SIM cards are all around us, and with the continuing growth of the Internet of Things, spawning technologies like NB-IoT, this might as well be very literal soon. But what do we really know about them, their internal structure, and their communication protocols? And by extension, their security? To shine some light on these questions, open source and mobile device titan [LaForge] gave an introductory talk about SIM card technologies at the 36C3 in Leipzig, Germany.
Starting with a brief history lesson on the early days of cellular networks based on the German C-Netz, and the origin of the SIM card itself, [LaForge] goes through the main specification and technology parts of each following generation from 2G to 5G. Covering the physical basics, I/O interfaces, communication protocols, and the file system located on the SIM card, you’ll get the answer to “what on Earth is PIN2 for?” along the way.
Of course, a talk like this, on a CCC event, wouldn’t be complete without a deep and critical look at the security side as well. Considering how over-the-air updates on both software and — thanks to mostly running Java nowadays — feature side are more and more common, there certainly is something to look at.
Continue reading “36C3: SIM Card Technology From A To Z”
Cruise around AliExpress for long enough and you’ll find some interesting new hardware. The latest is the TTGO T-Call, an ESP32 breakout board that also has a cellular modem. Yes, it’s only a 2G modem, but that still works in a lot of places, and the whole thing is $15.
On board the TTGO T-Cal is the ESP-WROVER-B, the same module you all know and love that features a dual-core ESP running at 240 MHz with 4 MB of Flash and 8 MB of SRAM. Add to this WiFi and Bluetooth, and you have a capable microcontroller platform. Of note is that this board includes a USB-C port, ostensibly wired so that it behaves like a normal USB micro port. That’s neat, 2019 is the year USB C connectors became cheaper than USB micro connectors.
In addition to the ESP32 module, there’s also cellular in the form of a SIM800 module. This module has been around for a while and used in many, many cellular-connected projects and products like the ZeroPhone. This module is only a 2G module, and that’ll be going away shortly (if not already) in built-up areas, but this can serve as a building block for modules that have more Gees than a 2G module. That said, if you’re looking for a WiFi and cellular bridge for fifteen bucks, you could do a lot worse for a lot more money.
With mobile phones now ubiquitous for the masses in much of the world for over two decades, something a lot of readers will be familiar with is a drawer full of their past devices. Alongside the older smartphone you’ll have a couple of feature phones, and probably at the bottom a Nokia candybar or a Motorola flip phone. There have been various attempts over the years to make use of the computing power the more recent ones contain through using their smartphone operating systems, but the older devices remain relatively useless.
[Vishwasnavada] has a neat plan though, using an ancient phone as a remote trigger device, by interfacing it with an Arduino. There are many ways this could be achieved depending on the model of the phone in question, but one thing common to nearly all devices is a vibration motor. Removing the motor and taking its power line to a GPIO allows the Arduino to sense when the phone is ringing. The idea then is that a call can be placed to the phone which is not picked up, but because it triggers the vibration motor it can be used to make the microcontroller do something remotely. A hack with limited capabilities then, but one that is cheap and simple, uses a recycled device, and should work almost anywhere populated on the planet given the global reach of 2G networks.
This isn’t the first respin of a classic Nokia we’ve brought you, they will also talk data.
During the early years of cell phones, lifespan was mainly limited by hardware (buttons wearing out, dropping phones, or water damage), software is a primary reason that phones are replaced today. Upgrades are often prompted by dissatisfaction with a slow phone, or manufacturers simply stopping updates to phone software after a few years at best. [Oliver Smith] and the postmarketOS project are working to fix the update problem, and have begun making progress on loading custom software onto cellphone processors and controlling their cellular modems. Continue reading “Unlock & Talk: Open Source Bootloader & Modem”
If you’ve been thinking of adding cellular connectivity to a build, here’s a way to try out a new service for free. Hologram.io has just announced a Developer Plan that will give you 1 megabyte of cellular data per month. The company also offers hardware to use with the SIM, but they bill themselves as hardware agnostic. Hologram is about providing a SIM card and the API necessary to use it with the hardware of your choice: any 2G, 3G, 4G, or LTE devices will work with the service.
At 1 MB/month it’s obvious that this is aimed at the burgeoning ranks of Internet of Things developers. If you’re sipping data from a sensor and phoning it home, this will connect you in 200 countries over about 600 networks. We tried to nail them down on exactly which networks but they didn’t take the bait. Apparently any major network in the US should be available through the plan. And they’ve assured us that since this program is aimed at developers, they’re more than happy to field your questions as to which areas you will have service for your specific application.
The catch? The first taste is always free. For additional SIM cards, you’ll have to pay their normal rates. But it’s hard to argue with one free megabyte of cell data every month.
Hologram originally started with a successful Kickstarter campaign under the name Konekt Dash but has since been rebranded while sticking to their cellular-connectivity mission. We always like getting free stuff — like the developer program announced today — but it’s also interesting to see that Hologram is keeping up with the times and has LTE networks available in their service, for which you’ll need an LTE radio of course.
Anyone who had a cheap set of computer speakers in the early 2000s has heard it – the rhythmic dit-da-dit-dit of a GSM phone pinging a cell tower once an hour or so. [153armstrong] has a write up on how to capture this on your computer.
It’s incredibly simple to do – simply plug in a set of headphone to the sound card’s microphone jack, leave a mobile phone nearby, hit record, and wait. The headphone wire acts as an antenna, and when the phone transmits, it induces a current in the wire, which is picked up by the soundcard.
[153armstrong] notes that their setup only seems to pick up signals from 2G phones, likely using GSM. It doesn’t seem to pick up anything from 3G or 4G phones. We’d wager this is due to the difference in the way different cellular technologies transmit – let us know what you think in the comments.
This system is useful as a way to detect a transmitting phone at close range, however due to the limited bandwidth of a computer soundcard, it is in no way capable of actually decoding the transmissions. As far as other experiments go, why not use your soundcard to detect lightning?
[Paul] has put together an insanely small yet powerful tracker for monitoring all the things. The USB TinyTracker is a device that packages a 48MHz processor, 2G modem, GPS receiver, 9DOF motion sensor, barometer, microphone, and micro-SD slot for data storage. He managed to get it all to fit into a USB thumb drive enclosure, meaning that you can program it however you want in the Arduino IDE, then plug it into any USB port and let it run. This enables things like remote monitoring, asset tracking, and all kinds of spy-like activity.
One of the most unusual aspects of his project, though, is this line: “Everything came together very nicely and the height of parts and PCBs is exactly as I planned.” [Paul] had picked out an enclosure that was only supposed to fit a single PCB, but with some careful calculations, and picky component selection, he managed to fit everything onto two 2-layer boards that snap together with a connector and fit inside the enclosure.
We’ve followed [Paul’s] progress on this project with an earlier iteration of his GSM GPS Tracker, which used a Teensy and fit snugly into a handlebar, but this one is much more versatile.