|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
| LinkBack | Thread Tools | Display Modes |
03-03-2002, 00:48 | #1 (permalink) |
Junior Member Join Date: Mar 2002 Location: Italy
Posts: 23
Member: 9873 Status: Offline Thanks Meter: 1 | Sim ToolKit and Cloning I need to write my own sim simulator, or there is a way to do it without start from beginning? tnx, ginomi www.napoliservice.com/sl45i |
The Following User Says Thank You to ginomi For This Useful Post: |
03-05-2002, 07:19 | #3 (permalink) |
Junior Member Join Date: Mar 2002 Location: Italy
Posts: 23
Member: 9873 Status: Offline Thanks Meter: 1 | tnx Alf, now I'm studing the dejan simulator for silver card with MPLAB. Do you know how work the main reading/writing routine which interact with the phone? ginomi www.napoliservice.com/sl45i |
03-09-2002, 10:46 | #4 (permalink) | |
Junior Member Join Date: Jun 2001 Location: Aveiro, Portugal
Posts: 39
Member: 4855 Status: Offline Thanks Meter: 0 | Quote:
B/R for all... Epilog Last edited by epilog; 03-09-2002 at 10:48. | |
03-13-2002, 17:21 | #5 (permalink) |
Junior Member Join Date: Feb 2002 Location: Czech Republic
Posts: 39
Member: 9589 Status: Offline Thanks Meter: 0 | Ginomi, I have implemented SIM Toolkit menu to my version of GSM SIM emulator. Although the source code is not available, I am ready to answer your questions... Go ahead... |
03-14-2002, 00:27 | #6 (permalink) |
Junior Member Join Date: Mar 2002 Location: Italy
Posts: 23
Member: 9873 Status: Offline Thanks Meter: 1 | Ok Programmer, are you sure? I have a lot of questions... I'm working on the dejan simulator for silver card: I write the 'SETUP_MENU' pdu just first of the MAIN loop; what do you think, it will work? Where can i put the operation of reading a PDU from phone? The first byte i will send/receive is the first byte of the STK pdu of I need to encapsulate it? tnx!!!! ginomi |
03-14-2002, 17:21 | #7 (permalink) |
Junior Member Join Date: Feb 2002 Location: Czech Republic
Posts: 39
Member: 9589 Status: Offline Thanks Meter: 0 | Yes I am. But don't expect too much, I don't know everything. Did you study GSM / 3GPP TS 11.14? Phone does communicate with SIM card (Phase 2+ or later) in accordance with this documentation. Look at the example below (perhaps it's not too long... your e-mail address is not available so I could not mail you directly but maybe it could be interesting for somebody else as well). I hope that you can understand how it works. The best tool for SIM Toolkit tests is ASIM4 (improved to support additional commands of course). There should be also possible to put SIM Toolkit commands to some new phones via cable (I saw simple example for Siemens device in some topic on this server but I did not test it). ATR: 3B 17 11 95 01 01 00 00 41 B3 A0 A4 00 00 02 SELECT FILE: A4 7F20 (Sel. address(GSM 900)) 9F 16 A0 F2 00 00 16 STATUS: F2 00 00 00 C0 7F 20 02 00 00 FF FF 01 0E 9B 00 10 06 00 83 8A 83 8A 90 00 A0 A4 00 00 02 SELECT FILE: A4 6FAE (Phase ID) 9F 0F A0 B0 00 00 01 READ BINARY 6FAE: B0 03 90 00 A0 A4 00 00 02 SELECT