blob: 75aed46b32b09e9db140aef23a483b2acce06f9d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
\section{Osmocom SIMtrace}
\subsection{Debugging SIM drivers and STK apps}
\begin{frame}{Debugging SIM toolkit applications is hard}
\begin{itemize}
\item Regular end-user phone does not give much debugging
\item SIM card itself has no debug interface for printing error messages, warnings, etc.
\item However, as SIM-ME interface is unencrypted, sniffing / tracing is possible
\item Commercial / proprietary solutions exist, but are expensive
\end{itemize}
\end{frame}
\subsection{Osmocom SIMtrace Introduction}
\begin{frame}{Introducing Osmocom SIMtrace}
\begin{itemize}
\item Osmocom SIMtrace is a passive (U)SIM-ME communication sniffer
\item Insert SIM adapter into actual phone
\item Insert (U)SIM into SIMtrace hardware
\item SIMtrace hardware provides USB interface to host PC
\item {\tt simtrace} program on PC encapsulates APDU in GSMTAP
\item GSMTAP is sent via UDP to localhost
\item wireshark dissector for GSM TS 11.11 decodes APDUs
\end{itemize}
\end{frame}
\subsection{Osmocom SIMtrace Hardware}
\begin{frame}{Osmocom SIMtrace Hardware}
\begin{itemize}
\item Hardware is based around AT91SAM7S controller
\item SAM7S Offers two ISO 7816-3 compatible USARTs
\item USARTs can be clock master (SIM reader) or slave (SIM card)
\item Open Source Firmware on SAM7S implementing APDU sniffing
\item Auto-bauding depending CLK signal, PPS supported
\item Only prototype hardware right, but will be manufactured in Q1/2011
\end{itemize}
\end{frame}
|
