sim-card
/
simtrace
10
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of git.osmocom.org:simtrace

This commit is contained in:
Kevin Redon 2011-08-15 18:29:16 +02:00
parent b3e229729f d241286a35
commit 5c1f1ee9df
26 changed files with 2302 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.o
host/simtrace

4
docs/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
*.texi
usermanual.txt
usermanual.pdf
*.sw?

42
docs/Makefile Normal file
View File

@ -0,0 +1,42 @@
# XSL stylesheets downloaded from http://docbook.sourceforge.net/release/xsl/current/html/
# Makefile from BitBake/OpenEmbedded manuals
topdir = .
manual = $(topdir)/usermanual.xml
# types = pdf txt rtf ps xhtml html man tex texi dvi
# types = pdf txt
types = $(docbooktotypes)
docbooktotypes = pdf txt
# htmlcssfile =
# htmlcss =
cleanfiles = $(foreach i,$(types),$(topdir)/$(i))
ifdef DEBUG
define command
$(1)
endef
else
define command
@echo $(2) $(3) $(4)
@$(1)
endef
endif
all: $(types)
lint: $(manual) FORCE
$(call command,xmllint --xinclude --postvalid --noout $(manual),XMLLINT $(manual))
$(types): lint FORCE
$(docbooktotypes): $(manual)
$(call command,docbook2$@ $(manual),DOCBOOK2 $@ $(manual))
clean:
rm -rf $(cleanfiles)
$(foreach i,$(types) $(foreach type,$(htmltypes),$(type)-nochunks),clean-$(i)):
rm -rf $(patsubst clean-%,%,$@)
FORCE:

9
docs/README Normal file
View File

@ -0,0 +1,9 @@
This should be our user manual, it is created using docbook and
can be compiled by either. Patches for additional sections are
more than welcome.
$ make
or
$ dblatex usermanual.tex

9
docs/chapters/appendix.xml Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
<appendix id="appendix_sql_v09">
<title>SQL Tabellen v0.9</title>
<programlisting>
<inlinemediaobject><imageobject><imagedata format="linespecific" fileref="file" /></imageobject></inlinemediaobject>
</programlisting>
</appendix>
-->

90
docs/chapters/building.xml Normal file
View File

@ -0,0 +1,90 @@
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="chapter_building">
<title>Getting and Building the Software</title>
<section id="building_intros">
<title>Building software</title>
<para>There are three parts that can be built. It is the firmware
for the SIMtrace hardware, the SIMtrace software and the modified
version of wireshark. All of these have different source trees and
dependencies.</para>
</section>
<section id="building_simtrace">
<title>Building SIMtrace</title>
<section id="libosmocore">
<title>Building the Osmocom libosmocore library</title>
<screen>
$ <command>git</command> clone git://git.osmocom.org/libosmocore
$ <command>cd</command> libosmocore
$ <command>autoreconf</command> --install --force
$ <command>./configure</command>
$ <command>sudo</command> <command>make</command> install
</screen>
</section>
<section id="libusb">
<title>Installing libusb</title>
<para>You will need to install the libusb header files
to be able to compile <command>simtrace</command></para>.
</section>
<section id="simtrace">
<title>Building <command>simtrace</command></title>
<screen>
$ wget https://api.opensuse.org/public/source/home:zecke23/simtrace/simtrace_0.0.1.tar.gz
$ tar xzf simtrace_0.0.1.tar.gz
$ cd simtrace-0.0.1
$ PKG_CONFIG_PATH=/usr/local/lib/pkgconfig make
cc `pkg-config --cflags libosmocore` -o main.o -c main.c
cc `pkg-config --cflags libosmocore` -o usb_helper.o -c usb_helper.c
cc `pkg-config --cflags libosmocore` -o usb.o -c usb.c
cc `pkg-config --cflags libosmocore` -o apdu_split.o -c apdu_split.c
cc -o simtrace main.o usb_helper.o usb.o apdu_split.o -lusb `pkg-config --libs libosmocore` -losmocore
</screen>
</section>
</section>
<section id="building_wireshark">
<title>Building Wireshark</title>
<para>SIMtrace provides a patch against <command>wireshark</command>
version 1.6. It is the easiest to checkout a copy using the 1.6 branch
of wireshark and applying the <filename>simcard.patch</filename> on top
of it. And then use the usual way of building wireshark</para>
<section id="getting_wireshark">
<title>Getting Wireshark</title>
<screen>
$ svn co https://anonsvn.wireshark.org/wireshark/trunk-1.6 wireshark-1.6
...
A wireshark-1.6/isprint.h
U wireshark-1.6
Checked out revision 38543.
</screen>
</section>
<section id="getting_simcard.patch">
<title>SIMCard patch</title>
<para>You will need to download and apply the patch.</para>
<screen>
$ cd wireshark-1.6
$ wget http://cgit.osmocom.org/cgit/simtrace/tree/wireshark/simcard-for-wireshark-1.6.patch
$ cat ../simcard-for-wireshark-1.6.patch | patch -p 0
patching file epan/dissectors/packet-gsm_sim.c
patching file epan/dissectors/packet-gsmtap.c
patching file epan/dissectors/Makefile.common
</screen>
</section>
<section id="building_and_installing">
<title>Building and Installing</title>
<screen>
$ autoreconf --install
$ ./configure
$ make
...
$ sudo ./wireshark
</screen>
</section>
</section>
</chapter>

