usb_application/simtrace.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

#!/usr/bin/env python 

import argparse
import sniffer
import ccid
import ccid_select
import mitm

import usb.core
import usb.util
import sys
import time

cmd1 = {0x00, 0x10, 0x00, 0x00}
cmd2 =  {0x00, 0x20, 0x00, 0x00, 0x02}
cmd_poweron = {0x62, 0x62, 0x00, 0x00}
cmd_poweroff = {0x63, 0x63, 0x00, 0x00}
cmd_get_slot_stat = {0x65, 0x65, 0x00, 0x00}
cmd_get_param = {0x00, 0x6C, 0x00, 0x00}

class find_class(object):
    def __init__(self, class_):
        self._class = class_
    def __call__(self, device):
        # first, let's check the device
        if device.bDeviceClass == self._class:
            return True
        # ok, transverse all devices to find an
        # interface that matches our class
        for cfg in device:
            # find_descriptor: what's it?
            intf = usb.util.find_descriptor(
                                        cfg,
                                        bInterfaceClass=self._class
                                )
            if intf is not None:
                return True

        return False

def find_dev():
    dev = usb.core.find(idVendor=0x16c0, idProduct=0x0762)
    if dev is None:
        raise ValueError("Device not found")
    else:
        print("Found device")
    return dev

# main code
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("-C", "--conf", type=int, choices=[1, 2, 3, 4], help="Set USB config")
    parser.add_argument("-b", "--read_bin", help="read ICCID, IMSI, etc.", action='store_true')
    parser.add_argument("-c", "--cmd", help="cmds to send to sim card (Not supported yet)", 
        choices=["cmd1", "cmd2", "cmd_poweron", "cmd_poweroff", "cmd_get_slot_stat", "cmd_get_param"])
    parser.add_argument("-s", "--sniff", help="Sniff communication!", action='store_true') 
    parser.add_argument("-S", "--select_file", help="Transmit SELECT cmd!", action='store_true')
    parser.add_argument("-p", "--phone", help="Emulates simcard", action='store_true')
    parser.add_argument("-m", "--mitm", help="Intercept communication (MITM)", action='store_true')
    
    args = parser.parse_args()
    print("args: ", args)


# FIXME: why is it a ccid function?
    if args.conf is not None:
#FIXME: Change means to find devices
        dev = find_dev()
        dev.set_configuration(args.conf)
        # Give pcsclite time to find the device
        time.sleep(1)

    if args.read_bin is True: 
        ccid.pySim_read() 

    if args.cmd is not None:
#FIXME: Change means to find devices
        devs = usb.core.find(find_all=1, custom_match=find_class(0xb))  # 0xb = Smartcard
        for dev in devs:
            dev.write(0x1, args.cmd)
            ret = dev.read(0x82, 64)
#            ret = dev.read(0x83, 64, 100)
            print(ret)
    if args.sniff is True:
        sniffer.sniff(dev)
    if args.select_file is True:
        ccid_select.select()
    if args.phone is True:
        mitm.do_mitm(sim_emul=True)
    if args.mitm is True:
        mitm.do_mitm(sim_emul=False)

    return

#    (epi, epo) = find_eps(dev)
    while True:
        #ep_out.write("Hello")
        try:
            ans = dev.read(0x82, 64, 1000)
            print("".join("%02x " % b for b in ans))
        except KeyboardInterrupt:
            print("Bye")
            sys.exit()
        except: 
            print("Timeout")
    #    print(ep_in.read(1, 5000));

main()