Wiki » History » Version 7
tsaitgaist, 06/18/2018 10:41 PM
1 | 1 | tsaitgaist | h1. Osmocom SIMtrace 2 |
---|---|---|---|
2 | |||
3 | Osmocom SIMtrace 2 is a software and hardware system for passively tracing SIM-ME communication between the SIM card and the mobile phone, and remote SIM operation. |
||
4 | |||
5 | It is a followup of the "SIMtrace project":https://osmocom.org/projects/simtrace/wiki/SIMtrace, providing more functionalities (e.g. remote SIM operation) and supporting multiple boards (e.g. SIMtrace with SAM3S, "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html). |
||
6 | |||
7 | h2. Hardware |
||
8 | |||
9 | The SIMtrace 2 firmware supports several boards. |
||
10 | The firmware is written for a "ATSAM3S4B":https://www.microchip.com/wwwproducts/en/ATSAM3S4B micro-controller, replacing the old "AT91SAM7S64":https://www.microchip.com/wwwproducts/en/AT91SAM7S64 used by "SIMtrace":https://osmocom.org/projects/simtrace/wiki/SIMtrace and not recommended for new designs. |
||
11 | |||
12 | Note: The SAM3S is now also marked as not recommended for new designs. |
||
13 | It can further be replaced by the pin-compatible SAM4S, in the future. |
||
14 | |||
15 | h3. SIMtrace |
||
16 | |||
17 | The SAM3S is pin compatible with the SAM7S. |
||
18 | This allows to continue using the same "SIMtrace":https://osmocom.org/projects/simtrace/wiki/SIMtrace_Hardware board, just by replacing the micro-controller. |
||
19 | |||
20 | Note: This hardware is open source. |
||
21 | |||
22 | h3. sysmoQMOD |
||
23 | |||
24 | The SAM3S micro-controller with SIMtrace 2 firmware is also used on the "sysmoQMOD":https://www.sysmocom.de/products/sysmoqmod/index.html board to provide remote SIM operation capabilities. |
||
25 | |||
26 | Note: This hardware is not open source. |
||
27 | |||
28 | h2. Firmware |
||
29 | |||
30 | The SIMtrace 2 firmware source code is available "here":https://git.osmocom.org/simtrace2/ but is still under development. |
||
31 | Once ready binary files will also be released. |
||
32 | |||
33 | 2 | tsaitgaist | The SIMtrace 2 firmware is a complete rewrite and can only be flashed on hardware with SAM3S ARM Cortex-M3-based micro-controllers. |
34 | It is not compatible with the older "SIMtrace hardware":https://osmocom.org/projects/simtrace/wiki/SIMtrace_Hardware using SAM7S ARM7TDMI-based micro-controllers. |
||
35 | 1 | tsaitgaist | |
36 | h3. Flashing |
||
37 | |||
38 | 3 | tsaitgaist | h4. DFU |
39 | |||
40 | SIMtrace 2 comes with a USB DFU bootloader pre-installed which allows to flash the application firmware over USB using the @dfu-util@ utility. |
||
41 | |||
42 | To get @dfu-util@: |
||
43 | <pre> |
||
44 | sudo apt-get install dfu-util |
||
45 | </pre> |
||
46 | |||
47 | |||
48 | To flash the firmware: |
||
49 | <pre> |
||
50 | 5 | tsaitgaist | sudo dfu-util --device 1d50:60e3 --cfg 1 --alt 1 --reset --download ./bin/simtrace-trace-dfu.bin |
51 | 3 | tsaitgaist | </pre> |
52 | |||
53 | To prevent using @sudo@ in order to use @dfu-util@ on SIMtrace 2, grant access permission to the USB device to the current user: |
||
54 | <pre> |
||
55 | # create osmocom group |
||
56 | sudo groupadd osmocom |
||
57 | # add current user to osmocom group (user needs to re-login for this change to take effect) |
||
58 | sudo adduser $USERNAME osmocom |
||
59 | # grant access permission to SIMtrace 2 for osmocom group |
||
60 | sudo tee -a /etc/udev/rules.d/10-osmocom.rules << EOF |
||
61 | # SIMtrace 2 |
||
62 | SUBSYSTEM=="usb", ATTRS{idVendor}=="1d50", ATTR{idProduct}=="60e3", MODE="0660", GROUP="osmocom" |
||
63 | EOF |
||
64 | # reload udev rules |
||
65 | sudo udevadm control --reload-rules |
||
66 | sudo udevadm trigger |
||
67 | </pre> |
||
68 | |||
69 | @dfu-util@ should reset the board and use the DFU bootloader. |
||
70 | Try the command a second time if it did not work at first. |
||
71 | If this still does not work, power up the board while pressing the *BOOTLOADER* button. |
||
72 | |||
73 | If the USB DFU bootloader is missing, defective, or needs to be updated, use the JTAG or SAM-BA methods to flash the bootloader firmware. |
||
74 | |||
75 | h4. SAMBA |
||
76 | |||