116
docs/chapters/hardware_details.xml Normal file
View File

@ -0,0 +1,116 @@
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="chapter_hw">
<title>Hardware Details</title>
<section id="hw_design">
<title>HW Design</title>
<para>The Free Software KiCAD EDA was used to design the
hardware and can be used to look at the schematics and the
PCB routing. The hardware design can be found in the git
repository of the SIMtrace sources. For the v1.0 hardware
you will have to look at the v1.0_production branch.
</para>
</section>
<section id="pcb_populated">
<title>Populated PCB</title>
<para>The version v1.0p is the first production that had an
automatic SMT run. Due some production issues the labeling of
components didn't make it to the PCB but can be found in this
manual. The difference between the v1.0 and v1.0p hardware is
in the footprint of some components to utilize the existing
stock of the factory. This was mostly done for the LED and the
shottky diodes.</para>
<figure><title>SIMtrace v1.0 PCB</title>
<mediaobject>
<imageobject>
<imagedata fileref="images/simtrace_hw.jpg" width="15cm"/>
</imageobject>
<textobject><phrase>SIMtrace v1.0 PCB</phrase></textobject>
</mediaobject>
</figure>
</section>
<section id="pcb_surface">
<title>PCB Surface</title>
<para>
<figure><title>SIMtrace v1.0 Surface</title>
<mediaobjectco>
<imageobjectco>
<areaspec id="surface" units="calspair">
<area linkends="link_usb" coords="8800,0 8800,6100" id="usb"/>
<area linkends="link_serial" coords="8800,7000 8800,8000" id="serial"/>
<area linkends="link_debug" coords="8800,9000 8800,9500" id="debug"/>
<area linkends="link_jtag" coords="5000,8900 5000,9000" id="jtag"/>
<area linkends="link_bt1" coords="8900,0 9100,3500" id="bt1"/>
<area linkends="link_ffc" coords="500,3000 700,9000" id="ffc"/>
<area linkends="link_sim" coords="500,500 700,2000" id="sim"/>
<area linkends="link_reset" coords="200,9000 500,9000" id="reset"/>
<area linkends="link_bootloader" coords="1700,9000 1900,9000" id="bootloader"/>
<area linkends="link_test" coords="6500,8700 7000,8900" id="test"/>
<area linkends="link_erase" coords="7100,8700 7600,8900" id="erase"/>
</areaspec>
<imageobject>
<imagedata fileref="images/simtrace_surface.png" width="15cm" />
</imageobject>
<calloutlist>
<callout arearefs="usb" id="link_usb">
<para>USB: USB mini-B connector. The main connector. The
host software communicates (sniffing,...) through USB with
the board. It can also be used to flash the micro-controller
(using DFU).</para>
</callout>
<callout arearefs="serial" id="link_serial">
<para>serial: 2.5 mm jack serial cable, as used by osmocomBB
port used to debug the device (printf goes there).</para>
</callout>
<callout arearefs="debug" id="link_debug">
<para>debug (P3): same as serial, but using the FTDI
serial cable. It is recommended to cut the voltage wire of
the 6pin FTDI connector before plugging the cable into the
simtrace.
</para>
</callout>
<callout arearefs="jtag" id="link_jtag">
<para>jtag (P1): JTAG 20 pin connector to do hardware
assisted debugging.</para>
</callout>
<callout arearefs="bt1" id="link_bt1">
<para>BT1: battery connector (4.5-6V DC). normally the
USB provides power, but the battery port can be used
for autonomous use of SIMtrace. The sniffing can be saved
in the flash (U1).</para>
</callout>
<callout arearefs="ffc" id="link_ffc">
<para>FFC_SIM (P3): to connect the flat flexible cable with
SIM end for the phone.</para>
</callout>
<callout arearefs="sim" id="link_sim">
<para>SIM (P4): put your SIM in there (instead of in the
phone)</para>
</callout>
<callout arearefs="reset" id="link_reset">
<para>reset (SW1): to reset the board (not erasing the
firmware). If your are too lazy to unplug and re-plug
the USB.</para>
</callout>
<callout arearefs="bootloader" id="link_bootloader">
<para>bootloader (SW2): used to start the bootloader so
to flash the device using DFU. press when plugging in
the USB.</para>
</callout>
<callout arearefs="test" id="link_test">
<para>test (JP1): short circuit using a jumper to flash
using SAM-BA.</para>
</callout>
<callout arearefs="erase" id="link_erase">
<para>erase (JP2): short circuit using a jumper to erase
completely erase the firmware.</para>
</callout>
</calloutlist>
</imageobjectco>
</mediaobjectco>
</figure>
</para>
</section>
</chapter>