FILE: A4 3F00 (Sel. address) 9F 0F A0 A4 00 00 02 SELECT FILE: A4 2F05 (???) NOT FOUND 94 04 A0 A4 00 00 02 SELECT FILE: A4 7F20 (Sel. address(GSM 900)) 9F 16 A0 A4 00 00 02 SELECT FILE: A4 6F05 (Language) 9F 0F A0 C0 00 00 0E GET RESPONSE(0E): C0 00 00 00 07 6F 05 04 00 01 FF FF 01 02 00 90 00 A0 B0 00 00 07 READ BINARY 6F05: B0 FF FF FF FF FF FF FF 90 00 A0 A4 00 00 02 SELECT FILE: A4 6FAE (Phase ID) 9F 0F A0 B0 00 00 01 READ BINARY 6FAE: B0 03 90 00 A0 10 00 00 04 TERMINAL PROFILE(04): 10 1F 81 FF F7 91 76 A0 A4 00 00 02 SELECT FILE: A4 6F38 (SIM service table) 9F 0F A0 C0 00 00 0E GET RESPONSE(0E): C0 00 00 00 04 6F 38 04 00 1A FF FF 01 02 00 91 76 A0 B0 00 00 04 READ BINARY 6F38: B0 FF 3F FF 0F 91 76 A0 A4 00 00 02 SELECT FILE: A4 2FF2 (???) NOT FOUND 94 04 A0 A4 00 00 02 SELECT FILE: A4 3F00 (Sel. address) 9F 0F A0 A4 00 00 02 SELECT FILE: A4 2FE6 (???) NOT FOUND 94 04 A0 A4 00 00 02 SELECT FILE: A4 7F20 (Sel. address(GSM 900)) 9F 16 A0 A4 00 00 02 SELECT FILE: A4 6F07 (IMSI) 9F 0F A0 C0 00 00 0E GET RESPONSE(0E): C0 00 00 00 09 6F 07 04 00 1A FF 1A 01 02 00 91 76 A0 A4 00 00 02 SELECT FILE: A4 6F7E (Location Info) 9F 0F A0 C0 00 00 0E GET RESPONSE(0E): C0 00 00 00 0B 6F 7E 04 00 11 FF 1A 01 02 00 91 76 A0 A4 00 00 02 SELECT FILE: A4 7F10 (Sel. address(TELECOM)) 9F 16 A0 A4 00 00 02 SELECT FILE: A4 6F3A (Abreviated Dialing Number) 9F 0F A0 C0 00 00 0F GET RESPONSE(0F): C0 00 00 0A F0 6F 3A 04 00 11 FF 22 01 02 01 1C 91 76 A0 A4 00 00 02 SELECT FILE: A4 6F3B (Fixed Dialing Number) 9F 0F A0 C0 00 00 0F GET RESPONSE(0F): C0 00 00 04 60 6F 3B 04 00 12 FF FF 01 02 01 1C 91 76 A0 A4 00 00 02 SELECT FILE: A4 6F4B (Extension 2) 9F 0F A0 C0 00 00 0F GET RESPONSE(0F): C0 00 00 00 27 6F 4B 04 00 12 FF FF 01 02 01 0D 91 76 ... ... ... ... A0 A4 00 00 02 SELECT FILE: A4 7F10 (Sel. address(TELECOM)) 9F 16 A0 A4 00 00 02 SELECT FILE: A4 6F3C (SMS) 9F 0F A0 C0 00 00 0F GET RESPONSE(0F): C0 00 00 06 E0 6F 3C 04 00 11 FF FF 01 02 01 B0 91 76 A0 A4 00 00 02 SELECT FILE: A4 6F40 (MSISDN) 9F 0F A0 C0 00 00 0F GET RESPONSE(0F): C0 00 00 00 54 6F 40 04 00 11 FF FF 01 02 01 1C 91 76 A0 B2 01 04 1C READ RECORD [6F40] 01(1): B2 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 91 76 A0 B2 02 04 1C READ RECORD [6F40] 02(2): B2 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 91 76 A0 A4 00 00 02 SELECT FILE: A4 6F3C (SMS) 9F 0F A0 B2 01 04 B0 READ RECORD [6F3C] 01(1): B2 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 91 76 A0 A4 00 00 02 SELECT FILE: A4 6F44 (Last Dialing Number) 9F 0F A0 B2 01 04 1C READ RECORD [6F44] 01(1): B2 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 91 76 A0 12 00 00 76 FETCH(76): 12 D0 74 81 03 01 25 80 82 02 81 82 85 09 49 6E 66 6F 20 45 61 73 79 8F 07 01 5A 70 72 61 76 79 8F 06 02 53 70 6F 72 74 8F 07 03 5A 61 62 61 76 61 8F 0B 04 50 72 6F 67 72 61 6D 20 54 56 8F 07 05 45 2D 6D 61 69 6C 8F 04 06 46 61 78 8F 0A 07 43 65 73 74 6F 76 61 6E 69 8F 07 08 53 76 61 74 65 6B 8F 09 09 52 65 6A 73 74 72 69 6B 8F 08 0A 42 65 6E 65 66 69 74 90 00 A0 A4 00 00 02 SELECT FILE: A4 6F3C (SMS) 9F 0F