Project

General

Profile

Wiki » History » Version 10

tsaitgaist, 07/10/2018 03:21 PM
updated hardware and firmware

1 1 tsaitgaist
h1. Osmocom SIMtrace 2
2
3 8 laforge
Osmocom SIMtrace 2 is a software, firmware and hardware system for passively tracing SIM-ME communication between the SIM card and the mobile phone, and remote SIM operation.
4 9 tsaitgaist
While it was designed for SIM-ME communication, it supports all ISO 7816 smart-cards using the T=0 protocol (the most common case).
5 1 tsaitgaist
6 9 tsaitgaist
It is a followup of the project:simtrace, providing more functionalities (e.g. remote SIM operation) and supporting multiple boards (e.g. SIMtrace with SAM3S, "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html).
7 1 tsaitgaist
8
h2. Hardware
9
10 10 tsaitgaist
The SIMtrace 2 firmware supports several boards.
11
The firmware is written for an "ATSAM3S4B":https://www.microchip.com/wwwproducts/en/ATSAM3S4B micro-controller.
12 1 tsaitgaist
13 10 tsaitgaist
Note: The SAM3S is meanwhile labelled as _not recommended for new designs_ by Atmel. However, there are plenty of hardware and software compatible upgrade options, including SAM4S, in the future.
14 1 tsaitgaist
15 10 tsaitgaist
h3. SIMtrace 2
16 1 tsaitgaist
17 10 tsaitgaist
!{width:20%}simtrace-board-mini.jpg!
18 9 tsaitgaist
19 10 tsaitgaist
The main purpose of this board is to sniff the communication between a phone and a SIM card (or any card reader and smart-card).
20 1 tsaitgaist
21 10 tsaitgaist
This is the same board as the previous "SIMtrace 1":/project/simtrace/wiki/SIMtrace_Hardware, with the exception that the "ATSAM3S4B":https://www.microchip.com/wwwproducts/en/ATSAM3S4B micro-controller replaces the old "AT91SAM7S64":https://www.microchip.com/wwwproducts/en/AT91SAM7S64. Since the SAM3S is pin compatible with the SAM7S, any SIMtrace 1 board can be converted into a SIMtrace 2 board simply by replacing the micro-controller.
22 1 tsaitgaist
23 10 tsaitgaist
Note: This hardware is "open source":https://git.osmocom.org/simtrace/tree/hardware.
24 1 tsaitgaist
25
h3. sysmoQMOD
26
27
!{width:25%}sysmoqmod.png!
28
29
The SAM3S micro-controller with SIMtrace 2 firmware is also used on the "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html board to provide remote SIM operation capabilities.
30
31
Note: This hardware is not open source.
32
33
h2. Firmware
34
35 10 tsaitgaist
The SIMtrace 2 firmware source code is available in "git":https://git.osmocom.org/simtrace2/.
36
It is currently under active development and we recommend to [[Flashing|flash]] the new firmware images to profit from the latest bug fixes and added functionalities.
37 1 tsaitgaist
38
The SIMtrace 2 firmware is a complete rewrite and *can only be flashed on hardware with SAM3S* ARM Cortex-M3-based micro-controllers.
39 10 tsaitgaist
*The SIMtrace 2 firmware is not compatible with the older "SIMtrace 1":/project/simtrace/wiki/SIMtrace_Hardware using SAM7S ARM7TDMI-based micro-controllers.*
40 1 tsaitgaist
41 10 tsaitgaist
h3. sniffer
42 1 tsaitgaist
43 10 tsaitgaist
The sniffer firmware allow to sniff the communication between a phone and a SIM card (or any card reader and smart-card).
44
It is intended for the [[Wiki#SIMtrace 2|SIMtrace 2 hardware]] and its function is analog to the "SIMtrace 1":/projects/simtrace/wiki/SIMtrace_Firmware.
45
46
!{width:25%}simtrace_and_phone.jpg!
47
48
The application firmware to be flashed using [[Flashing#DFU|DFU]] is attachment:simtrace-trace-dfu.bin.
49
It corresponds to the @trace@ app in the source code.
50
51
h2. Flashing
52
53
The [[Wiki#Firmware|firmware images]] can be flashed as described [[Flashing|here]].
54 1 tsaitgaist
55 3 tsaitgaist
h4. DFU
56
57
SIMtrace 2 comes with a USB DFU bootloader pre-installed which allows to flash the application firmware over USB using the @dfu-util@ utility.
58
59
To get @dfu-util@:
60
<pre>
61
sudo apt-get install dfu-util
62
</pre>
63
64
65
To flash the firmware:
66
<pre>
67 5 tsaitgaist
sudo dfu-util --device 1d50:60e3 --cfg 1 --alt 1 --reset --download ./bin/simtrace-trace-dfu.bin
68 3 tsaitgaist
</pre>
69
70
To prevent using @sudo@ in order to use @dfu-util@ on SIMtrace 2, grant access permission to the USB device to the current user:
71
<pre>
72
# create osmocom group
73
sudo groupadd osmocom
74
# add current user to osmocom group (user needs to re-login for this change to take effect)
75
sudo adduser $USERNAME osmocom
76
# grant access permission to SIMtrace 2 for osmocom group
77
