Open Source Mobile Communications: Issueshttps://osmocom.org/https://osmocom.org/favicon.ico?16647414092023-09-15T15:44:53ZOpen Source Mobile Communications
Redmine SIMtrace 2 - Bug #6181 (Feedback): Unexpected INS code with simtrace2-sniff: 0x7fhttps://osmocom.org/issues/61812023-09-15T15:44:53Zv.marinos
<p>Hello,</p>
<p>I used `simtrace2-sniff` to sniff the messages between my sysmocom SIM cards and a Google Pixel 5, during 5G SA registration. I captured the traffic with tcpdump over port 4729 (pcap file attached).</p>
<p>I am using Open5GS and srsRAN (5G) for the core and RAN respectively. The phone connects to the core successfully and has internet access.</p>
<p>When I replay the captured messages with pySim-trace I get the following error: "ValueError: Unknown CLA=A4 INS=7F". Wireshark also shows the same INS code, as Unknown (0x7f).</p>
<p>I looked at ETSI TS 102 221 V17.1.0 (2022-02), Table 10.5, and couldn't find any reference of APDU with INS code 0x7f.</p>
<p>Do you have any insights on why this APDU is showing up?</p>
<p>Thanks,<br />Marinos</p> SIMtrace 2 - Bug #5921 (In Progress): simtrace2 cardem vs. Linux kernel USB autosuspendhttps://osmocom.org/issues/59212023-02-23T17:40:01Zlaforge
<p>(at least) after the following patch was merged, simtrace2-cardem doesn't work with Linux kernels' USB autosuspend anymore:<br /><pre>
commit a5d537973db9359804e82a506057f3dd6d53fab9
Author: Harald Welte <laforge@osmocom.org>
Date: Mon Jul 25 19:59:08 2022 +0200
cardem: reset the uC in case of USB disconnect
</pre></p>
<p>The problem is that the USB kernel notices the simtrace2 device is not in use (no application using it), which in turn means it will power-down the device after 5s. The device then recognizes this as USB disconnect, and we use that to reset the firmware:</p>
<pre>
=============================================================================
SIMtrace2 firmware 0.8.1.58-773d, BOARD=simtrace, APP=cardem
(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon
=============================================================================
-I- Chip ID: 0x299b0a60 (Ext 0x00000000)
-I- Serial Nr. 44203020-48574336-30303931-32323032
-I- Reset Cause: software reset (processor reset required by the software)
-I- USB init...
USBD_Init
SetAddr(22) -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ SetCfg(1) cfgChanged1 -I- calling configure of all configurations...
-I- calling init of config 1...
-I- Modem 0: physical SIM
-I- 0: Use local/physical SIM
-I- entering main loop...
-I- USB is now configured
-I- Resetting uC on USB disconnect
=============================================================================
SIMtrace2 firmware 0.8.1.58-773d, BOARD=simtrace, APP=cardem
(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon
=============================================================================
-I- Chip ID: 0x299b0a60 (Ext 0x00000000)
-I- Serial Nr. 44203020-48574336-30303931-32323032
-I- Reset Cause: software reset (processor reset required by the software)
-I- USB init...
USBD_Init
SetAddr(23) -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ -W- Sta 0x888A8 [0] -W- _ SetCfg(1) cfgChanged1 -I- calling configure of all configurations...
-I- calling init of config 1...
-I- Modem 0: physical SIM
-I- 0: Use local/physical SIM
-I- entering main loop...
