osmocom-analog

From 8fea1ef7bf377a314a5c9e963a708ff0f057194a Mon Sep 17 00:00:00 2001 From: Andreas Eversberg Date: Fri, 1 May 2020 19:01:39 +0200 Subject: Added SIM card emulator/sniffer for C-Netz --- .gitignore | 1 + configure.ac | 1 + docs/index.html | 1 + docs/sim.html | 472 +++++ docs/sim.jpg | Bin 0 -> 176303 bytes docs/style.css | 9 + docs/tv.html | 2 +- layout/telekarte.brd | 1786 +++++++++++++++++++ layout/telekarte.pdf | Bin 0 -> 18567 bytes layout/telekarte.sch | 4796 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/Makefile.am | 3 +- src/libdebug/debug.c | 4 + src/libdebug/debug.h | 4 + src/sim/Makefile.am | 18 + src/sim/eeprom.h | 33 + src/sim/image.c | 97 + src/sim/main.c | 489 +++++ src/sim/sim.c | 1438 +++++++++++++++ src/sim/sim.h | 148 ++ src/sim/sim.ino | 287 +++ src/sim/sniffer.c | 798 +++++++++ src/sim/sniffer.h | 26 + 22 files changed, 10411 insertions(+), 2 deletions(-) create mode 100644 docs/sim.html create mode 100644 docs/sim.jpg create mode 100755 layout/telekarte.brd create mode 100755 layout/telekarte.pdf create mode 100755 layout/telekarte.sch create mode 100644 src/sim/Makefile.am create mode 100644 src/sim/eeprom.h create mode 100644 src/sim/image.c create mode 100644 src/sim/main.c create mode 100644 src/sim/sim.c create mode 100644 src/sim/sim.h create mode 100644 src/sim/sim.ino create mode 100644 src/sim/sniffer.c create mode 100644 src/sim/sniffer.h diff --git a/.gitignore b/.gitignore index d0f0cd0..9c57ee7 100644 --- a/.gitignore +++ b/.gitignore @@ -69,6 +69,7 @@ src/tv/osmotv src/radio/osmoradio src/datenklo/datenklo src/zeitansage/zeitansage +src/sim/cnetz_sim extra/cnetz_memory_card_generator src/test/test_filter src/test/test_sendevolumenregler diff --git a/configure.ac b/configure.ac index a09e5d6..42921eb 100644 --- a/configure.ac +++ b/configure.ac @@ -100,6 +100,7 @@ AC_OUTPUT( src/radio/Makefile src/datenklo/Makefile src/zeitansage/Makefile + src/sim/Makefile src/test/Makefile src/Makefile extra/Makefile diff --git a/docs/index.html b/docs/index.html index 25dbaa0..ac17e70 100644 --- a/docs/index.html +++ b/docs/index.html @@ -112,6 +112,7 @@ Additional features:

diff --git a/docs/sim.html b/docs/sim.html new file mode 100644 index 0000000..e9826fe --- /dev/null +++ b/docs/sim.html @@ -0,0 +1,472 @@ + + + +osmocom-analog + + +

+ +

C-Netz SIM Emulator

+ +

+Why emulating a SIM card? +Maybe you got an a C-Netz phone from the attic, friend or Ebay? +But the SIM card is missing. Without SIM card you cannot use your C-Netz phone at all. +Then you buy a high price on Ebay to get a used SIM card. +You find out that the SIM card requires a PIN that you don't know. +Even if you find a SIM card with no PIN enabled, it may not work with newer phones. +The emulator can help you in this case. +

+ +

+Also the emulator can be used to emulate service cards or special cards that enable cell monitoring. +With this emulator you can modify all subscriber data without restrictions. +

+ +

Emulating SIM Card +
Sniffing SIM Card +
Build Your Own SIM Card +
Using the SIM Card +
Service Cards +

+ + +

+ +Emulating SIM Card +

+ +

+The easiest way to emulate a C-Netz SIM card is to use your Linux PC with a serial interface connected to the card reader of the phone. +Connection can be made directly via wires or via ISO card PCB. +You may also use an old ISO card an drill away the chip inside. Then solder thin wires close to the pads and connect them to a serial interface. +

+ +

+In order to connect the card to your Linux PC, you need a serial-to-USB interface. +Don't use the 9 pin SUB-D type of interface, because they have level shifters and will brick your phone. +Use TTL level interface as shown in the image above. +

+ +

+Because the SIM cards uses TTL level, we can connect a CP2102 controller directly to the card reader of a phone. +Don't worry about 5 Volts level from the card reader. The CP2102 can handle it. +In order to connect TX and RX together on one pad of the SIM card, we need to add a diode between the I/O pad and the TX output. +The cathode must point towards the TX output, so that TX can only pull the I/O line low (0). +Use a diode with a low forward voltage drop, like a Schottky diode. I use a simple 1n4148 Silicon diode and it works too. +

+ +

+Important: Some serial interfaces have wrong signal labels. +TX and RX might be reversed, so that TX is actually an input and RX an ouput. +You will find out when you connect an Milliamp meter between signal and ground. +The output will have several Milliamps, but the input doesn't. + +

+ +

+Important: Be sure to run your phone on battery and not via gounded power supply. +If the output of the power supply is grounded, the ground of your power line is also connected to the phone's card reader. +Voltage spikes on the power line's ground between your PC and your phone may kill the card reader or the USB port. +Use an isolating transformer! + +

+ +

+Important: The serial interface must support 8e2. (8 data bits, even parity, two stop bits) +I suggest to use the CP2102. If you know other serial interfaces that work, let me know. + +

+ + + + +

+Connect Ground to GND. +
+Connect CTS input to RESET. +
+Connect RX input to I/O. +
+Connect TX output via diode to I/O. +
+(Place cathode towards TX output) +

+ +

+To run the emulator, use the "sim" keyword at the end of the command line. +Use the '-s' option to give the correct serial interface: +

+ +

+
+# src/sim/cnetz_sim -s /dev/ttyUSB0 sim
+
+...
+FUTLN=23100001, Sicherungscode=3103, Kartekennung=3, Sonderheitenschluessel=0, Wartungsschluessel=65535
+Telephone directory has 80 entries.
+SIM emulator ready, please start the phone!
+sim.c:1352 info   : Reset singnal on (low)
+sim.c:1352 info   : Reset singnal off (high)
+sim.c:1371 info   : Card has disabled PIN (system PIN '0000') Selecting card #1.
+sim.c:1374 info   : Sending ATR
+sim.c:1125 info   : RX message
+sim.c:1135 info   :  control I: N(S)=0 N(R)=0
+sim.c: 473 info   :  SL-APPL app 3
+sim.c:1222 info   : TX resonse
+sim.c:1228 info   :  control I: N(S)=0 N(R)=1
+sim.c:1125 info   : RX message
+sim.c:1135 info   :  control I: N(S)=1 N(R)=1
+sim.c: 558 info   :  RD-EBDT
+sim.c:1222 info   : TX resonse
+sim.c:1228 info   :  control I: N(S)=1 N(R)=2
+sim.c:1125 info   : RX message
+sim.c:1135 info   :  control I: N(S)=2 N(R)=2
+sim.c: 473 info   :  SL-APPL app 4
+sim.c:1222 info   : TX resonse
+sim.c:1228 info   :  control I: N(S)=2 N(R)=3
+sim.c:1125 info   : RX message
+sim.c:1135 info   :  control I: N(S)=3 N(R)=3
+sim.c: 473 info   :  SL-APPL app 3
+sim.c:1222 info   : TX resonse
+sim.c:1228 info   :  control I: N(S)=3 N(R)=4
+sim.c:1125 info   : RX message
+sim.c:1135 info   :  control I: N(S)=4 N(R)=4
+sim.c: 558 info   :  RD-EBDT
+sim.c:1222 info   : TX resonse
+sim.c:1228 info   :  control I: N(S)=4 N(R)=5
+sim.c:1125 info   : RX message
+sim.c:1135 info   :  control I: N(S)=5 N(R)=5
+sim.c: 599 info   :  RD-RUFN (loc=0)
+sim.c: 655 info   :  80 numbers can be stored in EEPROM
+sim.c:1222 info   : TX resonse
+sim.c:1228 info   :  control I: N(S)=5 N(R)=6
+sim.c:1352 info   : Reset singnal on (low)
+
+

+ +

+Use '-h' command line option to get a list of all options. +

+ + +

+ +Sniffing SIM Card +

+ +

+To run the sniffer, use the "sniff" keyword at the end of the command line. +You only need to connect I/O line to the RX line of your serial interface. (And ground of course!) +Use the '-s' option to give the correct serial interface: +

+ + +

+
+# src/sim/cnetz_sim -s /dev/ttyUSB0 sniff
+
+sniffer.c: 602 info   : ----------------------------------------
+sniffer.c: 609 info   : Reading ATR normal bit order:
+sniffer.c: 547 info   :  TD1 T=14: Refers to transmission protocols not standardized by ISO/IEC JTC 1/SC 17.
+sniffer.c: 590 info   : ----------------------------------------
+sniffer.c: 547 info   :  TD2 T=14: Refers to transmission protocols not standardized by ISO/IEC JTC 1/SC 17.
+sniffer.c: 590 info   : ----------------------------------------
+sniffer.c: 418 info   :  TA3 fsmin = 3 MHz
+sniffer.c: 433 info   :  TA3 fsmax = 5 MHz (Default)
+sniffer.c: 470 info   :  TB3 Maximum block size = 42
+sniffer.c: 516 info   :  TC3 Character Waiting Time = 3
+sniffer.c: 547 info   :  TD3 T=14: Refers to transmission protocols not standardized by ISO/IEC JTC 1/SC 17.
+sniffer.c: 590 info   : ----------------------------------------
+sniffer.c: 440 info   :  TA4 Block Waiting Time = 4
+sniffer.c: 590 info   : ----------------------------------------
+sniffer.c: 595 info   :  History byte #1: 0x92
+sniffer.c: 595 info   :  History byte #2: 0x80
+sniffer.c: 595 info   :  History byte #3: 0x00
+sniffer.c: 595 info   :  History byte #4: 0x41
+sniffer.c: 595 info   :  History byte #5: 0x32
+sniffer.c: 595 info   :  History byte #6: 0x36
+sniffer.c: 595 info   :  History byte #7: 0x01
+sniffer.c: 595 info   :  History byte #8: 0x11
+sniffer.c: 690 info   :  Checksum 0xe4 ok.
+sniffer.c: 697 info   : ATR done!
+sniffer.c: 715 info   : ----------------------------------------
+sniffer.c: 734 info   : Layer 2:
+sniffer.c: 735 info   :  source 3 -> to 1
+sniffer.c: 737 info   :  control I: N(S)=0 N(R)=0
+sniffer.c: 744 info   :  length 15
+sniffer.c: 203 info   : Interface control layer ICB1:
+sniffer.c: 207 info   :  ON-LINE-BIT:         0 = Off-line data
+sniffer.c: 211 info   :  CONFIRM-BIT:         0 = No meaning
+sniffer.c: 213 info   :  MASTER/SLAVE-BIT:    1 = Sender is master
+sniffer.c: 219 info   :  WT-EXTENSION-BIT:    0 = No request for WT-Extension
+sniffer.c: 223 info   :  ABORT/TERMINATE-BIT: 0 = No meaning
+sniffer.c: 227 info   :  ERROR-BIT:           0 = No meaning
+sniffer.c: 231 info   :  CHAINING-BIT:        0 = No more ICL data follows
+sniffer.c: 235 info   :  ICB-EXTENSION-BIT:   0 = no ICB follows
+sniffer.c:  48 info   : Layer 7:
+sniffer.c:  50 info   :  I = Command
+sniffer.c:  51 info   :  CLA = 0x02
+sniffer.c:  54 info   :   -> CNTR (Control Class)
+sniffer.c:  75 info   :  INS = 0xf1
+sniffer.c:  80 info   :   -> SL-APPL (Select Application)
+sniffer.c: 180 info   :  DLNG = 11
+sniffer.c: 187 info   :  DATA(0) = 0x38 '8' 56
+sniffer.c: 187 info   :  DATA(1) = 0x39 '9' 57
+sniffer.c: 187 info   :  DATA(2) = 0x34 '4' 52
+sniffer.c: 187 info   :  DATA(3) = 0x39 '9' 57
+sniffer.c: 187 info   :  DATA(4) = 0x30 '0' 48
+sniffer.c: 187 info   :  DATA(5) = 0x31 '1' 49
+sniffer.c: 187 info   :  DATA(6) = 0x30 '0' 48
+sniffer.c: 187 info   :  DATA(7) = 0x30 '0' 48
+sniffer.c: 187 info   :  DATA(8) = 0x33 '3' 51
+sniffer.c: 187 info   :  DATA(9) = 0x30 '0' 48
+sniffer.c: 187 info   :  DATA(10) = 0x31 '1' 49
+sniffer.c: 715 info   : ----------------------------------------
+sniffer.c: 734 info   : Layer 2:
+sniffer.c: 735 info   :  source 1 -> to 3
+sniffer.c: 737 info   :  control I: N(S)=0 N(R)=1
+sniffer.c: 744 info   :  length 4
+sniffer.c: 203 info   : Interface control layer ICB1:
+sniffer.c: 207 info   :  ON-LINE-BIT:         0 = Off-line data
+sniffer.c: 211 info   :  CONFIRM-BIT:         0 = No meaning
+sniffer.c: 215 info   :  MASTER/SLAVE-BIT:    0 = Sender is slave
+sniffer.c: 219 info   :  WT-EXTENSION-BIT:    0 = No request for WT-Extension
+sniffer.c: 223 info   :  ABORT/TERMINATE-BIT: 0 = No meaning
+sniffer.c: 227 info   :  ERROR-BIT:           0 = No meaning
+sniffer.c: 231 info   :  CHAINING-BIT:        0 = No more ICL data follows
+sniffer.c: 235 info   :  ICB-EXTENSION-BIT:   0 = no ICB follows
+sniffer.c:  48 info   : Layer 7:
+sniffer.c: 142 info   :  I = Response
+sniffer.c: 143 info   :  CCRC = 0x05
+sniffer.c: 145 info   :   -> PIN-NOT-OK
+sniffer.c: 149 info   :   -> APRC valid
+sniffer.c: 158 info   :  APRC = 0x02
+sniffer.c: 160 info   :   -> Bit 2 = 1:PIN-Check required
+sniffer.c: 166 info   :   -> Bit 3 = 0:Application unlocked
+sniffer.c: 170 info   :   -> Bit 5 = 0:GEBZ/RUFN unlocked
+sniffer.c: 174 info   :   -> Bit 6 = 0:GEBZ not full
+sniffer.c: 180 info   :  DLNG = 0
+sniffer.c: 302 info   : Resetting sniffer
+
+

+ +

+When the phone is switched on, the SIM card is powered up and outputs the ATR sequence (Answer To Reset). +

+ +

+The first message is a command message that is transmitted from the phone towards the SIM card. +The layer 2 header indicates the direction and the length of 15 bytes. +The ICR layer has no meaning with the C-Netz. +Except for the MASTER/SLAVE-BIT, no other bit is used. +The layer 7 (application) header indicates the command and the message type and length, followed by 11 bytes of data. +This command tells the SIM card to select C-Netz application. +

+ +

+The second message is a response message that is transmitted from the SIM card towards the phone. +The layer 2 header indicates the direction and the length of 4 bytes. +The layer 7 header indicates the response and status bits and length, followed by 0 bytes of data. +The response tells the SIM card that a PIN is required to complete the command. +The user is prompted to enter the pin. +

+ +

+To read more about the protocol, and the meaning of messages, refer to FTZ 171 TR 60 - Anhang 1 Berechtigungskarte als Prozessorkarte.pdf +

+ + +

+ +Build Your Own SIM Card +

+ +

+You find the PCB drawings inside the "layout" directory of the git repository. +Be sure to print it without scaling! +Check if the printed size matches an ISO card. +Also there is the source files for the 'Eagle' layout program, if you like to change it. +

+ +

+You may use an "Arduino UNO" or "ATTINY85" to emulate a SIM card without a PC. +In case of the Arduino, you still need wires to connect it to the card reader of the phone. +If you use an ATTINY85, you can put the micro controller directly on a PCB card, as shown on top of this page. +

+ +

+To compile and run with Arduino, you need to open "src/sim/sim.ino" with Arduino software and select the "Arduino UNO" board. +The RESET input is at pin 6 and the I/O line at pin 7. +Connect these two lines together with ground line to the card reader or ISO card PCB. +You don't need a diode this time, since pin 7 is automatically switched between input and output. +The serial protocol is emulated in software. +The status LED (pin 13) will flash whenever a message is received from the card reader. +

+ +

+To compile and run with ATTINY85, you need to open "src/sim/sim.ino" with Arduino software and select the "ATiny25/45/85" board and the "ATiny85" chip. +Refer to the internet on how to compile and flash the ATTINY85 without boot-loader. +It is beyond the scope of this documentation. +This time you need 5 wires to connect (VCC and Clock also). +

+ +

+Important: After flashing you need to wait 10 seconds before removing power. +During that time the EEPROM is initialized. +If you would read out the EEPROM, you will notice the letter 'C' at address 0. +Then you would know that the init process was finished with success. + +

+ +

+If you use the DIP version of the ATTINY85, you cannot put it on the card itself. +The PCB in the picture on top of this page shows the DIP socket next to the actual card area. +Be sure to put the chip on the back side of the SIM card. +This works only if the phone does not completely enclose the card. +

+ +

+If you use the SOIC version of the ATTINY85, you need to make it flat, so it fits into your phone. +You may use the full size SIM or just the mini SIM. +I prefer the mini SIM and use an adapter card for larger phones. +

+ +

+The original ATTINY85 (1) is shown upside down. +Bend the legs straight and shorten them, so they still fit into a programmer's socket. (2) +The use P400 sand paper to sand off the bottom of the case until you reach copper plate. (3) +Make a hole into the PBC and solder the chip upside down into that hole. +Pin 1 is marked on the PCB. +

+ +

+Important: You need to change clock source to pin 1. + +

+ +

+Change lower fuse of 0xc0. +Note that you will not be able to do any further programming unless you apply clock signal to pin 1. +Use a crystal oscillator connected to pin 1 when you like to update the firmware in the future. +You may also use other type of clock signal. +Try something between 1 and 8 MHz. +I recommend to use the USBasp or a clone of that. It is cheap and easy and works with USB. +To set the fuses using "avrdude" in conjunction with "usbasp" flash tool, use:
+
+avrdude -c usbasp-clone -p t85 -U lfuse:w:0xc0:m -U hfuse:w:0xdf:m -U efuse:w:0xff:m
+
+If you run it again, you might notice that there is no response without a clock applied. +Apply a clock to pin 1 and see if you get a response again. +

+ +

+ +Using the SIM Card +

+ +

+After powering up the phone with SIM adapter/emulator attached, the phone should show the default subscriber number (FUTLN) on the display. +(Not all phones do. Read the manual to get the key code on how to show the subscriber number.) +There is no PIN enabled by default, so the SIM card is ready after inserting or poweing up the phone. +Now you can make calls, add telephone numbers or change PIN. +

+ +

+The SIM card can emulate 8 different cards. +They share the same telephone directory, but have different subscriber data. +Subscriber data can be changed to anything you like. +This way it is possible to even emulate service cards ("Wartungskarten"), to put phones into service mode or special cell monitor mode. +

+ +

+If the PIN is disabled (default), the first card with first subscriber data is emulates. +To select different card with dfferent subscriber data, change the PIN to 0001 .. 0008. +Refer to the phone's manual on how to change the PIN. +E.g. if you store the PIN 0000 or 0001, the first card with the first subscriber data is emulated. +E.g. if you store the PIN 0005, the fifth card with the fifth subscriber data is emulated. +In all cases, there is no PIN required when you turn on the phone. +

+ +

+ + + + + + + + + + +
PIN FUTLN =
Subscriber Sicherungs-
code Karten-
kennung Sonderheiten-
schlüssel Wartungs-
schlüssel
0000 or 0001 2222001 3103 3 0 65535
0002 2222002 3103 3 0 65535
0003 2222003 3103 3 0 65535
0004 2222004 3103 3 0 65535
0005 2222005 3103 3 0 65535
0006 2222006 3103 3 0 65535
0007 2222007 3103 3 0 65535
0008 2222008 3103 3 0 65535
+

+ +

+You may want to use a PIN to select the card whenever you turn on the phone. +Use the phone to enable a PIN that does not start with "000". +When you restart your phone, you may enter that PIN, to select the first card. +Alternatively you may enter the PIN 0000 or 0001, to select the first card, no matter what the PIN was. +Or you may enter the PIN 0002 .. 0008, to select second to eight card. +

+ +

+You may also alter each of the 8 different subscriber data store on the SIM. +In order to do that, you need to set a PIN, so the phone will ask for a PIN whenever it is turned on. +Choose any PIN you like, but not a PIN stat starts with 000. +Turn on the phone and you will be asked for a PIN. +Enter the PIN 9991 to alter the first subscriber data. +Enter the PIN 9992 .. 9998 to alter second to eigtht subscriber data. +The subscriber data is shown in the telephone directory and can be altered by changing the numbers in that directory. +

+ +

+The default subscriber data and where to change them in the telephone directory: +

+ + + + + + + +
Entry Name Number
01 FUTLN 2222001 *
02 Sicherungscode 3103
03 Kartenkennung 3
04 Sonderheitsschl. 0
05 Wartungsschl. 65535
+
+(*) When PIN 9991 was entered. +

+ + +

+ +Service Cards +

+ +

+To program one of the following service cards, change the subscriber data to the indicated values. +

+ +

+ + + + + + + +
Type FUTLN =
Subscriber Sicherungs-
code Karten-
kennung Sonderheiten-
schlüssel Wartungs-
schlüssel
Siemens C5
service mode - - - 900 1000
Phillips Miniporty
service mode - - - 900 1000
Phillips Miniporty
cell monitor - - - 900 1728 or
2729
Phillips Porty
service mode 0 0 0 2304 -
Phillips Porty
cell monitor - - - 898 -
+

+ + +

[Back to main page]

+ + diff --git a/docs/sim.jpg b/docs/sim.jpg new file mode 100644 index 0000000..1f2a037 Binary files /dev/null and b/docs/sim.jpg differ diff --git a/docs/style.css b/docs/style.css index 06b6850..8232fb6 100644 --- a/docs/style.css +++ b/docs/style.css @@ -91,6 +91,15 @@ table.imts { border-collapse: collapse; } +table.sim { + width: 816; + text-align: left; + table-layout: fixed; + border-spacing: 0px; + border: none; + border-collapse: collapse; +} + li { font-size: 20; color: #000000; diff --git a/docs/tv.html b/docs/tv.html index 81f7122..38f3747 100644 --- a/docs/tv.html +++ b/docs/tv.html @@ -27,7 +27,7 @@ The following test signals are supported:

-Importaint: SDR is required! It must be capable of about 15 Mega samples per second. +Important: SDR is required! It must be capable of about 15 Mega samples per second.

