diff options
Diffstat (limited to 'docs/chapters')
| -rw-r--r-- | docs/chapters/appendix.xml | 9 | ||||
| -rw-r--r-- | docs/chapters/building.xml | 90 | ||||
| -rw-r--r-- | docs/chapters/firmware.xml | 152 | ||||
| -rw-r--r-- | docs/chapters/hardware_details.xml | 116 | ||||
| -rw-r--r-- | docs/chapters/installation.xml | 164 | ||||
| -rw-r--r-- | docs/chapters/introduction.xml | 43 | ||||
| -rw-r--r-- | docs/chapters/using_sniff.xml | 84 |
7 files changed, 658 insertions, 0 deletions
diff --git a/docs/chapters/appendix.xml b/docs/chapters/appendix.xml new file mode 100644 index 0000000..2f684a3 --- /dev/null +++ b/docs/chapters/appendix.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +<appendix id="appendix_sql_v09"> + <title>SQL Tabellen v0.9</title> + <programlisting> + <inlinemediaobject><imageobject><imagedata format="linespecific" fileref="file" /></imageobject></inlinemediaobject> + </programlisting> +</appendix> +--> diff --git a/docs/chapters/building.xml b/docs/chapters/building.xml new file mode 100644 index 0000000..bb850b4 --- /dev/null +++ b/docs/chapters/building.xml @@ -0,0 +1,90 @@ +<?xml version="1.0" encoding="UTF-8"?> +<chapter id="chapter_building"> + <title>Getting and Building the Software</title> + <section id="building_intros"> + <title>Building software</title> + <para>There are three parts that can be built. It is the firmware + for the SIMtrace hardware, the SIMtrace software and the modified + version of wireshark. All of these have different source trees and + dependencies.</para> + </section> + + <section id="building_simtrace"> + <title>Building SIMtrace</title> + + <section id="libosmocore"> + <title>Building the Osmocom libosmocore library</title> + <screen> +$ <command>git</command> clone git://git.osmocom.org/libosmocore +$ <command>cd</command> libosmocore +$ <command>autoreconf</command> --install --force +$ <command>./configure</command> +$ <command>sudo</command> <command>make</command> install +</screen> + </section> + + <section id="libusb"> + <title>Installing libusb</title> + <para>You will need to install the libusb header files + to be able to compile <command>simtrace</command>.</para> + </section> + + <section id="simtrace"> + <title>Building <command>simtrace</command></title> + <screen> +$ wget https://api.opensuse.org/public/source/home:zecke23/simtrace/simtrace_0.0.1.tar.gz +$ tar xzf simtrace_0.0.1.tar.gz +$ cd simtrace-0.0.1 +$ PKG_CONFIG_PATH=/usr/local/lib/pkgconfig make +cc `pkg-config --cflags libosmocore` -o main.o -c main.c +cc `pkg-config --cflags libosmocore` -o usb_helper.o -c usb_helper.c +cc `pkg-config --cflags libosmocore` -o usb.o -c usb.c +cc `pkg-config --cflags libosmocore` -o apdu_split.o -c apdu_split.c +cc -o simtrace main.o usb_helper.o usb.o apdu_split.o -lusb `pkg-config --libs libosmocore` -losmocore + </screen> + </section> + </section> + + <section id="building_wireshark"> + <title>Building Wireshark</title> + <para>SIMtrace provides a patch against <command>wireshark</command> + version 1.6. It is the easiest to checkout a copy using the 1.6 branch + of wireshark and applying the <filename>simcard.patch</filename> on top + of it. And then use the usual way of building wireshark</para> + + <section id="getting_wireshark"> + <title>Getting Wireshark</title> + <screen> +$ svn co https://anonsvn.wireshark.org/wireshark/trunk-1.6 wireshark-1.6 +... +A wireshark-1.6/isprint.h + U wireshark-1.6 +Checked out revision 38543. + </screen> + </section> + + <section id="getting_simcard.patch"> + <title>SIMCard patch</title> + <para>You will need to download and apply the patch.