sniffing: decrease USB IRQ prioprity to prevent USART overrun

Change-Id: I870a0aa8e251bbb53249c54bfcaa45de5b5a9486

Handling the USB message queue is done in an ISR and take quite some time.
This can cause a USART/SIM sniffing buffer overrun, resulting in data loss.
By setting the USB IRQ lower than the USART IRQ, the USB ISR can be
interrupted (for short) and no data gets lost.

README.md

@@ -0,0 +1,39 @@
+SIMtrace v2.0
+=============
+
+This is the repository for the next-generation SIMtrace devices,
+providing abilities to trace the communication between (U)SIM card and
+phone, remote (U)SIM card forward, (U)SIM man-in-the-middle, and more.
+
+This is under heavy development, and right now it is not surprising if
+things still break on a daily basis.
+
+NOTE: Nothing in this repository applies to the SIMtrace v1.x hardware
+or its associated firmware.  SIMtrace v1.x is based on a different CPU /
+microcontroller architecture and uses a completely different software
+stack and host software.
+
+Supported Hardware
+------------------
+
+At this point, the primary development target is still the OWHW + sysmoQMOD
+device, but we expect to add support for a SAM3 based SIMtrace hardware
+board soon.
+
+The goal is to support the following devices:
+
+* Osmocom SIMtrace 1.x with SAM3 controller
+** this is open hardware and schematics / PCB design is published
+* sysmocom sysmoQMOD (with 4 Modems,  4 SIM slots and 2 SAM3)
+** this is a proprietary device, publicly available from sysmocom
+* sysmocom OWHW (with 2 Modems and 1 SAM3 onboard)
+** this is not publicly available hardware, but still supported
+
+This Repository
+---------------
+
+This repository contains several directory
+
+* firmware - the firmware to run on the actual devices
+* hardware - some information related to the hardware
+* host - Programs to use on the USB host to interface with the hardware

contrib/jenkins.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+TOPDIR=`pwd`
+
+if ! [ -x "$(command -v osmo-build-dep.sh)" ]; then
+	echo "Error: We need to have scripts/osmo-deps.sh from http://git.osmocom.org/osmo-ci/ in PATH !"
+	exit 2
+fi
+
+set -e
+
+base="$PWD"
+deps="$base/deps"
+inst="$deps/install"
+export deps inst
+
+osmo-clean-workspace.sh
+
+mkdir "$deps" || true
+
+osmo-build-dep.sh libosmocore "" '--disable-doxygen --enable-gnutls'
+
+export PKG_CONFIG_PATH="$inst/lib/pkgconfig:$PKG_CONFIG_PATH"
+export LD_LIBRARY_PATH="$inst/lib"
+
+BUILDS=""
+BUILDS+="simtrace/dfu simtrace/cardem " # simtrace/trace simtrace/triple_play
+BUILDS+="qmod/dfu qmod/cardem "
+BUILDS+="owhw/dfu owhw/cardem "
+
+cd $TOPDIR/firmware
+for build in $BUILDS; do
+	board=`echo $build | cut -d "/" -f 1`
+	app=`echo $build | cut -d "/" -f 2`
+	echo
+	echo "=============== $board / $app START  =============="
+	make BOARD="$board" APP="$app"
+	make BOARD="$board" APP="$app" clean
+	echo "=============== $board / $app RES:$? =============="
+done
+
+echo
+echo "=============== FIRMWARE TESTS ==========="
+cd $TOPDIR/firmware/test
+make clean
+make
+./card_emu_test
+make clean
+
+echo
+echo "=============== HOST START  =============="
+cd $TOPDIR/host
+make clean
+make
+make clean
+
+osmo-clean-workspace.sh

firmware/Makefile

@@ -144,9 +144,9 @@ INCLUDES += -Iapps/$(APP)
 CFLAGS += -Wall -Wchar-subscripts -Wcomment -Wimplicit-int #-Wformat=2
 CFLAGS += -Werror-implicit-function-declaration -Wmain -Wparentheses
 CFLAGS += -Wsequence-point -Wreturn-type -Wswitch -Wtrigraphs #-Wunused
-CFLAGS += -Wuninitialized -Wunknown-pragmas -Wfloat-equal -Wundef
+CFLAGS += -Wuninitialized -Wunknown-pragmas -Wfloat-equal #-Wundef
 CFLAGS += -Wshadow -Wpointer-arith -Wbad-function-cast -Wwrite-strings
-CFLAGS += -Wsign-compare -Waggregate-return
+CFLAGS += -Waggregate-return #-Wsign-compare
 CFLAGS += -Wformat=0
 CFLAGS += -Wmissing-format-attribute -Wno-deprecated-declarations
 CFLAGS += #-Wpacked
@@ -192,7 +192,7 @@ $(OUTPUT)-combined.bin: $(BIN)/$(BOARD)-dfu-flash-padded.bin $(OUTPUT)-dfu.bin
 	cat $^ > $@
 
 $(BIN) $(OBJ):
-	mkdir $@
+	mkdir -p $@
 
 usbstring/usbstring: usbstring/usbstring.c
 	gcc $^ -o $@

firmware/README.txt

@@ -1,70 +1,81 @@
+This is the source code for SIMtrace 2 firmwares.
 
-== BOARDS
+= Hardware
 
-A board defines a given circuit board, i.e. SIMtrace, OWHW, QMOD
+== Micro-Controller
 
-It defines the given hardware model for which the program is to be
-compiled.
+The firmware is for Microchip (formerly Atmel) ATSAM3S4B micro-controllers (MCU).
+Product page:  https://www.microchip.com/wwwproducts/en/ATSAM3S4B
+Datasheet: http://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-6500-32-bit-Cortex-M3-Microcontroller-SAM3S4-SAM3S2-SAM3S1_Datasheet.pdf
+
+Note: The SAM3S is now not recommended for new designs.
+It can be replaced by the pin-compatible SAM4S.
+The MCU can be specified using the environment variable `CHIP` (set to `sam3s4` per default) for future MCU support.
+
+== Boards
+
+The SIMtrace 2 firmware supports multiple boards.
+A board defines a given circuit board.
+While compiling the firmware, set the target board using the `BOARD` environment variable (set to `qmod` per default).
+The supported boards correspond to sub-folders under `libboard`.
 
 Current boards supported are:
-* simtrace: The good old Osmocom SIMtrace PCB with SAM3 instead of
-  SAM7, open hardware.
-* qmod: A sysmocom-proprietary quad mPCIe carrier board, publicly available
-* owhw: An undisclosed sysmocom-internal board, not publicly available
 
-== APPLICATIONS
+* `simtrace`: The good old Osmocom SIMtrace PCB with SAM3 instead of SAM7, open hardware.
+* `qmod`: A sysmocom-proprietary quad mPCIe carrier board, publicly available
+* `owhw`: An undisclosed sysmocom-internal board, not publicly available
 
-An application is a specific piece of software with given
-functionality.
+= Firmware
 
-== ENVIRONMENTS
+== Library
+
+The firmware uses the manufacturer provided Software Package (SoftPack) micro-controller library.
+The original library is available at https://www.microchip.com/design-centers/32-bit/softpacks/legacy-softpacks .
+Version 2.1 from 2001 is used: http://ww1.microchip.com/downloads/en/DeviceDoc/SAM3S_softpack_2.1_for_CodeSourcery_2010q1.zip
+The SIMtrace 2 project uses the `libboard_sam3s-ek`, `libchip_sam3s`, and `usb` sub-libraries, saved in `atmel_softpack_libraries` (with local modifications).
+
+Note: SoftPack is the legacy micro-controller library.
+This library is now replaced by the Advanced Software Framework (ASF): https://www.microchip.com/avr-support/advanced-software-framework-(asf) .
+The SAM3S ASF documentation is available at http://asf.atmel.com/docs/latest/sam3s/html/index.html .
+
+== Applications
+
+An application is a specific piece of software with given functionality.
+While compiling the firmware, set the target application using the `APP` environment variable (set to `dfu` per default).
+The supported applications correspond to sub-folder under `apps`.
+
+Current applications supported are:
+
+* `dfu`: The USB DFU bootloader to flash further main appliction firmwares.
+* `ccid`: To use SIMtrace 2 as USB CCID smartcard reader.
+* `cardem`: To provide remote SIM operation capabilities.
+* `trace`:  To monitor the communication between a SIM card and a phone (corresponds to the functionality provide by the first SIMtrace)
+* `triple_play`: To support the three previous functionalities, using USB configurations.
+
+== Memories
+
+Firmwares can be run from several memory locations:
 
-An environment is a runtime environment, typically defined by a linker
-script.  The current runtime environments include
 * flash: Run natively from start of flash memory
-* dfu: Run after a DFU bootloader from an offset after the first 16k
-  of flash (the first 16k are reserved for the bootloader)
+* dfu: Run after a DFU bootloader from an offset after the first 16k of flash (the first 16k are reserved for the bootloader)
 * ram: Run from within the RAM of the chip, downloaded via JTAG/SWD
 
-
 == Building
 
-A given software build is made for a specific combination of an APP
-running in a certain ENVIRONMENT on a given BOARD.
+A given firmware build is made for a specific combination of an application `APP` running in a certain memory `MEM` on a given board `BOARD`.
+When building using `make`, set the target application using the `APP` environment variable and target board using the `BOARD`  environment variable, e.g.:
 
-A Makefile is provided. It will create output files in the format
-bin/$(BOARD)-$(APP)-$(ENV).{elf,bin}
-
-You can specify the APP and BOARD to build when calling make, like
-e.g.
 * make APP=cardem BOARD=qmod
 * make APP=dfu BOARD=qmod
 
+The Makefile will create output files in the format: `bin/$(BOARD)-$(APP)-$(MEM).{elf,bin}`
+
 The level of debug messages can be altered at compile time:
 ```
 $ make TRACE_LEVEL=4
 ```
 Accepted values: 0 (NO_TRACE) to 5 (DEBUG)
 
-== Flashing
+= Flashing
 
-For flashing the firmware, there are at least two options.
-
-=== Using JTAG + OpenOCD to flash the DFU bootloader
-
-The first one is using openocd and a JTAG key.
-For this option, a JTAG connector has to be soldered onto the board, which is not attached per default.
-
-```
-$ openocd -f openocd/openocd.cfg -c "init" -c "halt" -c "flash write_bank 0 ./bin/$(BOARD)-dfu-flash.bin 0" -c "reset" -c "shutdown"
-```
-
-=== Using bossac to flash the DFU bootloader
-
-The second option is using rumba for flashing. No further hardware has to be provided for this option.
-
-FIXME
-
-=== Using DFU to flash application
-
-FIXME
+To flash a firmware image follow the instructions provided in the [wiki](https://projects.osmocom.org/projects/simtrace2/wiki/).

firmware/TODO.txt

@@ -0,0 +1,22 @@
+
+== Important DFU topics / reliability ==
+x some kind of DFU fallback / boot cycle counter ?
+* CRC check of image before attempting to execute it ?
+x Keep WDT running while in DFU or app
+? USB control request for flash erase
+
+== QModem related ==
+x new vendor/product ID for hub and SAM3s
+* board-specfic string descriptors
+* re-mapping of USB ports in EEPROM
+
+== Lower Priority ==
+* unique serial number in iSerial?
+* printing of banner from generic function
+* board_main_top() automatically before calling main()
+x compile-time USB string generation
+* shared USB strings for DFU and runtime
+* version detection voltage ranges
+* locking of bootloader pages?
+* debug console command for switch-to-dfu
+* read CPU reset cause (and time?) via USB

firmware/apps/cardem/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c ccid.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c

firmware/apps/cardem/main.c

@@ -6,7 +6,7 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
-#include "osmocom/core/timer.h"
+#include <osmocom/core/timer.h>
 
 unsigned int g_unique_id[4];
 
@@ -89,12 +89,14 @@ void USBDDriverCallbacks_ConfigurationChanged(uint8_t cfgnum)
 
 void USART1_IrqHandler(void)
 {
-	config_func_ptrs[simtrace_config].usart1_irq();
+	if (config_func_ptrs[simtrace_config].usart1_irq)
+		config_func_ptrs[simtrace_config].usart1_irq();
 }
 
 void USART0_IrqHandler(void)
 {
-	config_func_ptrs[simtrace_config].usart0_irq();
+	if (config_func_ptrs[simtrace_config].usart0_irq)
+		config_func_ptrs[simtrace_config].usart0_irq();
 }
 
 /* returns '1' in case we should break any endless loop */

firmware/apps/dfu/main.c

@@ -10,6 +10,14 @@
 #define ALTIF_FLASH 1
 
 unsigned int g_unique_id[4];
+/* remember if the watchdog has been configured in the main loop so we can kick it in the ISR */
+static bool watchdog_configured = false;
+
+/* There is not enough space in the 16 KiB DFU bootloader to include led.h functions */
+#ifdef PINS_LEDS
+/** LED pin configurations */
+static const Pin pinsLeds[] = { PINS_LEDS } ;
+#endif
 
 /*----------------------------------------------------------------------------
  *       Callbacks
@@ -21,46 +29,82 @@ unsigned int g_unique_id[4];
 #define IFLASH_END	((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
 #define IRAM_END	((uint8_t *)IRAM_ADDR + IRAM_SIZE)
 
-/* incoming call-back: Host has transfered 'len' bytes (stored at
+/* incoming call-back: Host has transferred 'len' bytes (stored at
  * 'data'), which we shall write to 'offset' into the partition
- * associated with 'altif'.  Guaranted to be les than
+ * associated with 'altif'.  Guaranted to be less than
  * BOARD_DFU_PAGE_SIZE */
 int USBDFU_handle_dnload(uint8_t altif, unsigned int offset,
 			 uint8_t *data, unsigned int len)
 {
 	uint32_t addr;
+	unsigned int i;
 	int rc;
+	/* address of the last allocated variable on the stack */
+	uint32_t stack_addr = (uint32_t)&rc;
+	/* kick the dog to have enough time to flash */
+	if (watchdog_configured) {
+		WDT_Restart(WDT);
+	}
 
 	printf("dnload(altif=%u, offset=%u, len=%u)\n\r", altif, offset, len);
 
+#ifdef PINS_LEDS
+	PIO_Clear(&pinsLeds[LED_NUM_RED]);
+#endif
+
 	switch (altif) {
 	case ALTIF_RAM:
 		addr = RAM_ADDR(offset);
-		if (addr > IRAM_ADDR + IRAM_SIZE) {
+		if (addr < IRAM_ADDR || addr + len >= IRAM_ADDR + IRAM_SIZE || addr + len >= stack_addr) {
 			g_dfu->state = DFU_STATE_dfuERROR;
 			g_dfu->status = DFU_STATUS_errADDRESS;
-			return DFU_RET_STALL;
+			rc = DFU_RET_STALL;
+			break;
 		}
 		memcpy((void *)addr, data, len);
-		return DFU_RET_ZLP;
+		rc = DFU_RET_ZLP;
+		break;
 	case ALTIF_FLASH:
 		addr = FLASH_ADDR(offset);
-		if (addr > IFLASH_ADDR + IFLASH_SIZE) {
+		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + IFLASH_SIZE) {
 			g_dfu->state = DFU_STATE_dfuERROR;
 			g_dfu->status = DFU_STATUS_errADDRESS;
-			return DFU_RET_STALL;
+			rc = DFU_RET_STALL;
+			break;
+		}
+		rc = FLASHD_Unlock(addr, addr + len, 0, 0);
+		if (rc != 0) {
+			TRACE_ERROR("DFU download flash unlock failed\n\r");
+			rc =  DFU_RET_STALL;
+			break;
 		}
 		rc = FLASHD_Write(addr, data, len);
 		if (rc != 0) {
-			/* FIXME: set error codes */
-			return DFU_RET_STALL;
+			TRACE_ERROR("DFU download flash erase failed\n\r");
+			rc = DFU_RET_STALL;
+			break;
 		}
-		return DFU_RET_ZLP;
+		for (i = 0; i < len; i++) {
+			if (((uint8_t*)addr)[i]!=data[i]) {
+				TRACE_ERROR("DFU download flash data written not correct\n\r");
+				rc = DFU_RET_STALL;
+				break;
+			}
+		}
+		rc = DFU_RET_ZLP;
+		break;
 	default:
 		/* FIXME: set error codes */
 		TRACE_ERROR("DFU download for unknown AltIf %d\n\r", altif);
-		return DFU_RET_STALL;
+		rc = DFU_RET_STALL;
+		break;
 	}
+
+#ifdef PINS_LEDS
+	PIO_Set(&pinsLeds[LED_NUM_RED]);
+#endif
+
+	return rc;
 }
 
 /* incoming call-back: Host has requested to read back 'req_len' bytes
@@ -105,31 +149,10 @@ int USBDFU_handle_upload(uint8_t altif, unsigned int offset,
 	return req_len;
 }
 
-static int uart_has_loopback_jumper(void)
+/* can be overridden by board specific code, e.g. by pushbutton */
+WEAK int board_override_enter_dfu(void)
 {
-	unsigned int i;
-	const Pin uart_loopback_pins[] = {
-		{PIO_PA9A_URXD0, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT},
-		{PIO_PA10A_UTXD0, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
-	};
-
-	/* Configure UART pins as I/O */
-	PIO_Configure(uart_loopback_pins, PIO_LISTSIZE(uart_loopback_pins));
-
-	for (i = 0; i < 10; i++) {
-		/* Set TxD high; abort if RxD doesn't go high either */
-		PIO_Set(&uart_loopback_pins[1]);
-		if (!PIO_Get(&uart_loopback_pins[0]))
-			return 0;
-		/* Set TxD low, abort if RxD doesn't go low either */
-		PIO_Clear(&uart_loopback_pins[1]);
-		if (PIO_Get(&uart_loopback_pins[0]))
-			return 0;
-	}
-	/* if we reached here, RxD always follows TxD and thus a
-	 * loopback jumper has been placed on RxD/TxD, and we will boot
-	 * into DFU unconditionally */
-	return 1;
+	return 0;
 }
 
 /* using this function we can determine if we should enter DFU mode
@@ -139,7 +162,7 @@ int USBDFU_OverrideEnterDFU(void)
 	uint32_t *app_part = (uint32_t *)FLASH_ADDR(0);
 
