Project

General

Profile

Cardem » History » Revision 4

Revision 3 (tsaitgaist, 09/17/2019 12:56 PM) → Revision 4/30 (tsaitgaist, 09/17/2019 12:57 PM)

{{>toc}} 

 h1. Cardem 

 Card emulation (cardem for short) is a firmware for the SIMtrace v2 board allowing to emulate cards (e.g. SIM). 
 You then can leave the card adapter cable in the reader (e.g. phone), and have the actual card outside. 
 This allows to easily change or reprogram the card without having to touch the phone. 

 This functionality is already implemented and working on sysmoQMOD board. 
 It is not also available for SIMtrace v2 boards. 
 *This is a beta firmware and still in development*. 
 See [[Cardem#Limitations|limitations]] for known limitations and issues. 

 h2. Flashing 

 You can download the beta firmware for the SIMtrace v2 board here: attachment:simtrace-cardem-flash.bin. 

 To flash the firmware on the board: 
 <pre> 
 dfu-util --device 1d50:60e3 --cfg 1 --alt 1 --reset --download simtrace-cardem-flash.bin 
 </pre> 

 For more details about the flashing procedure, read [[Flashing#SIMtrace2-board|this article]]. 

 h2. Software 

 With the cardem firmware, the SIMtrace v2 board mainly forwards the ISO 7816 card communication over USB. 
 A software on the host must receive the APDU requests and send the corresponding APDU response. 
 There are several software available to do that. 
 Since the USB messages are "specified":https://git.osmocom.org/simtrace2/tree/firmware/libcommon/include/simtrace_prot.h and the software is "open source":https://git.osmocom.org/simtrace2/tree/host, you could implement your own APDU handler. 

 h3. simtrace2-remsim 

 @simtrace2-remsim@ is the simplest solution. 
 If forwards the APDU request/response to/from a PCSC card reader. 

 To get @simtrace2-remsim@: 
 * Install required packages to compile the software: 
 <pre> 
 sudo apt-get install libusb-1.0-0-dev libosmocore-dev libpcsclite-dev 
 </pre> 
 * Get and compile the software: 
 <pre> 
 git clone git://git.osmocom.org/simtrace2.git 
 cd simtrace2/host/ 
 make 
 </pre> 

 To use @simtrace2-remsim@: 
 # power of phone 
 # insert card adapter cable into phone 
 # insert card adapter cable SIMtrace v2 board 
 # plug SIMtrace v2 board in host computer USB port 
 # connect external card reader to host (any USB CCID reader should do the job) 
 # install PCSC daemon (only need to be done once) 
 <pre> 
 sudo apt install pcscd 
 </pre> 
 # ensure the PCSC daemon is started 
 <pre> 
 sudo systemctl start pcscd 
 </pre> 
 # install tool to check reader status 
 <pre> 
 sudo apt install pcsc-tools 
 </pre> 
 # check if the card is detected by the reader (use CTRL-C to exit) 
 <pre> 
 pcsc_scan  

 Using reader plug'n play mechanism 
 Scanning present readers... 
 0: OMNIKEY 6321 CLi USB (OKCM0030506091345044320140749730) 00 00 
 
 Tue Sep 10 16:03:49 2019 
  Reader 0: OMNIKEY 6321 CLi USB (OKCM0030506091345044320140749730) 00 00 
   Event number: 0 
   Card state: Card inserted,  
   ATR: 3B 9F 94 80 1F C7 80 31 E0 73 FE 21 1B 67 01 00 00 04 4D 02 01 99 
 </pre> 
 # get SIMtrace USB path (this step will soon be not required anymore) 
 <pre> 
 dfu-util -l 

 ... 
 Found Runtime: [1d50:60e3] ver=0002, devnum=59, cfg=1, intf=1, path="1-2.2", alt=0, name="UNKNOWN", serial="UNKNOWN" 
 </pre> 
 # start @simtrace2-remsim@ with corresponding USB path (here 1-2.2) 
 <pre> 
 ./simtrace2-remsim --usb-vendor 1d50 --usb-product 60e3 --usb-path 1-2.2 --usb-config 1 

