Wiki » History » Version 9
tsaitgaist, 07/10/2018 09:21 AM
restart rewrite (not finished)
1 | 1 | tsaitgaist | h1. Osmocom SIMtrace 2 |
---|---|---|---|
2 | |||
3 | 8 | laforge | Osmocom SIMtrace 2 is a software, firmware and hardware system for passively tracing SIM-ME communication between the SIM card and the mobile phone, and remote SIM operation. |
4 | 9 | tsaitgaist | While it was designed for SIM-ME communication, it supports all ISO 7816 smart-cards using the T=0 protocol (the most common case). |
5 | 1 | tsaitgaist | |
6 | 9 | tsaitgaist | It is a followup of the project:simtrace, providing more functionalities (e.g. remote SIM operation) and supporting multiple boards (e.g. SIMtrace with SAM3S, "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html). |
7 | 1 | tsaitgaist | |
8 | h2. Hardware |
||
9 | |||
10 | The SIMtrace 2 firmware supports several boards (see below) |
||
11 | |||
12 | 9 | tsaitgaist | The firmware is written for a "ATSAM3S4B":https://www.microchip.com/wwwproducts/en/ATSAM3S4B micro-controller, replacing the old "AT91SAM7S64":https://www.microchip.com/wwwproducts/en/AT91SAM7S64 used by the older project:simtrace. |
13 | 1 | tsaitgaist | |
14 | 8 | laforge | Note: The SAM3S is meanwhile also labelled as _not recommended for new designs_ by Atmel. However, there are plenty of hardware and software compatible upgrade options, including SAM4S, in the future. |
15 | 1 | tsaitgaist | |
16 | h3. SIMtrace2 |
||
17 | |||
18 | 9 | tsaitgaist | simtrace-board-mini.jpg! |
19 | |||
20 | 1 | tsaitgaist | The SAM3S is pin compatible with the SAM7S. |
21 | 9 | tsaitgaist | This allows to continue using the same project:simtrace/wiki/SIMtrace_Hardware circuit board, just by replacing the micro-controller. |
22 | 1 | tsaitgaist | |
23 | Note: This hardware is open source. |
||
24 | |||
25 | h3. sysmoQMOD |
||
26 | |||
27 | 9 | tsaitgaist | !{width:25%}sysmoqmod.png! |
28 | |||
29 | 1 | tsaitgaist | The SAM3S micro-controller with SIMtrace 2 firmware is also used on the "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html board to provide remote SIM operation capabilities. |
30 | |||
31 | Note: This hardware is not open source. |
||
32 | |||
33 | h2. Firmware |
||
34 | |||
35 | 8 | laforge | The SIMtrace 2 firmware source code is available "here":https://git.osmocom.org/simtrace2/ but is still under development. |
36 | 1 | tsaitgaist | |
37 | 9 | tsaitgaist | Once ready, binary files will also be released. |
38 | 1 | tsaitgaist | |
39 | 8 | laforge | The SIMtrace 2 firmware is a complete rewrite and *can only be flashed on hardware with SAM3S* ARM Cortex-M3-based micro-controllers. |
40 | |||
41 | 9 | tsaitgaist | *simtrace2 firmware is not compatible with the older project:simtrace/wiki/SIMtrace_Hardware using SAM7S ARM7TDMI-based micro-controllers.* |
42 | 1 | tsaitgaist | |
43 | h3. Flashing |
||
44 | |||
45 | 3 | tsaitgaist | h4. DFU |
46 | |||
47 | SIMtrace 2 comes with a USB DFU bootloader pre-installed which allows to flash the application firmware over USB using the @dfu-util@ utility. |
||
48 | |||
49 | To get @dfu-util@: |
||
50 | <pre> |
||
51 | sudo apt-get install dfu-util |
||
52 | </pre> |
||
53 | |||
54 | |||
55 | To flash the firmware: |
||
56 | <pre> |
||
57 | 5 | tsaitgaist | sudo dfu-util --device 1d50:60e3 --cfg 1 --alt 1 --reset --download ./bin/simtrace-trace-dfu.bin |
58 | 3 | tsaitgaist | </pre> |
59 | |||
60 | To prevent using @sudo@ in order to use @dfu-util@ on SIMtrace 2, grant access permission to the USB device to the current user: |
||
61 | <pre> |
||
62 | # create osmocom group |
||
63 | sudo groupadd osmocom |
||
64 | # add current user to osmocom group (user needs to re-login for this change to take effect) |
||
65 | sudo adduser $USERNAME osmocom |
||
66 | # grant access permission to SIMtrace 2 for osmocom group |
||
67 | sudo tee -a /etc/udev/rules.d/10-osmocom.rules << EOF |
||
68 | # SIMtrace 2 |
||
69 | SUBSYSTEM=="usb", ATTRS{idVendor}=="1d50", ATTR{idProduct}=="60e3", MODE="0660", GROUP="osmocom" |
||
70 | EOF |
||
71 | # reload udev rules |
||
72 | sudo udevadm control --reload-rules |
||
73 | sudo udevadm trigger |
||
74 | </pre> |
||
75 | |||
76 | @dfu-util@ should reset the board and use the DFU bootloader. |
||
77 | Try the command a second time if it did not work at first. |
||
78 | If this still does not work, power up the board while pressing the *BOOTLOADER* button. |
||
79 | |||
