Sniffer with ringbuf, works SOMETIMES

* Sniffer uses phone endpoints for communication and the ringbuffer
    routines the phone communication uses
* Most times the Usart1 interrupt is not triggered, and therefore
    no values are recorded

firmware/Makefile

@@ -138,7 +138,7 @@ C_CMSIS    = core_cm3.o
 C_LOWLEVEL = board_cstartup_gnu.o board_lowlevel.o syscalls.o exceptions.o
 C_LIBLEVEL = spi.o pio.o pmc.o usart.o pio_it.o pio_capture.o uart_console.o iso7816_4.o wdt.o led.o tc.o
 C_CCID = cciddriver.o USBD.o USBDDriver.o USBD_HAL.o USBRequests.o USBDCallbacks.o USBDescriptors.o USBDDriverCallbacks.o
-C_SIMTRACE = simtrace_iso7816.o usb.o ccid.o sniffer.o phone.o mitm.o ringbuffer.o #tc_etu.o
+C_SIMTRACE = simtrace_iso7816.o usb.o ccid.o sniffer.o phone.o mitm.o ringbuffer.o host_communication.o #tc_etu.o
 C_APPLEVEL = main.o
 C_OBJECTS  = $(C_CMSIS) $(C_LOWLEVEL) $(C_LIBLEVEL) $(C_APPLEVEL) $(C_CCID) $(C_SIMTRACE)
 

firmware/src_simtrace/host_communication.c

@@ -0,0 +1,42 @@
+#include "board.h"
+
+static volatile bool write_to_host_in_progress = false;
+
+void USB_write_callback(uint8_t *pArg, uint8_t status, uint32_t transferred, uint32_t remaining)
+{
+    if (status != USBD_STATUS_SUCCESS) {
+        TRACE_ERROR("USB err status: %d (%s)\n", __FUNCTION__, status);
+    }
+    write_to_host_in_progress = false;
+    printf("WR_CB\n");
+}
+
+int send_to_host()
+{
+    static uint8_t msg[RING_BUFLEN];
+    int ret = 0;
+    int i;
+
+    for(i = 0; !rbuf_is_empty(&sim_rcv_buf) && i < sizeof(msg); i++) {
+        msg[i] = rbuf_read(&sim_rcv_buf);
+    }
+    printf("Wr %d\n", i);
+    write_to_host_in_progress = true;
+    ret = USBD_Write( PHONE_DATAIN, msg, i, (TransferCallback)&USB_write_callback, 0 );
+    if (ret != USBD_STATUS_SUCCESS) {
+        TRACE_ERROR("Error sending to host (%x)\n", ret);
+        write_to_host_in_progress = false;
+    }
+    return ret;
+}
+
+int check_data_from_phone()
+{
+    int ret = 0;
+
+    if((rbuf_is_empty(&sim_rcv_buf) || write_to_host_in_progress == true)) {
+        return ret;
+    }
+    ret = send_to_host();
+    return ret;
+}

firmware/src_simtrace/phone.c

@@ -124,7 +124,6 @@ static const Pin pinPhoneRST = PIN_ISO7816_RST_PHONE;
 /** Variable for state of send and receive froom USART */
 static uint8_t StateUsartGlobal = USART_RCV;
 
-static bool write_to_host_in_progress = false;
 static uint8_t host_to_sim_buf[BUFLEN];
 
 /*-----------------------------------------------------------------------------
@@ -306,42 +305,6 @@ void Phone_init( void ) {
 }
 
 
-void USB_write_callback(uint8_t *pArg, uint8_t status, uint32_t transferred, uint32_t remaining)
-{
-    if (status != USBD_STATUS_SUCCESS) {
-        TRACE_ERROR("USB err status: %d (%s)\n", __FUNCTION__, status);
-    }
-    write_to_host_in_progress = false;
-}
-
-int send_to_host()
-{
-    static uint8_t msg[RING_BUFLEN];
-    int ret = 0;
-    int i;
-
-    for(i = 0; !rbuf_is_empty(&sim_rcv_buf); i++) {
-        msg[i] = rbuf_read(&sim_rcv_buf);
-    }
-    write_to_host_in_progress = true;
-    ret = USBD_Write( PHONE_DATAIN, msg, i, (TransferCallback)&USB_write_callback, 0 );
-    return ret;
-}
-
-int check_data_from_phone()
-{
-    int ret = 0;
-
-    while (rbuf_is_empty(&sim_rcv_buf) || write_to_host_in_progress == true)
-        __WFI();
-    ret = send_to_host();
-    if (ret != USBD_STATUS_SUCCESS) {
-        TRACE_ERROR("Error sending to host (%x)", ret);
-        return ret;
-    }
-    return ret;
-}
-
 // Sniffed Phone to SIM card communication:
 // phone > sim : RST
 // phone < sim : ATR