 	/* If the loopback jumper is set, we enter DFU mode */
-	if (uart_has_loopback_jumper())
+	if (board_override_enter_dfu())
 		return 1;
 
 	/* if the first word of the application partition doesn't look
@@ -180,10 +203,16 @@ extern int main(void)
 	unsigned int i = 0;
 	uint32_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
 
-#if 0
-	led_init();
-	led_blink(LED_GREEN, BLINK_3O_30F);
-	led_blink(LED_RED, BLINK_3O_30F);
+	/* Enable watchdog for 2000ms, with no window */
+	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
+		   (WDT_GetPeriod(2000) << 16) | WDT_GetPeriod(2000));
+	watchdog_configured = true;
+
+#ifdef PINS_LEDS
+	/* Configure LED */
+	PIO_Configure(pinsLeds, sizeof(pinsLeds));
+	PIO_Set(&pinsLeds[LED_NUM_RED]);
+	PIO_Clear(&pinsLeds[LED_NUM_GREEN]);
 #endif
 
 	/* Enable watchdog for 500ms, with no window */
@@ -213,6 +242,12 @@ extern int main(void)
 	board_main_top();
 
 	TRACE_INFO("USB init...\n\r");
+	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
+	const Pin usb_dp_pullup = PIN_USB_PULLUP;
+	PIO_Configure(&usb_dp_pullup, 1);
+	PIO_Set(&usb_dp_pullup);
+	mdelay(15);
+	PIO_Clear(&usb_dp_pullup);
 	USBDFU_Initialize(&dfu_descriptors);
 
 	while (USBD_GetState() < USBD_STATE_CONFIGURED) {
@@ -229,7 +264,9 @@ extern int main(void)
 		i++;
 	}
 
+	/* Initialize the flash to be able to write it, using the IAP ROM code */
 	FLASHD_Initialize(BOARD_MCK, 1);
+
 	TRACE_INFO("entering main loop...\n\r");
 	while (1) {
 		WDT_Restart(WDT);

firmware/apps/dfu/usb_strings.txt

@@ -1,5 +1,5 @@
 sysmocom - s.f.m.c. GmbH
 SIMtrace 2 compatible device
-DFU (Device Firmare Upgrade)
+DFU (Device Firmware Upgrade)
 RAM
 Flash (Application Partition)

firmware/apps/trace/Makefile

@@ -0,0 +1,3 @@
+C_FILES += $(C_LIBUSB_RT)
+
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c

firmware/apps/trace/main.c

@@ -0,0 +1,268 @@
+/*
+ * (C) 2010-2017 by Harald Welte <hwelte@sysmocom.de>
+ * (C) 2018 by Kevin Redon <kredon@sysmocom.de>
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+/*------------------------------------------------------------------------------
+ *          Headers
+ *------------------------------------------------------------------------------*/
+
+#include "board.h"
+#include "simtrace.h"
+#include "utils.h"
+#include "osmocom/core/timer.h"
+
+unsigned int g_unique_id[4];
+
+/*------------------------------------------------------------------------------
+ *         Internal variables
+ *------------------------------------------------------------------------------*/
+typedef struct {
+	/* static initialization, called whether or not the usb config is active */
+	void (*configure) (void);
+	/* initialization function after the config was selected */
+	void (*init) (void);
+	/* de-initialization before selecting new config */
+	void (*exit) (void);
+	/* main loop content for given configuration */
+	void (*run) (void);
+	/* Interrupt handler for USART0 */
+	void (*usart0_irq) (void);
+	/* Interrupt handler for USART1 */
+	void (*usart1_irq) (void);
+} conf_func;
+
+static const conf_func config_func_ptrs[] = {
+	/* array slot 0 is empty, usb configs start at 1 */
+#ifdef HAVE_SNIFFER
+	[CFG_NUM_SNIFF] = {
+		.configure = Sniffer_configure,
+		.init = Sniffer_init,
+		.exit = Sniffer_exit,
+		.run = Sniffer_run,
+		.usart0_irq = Sniffer_usart0_irq,
+		.usart1_irq = Sniffer_usart1_irq,
+	},
+#endif
+#ifdef HAVE_CCID
+	[CFG_NUM_CCID] = {
+		.configure = CCID_configure,
+		.init = CCID_init,
+		.exit = CCID_exit,
+		.run = CCID_run,
+	},
+#endif
+#ifdef HAVE_CARDEM
+	[CFG_NUM_PHONE] = {
+		.configure = mode_cardemu_configure,
+		.init = mode_cardemu_init,
+		.exit = mode_cardemu_exit,
+		.run = mode_cardemu_run,
+		.usart0_irq = mode_cardemu_usart0_irq,
+		.usart1_irq = mode_cardemu_usart1_irq,
+	},
+#endif
+#ifdef HAVE_MITM
+	[CFG_NUM_MITM] = {
+		.configure = MITM_configure,
+		.init = MITM_init,
+		.exit = MITM_exit,
+		.run = MITM_run,
+	},
+#endif
+};
+
+/*------------------------------------------------------------------------------
+ *         Internal variables
+ *------------------------------------------------------------------------------*/
+#if defined(HAVE_SNIFFER)
+static volatile enum confNum simtrace_config = CFG_NUM_SNIFF;
+#elif defined(HAVE_CARDEM)
+static volatile enum confNum simtrace_config = CFG_NUM_PHONE;
+#elif defined(HAVE_CCID)
+static volatile enum confNum simtrace_config = CFG_NUM_CCID;
+#endif
+
+/*----------------------------------------------------------------------------
+ *       Callbacks
+ *----------------------------------------------------------------------------*/
+
+void USBDDriverCallbacks_ConfigurationChanged(uint8_t cfgnum)
+{
+	TRACE_INFO_WP("cfgChanged%d ", cfgnum);
+	if (cfgnum >= sizeof(config_func_ptrs)/sizeof(config_func_ptrs[0])) {
+		TRACE_FATAL_WP("no functions defined for configuration %d\n\r", cfgnum);
+	}
+	simtrace_config = cfgnum;
+}
+
+void USART1_IrqHandler(void)
+{
+	if (config_func_ptrs[simtrace_config].usart1_irq)
+		config_func_ptrs[simtrace_config].usart1_irq();
+}
+
+void USART0_IrqHandler(void)
+{
+	if (config_func_ptrs[simtrace_config].usart0_irq)
+		config_func_ptrs[simtrace_config].usart0_irq();
+}
+
+/* returns '1' in case we should break any endless loop */
+static void check_exec_dbg_cmd(void)
+{
+	int ch;
+
+	if (!UART_IsRxReady())
+		return;
+
+	ch = UART_GetChar();
+
+	board_exec_dbg_cmd(ch);
+}
+
+/*------------------------------------------------------------------------------
+ *        Main
+ *------------------------------------------------------------------------------*/
+#define MAX_USB_ITER BOARD_MCK/72	// This should be around a second
+extern int main(void)
+{
+	uint8_t isUsbConnected = 0;
+	enum confNum last_simtrace_config = simtrace_config;
+	unsigned int i = 0;
+
+	/* Configure LED output (red = on, green = activity */
+	led_init();
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_OFF);
+
+	/* Enable watchdog for 2000 ms, with no window */
+	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
+		   (WDT_GetPeriod(2000) << 16) | WDT_GetPeriod(2000));
+
+	PIO_InitializeInterrupts(0);
+
+	EEFC_ReadUniqueID(g_unique_id);
+
+        printf("\n\r\n\r"
+		"=============================================================================\n\r"
+		"SIMtrace2 firmware " GIT_VERSION " (C) 2010-2016 by Harald Welte\n\r"
+		"=============================================================================\n\r");
+
+	TRACE_INFO("Chip ID: 0x%08x (Ext 0x%08x)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
+	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
+		   g_unique_id[0], g_unique_id[1],
+		   g_unique_id[2], g_unique_id[3]);
+	TRACE_INFO("Reset Cause: 0x%x\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
+	TRACE_INFO("USB configuration used: %d\n\r", simtrace_config);
+
+	board_main_top();
+
+	TRACE_INFO("USB init...\n\r");
+	SIMtrace_USB_Initialize();
+	TRACE_INFO_WP("USBD_Inited\n\r");
+
+	while (USBD_GetState() < USBD_STATE_CONFIGURED) {
+		WDT_Restart(WDT);
+		check_exec_dbg_cmd();
+#if 0
+		if (i >= MAX_USB_ITER * 3) {
+			TRACE_ERROR("Resetting board (USB could "
+				    "not be configured)\n\r");
+			USBD_Disconnect();
+			NVIC_SystemReset();
+		}
+#endif
+		i++;
+	}
+
+	TRACE_INFO("calling configure of all configurations...\n\r");
+	for (i = 1; i < sizeof(config_func_ptrs) / sizeof(config_func_ptrs[0]); ++i) {
+		if (config_func_ptrs[i].configure) {
+			config_func_ptrs[i].configure();
+		} else {
+			TRACE_WARNING("no configure function defined for configuration %d\n\r", i);
+		}
+	}
+
+	TRACE_INFO("cfg %d\n\r", simtrace_config);
+
+	TRACE_INFO("calling init of config %u...\n\r", simtrace_config);
+	if (simtrace_config >= sizeof(config_func_ptrs)/sizeof(config_func_ptrs[0])) {
+		TRACE_ERROR("no functions defined for configuration %d\n\r", simtrace_config);
+	} else {
+		if (config_func_ptrs[simtrace_config].init) {
+			config_func_ptrs[simtrace_config].init();
+		} else {
+			TRACE_ERROR("no init function defined for configuration %d\n\r", simtrace_config);
+		}
+	}
+	last_simtrace_config = simtrace_config;
+
+	TRACE_INFO("entering main loop...\n\r");
+	while (1) {
+		WDT_Restart(WDT);
+#if TRACE_LEVEL >= TRACE_LEVEL_DEBUG
+		const char rotor[] = { '-', '\\', '|', '/' };
+		putchar('\b');
+		putchar(rotor[i++ % ARRAY_SIZE(rotor)]);
+#endif
+		check_exec_dbg_cmd();
+		osmo_timers_prepare();
+		osmo_timers_update();
+
+		if (USBD_GetState() < USBD_STATE_CONFIGURED) {
+
+			if (isUsbConnected) {
+				isUsbConnected = 0;
+			}
+		} else if (isUsbConnected == 0) {
+			TRACE_INFO("USB is now configured\n\r");
+
+			isUsbConnected = 1;
+		}
+		if (last_simtrace_config != simtrace_config) {
+			TRACE_INFO("USB config chg %u -> %u\n\r",
+				   last_simtrace_config, simtrace_config);
+			if (last_simtrace_config < sizeof(config_func_ptrs)/sizeof(config_func_ptrs[0])) {
+				if (config_func_ptrs[last_simtrace_config].exit) {
+					config_func_ptrs[last_simtrace_config].exit();
+				} else {
+					TRACE_WARNING("exit not defined for configuration %d\n\r", last_simtrace_config);
+				}
+			} else {
+				TRACE_ERROR("no functions defined for configuration %d\n\r", last_simtrace_config);
+			}
+			if (simtrace_config < sizeof(config_func_ptrs)/sizeof(config_func_ptrs[0])) {
+				if (config_func_ptrs[simtrace_config].init) {
+					config_func_ptrs[simtrace_config].init();
+				} else {
+					 TRACE_WARNING("init not defined for configuration %d\n\r", simtrace_config);
+				}
+			} else {
+				TRACE_FATAL("no functions defined for configuration %d\n\r", simtrace_config);
+			}
+			last_simtrace_config = simtrace_config;
+		} else {
+			if (config_func_ptrs[simtrace_config].run) {
+				config_func_ptrs[simtrace_config].run();
+			} else {
+				TRACE_ERROR("run not defined for configuration %d\n\r", simtrace_config);
+			}
+		}
+	}
+}

firmware/apps/trace/usb_strings.txt

@@ -0,0 +1,10 @@
+sysmocom - s.f.m.c. GmbH
+SIMtrace 2 compatible device
+SIMtrace Sniffer
+SIMtrace CCID
+SIMtrace Phone
+SIMtrace MITM
+CardEmulator Modem 1
+CardEmulator Modem 2
+CardEmulator Modem 3
+CardEmulator Modem 4

firmware/apps/triple_play/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c ccid.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c

firmware/apps/triple_play/main.c

@@ -7,7 +7,7 @@
 #include "simtrace.h"
 #include "utils.h"
 #include "req_ctx.h"
-#include "osmocom/core/timer.h"
+#include <osmocom/core/timer.h>
 
 unsigned int g_unique_id[4];
 

firmware/atmel_softpack_libraries/usb/device/core/USBD.c

@@ -47,6 +47,8 @@
 #include "USBD.h"
 #include "USBD_HAL.h"
 
+extern void USBDFU_Runtime_RequestHandler(const USBGenericRequest *request);
+
 /*---------------------------------------------------------------------------
  *      Definitions
  *---------------------------------------------------------------------------*/
@@ -144,7 +146,11 @@ void USBD_RequestHandler(uint8_t bEndpoint,
                       bEndpoint);
     }
     else {
+#if defined(BOARD_USB_DFU) && !defined(APPLICATION_dfu)
+        USBDFU_Runtime_RequestHandler(pRequest);
+#else
         USBDCallbacks_RequestReceived(pRequest);
+#endif
     }
 }
 

firmware/atmel_softpack_libraries/usb/device/core/USBDDriver.c

@@ -2,6 +2,7 @@
  *         ATMEL Microcontroller Software Support
  * ----------------------------------------------------------------------------
  * Copyright (c) 2008, Atmel Corporation
+ * Copyright (c) 2018, Kevin Redon <kredon@sysmocom.de>
  *
  * All rights reserved.
  *
@@ -331,8 +332,13 @@ static void GetDescriptor(
             /* Check if descriptor exists */
 
             if (indexRDesc >= numStrings) {
-
-                USBD_Stall(0);
+                /* Sometimes descriptor string 0xee is requested.
+                 * This is a mechanism used by Microsoft Windows to further identify the USB device.
+                 * Instead of stalling, as is the original code, leading to an USB reset, we send an empty packet.
+                 * I am not sure if sending an empty string would be better, but an empty packet seems sufficient.
+                 */
+                //USBD_Stall(0);
+                USBD_Write(0, NULL, 0, 0, 0);
             }
             else {
 

firmware/atmel_softpack_libraries/usb/device/dfu/dfu.h

@@ -78,8 +78,8 @@ extern const USBDDriverDescriptors dfu_descriptors;
 
 /* no DFU bootloader is being used */
 #define DFURT_NUM_IF	0
-#define DFURT_IF_DESCRIPTOR_STRUCT(a, b)
-#define DFURT_IF_DESCRIPTOR
+#define DFURT_IF_DESCRIPTOR_STRUCT
+#define DFURT_IF_DESCRIPTOR(a, b)
 
 #endif /* BOARD_USB_DFU */
 

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_desc.c

@@ -28,7 +28,7 @@ static const USBDeviceDescriptor fsDevice = {
 	.bDeviceClass =		0,
 	.bDeviceSubClass = 	0,
 	.bDeviceProtocol = 	0,
-	.bMaxPacketSize0 =	BOARD_USB_ENDPOINTS_MAXPACKETSIZE(0),
+	.bMaxPacketSize0 = 	USBEndpointDescriptor_MAXCTRLSIZE_FS,
 	.idVendor =		BOARD_USB_VENDOR_ID,
 	.idProduct = 		BOARD_DFU_USB_PRODUCT_ID,
 	.bcdDevice = 		BOARD_USB_RELEASE,

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_driver.c

@@ -217,7 +217,7 @@ void USBDFU_DFU_RequestHandler(const USBGenericRequest *request)
 	uint8_t req = USBGenericRequest_GetRequest(request);
 	uint16_t len = USBGenericRequest_GetLength(request);
 	uint16_t val = USBGenericRequest_GetValue(request);
-	int rc, ret;
+	int rc, ret = DFU_RET_NOTHING;
 
 	TRACE_DEBUG("type=0x%x, recipient=0x%x val=0x%x len=%u\n\r",
 			USBGenericRequest_GetType(request),

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_runtime.c

@@ -107,7 +107,7 @@ void USBDFU_Runtime_RequestHandler(const USBGenericRequest *request)
 	uint8_t req = USBGenericRequest_GetRequest(request);
 	uint16_t len = USBGenericRequest_GetLength(request);
 	uint16_t val = USBGenericRequest_GetValue(request);
-	int rc, ret;
+	int rc, ret = DFU_RET_NOTHING;
 
 	TRACE_DEBUG("type=0x%x, recipient=0x%x val=0x%x len=%u\n\r",
 			USBGenericRequest_GetType(request),
@@ -141,7 +141,7 @@ void USBDFU_Runtime_RequestHandler(const USBGenericRequest *request)
 	if (USBGenericRequest_GetType(request) != USBGenericRequest_CLASS ||
 	    USBGenericRequest_GetRecipient(request) != USBGenericRequest_INTERFACE) {
 		TRACE_DEBUG("std_ho_usbd ");
-		USBDDriver_RequestHandler(usbdDriver, request);
+		USBDCallbacks_RequestReceived(request);
 		return;
 	}
 
@@ -216,9 +216,3 @@ void DFURT_SwitchToDFU(void)
 	 * ResetVector of the bootloader */
 	NVIC_SystemReset();
 }
-
-void USBDCallbacks_RequestReceived(const USBGenericRequest *request)
-{
-	/* FIXME: integration with CCID control point reqeusts */
-	USBDFU_Runtime_RequestHandler(request);
-}

firmware/libboard/common/include/board_common.h

@@ -39,8 +39,8 @@
 
 #define BOARD_MCK     48000000
 
-#define PIO_LED_RED	PIO_PA17
-#define PIO_LED_GREEN	PIO_PA17
+#define PIO_LED_RED     PIO_PA17
+#define PIO_LED_GREEN   PIO_PA18
 