If you use LimeSDR, you MUST use USB 3.0 to have enough bandwidth!

diff --git a/layout/telekarte.brd b/layout/telekarte.brd new file mode 100755 index 0000000..1592e74 --- /dev/null +++ b/layout/telekarte.brd @@ -0,0 +1,1786 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Jolly's +TeleKarte +1 +1 + + +VCC +GND +RES +CLK +I/O + + + +ISO 7816 Chipcard (Package) +<author>Created by librarian@cadsoft.de</author> + + +ISO7816-1 Standard Chip Card +Source: http://www.didya.com/iso-7816.asp + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +VCC +RST +CLK +NC +I/O +GND +>NAME +>VALUE +NC +NC + + + + + + + + + + + + +AVR Devices +Configurable logic, microcontrollers, nonvolatile memories +Based on the following sources: +<ul> +<li>www.atmel.com +<li>CD-ROM : Configurable Logic Microcontroller Nonvolatile Memory +<li>CadSoft download site, www.cadsoft.de or www.cadsoftusa.com , file at90smcu_v400.zip +</ul> +<author>Revised by librarian@cadsoft.de</author> + + +SMALL OUTLINE INTEGRATED CIRCUIT +body 3.9 mm/JEDEC MS-012AA + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + + + + + + + + + +Dual In Line Package + + + + + + + + + + + + + + +>NAME +>VALUE + + + + +Test Pins/Pads +Cream on SMD OFF. +new: Attribute TP_SIGNAL_NAME +<author>Created by librarian@cadsoft.de</author> + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + + + +Resistors, Capacitors, Inductors +Based on the previous libraries: +<ul> +<li>r.lbr +<li>cap.lbr +<li>cap-fe.lbr +<li>captant.lbr +<li>polcap.lbr +<li>ipc-smd.lbr +</ul> +All SMD packages are defined according to the IPC specifications and CECC +<author>Created by librarian@cadsoft.de</author> + +for Electrolyt Capacitors see also : +www.bccomponents.com +www.panasonic.com +www.kemet.com + +for trimmer refence see : www.electrospec-inc.com/cross_references/trimpotcrossref.asp + +<map name="nav_main"> +<area shape="rect" coords="0,1,140,23" href="../military_specs.asp" title=""> +<area shape="rect" coords="0,24,140,51" href="../about.asp" title=""> +<area shape="rect" coords="1,52,140,77" href="../rfq.asp" title=""> +<area shape="rect" coords="0,78,139,103" href="../products.asp" title=""> +<area shape="rect" coords="1,102,138,128" href="../excess_inventory.asp" title=""> +<area shape="rect" coords="1,129,138,150" href="../edge.asp" title=""> +<area shape="rect" coords="1,151,139,178" href="../industry_links.asp" title=""> +<area shape="rect" coords="0,179,139,201" href="../comments.asp" title=""> +<area shape="rect" coords="1,203,138,231" href="../directory.asp" title=""> +<area shape="default" nohref> +</map> + +<html> + +<title></title> + + <LINK REL="StyleSheet" TYPE="text/css" HREF="style-sheet.css"> + +<body bgcolor="#ffffff" text="#000000" marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"> +<table border=0 cellspacing=0 cellpadding=0 width="100%" cellpaddding=0 height="55%"> +<tr valign="top"> + +</td> +<! <td width="10"> </td> +<td width="90%"> + +TRIM-POT CROSS REFERENCE + +<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=2> + <TR> + <TD COLSPAN=8> + RECTANGULAR MULTI-TURN + </TD> + </TR> + <TR> + <TD ALIGN=CENTER> + + BOURNS + + </TD> + <TD ALIGN=CENTER> + + BI TECH + + </TD> + <TD ALIGN=CENTER> + + DALE-VISHAY + + </TD> + <TD ALIGN=CENTER> + + PHILIPS/MEPCO + + </TD> + <TD ALIGN=CENTER> + + MURATA + + </TD> + <TD ALIGN=CENTER> + + PANASONIC + + </TD> + <TD ALIGN=CENTER> + + SPECTROL + + </TD> + <TD ALIGN=CENTER> + + MILSPEC + + </TD><TD> </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3005P + 3006P + 3006W + 3006Y + 3009P + 3009W + 3009Y + 3057J + 3057L + 3057P + 3057Y + 3059J + 3059L + 3059P + 3059Y + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 89P + 89W + 89X + 89PH + 76P + 89XH + 78SLT + 78L ALT + 56P ALT + 78P ALT + T8S + 78L + 56P + 78P + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + T18/784 + 783 + 781 + - + - + - + 2199 + 1697/1897 + 1680/1880 + 2187 + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 8035EKP/CT20/RJ-20P + - + RJ-20X + - + - + - + 1211L + 8012EKQ ALT + 8012EKR ALT + 1211P + 8012EKJ + 8012EKL + 8012EKQ + 8012EKR + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 2101P + 2101W + 2101Y + - + - + - + - + - + - + - + - + 2102L + 2102S + 2102Y + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + EVMCOG + - + - + - + - + - + - + - + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 43P + 43W + 43Y + - + - + - + - + 40L + 40P + 40Y + 70Y-T602 + 70L + 70P + 70Y + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + - + - + RT/RTR12 + RT/RTR12 + RT/RTR12 + - + RJ/RJR12 + RJ/RJR12 + RJ/RJR12 + </TD> + </TR> + <TR> + <TD COLSPAN=8>  + </TD> + </TR> + <TR> + <TD COLSPAN=8> + SQUARE MULTI-TURN + </TD> + </TR> + <TR> + <TD ALIGN=CENTER> + BOURN + </TD> + <TD ALIGN=CENTER> + BI TECH + </TD> + <TD ALIGN=CENTER> + DALE-VISHAY + </TD> + <TD ALIGN=CENTER> + PHILIPS/MEPCO + </TD> + <TD ALIGN=CENTER> + MURATA + </TD> + <TD ALIGN=CENTER> + PANASONIC + </TD> + <TD ALIGN=CENTER> + SPECTROL + </TD> + <TD ALIGN=CENTER> + MILSPEC + </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3250L + 3250P + 3250W + 3250X + 3252P + 3252W + 3252X + 3260P + 3260W + 3260X + 3262P + 3262W + 3262X + 3266P + 3266W + 3266X + 3290H + 3290P + 3290W + 3292P + 3292W + 3292X + 3296P + 3296W + 3296X + 3296Y + 3296Z + 3299P + 3299W + 3299X + 3299Y + 3299Z + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 66P ALT + 66W ALT + 66X ALT + 66P ALT + 66W ALT + 66X ALT + - + 64W ALT + - + 64P ALT + 64W ALT + 64X ALT + 64P + 64W + 64X + 66X ALT + 66P ALT + 66W ALT + 66P + 66W + 66X + 67P + 67W + 67X + 67Y + 67Z + 68P + 68W + 68X + 67Y ALT + 67Z ALT + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 5050 + 5091 + 5080 + 5087 + - + - + - + - + - + - + - + T63YB + T63XB + - + - + - + 5887 + 5891 + 5880 + - + - + - + T93Z + T93YA + T93XA + T93YB + T93XB + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + - + - + - + - + 8026EKP + 8026EKW + 8026EKM + 8026EKP + 8026EKB + 8026EKM + 1309X + 1309P + 1309W + 8024EKP + 8024EKW + 8024EKN + RJ-9P/CT9P + RJ-9W + RJ-9X + - + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + - + - + - + - + 3103P + 3103Y + 3103Z + 3103P + 3103Y + 3103Z + - + - + - + - + - + - + 3105P/3106P + 3105W/3106W + 3105X/3106X + 3105Y/3106Y + 3105Z/3105Z + 3102P + 3102W + 3102X + 3102Y + 3102Z + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + EVMCBG + EVMCCG + - + - + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 55-1-X + 55-4-X + 55-3-X + 55-2-X + - + - + - + - + - + - + - + - + - + - + - + - + 50-2-X + 50-4-X + 50-3-X + - + - + - + 64P + 64W + 64X + 64Y + 64Z + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + RT/RTR22 + RT/RTR22 + RT/RTR22 + RT/RTR22 + RJ/RJR22 + RJ/RJR22 + RJ/RJR22 + RT/RTR26 + RT/RTR26 + RT/RTR26 + RJ/RJR26 + RJ/RJR26 + RJ/RJR26 + RJ/RJR26 + RJ/RJR26 + RJ/RJR26 + RT/RTR24 + RT/RTR24 + RT/RTR24 + RJ/RJR24 + RJ/RJR24 + RJ/RJR24 + RJ/RJR24 + RJ/RJR24 + RJ/RJR24 + - + - + - + - + - + - + - + </TD> + </TR> + <TR> + <TD COLSPAN=8>  + </TD> + </TR> + <TR> + <TD COLSPAN=8> + SINGLE TURN + </TD> + </TR> + <TR> + <TD ALIGN=CENTER> + BOURN + </TD> + <TD ALIGN=CENTER> + BI TECH + </TD> + <TD ALIGN=CENTER> + DALE-VISHAY + </TD> + <TD ALIGN=CENTER> + PHILIPS/MEPCO + </TD> + <TD ALIGN=CENTER> + MURATA + </TD> + <TD ALIGN=CENTER> + PANASONIC + </TD> + <TD ALIGN=CENTER> + SPECTROL + </TD> + <TD ALIGN=CENTER> + MILSPEC + </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3323P + 3323S + 3323W + 3329H + 3329P + 3329W + 3339H + 3339P + 3339W + 3352E + 3352H + 3352K + 3352P + 3352T + 3352V + 3352W + 3362H + 3362M + 3362P + 3362R + 3362S + 3362U + 3362W + 3362X + 3386B + 3386C + 3386F + 3386H + 3386K + 3386M + 3386P + 3386S + 3386W + 3386X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 25P + 25S + 25RX + 82P + 82M + 82PA + - + - + - + 91E + 91X + 91T + 91B + 91A + 91V + 91W + 25W + 25V + 25P + - + 25S + 25U + 25RX + 25X + 72XW + 72XL + 72PM + 72RX + - + 72PX + 72P + 72RXW + 72RXL + 72X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + T7YB + T7YA + - + - + - + - + - + - + - + - + - + - + - + - + TXD + TYA + TYP + - + TYD + TX + - + 150SX + 100SX + 102T + 101S + 190T + 150TX + 101 + - + - + 101SX + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + ET6P + ET6S + ET6X + RJ-6W/8014EMW + RJ-6P/8014EMP + RJ-6X/8014EMX + TM7W + TM7P + TM7X + - + 8017SMS + - + 8017SMB + 8017SMA + - + - + CT-6W + CT-6H + CT-6P + CT-6R + - + CT-6V + CT-6X + - + - + 8038EKV + - + 8038EKX + - + - + 8038EKP + 8038EKZ + 8038EKW + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + 3321H + 3321P + 3321N + 1102H + 1102P + 1102T + RVA0911V304A + - + RVA0911H413A + RVG0707V100A + RVA0607V(H)306A + RVA1214H213A + - + - + - + - + - + - + - + - + - + 3104B + 3104C + 3104F + 3104H + - + 3104M + 3104P + 3104S + 3104W + 3104X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + EVMQ0G + EVMQIG + EVMQ3G + EVMS0G + EVMQ0G + EVMG0G + - + - + - + EVMK4GA00B + EVM30GA00B + EVMK0GA00B + EVM38GA00B + EVMB6 + EVLQ0 + - + EVMMSG + EVMMBG + EVMMAG + - + - + EVMMCS + - + - + - + - + - + EVMM1 + - + - + EVMM0 + - + - + EVMM3 + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + 62-3-1 + 62-1-2 + - + - + - + - + - + - + - + - + - + - + - + 67R + - + 67P + - + - + - + - + 67X + 63V + 63S + 63M + - + - + 63H + 63P + - + - + 63X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + RJ/RJR50 + RJ/RJR50 + RJ/RJR50 + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + </TD> + </TR> +</TABLE> +  +<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=3> + <TR> + <TD COLSPAN=7> + SMD TRIM-POT CROSS REFERENCE + + MULTI-TURN + </TD> + </TR> + <TR> + <TD> + BOURNS + </TD> + <TD> + BI TECH + </TD> + <TD> + DALE-VISHAY + </TD> + <TD> + PHILIPS/MEPCO + </TD> + <TD> + PANASONIC + </TD> + <TD> + TOCOS + </TD> + <TD> + AUX/KYOCERA + </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3224G + 3224J + 3224W + 3269P + 3269W + 3269X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 44G + 44J + 44W + 84P + 84W + 84X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + ST63Z + ST63Y + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + ST5P + ST5W + ST5X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + </TD> + </TR> + <TR> + <TD COLSPAN=7>  + </TD> + </TR> + <TR> + <TD COLSPAN=7> + SINGLE TURN + </TD> + </TR> + <TR> + <TD> + BOURNS + </TD> + <TD> + BI TECH + </TD> + <TD> + DALE-VISHAY + </TD> + <TD> + PHILIPS/MEPCO + </TD> + <TD> + PANASONIC + </TD> + <TD> + TOCOS + </TD> + <TD> + AUX/KYOCERA + </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3314G + 3314J + 3364A/B + 3364C/D + 3364W/X + 3313G + 3313J + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 23B + 23A + 21X + 21W + - + 22B + 22A + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + ST5YL/ST53YL + ST5YJ/5T53YJ + ST-23A + ST-22B + ST-22 + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + ST-4B + ST-4A + - + - + - + ST-3B + ST-3A + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + EVM-6YS + EVM-1E + EVM-1G + EVM-1D + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + G4B + G4A + TR04-3S1 + TRG04-2S1 + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + DVR-43A + CVR-42C + CVR-42A/C + - + - + </TD> + </TR> +</TABLE> + +ALT = ALTERNATE + + +  + +</td> +</tr> +</table> +</BODY></HTML> + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + + + + + + + + + + + + +EAGLE Design Rules + +Die Standard-Design-Rules sind so gewählt, dass sie für +die meisten Anwendungen passen. Sollte ihre Platine +besondere Anforderungen haben, treffen Sie die erforderlichen +Einstellungen hier und speichern die Design Rules unter +einem neuen Namen ab. +EAGLE Design Rules + +The default Design Rules have been set to cover +a wide range of applications. Your particular design +may have different requirements, so please make the +necessary adjustments and save your customized +design rules under a new name. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/layout/telekarte.pdf b/layout/telekarte.pdf new file mode 100755 index 0000000..e95ad0c Binary files /dev/null and b/layout/telekarte.pdf differ diff --git a/layout/telekarte.sch b/layout/telekarte.sch new file mode 100755 index 0000000..92d2b1c --- /dev/null +++ b/layout/telekarte.sch @@ -0,0 +1,4796 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +ISO 7816 Chipcard (Package) +<author>Created by librarian@cadsoft.de</author> + + +ISO 7816 Chipcard + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +VCC +RST +CLK +NC +I/O +GND +>NAME +>VALUE +NC +NC + + + + + + + + + + +ISO7816-1 Standard Chip Card +Source: http://www.didya.com/iso-7816.asp + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +VCC +RST +CLK +NC +I/O +GND +>NAME +>VALUE +NC +NC + + + + + + + + + + +AFNOR Chip Card +Source: http://www.didya.com/iso-7816.asp + + + + + + + + + + + +>NAME +>VALUE + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +VCC +RST +CLK +NC +I/O +GND +>NAME +>VALUE +NC +NC + + + + + + + + + + + + + + + + + + + + +Chip card connector ISO 7816 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +AVR Devices +Configurable logic, microcontrollers, nonvolatile memories +Based on the following sources: +<ul> +<li>www.atmel.com +<li>CD-ROM : Configurable Logic Microcontroller Nonvolatile Memory +<li>CadSoft download site, www.cadsoft.de or www.cadsoftusa.com , file at90smcu_v400.zip +</ul> +<author>Revised by librarian@cadsoft.de</author> + + +Dual In Line Package + + + + + + + + + + + + + + +>NAME +>VALUE + + +SMALL OUTLINE INTEGRATED CIRCUIT +body 3.9 mm/JEDEC MS-012AA + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + + + + + + + + + + + + + + + +>NAME +>VALUE + + + + + + + + + + + + +MICROCONTROLLER +1 Kbytes ROM + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Test Pins/Pads +Cream on SMD OFF. +new: Attribute TP_SIGNAL_NAME +<author>Created by librarian@cadsoft.de</author> + + +TEST PAD + + + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + + + + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + + +>NAME +>VALUE +>TP_SIGNAL_NAME + + + +TEST PAD + + +>NAME +>VALUE +>TP_SIGNAL_NAME + + + +TEST PAD + + +>NAME +>VALUE +>TP_SIGNAL_NAME + + + +TEST PAD + + +>NAME +>VALUE +>TP_SIGNAL_NAME + + + +TEST PAD + + +>NAME +>VALUE +>TP_SIGNAL_NAME + + + +TEST PAD + + +>NAME +>VALUE +>TP_SIGNAL_NAME + + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + +TEST PAD + +>NAME +>VALUE +>TP_SIGNAL_NAME + + + + + + + + +>NAME +>TP_SIGNAL_NAME + + + + + +Test pad + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Resistors, Capacitors, Inductors +Based on the previous libraries: +<ul> +<li>r.lbr +<li>cap.lbr +<li>cap-fe.lbr +<li>captant.lbr +<li>polcap.lbr +<li>ipc-smd.lbr +</ul> +All SMD packages are defined according to the IPC specifications and CECC +<author>Created by librarian@cadsoft.de</author> + +for Electrolyt Capacitors see also : +www.bccomponents.com +www.panasonic.com +www.kemet.com + +for trimmer refence see : www.electrospec-inc.com/cross_references/trimpotcrossref.asp + +<map name="nav_main"> +<area shape="rect" coords="0,1,140,23" href="../military_specs.asp" title=""> +<area shape="rect" coords="0,24,140,51" href="../about.asp" title=""> +<area shape="rect" coords="1,52,140,77" href="../rfq.asp" title=""> +<area shape="rect" coords="0,78,139,103" href="../products.asp" title=""> +<area shape="rect" coords="1,102,138,128" href="../excess_inventory.asp" title=""> +<area shape="rect" coords="1,129,138,150" href="../edge.asp" title=""> +<area shape="rect" coords="1,151,139,178" href="../industry_links.asp" title=""> +<area shape="rect" coords="0,179,139,201" href="../comments.asp" title=""> +<area shape="rect" coords="1,203,138,231" href="../directory.asp" title=""> +<area shape="default" nohref> +</map> + +<html> + +<title></title> + + <LINK REL="StyleSheet" TYPE="text/css" HREF="style-sheet.css"> + +<body bgcolor="#ffffff" text="#000000" marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"> +<table border=0 cellspacing=0 cellpadding=0 width="100%" cellpaddding=0 height="55%"> +<tr valign="top"> + +</td> +<! <td width="10"> </td> +<td width="90%"> + +TRIM-POT CROSS REFERENCE + +<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=2> + <TR> + <TD COLSPAN=8> + RECTANGULAR MULTI-TURN + </TD> + </TR> + <TR> + <TD ALIGN=CENTER> + + BOURNS + + </TD> + <TD ALIGN=CENTER> + + BI TECH + + </TD> + <TD ALIGN=CENTER> + + DALE-VISHAY + + </TD> + <TD ALIGN=CENTER> + + PHILIPS/MEPCO + + </TD> + <TD ALIGN=CENTER> + + MURATA + + </TD> + <TD ALIGN=CENTER> + + PANASONIC + + </TD> + <TD ALIGN=CENTER> + + SPECTROL + + </TD> + <TD ALIGN=CENTER> + + MILSPEC + + </TD><TD> </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3005P + 3006P + 3006W + 3006Y + 3009P + 3009W + 3009Y + 3057J + 3057L + 3057P + 3057Y + 3059J + 3059L + 3059P + 3059Y + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 89P + 89W + 89X + 89PH + 76P + 89XH + 78SLT + 78L ALT + 56P ALT + 78P ALT + T8S + 78L + 56P + 78P + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + T18/784 + 783 + 781 + - + - + - + 2199 + 1697/1897 + 1680/1880 + 2187 + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 8035EKP/CT20/RJ-20P + - + RJ-20X + - + - + - + 1211L + 8012EKQ ALT + 8012EKR ALT + 1211P + 8012EKJ + 8012EKL + 8012EKQ + 8012EKR + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 2101P + 2101W + 2101Y + - + - + - + - + - + - + - + - + 2102L + 2102S + 2102Y + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + EVMCOG + - + - + - + - + - + - + - + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 43P + 43W + 43Y + - + - + - + - + 40L + 40P + 40Y + 70Y-T602 + 70L + 70P + 70Y + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + - + - + RT/RTR12 + RT/RTR12 + RT/RTR12 + - + RJ/RJR12 + RJ/RJR12 + RJ/RJR12 + </TD> + </TR> + <TR> + <TD COLSPAN=8>  + </TD> + </TR> + <TR> + <TD COLSPAN=8> + SQUARE MULTI-TURN + </TD> + </TR> + <TR> + <TD ALIGN=CENTER> + BOURN + </TD> + <TD ALIGN=CENTER> + BI TECH + </TD> + <TD ALIGN=CENTER> + DALE-VISHAY + </TD> + <TD ALIGN=CENTER> + PHILIPS/MEPCO + </TD> + <TD ALIGN=CENTER> + MURATA + </TD> + <TD ALIGN=CENTER> + PANASONIC + </TD> + <TD ALIGN=CENTER> + SPECTROL + </TD> + <TD ALIGN=CENTER> + MILSPEC + </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3250L + 3250P + 3250W + 3250X + 3252P + 3252W + 3252X + 3260P + 3260W + 3260X + 3262P + 3262W + 3262X + 3266P + 3266W + 3266X + 3290H + 3290P + 3290W + 3292P + 3292W + 3292X + 3296P + 3296W + 3296X + 3296Y + 3296Z + 3299P + 3299W + 3299X + 3299Y + 3299Z + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + 66P ALT + 66W ALT + 66X ALT + 66P ALT + 66W ALT + 66X ALT + - + 64W ALT + - + 64P ALT + 64W ALT + 64X ALT + 64P + 64W + 64X + 66X ALT + 66P ALT + 66W ALT + 66P + 66W + 66X + 67P + 67W + 67X + 67Y + 67Z + 68P + 68W + 68X + 67Y ALT + 67Z ALT + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 5050 + 5091 + 5080 + 5087 + - + - + - + - + - + - + - + T63YB + T63XB + - + - + - + 5887 + 5891 + 5880 + - + - + - + T93Z + T93YA + T93XA + T93YB + T93XB + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + - + - + - + - + 8026EKP + 8026EKW + 8026EKM + 8026EKP + 8026EKB + 8026EKM + 1309X + 1309P + 1309W + 8024EKP + 8024EKW + 8024EKN + RJ-9P/CT9P + RJ-9W + RJ-9X + - + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + - + - + - + - + 3103P + 3103Y + 3103Z + 3103P + 3103Y + 3103Z + - + - + - + - + - + - + 3105P/3106P + 3105W/3106W + 3105X/3106X + 3105Y/3106Y + 3105Z/3105Z + 3102P + 3102W + 3102X + 3102Y + 3102Z + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + EVMCBG + EVMCCG + - + - + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 55-1-X + 55-4-X + 55-3-X + 55-2-X + - + - + - + - + - + - + - + - + - + - + - + - + 50-2-X + 50-4-X + 50-3-X + - + - + - + 64P + 64W + 64X + 64Y + 64Z + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + RT/RTR22 + RT/RTR22 + RT/RTR22 + RT/RTR22 + RJ/RJR22 + RJ/RJR22 + RJ/RJR22 + RT/RTR26 + RT/RTR26 + RT/RTR26 + RJ/RJR26 + RJ/RJR26 + RJ/RJR26 + RJ/RJR26 + RJ/RJR26 + RJ/RJR26 + RT/RTR24 + RT/RTR24 + RT/RTR24 + RJ/RJR24 + RJ/RJR24 + RJ/RJR24 + RJ/RJR24 + RJ/RJR24 + RJ/RJR24 + - + - + - + - + - + - + - + </TD> + </TR> + <TR> + <TD COLSPAN=8>  + </TD> + </TR> + <TR> + <TD COLSPAN=8> + SINGLE TURN + </TD> + </TR> + <TR> + <TD ALIGN=CENTER> + BOURN + </TD> + <TD ALIGN=CENTER> + BI TECH + </TD> + <TD ALIGN=CENTER> + DALE-VISHAY + </TD> + <TD ALIGN=CENTER> + PHILIPS/MEPCO + </TD> + <TD ALIGN=CENTER> + MURATA + </TD> + <TD ALIGN=CENTER> + PANASONIC + </TD> + <TD ALIGN=CENTER> + SPECTROL + </TD> + <TD ALIGN=CENTER> + MILSPEC + </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3323P + 3323S + 3323W + 3329H + 3329P + 3329W + 3339H + 3339P + 3339W + 3352E + 3352H + 3352K + 3352P + 3352T + 3352V + 3352W + 3362H + 3362M + 3362P + 3362R + 3362S + 3362U + 3362W + 3362X + 3386B + 3386C + 3386F + 3386H + 3386K + 3386M + 3386P + 3386S + 3386W + 3386X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 25P + 25S + 25RX + 82P + 82M + 82PA + - + - + - + 91E + 91X + 91T + 91B + 91A + 91V + 91W + 25W + 25V + 25P + - + 25S + 25U + 25RX + 25X + 72XW + 72XL + 72PM + 72RX + - + 72PX + 72P + 72RXW + 72RXL + 72X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + T7YB + T7YA + - + - + - + - + - + - + - + - + - + - + - + - + TXD + TYA + TYP + - + TYD + TX + - + 150SX + 100SX + 102T + 101S + 190T + 150TX + 101 + - + - + 101SX + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + ET6P + ET6S + ET6X + RJ-6W/8014EMW + RJ-6P/8014EMP + RJ-6X/8014EMX + TM7W + TM7P + TM7X + - + 8017SMS + - + 8017SMB + 8017SMA + - + - + CT-6W + CT-6H + CT-6P + CT-6R + - + CT-6V + CT-6X + - + - + 8038EKV + - + 8038EKX + - + - + 8038EKP + 8038EKZ + 8038EKW + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + 3321H + 3321P + 3321N + 1102H + 1102P + 1102T + RVA0911V304A + - + RVA0911H413A + RVG0707V100A + RVA0607V(H)306A + RVA1214H213A + - + - + - + - + - + - + - + - + - + 3104B + 3104C + 3104F + 3104H + - + 3104M + 3104P + 3104S + 3104W + 3104X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + EVMQ0G + EVMQIG + EVMQ3G + EVMS0G + EVMQ0G + EVMG0G + - + - + - + EVMK4GA00B + EVM30GA00B + EVMK0GA00B + EVM38GA00B + EVMB6 + EVLQ0 + - + EVMMSG + EVMMBG + EVMMAG + - + - + EVMMCS + - + - + - + - + - + EVMM1 + - + - + EVMM0 + - + - + EVMM3 + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + 62-3-1 + 62-1-2 + - + - + - + - + - + - + - + - + - + - + - + 67R + - + 67P + - + - + - + - + 67X + 63V + 63S + 63M + - + - + 63H + 63P + - + - + 63X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + RJ/RJR50 + RJ/RJR50 + RJ/RJR50 + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + </TD> + </TR> +</TABLE> +  +<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=3> + <TR> + <TD COLSPAN=7> + SMD TRIM-POT CROSS REFERENCE + + MULTI-TURN + </TD> + </TR> + <TR> + <TD> + BOURNS + </TD> + <TD> + BI TECH + </TD> + <TD> + DALE-VISHAY + </TD> + <TD> + PHILIPS/MEPCO + </TD> + <TD> + PANASONIC + </TD> + <TD> + TOCOS + </TD> + <TD> + AUX/KYOCERA + </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3224G + 3224J + 3224W + 3269P + 3269W + 3269X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 44G + 44J + 44W + 84P + 84W + 84X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + ST63Z + ST63Y + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + ST5P + ST5W + ST5X + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + - + - + - + - + </TD> + </TR> + <TR> + <TD COLSPAN=7>  + </TD> + </TR> + <TR> + <TD COLSPAN=7> + SINGLE TURN + </TD> + </TR> + <TR> + <TD> + BOURNS + </TD> + <TD> + BI TECH + </TD> + <TD> + DALE-VISHAY + </TD> + <TD> + PHILIPS/MEPCO + </TD> + <TD> + PANASONIC + </TD> + <TD> + TOCOS + </TD> + <TD> + AUX/KYOCERA + </TD> + </TR> + <TR> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 3314G + 3314J + 3364A/B + 3364C/D + 3364W/X + 3313G + 3313J + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + 23B + 23A + 21X + 21W + - + 22B + 22A + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + ST5YL/ST53YL + ST5YJ/5T53YJ + ST-23A + ST-22B + ST-22 + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + ST-4B + ST-4A + - + - + - + ST-3B + ST-3A + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + EVM-6YS + EVM-1E + EVM-1G + EVM-1D + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + G4B + G4A + TR04-3S1 + TRG04-2S1 + - + - + - + </TD> + <TD BGCOLOR="#cccccc" ALIGN=CENTER> + - + - + DVR-43A + CVR-42C + CVR-42A/C + - + - + </TD> + </TR> +</TABLE> + +ALT = ALTERNATE + + +  + +</td> +</tr> +</table> +</BODY></HTML> + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +chip + + + + + + + + +>NAME +>VALUE + + + + + +CAPACITOR +grid 2.5 mm, outline 2.4 x 4.4 mm + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 mm, outline 2.5 x 5 mm + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 mm, outline 3 x 5 mm + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 mm, outline 4 x 5 mm + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 mm, outline 5 x 5 mm + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 mm, outline 6 x 5 mm + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 mm + 5 mm, outline 2.4 x 7 mm + + + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 + 5 mm, outline 2.5 x 7.5 mm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 + 5 mm, outline 3.5 x 7.5 mm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 + 5 mm, outline 4.5 x 7.5 mm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 2.5 + 5 mm, outline 5.5 x 7.5 mm + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 5 mm, outline 2.4 x 4.4 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + + + +CAPACITOR +grid 5 mm, outline 2.5 x 7.5 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 5 mm, outline 4.5 x 7.5 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 5 mm, outline 3 x 7.5 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 5 mm, outline 5 x 7.5 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 5 mm, outline 5.5 x 7.5 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 5 mm, outline 7.5 x 7.5 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +Horizontal, grid 5 mm, outline 7.5 x 7.5 mm + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + + + +CAPACITOR +grid 7.5 mm, outline 3.2 x 10.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 7.5 mm, outline 4.2 x 10.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 7.5 mm, outline 5.2 x 10.6 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 10.2 mm, outline 4.3 x 13.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 10.2 mm, outline 5.4 x 13.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 10.2 mm, outline 6.4 x 13.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 10.2 mm + 15.2 mm, outline 6.2 x 18.4 mm + + + + + + + + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 15 mm, outline 5.4 x 18.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 15 mm, outline 6.4 x 18.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 15 mm, outline 7.2 x 18.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 15 mm, outline 8.4 x 18.3 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 15 mm, outline 9.1 x 18.2 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 22.5 mm, outline 6.2 x 26.8 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 22.5 mm, outline 7.4 x 26.8 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 22.5 mm, outline 8.7 x 26.8 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 22.5 mm, outline 10.8 x 26.8 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 22.5 mm, outline 11.3 x 26.8 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 27.5 mm, outline 9.3 x 31.6 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 27.5 mm, outline 11.3 x 31.6 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 27.5 mm, outline 13.4 x 31.6 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 27.5 mm, outline 20.5 x 31.6 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 32.5 mm, outline 13.7 x 37.4 mm + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 32.5 mm, outline 16.2 x 37.4 mm + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 32.5 mm, outline 18.2 x 37.4 mm + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 37.5 mm, outline 19.2 x 41.8 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 37.5 mm, outline 20.3 x 41.8 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 5 mm, outline 3.5 x 7.5 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 37.5 mm, outline 15.5 x 41.8 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 7.5 mm, outline 6.3 x 10.6 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 27.5 mm, outline 15.4 x 31.6 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +CAPACITOR +grid 27.5 mm, outline 17.3 x 31.6 mm + + + + + + + + + + + + + + + + +>NAME +>VALUE + + +Ceramic Chip Capacitor KEMET 0204 Reflow solder +Metric Code Size 1005 + + + + +>NAME +>VALUE + + + + +Ceramic Chip Capacitor KEMET 0603 Reflow solder +Metric Code Size 1608 + + + + +>NAME +>VALUE + + + + +Ceramic Chip Capacitor KEMET 0805 Reflow solder +Metric Code Size 2012 + + + + +>NAME +>VALUE + + + + +Ceramic Chip Capacitor KEMET 1206 Reflow solder +Metric Code Size 3216 + + + + +>NAME +>VALUE + + + + +Ceramic Chip Capacitor KEMET 1210 Reflow solder +Metric Code Size 3225 + + + + +>NAME +>VALUE + + + + +Ceramic Chip Capacitor KEMET 1812 Reflow solder +Metric Code Size 4532 + + + + +>NAME +>VALUE + + + + +Ceramic Chip Capacitor KEMET 1825 Reflow solder +Metric Code Size 4564 + + + + +>NAME +>VALUE + + + + +Ceramic Chip Capacitor KEMET 2220 Reflow solder +Metric Code Size 5650 + + + + +>NAME +>VALUE + + + + +Ceramic Chip Capacitor KEMET 2225 Reflow solder +Metric Code Size 5664 + + + + +>NAME +>VALUE + + + + + + + + +>NAME +>VALUE + + + + + + + + +CAPACITOR, European symbol + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/Makefile.am b/src/Makefile.am index 94c3f6c..40271e5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -52,7 +52,8 @@ SUBDIRS += \ eurosignal \ tv \ radio \ - zeitansage + zeitansage \ + sim if HAVE_SDR if HAVE_FUSE diff --git a/src/libdebug/debug.c b/src/libdebug/debug.c index 5d2db98..89e0c16 100644 --- a/src/libdebug/debug.c +++ b/src/libdebug/debug.c @@ -71,6 +71,10 @@ struct debug_cat { { "device", "\033[0;33m" }, { "datenklo", "\033[1;34m" }, { "zeit", "\033[1;34m" }, + { "sim layer 1", "\033[0;31m" }, + { "sim layer 2", "\033[0;33m" }, + { "sim ICL layer", "\033[0;36m" }, + { "sim layer 7", "\033[0;37m" }, { NULL, NULL } }; diff --git a/src/libdebug/debug.h b/src/libdebug/debug.h index 1f74946..33b188f 100644 --- a/src/libdebug/debug.h +++ b/src/libdebug/debug.h @@ -34,6 +34,10 @@ #define DDEVICE 27 #define DDATENKLO 28 #define DZEIT 29 +#define DSIM1 30 +#define DSIM2 31 +#define DSIMI 32 +#define DSIM7 33 void get_win_size(int *w, int *h); diff --git a/src/sim/Makefile.am b/src/sim/Makefile.am new file mode 100644 index 0000000..7d8d402 --- /dev/null +++ b/src/sim/Makefile.am @@ -0,0 +1,18 @@ +AM_CPPFLAGS = -Wall -Wextra -g $(all_includes) + +bin_PROGRAMS = \ + cnetz_sim + +cnetz_sim_SOURCES = \ + sim.c \ + sniffer.c \ + image.c \ + main.c + +cnetz_sim_LDADD = \ + $(COMMON_LA) \ + $(top_builddir)/src/libdebug/libdebug.a \ + $(top_builddir)/src/liboptions/liboptions.a \ + $(top_builddir)/src/libserial/libserial.a \ + -lm + diff --git a/src/sim/eeprom.h b/src/sim/eeprom.h new file mode 100644 index 0000000..b4c8637 --- /dev/null +++ b/src/sim/eeprom.h @@ -0,0 +1,33 @@ + +enum eeprom_locations { + EEPROM_MAGIC = 0x00, + EEPROM_FUTLN_H = 0x02, + EEPROM_FUTLN_M = 0x0a, + EEPROM_FUTLN_L = 0x12, + EEPROM_SICH_H = 0x1a, + EEPROM_SICH_L = 0x22, + EEPROM_SONDER_H = 0x2a, + EEPROM_SONDER_L = 0x32, + EEPROM_WARTUNG_H = 0x3a, + EEPROM_WARTUNG_L = 0x42, + EEPROM_GEBZ_H = 0x4a, + EEPROM_GEBZ_M = 0x4b, + EEPROM_GEBZ_L = 0x4c, + EEPROM_FLAGS = 0x4d, + EEPROM_PIN_DATA = 0x50, + EEPROM_AUTH_DATA = 0x58, + EEPROM_RUFN = 0x60, +}; + +#define EEPROM_VERSION 1 /* version eeprom layout */ + +#define EEPROM_FLAG_PIN_LEN 0 /* pin length */ +#define EEPROM_FLAG_PIN_TRY 4 /* pin retires left */ +#define EEPROM_FLAG_GEBZ 6 /* metering locked */ +#define EEPROM_FLAG_APP 7 /* application locked */ + +uint8_t eeprom_read(enum eeprom_locations loc); +void eeprom_write(enum eeprom_locations loc, uint8_t value); +uint8_t *eeprom_memory(void); +size_t eeprom_length(); + diff --git a/src/sim/image.c b/src/sim/image.c new file mode 100644 index 0000000..92060c4 --- /dev/null +++ b/src/sim/image.c @@ -0,0 +1,97 @@ +#ifndef ARDUINO + +#include +#include +#include "../libmobile/image.h" + +const char *image[] = { + "@w", + " ()", + " // _______________________________________________", + " // / \\", + " @WC-NETZ SIM@w // | |", + " __________//_ | @WJ o l l y ' s@w |", + " / o o /| | |", + " /__________ / | | @Y _ __ _ @w |", + " //_________// / | @bVCC@Y (_)__(_) @bGND@w |", + " /@B_@g()@B_/ /_@r()@B_@w/ / | @bRES@Y (_)__(_) @w |", + " /@B_@W1@B_/_@W2@B_/_@W3@B_@w/ / | @bCLK@Y (_)__(_) @bI/O@w |", + " /@B_@W4@B_/_@W5@B_/_@W6@B_@w/ / | |", + " /@B_@W7@B_/_@W8@B_/_@W9@B_@w/ / | |", + " /@B_@W*@B_/_@W0@B_/_@W#@B_@w/ / | @y/|_____@w |", + " /___________/ / | @y/ @w @WT e l e K a r t e@w |", + " | _ _ | / | @y\\ _____@w |", + " |____________|/ | @y\\| @w |", + " \\_______________________________________________/", + + "", + NULL +}; + +void print_image(void) +{ + int i, j; + + for (i = 0; image[i]; i++) { + for (j = 0; j < (int)strlen(image[i]); j++) { + if (image[i][j] == '@') { + j++; + switch(image[i][j]) { + case 'k': /* black */ + printf("\033[0;30m"); + break; + case 'r': /* red */ + printf("\033[0;31m"); + break; + case 'g': /* green */ + printf("\033[0;32m"); + break; + case 'y': /* yellow */ + printf("\033[0;33m"); + break; + case 'b': /* blue */ + printf("\033[0;34m"); + break; + case 'm': /* magenta */ + printf("\033[0;35m"); + break; + case 'c': /* cyan */ + printf("\033[0;36m"); + break; + case 'w': /* white */ + printf("\033[0;37m"); + break; + case 'K': /* bright black */ + printf("\033[1;30m"); + break; + case 'R': /* bright red */ + printf("\033[1;31m"); + break; + case 'G': /* bright green */ + printf("\033[1;32m"); + break; + case 'Y': /* bright yellow */ + printf("\033[1;33m"); + break; + case 'B': /* bright blue */ + printf("\033[1;34m"); + break; + case 'M': /* bright magenta */ + printf("\033[1;35m"); + break; + case 'C': /* bright cyan */ + printf("\033[1;36m"); + break; + case 'W': /* bright white */ + printf("\033[1;37m"); + break; + } + } else + printf("%c", image[i][j]); + } + printf("\n"); + } + printf("\033[0;39m"); +} + +#endif /* ARDUINO */ diff --git a/src/sim/main.c b/src/sim/main.c new file mode 100644 index 0000000..fdc352a --- /dev/null +++ b/src/sim/main.c @@ -0,0 +1,489 @@ +/* main function + * + * (C) 2020 by Andreas Eversberg + * All Rights Reserved + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef ARDUINO + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "../libdebug/debug.h" +#include "../liboptions/options.h" +#include "../libserial/serial.h" +#include "../libmobile/image.h" +#include "sim.h" +#include "sniffer.h" +#include "eeprom.h" + +int num_kanal = 1; +sim_sniffer_t sim_sniffer; +sim_sim_t sim_sim; +static int quit = 0; +static const char *serialdev = "/dev/ttyUSB0"; +static int baudrate = 9600; + +static const char *eeprom_name = NULL; +static const char *futln = NULL; +static const char *sicherung = NULL; +static const char *karten = NULL; +static const char *sonder = NULL; +static const char *wartung = NULL; +static const char *pin = NULL; +#define MAX_DIR_COUNT 64 +static int dir_count = 0; +static int dir_location[MAX_DIR_COUNT]; +static const char *dir_number[MAX_DIR_COUNT]; +static const char *dir_name[MAX_DIR_COUNT]; +static const char *auth = NULL; + +#define TIMEOUT 0.2 + +void print_help(const char *arg0) +{ + printf("Usage: %s [options] \n", arg0); + /* - - */ + printf("General options:\n"); + printf(" -h --help\n"); + printf(" This help\n"); + printf(" -v --verbose | ,[,[,...]] | list\n"); + printf(" Use 'list' to get a list of all levels and categories\n"); + printf(" Verbose level: digit of debug level (default = '%d')\n", debuglevel); + printf(" Verbose level+category: level digit followed by one or more categories\n"); + printf(" -> If no category is specified, all categories are selected\n"); + printf(" -s --serial-device \n"); + printf(" Serial device (default = '%s')\n", serialdev); + printf(" -b --baud-rate \n"); + printf(" Serial baud rate (default = %d)\n", baudrate); + printf("\nSIM card simulator options:\n"); + printf(" -E --eeprom \n"); + printf(" Stores and reads EEPROM data to/from file. The file is stored at\n"); + printf(" \"~/osmocom/analog/sim_.eeprom\". If the file dos not exit yet,\n"); + printf(" the default values are used. Values are always overwritten with card\n"); + printf(" data, if defined.\n"); + printf(" -F --futln \n"); + printf(" Give 7 digits subsriber ID (default = '%s')\n", FUTLN_DEFAULT); + printf(" --sicherung \n"); + printf(" Card's security code for simple authentication (default = '%s')\n", SICHERUNG_DEFAULT); + printf(" --kartenkennung \n"); + printf(" Card's ID. Not relevant! (default = '%s')\n", KARTEN_DEFAULT); + printf(" --sonder \n"); + printf(" Special codes are used for service cards (default = '%s')\n", SONDER_DEFAULT); + printf(" --wartung \n"); + printf(" May define features of service cards (default = '%s')\n", WARTUNG_DEFAULT); + printf(" -P --pin | 0000\n"); + printf(" Give 4 .. 8 digits of pin. Use '0000' to disable. (default = '%s')\n", PIN_DEFAULT); + printf(" This will also reset the PIN error counter and unlocks the card.\n"); + printf(" -D --directory [--directory ...]\n"); + printf(" Give storage location '01' .. '%02d'. To erase give \"\" as number\n", directory_size() - 1); + printf(" and name. This option can be given multiple times for more entries.\n"); + printf(" -A --authenticate 0x...\n"); + printf(" Give 64 Bit value for authentication response. (default = all bits 1)\n"); + printf("\nCommands are:\n"); + printf(" sniff - To passively sniff ATR and message\n"); + printf(" sim - To simulate a SIM card\n"); +} + +#define OPT_SICHERUNG 256 +#define OPT_KARTEN 257 +#define OPT_SONDER 258 +#define OPT_WARTUNG 259 + +void add_options(void) +{ + option_add('h', "help", 0); + option_add('v', "debug", 1); + option_add('s', "serial-device", 1); + option_add('b', "baud-rate", 1); + option_add('E', "eeprom", 1); + option_add('F', "futln", 1); + option_add(OPT_SICHERUNG, "sicherung", 1); + option_add(OPT_KARTEN, "kartenkennung", 1); + option_add(OPT_SONDER, "sonder", 1); + option_add(OPT_WARTUNG, "wartung", 1); + option_add('P', "pin", 1); + option_add('D', "directory", 3); + option_add('A', "auth", 1); +}; + +int handle_options(int short_option, int argi, char **argv) +{ + int rc; + + switch (short_option) { + case 'h': + print_help(argv[0]); + return 0; + case 'v': + if (!strcasecmp(argv[argi], "list")) { + debug_list_cat(); + return 0; + } + rc = parse_debug_opt(argv[argi]); + if (rc < 0) { + fprintf(stderr, "Failed to parse debug option, please use -h for help.\n"); + return rc; + } + break; + case 's': + serialdev = strdup(argv[argi]); + break; + case 'b': + baudrate = atoi(argv[argi]); + break; + case 'E': + eeprom_name = strdup(argv[argi]); + break; + case 'F': + futln = strdup(argv[argi]); + break; + case OPT_SICHERUNG: + sicherung = strdup(argv[argi]); + break; + case OPT_KARTEN: + karten = strdup(argv[argi]); + break; + case OPT_SONDER: + sonder = strdup(argv[argi]); + break; + case OPT_WARTUNG: + wartung = strdup(argv[argi]); + break; + case 'P': + pin = strdup(argv[argi]); + break; + case 'D': + if (dir_count == MAX_DIR_COUNT) + break; + dir_location[dir_count] = atoi(argv[argi + 0]); + dir_number[dir_count] = strdup(argv[argi + 1]); + dir_name[dir_count] = strdup(argv[argi + 2]); + dir_count++; + break; + case 'A': + auth = strdup(argv[argi]); + break; + default: + return -EINVAL; + } + + return 1; +} + +/* EERPOM emulation */ + +static uint8_t eeprom[2048]; + +uint8_t eeprom_read(enum eeprom_locations loc) +{ + if (loc >= sizeof(eeprom)) + abort(); + + return eeprom[loc]; +} + +void eeprom_write(enum eeprom_locations loc, uint8_t value) +{ + if (loc >= sizeof(eeprom)) + abort(); + + eeprom[loc] = value; +} + +uint8_t *eeprom_memory(void) +{ + return eeprom; +} + +size_t eeprom_length(void) +{ + return sizeof(eeprom); +} + +/* main loop for interfacing serial with sim / sniffer */ + +int main_loop(serial_t *serial, int sniffer) +{ + int rc, cts, last_cts = 0; + uint8_t byte; + int skip_bytes = 0; + int work = 0; + + struct timeval tv; + double now, timer = 0; + + quit = 0; + + while (!quit) { + gettimeofday(&tv, NULL); + now = (double)tv.tv_usec * 0.000001 + tv.tv_sec; + + /* only check CTS when no work was done + * this is because USB query may take some time + * and we don't want to block transfer + */ + if (!work) { + cts = serial_cts(serial); + /* initally AND when CTS becomes 1 (pulled to low by reset line) */ + if (last_cts != cts) { + if (sniffer == 1) + sniffer_reset(&sim_sniffer); + else + sim_reset(&sim_sim, cts); + timer = 0; + } + last_cts = cts; + } + work = 0; + + if (sniffer == 0) { + rc = sim_tx(&sim_sim); + if (rc >= 0) { + byte = rc; + serial_write(serial, &byte, 1); + work = 1; + skip_bytes++; + } + } + + rc = serial_read(serial, &byte, 1); + if (rc > 0) + work = 1; + /* ignore while reset is low */ + if (cts) + continue; + if (rc == 1) { + timer = now; + /* count length, to remove echo from transmission */ + if (!skip_bytes) { + if (sniffer == 1) + sniffer_rx(&sim_sniffer, byte); + else + sim_rx(&sim_sim, byte); + } else { + /* done eliminating TX data, so we reset timer */ + if (--skip_bytes == 0) + timer = 0; + } + } else { + rc = -1; + if (timer && now - timer > 12.0 * 5.0 / (double)baudrate) { + if (sniffer == 1) + sniffer_timeout(&sim_sniffer); + else + sim_timeout(&sim_sim); + timer = 0; + skip_bytes = 0; + } + } + + if (!work) { + /* sleep some time if nothing was received */ + usleep(100); + } + } + + return quit; +} + +void sighandler(int sigset) +{ + if (sigset == SIGHUP) + return; + if (sigset == SIGPIPE) + return; + + printf("Signal received: %d\n", sigset); + + quit = -1; +} + +int main(int argc, char *argv[]) +{ + const char *home; + char eeprom_file[128]; + FILE *fp; + serial_t *serial = NULL; + uint8_t ebdt_data[9]; + int rc, argi; + int sniffer = 0; + int i; + + debuglevel = DEBUG_INFO; + + add_options(); + rc = options_config_file("~/.osmocom/analog/simsim.conf", handle_options); + if (rc < 0) + return 0; + + rc = sim_init_eeprom(); + if (rc < 0) + return rc; + + /* parse command line */ + argi = options_command_line(argc, argv, handle_options); + if (argi <= 0) + return argi; + + /* read from eeprom file, if defined and exists */ + if (eeprom_name) { + /* open config file */ + home = getenv("HOME"); + if (home == NULL) + return 1; + sprintf(eeprom_file, "%s/.osmocom/analog/sim_%s.eeprom", home, eeprom_name); + + fp = fopen(eeprom_file, "r"); + if (fp) { + rc = fread(eeprom_memory(), eeprom_length(), 1, fp); + fclose(fp); + } else + PDEBUG(DOPTIONS, DEBUG_INFO, "EEPROM file '%s' does not exist yet.\n", eeprom_file); + + } + + /* check version */ + if (eeprom_read(EEPROM_MAGIC + 0) != 'C' || eeprom_read(EEPROM_MAGIC + 1) != '0' + EEPROM_VERSION) { + PDEBUG(DOPTIONS, DEBUG_ERROR, "EEPROM file '%s' is not compatible with this version of program, please remove it!\n", eeprom_file); + return 1; + } + + /* apply config to eeprom, if defined */ + ebdt_data[0] = eeprom_read(EEPROM_FUTLN_H); + ebdt_data[1] = eeprom_read(EEPROM_FUTLN_M); + ebdt_data[2] = eeprom_read(EEPROM_FUTLN_L); + ebdt_data[3] = eeprom_read(EEPROM_SICH_H); + ebdt_data[4] = eeprom_read(EEPROM_SICH_L); + ebdt_data[5] = eeprom_read(EEPROM_SONDER_H); + ebdt_data[6] = eeprom_read(EEPROM_SONDER_L); + ebdt_data[7] = eeprom_read(EEPROM_WARTUNG_H); + ebdt_data[8] = eeprom_read(EEPROM_WARTUNG_L); + rc = encode_ebdt(ebdt_data, futln, sicherung, karten, sonder, wartung); + if (rc < 0) + return 0; + eeprom_write(EEPROM_FUTLN_H, ebdt_data[0]); + eeprom_write(EEPROM_FUTLN_M, ebdt_data[1]); + eeprom_write(EEPROM_FUTLN_L, ebdt_data[2]); + eeprom_write(EEPROM_SICH_H, ebdt_data[3]); + eeprom_write(EEPROM_SICH_L, ebdt_data[4]); + eeprom_write(EEPROM_SONDER_H, ebdt_data[5]); + eeprom_write(EEPROM_SONDER_L, ebdt_data[6]); + eeprom_write(EEPROM_WARTUNG_H, ebdt_data[7]); + eeprom_write(EEPROM_WARTUNG_L, ebdt_data[8]); + if (pin) { + if (strlen(pin) < 4 || strlen(pin) > 8) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given PIN '%s' has invalid length. (Must be 4 .. 8)\n", pin); + return 0; + } + eeprom_write(EEPROM_FLAGS, (strlen(pin) << EEPROM_FLAG_PIN_LEN) | (MAX_PIN_TRY << EEPROM_FLAG_PIN_TRY)); + for (i = 0; i < (int)strlen(pin); i++) + eeprom_write(EEPROM_PIN_DATA + i, pin[i]); + } + for (i = 0; i < dir_count; i++) { + uint8_t data[24]; + rc = encode_directory(data, dir_number[i], dir_name[i]); + if (rc < 0) + return 0; + rc = save_directory(dir_location[i], data); + if (rc < 0) + return 0; + } + if (auth) { + uint64_t value = strtoull(auth, NULL, 0); + for (i = 0; i < 8; i++) + eeprom_write(EEPROM_AUTH_DATA, value >> (8 * (7 - i))); + } + + if (argi >= argc) { + fprintf(stderr, "Expecting command, use '-h' for help!\n"); + return 0; + } else if (!strcmp(argv[argi], "sniff")) { + sniffer = 1; + } else if (!strcmp(argv[argi], "sim")) { + sniffer = 0; + } else { + fprintf(stderr, "Unknown command '%s', use '-h' for help!\n", argv[argi]); + return -EINVAL; + } + + /* open serial device */ + serial = serial_open(serialdev, baudrate, 8, 'e', 2, 'd', 'd', 0, 1.0, 0.0); + if (!serial) { + printf("Serial failed: %s\n", serial_errnostr); + goto error; + } + + if (sniffer == 1) + printf("SIM analyzer ready, please start the phone!\n"); + else { + char temp[5][16]; + print_image(); + decode_ebdt(ebdt_data, temp[0], temp[1], temp[2], temp[3], temp[4]); + printf("FUTLN=%s, Sicherungscode=%s, Kartekennung=%s, Sonderheitenschluessel=%s, Wartungsschluessel=%s\n", temp[0], temp[1], temp[2], temp[3], temp[4]); + printf("Telephone directory has %d entries.\n", directory_size() - 1); + for (i = 0; i < directory_size() - 1; i++) { + uint8_t data[24]; + char number[32], name[32]; + load_directory(i + 1, data); + decode_directory(data, number, name); + if (number[0]) + printf(" -> %02d %16s %s\n", i + 1, number, name); + } + printf("SIM emulator ready, please start the phone!\n"); + } + + /* catch signals */ + signal(SIGINT, sighandler); + signal(SIGHUP, sighandler); + signal(SIGTERM, sighandler); + signal(SIGPIPE, sighandler); + + /* run main loop until terminated by user */ + main_loop(serial, sniffer); + + /* reset signals */ + signal(SIGINT, SIG_DFL); + signal(SIGHUP, SIG_DFL); + signal(SIGTERM, SIG_DFL); + signal(SIGPIPE, SIG_DFL); + + /* write to eeprom file, if defined */ + if (eeprom_name) { + fp = fopen(eeprom_file, "w"); + if (fp) { + fwrite(eeprom_memory(), eeprom_length(), 1, fp); + fclose(fp); + PDEBUG(DOPTIONS, DEBUG_INFO, "EEPROM file '%s' written.