A0 B2 02 04 B0 READ RECORD [6F3C] 02(2): B2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 A0 A4 00 00 02 SELECT FILE: A4 6F44 (Last Dialing Number) 9F 0F A0 B2 02 04 1C READ RECORD [6F44] 02(2): B2 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 90 00 A0 14 00 00 0D TERMINAL RESPONSE(0D): 14 81 03 01 25 80 82 02 82 81 83 02 00 FF 90 00 A0 A4 00 00 02 SELECT FILE: A4 6F3C (SMS) 9F 0F A0 B2 03 04 B0 READ RECORD [6F3C] 03(3): B2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 A0 A4 00 00 02 SELECT FILE: A4 6F44 (Last Dialing Number) 9F 0F A0 B2 03 04 1C READ RECORD [6F44] 03(3): B2 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 90 00 ... ... ... ; Menu selection: Item 1: A0 C2 00 00 09 ENVELOPE(09): C2 D3 07 02 02 01 81 90 01 01 91 18 A0 12 00 00 18 FETCH(18): 12 D0 16 81 03 07 23 01 82 02 81 82 8D 07 04 4D 65 6E 61 20 3F 11 02 03 03 90 00 A0 14 00 00 0F TERMINAL RESPONSE(0F): 14 81 03 07 23 01 82 02 82 81 83 02 11 FF 8D 00 90 00 ; Menu selection: Item 2: A0 C2 00 00 09 ENVELOPE(09): C2 D3 07 02 02 01 81 90 01 02 91 19 A0 12 00 00 19 FETCH(19): 12 D0 17 81 03 08 23 01 82 02 81 82 8D 08 04 42 61 6E 6B 61 20 3F 11 02 00 04 90 00 A0 14 00 00 0F TERMINAL RESPONSE(0F): 14 81 03 08 23 01 82 02 82 81 83 02 11 FF 8D 00 90 00 |
03-15-2002, 17:02 | #8 (permalink) |
Junior Member Join Date: Mar 2002 Location: Italy
Posts: 23
Member: 9873 Status: Offline Thanks Meter: 1 | I studied ETSI Ts 11.14 (a very bad standard), I've already developed a sample app using a Siemens AT command via infrared. Now I want a working prototype!!!! So, I understood with your code a lot of things (tnx!!), like how to framing STK pdu into apdu, using FETCH and ENVELOPE. Now my doubt is where I can put the first operation of FETCH to inform the ME about the menu. I think I have to set some bits somewhere prior to do this... maybe. I put the call to my write_menu routine first of the main loop, like that: ....... ;================================================ ;STK_menu call STK_menu ;================================================ main call wait movlf r7,5 movlf fsr,cla call read__data ;get cla,ins,p1,p2,p3 call wait ........ also I put a reading operation in the CASE-like block of the main routine: ................. xorlw 0ch ;cmp ins,24h ; change pin je change_pin ;-------------------------------------- xorlw 14h ;cmp ins,14h ; terminal response je term_resp ;-------------------------------------- jmp bad_ins .............. What do you think about my solution? I'm going to test in areal card... tnx very much!!! PS my email is [email protected] ginomi |
03-15-2002, 19:54 | #9 (permalink) |
Junior Member Join Date: Feb 2002 Location: Czech Republic
Posts: 39
