Project

General

Profile

TerminalProfile » History » Version 3

tsaitgaist, 02/19/2016 10:49 PM
sw typo

1 1 tsaitgaist
Using [wiki:SIMtrace], you can sniff the initial communication between a 3G phone and a USIM is order to get the phone terminal profile (it should even be before the PIN check).
2
It is also decoded in wireshark.
3
4
The terminal profile CAT command header (CLA=80, INS=10, P1=00, P2=00) is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102221/ ETSI TS 102 221] §11.2.1.
5
The terminal profile CAT command body is defined in [http://www.etsi.org/deliver/etsi_ts/102200_102299/102223/ ETSI TS 102 223] §5.2.
6
It tells the USIM what it can do on the phone.
7
8
You can post here the data in order to make a database of which phone is capable of what.
9
 * TAC = first 8 digits of IMEI
10
 * firmware = any information about the software running in the basband
11
 * terminal profile = only the data bytes
12 3 tsaitgaist
 * example: 8010000011XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX9000, 80100000 is the header, 11 are the number of data bytes following (in hex), XX are the important data bytes, 9000 are the status words/bytes
13 1 tsaitgaist
14
||brand||model||TAC||firmware||terminal profile||
15 2 tsaitgaist
||Sony Ericsson||K800i||35399601||CXC1722434_TEMS R2B||{{{fff7ffff7f0f00df7f00001f2203104603}}}||
16
||Samsung||Nexus S||35503104||i9020XXKD1||{{{7f0affff1f000003940000000000000000400000}}}||
Add picture from clipboard (Maximum size: 48.8 MB)