view doc/Cardem-plans @ 49:7e87b03dd57d

doc/Sniffing-workflow: document simsniff-dec
author Mychaela Falconia <falcon@freecalypso.org>
date Thu, 21 Sep 2023 06:47:03 +0000
parents 1068f9fd41d5
children
line wrap: on
line source

The long-term goal of FreeCalypso SIMtrace replacement project is to support
both SIM interface sniffing (SIMsniff) and card emulation (SIMemu).  Both
functions are needed when working in the realm of Vintage Mobile Phones:

* Non-invasive, Heisenbug-free Hi-Z sniffing is needed in order to see why
  certain phone-to-SIM combinations work while others don't, and to see exactly
  what a given finicky phone requires from that special hard-to-get SIM.

* The next step of cloning that special SIM, or producing new SIMs that satisfy
  the weird requirements of the finicky phone, will often require full emulation
  of ISO 7816-4 / GSM 11.11 file system and CardOS in software, as we don't have
  a real smartcard chip that gives us full freedom to implement whatever we
  like.

However, in terms of scheduling priority, all of our initial work focuses on
the sniffer, with SIMemu (cardem) deferred to some indefinite later time.  We
do, however, have a preliminary idea of how we envision card emulation working:

* Hardware setups will be different between SIMsniff and SIMemu.  Our initial
  objective is to produce a solidly usable, production quality sniffer pod,
  described as HW setup version 2 in the Sniffing-hw-setup article.  As the
  name says, this pod will be for sniffing only.  For card emulation there will
  be a different SIMemu pod.

* The SIMemu pod will be similar to the SIMsniff pod, with just two changes:

  - We'll add a 74LVC1G07 OD driver for pulling the I/O line low in exactly the
    same way how real SIM cards do it;

  - The SIM socket will be eliminated from the SIMemu pod, to eliminate any
    possibility of a real SIM and SIMemu "fighting" to talk back to the same
    ME/ID.

* FPGA gateware will also be different between SIMsniff and SIMemu.  The SIMemu
  design is expected to be more complex and use more FPGA resources, but there
  is a good chance it will still fit into iCE40-HX1K FPGA and thus allow us to
  keep using the same Icestick board.

* Right now we have no plans to stick a soft CPU core into the FPGA for SIMemu,
  instead the plan is to use the same principal architecture as the sniffer
  FPGA, using the UART channel at 3 Mbps to communicate with the host - although
  this time this UART will be used bidirectionally.