\section{Osmocom SIMtrace}

\subsection{Analyzing SIM drivers and STK apps}

\begin{frame}{Analyzing SIM toolkit applications is hard}
\begin{itemize}
	\item Regular end-user phone does not give much debugging
	\item SIM card itself has no debug interface for printing error messages, warnings, etc.
	\item However, as SIM-ME interface is unencrypted, sniffing / tracing is possible
	\item Commercial / proprietary solutions exist, but are expensive (USD 5,000 and up)
	\item Technically, sniffing smard card interfaces is actually very simple
\end{itemize}
\end{frame}

\subsection{Osmocom SIMtrace Introduction}

\begin{frame}{Introducing Osmocom SIMtrace}
\begin{itemize}
	\item Osmocom SIMtrace is a passive (U)SIM-ME communication sniffer
	\item Insert SIM adapter cable into actual phone
	\item Insert (U)SIM into SIMtrace hardware
	\item SIMtrace hardware provides USB interface to host PC
	\item {\tt simtrace} host PC program encapsulates APDU in GSMTAP
	\item GSMTAP is sent via UDP to localhost
	\item wireshark dissector for GSM TS 11.11 decodes APDUs
\end{itemize}
\end{frame}

\subsection{Osmocom SIMtrace Hardware}

\begin{frame}{Osmocom SIMtrace Principle}
\begin{figure}[h]
	\centering
	\includegraphics[width=70mm]{simtrace-schema.png}
\end{figure}
\end{frame}

\begin{frame}{Osmocom SIMtrace Hardware}
\begin{figure}[h]
	\centering
	\includegraphics[width=105mm]{simtrace_and_phone.jpg}
\end{figure}
\end{frame}

\begin{frame}{Osmocom SIMtrace Hardware}
\begin{itemize}
	\item Hardware is based around AT91SAM7S controller
	\item SAM7S Offers two ISO 7816-3 compatible USARTs
	\item USARTs can be clock master (SIM reader) or slave (SIM card)
	\item Open Source Firmware on SAM7S implementing APDU sniffing
	\item Auto-bauding depending CLK signal, PPS supported
	\item Schematics / layout is open source (CC-BY-SA)
	\item Assembled + tested kits can be bought from {\url http://shop.sysmocom.de/}
\end{itemize}
\end{frame}

\begin{frame}{wireshark decoding}
\begin{figure}[h]
	\centering
	\includegraphics[width=95mm]{wireshark-sim.png}
\end{figure}
\end{frame}


\begin{frame}{SIMtrace TODO}
SIMtrace hardware is capable, but no software yet for:
\begin{itemize}
	\item perform MITM (APDU filtering)
	\item full software SIM card emulation
	\item PC/SC compatible smart card reader
	\item autonomous tracing operation (No PC / USB), store APDU logs {\em in the field} on integrated SPI flash
\end{itemize}
Firmware and host software all FOSS, anyone can extend and innovate!
\end{frame}