 #define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
@@ -65,10 +65,14 @@
 /** UART0 */
 /** Console baudrate always using 115200. */
 #define CONSOLE_BAUDRATE    115200
-/** Usart Hw interface used by the console (UART0). */
-#define CONSOLE_USART       UART0
-/** Usart Hw ID used by the console (UART0). */
+/** UART peripheral used by the console (UART0). */
+#define CONSOLE_UART       UART0
+/** UART peripheral ID used by the console (UART0). */
 #define CONSOLE_ID          ID_UART0
+/** UART ISR used by the console (UART0). */
+#define CONSOLE_ISR         UART0_IrqHandler
+/** UART IRQ used by the console (UART0). */
+#define CONSOLE_IRQ         UART0_IRQn
 /** Pins description corresponding to Rxd,Txd, (UART pins) */
 #define CONSOLE_PINS        {PINS_UART}
 
@@ -77,40 +81,33 @@
 #define BOARD_ISO7816_BASE_USART    USART0
 #define BOARD_ISO7816_ID_USART      ID_USART0
 
+/* USART peripherals for a phone and SIM card setup */
+/* USART peripheral connected to the SIM card */
 #define USART_SIM       USART0
+/* ID of USART peripheral connected to the SIM card */
 #define ID_USART_SIM    ID_USART0
-#define USART_PHONE       USART1
-#define ID_USART_PHONE    ID_USART1
+/* Interrupt request ID of USART peripheral connected to the SIM card */
+#define IRQ_USART_SIM   USART0_IRQn
+/* USART peripheral connected to the phone */
+#define USART_PHONE     USART1
+/* ID of USART peripheral connected to the phone */
+#define ID_USART_PHONE  ID_USART1
+/* Interrupt request ID of USART peripheral connected to the phone */
+#define IRQ_USART_PHONE USART1_IRQn
 
 #define SIM_PWEN        PIO_PA5
 #define VCC_FWD         PIO_PA26
 
-
-//**     USB **/
-// USB pull-up control pin definition (PA16).
-// Default: 1 (USB Pullup deactivated) 
-#define PIN_USB_PULLUP  {1 << 16, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** Pin configuration to control USB pull-up on D+
+ *  @details the USB pull-up on D+ is enable by default on the board but can be disabled by setting PA16 high
+ */
+#define PIN_USB_PULLUP  {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 
 // Board has UDP controller
 #define BOARD_USB_UDP
 // D+ has external pull-up
 #define BOARD_USB_PULLUP_EXTERNAL
 
-#define BOARD_USB_NUMENDPOINTS      8
-
-// FIXME: in all other cases return 0?
-#define BOARD_USB_ENDPOINTS_MAXPACKETSIZE(i)    (((i == 4) || (i == 5))? 512 : 64)
-#define BOARD_USB_ENDPOINTS_BANKS(i)            (((i == 0) || (i == 3)) ? 1 : 2)
-
-#define USB_VENDOR_OPENMOKO		0x1d50
-#define USB_PRODUCT_OWHW_SAM3_DFU	0x4001	/* was 0x4000 */
-#define USB_PRODUCT_OWHW_SAM3		0x4001
-#define USB_PRODUCT_QMOD_HUB		0x4002
-#define USB_PRODUCT_QMOD_SAM3_DFU	0x4004	/* was 0x4003 */
-#define USB_PRODUCT_QMOD_SAM3		0x4004
-#define USB_PRODUCT_SIMTRACE2_DFU	0x60e3	/* was 0x60e2 */
-#define USB_PRODUCT_SIMTRACE2		0x60e3
-
 #define BOARD_USB_DFU
 #define BOARD_DFU_BOOT_SIZE	(16 * 1024)
 #define BOARD_DFU_RAM_SIZE	(2 * 1024)
@@ -119,4 +116,5 @@
 
 extern void board_exec_dbg_cmd(int ch);
 extern void board_main_top(void);
+extern int board_override_enter_dfu(void);
 #endif

firmware/libboard/common/include/boardver_adc.h

@@ -1,3 +1,4 @@
 #pragma once
 
+uint32_t adc2uv(uint16_t adc);
 int get_board_version_adc(void);

firmware/libboard/common/include/led.h

@@ -13,9 +13,10 @@ enum led_pattern {
 	BLINK_3O_30F		= 3,
 	BLINK_3O_1F_3O_30F	= 4,
 	BLINK_3O_1F_3O_1F_3O_30F= 5,
-	BLINK_200O_F		= 6,
-	BLINK_600O_F		= 7,
-	BLINK_CUSTOM		= 8,
+	BLINK_2O_F		= 6,
+	BLINK_200O_F		= 7,
+	BLINK_600O_F		= 8,
+	BLINK_CUSTOM		= 9,
 	_NUM_LED_BLINK
 };
 

firmware/libboard/common/source/board_cstartup_gnu.c

@@ -2,6 +2,7 @@
  *         ATMEL Microcontroller Software Support
  * ----------------------------------------------------------------------------
  * Copyright (c) 2010, Atmel Corporation
+ * Copyright (C) 2017, Harald Welte <laforge@gnumonks.org>
  *
  * All rights reserved.
  *
@@ -133,7 +134,7 @@ static void BootIntoApp(void)
 
 	pSrc = (unsigned int *) ((unsigned char *)IFLASH_ADDR + BOARD_DFU_BOOT_SIZE);
 	SCB->VTOR = ((unsigned int)(pSrc)) | (0x0 << 7);
-	appReset = pSrc[1];
+	appReset = (void(*)(void))pSrc[1];
 
 	g_dfu->state = DFU_STATE_appIDLE;
 
@@ -158,9 +159,20 @@ void ResetException( void )
      * not initialized yet */
     g_dfu = &_g_dfu;
     if ((g_dfu->magic != USB_DFU_MAGIC) && !USBDFU_OverrideEnterDFU()) {
-        BootIntoApp();
-        /* Infinite loop */
-        while ( 1 ) ;
+        /* start application if valid
+         * the application starts with the vector table
+         * the first entry in the vector table is the initial stack pointer (SP) address
+         * the stack will be placed in RAM, which begins at 0x2000 0000
+         * there is up to 48 KB of RAM (0xc000)
+         * since the stack grown "downwards" it should start at the end of the RAM: max 0x2000 c000
+         * if the SP is not in this range (e.g. flash has been erased) there is no valid application
+         * the second entry in the vector table is the reset address, corresponding to the application start
+         */
+        if (((*((uint32_t*)(IFLASH_ADDR+BOARD_DFU_BOOT_SIZE)))&0xFFFF0000)==0x20000000) {
+            BootIntoApp();
+            /* Infinite loop */
+            while ( 1 ) ;
+        }
     }
 #endif
 

firmware/libboard/common/source/boardver_adc.c

@@ -1,9 +1,8 @@
 #include "board.h"
 #include "boardver_adc.h"
 
-/* FIXME: share this with mode_cardemu.c */
-#define UV_PER_LSB	((3300 * 1000) / 4096)
-static uint32_t adc2uv(uint16_t adc)
+#define UV_PER_LSB     ((3300 * 1000) / 4096)
+uint32_t adc2uv(uint16_t adc)
 {
 	uint32_t uv = (uint32_t) adc * UV_PER_LSB;
 	return uv;

firmware/libboard/common/source/led.c

@@ -16,9 +16,9 @@ static void led_set(enum led led, int on)
 	ASSERT(led < PIO_LISTSIZE(pinsLeds));
 
 	if (on)
-        	PIO_Set(&pinsLeds[led]);
-	else
         	PIO_Clear(&pinsLeds[led]);
+	else
+        	PIO_Set(&pinsLeds[led]);
 }
 
 /* LED blinking code */
@@ -27,7 +27,7 @@ static void led_set(enum led led, int on)
 struct blink_state {
 	/* duration of the state in ms */
 	uint16_t duration;
-	/* bringhtness of LED during the state */
+	/* brightness of LED during the state */
 	uint8_t on;
 } __attribute__((packed));
 
@@ -54,6 +54,9 @@ static const struct blink_state bs_3on_1off_3on_30off[] = {
 static const struct blink_state bs_3on_1off_3on_1off_3on_30off[] = {
 	{ 300, 1 }, { 100, 0 }, { 300, 1 }, { 100, 0 }, { 300, 1 }, { 3000, 0 }
 };
+static const struct blink_state bs_2on_off[] = {
+	{ 200, 1 }, { 0, 0 },
+};
 static const struct blink_state bs_200on_off[] = {
 	{ 20000, 1 }, { 0, 0 },
 };
@@ -94,6 +97,10 @@ static const struct blink_pattern patterns[] = {
 		.states = bs_3on_1off_3on_1off_3on_30off,
 		.size = ARRAY_SIZE(bs_3on_1off_3on_1off_3on_30off),
 	},
+	[BLINK_2O_F] = {
+		.states = bs_2on_off,
+		.size = ARRAY_SIZE(bs_2on_off),
+	},
 	[BLINK_200O_F] = {
 		.states = bs_200on_off,
 		.size = ARRAY_SIZE(bs_200on_off),
@@ -158,16 +165,16 @@ static void blink_tmr_cb(void *data)
 }
 
 static struct led_state led_state[] = {
-	[LED_GREEN] = {
-		.led = LED_GREEN,
-		.timer.cb = blink_tmr_cb,
-		.timer.data = &led_state[LED_GREEN],
-	},
 	[LED_RED] = {
 		.led = LED_RED,
 		.timer.cb = blink_tmr_cb,
 		.timer.data = &led_state[LED_RED],
 	},
+	[LED_GREEN] = {
+		.led = LED_GREEN,
+		.timer.cb = blink_tmr_cb,
+		.timer.data = &led_state[LED_GREEN],
+	},
 };
 #endif /* PINS_LEDS */
 

firmware/libboard/common/source/sim_switch.c

@@ -2,6 +2,7 @@
 
 #include "board.h"
 #include "trace.h"
+#include "led.h"
 #include "sim_switch.h"
 
 #ifdef PIN_SIM_SWITCH1
@@ -16,6 +17,7 @@ static int initialized = 0;
 int sim_switch_use_physical(unsigned int nr, int physical)
 {
 	const Pin *pin;
+	enum led led;
 
 	if (!initialized) {
 		TRACE_ERROR("Somebody forgot to call sim_switch_init()\r\n");
@@ -29,11 +31,13 @@ int sim_switch_use_physical(unsigned int nr, int physical)
 #ifdef PIN_SIM_SWITCH1
 	case 0:
 		pin = &pin_conn_usim1;
+		led = LED_USIM1;
 		break;
 #endif
 #ifdef PIN_SIM_SWITCH2
 	case 1:
 		pin = &pin_conn_usim2;
+		led = LED_USIM2;
 		break;
 #endif
 	default:
@@ -44,9 +48,11 @@ int sim_switch_use_physical(unsigned int nr, int physical)
 	if (physical) {
 		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
 		PIO_Clear(pin);
+		led_blink(led, BLINK_ALWAYS_ON);
 	} else {
 		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
 		PIO_Set(pin);
+		led_blink(led, BLINK_ALWAYS_OFF);
 	}
 
 	return 0;
@@ -63,5 +69,6 @@ int sim_switch_init(void)
 	PIO_Configure(&pin_conn_usim2, 1);
 	num_switch++;
 #endif
+	initialized = 1;
 	return num_switch;
 }

firmware/libboard/common/source/uart_console.c

@@ -43,6 +43,8 @@
 #include <stdio.h>
 #include <stdint.h>
 
+#include "ringbuffer.h"
+
 /*----------------------------------------------------------------------------
  *        Definitions
  *----------------------------------------------------------------------------*/
@@ -52,7 +54,9 @@
  *----------------------------------------------------------------------------*/
 
 /** Is Console Initialized. */
-static uint8_t _ucIsConsoleInitialized=0 ;
+static uint8_t _ucIsConsoleInitialized=0;
+/** Ring buffer to queue data to be sent */
+static ringbuf uart_tx_buffer;
 
 /**
  * \brief Configures an USART peripheral with the specified parameters.
@@ -63,7 +67,7 @@ static uint8_t _ucIsConsoleInitialized=0 ;
 extern void UART_Configure( uint32_t baudrate, uint32_t masterClock)
 {
     const Pin pPins[] = CONSOLE_PINS;
-    Uart *pUart = CONSOLE_USART;
+    Uart *pUart = CONSOLE_UART;
 
     /* Configure PIO */
     PIO_Configure(pPins, PIO_LISTSIZE(pPins));
@@ -85,12 +89,34 @@ extern void UART_Configure( uint32_t baudrate, uint32_t masterClock)
     /* Disable PDC channel */
     pUart->UART_PTCR = UART_PTCR_RXTDIS | UART_PTCR_TXTDIS;
 
+    /* Reset transmit ring buffer */
+    rbuf_reset(&uart_tx_buffer);
+
+    /* Enable TX interrupts */
+    pUart->UART_IER = UART_IER_TXRDY;
+    NVIC_EnableIRQ(CONSOLE_IRQ);
+    
     /* Enable receiver and transmitter */
     pUart->UART_CR = UART_CR_RXEN | UART_CR_TXEN;
 
+    /* Remember the configuration is complete */
     _ucIsConsoleInitialized=1 ;
 }
 
+/** Interrupt Service routine to transmit queued data */
+void CONSOLE_ISR(void)
+{
+	Uart *uart = CONSOLE_UART;
+	if (uart->UART_SR & UART_SR_TXRDY) {
+		if (!rbuf_is_empty(&uart_tx_buffer)) {
+			//uart->UART_IER = UART_IER_TXRDY;
+			uart->UART_THR = rbuf_read(&uart_tx_buffer);
+		} else {
+			uart->UART_IDR = UART_IER_TXRDY;
+		}
+	}
+}
+
 /**
  * \brief Outputs a character on the UART line.
  *
@@ -99,19 +125,26 @@ extern void UART_Configure( uint32_t baudrate, uint32_t masterClock)
  */
 extern void UART_PutChar( uint8_t c )
 {
-    Uart *pUart=CONSOLE_USART ;
+    Uart *pUart = CONSOLE_UART ;
 
+    /* Initialize console is not already done */
     if ( !_ucIsConsoleInitialized )
     {
         UART_Configure(CONSOLE_BAUDRATE, BOARD_MCK);
     }
 
-    /* Wait for the transmitter to be ready */
-    while ( (pUart->UART_SR & UART_SR_TXEMPTY) == 0 ) ;
-
-    /* Send character */
-    pUart->UART_THR=c ;
-
+    /* Only store input if buffer is not full, else drop it */
+    bool trigger_isr = false;
+    if (rbuf_is_empty(&uart_tx_buffer)) {
+        trigger_isr = true;
+    }
+    if (!rbuf_is_full(&uart_tx_buffer)) {
+        rbuf_write(&uart_tx_buffer, c);
+    }
+    if (trigger_isr) {
+        pUart->UART_IER = UART_IER_TXRDY;
+        CONSOLE_ISR();
+    }
 }
 
 /**
@@ -122,14 +155,15 @@ extern void UART_PutChar( uint8_t c )
  */
 extern uint32_t UART_GetChar( void )
 {
-    Uart *pUart=CONSOLE_USART ;
+    Uart *pUart = CONSOLE_UART ;
 
     if ( !_ucIsConsoleInitialized )
     {
         UART_Configure(CONSOLE_BAUDRATE, BOARD_MCK);
     }
 
-    while ( (pUart->UART_SR & UART_SR_RXRDY) == 0 ) ;
+    while ( (pUart->UART_SR & UART_SR_RXRDY) == 0 )
+        WDT_Restart(WDT);
 
     return pUart->UART_RHR ;
 }
@@ -141,7 +175,7 @@ extern uint32_t UART_GetChar( void )
  */
 extern uint32_t UART_IsRxReady( void )
 {
-    Uart *pUart=CONSOLE_USART ;
+    Uart *pUart = CONSOLE_UART;
 
     if ( !_ucIsConsoleInitialized )
     {
@@ -281,6 +315,7 @@ extern uint32_t UART_GetInteger( uint32_t* pdwValue )
                 return 0 ;
             }
         }
+        WDT_Restart(WDT);
     }
 }
 

firmware/libboard/owhw/include/board.h

@@ -1,5 +1,6 @@
 #pragma once
 #include "board_common.h"
+#include "simtrace_usb.h"
 
 /** Name of the board */
 #define BOARD_NAME "OWHW"

firmware/libboard/qmod/include/board.h

@@ -1,5 +1,9 @@
 #pragma once
 #include "board_common.h"
+#include "simtrace_usb.h"
+
+#define LED_USIM1	LED_GREEN
+#define LED_USIM2	LED_RED
 
 /** Name of the board */
 #define BOARD_NAME "QMOD"

firmware/libboard/qmod/source/board_qmod.c

@@ -9,7 +9,7 @@
 #include "sim_switch.h"
 #include "boardver_adc.h"
 #include "card_pres.h"
-#include "osmocom/core/timer.h"
+#include <osmocom/core/timer.h>
 #include "usb_buf.h"
 
 static const Pin pin_hubpwr_override = PIN_PRTPWR_OVERRIDE;
@@ -249,3 +249,39 @@ void board_main_top(void)
 	card_present_init();
 #endif
 }
+
+static int uart_has_loopback_jumper(void)
+{
+	unsigned int i;
+	const Pin uart_loopback_pins[] = {
+		{PIO_PA9A_URXD0, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT},
+		{PIO_PA10A_UTXD0, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+	};
+
+	/* Configure UART pins as I/O */
+	PIO_Configure(uart_loopback_pins, PIO_LISTSIZE(uart_loopback_pins));
+
+	for (i = 0; i < 10; i++) {
+		/* Set TxD high; abort if RxD doesn't go high either */
+		PIO_Set(&uart_loopback_pins[1]);
+		if (!PIO_Get(&uart_loopback_pins[0]))
+			return 0;
+		/* Set TxD low, abort if RxD doesn't go low either */
+		PIO_Clear(&uart_loopback_pins[1]);
+		if (PIO_Get(&uart_loopback_pins[0]))
+			return 0;
+	}
+	/* if we reached here, RxD always follows TxD and thus a
+	 * loopback jumper has been placed on RxD/TxD, and we will boot
+	 * into DFU unconditionally */
+	return 1;
+}
+
+int board_override_enter_dfu(void)
+{
+	/* If the loopback jumper is set, we enter DFU mode */
+	if (uart_has_loopback_jumper())
+		return 1;
+
+	return 0;
+}

firmware/libboard/qmod/source/card_pres.c

@@ -17,9 +17,9 @@ int is_card_present(int port)
 	const Pin *pin;
 	int present;
 
