RebelSIM Scanner » History » Version 1
laforge, 02/19/2016 10:48 PM
add page on RebelSIM Scanner
1 | 1 | laforge | = Rebel Simcard Scanner = |
---|---|---|---|
2 | |||
3 | The Rebel Simcard folks are selling a relatively inexpensive device for generating SIM card traces as ''Simcard Scanner''. You can find |
||
4 | the full kit for less than USD 25 at the |
||
5 | [http://rebelsimcard.com/virtu/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=194&category_id=339&option=com_virtuemart&Itemid=1 Rebelsimcard shop]. |
||
6 | |||
7 | == Hardware architecture == |
||
8 | |||
9 | The Scanner has one small plug-in SIM sized slot and one full-size (ISO 7816-1) slot for your actual simcard. |
||
10 | |||
11 | It also has a small socket for a FPC cable that goes to a small PCB in the size of a plug-in sim. |
||
12 | |||
13 | You put the FPC-attached PCB into your phone (instead of the SIM card) and put the actual SIM inside the Scanner. |
||
14 | |||
15 | Furthermore, you connect it via the USB-B connector to your PC. |
||
16 | |||
17 | The I/O line of the SIM card is wired to the RxD pin (5) of the FT232RL on the Scanner. Unfortunately, the CLK |
||
18 | line is not connected, and neither can the device serve as a proxy between SIM and phone. |
||
19 | |||
20 | However, by using the FT232 synchronous bit-banging mode, it is possible to obtain samples of the I/O line, decoding |
||
21 | the actual T=0 (or with some SIM cards + phones T=1) protocol. |