Snooping on SIM Cards

[Nils Pipenbrinck] has been working on a very interesting problem. The SIM card in your cellphone talks to the contactless near-field communication (NFC) chip through a cool protocol that we’d never hear of until reading his blog: single wire protocol (SWP).

The SIM card in your cellphone has only a limited number of physical connections — and by the time NFC technology came on the scene all but one of them was in use. But the NFC controller and the SIM need full-duplex communications. So the SWP works bi-directionally on just one wire; one device modulates the voltage on the line, while the other modulates the current, essentially by switching a load in and out.

This signalling protocol makes snooping on this data line tricky. So to start off his explorations with SWP, [Nils] built his own transceiver. That lead [Nils] to some very sensitive analog sniffer circuit design that he’s just come up with.

If you get interested in SWP, you’ll find the slides from this fantastic presentation (PDF) helpful, and they propose a solution very similar to the one that [Nils] ended up implementing. That’s not taking anything away from [Nils]’s amazing work: with tricky high-speed analog circuitry like this, the implementation can be more than half of the battle! And we’ll surely be following [Nils]’s blog to see where he takes this.

Banner image: An old version and a new version of the transceiver prototype.

Thanks to [Tim Riemann] for the tip!

Raspberry Pi GSM Hat

The Spark Electron was released a few days ago, giving anyone with the Arduino IDE the ability to send data out over a GSM network. Of course, the Electron is just a GSM module tied to a microcontroller, and you can do the same thing with a Pi, some components, and a bit of wire.

The build is fairly basic – just an Adafruit Fona, a 2000 mah LiPo battery, a charge controller, and a fancy Hackaday Perma-Proto Hat, although a piece of perf board would work just as well in the case of the perma-proto board. Connections were as simple as power, ground, TX and RX. With a few libraries, you can access a Pi over the Internet anywhere that has cell service, or send data from the Pi without a WiFi connection.

If you decide to replicate this project, be aware you have an option of soldering the Fona module right side up or upside down. The former gives you pretty blinking LEDs, while the latter allows you to access the SIM. Tough choices, indeed.

SIM card carrying traffic lights

Apparently some of the traffic lights in Johannesburg, South Africa have SIM cards in them to help maintain the network without a physical connection. Now that’s some and not all, but apparently thieves have learned that the SIMs can be used in cell phones to make anonymous and unlimited calls. Officials are convinced that the thieves have inside information because they only crack open the lights that DO contain a card.

We’re white hats here at Hackaday and certainly don’t want to give out information that aids criminals. But since this is already a huge problem we have an idea of how thieves might be identifying which lights to rob. Sure, they probably do have inside information, but wouldn’t it be fairly simple to track down which lights use cellular communication by using a home made spectrum analyzer? We guess it would depend on how often the lights send out communications bursts. Does anyone have insight on this? Leave you thoughts in the comments.

[Thanks Bob]