firmware/src_simtrace/ringbuffer.h

@@ -5,7 +5,7 @@
 #include <stdbool.h>
 #include <sys/types.h>
 
-#define RING_BUFLEN 64
+#define RING_BUFLEN 1024
 
 typedef struct ringbuf {
     uint8_t buf[RING_BUFLEN];

firmware/src_simtrace/simtrace.h

@@ -46,6 +46,7 @@ typedef struct {
 extern const USBConfigurationDescriptor *configurationDescriptorsArr[];
 
 /*  Helper functions    */
+int check_data_from_phone();
 
 // FIXME: static function definitions
 extern uint32_t _ISO7816_GetChar( uint8_t *pCharToReceive );

firmware/src_simtrace/simtrace_iso7816.c

@@ -102,7 +102,6 @@ void USART1_IrqHandler( void )
     }
 */
     uint32_t csr = USART_PHONE->US_CSR;
-//    PR("---- stat: %x\n\r", csr);
 
     if (csr & US_CSR_TXRDY) {
         /* transmit buffer empty, nothing to transmit */
@@ -111,14 +110,15 @@ void USART1_IrqHandler( void )
         stat = (csr&(US_CSR_OVRE|US_CSR_FRAME|
                         US_CSR_PARE|US_CSR_TIMEOUT|US_CSR_NACK|
                         (1<<10)));
-//        int c = (USART_PHONE->US_RHR) & 0xFF;
+        uint8_t c = (USART_PHONE->US_RHR) & 0xFF;
 //        printf(" %x", c);
 
         if (stat == 0 ) {
             /* Fill char into buffer */
-            rbuf_write(&sim_rcv_buf, (USART_PHONE->US_RHR) & 0xFF);
+            rbuf_write(&sim_rcv_buf, c);
         } else {
-            PR("e %x st: %x\n", (USART_PHONE->US_RHR) & 0xFF, stat);
+            rbuf_write(&sim_rcv_buf, c);
+            PR("e %x st: %x\n", c, stat);
         } /* else: error occured */
 
         char_stat = stat;

firmware/src_simtrace/sniffer.c

@@ -65,14 +65,17 @@ static const Pin pPwr[] = {
  *-----------------------------------------------------------------------------*/
 
 void Sniffer_configure( void ){
+    TRACE_INFO("Sniffer config\n");
 }
 
 void Sniffer_exit( void ){
+    TRACE_INFO("Sniffer exit\n");
     USART_SetReceiverEnabled(USART_PHONE, 0);
 }
 
 void Sniffer_init( void )
 {
+    TRACE_INFO("Sniffer Init\n");
     /*  Configure ISO7816 driver */
     PIO_Configure( pinsISO7816_sniff, PIO_LISTSIZE( pinsISO7816_sniff ) ) ;
     PIO_Configure( pins_bus, PIO_LISTSIZE( pins_bus) ) ;
@@ -86,14 +89,5 @@ void Sniffer_init( void )
 
 void Sniffer_run( void )
 {
-#if 0
+    check_data_from_phone();
-    if (rcvdChar != 0) {
-        /*  DATA_IN for host side is data_out for simtrace side   */
-        /* FIXME: Performancewise sending a USB packet for every byte is a disaster */
-        PR("----- %x %x %x ..\n\r", buf.buf[0], buf.buf[1],buf.buf[2] );
-        USBD_Write( DATAIN, (void *) buf.buf, BUFLEN, 0, 0 );
-        PR("----- Rcvd char\n\r");
-        rcvdChar = 0;
-    }
-#endif
 }