 (C) 2010-2017, Harald Welte <laforge@gnumonks.org> 
 (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de> 

 SCardEstablishContext: OK 

 SCardListReaders: OK 

 SCardConnect: OK 

 <- 01 05 00 00 00 00 09 00 01  
 <- 02 02 00 00 00 00 09 00 01  
 <= cardem_request_set_atr(3b 00 ) 
 <- 01 02 00 00 00 00 0b 00 02 3b 00  
 <- 02 01 00 00 00 00 0b 00 02 2c 01  
 Entering main loop 
 </pre> 
 # now you can power on the phone (only after @simtrace2-remsim@ is started since @simtrace2-remsim@ can't tell the phone a card has been inserted). you should also see some APDU traffic 
 <pre> 
 URB: 01 06 00 00 00 00 13 00 01 00 00 00 05 00 a0 a4 00 00 02  
 -> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 a0 a4 00 00 02  
 => DATA: flags=1, a0 a4 00 00 02 : CLA=a0 INS=a4 P1=00 P2=00 P3=02; case=4, lc=2(0), le=0(0) 
 <= cardem_request_pb_and_rx(a4, 2) 
 <- 01 01 00 00 00 00 0f 00 08 00 00 00 01 00 a4  
 URB: 01 06 00 00 00 00 10 00 02 00 00 00 02 00 7f 20  
 -> 01 06 00 00 00 00 10 00 02 00 00 00 02 00 7f 20  
 => DATA: flags=2, 7f 20 : CLA=a0 INS=a4 P1=00 P2=00 P3=02; case=4, lc=2(2), le=0(0) 
 TX: a0 a4 00 00 02 7f 20  
 SCardEndTransaction: OK 

 RX: 9f 17  
 SW=0x9f17, len_rx=0 
 <= cardem_request_sw_tx(9f 17) 
 <- 01 01 00 00 00 00 10 00 06 00 00 00 02 00 9f 17  
 URB: 01 06 00 00 00 00 13 00 01 00 00 00 05 00 a0 f2 00 00 17  
 -> 01 06 00 00 00 00 13 00 01 00 00 00 05 00 a0 f2 00 00 17  
 => DATA: flags=1, a0 f2 00 00 17 : CLA=a0 INS=f2 P1=00 P2=00 P3=17; case=2, lc=0(0), le=23(0) 
 TX: a0 f2 00 00 17  
 SCardEndTransaction: OK 
 </pre> 

 h2. Limitations 

 Here are the known limitations: 
 * there is no way for SIMtrace to tell the reader that a new card has been inserted. There is no specified way to do it (e.g. in ISO 7816 standard). This is generally done inside the reader hardware by a mechanical switch. The only way around is to restarted the reader (e.g. phone). 
 * the cardem is currently a separate firmware. it is planned to combine it with the trace firmware (the software will then select the right functionality) 
 * the firmware ignores the sent ATR (sent by the software, from the card to forward). this is to prevent the reader from switching to a yet untested baud rate 
 * the error messages returned by @simtrace2-remsim@ are not very useful 
 * @simtrace2-remsim@ does not automatically reconnect to the SIMtrace board when the hardware is reset 
 * you have to specify the USB path to @simtrace2-remsim@ 
 * no long term tests have been performed (this is already planned) 
 * you can't use the card reader built in SIMtrace 
 * @simtrace2-remsim@ does not send the APDU to GSMTAP over network so you can trace the traffic using wireshark 
 * @simtrace2-remsim-udp@ does not connect to SIMtrace v2 boards 

 We are currently working on resolving these issues. 
 If you found yet unknown issues, you can report them to the main developer at kredon AT sysmocom DOT de. 
 If possible, please also attach the corresponding debug serial output. To get the serial output, connect a USB to UART cable either to the 2.5 mm stereo headphone connector (tip = TX, ring = RX, sleeve = GND) or the nearby DEBUG port (pin 1 = GND, pin 4 = TX, pin 5 = RX). Open the serial port with the following configuration: 921600 8N1.
Add picture from clipboard (Maximum size: 48.8 MB)