SIMtrace Hardware » History » Version 24
tsaitgaist, 02/19/2016 10:49 PM
v2.0 outline
1 | 1 | laforge | [[PageOutline]] |
---|---|---|---|
2 | = Osmocom SIMtrace Hardware = |
||
3 | |||
4 | 7 | laforge | This page is dedicated to the Hardware for Osmocom [wiki:SIMtrace], which looks like this: |
5 | |||
6 | 3 | laforge | [[Image(simtrace_10_front.jpg, 33%)]] |
7 | 17 | laforge | [[Image(simtrace_connectors_scaled.png, 39%, align=right)]] |
8 | 1 | laforge | |
9 | 21 | tsaitgaist | STATUS: We have received the second batch of 100 units from the SMT factory, ready for the 28C3 (Version v1.1p) |
10 | 1 | laforge | |
11 | 9 | tsaitgaist | == Connectors == |
12 | |||
13 | * USB: USB mini-B connector. The main connector. The host software communicates (sniffing,...) through USB with the board. It can also be used to flash the micro-controller (using DFU). |
||
14 | * serial: 2.5 mm jack serial cable, as used by osmocomBB. port used to debug the device (printf goes there). |
||
15 | 18 | laforge | * debug (P3): same as serial, but using the FTDI serial cable. '''It is recommended to cut the voltage wire of the 6pin FTDI connector before plugging the cable into the simtrace.''' |
16 | 9 | tsaitgaist | * jtag (P1): JTAG 20 pin connector to do hardware assisted debugging. |
17 | * BT1: battery connector (4.5-6V DC). normally the USB provides power, but the battery port can be used for autonomous use of SIMtrace. The sniffing can be saved in the flash (U1). |
||
18 | * FFC_SIM (P3): to connect the flat flexible cable with SIM end for the phone. |
||
19 | * SIM (P4): put your SIM in there (instead of in the phone) |
||
20 | * reset (SW1): to reset the board (not erasing the firmware). If your are too lazy to unplug and re-plug the USB. |
||
21 | * bootloader (SW2): used to start the bootloader so to flash the device using DFU. press when plugging in the USB. |
||
22 | 19 | laforge | * test (JP1): short circuit using a jumper to flash using [wiki:SIMtrace/Firmware#EnteringtheSAM-BAmode SAM-BA]. |
23 | 9 | tsaitgaist | * erase (JP2): short circuit using a jumper to erase completely erase the firmware. |
24 | |||
25 | 4 | laforge | == Schematics, Gerber & Co == |
26 | |||
27 | 1 | laforge | The schematics, Gerber files, etc. can be found in the 'hardware' subdirectory of the simtrace.git repository: |
28 | * http://cgit.osmocom.org/cgit/simtrace/tree/hardware (web browsing |
||
29 | * git://git.osmocom.org/simtrace (git clone URL) |
||
30 | |||
31 | 2 | laforge | We're using Kicad as EDA tool. Most of the work on the schematics and Gerber files has been done by Kevin Redon, |
32 | 1 | laforge | based on the original design by Harald Welte. |
33 | 5 | laforge | |
34 | 1 | laforge | The latest schematics are also available as an attachment to this page. |
35 | |||
36 | 15 | laforge | == Interconnections == |
37 | |||
38 | The hardware schematics are very, very simple: |
||
39 | |||
40 | * Connect SIM-RST with PA7 |
||
41 | * Connect SIM-I/O with PA6(TXD0) and PA1(TIOB0) |
||
42 | * Connect SIM-CLK with PA2(SCK0) and PA4(TCLK0) |
||
43 | * Connect SIM-GND with GND |
||
44 | |||
45 | == Mode of operation == |
||
46 | |||
47 | The USART of the AT91SAM7S is capable of T=0. The documentation only mentions it in clock-master mode, like you |
||
48 | would run it in a smart card reader to actively talk to a smart card. However, by using the USART input clock multiplexer, |
||
49 | you can use an externally-generated CLK like the one from the SIM card socket of the phone. |
||
50 | |||
51 | Unfortunately, the Rx Timeout feature of the USART is not working in T=0 mode, so I had to re-implement Rx timeout (waiting time) |
||
52 | handling by means of the TC (timer/counter) block 0. Due to technical limitations, we will wait up to one byte (12 etu) more |
||
53 | than we should. |
||
54 | |||
55 | 1 | laforge | == Revisions == |
56 | 24 | tsaitgaist | |
57 | === v2.0 === |
||
58 | |||
59 | This is on going work. |
||
60 | The changes compared to v1.x are: |
||
61 | * ID-1 and ID-000 smart card slots (with presence detection): so to be able to also sniff credit card sized smart cards |