\n", eeprom_file); + } else + PDEBUG(DOPTIONS, DEBUG_INFO, "EEPROM file '%s' cannot be written. (errno = %d)\n", eeprom_file, errno); + } + +error: + if (serial) + serial_close(serial); + + return 0; +} + +#endif /* ARDUINO */ diff --git a/src/sim/sim.c b/src/sim/sim.c new file mode 100644 index 0000000..fba9417 --- /dev/null +++ b/src/sim/sim.c @@ -0,0 +1,1438 @@ +/* SIM card emulator + * + * (C) 2020 by Andreas Eversberg + * All Rights Reserved + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include +#ifndef ARDUINO +#include "../libdebug/debug.h" +#endif +#include "sim.h" +#include "eeprom.h" + +#ifdef ARDUINO +#define PDEBUG(cat, level, fmt, arg...) while(0) +#define EINVAL 22 +static uint32_t my_strtoul(const char *nptr, char **endptr, int base) +{ + uint32_t number = 0; + + while (*nptr >= '0' && *nptr <= '9') + number = number * 10 + (*nptr++ - '0'); + + return number; +} +#else +#define my_strtoul strtoul +#endif + +static void my_ultostr(char *nptr, uint32_t value, int zeros) +{ + int digits = 0; + uint32_t temp; + + /* count digits */ + temp = value; + while (temp) { + temp /= 10; + digits++; + } + + /* minium digits to fill up with '0' */ + if (digits < zeros) + digits = zeros; + + /* go to end and terminate */ + nptr += digits; + *nptr-- = '\0'; + + /* apply digits backwards */ + while (digits--) { + *nptr-- = (value % 10) + '0'; + value /= 10; + } +} + +static void tx_sdu(sim_sim_t *sim, uint8_t ccrc, uint8_t *data, int length); +static void tx_pdu(sim_sim_t *sim, uint8_t *data, int length); +static void tx_block(sim_sim_t *sim, enum l2_cmd cmd, uint8_t *data, int length); + +/* read flags from eeprom */ +static void read_flags(sim_sim_t *sim) +{ + uint8_t flags; + + flags = eeprom_read(EEPROM_FLAGS); + sim->pin_len = (flags >> EEPROM_FLAG_PIN_LEN) & 0xf; + sim->pin_try = (flags >> EEPROM_FLAG_PIN_TRY) & 0x3; + if ((flags >> EEPROM_FLAG_GEBZ) & 0x1) + sim->gebz_locked = 1; + if ((flags >> EEPROM_FLAG_APP) & 0x1) + sim->app_locked = 1; +} + +/* write flags to eeprom */ +static void write_flags(sim_sim_t *sim) +{ + uint8_t flags = 0; + + flags |= sim->pin_len << EEPROM_FLAG_PIN_LEN; + flags |= sim->pin_try << EEPROM_FLAG_PIN_TRY; + if (sim->gebz_locked) + flags |= (1 << EEPROM_FLAG_GEBZ); + if (sim->app_locked) + flags |= (1 << EEPROM_FLAG_APP); + eeprom_write(EEPROM_FLAGS, flags); +} + +/* encode EBDT from strings */ +int encode_ebdt(uint8_t *data, const char *futln, const char *sicherung, const char *karten, const char *sonder, const char *wartung) +{ + uint32_t temp; + int i; + + if (futln) { + temp = strlen(futln); + if (temp < 7 || temp > 8) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given FUTLN '%s' invalid length. (Must be 7 or 8 Digits)\n", futln); + return -EINVAL; + } + if (futln[0] < '0' || futln[0] > '7') { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given FUTLN '%s' has invalid first digit. (Must be '0' .. '7')\n", futln); + return -EINVAL; + } + data[0] = (futln[0] - '0') << 5; + futln++; + if (temp == 8) { + /* 8 digits */ + temp = (futln[0] - '0') * 10 + (futln[1] - '0'); + if (futln[0] < '0' || futln[0] > '9' || futln[1] < '0' || futln[1] > '9' || temp > 31) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given FUTLN '%s' has invalid second and third digit. (Must be '00' .. '31')\n", futln); + return -EINVAL; + } + data[0] |= temp; + futln += 2; + } else { + /* 7 digits */ + if (futln[0] < '0' || futln[0] > '9') { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given FUTLN '%s' has invalid second digit. (Must be '0' .. '9')\n", futln); + return -EINVAL; + } + data[0] |= (futln[0] - '0'); + futln++; + } + for (i = 0; i < 5; i++) { + if (futln[i] < '0' || futln[i] > '9') + break; + } + temp = my_strtoul(futln, NULL, 0); + if (i < 5 || temp > 65535) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given FUTLN '%s' has invalid last digits. (Must be '00000' .. '65535')\n", futln); + return -EINVAL; + } + data[1] = temp >> 8; + data[2] = temp; + } + + if (sicherung) { + temp = my_strtoul(sicherung, NULL, 0); + if (temp > 65535) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given security code '%s' has invalid digits. (Must be '0' .. '65535')\n", sicherung); + return -EINVAL; + } + data[3] = temp >> 8; + data[4] = temp; + } + + if (karten) { + temp = my_strtoul(karten, NULL, 0); + if (temp > 7) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given card number '%s' has invalid digit. (Must be '0' .. '7')\n", karten); + return -EINVAL; + } + data[5] = (data[5] & 0x1f) | ((karten[0] - '0') << 5); + } + + if (sonder) { + temp = my_strtoul(sonder, NULL, 0); + if (temp > 8191) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given spacial code '%s' has invalid digits. (Must be '0' .. '8191')\n", sonder); + return -EINVAL; + } + data[5] = (data[5] & 0xe0) | (temp >> 8); + data[6] = temp; + } + + if (wartung) { + temp = my_strtoul(wartung, NULL, 0); + if (temp > 65535) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given maintenance code '%s' has invalid digits. (Must be '0' .. '65535')\n", wartung); + return -EINVAL; + } + data[7] = temp >> 8; + data[8] = temp; + } + + return 0; +} + +/* convert EBDT to string */ +void decode_ebdt(uint8_t *data, char *futln, char *sicherung, char *karten, char *sonder, char *wartung) +{ + if (futln) { + /* second value becomes two digits automatically, if > 9 */ + my_ultostr(futln++, data[0] >> 5, 1); + my_ultostr(futln++, data[0] & 0x1f, 1); + if (*futln) + futln++; + my_ultostr(futln, (data[1] << 8) | data[2], 5); + } + + if (sicherung) + my_ultostr(sicherung, (data[3] << 8) | data[4], 1); + + if (karten) + my_ultostr(karten, data[5] >> 5, 1); + + if (sonder) + my_ultostr(sonder, ((data[5] & 0x1f) << 8) | data[6], 1); + + if (wartung) + my_ultostr(wartung, (data[7] << 8) | data[8], 1); +} + +/* get size of phone directory (including allocation map) */ +int directory_size(void) +{ + /* get size from space in eeprom */ + int size = (eeprom_length() - EEPROM_RUFN) / 24; + + /* may have 184 entries (23*8) plus allocation map (entry 0) */ + if (size > 184 + 1) + size = 184 + 1; + + return size; +} + +/* store one phone number in the directory; also set allocation mask) */ +int save_directory(int location, uint8_t *data) +{ + int size, i, pos; + uint8_t mask; + + size = directory_size(); + if (location < 1 || location >= size) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given location for phone number '%d' is out of range. (Must be '01' .. '%02d')\n", location, size - 1); + return -EINVAL; + } + + /* store entry */ + for (i = 0; i < 24; i++) + eeprom_write(EEPROM_RUFN + 24 * location + i, data[i]); + /* set bit mask */ + pos = EEPROM_RUFN + 1 + ((location - 1) >> 3); + mask = eeprom_read(pos); + if ((data[7] & 0xf) == 0xf) + mask |= (0x80 >> ((location - 1) & 7)); + else + mask &= ~(0x80 >> ((location - 1) & 7)); + eeprom_write(pos, mask); + + return 0; +} + +/* load one phone number from the directory; location 0 is the allocation mask) */ +void load_directory(int location, uint8_t *data) +{ + int i; + + for (i = 0; i < 24; i++) + data[i] = eeprom_read(EEPROM_RUFN + 24 * location + i); + /* set directory size, on allocation map */ + if (location == 0) + data[0] = directory_size() - 1; +} + +/* encode number an name into directory data */ +int encode_directory(uint8_t *data, const char *number, const char *name) +{ + int len, pos, i; + + len = strlen(number); + if (len > 16) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given phone number '%s' has too many digits. (Must be <= 16)\n", number); + return -EINVAL; + } + + memset(data, 0xff, 8); + memset(data + 8, ' ', 16); + for (i = 0; i < len; i++) { + if (number[i] < '0' || number[i] > '9') { + PDEBUG(DSIM7, DEBUG_NOTICE, "Given phone number '%s' has illegal digits. (Must be '0' .. '9')\n", number); + return -EINVAL; + } + pos = 16 - len + i; + if ((pos & 1) == 0) + data[pos >> 1] += ((number[i] - '0') << 4) - 0xf0; + else + data[pos >> 1] += number[i] - '0' - 0xf; + } + len = strlen(name); + if (len > 16) + len = 16; + for (i = 0; i < len; i++) { + pos = 8 + i; + data[pos] = name[i]; + } + + return 0; +} + +void decode_directory(uint8_t *data, char *number, char *name) +{ + int i, j; + char digit; + + if (number) { + j = 0; + for (i = 0; i < 16; i++) { + if ((i & 1) == 0) + digit = (data[i >> 1] >> 4) + '0'; + else + digit = (data[i >> 1] & 0xf) + '0'; + if (digit <= '9') + number[j++] = digit; + } + number[j] = '\0'; + } + + if (name) { + memcpy(name, data + 8, 16); + name[16] = '\0'; + /* remove spaces in the end of the string */ + for (i = 16 - 1; i >= 0; i--) { + if (name[i] != ' ') + break; + name[i] = '\0'; + } + } +} + +/* get APRC of NETZ-C application */ +static uint8_t get_aprc(sim_sim_t *sim) +{ + uint8_t aprc = 0x00; + + if (sim->pin_required) + aprc |= APRC_PIN_REQ; + if (sim->app_locked) + aprc |= APRC_APP_LOCKED; + if (sim->gebz_locked) + aprc |= APRC_GEBZ_LOCK; + if (sim->gebz_full) + aprc |= APRC_GEBZ_FULL; + + return aprc; +} + +/* validate PIN and change states */ +static int validate_pin(sim_sim_t *sim, uint8_t *data, int length) +{ + uint8_t valid = 0, program_mode = 0; + int i; + + if (!sim->pin_required) + return 0; + + /* no PIN mode */ + if (length == 4 && data[0] == '0' && data[1] == '0' && data[2] == '0' && data[3] >= '0' && data[3] <= '0' + MAX_CARDS) { + valid = 1; + if (data[3] > '0') + sim->card = data[3] - '1'; + PDEBUG(DSIM1, DEBUG_INFO, "System PIN '000%c' entered. Selecting card #%d.\n", data[3], sim->card + 1); + } + + /* programming mode */ + if (length == 4 && data[0] == '9' && data[1] == '9' && data[2] == '9' && data[3] >= '0' && data[3] <= '0' + MAX_CARDS) { + program_mode = 1; + valid = 1; + if (data[3] > '0') + sim->card = data[3] - '1'; + PDEBUG(DSIM1, DEBUG_INFO, "Configuration PIN '999%c' entered. Selecting card #%d in configuration mode.\n", data[3], sim->card + 1); + } + + /* if not 'program mode' and PIN matches EEPROM */ + if (!valid && length == sim->pin_len) { + for (i = 0; i < length; i++) { + if (data[i] != eeprom_read(EEPROM_PIN_DATA + i)) + break; + } + if (i == length) { + valid = 1; + PDEBUG(DSIM1, DEBUG_INFO, "Correct PIN was entered. Selecting card #%d.\n", sim->card + 1); + } + } + + if (valid) { + /* prevent permanent write when not needed */ + if (sim->pin_try != MAX_PIN_TRY) { + sim->pin_try = MAX_PIN_TRY; + write_flags(sim); + } + sim->pin_required = 0; + if (program_mode) + sim->program_mode = 1; + return 0; + } else { + PDEBUG(DSIM1, DEBUG_INFO, "Wrong PIN was entered.\n"); +#ifndef ARDUINO + /* decrement error counter */ + if (sim->pin_try) { + sim->pin_try--; + write_flags(sim); + } +#endif + return -EINVAL; + } +} + +/* message buffer handling */ + +/* get space for return message */ +uint8_t *alloc_msg(sim_sim_t *sim, int size) +{ + /* we add 4, because we push 4 bytes (ICL and L2 header later) */ + if (size + 4 > (int)sizeof(sim->block_tx_data)) + PDEBUG(DSIM1, DEBUG_NOTICE, "TX buffer overflow: size+4=%d > buffer size (%d)\n", size + 4, (int)sizeof(sim->block_tx_data)); + return sim->block_tx_data; +} + +/* push space in front of a message */ +uint8_t *push_msg(uint8_t *data, int length, int offset) +{ + int i; + + for (i = length - 1; i >= 0; --i) + data[i + offset] = data[i]; + + return data; +} + +/* Layer 7 */ + +static void return_error(sim_sim_t *sim) +{ + uint8_t *data; + + data = alloc_msg(sim, 0); + tx_sdu(sim, CCRC_ERROR, data, 0); +} + +static void return_pin_not_ok(sim_sim_t *sim) +{ + uint8_t *data; + + data = alloc_msg(sim, 0); + tx_sdu(sim, CCRC_PIN_NOK, data, 0); +} + +/* command: open application */ +static void sl_appl(sim_sim_t *sim, uint8_t *data, int length) +{ + uint8_t app; + + if (length < 11) { + PDEBUG(DSIM7, DEBUG_NOTICE, "SL-APPL too short\n"); + return_error(sim); + return; + } + + /* application number */ + app = (data[6] - '0') * 100; + app += (data[7] - '0') * 10; + app += data[8] - '0'; + + PDEBUG(DSIM7, DEBUG_INFO, " SL-APPL app %d\n", app); + + /* if PIN is required */ + if (sim->pin_required) { + return_pin_not_ok(sim); + return; + } + + /* check application */ + if (app != APP_NETZ_C && app != APP_RUFN_GEBZ) { + PDEBUG(DSIM7, DEBUG_NOTICE, "SL-APPL invalid app %d\n", sim->app); + return_error(sim); + return; + } + + /* respond */ + sim->app = app; + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: close application */ +static void cl_appl(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " CL-APPL\n"); + + /* remove app */ + sim->app = 0; + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: show application */ +static void sh_appl(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " SH-APPL\n"); + + /* respond */ + data = alloc_msg(sim, 33); + switch (sim->sh_appl_count) { + case 0: // first application is shown + /* L */ + data[0] = 11; + /* APP-IDN */ + data[1] = '8'; data[2] = '9'; + data[3] = '4'; data[4] = '9'; + data[5] = '0'; data[6] = '1'; + data[7] = '0'; data[8] = '0'; data[9] = '3'; + data[10] = '0'; data[11] = '1'; + /* APP-TXT */ + memcpy(data + 12, "Netz C ", 20); + /* APP-STS */ + data[32] = get_aprc(sim); + tx_sdu(sim, 0, data, 33); + sim->sh_appl_count++; + break; + default: // no more application + tx_sdu(sim, 0, data, 0); + sim->sh_appl_count = 0; + } +} + +/* command: show state of chip card */ +static void chk_kon(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " CHK-KON\n"); + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: read subscriber data */ +static void rd_ebdt(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " RD-EBDT\n"); + + /* respond */ + data = alloc_msg(sim, 9); + if (sim->program_mode) { + /* SERVICE MODE */ + data[0] = 0; + data[1] = 0; + data[2] = sim->card + 1; + data[3] = 12345 >> 8; + data[4] = 12345 & 0xff; + data[5] = 3 << 5; + data[6] = 0; + data[7] = 0x0ff; + data[8] = 0x0ff; + } else { + data[0] = eeprom_read(EEPROM_FUTLN_H + sim->card); + data[1] = eeprom_read(EEPROM_FUTLN_M + sim->card); + data[2] = eeprom_read(EEPROM_FUTLN_L + sim->card); + data[3] = eeprom_read(EEPROM_SICH_H + sim->card); + data[4] = eeprom_read(EEPROM_SICH_L + sim->card); + data[5] = eeprom_read(EEPROM_SONDER_H + sim->card); + data[6] = eeprom_read(EEPROM_SONDER_L + sim->card); + data[7] = eeprom_read(EEPROM_WARTUNG_H + sim->card); + data[8] = eeprom_read(EEPROM_WARTUNG_L + sim->card); + } + tx_sdu(sim, 0, data, 9); +} + +/* command: read phone directory */ +static void rd_rufn(sim_sim_t *sim, uint8_t *data, int length) +{ + uint8_t rufn = data[0]; + int size; + + if (length < 1) { + PDEBUG(DSIM7, DEBUG_NOTICE, "RD_RUFN too short\n"); + return_error(sim); + return; + } + + PDEBUG(DSIM7, DEBUG_INFO, " RD-RUFN (loc=%d)\n", rufn); + + /* SERVICE MODE */ + if (sim->program_mode) { + char number[16]; + + /* respond */ + data = alloc_msg(sim, 24); + switch (rufn) { + case 0: /* send bitmap for service mode */ + memset(data, 0xff, 24); + data[0] = 5; /* 5 entries */ + data[1] = 0x07; /* upper 5 bits = 0 */ + break; + case 1: /* FUTLN */ + data[0] = eeprom_read(EEPROM_FUTLN_H + sim->card); + data[1] = eeprom_read(EEPROM_FUTLN_M + sim->card); + data[2] = eeprom_read(EEPROM_FUTLN_L + sim->card); + decode_ebdt(data, number, NULL, NULL, NULL, NULL); + encode_directory(data, number, "FUTLN"); + PDEBUG(DSIM7, DEBUG_INFO, "service mode: FUTLN = %s\n", number); + break; + case 2: /* security code */ + data[3] = eeprom_read(EEPROM_SICH_H + sim->card); + data[4] = eeprom_read(EEPROM_SICH_L + sim->card); + decode_ebdt(data, NULL, number, NULL, NULL, NULL); + encode_directory(data, number, "Sicherungscode"); + PDEBUG(DSIM7, DEBUG_INFO, "service mode: security = %s\n", number); + break; + case 3: /* card ID */ + data[5] = eeprom_read(EEPROM_SONDER_H + sim->card); + decode_ebdt(data, NULL, NULL, number, NULL, NULL); + encode_directory(data, number, "Kartenkennung"); + PDEBUG(DSIM7, DEBUG_INFO, "service mode: card = %s\n", number); + break; + case 4: /* special key */ + data[5] = eeprom_read(EEPROM_SONDER_H + sim->card); + data[6] = eeprom_read(EEPROM_SONDER_L + sim->card); + decode_ebdt(data, NULL, NULL, NULL, number, NULL); + encode_directory(data, number, "Sonderheitsschl."); + PDEBUG(DSIM7, DEBUG_INFO, "service mode: special = %s\n", number); + break; + case 5: /* maintenance key */ + data[7] = eeprom_read(EEPROM_WARTUNG_H + sim->card); + data[8] = eeprom_read(EEPROM_WARTUNG_L + sim->card); + decode_ebdt(data, NULL, NULL, NULL, NULL, number); + encode_directory(data, number, "Wartungsschl."); + PDEBUG(DSIM7, DEBUG_INFO, "service mode: maintenance = %s\n", number); + break; + } + tx_sdu(sim, 0, data, 24); + return; + } + + size = directory_size(); + /* first entry (0) is used as allocation map */ + PDEBUG(DSIM7, DEBUG_INFO, " %d numbers can be stored in EEPROM\n", size - 1); + if (rufn >= size) { + PDEBUG(DSIM7, DEBUG_NOTICE, "RD_RUFN entry #%d out of range\n", rufn); + return_error(sim); + return; + } + + /* respond */ + data = alloc_msg(sim, 24); + load_directory(rufn, data); + tx_sdu(sim, 0, data, 24); +} + +/* command: write phone directory */ +static void wt_rufn(sim_sim_t *sim, uint8_t *data, int length) +{ + uint8_t rufn = data[0]; + + if (length < 25) { + PDEBUG(DSIM7, DEBUG_NOTICE, "WT_RUFN too short\n"); + return_error(sim); + return; + } + + PDEBUG(DSIM7, DEBUG_INFO, " WT-RUFN (loc=%d)\n", rufn); + + /* SERVICE MODE */ + if (sim->program_mode) { + int rc; + char number[17]; + + decode_directory(data + 1, number, NULL); + /* if number is cleared, we ignore that */ + if (number[0] == '\0') + goto respond; + switch (rufn) { + case 1: /* FUTLN */ + PDEBUG(DSIM7, DEBUG_INFO, "service mode: FUTLN = %s\n", number); + rc = encode_ebdt(data, number, NULL, NULL, NULL, NULL); + if (rc < 0) + break; + eeprom_write(EEPROM_FUTLN_H + sim->card, data[0]); + eeprom_write(EEPROM_FUTLN_M + sim->card, data[1]); + eeprom_write(EEPROM_FUTLN_L + sim->card, data[2]); + break; + case 2: /* security code */ + PDEBUG(DSIM7, DEBUG_INFO, "service mode: security = %s\n", number); + rc = encode_ebdt(data, NULL, number, NULL, NULL, NULL); + if (rc < 0) + break; + eeprom_write(EEPROM_SICH_H + sim->card, data[3]); + eeprom_write(EEPROM_SICH_L + sim->card, data[4]); + break; + case 3: /* card ID */ + PDEBUG(DSIM7, DEBUG_INFO, "service mode: card = %s\n", number); + data[5] = eeprom_read(EEPROM_SONDER_H + sim->card); + rc = encode_ebdt(data, NULL, NULL, number, NULL, NULL); + if (rc < 0) + break; + eeprom_write(EEPROM_SONDER_H + sim->card, data[5]); + break; + case 4: /* special key */ + PDEBUG(DSIM7, DEBUG_INFO, "service mode: special = %s\n", number); + data[5] = eeprom_read(EEPROM_SONDER_H + sim->card); + rc = encode_ebdt(data, NULL, NULL, NULL, number, NULL); + if (rc < 0) + break; + eeprom_write(EEPROM_SONDER_H + sim->card, data[5]); + eeprom_write(EEPROM_SONDER_L + sim->card, data[6]); + break; + case 5: /* maintenance key */ + PDEBUG(DSIM7, DEBUG_INFO, "service mode: maintenance = %s\n", number); + rc = encode_ebdt(data, NULL, NULL, NULL, NULL, number); + if (rc < 0) + break; + eeprom_write(EEPROM_WARTUNG_H + sim->card, data[7]); + eeprom_write(EEPROM_WARTUNG_L + sim->card, data[8]); + break; + } + /* respond */ + goto respond; + } + + if (rufn >= directory_size() || rufn < 1) { + PDEBUG(DSIM7, DEBUG_NOTICE, "WT_RUFN entry #%d out of range\n", rufn); + return_error(sim); + return; + } + + save_directory(data[0], data + 1); + + /* respond */ +respond: + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: check PIN (enter PIN and unlock) */ +static void chk_pin(sim_sim_t *sim, uint8_t *data, int length) +{ + int rc; + + PDEBUG(DSIM7, DEBUG_INFO, " CHK-PIN\n"); + + if (length < 4 || length > 8) { + PDEBUG(DSIM7, DEBUG_NOTICE, "SET-PIN wrong length: %d\n", length); + return_error(sim); + return; + } + + /* validate PIN */ + rc = validate_pin(sim, data, length); + if (rc) { + return_pin_not_ok(sim); + return; + } + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: set PIN */ +static void set_pin(sim_sim_t *sim, uint8_t *data, int length) +{ + uint8_t len_old, len_new; + uint8_t *pin_old, *pin_new; + int i; + int rc; + + PDEBUG(DSIM7, DEBUG_INFO, " SET-PIN\n"); + + if (length < 1) { + PDEBUG(DSIM7, DEBUG_NOTICE, "SET-PIN too short\n"); + return_error(sim); + return; + } + + len_old = data[0]; + pin_old = data + 1; + len_new = length - len_old - 1; + pin_new = data + 1 + len_old; + if (len_new < 4 || len_new > 8) { + PDEBUG(DSIM7, DEBUG_NOTICE, "New PIN wrong length %d!