blob: 0d6ffc42569200b9028bfac6dcb4775fb029aa74 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
\section{Osmocom SIMtrace}
\subsection{Analyzing SIM drivers and STK apps}
\begin{frame}{Analyzing SIM toolkit applications is hard}
\begin{itemize}
\item Regular end-user phone does not give much debugging
\item SIM card itself has no debug interface for printing error messages, warnings, etc.
\item However, as SIM-ME interface is unencrypted, sniffing / tracing is possible
\item Commercial / proprietary solutions exist, but are expensive (USD 5,000 and up)
\item Technically, sniffing smard card interfaces is actually very simple
\end{itemize}
\end{frame}
\subsection{Osmocom SIMtrace Introduction}
\begin{frame}{Introducing Osmocom SIMtrace}
\begin{itemize}
\item Osmocom SIMtrace is a passive (U)SIM-ME communication sniffer
\item Insert SIM adapter cable into actual phone
\item Insert (U)SIM into SIMtrace hardware
\item SIMtrace hardware provides USB interface to host PC
\item {\tt simtrace} host PC program encapsulates APDU in GSMTAP
\item GSMTAP is sent via UDP to localhost
\item wireshark dissector for GSM TS 11.11 decodes APDUs
\end{itemize}
\end{frame}
\subsection{Osmocom SIMtrace Hardware}
\begin{frame}{Osmocom SIMtrace Principle}
\begin{figure}[h]
\centering
\includegraphics[width=70mm]{simtrace-schema.png}
\end{figure}
\end{frame}
\begin{frame}{Osmocom SIMtrace Hardware}
\begin{figure}[h]
\centering
\includegraphics[width=105mm]{simtrace_and_phone.jpg}
\end{figure}
\end{frame}
\begin{frame}{Osmocom SIMtrace Hardware}
\begin{itemize}
\item Hardware is based around AT91SAM7S controller
\item SAM7S Offers two ISO 7816-3 compatible USARTs
\item USARTs can be clock master (SIM reader) or slave (SIM card)
\item Open Source Firmware on SAM7S implementing APDU sniffing
\item Auto-bauding depending CLK signal, PPS supported
\item Schematics / layout is open source (CC-BY-SA)
\item Assembled + tested kits can be bought from {\url http://shop.sysmocom.de/}
\end{itemize}
\end{frame}
\begin{frame}{wireshark decoding}
\begin{figure}[h]
\centering
\includegraphics[width=95mm]{wireshark-sim.png}
\end{figure}
\end{frame}
\begin{frame}{SIMtrace TODO}
SIMtrace hardware is capable, but no software yet for:
\begin{itemize}
\item perform MITM (APDU filtering)
\item full software SIM card emulation
\item PC/SC compatible smart card reader
\item autonomous tracing operation (No PC / USB), store APDU logs {\em in the field} on integrated SPI flash
\end{itemize}
Firmware and host software all FOSS, anyone can extend and innovate!
\end{frame}
|