-	if (port < 1 || port > NUM_CARDPRES)
+	if (port < 0 || port >= NUM_CARDPRES)
 		return -1;
-	pin = &pin_cardpres[port-1];
+	pin = &pin_cardpres[port];
 
 	/* Card present signals are low-active, as we have a switch
 	 * against GND and an internal-pull-up in the SAM3 */
@@ -32,12 +32,12 @@ static void cardpres_tmr_cb(void *data)
 {
 	unsigned int i;
 
-	for (i = 1; i <= ARRAY_SIZE(pin_cardpres); i++) {
+	for (i = 0; i < ARRAY_SIZE(pin_cardpres); i++) {
 		int state = is_card_present(i);
-		if (state != last_state[i-1]) {
-			TRACE_INFO("Card Detect %d Status %d -> %d\r\n", i, last_state[i], state);
+		if (state != last_state[i]) {
+			TRACE_INFO("%u: Card Detect Status %d -> %d\r\n", i, last_state[i], state);
 			/* FIXME: report to USB host */
-			last_state[i-1] = state;
+			last_state[i] = state;
 		}
 	}
 

firmware/libboard/qmod/source/wwan_led.c

@@ -14,9 +14,9 @@ static const Pin pin_wwan1 = PIN_WWAN1;
 
 static void wwan1_irqhandler(const Pin *pPin)
 {
-	int active = wwan_led_active(1);
+	int active = wwan_led_active(0);
 
-	TRACE_INFO("WWAN1 LED %u\r\n", active);
+	TRACE_INFO("0: WWAN LED %u\r\n", active);
 
 	/* TODO: notify host via USB */
 }
@@ -27,8 +27,8 @@ static const Pin pin_wwan2 = PIN_WWAN2;
 
 static void wwan2_irqhandler(const Pin *pPin)
 {
-	int active = wwan_led_active(2);
-	TRACE_INFO("WWAN2 LED %u\r\n", active);
+	int active = wwan_led_active(1);
+	TRACE_INFO("1: WWAN LED %u\r\n", active);
 
 	/* TODO: notify host via USB */
 }
@@ -42,12 +42,12 @@ int wwan_led_active(int wwan)
 
 	switch (wwan) {
 #ifdef PIN_WWAN1
-	case 1:
+	case 0:
 		pin = &pin_wwan1;
 		break;
 #endif
 #ifdef PIN_WWAN2
-	case 2:
+	case 1:
 		pin = &pin_wwan2;
 		break;
 #endif

firmware/libboard/qmod/source/wwan_perst.c

@@ -9,21 +9,24 @@
 #include "board.h"
 #include "trace.h"
 #include "wwan_perst.h"
-#include "osmocom/core/timer.h"
+#include <osmocom/core/timer.h>
 
 struct wwan_perst {
+	uint8_t idx;
 	const Pin pin;
 	struct osmo_timer_list timer;
 };
 
 #ifdef PIN_PERST1
 static struct wwan_perst perst1 = {
+	.idx = 0,
 	.pin = PIN_PERST1,
 };
 #endif
 
 #ifdef PIN_PERST2
 static struct wwan_perst perst2 = {
+	.idx = 1,
 	.pin = PIN_PERST2,
 };
 #endif
@@ -34,7 +37,7 @@ static void perst_tmr_cb(void *data)
 {
 	struct wwan_perst *perst = data;
 	/* release the (low-active) reset */
-	TRACE_INFO("De-asserting modem reset\r\n");
+	TRACE_INFO("%u: De-asserting modem reset\r\n", perst->idx);
 	PIO_Clear(&perst->pin);
 }
 
@@ -106,5 +109,6 @@ int wwan_perst_init(void)
 	perst2.timer.data = (void *) &perst2;
 	num_perst++;
 #endif
+	initialized = 1;
 	return num_perst;
 }

firmware/libboard/simtrace/include/board.h

@@ -1,87 +1,121 @@
 #pragma once
 #include "board_common.h"
+#include "simtrace_usb.h"
 
-/** Name of the board */
+/* Name of the board */
 #define BOARD_NAME "SAM3S-SIMTRACE"
-/** Board definition */
+/* Board definition */
 #define simtrace
 
+/* Board main oscillator frequency (in Hz) */
 #define BOARD_MAINOSC 18432000
 
-/** Phone (SIM card emulator)/CCID Reader/MITM configuration    **/
-/*  Normally the communication lines between phone and SIM card are disconnected    */
-// Disconnect SIM card I/O, VPP line from the phone lines
-// FIXME: Per default pins are input, therefore high-impedance, therefore they don not activate the bus switch, right?
-#define PIN_SC_SW_DEFAULT               {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-// Disconnect SIM card RST, CLK line from the phone lines
-#define PIN_IO_SW_DEFAULT               {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-#define PINS_BUS_DEFAULT                PIN_SC_SW_DEFAULT, PIN_IO_SW_DEFAULT
+/** Pin configuration **/
+/* Button to force bootloader start (shorted to ground when pressed */
+#define PIN_BOOTLOADER_SW      {PIO_PA31, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP}
+/* Enable powering the card using the second 3.3 V output of the LDO (active high) */
+#define SIM_PWEN_PIN           {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Enable powering the SIM card */
+#define PWR_PINS                SIM_PWEN_PIN
+/* Card presence pin */
+#define SW_SIM                  PIO_PA8
+/* Pull card presence pin high (shorted to ground in card slot when card is present) */
+#define SMARTCARD_CONNECT_PIN  {SW_SIM, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP | PIO_DEBOUNCE | PIO_DEGLITCH | PIO_IT_EDGE }
+
+/** Smart card connection **/
+/* Card RST reset signal input (active low; RST_SIM in schematic) */
+#define PIN_SIM_RST            {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Card I/O data signal input/output (I/O_SIM in schematic) */
+#define PIN_SIM_IO             {PIO_PA6A_TXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Card CLK clock input (CLK_SIM in schematic) */
+#define PIN_SIM_CLK            {PIO_PA2B_SCK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pin to measure card I/O timing (to start measuring the ETU on I/O activity; connected I/O_SIM in schematic) */
+#define PIN_SIM_IO_INPUT       {PIO_PA1B_TIOB0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_SIM in schematic) */
+#define PIN_SIM_CLK_INPUT      {PIO_PA4B_TCLK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pins used to measure ETU timing (using timer counter) */ 
+#define PINS_TC                 PIN_SIM_IO_INPUT, PIN_SIM_CLK_INPUT
+
+/** Phone connection **/
+/* Phone USIM slot 1 VCC pin (VCC_PHONE in schematic) */
+#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+/* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
+#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_RISE_EDGE | PIO_DEGLITCH }
+/* Phone I/O data signal input/output (I/O_PHONE in schematic) */
+#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Phone CLK clock input (CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used for phone USIM slot 1 communication */
+#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+/* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
+#define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK_INPUT    {PIO_PA29B_TCLK2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+/** Default pin configuration **/
+/* Disconnect VPP, CLK, and RST lines between card and phone using bus switch (high sets bus switch to high-impedance) */
+#define PIN_SC_SW_DEFAULT      {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Disconnect I/O line between card and phone using bus switch (high sets bus switch to high-impedance) */
+#define PIN_IO_SW_DEFAULT      {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Disconnect all lines (VPP, CLK, RST, and I/O) between card and phone */
+#define PINS_BUS_DEFAULT        PIN_SC_SW_DEFAULT, PIN_IO_SW_DEFAULT
 
 /** Sniffer configuration **/
-// Connect VPP, CLK and RST lines from smartcard to the phone
+/* Connect VPP, CLK, and RST lines between card and phone using bus switch (low connects signals on bus switch) */
 #define PIN_SC_SW_SNIFF        {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Connect I/O line between card and phone using bus switch (low connects signals on bus switch) */
 #define PIN_IO_SW_SNIFF        {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Connect all lines (VPP, CLK, RST, and I/O) between card and phone */
 #define PINS_BUS_SNIFF          PIN_SC_SW_SNIFF, PIN_IO_SW_SNIFF
+/* Card RST reset signal input (use as input since the phone will drive it) */
+#define PIN_SIM_RST_SNIFF      {PIO_PA7, PIOA, ID_PIOA, PIO_INPUT, PIO_DEGLITCH | PIO_IT_EDGE}
+/* Pins used to sniff phone-card communication */
+#define PINS_SIM_SNIFF          PIN_SIM_IO, PIN_SIM_CLK, PIN_SIM_RST_SNIFF
+/* Disable power converter 4.5-6V to 3.3V (active high) */
+#define PIN_SIM_PWEN_SNIFF     {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Enable power switch to forward VCC_PHONE to VCC_SIM (active high) */
+#define PIN_VCC_FWD_SNIFF      {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Use phone VCC to power card */
+#define PINS_PWR_SNIFF          PIN_SIM_PWEN_SNIFF, PIN_VCC_FWD_SNIFF
 
-#define PINS_SIM_SNIFF_SIM      PIN_PHONE_IO,  PIN_PHONE_CLK
+/** CCID configuration */
+/* Card RST reset signal input (active low; RST_SIM in schematic) */
+#define PIN_ISO7816_RSTMC      {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* ISO7816-communication related pins */
+#define PINS_ISO7816            PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
 
-#define SIM_PWEN_PIN            {PIO_PA5, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-
-#define PWR_PINS                                                         \
-    /* Enable power converter 4.5-6V to 3.3V; low: off */               \
-    {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT},               \
-    /* Enable second power converter: VCC_PHONE to VCC_SIM; high: on */ \
-    {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-
-#define SW_SIM      PIO_PA8
-#define SMARTCARD_CONNECT_PIN {SW_SIM, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP | PIO_DEBOUNCE | PIO_DEGLITCH | PIO_IT_EDGE }
-//#define SMARTCARD_CONNECT_PIN {SW_SIM, PIOB, ID_PIOB, PIO_INPUT, PIO_PULLUP | PIO_DEBOUNCE | PIO_IT_EDGE}
-
-/// PIN used for resetting the smartcard
-// FIXME: Card is resetted with pin set to 0 --> PIO_OUTPUT_1 as default is right?
-#define PIN_ISO7816_RSTMC       {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
-
-/// Pins used for connect the smartcard
-#define PIN_SIM_IO_INPUT    {PIO_PA1, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
-#define PIN_SIM_IO          {PIO_PA6, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
-#define PIN_SIM_CLK         {PIO_PA2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
-#define PIN_SIM_CLK_INPUT   {PIO_PA4, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
-//#define PINS_ISO7816            PIN_USART1_TXD, PIN_USART1_SCK, PIN_ISO7816_RSTMC
-#define PINS_ISO7816        PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
-
-#define PINS_TC             PIN_SIM_IO_INPUT, PIN_SIM_CLK_INPUT
-
-#define VCC_PHONE                   {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
-#define PIN_ISO7816_RST_PHONE       {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_RISE_EDGE | PIO_DEGLITCH }
-#define PIN_PHONE_IO_INPUT          {PIO_PA21, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
-#define PIN_PHONE_IO                {PIO_PA22, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
-#define PIN_PHONE_CLK               {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}     // External Clock Input on PA28
-//#define PIN_PHONE_CLK               {PIO_PA23A_SCK1, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}     // External Clock Input on PA28
-#define PIN_PHONE_CLK_INPUT         {PIO_PA29, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
-#define PINS_ISO7816_PHONE          PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, VCC_PHONE, PIN_PHONE_IO_INPUT, PIN_ISO7816_RST_PHONE
-//, VCC_PHONE
-
-
-//**     SPI interface   **/
-/// SPI MISO pin definition (PA12).
-#define PIN_SPI_MISO   {1 << 12, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
-/// SPI MOSI pin definition (PA13).
-#define PIN_SPI_MOSI   {1 << 13, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
-/// SPI SPCK pin definition (PA14).
-#define PIN_SPI_SPCK   {1 << 14, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
-/// SPI pins definition. Contains MISO, MOSI & SPCK (PA12, PA13 & PA14).
-#define PINS_SPI       PIN_SPI_MISO, PIN_SPI_MOSI, PIN_SPI_SPCK
-/// SPI chip select 0 pin definition (PA11).
-#define PIN_SPI_NPCS0  {1 << 11, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/** External SPI flash interface   **/
+/* SPI MISO pin definition */
+#define PIN_SPI_MISO  {PIO_PA12A_MISO, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
+/* SPI MOSI pin definition */
+#define PIN_SPI_MOSI  {PIO_PA13A_MOSI, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI SCK pin definition */
+#define PIN_SPI_SCK   {PIO_PA14A_SPCK, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI pins definition. Contains MISO, MOSI & SCK */
+#define PINS_SPI       PIN_SPI_MISO, PIN_SPI_MOSI, PIN_SPI_SCK
+/* SPI chip select 0 pin definition */
+#define PIN_SPI_NPCS0 {PIO_PA11A_NPCS0, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI flash write protect pin (active low, pulled low) */
+#define PIN_SPI_WP    {PA15, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 
+/** USB definitions */
+/* OpenMoko SIMtrace 2 USB vendor ID */
+#define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
+/* OpenMoko SIMtrace 2 USB product ID (main application/runtime mode) */
+#define BOARD_USB_PRODUCT_ID	USB_PRODUCT_SIMTRACE2
+/* OpenMoko SIMtrace 2 DFU USB product ID (DFU bootloader/DFU mode) */
+#define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_SIMTRACE2_DFU
+/* USB release number (bcdDevice, shown as 0.00) */
+#define BOARD_USB_RELEASE	0x000
+/* Indicate SIMtrace is bus power in USB attributes */
 #define BOARD_USB_BMATTRIBUTES	USBConfigurationDescriptor_BUSPOWERED_NORWAKEUP
 
-#define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
-#define BOARD_USB_PRODUCT_ID	USB_PRODUCT_SIMTRACE2
-#define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_SIMTRACE2_DFU
-#define BOARD_USB_RELEASE	0x000
-
+/** Supported modes */
+/* SIMtrace board supports sniffer mode */
 #define HAVE_SNIFFER
-#define HAVE_CCID
-#define HAVE_CARDEM
-#define HAVE_MITM
+/* SIMtrace board supports CCID mode */
+//#define HAVE_CCID
+/* SIMtrace board supports card emulation mode */
+//#define HAVE_CARDEM
+/* SIMtrace board supports man-in-the-middle mode */
+//#define HAVE_MITM

firmware/libboard/simtrace/source/board_simtrace.c

@@ -0,0 +1,52 @@
+/* SIMtrace specific application code */
+/* (C) 2017 by Harald Welte <laforge@gnumonks.org> */
+
+#include "board.h"
+#include "simtrace.h"
+#include "utils.h"
+#include "sim_switch.h"
+#include <osmocom/core/timer.h>
+#include "usb_buf.h"
+
+void board_exec_dbg_cmd(int ch)
+{
+	switch (ch) {
+	case '?':
+		printf("\t?\thelp\n\r");
+		printf("\tR\treset SAM3\n\r");
+		break;
+	case 'R':
+		printf("Asking NVIC to reset us\n\r");
+		USBD_Disconnect();
+		NVIC_SystemReset();
+		break;
+	default:
+		printf("Unknown command '%c'\n\r", ch);
+		break;
+	}
+}
+
+void board_main_top(void)
+{
+#ifndef APPLICATION_dfu
+	usb_buf_init();
+
+	/* Initialize checking for card insert/remove events */
+	//card_present_init();
+#endif
+}
+
+int board_override_enter_dfu(void)
+{
+	const Pin bl_sw_pin = PIN_BOOTLOADER_SW;
+
+	PIO_Configure(&bl_sw_pin, 1);
+
+	/* Enter DFU bootloader in case the respective button is pressed */
+	if (PIO_Get(&bl_sw_pin) == 0) {
+		/* do not print to early since the console is not initialized yet */
+		//printf("BOOTLOADER switch pressed -> Force DFU\n\r");
+		return 1;
+	} else
+		return 0;
+}

firmware/libcommon/include/iso7816_fidi.h

@@ -2,5 +2,11 @@
 
 #include <stdint.h>
 
+/* Table 7 of ISO 7816-3:2006 */
+extern const uint16_t fi_table[];
+
+/* Table 8 from ISO 7816-3:2006 */
+extern const uint8_t di_table[];
+
 /* compute the F/D ratio based on Fi and Di values */
 int compute_fidi_ratio(uint8_t fi, uint8_t di);

firmware/libcommon/include/llist_irqsafe.h

@@ -1,19 +1,24 @@
 #pragma once
 
-#include "osmocom/core/linuxlist.h"
+#include <osmocom/core/linuxlist.h>
+#include "utils.h"
 
 static inline void llist_add_irqsafe(struct llist_head *_new,
 					  struct llist_head *head)
 {
-	__disable_irq();
+	unsigned long x;
+
+	local_irq_save(x);
 	llist_add(_new, head);
-	__enable_irq();
+	local_irq_restore(x);
 }
 
 static inline void llist_add_tail_irqsafe(struct llist_head *_new,
 					  struct llist_head *head)
 {
-	__disable_irq();
+	unsigned long x;
+
+	local_irq_save(x);
 	llist_add_tail(_new, head);
 	__enable_irq();
 }
@@ -21,15 +26,16 @@ static inline void llist_add_tail_irqsafe(struct llist_head *_new,
 static inline struct llist_head *llist_head_dequeue_irqsafe(struct llist_head *head)
 {
 	struct llist_head *lh;
+	unsigned long x;
 
-	__disable_irq();
+	local_irq_save(x);
 	if (llist_empty(head)) {
 		lh = NULL;
 	} else {
 		lh = head->next;
 		llist_del(lh);
 	}
-	__enable_irq();
+	local_irq_restore(x);
 
 	return lh;
 }

firmware/libcommon/include/ringbuffer.h

@@ -5,7 +5,7 @@
 #include <stdbool.h>
 #include <sys/types.h>
 
-#define RING_BUFLEN 128
+#define RING_BUFLEN 512
 
 typedef struct ringbuf {
 	uint8_t buf[RING_BUFLEN];

firmware/libcommon/include/simtrace.h

@@ -3,22 +3,10 @@
 
 #include "ringbuffer.h"
 #include "board.h"
-
-/* Endpoint numbers */
-#define DATAOUT     1
-#define DATAIN      2
-#define INT         3
+#include <usb/device/dfu/dfu.h>
 