-I- USB is now configured
-I- Resetting uC on USB disconnect
</pre>
<p>This in turn will make the device enumerate and re-enumerate in 5s cycles:</p>
<pre>
[585591.174222] usb 1-1: new full-speed USB device number 84 using xhci_hcd
[585591.330180] usb 1-1: New USB device found, idVendor=1d50, idProduct=60e3, bcdDevice= 0.02
[585591.330216] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[585591.330231] usb 1-1: Product: SIMtrace 2
[585591.330242] usb 1-1: Manufacturer: sysmocom - s.f.m.c. GmbH
[585591.330253] usb 1-1: SerialNumber: 44203020485743363030393132323032
[585594.759881] usb 1-1: USB disconnect, device number 84
[585595.530214] usb 1-1: new full-speed USB device number 85 using xhci_hcd
[585595.682690] usb 1-1: New USB device found, idVendor=1d50, idProduct=60e3, bcdDevice= 0.02
[585595.682697] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[585595.682701] usb 1-1: Product: SIMtrace 2
[585595.682704] usb 1-1: Manufacturer: sysmocom - s.f.m.c. GmbH
[585595.682706] usb 1-1: SerialNumber: 44203020485743363030393132323032
[585598.802549] usb 1-1: USB disconnect, device number 85
[585602.158170] usb 1-1: new full-speed USB device number 86 using xhci_hcd
[585602.313720] usb 1-1: New USB device found, idVendor=1d50, idProduct=60e3, bcdDevice= 0.02
[585602.313757] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[585602.313772] usb 1-1: Product: SIMtrace 2
[585602.313784] usb 1-1: Manufacturer: sysmocom - s.f.m.c. GmbH
[585602.313795] usb 1-1: SerialNumber: 44203020485743363030393132323032
[585606.602416] usb 1-1: USB disconnect, device number 86
</pre> SIMtrace 2 - Bug #5770 (Feedback): simtrace2 firmware ignores any but the first USB message sent...https://osmocom.org/issues/57702022-11-14T17:46:04Zlaforge
<p>The simtrace2 firmware appears to have a problem (probably a race condition of some sort, with the USB stack) where it accepts the first USB message sent by simtrace2-list after a reset, but then ignores others. During investigation, it was noticed that when sending two commands in a row from a single instance of simtrace2, the first is ignored, and the second is processed.</p>
<p>So, in <a class="external" href="https://gerrit.osmocom.org/c/simtrace2/+/26864">https://gerrit.osmocom.org/c/simtrace2/+/26864</a> a hack was put into `simtrace2-tool` so that it sends a fake, empty, error message, to kick the remote SIM firmware into accepting the second, real message. The strange thing is, that when you send two messages like this, it has the side effect of keeping the processor from getting stuck.</p>
<p>So, something about sending two messages has two effects 1.) it kicks the SIM firmware, if it is stuck, and 2.) prevents the SIM firmware from getting stuck in the first place.</p> SIMtrace 2 - Bug #5639 (Feedback): No packet captured but only "Card state change:"https://osmocom.org/issues/56392022-07-31T16:18:56Zg1bbs
<p>Hello, I'm facing a problem when using the trace function. It doesn't capture any packets and the phone (iphone se/iphone xs) shows "No SIM card".</p>
<p>I used the latest version firmware, flashed with dfu-util. I inserted the valid sim card into the simtrace board, inserted the cable-sim into the phone, start the sniff program and turn on the phone. But it keep output "Card state change:". Is it a bug or my problem? Thanks!</p>
<p>(the board version on the back is v1.5 with ATSAM3SD8B chip)</p>
<p>Here's the console output when flushing.
*<strong><b></strong>*</b>**<strong>**</strong>*******************************<br />test@1-NUC8i7BEH:~/SIMtrace$ sudo dfu-util --device 1d50:60e3 --cfg 1 --alt 1 --reset --download simtrace-trace-dfu-latest.bin <br />dfu-util 0.8</p>
<p>Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.<br />Copyright 2010-2014 Tormod Volden and Stefan Schmidt<br />This program is Free Software and has ABSOLUTELY NO WARRANTY<br />Please report bugs to <a class="email" href="mailto:dfu-util@lists.gnumonks.org">dfu-util@lists.gnumonks.org</a></p>
<p>dfu-util: Invalid DFU suffix signature<br />dfu-util: A valid DFU suffix will be required in a future dfu-util release!!!<br />Opening DFU capable USB device...<br />ID 1d50:60e3<br />Run-time device DFU version 0100<br />Claiming USB DFU Runtime Interface...<br />Determining device status: state = appIDLE, status = 0<br />Device really in Runtime Mode, send DFU detach request...<br />Device will detach and reattach...<br />Opening DFU USB Device...<br />Claiming USB DFU Interface...<br />Setting Alternate Setting <a class="issue tracker-2 status-5 priority-5 priority-highest closed" title="Feature: port Dieter's windows code to mISDN (Closed)" href="https://osmocom.org/issues/1">#1</a> ...<br />Determining device status: state = dfuIDLE, status = 0<br />dfuIDLE, continuing<br />DFU mode device DFU version 0100<br />Device returned transfer size 512<br />Copying data from PC to DFU device<br />Download [=========================] 100% 23532 bytes<br />Download done.<br />state(7) = dfuMANIFEST, status(0) = No error condition is present<br />state(2) = dfuIDLE, status(0) = No error condition is present<br />Done!<br />dfu-util: can't detach<br />Resetting USB to switch back to runtime mode</p>
<p><strong><b>the console will stuck here</b></strong><br />------------------------------------------------</p>
<p>Here's the console output when tracing.