</para> + <screen> +$ cd wireshark-1.6 +$ wget http://cgit.osmocom.org/cgit/simtrace/tree/wireshark/simcard-for-wireshark-1.6.patch +$ cat ../simcard-for-wireshark-1.6.patch | patch -p 0 +patching file epan/dissectors/packet-gsm_sim.c +patching file epan/dissectors/packet-gsmtap.c +patching file epan/dissectors/Makefile.common + </screen> + </section> + + <section id="building_and_installing"> + <title>Building and Installing</title> + <screen> +$ autoreconf --install +$ ./configure +$ make +... +$ sudo ./wireshark + </screen> + </section> + </section> +</chapter> diff --git a/docs/chapters/firmware.xml b/docs/chapters/firmware.xml new file mode 100644 index 0000000..87c70bd --- /dev/null +++ b/docs/chapters/firmware.xml @@ -0,0 +1,152 @@ +<?xml version="1.0" encoding="UTF-8"?> +<chapter id="chapter_firmware"> + <title>Getting and Building the Firmware</title> + <section id="building_fw_intro"> + <title>Introduction</title> + <para>The Firmware is the Software that is running on the + Microcontroller of the SIMtrace hardware. The Firmware itself + consists out of a couple of components for different parts of + the system. Besides the source code for the firmware you will + also need to have an ARM Cross-Compile Toolchain, a copy of the + SAM7 utilities to initially program the device or recover from + a fatal error and dfu-util to update the main part of the firmware + using the Device Firmware Update (DFU) mode.</para> + </section> + + <section id="getting_a_toolchain"> + <title>Getting a Toolchain</title> + <para>The toolchain needs to include a GCC newer than 3.4 + and it may not be an EABI toolchain. EABI toolchains fail to properly + link the SIMtrace binary. You can easily build a toolchain yourself + or use one of the known working pre-built ones. Please see the + <ulink url="http://bb.osmocom.org/trac/wiki/toolchain">SIMtrace wiki</ulink> + for more information about getting a toolchain. + </para> + </section> + + <section id="getting_the_firmware"> + <title>Getting and Building the Firmware</title> + + <para>The SIMtrace firmware is based on the OpenPCD RFID Reader Firmware and the + SIMtrace firmware code is located in the OpenPCD repository. You can use the + <command>git</command> to clone the repository. + <screen> +$ git clone git://git.gnumonks.org/openpcd.git + </screen> + </para> + + <para>The firmware consists out of two separate binaries that will be concatted + and flashed into the NOR flash of the microcontroller. The main part is the dfu + program that will handle basic USB functionality and respond to Device Firmware + Update (DFU) requests to allow to update the firmware in the NOR or execute + software in RAM. + <screen> +$ cd openpcd/firmware +$ make -f Makefile.dfu BOARD=SIMTRACE +$ make BOARD=SIMTRACE DEBUG=1 TARGET=main_simtrace +$ cat dfu.bin main_simtrace.bin > main_simtrace.samba +$ cd ../.. + </screen></para> + </section> + <section id="firmware_details"> + <title>Firmware Details</title> + <para> + The handling for the DFU part can be found in the <filename>src/dfu</filename> + directory, it also provides low-level USB routines to work with USB Device + Port (UDP). These functions will be called from the main payload. + </para> + <para>The operating system part is in <filename>src/os</filename> it provides + basic hardware control and services to be used by the main application, this + includes USB enumeration, Watchdog programming, running the mainloop, interrupt + dispatching. The main application for SIMtrace can be found in + <filename>src/simtrace</filename> and this includes programming the two USART, + configuring the bus switch according to the mode. + </para> + </section> + + <section id="firmware_programming_sam_ba"> + <title>Initial Firmware Programming</title> + <para>In case the NOR Flash of the SAM7 Microcontroller is either blank or has + become corrupted the Microcontrollers support entering a mode called SAM-BA which + then allows flashing the device using the <filename>sam</filename> application. The + SAM-BA mode can be easily entered by following the below procedure.