 #define BUFLEN  512
 
-#define PHONE_DATAOUT     4
-#define PHONE_DATAIN      5
-#define PHONE_INT         6
-
-#define CARDEM_USIM2_DATAOUT	DATAOUT
-#define CARDEM_USIM2_DATAIN	DATAIN
-#define CARDEM_USIM2_INT	INT
-
 #define CLK_MASTER      true
 #define CLK_SLAVE       false
 
@@ -71,12 +59,16 @@ typedef struct {
     USBEndpointDescriptor      bulkIn;
     /// Interrupt OUT endpoint descriptor
     USBEndpointDescriptor      interruptIn;
+    DFURT_IF_DESCRIPTOR_STRUCT
 } __attribute__ ((packed)) CCIDDriverConfigurationDescriptors;
 
 extern const USBConfigurationDescriptor *configurationDescriptorsArr[];
 
-int check_data_from_phone();
-void update_fidi(uint8_t fidi);
+/*! Update USART baud rate to Fi/Di ratio
+ *  @param[io] usart USART peripheral base address
+ *  @param[in] fidi FiDi value as provided in TA interface byte
+ */
+void update_fidi(Usart *usart, uint8_t fidi);
 
 void ISR_PhoneRST( const Pin *pPin);
 
@@ -106,6 +98,9 @@ extern void CCID_run( void );
 extern void mode_cardemu_run(void);
 extern void MITM_run( void );
 
+/*  IRQ functions   */
+extern void Sniffer_usart0_irq(void);
+extern void Sniffer_usart1_irq(void);
 extern void mode_cardemu_usart0_irq(void);
 extern void mode_cardemu_usart1_irq(void);
 

firmware/libcommon/include/simtrace_prot.h

@@ -1,7 +1,3 @@
-#pragma once
-
-#include <stdint.h>
-
 /* SIMtrace2 USB protocol */
 
 /* (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
@@ -21,6 +17,10 @@
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  *
  */
+#pragma once
+
+#include <stdint.h>
+#include <stdbool.h>
 
 /***********************************************************************
  * COMMON HEADER
@@ -30,10 +30,10 @@ enum simtrace_msg_class {
 	SIMTRACE_MSGC_GENERIC = 0,
 	/* Card Emulation / Forwarding */
 	SIMTRACE_MSGC_CARDEM,
-	/* Modem Control (if modem is attached next to device */
+	/* Modem Control (if modem is attached next to device) */
 	SIMTRACE_MSGC_MODEM,
-	/* SIM protocol tracing */
-	SIMTRACE_MSGC_TRACE,
+	/* Reader/phone-car/SIM communication sniff */
+	SIMTRACE_MSGC_SNIFF,
 
 	/* first vendor-specific request */
 	_SIMTRACE_MGSC_VENDOR_FIRST = 127,
@@ -74,10 +74,18 @@ enum simtrace_msg_type_modem {
 	SIMTRACE_MSGT_BD_MODEM_STATUS,
 };
 
-/* SIMTRACE_MSGC_TRACE */
-enum simtrace_msg_type_trace {
-	/* FIXME */
-	_dummy,
+/* SIMTRACE_MSGC_SNIFF */
+enum simtrace_msg_type_sniff {
+	/* Status change (card inserted, reset, ...) */
+	SIMTRACE_MSGT_SNIFF_CHANGE = 0,
+	/* Fi/Di baudrate change */
+	SIMTRACE_MSGT_SNIFF_FIDI,
+	/* ATR data */
+	SIMTRACE_MSGT_SNIFF_ATR,
+	/* PPS (request or response) data */
+	SIMTRACE_MSGT_SNIFF_PPS,
+	/* TPDU data */
+	SIMTRACE_MSGT_SNIFF_TPDU,
 };
 
 /* common message header */
@@ -92,7 +100,7 @@ struct simtrace_msg_hdr {
 } __attribute__ ((packed));
 
 /***********************************************************************
- * CARD EMULATOR / FORWARDER
+ * Capabilities
  ***********************************************************************/
 
 /* generic capabilities */
@@ -107,7 +115,7 @@ enum simtrace_capability_generic {
 	SIMTRACE_CAP_LED_1,
 	/* Has LED2 */
 	SIMTRACE_CAP_LED_2,
-	/* Has Single-Pole Dual-Throw (local/remote SIM */
+	/* Has Single-Pole Dual-Throw (local/remote SIM) */
 	SIMTRACE_CAP_SPDT,
 	/* Has Bus-Switch (trace / MITM) */
 	SIMTRACE_CAP_BUS_SWITCH,
@@ -127,7 +135,7 @@ enum simtrace_capability_generic {
 	SIMTRACE_CAP_ASSERT_MODEM_RST,
 };
 
-/* vendor-specific capabilities of sysmoocm devices */
+/* vendor-specific capabilities of sysmocom devices */
 enum simtrace_capability_vendor {
 	/* Can erase a peer SAM3 controller */
 	SIMTRACE_CAP_SYSMO_QMOD_ERASE_PEER,
@@ -137,7 +145,6 @@ enum simtrace_capability_vendor {
 	SIMTRACE_CAP_SYSMO_QMOD_RESET_HUB,
 };
 
-
 /* SIMTRACE_CMD_BD_BOARD_INFO */
 struct simtrace_board_info {
 	struct {
@@ -253,7 +260,7 @@ struct cardemu_usb_msg_error {
 
 /* SIMTRACE_MSGT_DT_MODEM_RESET */
 struct st_modem_reset {
-	/* 0: de-assert reset, 1: assert reset, 2: poulse reset */
+	/* 0: de-assert reset, 1: assert reset, 2: pulse reset */
 	uint8_t asserted;
 	/* if above is '2', duration of pulse in ms */
 	uint16_t pulse_duration_msec;
@@ -276,3 +283,36 @@ struct st_modem_status {
 	/* bit-field of changed status bits */
 	uint8_t changed_mask;
 } __attribute__((packed));
+
+/***********************************************************************
+ * SNIFF
+ ***********************************************************************/
+
+/* SIMTRACE_MSGT_SNIFF_CHANGE flags */
+#define SNIFF_CHANGE_FLAG_CARD_INSERT (1<<0)
+#define SNIFF_CHANGE_FLAG_CARD_EJECT (1<<1)
+#define SNIFF_CHANGE_FLAG_RESET_HOLD (1<<2)
+#define SNIFF_CHANGE_FLAG_RESET_RELEASE (1<<3)
+#define SNIFF_CHANGE_FLAG_TIMEOUT_WT (1<<4)
+
+/* SIMTRACE_MSGT_SNIFF_CHANGE */
+struct sniff_change {
+	/* SIMTRACE_MSGT_SNIFF_CHANGE flags */
+	uint32_t flags;
+} __attribute__ ((packed));
+
+/* SIMTRACE_MSGT_SNIFF_FIDI */
+struct sniff_fidi {
+	/* Fi/Di values as encoded in TA1 */
+	uint8_t fidi;
+} __attribute__ ((packed));
+
+/* SIMTRACE_MSGT_SNIFF_ATR, SIMTRACE_MSGT_SNIFF_PPS, SIMTRACE_MSGT_SNIFF_TPDU */
+struct sniff_data {
+	/* if the data is complete (an error might have occurred during transmission */
+	bool complete;
+	/* data length */
+	uint16_t length;
+	/* data */
+	uint8_t data[0];
+} __attribute__ ((packed));

firmware/libcommon/include/simtrace_usb.h

@@ -0,0 +1,66 @@
+/* This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * (C) 2018 by Kevin Redon <kredon@sysmocom.de>
+ * All Rights Reserved
+ */
+
+/* SIMtrace USB IDs */
+#define USB_VENDOR_OPENMOKO			0x1d50
+#define USB_PRODUCT_OWHW_SAM3_DFU	0x4001	/* was 0x4000 */
+#define USB_PRODUCT_OWHW_SAM3		0x4001
+#define USB_PRODUCT_QMOD_HUB		0x4002
+#define USB_PRODUCT_QMOD_SAM3_DFU	0x4004	/* was 0x4003 */
+#define USB_PRODUCT_QMOD_SAM3		0x4004
+#define USB_PRODUCT_SIMTRACE2_DFU	0x60e3	/* was 0x60e2 */
+#define USB_PRODUCT_SIMTRACE2		0x60e3
+
+/* USB proprietary class */
+#define USB_CLASS_PROPRIETARY			0xff
+
+/* SIMtrace USB sub-classes */
+/*! Sniffer USB sub-class */
+#define SIMTRACE_SNIFFER_USB_SUBCLASS	1
+/*! Card-emulation USB sub-class */
+#define SIMTRACE_CARDEM_USB_SUBCLASS	2
+
+/* Generic USB endpoint numbers */
+/*! Card-side USB data out (host to device) endpoint number */
+#define SIMTRACE_USB_EP_CARD_DATAOUT	1
+/*! Card-side USB data in (device to host) endpoint number */
+#define SIMTRACE_USB_EP_CARD_DATAIN		2
+/*! Card-side USB interrupt endpoint number */
+#define SIMTRACE_USB_EP_CARD_INT		3
+/*! Phone-side USB data out (host to device) endpoint number */
+#define SIMTRACE_USB_EP_PHONE_DATAOUT	4
+/*! Phone-side USB data in (device to host) endpoint number */
+#define SIMTRACE_USB_EP_PHONE_DATAIN	5
+/*! Phone-side USB interrupt endpoint number */
+#define SIMTRACE_USB_EP_PHONE_INT		6
+
+/* Card-emulation USB endpoint numbers */
+/*! USIM1 USB data out (host to device) endpoint number */
+#define SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT	4
+/*! USIM1 USB data in (device to host) endpoint number */
+#define SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN		5
+/*! USIM1 USB interrupt endpoint number */
+#define SIMTRACE_CARDEM_USB_EP_USIM1_INT		6
+/*! USIM2 USB data out (host to device) endpoint number */
+#define SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT	1
+/*! USIM2 USB data in (device to host) endpoint number */
+#define SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN		2
+/*! USIM2 USB interrupt endpoint number */
+#define SIMTRACE_CARDEM_USB_EP_USIM2_INT		3
+
+/*! Maximum number of endpoints */
+#define BOARD_USB_NUMENDPOINTS		6

firmware/libcommon/include/usb_buf.h

@@ -1,7 +1,7 @@
 #pragma once
 
-#include "osmocom/core/linuxlist.h"
-#include "osmocom/core/msgb.h"
+#include <osmocom/core/linuxlist.h>
+#include <osmocom/core/msgb.h>
 
 /* buffered USB endpoint (with queue of msgb) */
 struct usb_buffered_ep {

firmware/libcommon/source/card_emu.c

@@ -33,8 +33,8 @@
 #include "card_emu.h"
 #include "simtrace_prot.h"
 #include "usb_buf.h"
-#include "osmocom/core/linuxlist.h"
-#include "osmocom/core/msgb.h"
+#include <osmocom/core/linuxlist.h>
+#include <osmocom/core/msgb.h>
 
 
 #define NUM_SLOTS		2

firmware/libcommon/source/cciddriver.c

@@ -83,8 +83,6 @@
 /// Driver structure for an CCID device
 typedef struct {
 
-    /// Standard USB device driver instance
-    USBDDriver             usbdDriver;
     /// CCID message
     S_ccid_bulk_in_header  sCcidMessage;
     /// CCID command
@@ -849,7 +847,6 @@ static void CCIDCommandDispatcher( void *pArg, uint8_t status, uint32_t transfer
 }
 
 
-#if 0
 //------------------------------------------------------------------------------
 /// SETUP request handler for a CCID device
 /// \param pRequest Pointer to a USBGenericRequest instance
@@ -890,7 +887,7 @@ static void CCID_RequestHandler(const USBGenericRequest *pRequest)
     else if (USBGenericRequest_GetType(pRequest) == USBGenericRequest_STANDARD) {
 
         // Forward request to the standard handler
-        USBDDriver_RequestHandler(&(ccidDriver.usbdDriver), pRequest);
+        USBDDriver_RequestHandler(USBD_GetDriver(), pRequest);
     }
     else {
 
@@ -916,7 +913,6 @@ void USBDCallbacks_RequestReceived(const USBGenericRequest *request)
     CCID_RequestHandler(request);
 }
 #endif
-#endif
 
 
 //------------------------------------------------------------------------------

firmware/libcommon/source/host_communication.c

@@ -1,9 +1,10 @@
 #include "board.h"
 #include "llist_irqsafe.h"
 #include "usb_buf.h"
+#include "utils.h"
 
-#include "osmocom/core/linuxlist.h"
-#include "osmocom/core/msgb.h"
+#include <osmocom/core/linuxlist.h>
+#include <osmocom/core/msgb.h>
 #include <errno.h>
 
 /***********************************************************************
@@ -16,12 +17,13 @@ static void usb_write_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
+	unsigned long x;
 
 	TRACE_DEBUG("%s (EP=0x%02x)\r\n", __func__, bep->ep);
 
-	__disable_irq();
+	local_irq_save(x);
 	bep->in_progress--;
-	__enable_irq();
+	local_irq_restore(x);
 	TRACE_DEBUG("%u: in_progress=%d\n", bep->ep, bep->in_progress);
 
 	if (status != USBD_STATUS_SUCCESS)
@@ -34,6 +36,7 @@ int usb_refill_to_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
+	unsigned long x;
 	int rc;
 
 #if 0
@@ -43,14 +46,14 @@ int usb_refill_to_host(uint8_t ep)
 	}
 #endif
 
-	__disable_irq();
+	local_irq_save(x);
 	if (bep->in_progress) {
-		__enable_irq();
+		local_irq_restore(x);
 		return 0;
 	}
 
 	if (llist_empty(&bep->queue)) {
-		__enable_irq();
+		local_irq_restore(x);
 		return 0;
 	}
 
@@ -58,7 +61,7 @@ int usb_refill_to_host(uint8_t ep)
 
 	msg = msgb_dequeue(&bep->queue);
 
-	__enable_irq();
+	local_irq_restore(x);
 
 	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%d\r\n", __func__, ep, bep->in_progress);
 
@@ -70,9 +73,9 @@ int usb_refill_to_host(uint8_t ep)
 		TRACE_ERROR("%s error %x\n", __func__, rc);
 		/* re-insert to head of queue */
 		llist_add_irqsafe(&msg->list, &bep->queue);
-		__disable_irq();
+		local_irq_save(x);
 		bep->in_progress--;
-		__enable_irq();
+		local_irq_restore(x);
 		TRACE_DEBUG("%02x: in_progress=%d\n", bep->ep, bep->in_progress);
 		return 0;
 	}
@@ -105,6 +108,7 @@ int usb_refill_from_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
+	unsigned long x;
 	int rc;
 
 #if 0
@@ -142,16 +146,17 @@ int usb_drain_queue(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
+	unsigned long x;
 	int ret = 0;
 
 	/* wait until no transfers are in progress anymore and block
 	 * further interrupts */
 	while (1) {
-		__disable_irq();
+		local_irq_save(x);
 		if (!bep->in_progress) {
 			break;
 		}
-		__enable_irq();
+		local_irq_restore(x);
 		/* retry */
 	}
 
@@ -162,7 +167,7 @@ int usb_drain_queue(uint8_t ep)
 	}
 
 	/* re-enable interrupts and return number of free'd msgbs */
-	__enable_irq();
+	local_irq_restore(x);
 
 	return ret;
 }

firmware/libcommon/source/iso7816_4.c

@@ -90,6 +90,7 @@ uint32_t ISO7816_GetChar( uint8_t *pCharToReceive, Usart_info *usart)
 
     /* Wait USART ready for reception */
     while( ((us_base->US_CSR & US_CSR_RXRDY) == 0) ) {
+	WDT_Restart(WDT);
         if(timeout++ > 12000 * (BOARD_MCK/1000000)) {
             TRACE_WARNING("TimeOut\n\r");
             return( 0 );

firmware/libcommon/source/iso7816_fidi.c

@@ -24,13 +24,13 @@
 #include "iso7816_fidi.h"
 
 /* Table 7 of ISO 7816-3:2006 */
-static const uint16_t fi_table[] = {
+const uint16_t fi_table[] = {
 	372, 372, 558, 744, 1116, 1488, 1860, 0,
 	0, 512, 768, 1024, 1536, 2048, 0, 0
 };
 
 /* Table 8 from ISO 7816-3:2006 */
-static const uint8_t di_table[] = {
+const uint8_t di_table[] = {
 	0, 1, 2, 4, 8, 16, 32, 64,
 	12, 20, 2, 4, 8, 16, 32, 64,
 };

firmware/libcommon/source/mode_cardemu.c

@@ -1,17 +1,18 @@
 //#define TRACE_LEVEL 6
 
 #include "board.h"
+#include "boardver_adc.h"
 #include "simtrace.h"
 #include "ringbuffer.h"
 #include "card_emu.h"
 #include "iso7816_fidi.h"
 #include "utils.h"
-#include "osmocom/core/linuxlist.h"
-#include "osmocom/core/msgb.h"
+#include <osmocom/core/linuxlist.h>
+#include <osmocom/core/msgb.h>
 #include "llist_irqsafe.h"
 #include "usb_buf.h"
+#include "simtrace_usb.h"
 #include "simtrace_prot.h"
-#include "wwan_perst.h"
 #include "sim_switch.h"
 
 #define TRACE_ENTRY()	TRACE_DEBUG("%s entering\r\n", __func__)
@@ -54,9 +55,9 @@ struct cardem_inst cardem_inst[] = {
 			.id = ID_USART1,
 			.state = USART_RCV
 		},
-		.ep_out = PHONE_DATAOUT,
-		.ep_in = PHONE_DATAIN,
-		.ep_int = PHONE_INT,
+		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
+		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
+		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM1_INT,
 #ifdef PIN_SET_USIM1_PRES
 		.pin_insert = PIN_SET_USIM1_PRES,
 #endif
@@ -69,9 +70,9 @@ struct cardem_inst cardem_inst[] = {
 			.id = ID_USART0,
 			.state = USART_RCV
 		},
-		.ep_out = CARDEM_USIM2_DATAOUT,
-		.ep_in = CARDEM_USIM2_DATAIN,
-		.ep_int = CARDEM_USIM2_INT,
+		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT,
+		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
+		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM2_INT,
 #ifdef PIN_SET_USIM2_PRES
 		.pin_insert = PIN_SET_USIM2_PRES,
 #endif
@@ -279,7 +280,6 @@ static int card_vcc_adc_init(void)
 	return 0;
 }
 
