Wiki » History » Revision 12
Revision 11 (tsaitgaist, 07/10/2018 04:11 PM) → Revision 12/44 (tsaitgaist, 07/10/2018 06:43 PM)
h1. Osmocom SIMtrace 2 Osmocom SIMtrace 2 is a software, firmware and hardware system for passively tracing SIM-ME communication between the SIM card and the mobile phone, and remote SIM operation. While it was designed for SIM-ME communication, it supports all ISO 7816 smart-cards using the T=0 protocol (the most common case). It is a followup of the "SIMtrace project":/project/simtrace/Wiki, project:simtrace, providing more functionalities (e.g. remote SIM operation) and supporting multiple boards (e.g. SIMtrace with SAM3S, "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html). h2. Hardware The SIMtrace 2 firmware supports several boards. The firmware is written for an "ATSAM3S4B":https://www.microchip.com/wwwproducts/en/ATSAM3S4B micro-controller. Note: The SAM3S is meanwhile labelled as _not recommended for new designs_ by Atmel. However, there are plenty of hardware and software compatible upgrade options, including SAM4S. The upgrade is possible SAM4S, in the future. h3. SIMtrace v2 2 !{width:20%}simtrace-board-mini.jpg! The main purpose of this board is to sniff the communication between a phone and a SIM card (or any card reader and smart-card). This is the same circuit board as the previous "SIMtrace v1":/project/simtrace/wiki/SIMtrace_Hardware, 1":/project/simtrace/wiki/SIMtrace_Hardware, with the exception that the "ATSAM3S4B":https://www.microchip.com/wwwproducts/en/ATSAM3S4B micro-controller replaces the old "AT91SAM7S64":https://www.microchip.com/wwwproducts/en/AT91SAM7S64. Since the SAM3S is pin compatible with the SAM7S, any SIMtrace v1 1 board can be converted into a SIMtrace v2 2 board simply by replacing the micro-controller. Note: This hardware is "open source":https://git.osmocom.org/simtrace/tree/hardware. h3. sysmoQMOD !{width:25%}sysmoqmod.png! The SAM3S micro-controller with SIMtrace 2 firmware is also used on the "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html board to provide remote SIM operation capabilities. Note: This hardware is not open source. h2. Firmware The SIMtrace 2 firmware source code is available in "git":https://git.osmocom.org/simtrace2/. It is currently under active development and we recommend to [[Flashing|flash]] the new firmware images to profit from the latest bug fixes and added functionalities. The SIMtrace 2 firmware is a complete rewrite and *can only be flashed on hardware with SAM3S* ARM Cortex-M3-based micro-controllers. *The SIMtrace 2 firmware is not compatible with the older "SIMtrace v1":/project/simtrace/wiki/SIMtrace_Hardware 1":/project/simtrace/wiki/SIMtrace_Hardware using SAM7S ARM7TDMI-based micro-controllers.* h3. trace sniffer The trace application sniffer firmware allow to sniff the communication between a phone and a SIM card (or any card reader and smart-card). It is intended for the [[Wiki#SIMtrace v2|SIMtrace v2 2|SIMtrace 2 hardware]] and its function is analog to the "SIMtrace v1":/projects/simtrace/wiki/SIMtrace_Firmware. 1":/projects/simtrace/wiki/SIMtrace_Firmware. The sniffing is completely passive. It uses the RST, ATR, PPS (baud rate tested with F/D up to 512/32), and WT (waiting timeout) to properly parse the ISO 7816-3 TPDUs. Currently only the T=0 protocol is supported since this is the most common protocol used (we haven't seen T=1 in use). !{width:25%}simtrace_and_phone.jpg! The application firmware to be flashed using [[Flashing#DFU|DFU]] is attachment:simtrace-trace-dfu.bin. It corresponds to the @trace@ app in the source code. h2. Flashing The [[Wiki#Firmware|firmware images]] can be flashed as described [[Flashing|here]]. h2. Development To compile the firmware using the source code, or participate in the development, please refer to the instructions provided in the "README":https://git.osmocom.org/simtrace2/tree/firmware/README.txt . h2. Host PC Software TODO