</para> + + <procedure> + <title>Entering SAM-BA Mode</title> + <step><para>Unplug the SIMtrace Hardware from USB.</para></step> + <step><para>Short TEST to VCC (3.3V) pin by using the Jumper. Leave PA0, PA1, PA2 unconnected.</para></step> + <step><para>Power up the SIMtrace Hardware from USB.</para></step> + <step><para>Wait for 20 seconds.</para></step> + <step><para>Unplug the SIMtrace Hardware from USB.</para></step> + <step><para>Open/Remove the Jumper.</para></step> + </procedure> + + <figure> + <title>TEST Jumper</title> + <mediaobject><imageobject> + <imagedata fileref="images/shortTEST.jpg" width="12cm"/> + </imageobject></mediaobject> + </figure> + + <note><title>v1.0p/v1.1p Hardware Owners</title> + <para>Sometimes the SAM-BA mode is not entered. This is the case when the + two LEDs are on when powering up the SIMtrace Hardware with the Jumper set. + The reason for this is unknown but there are several workarounds: + <itemizedlist> + <listitem><para>Press the RESET button while powering up.</para></listitem> + <listitem><para>In addition, remove the jumper and put it back.</para></listitem> + </itemizedlist> + + As soon as the two LEDs go off, the SAM-BA mode is properly entered. + </para> + </note> + <para>The <command>sam</command> application can be compiled to either use libusb or + normal files to program the device, depending on the drivers used you will + need to configure the application one way or another. The programming can then + be done using the below command. + <screen> +$ ./sam7 --exec set_clock --exec unlock_regions --exec "flash ../openpcd/firmware/main_simtrace.samba" + </screen> + <note><title>Silent failures</title> + <para>The <command>sam</command> can silently fail when not finding or being + able to configure the device properly. It is best to enter the interactive mode + by not providing any <command>--exec</command> commands.</para> + </note> + </para> + </section> + + <section id="firmware_programming_dfu"> + <title>Device Firmware Update</title> + <para>The Device Firmware Update (DFU) part of the firmware will be + booted first, it is checking if a button is active or if the software + reset reason was for DFU and then activates the DFU part or jumps to + the main application. DFU can be activated at any time using + <command>dfu-util</command> on the USB Host.</para> + <para>The <command>dfu-util</command> application might be already + packaged for your distribution, the source code can be found on the + <ulink url="http://dfu-util.gnumonks.org/">dfu-util.gnumonks.org</ulink> + website. To update the main part of the firmware simply do: + <screen> +$ dfu-util -d 16c0:0762 -a0 -D ./main_simtrace.bin -R + </screen></para> + </section> + + <section id="firmware_programming_upgrade"> + <title>Upgrading to v0.4 Firmware</title> + <para>Upgrading to v0.4 requires flashing both the Bootloader and the + SIMtrace application. The procedure is first to flash the bootloader, + then the SIMtrace application and finally reset the device. + </para> + + <screen> +$ dfu-util -d 16c0:0762 -a 1 -D ./dfu.bin +$ dfu-util -d 16c0:0762 -a 0 -D ./main_simtrace.bin +... reset the device + </screen> + </section> + + <section id="firmware_serial_console"> + <title>Serial Console for debugging</title> + <para>The serial console operates at 115200 bauds with 8n1 and no flow control.</para> + </section> +</chapter> diff --git a/docs/chapters/hardware_details.xml b/docs/chapters/hardware_details.xml new file mode 100644 index 0000000..23f7355 --- /dev/null +++ b/docs/chapters/hardware_details.xml @@ -0,0 +1,116 @@ +<?xml version="1.0" encoding="UTF-8"?