Removed unused phone.py

The SIM card emulator re-uses the mitm.py code with an implementation of SIM card requests and answers instead of phone.py.
2026-03-28 19:28:35 +03:00 · 2015-05-14 18:13:06 +02:00
parent 427ae3547a
commit 66224b7e1b
1 changed files with 0 additions and 131 deletions
--- a/usb_application/phone.py
+++ b/usb_application/phone.py
@@ -1,131 +0,0 @@
 #!/usr/bin/env python3 
 import usb.core
 import usb.util
 import sys
 import time         # needed for sleep()
 import traceback    # Exception timeout
 # Sniffed Phone to SIM card communication:
 # phone < sim : ATR
 # phone > sim : A0 A4 00 00 02 (Select File)
 # phone < sim : A4 (INS repeated)
 # phone > sim : 7F 02 (= ??)
 # phone < sim : 9F 16 (9F: success, can deliver 0x16 (=22) byte)
 # phone > sim : ?? (A0 C0 00 00 16)
 # phone < sim : C0 (INS repeated)
 # phone < sim : 00 00 00 00   7F 20 02 00   00 00 00 00   09 91 00 17   04 00 83 8A (data of length 22)
 # phone < sim : 90 00 (OK, everything went fine)
 # phone ? sim : 00 (??)
 # SuperSIM ATR
 # atr= [0x3B, 0x9A, 0x94, 0x00, 0x92, 0x02, 0x75, 0x93, 0x11, 0x00, 0x01, 0x02, 0x02, 0x19]
 # Faster sysmocom SIM
 #atr = [0x3B, 0x99, 0x18, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60]
 atr = [0x3B, 0x99, 0x11, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60]
 RESP_OK = [0x60, 0x00]
 def find_dev():
    dev = usb.core.find(idVendor=0x03eb, idProduct=0x6004)
    if dev is None:
        raise ValueError("Device not found")
    else:
        print("Found device")
    return dev
 WAIT_RST = 0
 WAIT_CMD = 1
 def handle_wait_rst(dev):
    # ATR handling
    print("Handle ATR")
    arr = dev.read(PHONE_INT, 64, 300)    # Notification endpoint
 #    print("arr: ", arr)
    c=arr.pop()
 #    print(c)
    if c == ord('R'):
        # We received a Reset, so we send ATR
        written = dev.write(PHONE_DATAOUT, atr, 1000)
        print("Written ATR of size: ")
        print(written)
        state = WAIT_CMD;
    return state
 def handle_wait_cmd(dev):
    # Read phone request
    print("Wait cmd")
    cmd = dev.read(PHONE_DATAIN, 64, 1000)
    print("Received request!: ")
    print("".join("%02x " % b for b in cmd))
    return send_response(dev, cmd);
 handle_msg_funcs = { WAIT_RST: handle_wait_rst,
                        WAIT_CMD: handle_wait_cmd }
 def handle_phone_request(dev, state):
    if state == WAIT_CMD:
        try:
            state = handle_msg_funcs[WAIT_RST](dev)
        except usb.USBError as e:
            print(e)
    state = handle_msg_funcs[state](dev)
    return state
 INS = 1
 CNT = 4
 PHONE_DATAOUT = 0x04
 PHONE_DATAIN = 0x85
 PHONE_INT = 0x86
 def send_response(dev, cmd):
 # FIXME: We could get data of length 5 as well! Implement another distinct criteria!
    state = WAIT_CMD
    if len(cmd) == 5:         # Received cmd from phone
        if cmd[INS] == 0xA4:
            resp = [cmd[INS]]       # Respond with INS byte
        elif cmd[INS] == 0xC0:
            data = [0x00, 0x00, 0x00, 0x00,
                    0x7F, 0x20, 0x02, 0x00,
                    0x00, 0x00, 0x00, 0x00,
                    0x09, 0x91, 0x00, 0x17,
                    0x04, 0x00, 0x83, 0x8A,
                    0x83, 0x8A]
            SW = [0x90, 0x00]
            resp = [cmd[INS]] + data + SW       # Respond with INS byte
            #state = WAIT_RST
        else:
            print("Unknown cmd")
            resp = [0x60, 0x00]
    elif len(cmd) == 2:
        resp = [0x9F, 0x16]
    else:
        resp = [0x60, 0x00]
    written = dev.write(PHONE_DATAOUT, resp, 10000);
    if written > 0:
        print("Bytes written:")
        print(written)
    print("Cmd, resp: ")
    print("".join("%02x " % b for b in cmd))
    print("".join("%02x " % b for b in resp))
    return state
 def emulate_sim():
    dev = find_dev()
    state = WAIT_RST;
    while True:
        try:
            state = handle_phone_request(dev, state)
        except usb.USBError as e:
          #  print e
            pass