*<strong><b></strong>*</b>**<strong>**</strong>**********************************<br />test@1-NUC8i7BEH:~/SIMtrace/simtrace2/host/src$ ./simtrace2-list <br />USB matches: 2<br /> 1d50:60e3 Addr=6, Path=1-4, Cfg=1, Intf=0, Alt=0: 255/1/0 (SIMtrace Sniffer)<br /> 1d50:60e3 Addr=6, Path=1-4, Cfg=2, Intf=0, Alt=0: 255/255/0 (0.8.1.36-a5d53)<br />test@1-NUC8i7BEH:~/SIMtrace/simtrace2/host/src$ sudo ./simtrace2-sniff <br />simtrace2-sniff - Phone-SIM card communication sniffer <br />(C) 2010-2017 by Harald Welte <<a class="email" href="mailto:laforge@gnumonks.org">laforge@gnumonks.org</a>><br />(C) 2018 by Kevin Redon <<a class="email" href="mailto:kredon@sysmocom.de">kredon@sysmocom.de</a>></p>
<p>Using USB device 1d50:60e3 Addr=6, Path=1-4, Cfg=1, Intf=0, Alt=0: 255/1/0 (SIMtrace Sniffer)<br />Entering main loop<br />Card state change: reset de-asserted<br />Card state change: reset asserted<br />Card state change: reset de-asserted<br />Card state change: reset asserted<br />Card state change: reset de-asserted<br />Card state change: reset asserted, reset de-asserted<br />Card state change: reset asserted, reset de-asserted<br />Card state change: reset asserted, reset de-asserted<br />Card state change: reset asserted, reset de-asserted<br />Card state change: reset asserted, reset de-asserted<br />Card state change: reset asserted, reset de-asserted<br />Card state change: reset asserted<br />Card state change: reset de-asserted<br />^Ctest@1-NUC8i7BEH:~/SIMtrace/simtrace2/host/src$ sudo ./simtrace2-sniff <br />simtrace2-sniff - Phone-SIM card communication sniffer <br />(C) 2010-2017 by Harald Welte <<a class="email" href="mailto:laforge@gnumonks.org">laforge@gnumonks.org</a>><br />(C) 2018 by Kevin Redon <<a class="email" href="mailto:kredon@sysmocom.de">kredon@sysmocom.de</a>></p>
<p>Using USB device 1d50:60e3 Addr=6, Path=1-4, Cfg=1, Intf=0, Alt=0: 255/1/0 (SIMtrace Sniffer)<br />Entering main loop<br />Card state change: reset de-asserted<br />Card state change: reset asserted<br />Card state change: reset de-asserted<br />Card state change: reset asserted<br />Card state change: reset de-asserted<br />Card state change: reset asserted<br />Card state change: reset de-asserted<br />Card state change: reset asserted<br />^Ctest@1-NUC8i7BEH:~/SIMtrace/simtrace2/host/src$ <br />------------------------------------------------</p> SIMtrace 2 - Bug #5578 (Stalled): osmo-remsim-client-st2 hangs after usb-reset without power loss...https://osmocom.org/issues/55782022-06-15T21:50:45Zroh
<p>in case of a osmo-remsim-client-st2 session which gets restarted after being stopped by a usb-disconnect<br /> (terminates with "DST2 FATAL user_simtrace2.c:221 USB IN transfer failed, status=1" as expected)</p>
<p>osmo-remsim-client-st2 gets stuck and then terminates after some time:</p>
<pre>
root@raspberrypi:~# /usr/bin/osmo-remsim-client-st2 -i 10.15.1.135 -V 1d50 -P 4004 -C 1 -I 0 -H 1-1.3.1 -c 1 -n 0
DRSPRO INFO ../rspro_client_fsm.c:307 RSPRO_CLIENT(server){REESTABLISH}: Creating TCP connection to server at 10.15.1.135:9998
DLINP NOTICE simtrace2_api.c:267 [0] <= osmo_st2_cardem_request_config(features=00000001)
DLINP NOTICE input/ipa.c:128 10.15.1.135:9998 connection done
DRSPRO NOTICE ../rspro_client_fsm.c:125 RSPRO_CLIENT(server){REESTABLISH}: RSPRO link to 10.15.1.135:9998 UP
DRSPRO INFO ../rspro_client_fsm.c:307 RSPRO_CLIENT(bankd){REESTABLISH}: Creating TCP connection to server at 10.15.1.135:9999
DLINP NOTICE input/ipa.c:128 10.15.1.135:9999 connection done
DRSPRO NOTICE ../rspro_client_fsm.c:125 RSPRO_CLIENT(bankd){REESTABLISH}: RSPRO link to 10.15.1.135:9999 UP
DLINP NOTICE simtrace2_api.c:168 [0] <= osmo_st2_cardem_request_card_insert(inserted=1)
DLINP NOTICE simtrace2_api.c:317 [0] <= _modem_sim_select(remote_sim=1)
DLINP NOTICE simtrace2_api.c:250 [0] <= osmo_st2_cardem_request_set_atr(3b 00 )
DLINP NOTICE simtrace2_api.c:285 [0] <= _modem_reset(asserted=2, pulse_ms=300)
DLINP NOTICE simtrace2_api.c:250 [0] <= osmo_st2_cardem_request_set_atr(3b 9f 96 80 1f 87 80 31 e0 73 fe 21 1b 67 4a 4c 75 30 34 05 4b a9 )
DST2 INFO user_simtrace2.c:65 SIMtrace => PTS req: ff 10 96 79 00 00
...