> +<chapter id="chapter_hw"> + <title>Hardware Details</title> + <section id="hw_design"> + <title>HW Design</title> + <para>The Free Software KiCAD EDA was used to design the + hardware and can be used to look at the schematics and the + PCB routing. The hardware design can be found in the git + repository of the SIMtrace sources. For the v1.0 hardware + you will have to look at the v1.0_production branch. + </para> + </section> + + <section id="pcb_populated"> + <title>Populated PCB</title> + <para>The version v1.0p is the first production that had an + automatic SMT run. Due some production issues the labeling of + components didn't make it to the PCB but can be found in this + manual. The difference between the v1.0 and v1.0p hardware is + in the footprint of some components to utilize the existing + stock of the factory. This was mostly done for the LED and the + shottky diodes.</para> + + <figure><title>SIMtrace v1.0 PCB</title> + <mediaobject> + <imageobject> + <imagedata fileref="images/simtrace_hw.jpg" width="15cm"/> + </imageobject> + <textobject><phrase>SIMtrace v1.0 PCB</phrase></textobject> + </mediaobject> + </figure> + </section> + + <section id="pcb_surface"> + <title>PCB Surface</title> + <para> + <figure><title>SIMtrace v1.0 Surface</title> + <mediaobjectco> + <imageobjectco> + <areaspec id="surface" units="calspair"> + <area linkends="link_usb" coords="8800,0 8800,6100" id="usb"/> + <area linkends="link_serial" coords="8800,7000 8800,8000" id="serial"/> + <area linkends="link_debug" coords="8800,9000 8800,9500" id="debug"/> + <area linkends="link_jtag" coords="5000,8900 5000,9000" id="jtag"/> + <area linkends="link_bt1" coords="8900,0 9100,3500" id="bt1"/> + <area linkends="link_ffc" coords="500,3000 700,9000" id="ffc"/> + <area linkends="link_sim" coords="500,500 700,2000" id="sim"/> + <area linkends="link_reset" coords="200,9000 500,9000" id="reset"/> + <area linkends="link_bootloader" coords="1700,9000 1900,9000" id="bootloader"/> + <area linkends="link_test" coords="6500,8700 7000,8900" id="test"/> + <area linkends="link_erase" coords="7100,8700 7600,8900" id="erase"/> + </areaspec> + <imageobject> + <imagedata fileref="images/simtrace_surface.png" width="15cm" /> + </imageobject> + <calloutlist> + <callout arearefs="usb" id="link_usb"> + <para>USB: USB mini-B connector. The main connector. The + host software communicates (sniffing,...) through USB with + the board. It can also be used to flash the micro-controller + (using DFU).</para> + </callout> + <callout arearefs="serial" id="link_serial"> + <para>serial: 2.5 mm jack serial cable, as used by osmocomBB + port used to debug the device (printf goes there).</para> + </callout> + <callout arearefs="debug" id="link_debug"> + <para>debug (P3): same as serial, but using the FTDI + serial cable. It is recommended to cut the voltage wire of + the 6pin FTDI connector before plugging the cable into the + simtrace. + </para> + </callout> + <callout arearefs="jtag" id="link_jtag"> + <para>jtag (P1): JTAG 20 pin connector to do hardware + assisted debugging.</para> + </callout> + <callout arearefs="bt1" id="link_bt1"> + <para>BT1: battery connector (4.5-6V DC). normally the + USB provides power, but the battery port can be used + for autonomous use of SIMtrace. The sniffing can be saved + in the flash (U1).</para> + </callout> + <callout arearefs="ffc" id="link_ffc"> + <para>FFC_SIM (P3): to connect the flat flexible cable with + SIM end for the phone.</para> + </callout> + <callout arearefs="sim" id="link_sim"> + <para>SIM (P4): put your SIM in there (instead of in the + phone)</para> + </callout> + <callout arearefs="reset" id="link_reset"> + <para>reset (SW1): to reset the board (not erasing the + firmware). If your are too lazy to unplug and re-plug + the USB.</para> + </callout> + <callout arearefs="bootloader" id="link_bootloader"> + <para>bootloader (SW2): used to start the bootloader so + to flash the device using DFU. press when plugging in + the USB.</para> + </callout> + <callout arearefs="test" id="link_test"> + <para>test (JP1): short circuit using a jumper to flash + using SAM-BA.