118
docs/chapters/installation.xml Normal file
View File

@ -0,0 +1,118 @@
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="chapter_installation">
<title>Installation</title>
<para><application>SIMtrace</application> will need a patched version of
<application>wireshark</application> and the <command>simtrace</command>
host utility to fully operate. The installation might be possible from
binary packages or will require building from source. The following
sections provide some hints how to achieve this on the various Linux
distributions. All these operations must be executed as root.</para>
<section id="install_ubuntu_natty">
<title>Installation Ubuntu Natty</title>
<para>Ubuntu Natty users can use the holger+lp/osmocom PPA to install
<application>SIMtrace</application> and upgrade wireshark. The PPA needs to
be added to the system, the package database needs to be refreshed
and the applications can be installed afterwards.</para>
<screen>
$ <command>sudo</command> <command>add-apt-repository</command> ppa:holger+lp/osmocom
[sudo] password for username:
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver hkp://keyserver.ubuntu.com:80/ --recv 84C86214C00BAF820F43585CCABF944FA2AD19FA
gpg: requesting key A2AD19FA from hkp server keyserver.ubuntu.com
gpg: Total number processed: 1
gpg: unchanged: 1
</screen>
<para>The next step is to update the package database and install or upgrade
the <application>wireshark</application> application.</para>
<screen>
$ <command>sudo</command> <command>apt-get</command> update
...
$ <command>sudo</command> <command>apt-get</command> install wireshark simtrace
...
</screen>
</section>
<section id="install_opensuse">
<title>Installation OpenSUSE</title>
<para>The installation on OpenSUSE uses zypper. The repository must be added
via the <command>zypper</command> application and then the binary packages
can be installed.</para>
<section>
<title>openSUSE 11.3</title>
<screen>
$ <command>zypper</command> addrepo http://download.opensuse.org/repositories/home:/zecke23/openSUSE_11.3/home:zecke23.repo
$ <command>zypper</command> refresh
$ <command>zypper</command> install wireshark simtrace
</screen>
</section>
<section>
<title>openSUSE 11.4</title>
<screen>
$ <command>zypper</command> addrepo http://download.opensuse.org/repositories/home:/zecke23/openSUSE_11.4/home:zecke23.repo
$ <command>zypper</command> refresh
$ <command>zypper</command> install wireshark simtrace
</screen>
</section>
</section>
<section id="install_fedora">
<title>Installation Fedora</title>
<section>
<title>Fedora 14</title>
<screen>
$ cd /etc/yum/repos.d/
$ wget http://download.opensuse.org/repositories/home:zecke23/Fedora_14/home:zecke23.repo
$ yum install wireshark simtrace
</screen>
</section>
<section>
<title>Fedora 15</title>
<screen>
$ cd /etc/yum/repos.d/
$ wget http://download.opensuse.org/repositories/home:zecke23/Fedora_15/home:zecke23.repo
$ yum install wireshark simtrace
</screen>
</section>
</section>
<section id="install_centos">
<title>Installation CentOS</title>
<section>
<title>CentOS 5</title>
<screen>
$ cd /etc/yum/repos.d/
$ wget http://download.opensuse.org/repositories/home:zecke23/CentOS_CentOS-5/home:zecke23.repo
$ yum install wireshark simtrace
</screen>
</section>
<section>
<title>Fedora 15</title>
<screen>
$ cd /etc/yum/repos.d/
$ wget http://download.opensuse.org/repositories/home:zecke23/CentOS_CentOS-6/home:zecke23.repo
$ yum install wireshark simtrace
</screen>
</section>
</section>
<section id="install_mandriva">
<title>Mandriva 2010.1</title>
<screen>
$ urpmi.addmedia home:zecke23 http://download.opensuse.org/repositories/home:zecke23/Mandriva_2010.1/
$ urpmi.update -a
$ urpmi wireshark simtrace
</screen>
</section>
<section id="installation_from_source">
<title>Installation from Source</title>
<para>Please see the <xref linkend="chapter_building"/></para>
</section>
</chapter>