77 | The SAM3S micro-controller comes with an embedded bootloader called SAMBA, allowing to flash firmwares over USB. |
||
78 | The SAMBA bootloader can be used to flash the DFU bootloader. |
||
79 | To activate the SAMBA bootloader: |
||
80 | # short the *ERASE* pin on the top of the board with the nearby 3V3 pin using a jumper |
||
81 | # connect SIMtrace 2 over USB to power it up (no LED will light up) |
||
82 | # using @lsusb@ you should find the following entry: |
||
83 | <pre> |
||
84 | ID 03eb:6124 Atmel Corp. at91sam SAMBA bootloader |
||
85 | </pre> |
||
86 | # using @journalctl -f@ ensure SIMtrace 2 has been recognized as USB ACM device: |
||
87 | <pre> |
||
88 | kernel: usb 2-2: new full-speed USB device number 4 using xhci_hcd |
||
89 | kernel: usb 2-2: New USB device found, idVendor=03eb, idProduct=6124 |
||
90 | kernel: usb 2-2: New USB device strings: Mfr=0, Product=0, SerialNumber=0 |
||
91 | kernel: cdc_acm 2-2:1.0: ttyACM0: USB ACM device |
||
92 | kernel: usbcore: registered new interface driver cdc_acm |
||
93 | kernel: cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters |
||
94 | </pre> |
||
95 | # remove the jumper shorting *ERASE* to 3V3 |
||
96 | # install the @bossac@ utility to flash using the SAMBA protocol |
||
97 | <pre> |
||
98 | sudo apt install bossac |
||
99 | </pre> |
||
100 | # flash the USB DFU firmware using @bossac@ (note: @erase@ ensures no main application remains so to force booting the USB DFU bootloader; @boot=1@ ensures the micro-controller will boot from the internal flash instead of the embedded bootloader next time it is powered up) |
||
101 | <pre> |
||
102 | sudo bossac --port /dev/ttyACM0 --erase --write ./bin/simtrace-dfu-flash.bin --verify --boot=1 |
||
103 | </pre> |
||
104 | # to prevent using @sudo@, grant to current user the permission to access USB serial devices (e.g. @/dev/ttyACM0@). Note: this change only takes effect after re-logging-in |
||
105 | <pre> |
||
106 | sudo adduser $USERNAME dialout |
||
107 | </pre> |
||
108 | |||
109 | Once the USB DFU bootloader is flashed, when re-pluging SIMtrace 2 over USB, you can flash the main application firmware using the DFU method. |
||
110 | |||
111 | h4. JTAG |
||
112 | |||
113 | It is also possible to flash or debug SIMtrace 2 over JTAG using the ARM 20-pin JTAG header on the top of the board. |
||
114 | |||
115 | To flash the USB DFU firmware using JTAG: |
||
116 | # install the JTAG utility @openOCD@ |
||
117 | <pre> |
||
118 | sudo apt install openocd |
||
119 | </pre> |
||
120 | # flash the USB DFU bootloader firmware |
||
121 | <pre> |
||
122 | 6 | tsaitgaist | openocd --file interface/jlink.cfg --file target/at91sam3sXX.cfg --command "init" --command "halt" --command "flash write_bank 0 ./bin/simtrace-dfu-flash.bin 0" --command "at91sam3 gpnvm set 1" --command "reset" --command "shutdown" |
123 | 3 | tsaitgaist | </pre> |
124 | 1 | tsaitgaist | #* replace @interface/jlink.cfg@ with the configuration file for your JTAG debugging adapter |
125 | #* @at91sam3 gpnvm set 1@ ensures the micro-controller will boot from the internal flash (i.e. not from the embedded SAMBA bootloader) |
||
126 | 6 | tsaitgaist | |
127 | The SAM3S also offers the low pin-count SWD alternative to JTAG, allowing to use an inexpensive ST-Link V2 (clone) to flash (and debug): |
||
128 | <pre> |
||
129 | 7 | tsaitgaist | openocd --file interface/stlink-v2.cfg --command "set CPUTAPID 0x2ba01477" --file target/at91sam3sXX.cfg --command "init" --command "halt" --command "flash write_bank 0 ./bin/simtrace-dfu-flash.bin 0" --command "at91sam3 gpnvm set 1" --command "reset" --command "shutdown" |
130 | 6 | tsaitgaist | </pre> |
131 | |||
132 | 7 | tsaitgaist | SWD pinout: |
133 | !simtrace_swd.jpg! |
||
134 | 3 | tsaitgaist | |
135 | Once the USB DFU bootloader is flashed, when re-pluging SIMtrace 2 over USB, you can flash the main application firmware using the DFU method. |
||
136 | 1 | tsaitgaist | |
137 | h3. Development |
||
138 | |||
139 | To compile the firmware using the source code, or participate in the development, please refer to the instructions provided in the "README":https://git.osmocom.org/simtrace2/tree/firmware/README.txt . |
||
140 | |||
141 | h2. Host PC Software |
||
142 | |||
143 | TODO |