\n", len_new); + return_error(sim); + return; + } + + /* validate PIN */ + rc = validate_pin(sim, pin_old, length); + if (rc) { + return_pin_not_ok(sim); + return; + } + + /* write PIN */ + sim->pin_len = len_new; + write_flags(sim); + for (i = 0; i < len_new; i++) + eeprom_write(EEPROM_PIN_DATA + i, pin_new[i]); + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: increment metering counter */ +static void eh_gebz(sim_sim_t *sim, uint8_t *data, int length) +{ + uint32_t gebz; + + PDEBUG(DSIM7, DEBUG_INFO, " EH-GEBZ\n"); + + if (length < 1) { + PDEBUG(DSIM7, DEBUG_NOTICE, "EH-GEBZ wrong length: %d\n", length); + return_error(sim); + return; + } + + /* increment counter */ + gebz = eeprom_read(EEPROM_GEBZ_H) << 16; + gebz |= eeprom_read(EEPROM_GEBZ_M) << 8; + gebz |= eeprom_read(EEPROM_GEBZ_L); + gebz += data[0]; + eeprom_write(EEPROM_GEBZ_H, gebz >> 16); + eeprom_write(EEPROM_GEBZ_M, gebz >> 8); + eeprom_write(EEPROM_GEBZ_L, gebz); + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: clear metering counter */ +static void cl_gebz(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " CL-GEBZ\n"); + + /* clear counter */ + eeprom_write(EEPROM_GEBZ_H, 0); + eeprom_write(EEPROM_GEBZ_M, 0); + eeprom_write(EEPROM_GEBZ_L, 0); + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: read metering counter */ +static void rd_gebz(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " RD-GEBZ\n"); + + /* respond */ + data = alloc_msg(sim, 3); + data[0] = eeprom_read(EEPROM_GEBZ_H); + data[1] = eeprom_read(EEPROM_GEBZ_M); + data[2] = eeprom_read(EEPROM_GEBZ_L); + tx_sdu(sim, 0, data, 3); +} + +/* command: lock metering counter and directory */ +static void sp_gzrv(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " SP-GZRV\n"); + + sim->gebz_locked = 1; + write_flags(sim); + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: unlock metering counter and directory */ +static void fr_gzrv(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " FR-GZRV\n"); + + sim->gebz_locked = 0; + write_flags(sim); + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: authenticate */ +static void aut_1(sim_sim_t *sim) +{ + uint8_t *data; + int i; + + PDEBUG(DSIM7, DEBUG_INFO, " RD-EBDT\n"); + + /* respond */ + data = alloc_msg(sim, 1); + for (i = 0; i < 8; i++) + data[i] = eeprom_read(EEPROM_AUTH_DATA + i); + tx_sdu(sim, 0, data, 8); +} + +/* command: UNKNOWN */ +static void rd_f4(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " RD-F4\n"); + + /* respond */ + data = alloc_msg(sim, 2); + data[0] = 0x00; + data[1] = 0x13; + tx_sdu(sim, 0, data, 2); +} + +/* command: UNKNOWN */ +static void rd_f5(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " RD-F5\n"); + + /* respond */ + data = alloc_msg(sim, 0); + tx_sdu(sim, 0, data, 0); +} + +/* command: UNKNOWN */ +static void rd_04(sim_sim_t *sim) +{ + uint8_t *data; + + PDEBUG(DSIM7, DEBUG_INFO, " RD-04\n"); + + /* respond */ + data = alloc_msg(sim, 25); + data[0] = 0x63; + memset(data + 1, 0x00, 24); + tx_sdu(sim, 0, data, 25); +} + +/* parse layer 7 header */ +static void rx_sdu(sim_sim_t *sim, uint8_t *data, int length) +{ + uint8_t cla, ins, dlng; + + if (length < 3) { + PDEBUG(DSIM7, DEBUG_NOTICE, "SDU too short\n"); + return; + } + + /* skip all responses, because we don't send commands */ + if (*data & CCRC_IDENT) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Skipping SDU with response\n"); + return; + } + + /* read application layer header */ + cla = *data++ & 0x7f; + ins = *data++; + dlng = *data++; + length -= 3; + + /* check length */ + if (dlng != length) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Skipping SDU with invalid length\n"); + return; + } + + /* select command */ + switch (cla) { + case CLA_CNTR: + switch (ins) { + case SL_APPL: sl_appl(sim, data, length); return; + case CL_APPL: cl_appl(sim); return; + case SH_APPL: sh_appl(sim); return; + } + break; + case CLA_STAT: + switch (ins) { + case CHK_KON: chk_kon(sim); return; + } + break; + case CLA_WRTE: + switch (ins) { + case WT_RUFN: wt_rufn(sim, data, length); return; + } + break; + case CLA_READ: + switch (ins) { + case RD_EBDT: rd_ebdt(sim); return; + case RD_RUFN: rd_rufn(sim, data, length); return; + case RD_GEBZ: rd_gebz(sim); return; + case 0xf4: rd_f4(sim); return; + case 0xf5: rd_f5(sim); return; + case 0x04: rd_04(sim); return; + } + break; + case CLA_EXEC: + switch (ins) { + case CHK_PIN: chk_pin(sim, data, length); return; + case SET_PIN: set_pin(sim, data, length); return; + } + if (sim->app == APP_NETZ_C) switch (ins) { + case EH_GEBZ: eh_gebz(sim, data, length); return; + case CL_GEBZ: cl_gebz(sim); return; + } + if (sim->app == APP_RUFN_GEBZ) switch (ins) { + case SP_GZRV: sp_gzrv(sim); return; + case FR_GZRV: fr_gzrv(sim); return; + } + break; + case CLA_AUTO: + switch (ins) { + case AUT_1: aut_1(sim); return; + } + break; + } + + /* unsupported message */ + PDEBUG(DSIM7, DEBUG_NOTICE, "CLA 0x%02x INS 0x%02x uknown\n", cla, ins); + data = alloc_msg(sim, 0); + tx_sdu(sim, CCRC_ERROR, data, 0); +} + +/* create layer 7 message for ICL layer */ +static void tx_sdu(sim_sim_t *sim, uint8_t ccrc, uint8_t *data, int length) +{ + /* header */ + data = push_msg(data, length, 3); + data[0] = CCRC_IDENT | ccrc | CCRC_APRC_VALID; + data[1] = 0; + if (sim->pin_try == 0) + data[0] |= CCRC_AFBZ_NULL; + data[1] = get_aprc(sim); + data[2] = length; + length += 3; + + /* forward to ICL layer */ + tx_pdu(sim, data, length); +} + +/* ICL layer */ + +/* parse ICL header */ +static void rx_pdu(sim_sim_t *sim, uint8_t *data, int length) +{ + uint8_t ext = 1; + + if (length < 1) { +too_short: + PDEBUG(DSIMI, DEBUG_NOTICE, "PDU too short\n"); + return; + } + + /* read ICB1 */ + sim->icl_online = (*data & ICB1_ONLINE) != 0; + sim->icl_master = (*data & ICB1_MASTER) != 0; + sim->icl_error = (*data & ICB1_ERROR) != 0; + sim->icl_chaining = (*data & ICB1_CHAINING) != 0; + + /* skip all ICBx (should only one exist) */ + while (ext) { + if (length < 1) + goto too_short; + ext = (*data++ & ICB_EXT) != 0; + length--; + } + + rx_sdu(sim, data, length); +} + +/* create ICL layer message for layer 2 */ +static void tx_pdu(sim_sim_t *sim, uint8_t *data, int length) +{ + /* header */ + data = push_msg(data, length, 1); + data[0] = 0; + if (sim->icl_online) + data[0] |= ICB1_ONLINE; + if (!sim->icl_master) + data[0] |= ICB1_MASTER; + if (sim->icl_error) + data[0] |= ICB1_ERROR | ICB1_CONFIRM; + if (sim->icl_chaining) + data[0] |= ICB1_CHAINING | ICB1_CONFIRM; + length++; + + tx_block(sim, L2_I, data, length); +} + +/* Layer 2 */ + +/* process received L2 message */ +static void rx_block(sim_sim_t *sim) +{ + uint8_t ns, nr; + uint8_t *data; + + /* NOTE: This procedure is simplified, it does not comply with the specs. */ + + PDEBUG(DSIM2, DEBUG_INFO, "RX message\n"); + sim->addr_src = sim->block_address >> 4; + sim->addr_dst = sim->block_address & 0xf; + if (sim->block_checksum != 0) { + PDEBUG(DSIM2, DEBUG_NOTICE, "Checksum error!\n"); + goto reject; + } + if ((sim->block_control & 0x11) == 0x00) { + ns = (sim->block_control >> 1) & 7; + nr = sim->block_control >> 5; + PDEBUG(DSIM2, DEBUG_INFO, " control I: N(S)=%d N(R)=%d\n", ns, nr); + if (ns == sim->vr && nr == sim->vs) { + /* receive data */ + sim->vr = (sim->vr + 1) & 0x7; + rx_pdu(sim, sim->block_rx_data, sim->block_rx_length); + return; + } else { + PDEBUG(DSIM2, DEBUG_NOTICE, "Seqeuence error!\n"); +reject: + /* reject (or send resync after 3 times) */ + data = alloc_msg(sim, 0); + if (1) { // if (sim->reject_count < 3) { + tx_block(sim, L2_REJ, data, 0); + sim->reject_count++; + } else { + tx_block(sim, L2_RES, data, 0); + } + return; + } + return; + } + if ((sim->block_control & 0x1f) == 0x09) { + nr = sim->block_control >> 5; + PDEBUG(DSIM2, DEBUG_INFO, " control REJ: N(R)=%d\n", nr); + /* repeat last message */ + if (sim->block_tx_length) { + tx_block(sim, L2_I, sim->block_tx_data, sim->block_tx_length); + return; + } + /* no block sent yet, sending resync */ + data = alloc_msg(sim, 0); + tx_block(sim, L2_RES, data, 0); + return; + } + if (sim->block_control == 0xef) { + PDEBUG(DSIM2, DEBUG_INFO, " control RES\n"); + sim->vr = sim->vs = 0; + sim->reject_count = 0; + if (sim->resync_sent == 0) { + /* resync */ + data = alloc_msg(sim, 0); + tx_block(sim, L2_RES, data, 0); + return; + } + return; + } +} + +/* receive data from layer 1 and create layer 2 message */ +static int rx_char(sim_sim_t *sim, uint8_t c) +{ + sim->block_checksum ^= c; + + switch (sim->block_state) { + case BLOCK_STATE_ADDRESS: + sim->block_address = c; + sim->block_state = BLOCK_STATE_CONTROL; + sim->block_checksum = c; + return 0; + case BLOCK_STATE_CONTROL: + sim->block_control = c; + sim->block_state = BLOCK_STATE_LENGTH; + return 0; + case BLOCK_STATE_LENGTH: + if (c > sizeof(sim->block_rx_data)) { + c = sizeof(sim->block_rx_data); + PDEBUG(DSIM1, DEBUG_NOTICE, "RX buffer overflow: length=%d > buffer size (%d)\n", c, (int)sizeof(sim->block_rx_data)); + } + sim->block_rx_length = c; + sim->block_count = 0; + sim->block_state = BLOCK_STATE_DATA; + return 0; + case BLOCK_STATE_DATA: + if (sim->block_count < sim->block_rx_length) { + sim->block_rx_data[sim->block_count++] = c; + return 0; + } + sim->l1_state = L1_STATE_IDLE; + rx_block(sim); + } + + return -1; +} + +/* create layer 2 message for layer 1 */ +static void tx_block(sim_sim_t *sim, enum l2_cmd cmd, uint8_t __attribute__((unused)) *data, int length) +{ + PDEBUG(DSIM2, DEBUG_INFO, "TX resonse\n"); + + /* header */ + sim->block_address = (sim->addr_dst << 4) | sim->addr_src; + switch (cmd) { + case L2_I: + PDEBUG(DSIM2, DEBUG_INFO, " control I: N(S)=%d N(R)=%d\n", sim->vs, sim->vr); + sim->block_control = (sim->vr << 5) | (sim->vs << 1); + sim->vs = (sim->vs + 1) & 0x7; + sim->resync_sent = 0; + break; + case L2_REJ: + PDEBUG(DSIM2, DEBUG_INFO, " control REJ: N(R)=%d\n", sim->vr); + sim->block_control = (sim->vr << 5) | 0x09; + sim->resync_sent = 0; + break; + case L2_RES: + PDEBUG(DSIM2, DEBUG_INFO, " control RES\n"); + sim->block_control = 0xef; + sim->resync_sent = 1; + break; + } + sim->block_tx_length = length; + + sim->l1_state = L1_STATE_SEND; + sim->block_state = BLOCK_STATE_ADDRESS; +} + +/* transmit character of current message to layer 1 */ +static uint8_t tx_char(sim_sim_t *sim) +{ + uint8_t c = -1; + + switch (sim->block_state) { + case BLOCK_STATE_ADDRESS: + c = sim->block_address; + sim->block_state = BLOCK_STATE_CONTROL; + sim->block_checksum = 0; + break; + case BLOCK_STATE_CONTROL: + c = sim->block_control; + sim->block_state = BLOCK_STATE_LENGTH; + break; + case BLOCK_STATE_LENGTH: + c = sim->block_tx_length; + sim->block_count = 0; + sim->block_state = BLOCK_STATE_DATA; + break; + case BLOCK_STATE_DATA: + if (sim->block_count < sim->block_tx_length) { + c = sim->block_tx_data[sim->block_count++]; + break; + } + c = sim->block_checksum; + sim->l1_state = L1_STATE_IDLE; + break; + } + + sim->block_checksum ^= c; + + return c; +} + +/* ATR */ + +static uint8_t atr[] = { + 0x3b, 0x88, /* TS, T0 */ + 0x8e, + 0xfe, + 0x53, 0x2a, 0x03, 0x1e, + 0x04, + 0x92, 0x80, 0x00, 0x41, 0x32, 0x36, 0x01, 0x11, + 0xe4, /* TCK */ +}; + +static uint8_t tx_atr(sim_sim_t *sim) +{ + uint8_t c; + + c = atr[sim->atr_count++]; + if (sim->atr_count == sizeof(atr)) + sim->l1_state = L1_STATE_IDLE; + + return c; +} + +/* Layer 1 */ + +int sim_init_eeprom(void) +{ + uint8_t ebdt_data[9]; + int i, rc; + + /* init EEPROM with all bits '1' */ + for (i = 0; i < (int)eeprom_length(); i++) + eeprom_write(i, 0xff); + + /* set default values in eeprom */ + rc = encode_ebdt(ebdt_data, FUTLN_DEFAULT, SICHERUNG_DEFAULT, KARTEN_DEFAULT, SONDER_DEFAULT, WARTUNG_DEFAULT); + if (rc < 0) + return rc; + for (i = 0; i < MAX_CARDS; i++) { + eeprom_write(EEPROM_FUTLN_H + i, ebdt_data[0]); + eeprom_write(EEPROM_FUTLN_M + i, ebdt_data[1]); + eeprom_write(EEPROM_FUTLN_L + i, ebdt_data[2] + i); + eeprom_write(EEPROM_SICH_H + i, ebdt_data[3]); + eeprom_write(EEPROM_SICH_L + i, ebdt_data[4]); + eeprom_write(EEPROM_SONDER_H + i, ebdt_data[5]); + eeprom_write(EEPROM_SONDER_L + i, ebdt_data[6]); + eeprom_write(EEPROM_WARTUNG_H + i, ebdt_data[7]); + eeprom_write(EEPROM_WARTUNG_L + i, ebdt_data[8]); + } + eeprom_write(EEPROM_GEBZ_H, 0); + eeprom_write(EEPROM_GEBZ_M, 0); + eeprom_write(EEPROM_GEBZ_L, 0); + eeprom_write(EEPROM_FLAGS, (strlen(PIN_DEFAULT) << EEPROM_FLAG_PIN_LEN) | (MAX_PIN_TRY << EEPROM_FLAG_PIN_TRY)); + for (i = 0; i < (int)strlen(PIN_DEFAULT); i++) + eeprom_write(EEPROM_PIN_DATA + i, PIN_DEFAULT[i]); + + eeprom_write(EEPROM_MAGIC + 0, 'C'); + eeprom_write(EEPROM_MAGIC + 1, '0' + EEPROM_VERSION); + + return 0; +} + +void sim_reset(sim_sim_t *sim, int reset) +{ + int i; + char pin[8]; + + PDEBUG(DSIM1, DEBUG_INFO, "Reset singnal %s\n", (reset) ? "on (low)" : "off (high)"); + memset(sim, 0, sizeof(*sim)); + + if (reset) + return; + + /* read flags from EEPROM data */ + read_flags(sim); + + /* check PIN and set flags */ + for (i = 0; i < sim->pin_len; i++) + pin[i] = eeprom_read(EEPROM_PIN_DATA + i); + + sim->pin_required = 1; + /* 'system' PIN = 0000, 0001, 0002, ... */ + if (sim->pin_len == 4 && pin[0] == '0' && pin[1] == '0' && pin[2] == '0' && pin[3] >= '0' && pin[3] <= '0' + MAX_CARDS) { + sim->pin_required = 0; + if (pin[3] > '0') + sim->card = pin[3] - '1'; + PDEBUG(DSIM1, DEBUG_INFO, "Card has disabled PIN (system PIN '000%c') Selecting card #%d.\n", pin[3], sim->card + 1); + } + + PDEBUG(DSIM1, DEBUG_INFO, "Sending ATR\n"); + sim->l1_state = L1_STATE_ATR; +} + +int sim_rx(sim_sim_t *sim, uint8_t c) +{ + int rc = -1; + + PDEBUG(DSIM1, DEBUG_DEBUG, "Serial RX '0x%02x'\n", c); + + switch (sim->l1_state) { + case L1_STATE_IDLE: + sim->l1_state = L1_STATE_RECEIVE; + sim->block_state = BLOCK_STATE_ADDRESS; + /* fall through */ + case L1_STATE_RECEIVE: + rc = rx_char(sim, c); + break; + default: + break; + } + + return rc; +} + +int sim_tx(sim_sim_t *sim) +{ + int c = -1; + + switch (sim->l1_state) { + case L1_STATE_ATR: + c = tx_atr(sim); + break; + case L1_STATE_SEND: + c = tx_char(sim); + break; + default: + break; + } + + if (c >= 0) + PDEBUG(DSIM1, DEBUG_DEBUG, "Serial TX '0x%02x'\n", c); + + return c; +} + +void sim_timeout(sim_sim_t *sim) +{ + switch (sim->l1_state) { + case L1_STATE_ATR: + PDEBUG(DSIM1, DEBUG_NOTICE, "Timeout while transmitting ATR!