diff options
Diffstat (limited to 'docs/chapters/using_sniff.xml')
-rw-r--r-- | docs/chapters/using_sniff.xml | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/docs/chapters/using_sniff.xml b/docs/chapters/using_sniff.xml new file mode 100644 index 0000000..95cd1c2 --- /dev/null +++ b/docs/chapters/using_sniff.xml @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="UTF-8"?> +<chapter id="chapter_sniff"> + <title>Sniffing your SIM</title> + + <section id="hw_setup"> + <title>Connecting your device</title> + <para>You will need to put your SIM into the SIMtrace hardware, connect + one of the four flex cables to the SIMtrace hardware, put the other side + into the SIM socket of your phone. Use USB to connect the SIMtrace hardware + to the PC. On your PC you should be able to see the USB device now.</para> + + <figure><title>Connecting the SIMtrace Hardware</title> + <mediaobject> + <imageobject> + <imagedata fileref="images/simtrace_hw_setup.png" width="15cm"/> + </imageobject> + <textobject><phrase>SIMtrace being connected</phrase></textobject> + </mediaobject> + </figure> + </section> + + <section id="launching_simtrace"> + <title>Launching SIMtrace</title> + <screen> +$ <command>./simtrace</command> +simtrace - GSM SIM and smartcard tracing +(C) 2010 by Harald Welte <laforge@gnumonks.org> + </screen> + <para>Launching the <command>simtrace</command> will try to find + the SIMtrace hardware and then try to claim the USB device. The + application will send the received data encapsulated in the GSMTAP + format on localhost and the IANA assigned GSMTAP port.</para> + </section> + + <section id="launching_wireshark"> + <title>Launching Wireshark</title> + <para>The <command>wireshark</command> application will start a GUI + and given the right permissions you should be able listen to the + localhost interface and filter for the GSMTAP port on 4729. You should + be able to see the decoded messages like in the figure below.</para> + + <figure><title>GSMTAP in Wireshark</title> + <mediaobject> + <imageobject> + <imagedata fileref="images/wireshark-sim.png" width="16cm"/> + </imageobject> + <textobject><phrase>SIMtrace sending data</phrase></textobject> + </mediaobject> + </figure> + </section> + + <section id="known_firmware_issues"> + <title>Known Firmware Issues</title> + <section> + <title>Combined ATR/APDU message</title> + <para>For some cards the firmware does not send an USB message at + the end of the ATR. The ATR and first APDU will be send in one message + and the host utility fails to split APDUs and nothing will be traced. + A band-aid for the firmware exists and can be found on the mailinglist. + </para> + </section> + <section> + <title>Lost bytes</title> + <para>For some new high speed cards the firmware can lose bytes. The + issue appears to be when the received bytes will be copied to the memory + of the USB controller. The workaround is to reduce the size of the buffer. + </para> + </section> + </section> + + <section id="other_modes"> + <title>Other modes</title> + <para>The hardware is capable to be used as an ordinary card reader, + provide Man-In-The-Middle (MITM) attacks, or operate as a SIM. The + firmware currently does not have support for these modes.</para> + + <para>The SIMtrace hardware supports ISO7816 Part 3 T=0/T=1 protocols, + it basically can be used to intercept and analyze any traffic from (ISO7816) + smart cards. This includes SIM cards, Pay TV cards (smart card for CAM), + ATM cards, chip credit card, PKI smart cards, e-passport etc. etc. However + watch out: You have to make your chip card fitting in the "SIM card size" + ID-000 reader or build another adapter.</para> + </section> +</chapter> |