</para> + </callout> + <callout arearefs="erase" id="link_erase"> + <para>erase (JP2): short circuit using a jumper to erase + completely erase the firmware.</para> + </callout> + </calloutlist> + </imageobjectco> + </mediaobjectco> + </figure> + </para> + </section> +</chapter> diff --git a/docs/chapters/installation.xml b/docs/chapters/installation.xml new file mode 100644 index 0000000..e3cb229 --- /dev/null +++ b/docs/chapters/installation.xml @@ -0,0 +1,164 @@ +<?xml version="1.0" encoding="UTF-8"?> +<chapter id="chapter_installation"> + <title>Installation</title> + <para><application>SIMtrace</application> will need a patched version of + <application>wireshark</application> and the <command>simtrace</command> + host utility to fully operate. The installation might be possible from + binary packages or will require building from source. The following + sections provide some hints how to achieve this on the various Linux + distributions. All these operations must be executed as root.</para> + + + <note> + <title>Wireshark Patches</title> + <para>The SIMtrace patch has been upstreamed. Wireshark 1.7.1 was released + on April the 6th 2012 and is the first development release to support SIMtrace + out of the box. Wireshark 1.8 will be the first stable version. + </para> + </note> + + <section id="install_ubuntu_natty"> + <title>Installation Ubuntu Natty, Ubuntu Oneiric</title> + <para>Ubuntu Natty and Oneiric users can use the holger+lp/osmocom PPA to install +<application>SIMtrace</application> and upgrade wireshark. The PPA needs to + be added to the system, the package database needs to be refreshed + and the applications can be installed afterwards.</para> + + <screen> +$ <command>sudo</command> <command>add-apt-repository</command> ppa:holger+lp/osmocom +[sudo] password for username: +Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver hkp://keyserver.ubuntu.com:80/ --recv 84C86214C00BAF820F43585CCABF944FA2AD19FA +gpg: requesting key A2AD19FA from hkp server keyserver.ubuntu.com +gpg: Total number processed: 1 +gpg: unchanged: 1 + </screen> + + <para>The next step is to update the package database and install or upgrade + the <application>wireshark</application> application.</para> + + <screen> +$ <command>sudo</command> <command>apt-get</command> update +... +$ <command>sudo</command> <command>apt-get</command> install wireshark simtrace +... + </screen> + + <note><para>The wireshark will only be installed if it is newer than the version + provided by Ubuntu. Please verify that the above command installed a version + coming from the PPA.</para> + </note> + + </section> + + <section id="install_opensuse"> + <title>Installation OpenSUSE</title> + <para>The installation on OpenSUSE uses zypper. The repository must be added + via the <command>zypper</command> application and then the binary packages + can be installed.</para> + + <section> + <title>openSUSE 11.3</title> + <screen> +$ <command>zypper</command> addrepo http://download.opensuse.org/repositories/home:/zecke23/openSUSE_11.3/home:zecke23.repo +$ <command>zypper</command> refresh +$ <command>zypper</command> install wireshark simtrace + </screen> + </section> + + <section> + <title>openSUSE 11.4</title> + <screen> +$ <command>zypper</command> addrepo http://download.opensuse.org/repositories/home:/zecke23/openSUSE_11.4/home:zecke23.repo +$ <command>zypper</command> refresh +$ <command>zypper</command> install wireshark simtrace + </screen> + </section> + <section> + <title>openSUSE 12.1</title> + <screen> +$ <command>zypper</command> addrepo http://download.opensuse.org/repositories/home:/zecke23/openSUSE_11.4/home:zecke23.repo +$ <command>zypper</command> refresh +$ <command>zypper</command> install wireshark simtrace + </screen> + </section> + </section> + + <section id="install_fedora"> + <title>Installation