43
docs/chapters/introduction.xml Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="chapter_introduction">
<title>Introduction</title>
<section id="intro_overview">
<title>History</title>
<para>SIMtrace was created out of necessity. Harald Welte wanted
to see the communication between a GSM Mobile Station (or
what we call a cellphone) and the SIM. He was not able to
find an existing solution, or the existing ones had mayor
drawbacks that made using them very time consuming and slow.
The Atmel AT91SAM7 came to the rescue. This microcontroller
has hardware support for the ISO7816 T0/T1 Smart Card
specification. We can connect the external clock to the UART
and are able to read bytes coming and going to the SIM.
The next step in the project was taken by Kevin Redon
that started to modify an existing AT91SAM7 design, started
to use the Free Software KiCAD CAD Software. In 2011 the project
went from having Schematics to having routed circuits, prototypes
and the final product. The first production run was in August.</para>
</section>
<section id="intro_picture">
<title>Overview</title>
<para>The setup of SIMtrace consists out of a Hardware and a
Software part. The SIM card needs to be put into the SIMtrace
Hardware, the flex cable needs to be connected to the SIMtrace
Hardware and the SIM end needs to be placed in the SIM socket
of the phone. The SIMtrace hardware can be seen as a USB device
from the host, the SIMtrace software will try to find this device
and claim it. The SIMtrace software will receive packets from the
SIMtrace hardware and can forward them using the GSMTAP protocol
to the IANA assigned GSMTAP port (4729). A modified version of Wireshark
can be used to analyze the data.</para>
<figure><title>Schematic Overview</title>
<mediaobject>
<imageobject>
<imagedata fileref="images/setup_overview.png" width="6cm"/>
</imageobject>
<textobject><phrase>SIMtrace being connected</phrase></textobject>
</mediaobject>
</figure>
</section>
</chapter>

74
docs/chapters/using_sniff.xml Normal file
View File

@ -0,0 +1,74 @@
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="chapter_sniff">
<title>Sniffing your SIM</title>
<section id="hw_setup">
<title>Connecting your device</title>
<para>You will need to put your SIM into the SIMtrace hardware, connect
one of the four flex cables to the SIMtrace hardware, put the other side
into the SIM socket of your phone. Use USB to connect the SIMtrace hardware
to the PC. On your PC you should be able to see the USB device now.</para>
<figure><title>Connecting the SIMtrace Hardware</title>
<mediaobject>
<imageobject>
<imagedata fileref="images/simtrace_hw_setup.png" width="15cm"/>
</imageobject>
<textobject><phrase>SIMtrace being connected</phrase></textobject>
</mediaobject>
</figure>
</section>
<section id="launching_simtrace">
<title>Launching SIMtrace</title>
<screen>
$ <command>./simtrace</command>
simtrace - GSM SIM and smartcard tracing
(C) 2010 by Harald Welte &lt;laforge@gnumonks.org&gt;
</screen>
<para>Launching the <command>simtrace</command> will try to find
the SIMtrace hardware and then try to claim the USB device. The
application will send the received data encapsulated in the GSMTAP
format on localhost and the IANA assigned GSMTAP port.</para>
</section>
<section id="launching_wireshark">
<title>Launching Wireshark</title>
<para>The <command>wireshark</command> application will start a GUI
and given the right permissions you should be able listen to the
localhost interface and filter for the GSMTAP port on 4729. You should
be able to see the decoded messages like in the figure below.</para>
<figure><title>GSMTAP in Wireshark</title>
<mediaobject>
<imageobject>
<imagedata fileref="images/wireshark-sim.png" width="16cm"/>
</imageobject>
<textobject><phrase>SIMtrace sending data</phrase></textobject>
</mediaobject>
</figure>
</section>
<section id="known_firmware_issues">
<title>Known Firmware Issues</title>
<para>The current firmware has two known bugs that limit the usage
of the device. The first one is with enumeration on USB 3.0 controllers
and the second one with baudrate selection of some SIM cards.</para>
<para>The firmware does not properly enumerate on systems with USB 3.0
controllers. The issue has not been analyzed and the workaround is to
use a USB &lt; 3.0 port or put a USB &lt; 3.0 hub between.</para>
<para>The firmware has issues with selecting the right baudrate of
some SIMcards. The microcontroller will call the parity error interrupt
handler and the watchdog will reset the device. There is no workaround
for this issue yet.</para>
</section>
<section id="other_modes">
<title>Other modes</title>
<para>The hardware is capable to be used as an ordinary card reader,
provide Man-In-The-Middle (MITM) attacks, or operate as a SIM. The
firmware currently does not have support for these modes.</para>
</section>
</chapter>