<modem starts, usb enumeration of serials/wwlan>
...
USB OUT transfer failed, status=2
</pre>
<p>later restarts remain the same in behaviour but a bit different in output:</p>
<pre>
root@raspberrypi:~# /usr/bin/osmo-remsim-client-st2 -i 10.15.1.135 -V 1d50 -P 4004 -C 1 -I 0 -H 1-1.3.1 -c 1 -n 0
DRSPRO INFO ../rspro_client_fsm.c:307 RSPRO_CLIENT(server){REESTABLISH}: Creating TCP connection to server at 10.15.1.135:9998
DLINP NOTICE simtrace2_api.c:267 [0] <= osmo_st2_cardem_request_config(features=00000001)
DLINP NOTICE input/ipa.c:128 10.15.1.135:9998 connection done
DRSPRO NOTICE ../rspro_client_fsm.c:125 RSPRO_CLIENT(server){REESTABLISH}: RSPRO link to 10.15.1.135:9998 UP
DRSPRO INFO ../rspro_client_fsm.c:307 RSPRO_CLIENT(bankd){REESTABLISH}: Creating TCP connection to server at 10.15.1.135:9999
DLINP NOTICE input/ipa.c:128 10.15.1.135:9999 connection done
DRSPRO NOTICE ../rspro_client_fsm.c:125 RSPRO_CLIENT(bankd){REESTABLISH}: RSPRO link to 10.15.1.135:9999 UP
DLINP NOTICE simtrace2_api.c:168 [0] <= osmo_st2_cardem_request_card_insert(inserted=1)
DLINP NOTICE simtrace2_api.c:317 [0] <= _modem_sim_select(remote_sim=1)
DLINP NOTICE simtrace2_api.c:250 [0] <= osmo_st2_cardem_request_set_atr(3b 00 )
DLINP NOTICE simtrace2_api.c:285 [0] <= _modem_reset(asserted=2, pulse_ms=300)
DLINP NOTICE simtrace2_api.c:250 [0] <= osmo_st2_cardem_request_set_atr(3b 9f 96 80 1f 87 80 31 e0 73 fe 21 1b 67 4a 4c 75 30 34 05 4b a9 )
USB OUT transfer failed, status=2
</pre>
<p>please note that the modem does not seem to reboot on later restarts of osmo-remsim-client-st2, which is odd.</p>
<p>osmo-remsim-client version 1.0.0.18-f5f5<br />qmod firmware 0.8.1.33-9088</p>
<p>osmo-remsim-bankd version 1.0.0.18-f5f5<br />osmo-resmim-server version 1.0.0.18-f5f5</p>
<p>maybe this is a rerun of <a class="issue tracker-1 status-7 priority-1 priority-lowest" title="Bug: osmo-remsim-client-st2 (or firmware?) gets stuck on PTS (Stalled)" href="https://osmocom.org/issues/4409">#4409</a></p>
<p>for this test the server/bankd were on x86_64 and the client was on armv7l (rpi) but i don't think it matters.<br />i have also tried a older qmod firmware (0.7.0.57-f46d) for comparison but i can see no difference in behavior.</p>
<p>please note that i could not reproduce this issue with a modem on st34, only on st12. i suspect it has to do with st12 staying powered all the time and not reset/rebooted on usb-connect properly somehow.</p>
<p>this may as well be a firmware issue on the qmod.</p> SIMtrace 2 - Bug #5464 (In Progress): cardem firmware unable to attach to cardhttps://osmocom.org/issues/54642022-02-21T19:07:57Zk_o_
<p>I'm using a Nexus 5 phone. I have a permanent problem that the remote SIM cannot be attached. I always see several RESETs after the phone is restarted. The trace firmware together with the command line works. The adapter cable is in a prepared SIM tray and works. What could be the issue?</p>
<pre>
simtrace2-cardem-pcsc --usb-vendor 1d50 --usb-product 60e3 --usb-path 2-1.4 --usb-config 1 -n 2
simtrace2-cardem-pcsc - Using PC/SC reader as SIM
(C) 2010-2020, Harald Welte <laforge@gnumonks.org>
(C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
<0002> simtrace2_api.c:267 [0] <= osmo_st2_cardem_request_config(features=00000001)
<0002> simtrace2_api.c:168 [0] <= osmo_st2_cardem_request_card_insert(inserted=1)