Fedora</title> + <section> + <title>Fedora 14</title> + <screen> +$ cd /etc/yum/repos.d/ +$ wget http://download.opensuse.org/repositories/home:zecke23/Fedora_14/home:zecke23.repo +$ yum install wireshark simtrace + </screen> + </section> + + <section> + <title>Fedora 15</title> + <screen> +$ cd /etc/yum/repos.d/ +$ wget http://download.opensuse.org/repositories/home:zecke23/Fedora_15/home:zecke23.repo +$ yum install wireshark simtrace + </screen> + </section> + + <section> + <title>Fedora 16</title> + <screen> +$ cd /etc/yum/repos.d/ +$ wget http://download.opensuse.org/repositories/home:zecke23/Fedora_16/home:zecke23.repo +$ yum install wireshark simtrace + </screen> + </section> + + </section> + + <section id="install_centos"> + <title>Installation CentOS</title> + <section> + <title>CentOS 5</title> + <screen> +$ cd /etc/yum/repos.d/ +$ wget http://download.opensuse.org/repositories/home:zecke23/CentOS_CentOS-5/home:zecke23.repo +$ yum install wireshark simtrace + </screen> + </section> + + <section> + <title>CentOS 6</title> + <screen> +$ cd /etc/yum/repos.d/ +$ wget http://download.opensuse.org/repositories/home:zecke23/CentOS_CentOS-6/home:zecke23.repo +$ yum install wireshark simtrace + </screen> + </section> + </section> + + <section id="install_mandriva"> + <title>Mandriva</title> + + <section> + <title>Mandriva 2010.1</title> + <screen> +$ urpmi.addmedia home:zecke23 http://download.opensuse.org/repositories/home:zecke23/Mandriva_2010.1/ +$ urpmi.update -a +$ urpmi wireshark simtrace + </screen> + </section> + + <section> + <title>Mandriva 2011</title> + <screen> +$ urpmi.addmedia home:zecke23 http://download.opensuse.org/repositories/home:zecke23/Mandriva_2011/ +$ urpmi.update -a +$ urpmi wireshark simtrace + </screen> + </section> + </section> + + <section id="installation_from_source"> + <title>Installation from Source</title> + <para>Please see the <xref linkend="chapter_building"/></para> + </section> +</chapter> diff --git a/docs/chapters/introduction.xml b/docs/chapters/introduction.xml new file mode 100644 index 0000000..4994c57 --- /dev/null +++ b/docs/chapters/introduction.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<chapter id="chapter_introduction"> + <title>Introduction</title> + <section id="intro_overview"> + <title>History</title> + <para>SIMtrace was created out of necessity. Harald Welte wanted + to see the communication between a GSM Mobile Station (or + what we call a cellphone) and the SIM. He was not able to + find an existing solution, or the existing ones had mayor + drawbacks that made using them very time consuming and slow. + The Atmel AT91SAM7 came to the rescue. This microcontroller + has hardware support for the ISO7816 T0/T1 Smart Card + specification. We can connect the external clock to the UART + and are able to read bytes coming and going to the SIM. + The next step in the project was taken by Kevin Redon + that started to modify an existing AT91SAM7 design, started + to use the Free Software KiCAD CAD Software. In 2011 the project + went from having Schematics to having routed circuits, prototypes + and the final product. The first production run was in August.</para> + </section> + <section id="intro_picture"> + <title>Overview</title> + <para>The setup of SIMtrace consists out of a Hardware and a + Software part. The SIM card needs to be put into the SIMtrace + Hardware, the flex cable needs to be connected to the SIMtrace + Hardware and the SIM end needs to be placed in the SIM socket + of the phone. The SIMtrace hardware can be seen as a USB device + from the host, the SIMtrace software will try to find this device + and claim it. The SIMtrace software will receive packets from the + SIMtrace hardware and can forward them using the GSMTAP protocol + to the IANA assigned GSMTAP port (4729). A modified version of Wireshark + can be used to analyze the data.