BIN
docs/images/setup_overview.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
docs/images/simtrace_hw.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 823 KiB

BIN
docs/images/simtrace_hw_setup.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 833 KiB

BIN
docs/images/simtrace_surface.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

BIN
docs/images/wireshark-sim.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 68 KiB

62
docs/usermanual.xml Normal file
View File

@ -0,0 +1,62 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
ex:ts=4:sw=4:sts=4:et
-*- tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*-
-->
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY chapter-introduction SYSTEM "chapters/introduction.xml">
<!ENTITY chapter-installation SYSTEM "chapters/installation.xml">
<!ENTITY chapter-hw-details SYSTEM "chapters/hardware_details.xml">
<!ENTITY chapter-using-sniff SYSTEM "chapters/using_sniff.xml">
<!ENTITY chapter-building SYSTEM "chapters/building.xml">
<!ENTITY chapter-appendix SYSTEM "chapters/appendix.xml">
]>
<book>
<bookinfo>
<revhistory>
<revision>
<revnumber>0.0.1</revnumber>
<date>12 July 2011</date>
<authorinitials>z</authorinitials>
<revremark>Initial</revremark>
</revision>
<revision>
<revnumber>0.0.2</revnumber>
<date>14 August 2011</date>
<authorinitials>z</authorinitials>
<revremark>Copy HW Info from the Wiki</revremark>
</revision>
<revision>
<revnumber>0.0.3</revnumber>
<date>15 August 2011</date>
<authorinitials>z</authorinitials>
<revremark>Document building wireshark</revremark>
</revision>
</revhistory>
<title>SIMtrace Usermanual</title>
<copyright>
<year>2011</year>
</copyright>
<legalnotice>
<para>This work is licensed under a Creative Commons Attribution 3.0
Unported License. To view a copy of this license, visit <ulink
url="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</ulink>
or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford,
California 94305, USA.</para>
</legalnotice>
</bookinfo>
<!-- Main chapters-->
&chapter-introduction;
&chapter-installation;
&chapter-hw-details;
&chapter-using-sniff;
&chapter-building;
&chapter-appendix;
</book>

12
host/Makefile
View File

@ -1,13 +1,17 @@
LDFLAGS=-lusb -losmocore
LDFLAGS=`pkg-config --libs libusb-1.0 libosmocore` -losmocore
all: simtrace
simtrace: main.o usb_helper.o usb.o apdu_split.o
$(CC) $(LDFLAGS) -o $@ $^
simtrace: main.o apdu_split.o
$(CC) -o $@ $^ $(LDFLAGS)
%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $^
$(CC) $(CFLAGS) `pkg-config --cflags libusb-1.0 libosmocore` -o $@ -c $^
install: simtrace
install -d $(DESTDIR)/usr/bin/
install -m 0755 simtrace $(DESTDIR)/usr/bin/
.PHONY: install
clean:
@rm -f simtrace *.o

2
host/apdu_split.c
View File

@ -136,7 +136,7 @@ static void apdu_split_inbyte(struct apdu_split *as, uint8_t ch)
break;
case APDU_S_SW2:
apdu_buf_append(as, ch);
//printf("APDU: %s\n", hexdump(as->apdu_buf, as->apdu_len));
//printf("APDU: %s\n", osmo_hexdump(as->apdu_buf, as->apdu_len));
as->apdu_out_cb(as->apdu_buf, as->apdu_len, as->user_data);
set_state(as, APDU_S_CLA);
break;