\n"); + sim->l1_state = L1_STATE_RESET; + break; + case L1_STATE_RECEIVE: + PDEBUG(DSIM1, DEBUG_NOTICE, "Timeout while receiving message!\n"); + sim->block_state = BLOCK_STATE_ADDRESS; + break; + case L1_STATE_SEND: + PDEBUG(DSIM1, DEBUG_NOTICE, "Timeout while sending message!\n"); + sim->l1_state = L1_STATE_IDLE; + break; + default: + break; + } +} diff --git a/src/sim/sim.h b/src/sim/sim.h new file mode 100644 index 0000000..855cb0b --- /dev/null +++ b/src/sim/sim.h @@ -0,0 +1,148 @@ + +#define FUTLN_DEFAULT "2222001" +#define SICHERUNG_DEFAULT "3103" +#define KARTEN_DEFAULT "3" +#define SONDER_DEFAULT "0" +#define WARTUNG_DEFAULT "65535" +#define PIN_DEFAULT "0000" +#define AUTH_DEFAULT "0xffffffffffffffff" + +enum l1_state { + L1_STATE_RESET = 0, /* reset is held */ + L1_STATE_ATR, /* answer to reset is sent */ + L1_STATE_IDLE, /* waiting for message or reset */ + L1_STATE_SEND, /* sending reply */ + L1_STATE_RECEIVE, /* receiving message */ +}; + +enum block_state { + BLOCK_STATE_ADDRESS = 0, + BLOCK_STATE_CONTROL, + BLOCK_STATE_LENGTH, + BLOCK_STATE_DATA, +}; + +#define MAX_PIN_TRY 3 +#define MAX_CARDS 8 /* must also be defined at eeprom.h */ + +typedef struct sim_sim { + int card; + enum l1_state l1_state; + + /* ATR states */ + int atr_count; + + /* layer 2 states */ + enum block_state block_state; + uint8_t block_address; + uint8_t block_control; + uint8_t block_checksum; + uint8_t block_count; + uint8_t block_rx_data[64]; + uint8_t block_rx_length; + uint8_t block_tx_data[64]; + uint8_t block_tx_length; + uint8_t vs, vr; + int reject_count; + int resync_sent; + + /* ICL layer states */ + int icl_online; + int icl_master; + int icl_chaining; + int icl_error; + + /* layer 7 states */ + int addr_src; + int addr_dst; + int sh_appl_count; /* counts applications for SH_APPL */ + + /* CNETZ states */ + int pin_required; /* pin required an not yet validated */ + int program_mode; /* program mode active (special PIN entered) */ + int pin_len; /* length of pin (4 .. 8) */ + int pin_try; /* number of tries left (0 == card locked) */ + int app; /* currently selected APP number */ + int app_locked; /* application locked */ + int gebz_locked; /* metering counter and phonebook locked */ + int gebz_full; /* metering counter full (does this really happen?) */ +} sim_sim_t; + +/* layer 2 */ +enum l2_cmd { + L2_I, + L2_REJ, + L2_RES, +}; + +/* ICL */ +#define ICB1_ONLINE 0x01 +#define ICB1_CONFIRM 0x02 +#define ICB1_MASTER 0x04 +#define ICB1_WT_EXT 0x08 +#define ICB1_ABORT 0x10 +#define ICB1_ERROR 0x20 +#define ICB1_CHAINING 0x40 +#define ICB2_BUFFER 0x0f +#define ICB2_DYNAMIC 0x10 +#define ICB2_ISO_L2 0x20 +#define ICB2_PRIVATE 0x40 +#define ICB_EXT 0x80 + +/* command */ +#define CLA_CNTR 0x02 +#define SL_APPL 0xf1 +#define CL_APPL 0xf2 +#define SH_APPL 0xf3 + +#define CLA_STAT 0x03 +#define CHK_KON 0xf1 + +#define CLA_WRTE 0x04 +#define WT_RUFN 0x01 + +#define CLA_READ 0x05 +#define RD_EBDT 0x01 +#define RD_RUFN 0x02 +#define RD_GEBZ 0x03 + +#define CLA_EXEC 0x06 +#define CHK_PIN 0xf1 +#define SET_PIN 0xf2 +#define EH_GEBZ 0x01 +#define CL_GEBZ 0x02 +#define SP_GZRV 0x01 +#define FR_GZRV 0x02 + +#define CLA_AUTO 0x07 +#define AUT_1 0x01 + +/* response */ +#define CCRC_PIN_NOK 0x01 +#define CCRC_AFBZ_NULL 0x02 +#define CCRC_APRC_VALID 0x04 +#define CCRC_ERROR 0x40 +#define CCRC_IDENT 0x80 + +#define APRC_PIN_REQ 0x02 +#define APRC_APP_LOCKED 0x04 +#define APRC_GEBZ_LOCK 0x10 +#define APRC_GEBZ_FULL 0x20 + +/* apps */ +#define APP_NETZ_C 3 +#define APP_RUFN_GEBZ 4 + +int encode_ebdt(uint8_t *data, const char *futln, const char *sicherung, const char *karten, const char *sonder, const char *wartung); +void decode_ebdt(uint8_t *data, char *futln, char *sicherung, char *karten, char *sonder, char *wartung); +int directory_size(void); +int save_directory(int location, uint8_t *data); +void load_directory(int location, uint8_t *data); +int encode_directory(uint8_t *data, const char *number, const char *name); +void decode_directory(uint8_t *data, char *number, char *name); + +int sim_init_eeprom(void); +void sim_reset(sim_sim_t *sim, int reset); +int sim_rx(sim_sim_t *sim, uint8_t c); +int sim_tx(sim_sim_t *sim); +void sim_timeout(sim_sim_t *sim); diff --git a/src/sim/sim.ino b/src/sim/sim.ino new file mode 100644 index 0000000..fb12269 --- /dev/null +++ b/src/sim/sim.ino @@ -0,0 +1,287 @@ +/* SIM card for ATMEL + * + * (C) 2020 by Andreas Eversberg + * All Rights Reserved + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +extern "C" +{ + #include "sim.h" + #include "eeprom.h" +} + +/* settings for ATTINY85 */ +#if defined(__AVR_ATtiny85__) +#define SERIAL_DATA 4 +#define SERIAL_DELAY 124 +#define SERIAL_TIMEOUT 1200 /* > two bytes */ +#else +/* settings for Arduino UNO with 16 MHz */ +#define STATUS_LED LED_BUILTIN +#define RESET_PIN 6 +#define SERIAL_DATA 7 +#define SERIAL_DELAY 410 +#define SERIAL_TIMEOUT 2500 /* > two bytes */ +#endif +/* to set fused for ATTINY85: + * avrdude -c usbasp-clone -p t85 -U lfuse:w:0xc0:m -U hfuse:w:0xdf:m -U efuse:w:0xff:m + */ + +/* timing test TX (010101010011) */ +//#define TEST_TX +/* timing test RX (000000000001) */ +//#define TEST_RX +/* timing test timeout (pause + 000000000001) */ +//#define TEST_TO + +sim_sim_t sim; + +#include +#include + +uint8_t eeprom_read(enum eeprom_locations loc) +{ + return eeprom_read_byte((uint8_t *)loc); +} + +void eeprom_write(enum eeprom_locations loc, uint8_t value) +{ + eeprom_write_byte((uint8_t *)loc, value); +} + +size_t eeprom_length(void) +{ + return 512; +} + +#ifdef RESET_PIN +volatile uint8_t *reset_in; +uint8_t reset_bit; + +/* init reset pin */ +void reset_init(uint8_t pin) +{ + uint8_t port; + volatile uint8_t *mode, *out; + + reset_bit = digitalPinToBitMask(pin); + port = digitalPinToPort(pin); + + mode = portModeRegister(port); + out = portOutputRegister(port); + reset_in = portInputRegister(port); + + *mode &= ~reset_bit; /* intput */ + *out |= reset_bit; /* pullup */ +} +#endif + +volatile uint8_t *serial_mode, *serial_out, *serial_in; +uint8_t serial_bit; +uint16_t serial_delay; + +/* init serial pin */ +void serial_init(uint8_t pin, uint16_t delay) +{ + uint8_t port; + + serial_delay = delay; + serial_bit = digitalPinToBitMask(pin); + port = digitalPinToPort(pin); + + serial_mode = portModeRegister(port); + serial_out = portOutputRegister(port); + serial_in = portInputRegister(port); + + *serial_mode &= ~serial_bit; /* input */ + *serial_out |= serial_bit; /* pullup */ +} + +/* wait some time so the stop bits haven been elapsed before transmitting a block */ +void serial_start_tx(void) +{ + /* wait some time, so previous stop bits have been elapsed */ + _delay_loop_2(serial_delay * 3); /* 2..3 bits of time */ +} + +/* transmit a byte */ +void serial_tx(uint8_t b) +{ + uint8_t i, c = 0; + + /* start bit */ + *serial_mode |= serial_bit; /* output */ + *serial_out &= ~serial_bit; /* low */ + _delay_loop_2(serial_delay); + /* 8 data bits */ + for (i = 8; i > 0; --i) { + if (b & 1) + *serial_out |= serial_bit; /* high */ + else + *serial_out &= ~serial_bit; /* low */ + _delay_loop_2(serial_delay); + c ^= b; + b>>= 1; + } + /* even parity */ + if (c & 1) + *serial_out |= serial_bit; /* high */ + else + *serial_out &= ~serial_bit; /* low */ + _delay_loop_2(serial_delay); + /* 2 stop bits */ + *serial_out |= serial_bit; /* high */ + _delay_loop_2(serial_delay); + _delay_loop_2(serial_delay); + *serial_mode &= ~serial_bit; /* input */ +} + +/* receive a byte */ +uint8_t serial_rx(void) +{ + uint8_t i, b = 0; + + /* center read */ + _delay_loop_2(serial_delay >> 1); + /* 8 data bits */ + for (i = 8; i > 0; --i) { + _delay_loop_2(serial_delay); + b >>= 1; + if ((*serial_in & serial_bit)) + b |= 0x80; + } + /* parity */ + _delay_loop_2(serial_delay); + /* move into (first) stop bit */ + _delay_loop_2(serial_delay); + + return b; +} + +void setup() { + uint8_t byte, ver; + +#ifdef STATUS_LED + pinMode(STATUS_LED, OUTPUT); +#endif + + /* intial eeprom init */ + byte = eeprom_read(EEPROM_MAGIC + 0); + ver = eeprom_read(EEPROM_MAGIC + 1); + if (byte != 'C' || ver != '0' + EEPROM_VERSION) + sim_init_eeprom(); + +#ifdef RESET_PIN + reset_init(RESET_PIN); +#endif + serial_init(SERIAL_DATA, SERIAL_DELAY); +#ifdef TEST_TX + while (true) + serial_tx(0x55); +#endif +#ifdef TEST_RX + *serial_mode |= serial_bit; /* output */ + while (true) { + /* show low for start bit up to end of first stop bit */ + *serial_out &= ~serial_bit; /* low */ + serial_rx(); + _delay_loop_2(serial_delay >> 1); + *serial_out |= serial_bit; /* high */ + _delay_loop_2(serial_delay); + } +#endif +#ifdef TEST_TO + uint16_t to; + int rx; + rx_again: + rx = 1; + /* wait until start bit is received or timeout */ + for (to = 0; to <= SERIAL_TIMEOUT;) { + if (!(*serial_in & serial_bit)) { + serial_tx(0x33); + goto rx_again; + } +#ifdef RESET_PIN + if (!(*reset_in & reset_bit)) { + serial_tx(0xf0); + goto rx_again; + } +#endif + if (rx) + to++; + } + serial_tx(0x55); + goto rx_again; +#endif +} + +void loop() { +#if !defined(TEST_TX) && !defined(TEST_RX) && !defined (TEST_TO) + uint16_t to; + int c, rx; + +reset_again: +#ifdef RESET_PIN + /* wait until reset is released */ + while(!(*reset_in & reset_bit)); +#endif + sim_reset(&sim, 0); + +tx_again: +#ifdef STATUS_LED + digitalWrite(STATUS_LED, LOW); +#endif + /* send buffer until no more data to be transmitted */ + serial_start_tx(); + while ((c = sim_tx(&sim)) >= 0) { +#ifdef RESET_PIN + /* perform reset, when low */ + if (!(*reset_in & reset_bit)) + goto reset_again; +#endif + /* perform transmission of a byte */ + serial_tx(c); + } + /* wait until start bit is received or timeout */ + rx = 0; + for (to = 0; to <= SERIAL_TIMEOUT;) { + /* perform RX, when low (start bit) */ + if (!(*serial_in & serial_bit)) { + c = serial_rx(); + /* if block was completly received, go to tx_again */ + if (sim_rx(&sim, c) < 0) + goto tx_again; + /* start counting timeout condition */ + rx = 1; + to = 0; +#ifdef STATUS_LED + digitalWrite(STATUS_LED, HIGH); +#endif + } +#ifdef RESET_PIN + /* perform reset, when low */ + if (!(*reset_in & reset_bit)) + goto reset_again; +#endif + /* only if we have an ongoing reception, we count for the timeout condition */ + if (rx) + to++; + } + /* perform timeout */ + sim_timeout(&sim); + goto tx_again; +#endif +} diff --git a/src/sim/sniffer.c b/src/sim/sniffer.c new file mode 100644 index 0000000..56bc4a6 --- /dev/null +++ b/src/sim/sniffer.c @@ -0,0 +1,798 @@ +/* SIM card sniffer + * + * (C) 2020 by Andreas Eversberg + * All Rights Reserved + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef ARDUINO + +#include +#include +#include +#include "../libdebug/debug.h" +#include "sim.h" +#include "sniffer.h" + +/* Layer 7 */ + +static void rx_icl_sdu(uint8_t *data, int length) +{ + uint8_t I, cla_ccrc, ins_aprc; + uint16_t dlng; + int i; + + if (length < 3) { + PDEBUG(DSIM7, DEBUG_NOTICE, "Message too short\n"); + return; + } + + I = *data >> 7; + cla_ccrc = (*data++ & 0x7f); + ins_aprc = *data++; + dlng = *data++; + length -= 3; + + PDEBUG(DSIM7, DEBUG_INFO, "Layer 7:\n"); + if (I == 0) { + PDEBUG(DSIM7, DEBUG_INFO, " I = Command\n"); + PDEBUG(DSIM7, DEBUG_INFO, " CLA = 0x%02x\n", cla_ccrc); + switch (cla_ccrc) { + case CLA_CNTR: + PDEBUG(DSIM7, DEBUG_INFO, " -> CNTR (Control Class)\n"); + break; + case CLA_STAT: + PDEBUG(DSIM7, DEBUG_INFO, " -> STAT (Status Class)\n"); + break; + case CLA_WRTE: + PDEBUG(DSIM7, DEBUG_INFO, " -> WRTE (Write Class)\n"); + break; + case CLA_READ: + PDEBUG(DSIM7, DEBUG_INFO, " -> READ (Read Class)\n"); + break; + case CLA_EXEC: + PDEBUG(DSIM7, DEBUG_INFO, " -> EXEC (Execute Class)\n"); + break; + case CLA_AUTO: + PDEBUG(DSIM7, DEBUG_INFO, " -> AUTO (Authentication Class)\n"); + break; + default: + PDEBUG(DSIM7, DEBUG_INFO, " -> unknown class\n"); + break; + } + PDEBUG(DSIM7, DEBUG_INFO, " INS = 0x%02x\n", ins_aprc); + switch (cla_ccrc) { + case CLA_CNTR: + switch (ins_aprc) { + case SL_APPL: + PDEBUG(DSIM7, DEBUG_INFO, " -> SL-APPL (Select Application)\n"); + break; + case CL_APPL: + PDEBUG(DSIM7, DEBUG_INFO, " -> CL-APPL (Close Application)\n"); + break; + case SH_APPL: + PDEBUG(DSIM7, DEBUG_INFO, " -> SH-APPL (Show Application)\n"); + break; + } + break; + case CLA_STAT: + switch (ins_aprc) { + case CHK_KON: + PDEBUG(DSIM7, DEBUG_INFO, " -> CHK-KCON (Consistency Check)\n"); + break; + } + break; + case CLA_WRTE: + switch (ins_aprc) { + case WT_RUFN: + PDEBUG(DSIM7, DEBUG_INFO, " -> WR-RUFN (Write Rufnummernsatz)\n"); + break; + } + break; + case CLA_READ: + switch (ins_aprc) { + case RD_EBDT: + PDEBUG(DSIM7, DEBUG_INFO, " -> RD-EBDT (Read Einbuchdaten)\n"); + break; + case RD_RUFN: + PDEBUG(DSIM7, DEBUG_INFO, " -> RD-RUFN (Read Rufnummernsatz)\n"); + break; + case RD_GEBZ: + PDEBUG(DSIM7, DEBUG_INFO, " -> RD-GEBZ (Read Gebuehrenzaehler)\n"); + break; + } + break; + case CLA_EXEC: + switch (ins_aprc) { + case CHK_PIN: + PDEBUG(DSIM7, DEBUG_INFO, " -> CHK-PIN (Check PIN)\n"); + break; + case SET_PIN: + PDEBUG(DSIM7, DEBUG_INFO, " -> SET-PIN (Set PIN)\n"); + break; + case EH_GEBZ: + PDEBUG(DSIM7, DEBUG_INFO, " -> EH-GEBZ (Increment Gebuehrenzaehler)\n"); + break; + case CL_GEBZ: + PDEBUG(DSIM7, DEBUG_INFO, " -> CL-GEBZ (Clear Gebuehrenzaehler)\n"); + break; + } + break; + case CLA_AUTO: + switch (ins_aprc) { + case AUT_1: + PDEBUG(DSIM7, DEBUG_INFO, " -> AUTO-1 (Autorization)\n"); + break; + } + break; + } + } else { + PDEBUG(DSIM7, DEBUG_INFO, " I = Response\n"); + PDEBUG(DSIM7, DEBUG_INFO, " CCRC = 0x%02x\n", cla_ccrc); + if (cla_ccrc & CCRC_PIN_NOK) + PDEBUG(DSIM7, DEBUG_INFO, " -> PIN-NOT-OK\n"); + if (cla_ccrc & CCRC_AFBZ_NULL) + PDEBUG(DSIM7, DEBUG_INFO, " -> AFBZ = NULL\n"); + if (cla_ccrc & CCRC_APRC_VALID) + PDEBUG(DSIM7, DEBUG_INFO, " -> APRC valid\n"); + if (cla_ccrc & 0x08) + PDEBUG(DSIM7, DEBUG_INFO, " -> reserved\n"); + if (cla_ccrc & 0x10) + PDEBUG(DSIM7, DEBUG_INFO, " -> reserved\n"); + if (cla_ccrc & 0x20) + PDEBUG(DSIM7, DEBUG_INFO, " -> reserved\n"); + if (cla_ccrc & CCRC_ERROR) + PDEBUG(DSIM7, DEBUG_INFO, " -> GENERAL ERROR\n"); + PDEBUG(DSIM7, DEBUG_INFO, " APRC = 0x%02x\n", ins_aprc); + if (ins_aprc & APRC_PIN_REQ) + PDEBUG(DSIM7, DEBUG_INFO, " -> Bit 2 = 1:PIN-Check required\n"); + else + PDEBUG(DSIM7, DEBUG_INFO, " -> Bit 2 = 0:PIN-Check not required\n"); + if (ins_aprc & APRC_APP_LOCKED) + PDEBUG(DSIM7, DEBUG_INFO, " -> Bit 3 = 1:Application locked\n"); + else + PDEBUG(DSIM7, DEBUG_INFO, " -> Bit 3 = 0:Application unlocked\n"); + if (ins_aprc & APRC_GEBZ_LOCK) + PDEBUG(DSIM7, DEBUG_INFO, " -> Bit 5 = 1:GEBZ/RUFN locked\n"); + else + PDEBUG(DSIM7, DEBUG_INFO, " -> Bit 5 = 0:GEBZ/RUFN unlocked\n"); + if (ins_aprc & APRC_GEBZ_FULL) + PDEBUG(DSIM7, DEBUG_INFO, " -> Bit 6 = 1:GEBZ full\n"); + else + PDEBUG(DSIM7, DEBUG_INFO, " -> Bit 6 = 0:GEBZ not full\n"); + } + if (dlng == 255) { + PDEBUG(DSIM7, DEBUG_NOTICE, " Unsupported length 255!\n"); + return; + } + PDEBUG(DSIM7, DEBUG_INFO, " DLNG = %d\n", dlng); + if (dlng != length) { + PDEBUG(DSIM7, DEBUG_NOTICE, " DLNG does not match message body!