<0002> simtrace2_api.c:317 [0] <= _modem_sim_select(remote_sim=1)
<0002> simtrace2_api.c:250 [0] <= osmo_st2_cardem_request_set_atr(3b 9f 96 80 1f c7 80 31 e0 73 f6 21 13 67 56 03 27 00 89 01 02 28 )
<0002> simtrace2_api.c:284 [0] <= _modem_reset(asserted=2, pulse_ms=300)
Entering main loop
-> 01 08 00 00 00 00 0d 00 01 00 00 00 00
SIMtrace IRQ 01 04 00 00 00 00 15 00 00 00 00 00 00 00 01 01 0a 80 25 00 00
SIMtrace IRQ STATUS: flags=0x0, fi=1, di=1, wi=10 wtime=9600 ()
SIMtrace IRQ 01 04 00 00 00 00 15 00 10 00 00 00 00 00 01 01 0a 80 25 00 00
SIMtrace IRQ STATUS: flags=0x10, fi=1, di=1, wi=10 wtime=9600 (RESET )
SIMtrace IRQ 01 04 00 00 00 00 15 00 00 00 00 00 00 00 01 01 0a 80 25 00 00
SIMtrace IRQ STATUS: flags=0x0, fi=1, di=1, wi=10 wtime=9600 ()
SIMtrace IRQ 01 04 00 00 00 00 15 00 10 00 00 00 00 00 01 01 0a 80 25 00 00
SIMtrace IRQ STATUS: flags=0x10, fi=1, di=1, wi=10 wtime=9600 (RESET )
</pre> SIMtrace 2 - Bug #5419 (Stalled): cardem errors with higher baud ratehttps://osmocom.org/issues/54192022-01-25T18:27:00Zlaforge
Setup is as follows:
<ul>
<li>sysmoISIM-SJA2 in built-in CCID reader of my Thinkpad x260</li>
<li>SIMtrace2 with cardem firmware 'master' (0.8.1.7-ea9a) hooked up via FPC to</li>
<li>CCID reader "Identive CLOUD 2700 F" </li>
<li><code>simtrace2-cardem-pcsc</code> to forward request from IdentiveCCID -> SIMtrace -> st2-cardem-pcsc -> builtin-CCID</li>
</ul>
<p>This works fine with F/D ratio 372, and also works fine in most cases with F/D ratio 16.</p>
<p>However, sometimes with ratio 16, things break down at some point.</p>
<a name="log-output-of-cardem-firmware"></a>
<h2 >log output of cardem firmware<a href="#log-output-of-cardem-firmware" class="wiki-anchor">¶</a></h2>
<pre>
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 b2 9d 04 22
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 a4 00 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
-I- 0: send_tpdu_header: 00 c0 00 00 23
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 b2 9e 04 22
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 a4 00 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
-I- 0: send_tpdu_header: 00 c0 00 00 23
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 b2 9f 04 22
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 a4 00 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
-I- 0: send_tpdu_header: 00 c0 00 00 23
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 b2 a0 04 22
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 a4 00 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
-I- 0: send_tpdu_header: 00 c0 00 00 23
-I- 0: flush_rx_buffer (5)
N-I- 0: send_tpdu_header: 00 b2 a1 04 22
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 00 a4 00 04 02
-I- 0: flush_rx_buffer (5)
-I- 0: flush_rx_buffer (2)
N-I- 0: send_tpdu_header: 00 c0 00 00 60
-I- 0: flush_rx_buffer (5)
-I- 0: send_tpdu_header: 02 00 a4 00 04
-I- 0: flush_rx_buffer (5)
</pre>
two things noticable:
<ul>
<li>the 'N' being printed by card_emu as waiting time extension</li>
<li>the last TPDU header <code>02 00 a4 00 04</code> doesn't look like a TPDU header: The 02 seems wrong, the TPDU likely starts with <code>00 a4</code>.</li>
</ul>
<a name="situation-on-Identive-CCID-reader-side"></a>
<h2 >situation on "Identive CCID reader" side<a href="#situation-on-Identive-CCID-reader-side" class="wiki-anchor">¶</a></h2>