-#define UV_PER_LSB	((3300 * 1000) / 4096)
 #define VCC_UV_THRESH_1V8	1500000
 #define VCC_UV_THRESH_3V	2800000
 
@@ -299,12 +299,6 @@ static void process_vcc_adc(struct cardem_inst *ci)
 	ci->vcc_uv_last = ci->vcc_uv;
 }
 
-static uint32_t adc2uv(uint16_t adc)
-{
-	uint32_t uv = (uint32_t) adc * UV_PER_LSB;
-	return uv;
-}
-
 void ADC_IrqHandler(void)
 {
 #ifdef CARDEMU_SECOND_UART
@@ -398,7 +392,8 @@ void mode_cardemu_init(void)
 	PIO_ConfigureIt(&pin_usim1_vcc, usim1_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim1_vcc);
 #endif /* DETECT_VCC_BY_ADC */
-	cardem_inst[0].ch = card_emu_init(0, 2, 0, PHONE_DATAIN, PHONE_INT);
+	cardem_inst[0].ch = card_emu_init(0, 2, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM1_INT);
+	sim_switch_use_physical(0, 1);
 
 #ifdef CARDEMU_SECOND_UART
 	INIT_LLIST_HEAD(&cardem_inst[1].usb_out_queue);
@@ -412,8 +407,10 @@ void mode_cardemu_init(void)
 	PIO_ConfigureIt(&pin_usim2_vcc, usim2_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim2_vcc);
 #endif /* DETECT_VCC_BY_ADC */
-	cardem_inst[1].ch = card_emu_init(1, 0, 1, CARDEM_USIM2_DATAIN, CARDEM_USIM2_INT);
+	cardem_inst[1].ch = card_emu_init(1, 0, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM2_INT);
+	sim_switch_use_physical(1, 1);
 #endif /* CARDEMU_SECOND_UART */
+
 }
 
 /* called if config is deactivated */
@@ -478,6 +475,11 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 		break;
 	case SIMTRACE_MSGT_DT_CEMU_CARDINSERT:
 		cardins = (struct cardemu_usb_msg_cardinsert *) msg->l2h;
+		if (!ci->pin_insert.pio) {
+			TRACE_INFO("%u: skipping unsupported card_insert to %s\r\n",
+				   ci->num, cardins->card_insert ? "INSERTED" : "REMOVED");
+			break;
+		}
 		TRACE_INFO("%u: set card_insert to %s\r\n", ci->num,
 			   cardins->card_insert ? "INSERTED" : "REMOVED");
 		if (cardins->card_insert)
@@ -498,6 +500,10 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 	}
 }
 
+#ifdef PINS_PERST
+#include "wwan_perst.h"
+#endif
+
 static int usb_command_modem_reset(struct msgb *msg, struct cardem_inst *ci)
 {
 	struct st_modem_reset *mr = (struct st_modem_reset *) msg->l2h;
@@ -506,6 +512,7 @@ static int usb_command_modem_reset(struct msgb *msg, struct cardem_inst *ci)
 		return -1;
 
 	switch (mr->asserted) {
+#ifdef PINS_PERST
 	case 0:
 		wwan_perst_set(ci->num, 0);
 		break;
@@ -515,6 +522,7 @@ static int usb_command_modem_reset(struct msgb *msg, struct cardem_inst *ci)
 	case 2:
 		wwan_perst_do_reset_pulse(ci->num, mr->pulse_duration_msec);
 		break;
+#endif
 	default:
 		return -1;
 	}

firmware/libcommon/source/mode_ccid.c

@@ -27,14 +27,15 @@
  * ----------------------------------------------------------------------------
  */
 
+#include "board.h"
+#include "simtrace.h"
+
 #ifdef HAVE_CCID
 
 /*------------------------------------------------------------------------------
  *          Headers
  *------------------------------------------------------------------------------*/
 
-#include "board.h"
-
 #include <string.h>
 
 /*------------------------------------------------------------------------------
@@ -125,6 +126,7 @@ static void ConfigureCardDetection(void)
  *-----------------------------------------------------------------------------*/
 extern CCIDDriverConfigurationDescriptors configurationDescriptorCCID;
 
+/* Called during USB enumeration after device is enumerated by host */
 void CCID_configure(void)
 {
 	CCIDDriver_Initialize();
@@ -132,6 +134,7 @@ void CCID_configure(void)
 	PIO_ConfigureIt(&pinSmartCard, ISR_PioSmartCard);
 }
 
+/* called when *different* configuration is set by host */
 void CCID_exit(void)
 {
 	PIO_DisableIt(&pinSmartCard);
@@ -139,6 +142,7 @@ void CCID_exit(void)
 	USART_SetReceiverEnabled(usart_info.base, 0);
 }
 
+/* called when *CCID* configuration is set by host */
 void CCID_init(void)
 {
 	uint8_t pAtr[MAX_ATR_SIZE];
@@ -178,6 +182,7 @@ void CCID_init(void)
 	}
 }
 
+/* main (idle/busy) loop of this USB configuration */
 void CCID_run(void)
 {
 

firmware/libcommon/source/phone.c

@@ -1,196 +0,0 @@
-/* ----------------------------------------------------------------------------
- *         ATMEL Microcontroller Software Support
- * ----------------------------------------------------------------------------
- * Copyright (c) 2009, Atmel Corporation
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * - Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the disclaimer below.
- *
- * Atmel's name may not be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * DISCLAIMER: THIS SOFTWARE IS PROVIDED BY ATMEL "AS IS" AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT ARE
- * DISCLAIMED. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
- * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- * ----------------------------------------------------------------------------
- */
-
-/*------------------------------------------------------------------------------
- *          Headers
- *------------------------------------------------------------------------------*/
-
-#include "board.h"
-
-#include <string.h>
-
-/*------------------------------------------------------------------------------
- *         Internal definitions
- *------------------------------------------------------------------------------*/
-
-/** Maximum ucSize in bytes of the smartcard answer to a command.*/
-#define MAX_ANSWER_SIZE         10
-
-/** Maximum ATR ucSize in bytes.*/
-#define MAX_ATR_SIZE            55
-
-/** USB states */
-/// Use for power management
-#define STATE_IDLE    0
-/// The USB device is in suspend state
-#define STATE_SUSPEND 4
-/// The USB device is in resume state
-#define STATE_RESUME  5
-
-extern volatile uint8_t timeout_occured;
-
-/*------------------------------------------------------------------------------
- *         Internal variables
- *------------------------------------------------------------------------------*/
-/** USB state: suspend, resume, idle */
-unsigned char USBState = STATE_IDLE;
-
-/** ISO7816 pins */
-static const Pin pinsISO7816_PHONE[] = { PINS_ISO7816_PHONE };
-
-/** Bus switch pins */
-
-#if DEBUG_PHONE_SNIFF
-#warning "Debug phone sniff via logic analyzer is enabled"
-// Logic analyzer probes are easier to attach to the SIM card slot
-static const Pin pins_bus[] = { PINS_BUS_SNIFF };
-#else
-static const Pin pins_bus[] = { PINS_BUS_DEFAULT };
-#endif
-
-/** ISO7816 RST pin */
-static uint8_t sim_inserted = 0;
-
-static const Pin pPwr[] = {
-	/* Enable power converter 4.5-6V to 3.3V; low: off */
-	{SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT},
-
-	/* Enable second power converter: VCC_PHONE to VCC_SIM; high: off */
-	{VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-};
-
-const Pin pinPhoneRST = PIN_ISO7816_RST_PHONE;
-
-static struct Usart_info usart_info = {
-	.base = USART_PHONE,
-	.id = ID_USART_PHONE,
-	.state = USART_RCV,
-};
-
-/* ===================================================*/
-/*                      Taken from iso7816_4.c        */
-/* ===================================================*/
-/** Flip flop for send and receive char */
-#define USART_SEND 0
-#define USART_RCV  1
-
-/*-----------------------------------------------------------------------------
- *          Internal variables
- *-----------------------------------------------------------------------------*/
-static uint8_t host_to_sim_buf[BUFLEN];
-static bool change_fidi = false;
-
-static void receive_from_host(void);
-static void sendResponse_to_phone(uint8_t * pArg, uint8_t status,
-				  uint32_t transferred, uint32_t remaining)
-{
-	if (status != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("USB err status: %d (%s)\n", __FUNCTION__, status);
-		return;
-	}
-	TRACE_DEBUG("sendResp, stat: %X, trnsf: %x, rem: %x\n\r", status,
-		    transferred, remaining);
-	TRACE_DEBUG("Resp: %x %x %x .. %x\n", host_to_sim_buf[0],
-		    host_to_sim_buf[1], host_to_sim_buf[2],
-		    host_to_sim_buf[transferred - 1]);
-
-	USART_SetReceiverEnabled(USART_PHONE, 0);
-	USART_SetTransmitterEnabled(USART_PHONE, 1);
-	uint32_t i = 0;
-	if (host_to_sim_buf[0] == 0xff) {
-		printf("Change FIDI detected\n");
-		// PTS command, change FIDI after command
-		i = 2;
-		change_fidi = true;
-	}
-	for (; i < transferred; i++) {
-		ISO7816_SendChar(host_to_sim_buf[i], &usart_info);
-	}
-	USART_SetTransmitterEnabled(USART_PHONE, 0);
-	USART_SetReceiverEnabled(USART_PHONE, 1);
-
-	if (change_fidi == true) {
-		printf("Change FIDI: %x\n", host_to_sim_buf[2]);
-		update_fidi(host_to_sim_buf[2]);
-		change_fidi = false;
-	}
-
-	receive_from_host();
-}
-
-static void receive_from_host()
-{
-	int ret;
-	if ((ret = USBD_Read(PHONE_DATAOUT, &host_to_sim_buf,
-			     sizeof(host_to_sim_buf),
-			     (TransferCallback) &sendResponse_to_phone,
-			     0)) == USBD_STATUS_SUCCESS) {
-	} else {
-		TRACE_ERROR("USB Err: %X\n", ret);
-	}
-}
-
-void Phone_configure(void)
-{
-	PIO_ConfigureIt(&pinPhoneRST, ISR_PhoneRST);
-	NVIC_EnableIRQ(PIOA_IRQn);
-}
-
-void Phone_exit(void)
-{
-	PIO_DisableIt(&pinPhoneRST);
-	NVIC_DisableIRQ(USART1_IRQn);
-	USART_DisableIt(USART_PHONE, US_IER_RXRDY);
-	USART_SetTransmitterEnabled(USART_PHONE, 0);
-	USART_SetReceiverEnabled(USART_PHONE, 0);
-}
-
-void Phone_init(void)
-{
-	PIO_Configure(pinsISO7816_PHONE, PIO_LISTSIZE(pinsISO7816_PHONE));
-	PIO_Configure(pins_bus, PIO_LISTSIZE(pins_bus));
-
-	PIO_Configure(&pinPhoneRST, 1);
-
-	PIO_EnableIt(&pinPhoneRST);
-	ISO7816_Init(&usart_info, CLK_SLAVE);
-
-	USART_SetTransmitterEnabled(USART_PHONE, 0);
-	USART_SetReceiverEnabled(USART_PHONE, 1);
-
-	USART_EnableIt(USART_PHONE, US_IER_RXRDY);
-	NVIC_EnableIRQ(USART1_IRQn);
-
-	receive_from_host();
-}
-
-void Phone_run(void)
-{
-	check_data_from_phone();
-}

firmware/libcommon/source/pseudo_talloc.c

@@ -2,7 +2,8 @@
 
 #include "talloc.h"
 #include "trace.h"
-#include "osmocom/core/utils.h"
+#include "utils.h"
+#include <osmocom/core/utils.h>
 
 #define NUM_RCTX_SMALL 10
 #define RCTX_SIZE_SMALL 348
@@ -13,8 +14,11 @@ static uint8_t msgb_inuse[NUM_RCTX_SMALL];
 void *_talloc_zero(const void *ctx, size_t size, const char *name)
 {
 	unsigned int i;
+	unsigned long x;
 
+	local_irq_save(x);
 	if (size > RCTX_SIZE_SMALL) {
+		local_irq_restore(x);
 		TRACE_ERROR("%s() request too large(%d > %d)\r\n", __func__, size, RCTX_SIZE_SMALL);
 		return NULL;
 	}
@@ -24,9 +28,11 @@ void *_talloc_zero(const void *ctx, size_t size, const char *name)
 			uint8_t *out = msgb_data[i];
 			msgb_inuse[i] = 1;
 			memset(out, 0, size);
+			local_irq_restore(x);
 			return out;
 		}
 	}
+	local_irq_restore(x);
 	TRACE_ERROR("%s() out of memory!\r\n", __func__);
 	return NULL;
 }
@@ -34,6 +40,9 @@ void *_talloc_zero(const void *ctx, size_t size, const char *name)
 int _talloc_free(void *ptr, const char *location)
 {
 	unsigned int i;
+	unsigned long x;
+
+	local_irq_save(x);
 	for (i = 0; i < ARRAY_SIZE(msgb_inuse); i++) {
 		if (ptr == msgb_data[i]) {
 			if (!msgb_inuse[i]) {
@@ -41,10 +50,12 @@ int _talloc_free(void *ptr, const char *location)
 			} else {
 				msgb_inuse[i] = 0;
 			}
+			local_irq_restore(x);
 			return 0;
 		}
 	}
 
+	local_irq_restore(x);
 	TRACE_ERROR("%s: invalid pointer %p from %s\r\n", __func__, ptr, location);
 	return -1;
 }

firmware/libcommon/source/ringbuffer.c

@@ -52,7 +52,7 @@ bool rbuf_is_full(volatile ringbuf * rb)
 	return rc;
 }
 
-void rbuf_write(volatile volatile ringbuf * rb, uint8_t item)
+void rbuf_write(volatile ringbuf * rb, uint8_t item)
 {
 	unsigned long state;
 

firmware/libcommon/source/simtrace_iso7816.c

@@ -33,6 +33,7 @@
 
 #include "board.h"
 #include "simtrace.h"
+#include "simtrace_usb.h"
 #include "ringbuffer.h"
 #include "iso7816_fidi.h"
 
@@ -67,7 +68,7 @@ void ISR_PhoneRST(const Pin * pPin)
 	}
 
 	if ((ret =
-	     USBD_Write(PHONE_INT, "R", 1,
+	     USBD_Write(SIMTRACE_USB_EP_PHONE_INT, "R", 1,
 			(TransferCallback) & Callback_PhoneRST_ISR,
 			0)) != USBD_STATUS_SUCCESS) {
 		TRACE_ERROR("USB err status: %d (%s)\n", ret, __FUNCTION__);
@@ -116,20 +117,27 @@ void mode_trace_usart1_irq(void)
 }
 
 /*  FIDI update functions   */
-void update_fidi(uint8_t fidi)
+void update_fidi(Usart *usart, uint8_t fidi)
 {
-	int rc;
+	if (NULL==usart) {
+		return;
+	}
 
 	uint8_t fi = fidi >> 4;
 	uint8_t di = fidi & 0xf;
+	int ratio = compute_fidi_ratio(fi, di);
 
-	rc = compute_fidi_ratio(fi, di);
-	if (rc > 0 && rc < 0x400) {
-		TRACE_INFO("computed Fi(%u) Di(%u) ratio: %d", fi, di, rc);
-		/* make sure UART uses new F/D ratio */
-		USART_PHONE->US_CR |= US_CR_RXDIS | US_CR_RSTRX;
-		USART_PHONE->US_FIDI = rc & 0x3ff;
-		USART_PHONE->US_CR |= US_CR_RXEN | US_CR_STTTO;
-	} else
-		TRACE_INFO("computed FiDi ratio %d unsupported", rc);
+	if (ratio > 0 && ratio < 0x8000) {
+		/* make sure USART uses new F/D ratio */
+		usart->US_CR |= US_CR_RXDIS | US_CR_RSTRX;
+		/* disable write protection */
+		if (usart->US_WPMR) {
+			usart->US_WPMR = US_WPMR_WPKEY(0x555341);
+		}
+		usart->US_FIDI = (ratio & 0x7ff);
+		usart->US_CR |= US_CR_RXEN | US_CR_STTTO;
+		//TRACE_INFO("updated USART Fi(%u)/Di(%u) ratio(%d): %u\n\r", fi, di, ratio, usart->US_FIDI); /* don't print since this is function is also called by ISRs */
+	} else {
+		//TRACE_WARNING("computed Fi/Di ratio %d unsupported\n\r", ratio); /* don't print since this is function is also called by ISRs */
+	}
 }

firmware/libcommon/source/usb.c

@@ -33,15 +33,13 @@
 
 #include "board.h"
 #include "simtrace.h"
+#include "simtrace_usb.h"
 #include "utils.h"
 