65
host/main.c
View File

@ -19,6 +19,7 @@
#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <time.h>
@ -31,17 +32,17 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <usb.h>
#include <libusb.h>
#include "usb_helper.h"
#include "simtrace.h"
#include "simtrace_usb.h"
#include "apdu_split.h"
#include <osmocom/core/gsmtap.h>
#include <osmocom/core/gsmtap_util.h>
#include <osmocom/core/utils.h>
static struct usb_dev_handle *udev;
static struct libusb_device_handle *devh;
static struct apdu_split *as;
static struct gsmtap_inst *g_gti;
@ -76,13 +77,13 @@ static int gsmtap_send_sim(const uint8_t *apdu, unsigned int len)
static void apdu_out_cb(uint8_t *buf, unsigned int len, void *user_data)
{
printf("APDU: %s\n", hexdump(buf, len));
printf("APDU: %s\n", osmo_hexdump(buf, len));
gsmtap_send_sim(buf, len);
}
static int process_usb_msg(uint8_t *buf, int len)
{
struct simtrace_hdr *sh = buf;
struct simtrace_hdr *sh = (struct simtrace_hdr *)buf;
uint8_t *payload = buf += sizeof(*sh);
int payload_len = len - sizeof(*sh);
@ -138,9 +139,10 @@ int main(int argc, char **argv)
{
char buf[16*265];
char *gsmtap_host = "127.0.0.1";
int rc, c;
int rc, c, ret = 1;
int skip_atr = 0;
unsigned int msg_count, byte_count;
int xfer_len;
unsigned int msg_count, byte_count = 0;
print_welcome();
@ -164,35 +166,56 @@ int main(int argc, char **argv)
}
}
rc = libusb_init(NULL);
if (rc < 0) {
fprintf(stderr, "libusb initialization failed\n");
goto close_exit;
}
g_gti = gsmtap_source_init(gsmtap_host, GSMTAP_UDP_PORT, 0);
if (!g_gti) {
perror("unable to open GSMTAP");
exit(1);
goto close_exit;
}
gsmtap_source_add_sink(g_gti);
udev = usb_find_open(SIMTRACE_USB_VENDOR, SIMTRACE_USB_PRODUCT);
if (!udev) {
perror("opening USB device");
exit(1);
devh = libusb_open_device_with_vid_pid(NULL, SIMTRACE_USB_VENDOR, SIMTRACE_USB_PRODUCT);
if (!devh) {
fprintf(stderr, "can't open USB device\n");
goto close_exit;
}
rc = libusb_claim_interface(devh, 0);
if (rc < 0) {
fprintf(stderr, "can't claim interface; rc=%d\n", rc);
goto close_exit;
}
as = apdu_split_init(&apdu_out_cb, NULL);
if (!as)
exit(1);
goto release_exit;
printf("Entering main loop\n");
while (1) {
rc = usb_bulk_read(udev, SIMTRACE_IN_EP, buf, sizeof(buf), 100000);
if (rc < 0 && rc != -EAGAIN) {
fprintf(stderr, "Error submitting BULK IN urb: %s\n", usb_strerror());
exit(1);
rc = libusb_bulk_transfer(devh, SIMTRACE_IN_EP, buf, sizeof(buf), &xfer_len, 100000);
if (rc < 0 && rc != LIBUSB_ERROR_TIMEOUT) {
fprintf(stderr, "BULK IN transfer error; rc=%d\n", rc);
goto release_exit;
}
if (rc > 0) {
//printf("URB: %s\n", hexdump(buf, rc));
process_usb_msg(buf, rc);
if (xfer_len > 0) {
//printf("URB: %s\n", osmo_hexdump(buf, rc));
process_usb_msg(buf, xfer_len);
msg_count++;
byte_count += rc;
byte_count += xfer_len;
}
}
ret = 0;
release_exit:
libusb_release_interface(devh, 0);
close_exit:
if (devh)
libusb_close(devh);
libusb_exit(NULL);
return ret;
}

55
host/simtrace.1 Normal file
View File

@ -0,0 +1,55 @@
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH SIMTRACE 1 "July 17, 2011"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
SIMtrace \- GSM SIM and smartcard tracing
.SH SYNOPSIS
.B simtrace
.RI [ options ]
.br
.SH DESCRIPTION
This manual page documents briefly the
.B simtrace
command.
.PP
.\" TeX users may be more comfortable with the \fB<whatever>\fP and
.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
.\" respectively.
\fBsimtrace\fP is a utility that communicates with the sysmocom SIMtrace
hardware and forwards messages coming from the USB device to IP using
the GSMtap protcol. The wireshark utility contains a protocol analyzer.
.SH OPTIONS
This program follows the usual GNU command line syntax, with long
options starting with two dashes (`-').
.TP
.B \-h, \-\-help
Show summary of options.
.TP
.B \-iIP, \-\-gsmtap-ip=IP
The destination IP address for the SIM PDUs encapsulated in the GSMtap
protocol.
.TP
.B \-a, \-\-skip\-atr
Skip the ATR of the SIMcard.
.TP
.SH AUTHORS
SIMtrace was written by
Harald Welte
.PP
This manual page was written by Holger Freyther
for the Debian project (but may be used by others).