80 | If the USB DFU bootloader is missing, defective, or needs to be updated, use the JTAG or SAM-BA methods to flash the bootloader firmware. |
||
81 | |||
82 | h4. SAMBA |
||
83 | |||
84 | The SAM3S micro-controller comes with an embedded bootloader called SAMBA, allowing to flash firmwares over USB. |
||
85 | The SAMBA bootloader can be used to flash the DFU bootloader. |
||
86 | To activate the SAMBA bootloader: |
||
87 | # short the *ERASE* pin on the top of the board with the nearby 3V3 pin using a jumper |
||
88 | # connect SIMtrace 2 over USB to power it up (no LED will light up) |
||
89 | # using @lsusb@ you should find the following entry: |
||
90 | <pre> |
||
91 | ID 03eb:6124 Atmel Corp. at91sam SAMBA bootloader |
||
92 | </pre> |
||
93 | # using @journalctl -f@ ensure SIMtrace 2 has been recognized as USB ACM device: |
||
94 | <pre> |
||
95 | kernel: usb 2-2: new full-speed USB device number 4 using xhci_hcd |
||
96 | kernel: usb 2-2: New USB device found, idVendor=03eb, idProduct=6124 |
||
97 | kernel: usb 2-2: New USB device strings: Mfr=0, Product=0, SerialNumber=0 |
||
98 | kernel: cdc_acm 2-2:1.0: ttyACM0: USB ACM device |
||
99 | kernel: usbcore: registered new interface driver cdc_acm |
||
100 | kernel: cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters |
||
101 | </pre> |
||
102 | # remove the jumper shorting *ERASE* to 3V3 |
||
103 | # install the @bossac@ utility to flash using the SAMBA protocol |
||
104 | <pre> |
||
105 | sudo apt install bossac |
||
106 | </pre> |
||
107 | # flash the USB DFU firmware using @bossac@ (note: @erase@ ensures no main application remains so to force booting the USB DFU bootloader; @boot=1@ ensures the micro-controller will boot from the internal flash instead of the embedded bootloader next time it is powered up) |
||
108 | <pre> |
||
109 | sudo bossac --port /dev/ttyACM0 --erase --write ./bin/simtrace-dfu-flash.bin --verify --boot=1 |
||
110 | </pre> |
||
111 | # to prevent using @sudo@, grant to current user the permission to access USB serial devices (e.g. @/dev/ttyACM0@). Note: this change only takes effect after re-logging-in |
||
112 | <pre> |
||
113 | sudo adduser $USERNAME dialout |
||
114 | </pre> |
||
115 | |||
116 | Once the USB DFU bootloader is flashed, when re-pluging SIMtrace 2 over USB, you can flash the main application firmware using the DFU method. |
||
117 | |||
118 | h4. JTAG |
||
119 | |||
120 | It is also possible to flash or debug SIMtrace 2 over JTAG using the ARM 20-pin JTAG header on the top of the board. |
||
121 | |||
122 | To flash the USB DFU firmware using JTAG: |
||
123 | # install the JTAG utility @openOCD@ |
||
124 | <pre> |
||
125 | sudo apt install openocd |
||
126 | </pre> |
||
127 | # flash the USB DFU bootloader firmware |
||
128 | <pre> |
||
129 | 6 | tsaitgaist | openocd --file interface/jlink.cfg --file target/at91sam3sXX.cfg --command "init" --command "halt" --command "flash write_bank 0 ./bin/simtrace-dfu-flash.bin 0" --command "at91sam3 gpnvm set 1" --command "reset" --command "shutdown" |
130 | 3 | tsaitgaist | </pre> |
131 | 1 | tsaitgaist | #* replace @interface/jlink.cfg@ with the configuration file for your JTAG debugging adapter |
132 | #* @at91sam3 gpnvm set 1@ ensures the micro-controller will boot from the internal flash (i.e. not from the embedded SAMBA bootloader) |
||
133 | 6 | tsaitgaist | |
134 | The SAM3S also offers the low pin-count SWD alternative to JTAG, allowing to use an inexpensive ST-Link V2 (clone) to flash (and debug): |
||
135 | <pre> |
||
136 | 7 | tsaitgaist | openocd --file interface/stlink-v2.cfg --command "set CPUTAPID 0x2ba01477" --file target/at91sam3sXX.cfg --command "init" --command "halt" --command "flash write_bank 0 ./bin/simtrace-dfu-flash.bin 0" --command "at91sam3 gpnvm set 1" --command "reset" --command "shutdown" |
137 | 6 | tsaitgaist | </pre> |
138 | |||
139 | 7 | tsaitgaist | SWD pinout: |
140 | !simtrace_swd.jpg! |
||
141 | 3 | tsaitgaist | |
142 | Once the USB DFU bootloader is flashed, when re-pluging SIMtrace 2 over USB, you can flash the main application firmware using the DFU method. |
||
143 | 1 | tsaitgaist | |
144 | h3. Development |
||
145 | |||
146 | To compile the firmware using the source code, or participate in the development, please refer to the instructions provided in the "README":https://git.osmocom.org/simtrace2/tree/firmware/README.txt . |
||
147 | |||
148 | h2. Host PC Software |
||
149 | |||
150 | TODO |