||
62 | * through hole USB Mini-B and Serial/Jack 2.5 connector: to be more robust |
||
63 | * properly support all smart card classes (A,B,C): better compatibility |
||
64 | * switch from AT91SAM7S to AT91SAM3S: it has more USB endpoints |
||
65 | * be able to forward voltage from phone to SIM or provide voltage from the board: ideal sniffer and reader |
||
66 | * use an microSD slot instead of built-on flash: easier data transfer |
||
67 | * a SWP sniffer (maybe) |
||
68 | 1 | laforge | |
69 | 23 | tsaitgaist | === v1.1p (1.1 Production branch) === |
70 | |||
71 | This is a slightly corrected version of the v1.0p. |
||
72 | |||
73 | Changes: |
||
74 | * a critical capacitor is near the LDO |
||
75 | * some other capacitors are nearer to the CPU |
||
76 | * some power traces are wider |
||
77 | * the SIM C6/VPP contact is also routed through the bus switch (sometimes used for Single Wire Protocol) |
||
78 | * sysmocom is added in the copper for legal reasons |
||
79 | * the FTDI Vcc is cut |
||
80 | |||
81 | Downloads: |
||
82 | * [attachment:simtrace_v11p_schematic.pdf] |
||
83 | * [attachment:simtrace_v11p_gerber.zip] |
||
84 | |||
85 | 7 | laforge | === v1.0p (1.0 Production branch) === |
86 | |||
87 | 20 | tsaitgaist | |
88 | [[Image(simtrace_v10p_front_mid.jpg, 33%)]] |
||
89 | |||
90 | 7 | laforge | This is identical to v1.0 on the schematics side, we simply altered the footprints of some components to accommodate |
91 | whatever the SMT factory had in stock. Specifically the LED are 0805 instead of 0603, and the shottky diodes are |
||
92 | in a slightly awkward looking very large package. |
||
93 | |||
94 | Downloads: |
||
95 | 22 | tsaitgaist | * [attachment:simtrace_v10p_schematic.pdf] |
96 | * [attachment:simtrace_v10p_gerber.zip] |
||
97 | 7 | laforge | |
98 | === v1.0 === |
||
99 | |||
100 | 20 | tsaitgaist | |
101 | [[Image(simtrace_10_front.jpg, 33%)]] |
||
102 | |||
103 | 7 | laforge | This is the first stable release. We built some 5 prototypes from this version. |
104 | |||
105 | Downloads: |
||
106 | 13 | laforge | * [attachment:simtrace_schem_v10.pdf] |
107 | * [attachment:simtrace_10_gerber.zip] |
||
108 | 7 | laforge | |
109 | === v0.9 === |
||
110 | |||
111 | 20 | tsaitgaist | |
112 | [[Image(simtrace_v09_top_mid.jpg, 33%)]] |
||
113 | |||
114 | 7 | laforge | As of June 04, 2011 the components had all arrived and four PCBs were in production. We assemble the first |
115 | 1 | laforge | units around June 14, 2011. |
116 | |||
117 | 7 | laforge | As of June 21st, we had four re-worked prototypes that are fully functional. |
118 | 1 | laforge | |
119 | 7 | laforge | === v0.8 === |
120 | 20 | tsaitgaist | |
121 | |||
122 | [[Image(simtrace_08_front_mid.jpg, 33%)]] |
||
123 | 1 | laforge | |
124 | 7 | laforge | Never really was an official release. However, a friend took the unfinished Gerber files and built 5 units. |
125 | 1 | laforge | |
126 | 7 | laforge | Since the Gerber was not finished, we had to do lots and lots of re-work in order to make them work at all. |
127 | |||
128 | 1 | laforge | == License == |
129 | |||
130 | Schematics and Gerber files are released under the Creative Commons CC-BY-SA (Share Alike / Attribution) license. |
||
131 | |||
132 | == Sales == |
||
133 | |||
134 | 12 | laforge | Sales started at the 2011 CCC Camp and the hardware can be bought through the web-shop of sysmocom GmbH ([http://shop.sysmocom.de/]) |
135 | 7 | laforge | |
136 | == Credits == |
||
137 | |||
138 | 8 | laforge | * Harald Welte |
139 | * Original project idea, schematic design |
||
140 | * Olimex SAM7-P64 based prototypes |
||
141 | * Firmware and host software |
||
142 | * Kevin Redon |
||
143 | * KiCAD work on schematics, footprints and routing |
||
144 | * Soldering of some prototypes |
||
145 | * [http://sysmocom.de/ sysmocom - systems for mobile communications GmbH] |
||
146 | * funding for hardware prototyping (PCB, components, etc) |
||
147 | * Christian Daniel |
||
148 | * post-production flashing + debugging, design + test of v1.0p rework |