Without this fix, if the host software does not send an ATR, simtrace
waits for this answer in an endless loop of unsuccessfull USB
endpoint write attempts.
In order to record the communication between simtrace and the
mobile phone with a logic analyzer I had to configure the
pins in sniffer mode in order to attach the sniffer clips
to the SIM card slot. I did not manage to connect them to
the connector to the phone flex cable.
The compiler warning:
simtrace/usb.c:553:5: warning: initialization from incompatible pointer type [enabled by default]
&configurationDescriptorSniffer,
^
simtrace/usb.c:553:5: warning: (near initialization for 'configurationDescriptorsArr[0]') [enabled by default]
simtrace/usb.c:554:5: warning: initialization from incompatible pointer type [enabled by default]
&configurationDescriptorCCID,
^
simtrace/usb.c:554:5: warning: (near initialization for 'configurationDescriptorsArr[1]') [enabled by default]
simtrace/usb.c:555:5: warning: initialization from incompatible pointer type [enabled by default]
&configurationDescriptorPhone,
^
simtrace/usb.c:555:5: warning: (near initialization for 'configurationDescriptorsArr[2]') [enabled by default]
simtrace/usb.c:556:5: warning: initialization from incompatible pointer type [enabled by default]
&configurationDescriptorMITM,
^
simtrace/usb.c:556:5: warning: (near initialization for 'configurationDescriptorsArr[3]') [enabled by default]
simtrace/usb.c: In function 'getConfigDesc':
simtrace/usb.c:560:5: warning: return discards 'const' qualifier from pointer target type [enabled by default]
return configurationDescriptorsArr[idx];
^
simtrace/usb.c: At top level:
The BUFLEN is fixed 5 bytes now, which has to be increased.
A timeout has to be implemented, which is smaller than max_waittime.
If the timeout is triggered, the data received in the buffer so far
should be sent to the host computer which is responsible for generating
a response. Without the timeout the max_waittime of the phone would
expire and it would repeat sending the command, so that we do not
have atomary messages anymore.
The select command mostly works when the blue sysmocom SIM card is inserted,
but with the white SuperSIM we always get timeouts and invalid answers.
Furthermore the white card takes much longer to answer the requests than the
blue one.
So probably there is a timing issue.
Currently this is the simtrace output for select and reading IMSI, etc:
(pcscd must be running as welil, otherwise we get:
$ ./simtrace.py -S
Exception: Failed to establish context : Service not available.)
$ ./simtrace.py -S
Context established!
PCSC Readers: ['ATMEL AT91SO CCID Smart Card Reader [SIMtraceCCID] 00 00']
Using reader: ATMEL AT91SO CCID Smart Card Reader [SIMtraceCCID] 00 00
Connected with active protocol 1
Select: 0x6E 0x00
Command: 0x6D 0x00
Disconnected
Released context.
==> Expected answer for Select: 0x6D 0x00
(based on trying to execute this command with gemalto usb smart card reader)
The command works only every now and then
$ ./simtrace.py -b
pcsc: wait_for_card
Reading ...
Traceback (most recent call last):
File "./simtrace.py", line 105, in <module>
main()
File "./simtrace.py", line 66, in main
ccid.pySim_read()
File "/home/chrysh/ba_thesis/sysmocom_repo/usb_application/ccid.py", line 22, in pySim_read
(res, sw) = scc.read_binary(['3f00', '2fe2'])
File "/home/chrysh/code/src/pysim/pySim/commands.py", line 42, in read_binary
r = self.select_file(ef)
File "/home/chrysh/code/src/pysim/pySim/commands.py", line 35, in select_file
data, sw = self._tp.send_apdu_checksw("a0a4000002" + i)
File "/home/chrysh/code/src/pysim/pySim/transport/__init__.py", line 87, in send_apdu_checksw
raise RuntimeError("SW match failed ! Expected %s and got %s." % (sw.lower(), rv[1]))
RuntimeError: SW match failed ! Expected 9000 and got 9404.
==> Error code 9404 does not exist, which suggests that we actually have a timing issue when
communicating with the smart cart
Switching to config 1 and 2 works, but to 3 and 4 usb_enum.py is
hanging for some reason. Switching the USB config from Sniffer to
CCID reader was not tested yet.
It is possible to use sniffer.py to sniff the phone-simcard-communication.
To be fixed: The buffer size read is fixed and the data is only send
over USB if the buffer max length is reached. which means we don not
get the last bytes of the transaction.
This should be changed in one of the next commits. Maybe the former
simtrace code can give some inspiration on this topic.
