Project

General

Profile

Actions

TerminalProfile » History » Revision 1

Revision 1/6 | Next »
tsaitgaist, 02/19/2016 10:49 PM
defined + 1 entry


Using [wiki:SIMtrace], you can sniff the initial communication between a 3G phone and a USIM is order to get the phone terminal profile (it should even be before the PIN check).
It is also decoded in wireshark.

The terminal profile CAT command header (CLA=80, INS=10, P1=00, P2=00) is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102221/ ETSI TS 102 221] §11.2.1.
The terminal profile CAT command body is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102223/ ETSI TS 102 223] §5.2.
It tells the USIM what it can do on the phone.

You can post here the data in order to make a database of which phone is capable of what. * TAC = first 8 digits of IMEI * firmware = any information about the software running in the basband * terminal profile = only the data bytes * example: 8010000011XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX910f, 80100000 is the header, 11 are the number of data bytes following (in hex), XX are the important data bytes, 910f are the status words/bytes

brand model TAC firmware terminal profile
Sony Ericsson K800i 35399601 CXC1722434_TEMS R2B fff7ffff7f0f00df7f00001f2203104603
Files (0)

Updated by tsaitgaist about 8 years ago · 1 revisions

Add picture from clipboard (Maximum size: 48.8 MB)