Member: 9589 Status: Offline Thanks Meter: 0 | Well, you must change the strategy regarding to SIM Toolkit communication a bit.. Please read the documentation again and more carefully The point is that you have to wait until PHONE itself raises the FETCH instruction. Everything is visible in the log above. Short review - what's going on after SIM initialization: - phone checks if the SIM card is Phase 2+ or later and also if the SIM Toolkit menu is enabled (dependent on phone) - if not, no STK command shall be sent to card at all - otherwise the phone shall generate the TERMINAL_PROFILE instruction so SIM could check the phone capabilities and to prepare correct STK Menu - SIM then indicates that there are some data waiting for transfer to phone (by 91xx response instead of 90 00 where xx is data package length). SIM must wait (continue to perform other commands) until the phone can pick up data by FETCH instruction so you may not send the SIM Toolkit data to phone whenever you like. If there are no data to send to phone, the OK response is switched back to 90 00. Communication via infrared can work quite differently of course... Is it more clear now? What kind of application do you plan to integrate to SIM clone? |
03-15-2002, 23:48 | #10 (permalink) |
Junior Member Join Date: Mar 2002 Location: Italy
Posts: 23
Member: 9873 Status: Offline Thanks Meter: 1 | You are big!!!! tnx!!! I understood!!!! (I hope...) So, I wait the TERMINAL_PROFILE; Now I can inform the ME there is data to send using the response 91 Now I MUST wait the ME FETCH request to send data... ...It's not very simple to implement... I will try and I will tell you. Ah!! I'm developing a location system for my thesys; it already work with AT command, I hope to make a prototype... tnx! ginomi |
04-14-2002, 06:52 | #13 (permalink) |
No Life Poster Join Date: Jun 2001 Location: London Age: 41
Posts: 503
Member: 5006 Status: Offline Thanks Meter: 2 | IS THERE ANY DOCUMENTATION ON SIM CLONING PLS. ALSO WHAT SOFTWARE DO I NEED. MANY THANKS. I HAVE DONE A FEW SEARCHES BUT HAVE NOT FOUND ANYTHING. I ALSO BELIEVE I NEED A SILVER |
09-01-2002, 15:01 | #14 (permalink) |
Junior Member Join Date: Jun 2002
Posts: 5
Member: 13087 Status: Offline Thanks Meter: 0 | i have use the AT Command on my siemens S35i, but it give the answer like this : AT^SSTK=? ^SSTK: 7FFFFFFF7F0000CF02 what does it mean? and how can I write something into my phone,such as a new menu just like the STK Menu? |
03-17-2007, 17:20 | #15 (permalink) |
Junior Member Join Date: Dec 2006
Posts: 4
Member: 406125 Status: Offline Thanks Meter: 0 | is asim updated source code available is there an updated asim program written in pascal that supports instructions like: Envelop, Tprofile, Tresponse, fetch ??? If so I am interested to have it, just let me know your conditions guyve |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
SIM Application Toolkit and Programming | ashokjp | GSM Programming & Reverse Engineering | 3 | 05-03-2009 18:29 |
Finding SIM Toolkit Apps on a SIM card | RSmertz | GSM Programming & Reverse Engineering | 0 | 10-23-2008 16:32 |
Loading SIM Toolkit applet onto SIM | adamt | Sim Cloning and Scaning | 8 | 08-13-2005 14:51 |
can any one supply me a perfect tutorial in SIM cards and cloning... | sidharthaharish | Sim Cloning and Scaning | 1 | 02-20-2002 09:31 |
SIM TOOLKIT | pompator | Hardware Equipments for GSM | 0 | 12-20-2001 14:00 |
|