1
host/simtrace_usb.h
View File

@ -1 +0,0 @@
../../../openpcd/firmware/include/simtrace_usb.h

24
host/simtrace_usb.h Normal file
View File

@ -0,0 +1,24 @@
#ifndef SIMTRACE_USB_H
#define SIMTRACE_USB_H
//#include <stdint.h>
/* this is kept compatible with OpenPCD protocol */
struct simtrace_hdr {
u_int8_t cmd;
u_int8_t flags;
u_int8_t res[2];
u_int8_t data[0];
} __attribute__ ((packed));
enum simtrace_usb_msgt {
SIMTRACE_MSGT_NULL,
SIMTRACE_MSGT_DATA,
SIMTRACE_MSGT_RESET, /* reset was asserted, no more data */
};
/* flags for MSGT_DATA */
#define SIMTRACE_FLAG_ATR 0x01 /* ATR immediately after reset */
#define SIMTRACE_FLAG_WTIME_EXP 0x04 /* work waiting time expired */
#endif /* SIMTRACE_USB_H */

87
host/usb.c
View File

@ -1,87 +0,0 @@
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <usb.h>
#include <sys/ioctl.h>
#include "usb.h"
#include <linux/usbdevice_fs.h>
#define MAX_READ_WRITE 4096
#define USB_ERROR_STR(ret, x, args...) return ret
static int usb_get_fd(usb_dev_handle *uh)
{
return *((int *)uh);
}
int __usb_bulk_write(usb_dev_handle *dev, int ep, char *bytes, int length,
int timeout)
{
struct usbdevfs_bulktransfer bulk;
int ret, sent = 0;
/* Ensure the endpoint address is correct */
ep &= ~USB_ENDPOINT_IN;
do {
bulk.ep = ep;
bulk.len = length - sent;
if (bulk.len > MAX_READ_WRITE)
bulk.len = MAX_READ_WRITE;
bulk.timeout = timeout;
bulk.data = (unsigned char *)bytes + sent;
ret = ioctl(usb_get_fd(dev), USBDEVFS_BULK, &bulk);
if (ret < 0)
USB_ERROR_STR(ret,
"error writing to bulk endpoint %d: %s",
ep, strerror(errno));
sent += ret;
} while (ret > 0 && sent < length);
return sent;
}
int __usb_bulk_read(usb_dev_handle *dev, int ep, char *bytes, int size,
int timeout)
{
struct usbdevfs_bulktransfer bulk;
int ret, retrieved = 0, requested;
/* Ensure the endpoint address is correct */
ep |= USB_ENDPOINT_IN;
do {
bulk.ep = ep;
requested = size - retrieved;
if (requested > MAX_READ_WRITE)
requested = MAX_READ_WRITE;
bulk.len = requested;
bulk.timeout = timeout;
bulk.data = (unsigned char *)bytes + retrieved;
ret = ioctl(usb_get_fd(dev), USBDEVFS_BULK, &bulk);
if (ret < 0)
USB_ERROR_STR(ret,
"error reading from bulk endpoint 0x%x: %s",
ep, strerror(errno));
retrieved += ret;
} while (ret > 0 && retrieved < size && ret == requested);
return retrieved;
}
int __usb_reattach_kernel_driver_np(usb_dev_handle *dev, int interface)
{
struct usbdevfs_ioctl command;
command.ifno = interface;
command.ioctl_code = USBDEVFS_CONNECT;
command.data = NULL;
return ioctl(usb_get_fd(dev), USBDEVFS_IOCTL, &command);
}

96
host/usb_helper.c
View File

@ -1,96 +0,0 @@
/* usb_helper - Low-Level USB routines for SimTrace
*
* (C) 2006-2010 by Harald Welte <hwelte@hmw-consulting.de>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <time.h>
#include <sys/time.h>
#include <sys/types.h>
#include <usb.h>
const char *
hexdump(const void *data, unsigned int len)
{
static char string[65535];
unsigned char *d = (unsigned char *) data;
unsigned int i, left, ofs;
string[0] = '\0';
ofs = snprintf(string, sizeof(string)-1, "(%u): ", len);
left = sizeof(string) - ofs;
for (i = 0; len--; i += 3) {
if (i >= sizeof(string) -4)
break;
snprintf(string+ofs+i, 4, " %02x", *d++);
}
string[sizeof(string)-1] = '\0';
return string;
}
static struct usb_device *find_usb_device (uint16_t vendor_id, uint16_t product_id)
{
struct usb_bus *bus;
for (bus = usb_busses; bus; bus = bus->next) {
struct usb_device *dev;
for (dev = bus->devices; dev; dev = dev->next) {
if (dev->descriptor.idVendor == vendor_id &&
dev->descriptor.idProduct == product_id)
return dev;
}
}
return NULL;
}
struct usb_dev_handle *usb_find_open(uint16_t vendor_id, uint16_t product_id)
{
struct usb_device *dev;
struct usb_dev_handle *hdl;
usb_init();
usb_find_busses();
usb_find_devices();
dev = find_usb_device(vendor_id, product_id);
if (!dev) {
fprintf(stderr, "Cannot find matching USB Device. "
"Are you sure it is connected?\n");
exit(1);
}
hdl = usb_open(dev);
if (!hdl) {
fprintf(stderr, "Unable to open usb device: %s\n",
usb_strerror());
exit(1);
}
if (usb_claim_interface(hdl, 0) < 0) {
fprintf(stderr, "Unable to claim usb interface "
"1 of device: %s\n", usb_strerror());
exit(1);
}
return hdl;
}

