RebelSIM Scanner » History » Version 2
laforge, 02/19/2016 10:48 PM
add page outline and picture of scanner
| 1 | 2 | laforge | [[PageOutline]] |
|---|---|---|---|
| 2 | 1 | laforge | = Rebel Simcard Scanner = |
| 3 | |||
| 4 | 2 | laforge | The Rebel Simcard folks are selling a relatively inexpensive device for generating SIM card traces as ''Simcard Scanner''. |
| 5 | |||
| 6 | [[Image(rebelsim-scanner.jpg)]] |
||
| 7 | |||
| 8 | You can find the full kit for less than USD 25 at the |
||
| 9 | 1 | laforge | [http://rebelsimcard.com/virtu/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=194&category_id=339&option=com_virtuemart&Itemid=1 Rebelsimcard shop]. |
| 10 | |||
| 11 | == Hardware architecture == |
||
| 12 | |||
| 13 | The Scanner has one small plug-in SIM sized slot and one full-size (ISO 7816-1) slot for your actual simcard. |
||
| 14 | |||
| 15 | It also has a small socket for a FPC cable that goes to a small PCB in the size of a plug-in sim. |
||
| 16 | |||
| 17 | You put the FPC-attached PCB into your phone (instead of the SIM card) and put the actual SIM inside the Scanner. |
||
| 18 | |||
| 19 | Furthermore, you connect it via the USB-B connector to your PC. |
||
| 20 | |||
| 21 | The I/O line of the SIM card is wired to the RxD pin (5) of the FT232RL on the Scanner. Unfortunately, the CLK |
||
| 22 | line is not connected, and neither can the device serve as a proxy between SIM and phone. |
||
| 23 | |||
| 24 | However, by using the FT232 synchronous bit-banging mode, it is possible to obtain samples of the I/O line, decoding |
||
| 25 | the actual T=0 (or with some SIM cards + phones T=1) protocol. |
