Initial mt6235 Linux and u-boot code available
announced yesterday on the OsmocomBB mailing list, his initial u-boot and
Linux port to the MT6235 baseband processor has been pushed to the git.osmocom.org server. He has also
provided some instructions and pre-compiled kernel and u-boot images.
He's now working on the NAND, SD/MMC, GPIO and LCD drivers. If you want to
help out, feel free to contact Marcin about this.
Meanwhile, I've been doing a bit of theoretical analysis on the GSM baseband /
RF interface of the MT6235, based on the limited documentation that is available
to the general public. Seems like it's about time to start with practical
Announcing Osmocom SIMtrace: A smart card sniffer
During recent weeks I started to do some work related to SIM Application
Toolkit (STK / SAT). Debugging this kind of application is hard, as you
never really know what exactly is going on between your SIM and the phone,
and you don't have the full source code for either of them.
Thus, the need for passively sniffing/tracing the smart card interface between
SIM and phone was born. There are commercial solutions which are not only
prohibitively expensive, but then they are again proprietary/closed, i.e. you
cannot extend them how you want.
There are also some free/open projects like the good old Season scanner, or the
slightly more modern RebelSIM Scanner.
However, those are really dumb and you have to manually determine the bit-rate
using an oscilloscope and then program the UART accordingly. Furthermore, their
top speed is often limited. None of this is really useful if you e.g. want to
test a variety of combinations between N SIM and M phones, where you don't want N*M
times of manual determination of bit-timing on an oscilloscope.
As an alternative solution, I have now created Osmocom SIMtrace. It uses
an AT91SAM7S micro-controller as hardware interface between the SIM card
interface and USB. It properly sniffs the RST, CLK and I/O lines of the SIM
and does auto-bauding, follows negotiation of new bit-rate negotiation via
PPS/PTS and re-assembles / segments the APDUs as they come by.
Finally, the APDUs are picked up by a small command-line program that feeds them
into wireshark, where you can inspect them like any other communication protocol
that you're used to.
The code is still fairly experimental, but for anyone with an interest in this
topic it should definitely be possible to reproduce my results.
There is not much specific to SIM cards in this project, by the way. It should
work with any ISO 7816-3 T=0 smart card. Adding T=1 is just a matter of software,
if you need that protocol..
And now I'm finally off to doing the actual work that I wanted to do.