28
host/usb_helper.h
View File

@ -1,28 +0,0 @@
#ifndef _USB_HELPER_H
#define _USB_HELPER_H
/* usb_helper - Low-Level USB routines for SimTrace
*
* (C) 2006-2010 by Harald Welte <hwelte@hmw-consulting.de>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdint.h>
const char *hexdump(const void *data, unsigned int len);
struct usb_dev_handle *usb_find_open(uint16_t vendor_id, uint16_t product_id);
#endif

1586
wireshark/simcard-for-wireshark-1.6.patch Normal file
View File

File diff suppressed because it is too large Load Diff

37
wireshark/simcard.patch
View File

@ -1546,31 +1546,23 @@ Index: wireshark/epan/dissectors/packet-gsm_sim.c
+}
Index: wireshark/epan/dissectors/packet-gsmtap.c
===================================================================
--- wireshark.orig/epan/dissectors/packet-gsmtap.c 2010-11-18 16:11:48.000000000 +0100
+++ wireshark/epan/dissectors/packet-gsmtap.c 2010-11-18 17:04:37.000000000 +0100
@@ -46,6 +46,7 @@
#define GSMTAP_TYPE_UM 0x01
#define GSMTAP_TYPE_ABIS 0x02
#define GSMTAP_TYPE_UM_BURST 0x03 /* raw burst bits */
+#define GSMTAP_TYPE_SIMCARD 0x04
#define GSMTAP_BURST_UNKNOWN 0x00
#define GSMTAP_BURST_FCCH 0x01
@@ -125,6 +126,7 @@
GSMTAP_SUB_UM,
GSMTAP_SUB_UM_LAPDM,
GSMTAP_SUB_ABIS,
--- wireshark/epan/dissectors/packet-gsmtap.c (revision 38494)
+++ wireshark/epan/dissectors/packet-gsmtap.c (working copy)
@@ -171,6 +171,7 @@
GSMTAP_SUB_PDU,
GSMTAP_SUB_HACK,
GSMTAP_SUB_PHY_ATTRIBUTES,
+ GSMTAP_SUB_SIM,
GSMTAP_SUB_MAX
};
@@ -236,6 +238,13 @@
@@ -334,6 +335,13 @@
col_set_str(pinfo->cinfo, COL_PROTOCOL, "GSMTAP");
+ /* Some GSMTAP types are completely unrelated to the Um air interface */
+ switch (type) {
+ case GSMTAP_TYPE_SIMCARD:
+ case GSMTAP_TYPE_SIM:
+ call_dissector(sub_handles[GSMTAP_SUB_SIM], payload_tvb, pinfo, tree);
+ return;
+ }
@ -1578,14 +1570,14 @@ Index: wireshark/epan/dissectors/packet-gsmtap.c
if (arfcn & GSMTAP_ARFCN_F_UPLINK) {
col_append_str(pinfo->cinfo, COL_RES_NET_SRC, "MS");
col_append_str(pinfo->cinfo, COL_RES_NET_DST, "BTS");
@@ -393,6 +402,7 @@
sub_handles[GSMTAP_SUB_UM] = find_dissector("gsm_a_ccch");
sub_handles[GSMTAP_SUB_UM_LAPDM] = find_dissector("lapdm");
@@ -557,6 +565,7 @@
sub_handles[GSMTAP_SUB_LLC] = find_dissector("llcgprs");
sub_handles[GSMTAP_SUB_SNDCP] = find_dissector("sndcp");
sub_handles[GSMTAP_SUB_ABIS] = find_dissector("gsm_a_dtap");
+ sub_handles[GSMTAP_SUB_SIM] = find_dissector("gsm_sim");
gsmtap_handle = create_dissector_handle(dissect_gsmtap, proto_gsmtap);
dissector_add("udp.port", GSMTAP_UDP_PORT, gsmtap_handle);
}
sub_handles[GSMTAP_SUB_CDMA_CODE] = find_dissector("wimax_cdma_code_burst_handler");
sub_handles[GSMTAP_SUB_FCH] = find_dissector("wimax_fch_burst_handler");
sub_handles[GSMTAP_SUB_FFB] = find_dissector("wimax_ffb_burst_handler");
Index: wireshark/epan/dissectors/packet-card_app_toolkit.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
@ -2317,3 +2309,4 @@ Index: wireshark/epan/dissectors/packet-card_app_toolkit.c
+ /* preferences have been changed */
+ }
+}