<p>pySim-shell "export" shows:<br /><pre>
update_record 159 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
update_record 160 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
update_record 161 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
# bad file: MF/DF.TELECOM/EF.ADN, Failed to transmit with protocol T0. Transaction failed.
EXCEPTION of type 'RuntimeError' occurred with message: '6881: Functions in CLA not supported - Logical channel not supported'
To enable full traceback, run the following command: 'set debug true'
</pre></p>
<a name="simtrace2-cardem-pcsc"></a>
<h2 >simtrace2-cardem-pcsc<a href="#simtrace2-cardem-pcsc" class="wiki-anchor">¶</a></h2>
<pre>
=> DATA: flags=2, 6f 3a : SW=0x6123, len_rx=0
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 c0 00 00 23
=> DATA: flags=1, 00 c0 00 00 23 : SW=0x9000, len_rx=35
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 b2 9d 04 22
=> DATA: flags=1, 00 b2 9d 04 22 : SW=0x9000, len_rx=34
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 a4 00 04 02
=> DATA: flags=1, 00 a4 00 04 02 : -> 01 06 00 00 00 00 10 00 02 00 00 00 02 00 6f 3a
=> DATA: flags=2, 6f 3a : SW=0x6123, len_rx=0
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 c0 00 00 23
=> DATA: flags=1, 00 c0 00 00 23 : SW=0x9000, len_rx=35
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 b2 9e 04 22
=> DATA: flags=1, 00 b2 9e 04 22 : SW=0x9000, len_rx=34
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 a4 00 04 02
=> DATA: flags=1, 00 a4 00 04 02 : -> 01 06 00 00 00 00 10 00 02 00 00 00 02 00 6f 3a
=> DATA: flags=2, 6f 3a : SW=0x6123, len_rx=0
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 c0 00 00 23
=> DATA: flags=1, 00 c0 00 00 23 : SW=0x9000, len_rx=35
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 b2 9f 04 22
=> DATA: flags=1, 00 b2 9f 04 22 : SW=0x9000, len_rx=34
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 a4 00 04 02
=> DATA: flags=1, 00 a4 00 04 02 : -> 01 06 00 00 00 00 10 00 02 00 00 00 02 00 6f 3a
=> DATA: flags=2, 6f 3a : SW=0x6123, len_rx=0
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 c0 00 00 23
=> DATA: flags=1, 00 c0 00 00 23 : SW=0x9000, len_rx=35
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 b2 a0 04 22
=> DATA: flags=1, 00 b2 a0 04 22 : SW=0x9000, len_rx=34
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 a4 00 04 02
=> DATA: flags=1, 00 a4 00 04 02 : -> 01 06 00 00 00 00 10 00 02 00 00 00 02 00 6f 3a
=> DATA: flags=2, 6f 3a : SW=0x6123, len_rx=0
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 c0 00 00 23
=> DATA: flags=1, 00 c0 00 00 23 : SW=0x9000, len_rx=35
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 b2 a1 04 22
=> DATA: flags=1, 00 b2 a1 04 22 : SW=0x9000, len_rx=34
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 a4 00 04 02
=> DATA: flags=1, 00 a4 00 04 02 : -> 01 06 00 00 00 00 10 00 02 00 00 00 02 00 6f 3a
=> DATA: flags=2, 6f 3a : SW=0x6123, len_rx=0
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 00 c0 00 00 60
=> DATA: flags=1, 00 c0 00 00 60 : SW=0x6c23, len_rx=0
-> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 02 00 a4 00 04
<0000> apdu_dispatch.c:112 Unknown APDU case 0
=> DATA: flags=1, 02 00 a4 00 04 : SW=0x6881, len_rx=0
</pre>
<p>it also agrees that this last APDU is somehow wrong and cannot determine the APDU case.</p>
<a name="USB-communication"></a>
<h2 >USB communication<a href="#USB-communication" class="wiki-anchor">¶</a></h2>
<p>last message from SIMtrace to host is "RX DATA" with header flag set and 0200a40004. The card still responds with SW 6881 to that, as obviously the APDU header is invalid.</p>
<p><img src="https://osmocom.org/attachments/download/4852/wireshark.png" alt="" /></p> SIMtrace 2 - Bug #5415 (New): cardem: watchdog triggers firmware resethttps://osmocom.org/issues/54152022-01-24T15:18:49Zlynxis