</para> + + <figure><title>Schematic Overview</title> + <mediaobject> + <imageobject> + <imagedata fileref="images/setup_overview.png" width="6cm"/> + </imageobject> + <textobject><phrase>SIMtrace being connected</phrase></textobject> + </mediaobject> + </figure> + </section> +</chapter> diff --git a/docs/chapters/using_sniff.xml b/docs/chapters/using_sniff.xml new file mode 100644 index 0000000..95cd1c2 --- /dev/null +++ b/docs/chapters/using_sniff.xml @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="UTF-8"?> +<chapter id="chapter_sniff"> + <title>Sniffing your SIM</title> + + <section id="hw_setup"> + <title>Connecting your device</title> + <para>You will need to put your SIM into the SIMtrace hardware, connect + one of the four flex cables to the SIMtrace hardware, put the other side + into the SIM socket of your phone. Use USB to connect the SIMtrace hardware + to the PC. On your PC you should be able to see the USB device now.</para> + + <figure><title>Connecting the SIMtrace Hardware</title> + <mediaobject> + <imageobject> + <imagedata fileref="images/simtrace_hw_setup.png" width="15cm"/> + </imageobject> + <textobject><phrase>SIMtrace being connected</phrase></textobject> + </mediaobject> + </figure> + </section> + + <section id="launching_simtrace"> + <title>Launching SIMtrace</title> + <screen> +$ <command>./simtrace</command> +simtrace - GSM SIM and smartcard tracing +(C) 2010 by Harald Welte <laforge@gnumonks.org> + </screen> + <para>Launching the <command>simtrace</command> will try to find + the SIMtrace hardware and then try to claim the USB device. The + application will send the received data encapsulated in the GSMTAP + format on localhost and the IANA assigned GSMTAP port.</para> + </section> + + <section id="launching_wireshark"> + <title>Launching Wireshark</title> + <para>The <command>wireshark</command> application will start a GUI + and given the right permissions you should be able listen to the + localhost interface and filter for the GSMTAP port on 4729. You should + be able to see the decoded messages like in the figure below.</para> + + <figure><title>GSMTAP in Wireshark</title> + <mediaobject> + <imageobject> + <imagedata fileref="images/wireshark-sim.png" width="16cm"/> + </imageobject> + <textobject><phrase>SIMtrace sending data</phrase></textobject> + </mediaobject> + </figure> + </section> + + <section id="known_firmware_issues"> + <title>Known Firmware Issues</title> + <section> + <title>Combined ATR/APDU message</title> + <para>For some cards the firmware does not send an USB message at + the end of the ATR. The ATR and first APDU will be send in one message + and the host utility fails to split APDUs and nothing will be traced. + A band-aid for the firmware exists and can be found on the mailinglist. + </para> + </section> + <section> + <title>Lost bytes</title> + <para>For some new high speed cards the firmware can lose bytes. The + issue appears to be when the received bytes will be copied to the memory + of the USB controller. The workaround is to reduce the size of the buffer. + </para> + </section> + </section> + + <section id="other_modes"> + <title>Other modes</title> + <para>The hardware is capable to be used as an ordinary card reader, + provide Man-In-The-Middle (MITM) attacks, or operate as a SIM. The + firmware currently does not have support for these modes.</para> + + <para>The SIMtrace hardware supports ISO7816 Part 3 T=0/T=1 protocols, + it basically can be used to intercept and analyze any traffic from (ISO7816) + smart cards. This includes SIM cards, Pay TV cards (smart card for CAM), + ATM cards, chip credit card, PKI smart cards, e-passport etc. etc. However + watch out: You have to make your chip card fitting in the "SIM card size" + ID-000 reader or build another adapter.</para> + </section> +</chapter> |