marbleThis acts just as a little help and notepad for me, because reading the PDFs is a little bit of a PITA. It's base on some links:
http://www.smartcard.co.uk/tutorials/sct-itsc.pdf
https://mobileforensics.files.wordpress.com/2007/03/sim-card-protocols.pdf
The waveform I captured:
When you sniff on the pins of a SIM card while the phone is booting up, you get something like this. The first thing I learned wat that the CLK line is not for the data bus, but acts as a clock for the processor in the card. After bootup, the CLK will start to oscillate and the reset pin will go high. Then the SIM an "answer to reset" (ATR).
The I/O port can be interpreted as a bidirectional (half duplex) UART. The baud rate at the start is about 9600, but in my case it was 8739. Even parity.
The firs byte of the ATR decides which bit is first.
| byte | pattern | meaning |
| 0 | 11011100 -> LSB first 11000000 -> MSB first | |
| 1 | +---+---+---+---+---+---+---+---+
| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
+===+===+===+===+===+===+===+===+
| bit mask | Hist. count |
+---+---+---+---+---+---+---+---+ | The higher nibble says which of the next four bytes will be send. If bit 7 is set, then byte 2 will be send, bit 6 byte 3 and so on. The lower nibble says how many bytes of the historical field will be send. |
| 2 | +---+---+---+---+---+---+---+---+
| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
+===+===+===+===+===+===+===+===+
| Freq nibble | Divid. nibble |
+---+---+---+---+---+---+---+---+ | |
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.