firmware/src_simtrace/usb.c

@@ -200,9 +200,9 @@ const SIMTraceDriverConfigurationDescriptorSniffer configurationDescriptorSniffe
         sizeof(USBEndpointDescriptor),
         USBGenericDescriptor_ENDPOINT,
         USBEndpointDescriptor_ADDRESS(USBEndpointDescriptor_OUT,
-                                      DATAOUT),
+                                      PHONE_DATAOUT),
         USBEndpointDescriptor_BULK,
-        MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(DATAOUT),
+        MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_DATAOUT),
             USBEndpointDescriptor_MAXBULKSIZE_FS),
         0 /* Must be 0 for full-speed bulk endpoints */
     },
@@ -211,9 +211,9 @@ const SIMTraceDriverConfigurationDescriptorSniffer configurationDescriptorSniffe
         sizeof(USBEndpointDescriptor),
         USBGenericDescriptor_ENDPOINT,
         USBEndpointDescriptor_ADDRESS(USBEndpointDescriptor_IN,
-                                      DATAIN),
+                                      PHONE_DATAIN),
         USBEndpointDescriptor_BULK,
-        MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(DATAIN),
+        MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_DATAIN),
             USBEndpointDescriptor_MAXBULKSIZE_FS),
         0 /* Must be 0 for full-speed bulk endpoints */
     },
@@ -221,9 +221,9 @@ const SIMTraceDriverConfigurationDescriptorSniffer configurationDescriptorSniffe
     {
         sizeof(USBEndpointDescriptor),
         USBGenericDescriptor_ENDPOINT,
-        USBEndpointDescriptor_ADDRESS( USBEndpointDescriptor_IN, INT ),
+        USBEndpointDescriptor_ADDRESS( USBEndpointDescriptor_IN, PHONE_INT ),
         USBEndpointDescriptor_INTERRUPT,
-        MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(INT),
+        MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_INT),
             USBEndpointDescriptor_MAXINTERRUPTSIZE_FS),
         0x10
     }

usb_application/constants.py

@@ -1,5 +1,14 @@
 from array import array
 
+SIM_WR = 0x1
+SIM_RD = 0x82
+SIM_INT = 0x83
+
+PHONE_WR = 0x4
+PHONE_RD = 0x85
+PHONE_INT = 0x86
+
+
 CMD_SEL_ROOT = array('B', [0xA0, 0xA4, 0x00, 0x00, 0x02, 0x3F, 0x00])
 CMD_SEL_FILE = array('B', [0xA0, 0xA4, 0x00, 0x00, 0x02, 0x7F, 0x20])
 CMD_GET_DATA = array('B', [0xA0, 0xC0, 0x00, 0x00, 0x16])
@@ -10,4 +19,4 @@ atr_supersim= array('B', [0x3B, 0x9A, 0x94, 0x00, 0x92, 0x02, 0x75, 0x93, 0x11,
 ATR_SYSMOCOM1 = array('B', [0x3B, 0x99, 0x18, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60])
 ATR_SYSMOCOM2 = array('B', [0x3B, 0x99, 0x11, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60])
 NEW_ATR = ATR_SYSMOCOM2
-ATR_STRANGE_SIM = array('B', [0x3B 0x0B 0x00 0x20 0x00 0x00 0x00 0x00 0x68 0x2E 0x00 0x20 0x68])
+ATR_STRANGE_SIM = array('B', [0x3B, 0x0B, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x68, 0x2E, 0x00, 0x20, 0x68])

usb_application/mitm.py

@@ -7,6 +7,7 @@ import phone
 from contextlib import closing
 
 from util import HEX
+from constants import PHONE_WR, PHONE_RD, PHONE_INT, SIM_WR, SIM_RD, SIM_INT
 
 def find_dev():
     dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004)
@@ -30,14 +31,6 @@ def pattern_match(inpt):
     else:
         return inpt
 
-SIM_WR = 0x1
-SIM_RD = 0x82
-SIM_INT = 0x83
-
-PHONE_WR = 0x4
-PHONE_RD = 0x85
-PHONE_INT = 0x86
-
 ERR_TIMEOUT = 110
 
 def poll_ep(dev, ep):

usb_application/sniffer.py

@@ -3,7 +3,9 @@
 import usb.core
 import usb.util
 import sys
+import array
 
+from constants import PHONE_RD
 
 def find_dev():
     dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004)
@@ -46,14 +48,18 @@ def find_eps(dev):
 # main code
 def sniff():
     dev = find_dev()
+    ans = array.array('B', [])
 
     while True:
         #ep_out.write("Hello")
         try:
-            ans = dev.read(0x82, 64, 1000)
+            ans += dev.read(PHONE_RD, 64, 1000)
-            print("".join("%02x " % b for b in ans))
         except KeyboardInterrupt:
             print("Bye")
             sys.exit()
-        except: 
+        except Exception as e:
-            print("Timeout")
+            print e
+
+        if len(ans) >= 15:
+            print("".join("%02x " % b for b in ans))
+            ans = array.array('B', [])