisingly it works, so I have the
> ATR APDU:  3b 9f 96 c0 0a 3f c7 a0 80 31 e0 73 fe 21 1b 65 d0 01 74 0e a1
> 81 0f 9c
>
> From there; Fi=512, Di=32, Protocol T=0, class accepted by the card: A, B
> and C (https://smartcard-atr.appspot.com/parse?ATR=
> 3b9f96c00a3fc7a08031e073fe211b65d001740ea1810f9c)
>
> After this, I test over and over again with the same UICC card and an
> iPhone6 but never got ATR response, just got "ATR APDU: " and iPhone don't
> recognize SIM card. SCR3310 reader never recognizes the card, always "Card
> state: Card inserted, Unresponsive card" response.
>
> I test simtrace/iPhone6 and SCR reader using same UICC type from other
> operator with same results (but working with simtrace/S.Galaxy S3)
>
> Regards,
> Pedro
>
>
> 2017-03-01 13:16 GMT+01:00 Harald Welte <laforge at gnumonks.org>:
>
>> I think the best way to analyze this is to understand the exact voltage,
>> clock rate and Fi/Di values your card is operating on on the working
>> reader(s).  Most likely at least one of the parameters is different on
>> the non-working readers.
>>
>> You should be able to figure all the related values out if you talk
>> CCID directly to the USB device, or extend / "hack up" the ccid driver
>> you're using.  Alternatively, an oscilloscopse should also be able to
>> tell you related information.
>>
>> Regards,
>>         Harald
>>
>> --
>> - Harald Welte <laforge at gnumonks.org>
>> http://laforge.gnumonks.org/
>> ============================================================
>> ================
>> "Privacy in residential applications is a desirable marketing option."
>>                                                   (ETSI EN 300 175-7 Ch.
>> A6)
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/simtrace/attachments/20170317/b22d3bbe/attachment.htm>


More information about the simtrace mailing list