<p>While testing the cardem firmware on a owhw board with a script, the watchdog resets the board from time to time (2-4 times while doing 50 test runs).<br />When the watchdog triggers, the userspace application also exits because the USB transfer errors with a stall (bulk transfer).</p>
<p>bootloader version: 87f8de15 (based on ea9a91f5c)<br />app: 87f8de15 (based on ea9a91f5c)<br />I've pushed this version to lynxis/wip.</p>
<p>The test look like this pseudo c code<br /><pre>
for(i=0; i<50; i++) {
reset_modem();
for (j=0; j<5; j++) {
if (get_imsi() == 0)
break;
}
}
</pre></p> SIMtrace 2 - Bug #4430 (New): firmware can get in endless out-of-memory loop on OUT EP floodhttps://osmocom.org/issues/44302020-03-01T15:06:25Zlaforge
<p>When flooding the OUT EP with too many messages, the firmware can get into an OOM situation from which it doesn't recover anymore. All it will do is print the below messages:</p>
<pre>
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
-E- _talloc_zero() out of memory!
</pre>
<p>I'm currently reproducing this with a test case that sends 1000 bogus OUT EP transfers to the device.</p> SIMtrace 2 - Bug #4118 (New): VCC_PHONE strong pull on SIMtrace boardhttps://osmocom.org/issues/41182019-07-18T11:54:10Ztsaitgaist
<p>A complex behavior I identified while testing card emulation:<br />- although the phone does not power the card (the SIMtrace board, v1.4) through VCC_PHONE, VCC_PHONE was at 3.2V (after power up)<br />- VCC_PHONE should be pulled down by R19 (100k resistor)<br />- VCC_PHONE is also connected to the FLAGB output of the FPF2109. but this output is only an open-drain (can't drive high), and connected through a 100k resistor R22 (driving high could not be strong enough to set VCC_PHONE to 3.2V)<br />- when VCC_PHONE is briefly shorted to ground (pulling low with less than 1kR), VCC_PHONE then goes and stays at 0.6V</p>
<p>the issue comes from the FPF2109.<br />VCC_PHONE is connected to VIN, which should only be an input. VCC_SIM is connected to VOUT, which should only be an output.<br />VCC_SIM is also the output of the AP7332 voltage regulator.<br />the output from AP7332 goes in FPF2109 as VCC_SIM, through the FPF2109 internal MOSFET body diode (presumably), back out to VCC_PHONE.<br />the FPF2109 has an internal reverse blocking mechanism. this is probably kicking in when VIN is shorted to ground. 0.6V still pass through.</p>
<p>this is an issue because holding VCC_PHONE high prevents the firmware to properly detect activation (power up) and cold reset of the card.<br />some card readers pull/drive VCC low (omnikey 6321), but I'm not sure all modems do.</p>
<p>TODOs:<br />- R22 is not needed and can be removed (the FLAGB output is not used)<br />- the R19 pull down resistor is also not needed since R20+R21 (resistor divider) already form a 20k pull down resistor<br />- ensure the on-board regulator for VCC_SIM is switched off<br />- switching the regulator off would prevent using SIMtrace as independent card reader while card emulation is used (this is not an issue for MitM since the phone powers the card when needed)<br />- better find out/test how the reverse current protection works</p> UmTRX - Feature #3747 (New): LMS6002D RX Gain Controlhttps://osmocom.org/issues/37472019-01-08T02:53:19Zjahredibanez
<p>Hi, with OSMO Rx-Gain Setting for UmTRX</p>
<p>osmotrx rx-gain <0-50><br />Set the receiver gain (configured in the hardware) in dB</p>
<p>LMS6002D Transceiver has gain blocks for RXLNA, RXVGA1, RXLPF, and RXVGA2.</p>
<p>which block does this setting change? and how does it change these values?</p> SIMtrace 2 - Bug #3379 (Stalled): documentation on how to use SIMtrace2https://osmocom.org/issues/33792018-07-04T16:10:36Zlaforge