\n"); + return; + } + + for (i = 0; i < length; i++) { + PDEBUG(DSIM7, DEBUG_INFO, " DATA(%d) = 0x%02x '%c' %d\n", i, data[i], (data[i] >= 32 && data[i] <= 126) ? data[i] : '.', data[i]); + } +} + +/* ICL layer */ + +static void rx_icl_pdu(uint8_t *data, int length) +{ + int icb_count, ext = 1; + + if (ext) { + if (length < 1) { + PDEBUG(DSIMI, DEBUG_NOTICE, "Message too short\n"); + return; + } + + PDEBUG(DSIMI, DEBUG_INFO, "Interface control layer ICB1:\n"); + if (*data & ICB1_ONLINE) + PDEBUG(DSIMI, DEBUG_INFO, " ON-LINE-BIT: 1 = On-line data\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " ON-LINE-BIT: 0 = Off-line data\n"); + if (*data & ICB1_CONFIRM) + PDEBUG(DSIMI, DEBUG_INFO, " CONFIRM-BIT: 1 = Confirmation\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " CONFIRM-BIT: 0 = No meaning\n"); + if (*data & ICB1_MASTER) + PDEBUG(DSIMI, DEBUG_INFO, " MASTER/SLAVE-BIT: 1 = Sender is master\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " MASTER/SLAVE-BIT: 0 = Sender is slave\n"); + if (*data & ICB1_WT_EXT) + PDEBUG(DSIMI, DEBUG_INFO, " WT-EXTENSION-BIT: 1 = Request for WT-Extension\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " WT-EXTENSION-BIT: 0 = No request for WT-Extension\n"); + if (*data & ICB1_ABORT) + PDEBUG(DSIMI, DEBUG_INFO, " ABORT/TERMINATE-BIT: 1 = Abort/Terminate request\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " ABORT/TERMINATE-BIT: 0 = No meaning\n"); + if (*data & ICB1_ERROR) + PDEBUG(DSIMI, DEBUG_INFO, " ERROR-BIT: 1 = Error\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " ERROR-BIT: 0 = No meaning\n"); + if (*data & ICB1_CHAINING) + PDEBUG(DSIMI, DEBUG_INFO, " CHAINING-BIT: 1 = More ICL data follows\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " CHAINING-BIT: 0 = No more ICL data follows\n"); + if (*data & ICB_EXT) + PDEBUG(DSIMI, DEBUG_INFO, " ICB-EXTENSION-BIT: 1 = ICB2 follows\n"); + else { + PDEBUG(DSIMI, DEBUG_INFO, " ICB-EXTENSION-BIT: 0 = no ICB follows\n"); + ext = 0; + } + data++; + length--; + } + + if (ext) { + if (length < 1) { + PDEBUG(DSIMI, DEBUG_NOTICE, "Message too short\n"); + return; + } + + PDEBUG(DSIMI, DEBUG_INFO, "Interface control layer ICB2:\n"); + if (*data & ICB2_DYNAMIC) + PDEBUG(DSIMI, DEBUG_INFO, " DYN-BUFFER-SIZE-BIT: 1 = Buffer size %d\n", (*data & ICB2_BUFFER) * 8); + else + PDEBUG(DSIMI, DEBUG_INFO, " DYN-BUFFER-SIZE-BIT: 0 = No meaning\n"); + if (*data & ICB2_ISO_L2) + PDEBUG(DSIMI, DEBUG_INFO, " ISO-7816-BLOCK-BIT: 1 = Compatible\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " ISO-7816-BLOCK-BIT: 0 = Incompatible\n"); + if (*data & ICB2_PRIVATE) + PDEBUG(DSIMI, DEBUG_INFO, " PRIVATE-USE-BIT: 1 = Private use layer 7 protocol\n"); + else + PDEBUG(DSIMI, DEBUG_INFO, " PRIVATE-USE-BIT: 0 = No meaning\n"); + if (*data & ICB_EXT) + PDEBUG(DSIMI, DEBUG_INFO, " ICB-EXTENSION-BIT: 1 = ICB3 follows\n"); + else { + PDEBUG(DSIMI, DEBUG_INFO, " ICB-EXTENSION-BIT: 0 = no ICB follows\n"); + ext = 0; + } + data++; + length--; + } + + icb_count = 2; + while (ext) { + if (length < 1) { + PDEBUG(DSIMI, DEBUG_NOTICE, "Message too short\n"); + return; + } + + PDEBUG(DSIMI, DEBUG_INFO, "Interface control layer ICB%d:\n", ++icb_count); + PDEBUG(DSIMI, DEBUG_INFO, " Value: 0x%02x\n", *data); + if (!(*data & 0x80)) + ext = 0; + data++; + length--; + } + + rx_icl_sdu(data, length); +} + +/* Layer 2 */ + +static uint8_t flip(uint8_t c) +{ + c = ((c&0x55) << 1) | ((c&0xaa) >> 1); /* 67452301 */ + c = ((c&0x33) << 2) | ((c&0xcc) >> 2); /* 45670123 */ + c = (c << 4) | (c >> 4); /* 01234567 */ + + return c; +} + +void sniffer_reset(sim_sniffer_t *sim) +{ + PDEBUG(DSIM1, DEBUG_INFO, "Resetting sniffer\n"); + memset(sim, 0, sizeof(*sim)); +} + +static void decode_ta1(sim_sniffer_t __attribute__((unused)) *sim, uint8_t c, int count) +{ + int fi = -1, di = -1; + double fmax = 0.0; + + switch (c >> 4) { + case 0: + fi = 372; fmax = 4.0; + break; + case 1: + fi = 372; fmax = 5.0; + break; + case 2: + fi = 558; fmax = 6.0; + break; + case 3: + fi = 744; fmax = 8.0; + break; + case 4: + fi = 1116; fmax = 12.0; + break; + case 5: + fi = 1488; fmax = 16.0; + break; + case 6: + fi = 1860; fmax = 20.0; + break; + case 9: + fi = 512; fmax = 5.0; + break; + case 10: + fi = 768; fmax = 7.5; + break; + case 11: + fi = 1014; fmax = 10.0; + break; + case 12: + fi = 1536; fmax = 15.0; + break; + case 13: + fi = 2048; fmax = 20.0; + break; + } + + switch (c & 0xf) { + case 1: + di = 1; + break; + case 2: + di = 2; + break; + case 3: + di = 4; + break; + case 4: + di = 8; + break; + case 5: + di = 16; + break; + case 6: + di = 32; + break; + case 7: + di = 64; + break; + case 8: + di = 12; + break; + case 9: + di = 20; + break; + } + + if (fi > 0) + PDEBUG(DSIM2, DEBUG_INFO, " TA%d Fi = %d, f(max.) = %.1f MHz\n", count, fi, fmax); + else + PDEBUG(DSIM2, DEBUG_INFO, " TA%d Fi = RFU\n", count); + if (di > 0) + PDEBUG(DSIM2, DEBUG_INFO, " TA%d Di = %d\n", count, di); + else + PDEBUG(DSIM2, DEBUG_INFO, " TA%d Di = RFU\n", count); +} + +static void decode_ta2(sim_sniffer_t __attribute__((unused)) *sim, uint8_t c, int count) +{ + PDEBUG(DSIM2, DEBUG_INFO, " TA%d T = %d\n", count, c & 0xf); + if (!(c & 0x10)) + PDEBUG(DSIM2, DEBUG_INFO, " TA%d : Fi and Di by TA1 shall apply.\n", count); + else + PDEBUG(DSIM2, DEBUG_INFO, " TA%d : Implicit values (and not Di / Di by TA1) sall apply.\n", count); + if (!(c & 0x80)) + PDEBUG(DSIM2, DEBUG_INFO, " TA%d : Capable to change negotiable/specific mode.\n", count); + else + PDEBUG(DSIM2, DEBUG_INFO, " TA%d : Unable to change negotiable/specific mode.\n", count); +} + +static void decode_tai(sim_sniffer_t *sim, uint8_t c, int count) +{ + if ((sim->atr_td & 0xf) != 14) { + PDEBUG(DSIM2, DEBUG_INFO, " TA%d Value = 0x%02x\n", count, c); + return; + } + + if (count == 3) { + switch (c & 0xf) { + case 0: + PDEBUG(DSIM2, DEBUG_INFO, " TA%d fsmin = Default\n", count); + break; + case 1: + case 2: + case 3: + PDEBUG(DSIM2, DEBUG_INFO, " TA%d fsmin = %d MHz\n", count, c & 0xf); + break; + default: + PDEBUG(DSIM2, DEBUG_INFO, " TA%d fsmin = reserved\n", count); + break; + } + + switch (c >> 4) { + case 0: + case 1: + case 2: + case 3: + PDEBUG(DSIM2, DEBUG_INFO, " TA%d fsmax = reserved\n", count); + break; + case 5: + PDEBUG(DSIM2, DEBUG_INFO, " TA%d fsmax = 5 MHz (Default)\n", count); + break; + default: + PDEBUG(DSIM2, DEBUG_INFO, " TA%d fsmax = %d MHz\n", count, c >> 4); + break; + } + } else { + PDEBUG(DSIM2, DEBUG_INFO, " TA%d Block Waiting Time = %d\n", count, c); + } +} + +static void decode_tb1(sim_sniffer_t __attribute__((unused)) *sim, uint8_t c, int count) +{ + if ((c & 0x1f) == 0) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d PI1=0: VPP not connected\n", count); + else if ((c & 0x1f) == 5) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d PI1=5: VPP is 5 Volts (default)\n", count); + else if ((c & 0x1f) >= 6 && (c & 0x1f) <= 25) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d PI1=%d: VPP is %d Volts\n", count, c & 0x1f, (c & 0x1f) - 1); + else + PDEBUG(DSIM2, DEBUG_INFO, " TB%d PI1=%d: not defined\n", count, c & 0x1f); + PDEBUG(DSIM2, DEBUG_INFO, " TB%d II = %d\n", count, (c >> 5) & 0x3); +} + +static void decode_tb2(sim_sniffer_t __attribute__((unused)) *sim, uint8_t c, int count) +{ + PDEBUG(DSIM2, DEBUG_INFO, " TB%d Value = 0x%02x\n", count, c); +} + +static void decode_tbi(sim_sniffer_t *sim, uint8_t c, int count) +{ + if ((sim->atr_td & 0xf) != 14) { + PDEBUG(DSIM2, DEBUG_INFO, " TB%d Value = 0x%02x\n", count, c); + return; + } + + if (count == 3) { + PDEBUG(DSIM2, DEBUG_INFO, " TB%d Maximum block size = %d\n", count, c); + } else { + if (!(c & 0x01)) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d XOR Checksum\n", count); + else + PDEBUG(DSIM2, DEBUG_INFO, " TB%d CRC Checksum\n", count); + if (!(c & 0x02)) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d 12-etu frame\n", count); + else + PDEBUG(DSIM2, DEBUG_INFO, " TB%d 11-etu frame\n", count); + if (!(c & 0x04)) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d No Chaining in ICL-Layer-Protocol\n", count); + else + PDEBUG(DSIM2, DEBUG_INFO, " TB%d Chaining in ICL-Layer-Protocol\n", count); + if (!(c & 0x08)) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d Incompatible to ISO 7816 (Character Protocol)\n", count); + else + PDEBUG(DSIM2, DEBUG_INFO, " TB%d Compatible to ISO 7816 (Character Protocol)\n", count); + if (!(c & 0x10)) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d No private in ICL-Layer-Protocol\n", count); + else + PDEBUG(DSIM2, DEBUG_INFO, " TB%d Private in ICL-Layer-Protocol\n", count); + if (!(c & 0x20)) + PDEBUG(DSIM2, DEBUG_INFO, " TB%d No ICB-Extension in ICL-Layer-Protocol\n", count); + else + PDEBUG(DSIM2, DEBUG_INFO, " TB%d ICB-Extension in ICL-Layer-Protocol\n", count); + } +} + +static void decode_tc1(sim_sniffer_t __attribute__((unused)) *sim, uint8_t c, int count) +{ + PDEBUG(DSIM2, DEBUG_INFO, " TC%d N = %d\n", count, c); +} + +static void decode_tc2(sim_sniffer_t __attribute__((unused)) *sim, uint8_t c, int count) +{ + PDEBUG(DSIM2, DEBUG_INFO, " TC%d Value = 0x%02x\n", count, c); +} + +static void decode_tci(sim_sniffer_t *sim, uint8_t c, int count) +{ + if ((sim->atr_td & 0xf) != 14) { + PDEBUG(DSIM2, DEBUG_INFO, " TC%d Value = 0x%02x\n", count, c); + return; + } + + PDEBUG(DSIM2, DEBUG_INFO, " TC%d Character Waiting Time = %d\n", count, c); +} + +static void decode_td(sim_sniffer_t __attribute__((unused)) *sim, uint8_t c, int count) +{ + switch (c & 0xf) { + case 0: + PDEBUG(DSIM2, DEBUG_INFO, " TD%d T=1: Half-duplex transmission of characters (ISO 7816).\n", count); + break; + case 1: + PDEBUG(DSIM2, DEBUG_INFO, " TD%d T=1: Half-duplex transmission of blocks (ISO 7816).\n", count); + break; + case 2: + case 3: + PDEBUG(DSIM2, DEBUG_INFO, " TD%d T=%d: Reserved for future full-duplex operations.\n", count, c & 0xf); + break; + case 4: + PDEBUG(DSIM2, DEBUG_INFO, " TD%d T=4: Reserved for an enhanced half-duplex transmission of characters.\n", count); + break; + case 5: + case 6: + case 7: + case 8: + case 9: + case 10: + case 11: + case 12: + case 13: + PDEBUG(DSIM2, DEBUG_INFO, " TD%d T=%d: Reserved for future use by ISO/IEC JTC 1/SC 17.\n", count, c & 0xf); + break; + case 14: + PDEBUG(DSIM2, DEBUG_INFO, " TD%d T=14: Refers to transmission protocols not standardized by ISO/IEC JTC 1/SC 17.\n", count); + break; + case 15: + PDEBUG(DSIM2, DEBUG_INFO, " TD%d T=15: Does not refer to a transmission protocol, but only qualifies global interface bytes.\n", count); + break; + } +} + +static void decode_if(sim_sniffer_t *sim, int count) +{ + switch (count) { + case 1: + if (sim->atr_if_mask & 0x10) + decode_ta1(sim, sim->atr_ta, count); + if (sim->atr_if_mask & 0x20) + decode_tb1(sim, sim->atr_tb, count); + if (sim->atr_if_mask & 0x40) + decode_tc1(sim, sim->atr_tc, count); + if (sim->atr_if_mask & 0x80) + decode_td(sim, sim->atr_td, count); + break; + case 2: + if (sim->atr_if_mask & 0x10) + decode_ta2(sim, sim->atr_ta, count); + if (sim->atr_if_mask & 0x20) + decode_tb2(sim, sim->atr_tb, count); + if (sim->atr_if_mask & 0x40) + decode_tc2(sim, sim->atr_tc, count); + if (sim->atr_if_mask & 0x80) + decode_td(sim, sim->atr_td, count); + break; + default: + if (sim->atr_if_mask & 0x10) + decode_tai(sim, sim->atr_ta, count); + if (sim->atr_if_mask & 0x20) + decode_tbi(sim, sim->atr_tb, count); + if (sim->atr_if_mask & 0x40) + decode_tci(sim, sim->atr_tc, count); + if (sim->atr_if_mask & 0x80) + decode_td(sim, sim->atr_td, count); + } + + if ((sim->atr_td >> 4)) + PDEBUG(DSIM2, DEBUG_INFO, "----------------------------------------\n"); +} + +static void decode_hist(sim_sniffer_t __attribute__((unused)) *sim, uint8_t c, int count) +{ + PDEBUG(DSIM2, DEBUG_INFO, " History byte #%d: 0x%02x\n", count, c); +} + +static void rx_atr(sim_sniffer_t *sim, uint8_t c) +{ + /* TS */ + if (sim->atr_count == 0) { + PDEBUG(DSIM1, DEBUG_INFO, "----------------------------------------\n"); + switch (c) { + case 0x3f: + PDEBUG(DSIM2, DEBUG_INFO, "Reading ATR inverse bit order:\n"); + sim->inverse_order = 1; + break; + case 0x3b: + PDEBUG(DSIM2, DEBUG_INFO, "Reading ATR normal bit order:\n"); + sim->inverse_order = 0; + break; + default: + sniffer_reset(sim); + return; + } + sim->atr_tck = c; + sim->atr_count++; + return; + } + + if (sim->inverse_order) + c = flip (c); + + sim->atr_tck ^= c; + + if (sim->atr_count == 1) { + sim->atr_t0 = c; + sim->atr_if_mask = c; + sim->atr_count++; + return; + } + + /* get TA, if included, or skip by inc. atr_count */ + if (sim->atr_count == 2) { + if (sim->atr_if_mask & 0x10) { + sim->atr_ta = c; + sim->atr_count++; + return; + } else + sim->atr_count++; + } + + /* get TB, if included, or skip by inc. atr_count */ + if (sim->atr_count == 3) { + if (sim->atr_if_mask & 0x20) { + sim->atr_tb = c; + sim->atr_count++; + return; + } else + sim->atr_count++; + } + + /* get TC, if included, or skip by inc. atr_count */ + if (sim->atr_count == 4) { + if (sim->atr_if_mask & 0x40) { + sim->atr_tc = c; + sim->atr_count++; + return; + } else + sim->atr_count++; + } + + /* get TD, if included, or skip by inc. atr_count */ + if (sim->atr_count == 5) { + if (sim->atr_if_mask & 0x80) { + sim->atr_td = c; + /* decode content */ + decode_if(sim, sim->atr_if_count + 1); + /* get new mask byte and start over */ + sim->atr_count = 2; + sim->atr_if_mask = sim->atr_td; + sim->atr_if_count++; + return; + } else + sim->atr_count++; + } + + /* decode content */ + if (sim->atr_count == 6) + decode_if(sim, sim->atr_if_count + 1); + + /* process historical character */ + if (sim->atr_count < 6 + (sim->atr_t0 & 0xf)) { + decode_hist(sim, c, sim->atr_count - 6 + 1); + sim->atr_count++; + return; + } + + if (sim->atr_tck == 0) + PDEBUG(DSIM2, DEBUG_INFO, " Checksum 0x%02x ok.\n", c); + else + PDEBUG(DSIM2, DEBUG_NOTICE, " Checksum 0x%02x error!\n", c); + + + sim->l1_state = L1_STATE_RECEIVE; + sim->block_state = BLOCK_STATE_ADDRESS; + PDEBUG(DSIM2, DEBUG_INFO, "ATR done!\n"); +} + +static void rx_char(sim_sniffer_t *sim, uint8_t c) +{ + if (sim->inverse_order) + c = flip(c); + + sim->block_checksum ^= c; + + switch (sim->block_state) { + case BLOCK_STATE_ADDRESS: + if ((c >> 4) != 1 && (c & 0xf) != 1) { + /* start over if we do not get a valid message start */ + sniffer_reset(sim); + sniffer_rx(sim, c); + return; + } + PDEBUG(DSIM1, DEBUG_INFO, "----------------------------------------\n"); + sim->block_address = c; + sim->block_state = BLOCK_STATE_CONTROL; + sim->block_checksum = c; + return; + case BLOCK_STATE_CONTROL: + sim->block_control = c; + sim->block_state = BLOCK_STATE_LENGTH; + return; + case BLOCK_STATE_LENGTH: + sim->block_length = c; + sim->block_count = 0; + sim->block_state = BLOCK_STATE_DATA; + return; + case BLOCK_STATE_DATA: + if (sim->block_count < sim->block_length) { + sim->block_data[sim->block_count++] = c; + return; + } + PDEBUG(DSIM2, DEBUG_INFO, "Layer 2:\n"); + PDEBUG(DSIM2, DEBUG_INFO, " source %d -> to %d\n", sim->block_address >> 4, sim->block_address & 0xf); + if ((sim->block_control & 0x11) == 0x00) + PDEBUG(DSIM2, DEBUG_INFO, " control I: N(S)=%d N(R)=%d\n", (sim->block_control >> 1) & 7, sim->block_control >> 5); + else if ((sim->block_control & 0x1f) == 0x09) + PDEBUG(DSIM2, DEBUG_INFO, " control REJ: N(R)=%d\n", sim->block_control >> 5); + else if (sim->block_control == 0xef) + PDEBUG(DSIM2, DEBUG_INFO, " control RES"); + else + PDEBUG(DSIM2, DEBUG_INFO, " control unknown 0x%02x\n", sim->block_control); + PDEBUG(DSIM2, DEBUG_INFO, " length %d\n", sim->block_length); + if (sim->block_checksum == 0) + rx_icl_pdu(sim->block_data, sim->block_length); + else + PDEBUG(DSIM2, DEBUG_NOTICE, "Received message with checksum error!\n"); + sim->block_state = BLOCK_STATE_ADDRESS; + } +} + +void sniffer_rx(sim_sniffer_t *sim, uint8_t c) +{ + + PDEBUG(DSIM1, DEBUG_DEBUG, "Serial RX '0x%02x'\n", c); + + switch (sim->l1_state) { + case L1_STATE_RESET: + if (c != 0x3f && c != 0x3b) { + PDEBUG(DSIM1, DEBUG_INFO, "Received garbage '0x%02x' while waiting for ATR\n", c); + break; + } + sim->l1_state = L1_STATE_ATR; + sim->atr_count = 0; + /* fall through */ + case L1_STATE_ATR: + rx_atr(sim, c); + break; + case L1_STATE_RECEIVE: + rx_char(sim, c); + break; + default: + break; + } +} + +void sniffer_timeout(sim_sniffer_t *sim) +{ + switch (sim->l1_state) { + case L1_STATE_RESET: + case L1_STATE_ATR: + if (sim->l1_state == L1_STATE_ATR && sim->atr_count) + PDEBUG(DSIM1, DEBUG_NOTICE, "Timeout while receiving ATR!\n"); + sim->l1_state = L1_STATE_ATR; + sim->atr_count = 0; + break; + case L1_STATE_RECEIVE: + if (sim->block_state != BLOCK_STATE_ADDRESS) + PDEBUG(DSIM1, DEBUG_NOTICE, "Timeout while receiving message!\n"); + sim->block_state = BLOCK_STATE_ADDRESS; + break; + default: + break; + } +} + +#endif /* ARDUINO */ diff --git a/src/sim/sniffer.h b/src/sim/sniffer.h new file mode 100644 index 0000000..be948d6 --- /dev/null +++ b/src/sim/sniffer.h @@ -0,0 +1,26 @@ + +typedef struct sim_sniffer { + enum l1_state l1_state; + int inverse_order; + int atr_count; + int atr_if_count; + uint8_t atr_if_mask; + uint8_t atr_t0; + uint8_t atr_ta; + uint8_t atr_tb; + uint8_t atr_tc; + uint8_t atr_td; + uint8_t atr_tck; + enum block_state block_state; + uint8_t block_address; + uint8_t block_control; + uint8_t block_length; + uint8_t block_count; + uint8_t block_checksum; + uint8_t block_data[256]; +} sim_sniffer_t; + +void sniffer_reset(sim_sniffer_t *sim); +void sniffer_rx(sim_sniffer_t *sim, uint8_t c); +void sniffer_timeout(sim_sniffer_t *sim); + -- cgit v1.2.3