 #include <cciddriverdescriptors.h>
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
-#define SIMTRACE_SUBCLASS_SNIFFER	1
-#define SIMTRACE_SUBCLASS_CARDEM	2
-
 /*------------------------------------------------------------------------------
  *       USB String descriptors 
  *------------------------------------------------------------------------------*/
@@ -94,8 +92,8 @@ static const SIMTraceDriverConfigurationDescriptorSniffer
 		.bInterfaceNumber	= 0,
 		.bAlternateSetting	= 0,
 		.bNumEndpoints		= 3,
-		.bInterfaceClass	= 0xff,
-		.bInterfaceSubClass	= SIMTRACE_SUBCLASS_SNIFFER,
+		.bInterfaceClass	= USB_CLASS_PROPRIETARY,
+		.bInterfaceSubClass	= SIMTRACE_SNIFFER_USB_SUBCLASS,
 		.bInterfaceProtocol	= 0,
 		.iInterface		= SNIFFER_CONF_STR,
 	},
@@ -105,11 +103,9 @@ static const SIMTraceDriverConfigurationDescriptorSniffer
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_OUT,
-						PHONE_DATAOUT),
+						SIMTRACE_USB_EP_CARD_DATAOUT),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize	= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-							PHONE_DATAOUT),
-				      USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize	= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0,
 	},
 	/* Bulk-IN endpoint descriptor */
@@ -118,11 +114,9 @@ static const SIMTraceDriverConfigurationDescriptorSniffer
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_IN,
-						PHONE_DATAIN),
+						SIMTRACE_USB_EP_CARD_DATAIN),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize = MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-								PHONE_DATAIN),
-				      USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize = USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0,
 	},
 	// Notification endpoint descriptor
@@ -131,11 +125,9 @@ static const SIMTraceDriverConfigurationDescriptorSniffer
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_IN,
-						PHONE_INT),
+						SIMTRACE_USB_EP_CARD_INT),
 		.bmAttributes		= USBEndpointDescriptor_INTERRUPT,
-		.wMaxPacketSize	= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-								PHONE_INT),
-				      USBEndpointDescriptor_MAXINTERRUPTSIZE_FS),
+		.wMaxPacketSize	= USBEndpointDescriptor_MAXINTERRUPTSIZE_FS,
 		.bInterval = 0x10,
 	},
 	DFURT_IF_DESCRIPTOR(1, 0),
@@ -205,9 +197,7 @@ static const CCIDDriverConfigurationDescriptors configurationDescriptorCCID = {
 			USBEndpointDescriptor_ADDRESS(USBEndpointDescriptor_OUT,
 				      		      CCID_EPT_DATA_OUT),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize	= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-					CCID_EPT_DATA_OUT),
-		    			USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize	= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0x00,
 	},
 	// Bulk-IN endpoint descriptor
@@ -218,9 +208,7 @@ static const CCIDDriverConfigurationDescriptors configurationDescriptorCCID = {
 			USBEndpointDescriptor_ADDRESS(USBEndpointDescriptor_IN,
 						      CCID_EPT_DATA_IN),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize	= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-					CCID_EPT_DATA_IN),
-		    			USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize	= USBEndpointDescriptor_MAXBULKSIZE_FS),
 		.bInterval		= 0x00,
 	},
 	// Notification endpoint descriptor
@@ -231,9 +219,7 @@ static const CCIDDriverConfigurationDescriptors configurationDescriptorCCID = {
 			USBEndpointDescriptor_ADDRESS(USBEndpointDescriptor_IN,
 						      CCID_EPT_NOTIFICATION),
 		.bmAttributes		= USBEndpointDescriptor_INTERRUPT,
-		.wMaxPacketSize = MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-					CCID_EPT_NOTIFICATION),
-					USBEndpointDescriptor_MAXINTERRUPTSIZE_FS),
+		.wMaxPacketSize = USBEndpointDescriptor_MAXINTERRUPTSIZE_FS,
 		.bInterval = 0x10,
 	},
 	DFURT_IF_DESCRIPTOR(1, 0),
@@ -268,7 +254,7 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 #ifdef CARDEMU_SECOND_UART
 		.bNumInterfaces		= 2+DFURT_NUM_IF,
 #else
-		.bNumInterefaces	= 1+DFURT_NUM_IF,
+		.bNumInterfaces		= 1+DFURT_NUM_IF,
 #endif
 		.bConfigurationValue	= CFG_NUM_PHONE,
 		.iConfiguration		= PHONE_CONF_STR,
@@ -282,8 +268,8 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 		.bInterfaceNumber	= 0,
 		.bAlternateSetting	= 0,
 		.bNumEndpoints		= 3,
-		.bInterfaceClass	= 0xff,
-		.bInterfaceSubClass	= SIMTRACE_SUBCLASS_CARDEM,
+		.bInterfaceClass	= USB_CLASS_PROPRIETARY,
+		.bInterfaceSubClass	= SIMTRACE_CARDEM_USB_SUBCLASS,
 		.bInterfaceProtocol	= 0,
 		.iInterface		= CARDEM_USIM1_INTF_STR,
 	},
@@ -293,10 +279,9 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_OUT,
-						PHONE_DATAOUT),
+						SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_DATAOUT),
-					      USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0	/* Must be 0 for full-speed bulk endpoints */
 	},
 	/* Bulk-IN endpoint descriptor */
@@ -305,10 +290,9 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_IN,
-						PHONE_DATAIN),
+						SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_DATAIN),
-					      USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0	/* Must be 0 for full-speed bulk endpoints */
 	},
 	/* Notification endpoint descriptor */
@@ -317,10 +301,9 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_IN,
-						PHONE_INT),
+						SIMTRACE_CARDEM_USB_EP_USIM1_INT),
 		.bmAttributes		= USBEndpointDescriptor_INTERRUPT,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_INT),
-					      USBEndpointDescriptor_MAXINTERRUPTSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXINTERRUPTSIZE_FS,
 		.bInterval		= 0x10
 	},
 #ifdef CARDEMU_SECOND_UART
@@ -331,8 +314,8 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 		.bInterfaceNumber	= 1,
 		.bAlternateSetting	= 0,
 		.bNumEndpoints		= 3,
-		.bInterfaceClass	= 0xff,
-		.bInterfaceSubClass	= SIMTRACE_SUBCLASS_CARDEM,
+		.bInterfaceClass	= USB_CLASS_PROPRIETARY,
+		.bInterfaceSubClass	= SIMTRACE_CARDEM_USB_SUBCLASS,
 		.bInterfaceProtocol	= 0,
 		.iInterface		= CARDEM_USIM2_INTF_STR,
 	},
@@ -342,10 +325,9 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_OUT,
-						CARDEM_USIM2_DATAOUT),
+						SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(CARDEM_USIM2_DATAOUT),
-					      USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0	/* Must be 0 for full-speed bulk endpoints */
 	}
 	,
@@ -355,10 +337,9 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_IN,
-						CARDEM_USIM2_DATAIN),
+						SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(CARDEM_USIM2_DATAIN),
-					      USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0	/* Must be 0 for full-speed bulk endpoints */
 	},
 	/* Notification endpoint descriptor */
@@ -367,10 +348,9 @@ static const SIMTraceDriverConfigurationDescriptorPhone
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_IN,
-						CARDEM_USIM2_INT),
+						SIMTRACE_CARDEM_USB_EP_USIM2_INT),
 		.bmAttributes		= USBEndpointDescriptor_INTERRUPT,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(CARDEM_USIM2_INT),
-					      USBEndpointDescriptor_MAXINTERRUPTSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXINTERRUPTSIZE_FS,
 		.bInterval		= 0x10,
 	},
 	DFURT_IF_DESCRIPTOR(2, 0),
@@ -466,9 +446,7 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 			USBEndpointDescriptor_ADDRESS(USBEndpointDescriptor_OUT,
 				      		      CCID_EPT_DATA_OUT),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize	= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-					CCID_EPT_DATA_OUT),
-		    			USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize	= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0x00,
 	},
 	// Bulk-IN endpoint descriptor
@@ -479,9 +457,7 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 			USBEndpointDescriptor_ADDRESS(USBEndpointDescriptor_IN,
 						      CCID_EPT_DATA_IN),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize	= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-					CCID_EPT_DATA_IN),
-		    			USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize	= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0x00,
 	},
 	// Notification endpoint descriptor
@@ -492,9 +468,7 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 			USBEndpointDescriptor_ADDRESS(USBEndpointDescriptor_IN,
 						      CCID_EPT_NOTIFICATION),
 		.bmAttributes		= USBEndpointDescriptor_INTERRUPT,
-		.wMaxPacketSize = MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(
-					CCID_EPT_NOTIFICATION),
-					USBEndpointDescriptor_MAXINTERRUPTSIZE_FS),
+		.wMaxPacketSize = USBEndpointDescriptor_MAXINTERRUPTSIZE_FS,
 		.bInterval = 0x10,
 	},
 
@@ -506,7 +480,7 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 		.bAlternateSetting	= 0,
 		.bNumEndpoints		= 3,
 		.bInterfaceClass	= 0xff,
-		.bInterfaceSubClass	= SIMTRAC_SUBCLASS_CARDEM,
+		.bInterfaceSubClass	= SIMTRACE_SUBCLASS_CARDEM,
 		.bInterfaceProtocol	= 0,
 		.iInterface		= PHONE_CONF_STR,
 	},
@@ -516,10 +490,9 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_OUT,
-						PHONE_DATAOUT),
+						SIMTRACE_USB_EP_PHONE_DATAOUT),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_DATAOUT),
-					      USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0, /* Must be 0 for full-speed bulk endpoints */
 	},
 	/* Bulk-IN endpoint descriptor */
@@ -528,10 +501,9 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_IN,
-						PHONE_DATAIN),
+						SIMTRACE_USB_EP_PHONE_DATAIN),
 		.bmAttributes		= USBEndpointDescriptor_BULK,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_DATAIN),
-					      USBEndpointDescriptor_MAXBULKSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXBULKSIZE_FS,
 		.bInterval		= 0, /* Must be 0 for full-speed bulk endpoints */
 	},
 	/* Notification endpoint descriptor */
@@ -540,10 +512,9 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 		.bDescriptorType	= USBGenericDescriptor_ENDPOINT,
 		.bEndpointAddress	= USBEndpointDescriptor_ADDRESS(
 						USBEndpointDescriptor_IN,
-						PHONE_INT),
+						SIMTRACE_USB_EP_PHONE_INT),
 		.bmAttributes		= USBEndpointDescriptor_INTERRUPT,
-		.wMaxPacketSize		= MIN(BOARD_USB_ENDPOINTS_MAXPACKETSIZE(PHONE_INT),
-					      USBEndpointDescriptor_MAXINTERRUPTSIZE_FS),
+		.wMaxPacketSize		= USBEndpointDescriptor_MAXINTERRUPTSIZE_FS,
 		.bInterval		= 0x10
 	},
 	DFURT_IF_DESCRIPTOR(2, 0),
@@ -573,7 +544,7 @@ const USBDeviceDescriptor deviceDescriptor = {
 	.bDeviceClass		= 0,
 	.bDeviceSubClass	= 0,
 	.bDeviceProtocol	= 0,
-	.bMaxPacketSize0	= BOARD_USB_ENDPOINTS_MAXPACKETSIZE(0),
+	.bMaxPacketSize0	= 64,
 	.idVendor		= BOARD_USB_VENDOR_ID,
 	.idProduct		= BOARD_USB_PRODUCT_ID,
 	.bcdDevice		= 2,	/* Release number */
@@ -603,11 +574,17 @@ static const USBDDriverDescriptors driverDescriptors = {
 
 void SIMtrace_USB_Initialize(void)
 {
+
+	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
+	const Pin usb_dp_pullup = PIN_USB_PULLUP;
+	PIO_Configure(&usb_dp_pullup, 1);
+	PIO_Set(&usb_dp_pullup);
+	mdelay(15);
+	PIO_Clear(&usb_dp_pullup);
+
 	// Get std USB driver
 	USBDDriver *pUsbd = USBD_GetDriver();
 
-	TRACE_DEBUG(".");
-
 	// Initialize standard USB driver
 	USBDDriver_Initialize(pUsbd, &driverDescriptors, 0);	// Multiple interface settings not supported
 	USBD_Init();

firmware/libcommon/source/usb_buf.c

@@ -1,9 +1,10 @@
 #include "board.h"
 #include "trace.h"
 #include "usb_buf.h"
+#include "simtrace_usb.h"
 
-#include "osmocom/core/linuxlist.h"
-#include "osmocom/core/msgb.h"
+#include <osmocom/core/linuxlist.h>
+#include <osmocom/core/msgb.h>
 #include <errno.h>
 
 #define USB_ALLOC_SIZE	280

firmware/libosmocore/include/osmocom/core/timer.h

@@ -60,8 +60,8 @@ struct timezone;
 
 #include <stdbool.h>
 
-#include "osmocom/core/linuxlist.h"
-#include "osmocom/core/linuxrbtree.h"
+#include <osmocom/core/linuxlist.h>
+#include <osmocom/core/linuxrbtree.h>
 
 /**
  * Timer management:

firmware/libosmocore/source/panic.c

@@ -43,6 +43,7 @@ static osmo_panic_handler_t osmo_panic_handler = (void*)0;
 #include <stdio.h>
 #include <stdlib.h>
 
+__attribute__ ((format (printf, 1, 0)))
 static void osmo_panic_default(const char *fmt, va_list args)
 {
 	vfprintf(stderr, fmt, args);
@@ -73,6 +74,7 @@ static void osmo_panic_default(const char *fmt, va_list args)
  * The default function on most systems will generate a backtrace and
  * then abort() the process.
  */
+__attribute__ ((format (printf, 1, 0)))
 void osmo_panic(const char *fmt, ...)
 {
 	va_list args;

firmware/libosmocore/source/timer.c

@@ -33,8 +33,8 @@
 
 #include <assert.h>
 #include <limits.h>
-#include "osmocom/core/linuxlist.h"
-#include "osmocom/core/timer.h"
+#include <osmocom/core/linuxlist.h>
+#include <osmocom/core/timer.h>
 
 /* These store the amount of time that we wait until next timer expires. */
 static struct osmo_timeval nearest;

firmware/test/Makefile

@@ -1,5 +1,17 @@
-CFLAGS=-g -Wall -I../src_simtrace -I../libcommon/include -I.
-LDFLAGS=-losmocore
+LIBOSMOCORE_CFLAGS=`pkg-config --cflags libosmocore`
+LIBOSMOCORE_LIBS=`pkg-config --libs libosmocore`
+
+CFLAGS=-g -Wall $(LIBOSMOCORE_CFLAGS) \
+	-I../src_simtrace \
+	-I../atmel_softpack_libraries/libchip_sam3s \
+	-I../atmel_softpack_libraries/libchip_sam3s/cmsis \
+	-I../atmel_softpack_libraries/libchip_sam3s/include \
+	-I../atmel_softpack_libraries/usb/include \
+	-I../libcommon/include \
+	-I../libboard/common/include \
+	-I../libboard/simtrace/include \
+	-I.
+LDFLAGS=$(LIBOSMOCORE_LIBS)
 
 VPATH=../src_simtrace ../libcommon/source
 

host/Makefile

@@ -1,7 +1,7 @@
 LDFLAGS=`pkg-config --libs libusb-1.0 libosmocore` -losmocore
 CFLAGS=-Wall -g
 
-all: simtrace2-remsim simtrace2-remsim-usb2udp simtrace2-list
+all: simtrace2-remsim simtrace2-remsim-usb2udp simtrace2-list simtrace2-sniff
 
 simtrace2-remsim: simtrace2-remsim.o apdu_dispatch.o simtrace2-discovery.o libusb_util.o
 	$(CC) -o $@ $^ $(LDFLAGS) -losmosim
@@ -12,6 +12,9 @@ simtrace2-remsim-usb2udp: usb2udp.o simtrace2-discovery.o
 simtrace2-list: simtrace2_usb.o libusb_util.o
 	$(CC) -o $@ $^ $(LDFLAGS)
 
+simtrace2-sniff: simtrace2-sniff.o simtrace2-discovery.o libusb_util.o
+	$(CC) -o $@ $^ $(LDFLAGS)
+
 %.o: %.c
 	$(CC) $(CFLAGS) `pkg-config --cflags libusb-1.0 libosmocore` -o $@ -c $^
 

host/libusb_util.c

@@ -130,11 +130,11 @@ int dev_find_matching_interfaces(libusb_device *dev, int class, int sub_class, i
 			for (k = 0; k < intf->num_altsetting; k++) {
 				const struct libusb_interface_descriptor *if_desc;
 				if_desc = &intf->altsetting[k];
-				if (class > 0 && if_desc->bInterfaceClass != class)
+				if (class >= 0 && if_desc->bInterfaceClass != class)
 					continue;
-				if (sub_class > 0 && if_desc->bInterfaceSubClass != sub_class)
+				if (sub_class >= 0 && if_desc->bInterfaceSubClass != sub_class)
 					continue;
-				if (protocol > 0 && if_desc->bInterfaceProtocol != protocol)
+				if (protocol >= 0 && if_desc->bInterfaceProtocol != protocol)
 					continue;
 				/* MATCH! */
 				out[out_idx].usb_dev = dev;
@@ -197,7 +197,7 @@ int usb_match_interfaces(libusb_context *ctx, const struct dev_id *dev_ids,
 			dev_desc.idVendor, dev_desc.idProduct, addr);
 #endif
 