<p>the wiki in the SIMtrace2 redmine project currently only documents flashing, but there should of course be good information on how to use the host tools in order to run the complete system.</p> Z-Netz - Feature #2814 (New): Create + Document classic CrossPoint setup on DOS (dosemu)https://osmocom.org/issues/28142018-01-01T13:41:48ZlaforgeZ-Netz - Feature #2813 (New): Create + Document OpenXP setup on Linuxhttps://osmocom.org/issues/28132018-01-01T13:41:26ZlaforgeZ-Netz - Bug #2809 (New): Build ZConnect <-> UseNet gatewayhttps://osmocom.org/issues/28092018-01-01T13:09:32Zlaforge
<p>possibly looking at <a class="external" href="https://www.daneben.de/odoconnect.html">https://www.daneben.de/odoconnect.html</a> as a tool</p> Z-Netz - Bug #2808 (New): Create + Document VM/emulation setup for running ZERBERUShttps://osmocom.org/issues/28082018-01-01T13:09:06ZlaforgeZ-Netz - Bug #2807 (Stalled): Obtain ZERBERUS software build[s] and manual[s]https://osmocom.org/issues/28072018-01-01T13:08:48Zlaforge
<p>I've sent mail to padeluun + rena about this.</p> UUCP and UseNet - Feature #2806 (New): Create Dockerfile and/or ansible playbook for UseNet nodehttps://osmocom.org/issues/28062018-01-01T13:04:27Zlaforge
<p>Should be possible using stock debian packages for taylor UUCP, inn2, exim, ...</p> UmTRX - Feature #1518 (New): Upper limit of the clock is too lowhttps://osmocom.org/issues/15182016-02-19T22:52:49Z
<p>Upper limit of the clock is too low.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1517 (New): U_FL (UMC) connectors are not reliable after few connectionshttps://osmocom.org/issues/15172016-02-19T22:52:49Z
<p>U_FL (UMC) connectors are not reliable after few connections.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1516 (New): There are no port to control external equipment like PAhttps://osmocom.org/issues/15162016-02-19T22:52:49Z
<p>There is no port to control external equipment such as a PA.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1515 (New): Heat dissipation and mounting issuehttps://osmocom.org/issues/15152016-02-19T22:52:49Z
<p>Heat dissipation and mounting issue.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Bug #1505 (New): OHM4 footprint incorrecthttps://osmocom.org/issues/15052016-02-19T22:52:48Z
<p>OHM4 footprint incorrect.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1510 (New): Complete UHD integrationhttps://osmocom.org/issues/15102016-02-19T22:52:48Z
<p>Complete UHD integration.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1509 (New): Store calibration values in EEPROMhttps://osmocom.org/issues/15092016-02-19T22:52:48Z
<p>Store calibration values in EEPROM.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1508 (New): Implement UmSEL diversity switch controlhttps://osmocom.org/issues/15082016-02-19T22:52:48Z
<p>Implement <a class="wiki-page new" href="https://osmocom.org/projects/umtrx/wiki/UmSEL">UmSEL</a> diversity switch control.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1507 (New): Implement UmSEL tuner controlhttps://osmocom.org/issues/15072016-02-19T22:52:48Z
<p>Implement <a class="wiki-page new" href="https://osmocom.org/projects/umtrx/wiki/UmSEL">UmSEL</a> tuner control.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1506 (New): Move to the latest stable UHDhttps://osmocom.org/issues/15062016-02-19T22:52:48Z
<p>Move to the latest stable UHD.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1511 (New): Solve Tx and Rx I/Q imbalance for wideband signalshttps://osmocom.org/issues/15112016-02-19T22:52:48Z
<p>Solve Tx and Rx I/Q imbalance for wideband signals.</p>
<p>[Migrated from old Google Code tracker]</p> UmTRX - Feature #1504 (New): LMS6002 phase error increases when Rx is enabled and varies with tem...https://osmocom.org/issues/15042016-02-19T22:52:47Z
<p>LMS6002 phase error increases when Rx is enabled and varies with temperature.</p>
<p>[Migrated from old Google Code tracker]</p>