FreeCalypso > hg > fc-sim-sniff
comparison doc/Sniffing-workflow @ 48:1068f9fd41d5
doc: project rename
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Thu, 21 Sep 2023 06:31:34 +0000 |
| parents | 432d756a21f1 |
| children | 7e87b03dd57d |
comparison
equal
deleted
inserted
replaced
| 47:7c9bf72d460f | 48:1068f9fd41d5 |
|---|---|
| 1 Workflow for SIM sniffing with SIMtrace3 | 1 Workflow for SIM interface sniffing with FC SIMsniff |
| 2 ======================================== | 2 ==================================================== |
| 3 | 3 |
| 4 To sniff ME-to-SIM communication with SIMtrace3, follow this workflow: | 4 To sniff ME-to-SIM communication with FC SIMsniff, follow this workflow: |
| 5 | 5 |
| 6 * Assemble the hardware as described in the Sniffing-hw-setup article, and | 6 * Assemble the hardware as described in the Sniffing-hw-setup article, and |
| 7 program the serial flash chip on the Icestick board with our sniffer FPGA | 7 program the serial flash chip on the Icestick board with our sniffer FPGA |
| 8 image. You will need to use iceprog utility from IceStorm suite for the | 8 image. You will need to use iceprog utility from IceStorm suite for the |
| 9 latter part. | 9 latter part. |
| 18 desired hw setup you are following and plug the Icestick board into your PC | 18 desired hw setup you are following and plug the Icestick board into your PC |
| 19 or laptop. With our sniffer FPGA image, the initial LED pattern should be: | 19 or laptop. With our sniffer FPGA image, the initial LED pattern should be: |
| 20 with the Icestick oriented horizontally, upper and lower red LEDs on, left | 20 with the Icestick oriented horizontally, upper and lower red LEDs on, left |
| 21 and right red LEDs off, center green LED off. | 21 and right red LEDs off, center green LED off. |
| 22 | 22 |
| 23 * Run simtrace3-sniff-rx as follows: | 23 * Run simsniff-rx as follows: |
| 24 | 24 |
| 25 simtrace3-sniff-rx /dev/ttyUSBx logfile | 25 simsniff-rx /dev/ttyUSBx logfile |
| 26 | 26 |
| 27 The /dev/ttyUSBx device needs to be the one corresponding to FT2232H Channel B | 27 The /dev/ttyUSBx device needs to be the one corresponding to FT2232H Channel B |
| 28 on the Icestick board, and you need to specify the name of the log file to be | 28 on the Icestick board, and you need to specify the name of the log file to be |
| 29 written. | 29 written. |
| 30 | 30 |
| 31 * Power on the phone, or otherwise cause the ME to bring up its SIM interface. | 31 * Power on the phone, or otherwise cause the ME to bring up its SIM interface. |
| 32 Once the ME applies power to its SIM interface and raises its RST output, the | 32 Once the ME applies power to its SIM interface and raises its RST output, the |
| 33 green LED should light on the Icestick, and you should see an stdout message | 33 green LED should light on the Icestick, and you should see an stdout message |
| 34 from simtrace3-sniff-rx that reads "SIM RST is high". | 34 from simsniff-rx that reads "SIM RST is high". |
| 35 | 35 |
| 36 * When you power off the phone or cause the modem to shut down its SIM interface | 36 * When you power off the phone or cause the modem to shut down its SIM interface |
| 37 with AT+CFUN=0, the green LED will go out and simtrace3-sniff-rx will print | 37 with AT+CFUN=0, the green LED will go out and simsniff-rx will print |
| 38 "SIM RST is low" on stdout. You can kill the process now, or you can kill it | 38 "SIM RST is low" on stdout. You can kill the process now, or you can kill it |
| 39 earlier once you've captured enough - but you do need to start each sniffing | 39 earlier once you've captured enough - but you do need to start each sniffing |
| 40 session from the beginning. | 40 session from the beginning. |
| 41 | 41 |
| 42 When you run simtrace3-sniff-rx with a logfile argument as recommended above, | 42 When you run simsniff-rx with a logfile argument as recommended above, there |
| 43 there will be very little output on stdout - just SIM RST transition messages | 43 will be very little output on stdout - just SIM RST transition messages |
| 44 indicating start and end of SIM interface sessions - while all other output gets | 44 indicating start and end of SIM interface sessions - while all other output |
| 45 written to the log file. | 45 gets written to the log file. |
| 46 | 46 |
| 47 The main output of simtrace3-sniff-rx - written to the log file if specified or | 47 The main output of simsniff-rx - written to the log file if specified or to |
| 48 to stdout otherwise - is very low-level and very voluminuous. Each line | 48 stdout otherwise - is very low-level and very voluminuous. Each line |
| 49 corresponds to just one character in the ISO 7816-3 sense passing across the | 49 corresponds to just one character in the ISO 7816-3 sense passing across the |
| 50 SIM interface, and is logged as the raw 16-bit value received from the FPGA, as | 50 SIM interface, and is logged as the raw 16-bit value received from the FPGA, as |
| 51 described in the Sniffer-FPGA-design document. This low-level logging format | 51 described in the Sniffer-FPGA-design document. This low-level logging format |
| 52 makes it possible to troubleshoot phone-to-SIM compatibility problems at the | 52 makes it possible to troubleshoot phone-to-SIM compatibility problems at the |
| 53 lowest level: microsecond timestamps allow you to see how long the SIM takes to | 53 lowest level: microsecond timestamps allow you to see how long the SIM takes to |