-		rc = dev_find_matching_interfaces(*dev, 255, 2, -1, out_cur, out_len_remain);
+		rc = dev_find_matching_interfaces(*dev, class, sub_class, protocol, out_cur, out_len_remain);
 		if (rc < 0)
 			continue;
 		out_cur += rc;

host/simtrace2-sniff.c

@@ -0,0 +1,531 @@
+/* simtrace2-sniff - main program for the host PC to communicate with the SIMtrace 2 firmware in sniffer mode */
+/* This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * (C) 2010-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018 by Kevin Redon <kredon@sysmocom.de>
+ */
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <signal.h>
+#include <time.h>
+#define _GNU_SOURCE
+#include <getopt.h>
+
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <libusb.h>
+
+#include "libusb_util.h"
+#include "simtrace.h"
+#include "simtrace_usb.h"
+#include "simtrace_prot.h"
+#include "simtrace2-discovery.h"
+
+#include <osmocom/core/gsmtap.h>
+#include <osmocom/core/gsmtap_util.h>
+#include <osmocom/core/utils.h>
+#include <osmocom/core/socket.h>
+#include <osmocom/core/msgb.h>
+#include <osmocom/sim/class_tables.h>
+#include <osmocom/sim/sim.h>
+
+/* transport to a SIMtrace device */
+struct st_transport {
+	/* USB */
+	struct libusb_device_handle *usb_devh;
+	struct {
+		uint8_t in;
+		uint8_t out;
+		uint8_t irq_in;
+	} usb_ep;
+};
+
+/* global GSMTAP instance */
+static struct gsmtap_inst *g_gti;
+
+static int gsmtap_send_sim(const uint8_t *apdu, unsigned int len)
+{
+	struct gsmtap_hdr *gh;
+	unsigned int gross_len = len + sizeof(*gh);
+	uint8_t *buf = malloc(gross_len);
+	int rc;
+
+	if (!buf)
+		return -ENOMEM;
+
+	memset(buf, 0, sizeof(*gh));
+	gh = (struct gsmtap_hdr *) buf;
+	gh->version = GSMTAP_VERSION;
+	gh->hdr_len = sizeof(*gh)/4;
+	gh->type = GSMTAP_TYPE_SIM;
+
+	memcpy(buf + sizeof(*gh), apdu, len);
+
+	rc = write(gsmtap_inst_fd(g_gti), buf, gross_len);
+	if (rc < 0) {
+		perror("write gsmtap");
+		free(buf);
+		return rc;
+	}
+
+	free(buf);
+	return 0;
+}
+
+static int process_change(const uint8_t *buf, int len)
+{
+	/* check if there is enough data for the structure */
+	if (len<sizeof(struct sniff_change)) {
+		return -1;
+	}
+	struct sniff_change *change = (struct sniff_change *)buf;
+
+	printf("Card state change: ");
+	if (change->flags&SNIFF_CHANGE_FLAG_CARD_INSERT) {
+		printf("card inserted ");
+	}
+	if (change->flags&SNIFF_CHANGE_FLAG_CARD_EJECT) {
+		printf("card ejected ");
+	}
+	if (change->flags&SNIFF_CHANGE_FLAG_RESET_HOLD) {
+		printf("reset hold ");
+	}
+	if (change->flags&SNIFF_CHANGE_FLAG_RESET_RELEASE) {
+		printf("reset release ");
+	}
+	if (change->flags&SNIFF_CHANGE_FLAG_TIMEOUT_WT) {
+		printf("data transfer timeout ");
+	}
+	printf("\n");
+
+	return 0;
+}
+
+/* Table 7 of ISO 7816-3:2006 */
+static const uint16_t fi_table[] = { 372, 372, 558, 744, 1116, 1488, 1860, 0, 0, 512, 768, 1024, 1536, 2048, 0, 0, };
+
+/* Table 8 from ISO 7816-3:2006 */
+static const uint8_t di_table[] = { 0, 1, 2, 4, 8, 16, 32, 64, 12, 20, 2, 4, 8, 16, 32, 64, };
+
+static int process_fidi(const uint8_t *buf, int len)
+{
+	/* check if there is enough data for the structure */
+	if (len<sizeof(struct sniff_fidi)) {
+		return -1;
+	}
+	struct sniff_fidi *fidi = (struct sniff_fidi *)buf;
+
+	printf("Fi/Di switched to %u/%u\n", fi_table[fidi->fidi>>4], di_table[fidi->fidi&0x0f]);
+	return 0;
+}
+
+static int process_atr(const uint8_t *buf, int len)
+{
+	/* check if there is enough data for the structure */
+	if (len<sizeof(struct sniff_data)) {
+		return -1;
+	}
+	struct sniff_data *atr = (struct sniff_data *)buf;
+
+	/* check if the data is available */
+	if (len<sizeof(struct sniff_data)+atr->length) {
+		return -2;
+	}
+
+	printf("ATR%s: ", atr->complete ? "" : " (incomplete)");
+	for (uint16_t i=0; i<atr->length; i++) {
+		printf("%02x ", atr->data[i]);
+	}
+	printf("\n");
+	return 0;
+}
+
+static int process_pps(const uint8_t *buf, int len)
+{
+	/* check if there is enough data for the structure */
+	if (len<sizeof(struct sniff_data)) {
+		return -1;
+	}
+	struct sniff_data *pps = (struct sniff_data *)buf;
+
+	/* check if the data is available */
+	if (len<sizeof(struct sniff_data)+pps->length) {
+		return -2;
+	}
+
+	printf("PPS%s: ", pps->complete ? "" : " (incomplete) ");
+	for (uint16_t i=0; i<pps->length; i++) {
+		printf("%02x ", pps->data[i]);
+	}
+	printf("\n");
+	return 0;
+}
+
+static int process_tpdu(const uint8_t *buf, int len)
+{
+	/* check if there is enough data for the structure */
+	if (len<sizeof(struct sniff_data)) {
+		return -1;
+	}
+	struct sniff_data *tpdu = (struct sniff_data *)buf;
+
+	/* check if the data is available */
+	if (len<sizeof(struct sniff_data)+tpdu->length) {
+		return -2;
+	}
+
+	/* print TPDU */
+	printf("TPDU%s: ", tpdu->complete ? "" : " (incomplete)");
+	for (uint16_t i=0; i<tpdu->length; i++) {
+		printf("%02x ", tpdu->data[i]);
+	}
+	printf("\n");
+
+	/* send TPDU (now considered as APDU) to GSMTAP */
+	gsmtap_send_sim(tpdu->data, tpdu->length);
+	return 0;
+}
+
+/*! \brief Process an incoming message from the SIMtrace2 */
+static int process_usb_msg(const uint8_t *buf, int len)
+{
+	/* check if enough data for the header is present */
+	if (len<sizeof(struct simtrace_msg_hdr)) {
+		return 0;
+	}
+
+	/* check if message is complete */
+	struct simtrace_msg_hdr *msg_hdr = (struct simtrace_msg_hdr *)buf;
+	if (len<msg_hdr->msg_len) {
+		return 0;
+	}
+	//printf("msg: %s\n", osmo_hexdump(buf, msg_hdr->msg_len));
+
+	/* check for message class */
+	if (SIMTRACE_MSGC_SNIFF!=msg_hdr->msg_class) { /* we only care about sniffing messages */
+		return msg_hdr->msg_len; /* discard non-sniffing messaged */
+	}
+
+	/* process sniff message payload */
+	buf += sizeof(struct simtrace_msg_hdr);
+	len -= sizeof(struct simtrace_msg_hdr);
+	switch (msg_hdr->msg_type) {
+	case SIMTRACE_MSGT_SNIFF_CHANGE:
+		process_change(buf, len);
+		break;
+	case SIMTRACE_MSGT_SNIFF_FIDI:
+		process_fidi(buf, len);
+		break;
+	case SIMTRACE_MSGT_SNIFF_ATR:
+		process_atr(buf, len);
+		break;
+	case SIMTRACE_MSGT_SNIFF_PPS:
+		process_pps(buf, len);
+		break;
+	case SIMTRACE_MSGT_SNIFF_TPDU:
+		process_tpdu(buf, len);
+		break;
+	default:
+		printf("unknown SIMtrace msg type 0x%02x\n", msg_hdr->msg_type);
+		break;
+	}
+
+	return msg_hdr->msg_len;
+}
+
+/*! Transport to SIMtrace device (e.g. USB handle) */
+static struct st_transport _transp;
+
+static void run_mainloop()
+{
+	int rc;
+	uint8_t buf[16*256];
+	unsigned int buf_i = 0;
+	int xfer_len;
+
+	printf("Entering main loop\n");
+
+	while (true) {
+		/* read data from SIMtrace2 device (via USB) */
+		rc = libusb_bulk_transfer(_transp.usb_devh, _transp.usb_ep.in,
+					  &buf[buf_i], sizeof(buf)-buf_i, &xfer_len, 100000);
+		if (rc < 0 && rc != LIBUSB_ERROR_TIMEOUT &&
+		              rc != LIBUSB_ERROR_INTERRUPTED &&
+		              rc != LIBUSB_ERROR_IO) {
+			fprintf(stderr, "BULK IN transfer error; rc=%d\n", rc);
+			return;
+		}
+		/* dispatch any incoming data */
+		if (xfer_len > 0) {
+			//printf("URB: %s\n", osmo_hexdump(&buf[buf_i], xfer_len));
+			buf_i += xfer_len;
+			if (buf_i>=sizeof(buf)) {
+				perror("preventing USB buffer overflow");
+				return;
+			}
+			int processed = process_usb_msg(buf, buf_i);
+			if (processed>0 && processed<=buf_i) {
+				for (unsigned int i=processed; i<buf_i; i++) {
+					buf[i-processed] = buf[i];
+				}
+				buf_i -= processed;
+			}
+		}
+	}
+}
+
+static void print_welcome(void)
+{
+	printf("simtrace2-sniff - Phone-SIM card communication sniffer \n"
+	       "(C) 2010-2017 by Harald Welte <laforge@gnumonks.org>\n"
+	       "(C) 2018 by Kevin Redon <kredon@sysmocom.de>\n"
+	       "\n"
+	);
+}
+
+static void print_help(void)
+{
+	printf(
+		"\t-h\t--help\n"
+		"\t-i\t--gsmtap-ip\tA.B.C.D\n"
+		"\t-k\t--keep-running\n"
+		"\t-V\t--usb-vendor\tVENDOR_ID\n"
+		"\t-P\t--usb-product\tPRODUCT_ID\n"
+		"\t-C\t--usb-config\tCONFIG_ID\n"
+		"\t-I\t--usb-interface\tINTERFACE_ID\n"
+		"\t-S\t--usb-altsetting ALTSETTING_ID\n"
+		"\t-A\t--usb-address\tADDRESS\n"
+		"\n"
+		);
+}
+
+static const struct option opts[] = {
+	{ "help", 0, 0, 'h' },
+	{ "gsmtap-ip", 1, 0, 'i' },
+	{ "keep-running", 0, 0, 'k' },
+	{ "usb-vendor", 1, 0, 'V' },
+	{ "usb-product", 1, 0, 'P' },
+	{ "usb-config", 1, 0, 'C' },
+	{ "usb-interface", 1, 0, 'I' },
+	{ "usb-altsetting", 1, 0, 'S' },
+	{ "usb-address", 1, 0, 'A' },
+	{ NULL, 0, 0, 0 }
+};
+
+/* Known USB device with SIMtrace firmware supporting sniffer */
+static const struct dev_id compatible_dev_ids[] = {
+	{ USB_VENDOR_OPENMOKO, USB_PRODUCT_SIMTRACE2 },
+	{ 0, 0 }
+};
+
+static void signal_handler(int signal)
+{
+	switch (signal) {
+	case SIGINT:
+		exit(0);
+		break;
+	default:
+		break;
+	}
+}
+
+int main(int argc, char **argv)
+{
+	int rc, ret;
+	print_welcome();
+
+	/* Parse arguments */
+	char *gsmtap_host = "127.0.0.1";
+	int keep_running = 0;
+	int vendor_id = -1, product_id = -1, addr = -1, config_id = -1, if_num = -1, altsetting = -1;
+
+	while (1) {
+		int option_index = 0;
+
+		char c = getopt_long(argc, argv, "hi:kV:P:C:I:S:A:", opts, &option_index);
+		if (c == -1)
+			break;
+		switch (c) {
+		case 'h':
+			print_help();
+			exit(0);
+			break;
+		case 'i':
+			gsmtap_host = optarg;
+			break;
+		case 'k':
+			keep_running = 1;
+			break;
+		case 'V':
+			vendor_id = strtol(optarg, NULL, 16);
+			break;
+		case 'P':
+			product_id = strtol(optarg, NULL, 16);
+			break;
+		case 'C':
+			config_id = atoi(optarg);
+			break;
+		case 'I':
+			if_num = atoi(optarg);
+			break;
+		case 'S':
+			altsetting = atoi(optarg);
+			break;
+		case 'A':
+			addr = atoi(optarg);
+			break;
+		}
+	}
+
+	/* Scan for available SIMtrace USB devices supporting sniffing */
+	rc = libusb_init(NULL);
+	if (rc < 0) {
+		fprintf(stderr, "libusb initialization failed\n");
+		goto do_exit;
+	}
+	struct usb_interface_match ifm_scan[16];
+	int num_interfaces = usb_match_interfaces(NULL, compatible_dev_ids,
+				 USB_CLASS_PROPRIETARY, SIMTRACE_SNIFFER_USB_SUBCLASS, -1, ifm_scan, ARRAY_SIZE(ifm_scan));
+	if (num_interfaces <= 0) {
+		perror("No compatible USB devices found");
+		goto do_exit;
+	}
+
+	/* Only keep USB matching arguments */
+	struct usb_interface_match ifm_filtered[ARRAY_SIZE(ifm_scan)];
+	int num_filtered = 0;
+	for (unsigned int i = 0; i < num_interfaces; i++) {
+		if (vendor_id>=0 && vendor_id!=ifm_scan[i].vendor) {
+			continue;
+		}
+		if (product_id>=0 && product_id!=ifm_scan[i].product) {
+			continue;
+		}
+		if (config_id>=0 && config_id!=ifm_scan[i].configuration) {
+			continue;
+		}
+		if (if_num>=0 && if_num!=ifm_scan[i].interface) {
+			continue;
+		}
+		if (altsetting>=0 && altsetting!=ifm_scan[i].altsetting) {
+			continue;
+		}
+		if (addr>=0 && addr!=ifm_scan[i].addr) {
+			continue;
+		}
+		ifm_filtered[num_filtered++] = ifm_scan[i];
+	}
+	if (1!=num_filtered) {
+		perror("No individual matching USB devices found");
+		printf("Available USB devices:\n");
+		for (unsigned int i = 0; i < num_interfaces; i++) {
+			printf("\t%04x:%04x Addr=%u, Path=%s, Cfg=%u, Intf=%u, Alt=%u: %d/%d/%d ",
+			ifm_scan[i].vendor, ifm_scan[i].product, ifm_scan[i].addr, ifm_scan[i].path,
+			ifm_scan[i].configuration, ifm_scan[i].interface, ifm_scan[i].altsetting,
+			ifm_scan[i].class, ifm_scan[i].sub_class, ifm_scan[i].protocol);
+			libusb_device_handle *dev_handle;
+			rc = libusb_open(ifm_scan[i].usb_dev, &dev_handle);
+			if (rc < 0) {
+				printf("\n");
+				perror("Cannot open device");
+				continue;
+			}
+			char strbuf[256];
+			rc = libusb_get_string_descriptor_ascii(dev_handle, ifm_scan[i].string_idx,
+					(unsigned char *)strbuf, sizeof(strbuf));
+			libusb_close(dev_handle);
+			if (rc < 0) {
+				printf("\n");
+				perror("Cannot read string");
+				continue;
+			}
+			printf("(%s)\n", strbuf);
+		}
+		goto do_exit;
+	}
+	struct usb_interface_match ifm_selected = ifm_filtered[0];
+	printf("Using USB device %04x:%04x Addr=%u, Path=%s, Cfg=%u, Intf=%u, Alt=%u: %d/%d/%d ",
+	ifm_selected.vendor, ifm_selected.product, ifm_selected.addr, ifm_selected.path,
+	ifm_selected.configuration, ifm_selected.interface, ifm_selected.altsetting,
+	ifm_selected.class, ifm_selected.sub_class, ifm_selected.protocol);
+	libusb_device_handle *dev_handle;
+	rc = libusb_open(ifm_selected.usb_dev, &dev_handle);
+	if (rc < 0) {
+		printf("\n");
+		perror("Cannot open device");
+	}
+	char strbuf[256];
+	rc = libusb_get_string_descriptor_ascii(dev_handle, ifm_selected.string_idx,
+			(unsigned char *)strbuf, sizeof(strbuf));
+	libusb_close(dev_handle);
+	if (rc < 0) {
+		printf("\n");
+		perror("Cannot read string");
+	}
+	printf("(%s)\n", strbuf);
+
+	g_gti = gsmtap_source_init(gsmtap_host, GSMTAP_UDP_PORT, 0);
+	if (!g_gti) {
+		perror("unable to open GSMTAP");
+		goto close_exit;
+	}
+	gsmtap_source_add_sink(g_gti);
+
+	signal(SIGINT, &signal_handler);
+
+	do {
+		_transp.usb_devh = usb_open_claim_interface(NULL, &ifm_selected);
+		if (!_transp.usb_devh) {
+			fprintf(stderr, "can't open USB device\n");
+			goto close_exit;
+		}
+
+		rc = libusb_claim_interface(_transp.usb_devh, ifm_selected.interface);
+		if (rc < 0) {
+			fprintf(stderr, "can't claim interface %d; rc=%d\n", ifm_selected.interface, rc);
+			goto close_exit;
+		}
+
+		rc = get_usb_ep_addrs(_transp.usb_devh, ifm_selected.interface, &_transp.usb_ep.out,
+				      &_transp.usb_ep.in, &_transp.usb_ep.irq_in);
+		if (rc < 0) {
+			fprintf(stderr, "can't obtain EP addrs; rc=%d\n", rc);
+			goto close_exit;
+		}
+
+		run_mainloop();
+		ret = 0;
+
+		if (_transp.usb_devh)
+			libusb_release_interface(_transp.usb_devh, 0);
+close_exit:
+		if (_transp.usb_devh)
+			libusb_close(_transp.usb_devh);
+		if (keep_running)
+			sleep(1);
+	} while (keep_running);
+
+	libusb_exit(NULL);
+do_exit:
+	return ret;
+}

host/simtrace2_usb.c

@@ -6,15 +6,7 @@
 #include <osmocom/core/utils.h>
 
 #include "libusb_util.h"
-
-#define USB_VENDOR_OPENMOKO		0x1d50
-#define USB_PRODUCT_OWHW_SAM3_DFU	0x4000
-#define USB_PRODUCT_OWHW_SAM3		0x4001
-#define USB_PRODUCT_QMOD_HUB		0x4002
-#define USB_PRODUCT_QMOD_SAM3_DFU	0x4003
-#define USB_PRODUCT_QMOD_SAM3		0x4004
-#define USB_PRODUCT_SIMTRACE2_DFU	0x60e2
-#define USB_PRODUCT_SIMTRACE2		0x60e3
+#include "simtrace_usb.h"
 
 static const struct dev_id compatible_dev_ids[] = {
 	{ USB_VENDOR_OPENMOKO, USB_PRODUCT_OWHW_SAM3 },
@@ -23,15 +15,15 @@ static const struct dev_id compatible_dev_ids[] = {
 	{ 0, 0 }
 };
 
-//libusb_get_string_descriptor_ascii(hdl, idx, *data, len)
-
 static int find_devices(void)
 {
 	struct usb_interface_match ifm[16];
 	int rc, i, num_interfaces;
 
+	/* scan for USB devices matching SIMtrace USB ID with proprietary class */ 
 	rc = usb_match_interfaces(NULL, compatible_dev_ids,
-				  255, 2, -1, ifm, ARRAY_SIZE(ifm));
+				 USB_CLASS_PROPRIETARY, -1, -1, ifm, ARRAY_SIZE(ifm));
+	printf("USB matches: %d\n", rc);
 	if (rc < 0)
 		return rc;
 	num_interfaces = rc;

host/simtrace_usb.h

@@ -0,0 +1 @@
+../firmware/libcommon/include/simtrace_usb.h