sudo tee -a /etc/udev/rules.d/10-osmocom.rules << EOF
78
# SIMtrace 2
79
SUBSYSTEM=="usb", ATTRS{idVendor}=="1d50", ATTR{idProduct}=="60e3",  MODE="0660", GROUP="osmocom" 
80
EOF
81
# reload udev rules
82
sudo udevadm control --reload-rules
83
sudo udevadm trigger
84
</pre>
85
86
@dfu-util@ should reset the board and use the DFU bootloader.
87
Try the command a second time if it did not work at first.
88
If this still does not work, power up the board while pressing the *BOOTLOADER* button.
89
90
If the USB DFU bootloader is missing, defective, or needs to be updated, use the JTAG or SAM-BA methods to flash the bootloader firmware.
91
92
h4. SAMBA
93
94
The SAM3S micro-controller comes with an embedded bootloader called SAMBA, allowing to flash firmwares over USB.
95
The SAMBA bootloader can be used to flash the DFU bootloader.
96
To activate the SAMBA bootloader:
97
# short the *ERASE* pin on the top of the board with the nearby 3V3 pin using a jumper
98
# connect SIMtrace 2 over USB to power it up (no LED will light up)
99
# using @lsusb@ you should find the following entry:
100
<pre>
101
ID 03eb:6124 Atmel Corp. at91sam SAMBA bootloader
102
</pre>
103
# using @journalctl -f@ ensure SIMtrace 2 has been recognized as USB ACM device:
104
<pre>
105
kernel: usb 2-2: new full-speed USB device number 4 using xhci_hcd
106
kernel: usb 2-2: New USB device found, idVendor=03eb, idProduct=6124
107
kernel: usb 2-2: New USB device strings: Mfr=0, Product=0, SerialNumber=0
108
kernel: cdc_acm 2-2:1.0: ttyACM0: USB ACM device
109
kernel: usbcore: registered new interface driver cdc_acm
110
kernel: cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
111
</pre>
112
# remove the jumper shorting *ERASE* to 3V3
113
# install the @bossac@ utility to flash using the SAMBA protocol
114
<pre>
115
sudo apt install bossac
116
</pre>
117
# flash the USB DFU firmware using @bossac@ (note: @erase@ ensures no main application remains so to force booting the USB DFU bootloader; @boot=1@ ensures the micro-controller will boot from the internal flash instead of the embedded bootloader next time it is powered up)
118
<pre>
119
sudo bossac --port /dev/ttyACM0 --erase --write ./bin/simtrace-dfu-flash.bin --verify --boot=1
120
</pre>
121
# to prevent using @sudo@, grant to current user the permission to access USB serial devices (e.g. @/dev/ttyACM0@). Note: this change only takes effect after re-logging-in
122
<pre>
123
sudo adduser $USERNAME dialout
124
</pre>
125
126
Once the USB DFU bootloader is flashed, when re-pluging SIMtrace 2 over USB, you can flash the main application firmware using the DFU method.
127
128
h4. JTAG
129
130
It is also possible to flash or debug SIMtrace 2 over JTAG using the ARM 20-pin JTAG header on the top of the board.
131
132
To flash the USB DFU firmware using JTAG:
133
# install the JTAG utility @openOCD@
134
<pre>
135
sudo apt install openocd
136
</pre>
137
# flash the USB DFU bootloader firmware
138
<pre>
139 6 tsaitgaist
openocd --file interface/jlink.cfg --file target/at91sam3sXX.cfg --command "init" --command "halt" --command "flash write_bank 0 ./bin/simtrace-dfu-flash.bin 0" --command "at91sam3 gpnvm set 1" --command "reset" --command "shutdown"
140 3 tsaitgaist
</pre>
141 1 tsaitgaist
#* replace @interface/jlink.cfg@ with the configuration file for your JTAG debugging adapter
142
#* @at91sam3 gpnvm set 1@ ensures the micro-controller will boot from the internal flash (i.e. not from the embedded SAMBA bootloader)
143 6 tsaitgaist
144
The SAM3S also offers the low pin-count SWD alternative to JTAG, allowing to use an inexpensive ST-Link V2 (clone) to flash (and debug):
145
<pre>
146 7 tsaitgaist
openocd --file interface/stlink-v2.cfg --command "set CPUTAPID 0x2ba01477" --file target/at91sam3sXX.cfg --command "init" --command "halt" --command "flash write_bank 0 ./bin/simtrace-dfu-flash.bin 0" --command "at91sam3 gpnvm set 1" --command "reset" --command "shutdown"
147 6 tsaitgaist
</pre>
148
149 7 tsaitgaist
SWD pinout:
150
!simtrace_swd.jpg!
151 3 tsaitgaist
152
Once the USB DFU bootloader is flashed, when re-pluging SIMtrace 2 over USB, you can flash the main application firmware using the DFU method.
153 1 tsaitgaist
154
h3. Development
155
156
To compile the firmware using the source code, or participate in the development, please refer to the instructions provided in the "README":https://git.osmocom.org/simtrace2/tree/firmware/README.txt .
157
158
h2. Host PC Software
159
160
TODO
Add picture from clipboard (Maximum size: 48.8 MB)