FreeCalypso > hg > fc-sim-sniff
comparison doc/Sniffing-hw-setup @ 58:95ed46b5f8f1 default tip
doc/Sniffing-hw-setup: mv-sniffer is here
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Wed, 04 Oct 2023 05:55:09 +0000 |
| parents | 8a3003860cf8 |
| children |
comparison
equal
deleted
inserted
replaced
| 57:eb4274e7f4da | 58:95ed46b5f8f1 |
|---|---|
| 13 * Some in-between components described below. | 13 * Some in-between components described below. |
| 14 | 14 |
| 15 For the in-between components of the last bullet point above, there are 3 | 15 For the in-between components of the last bullet point above, there are 3 |
| 16 possibilities, each described in its own section below. | 16 possibilities, each described in its own section below. |
| 17 | 17 |
| 18 HW setup version 0 | 18 HW setup version 1 |
| 19 ================== | 19 ================== |
| 20 | 20 |
| 21 (works today) | 21 (works today) |
| 22 | 22 |
| 23 The piece between the SIMtrace FPC cable from Sysmocom and the Icestick FPGA | 23 In this solution there are two little ad hoc boards sitting between the SIMtrace |
| 24 board is the "SIMtrace FPC passive connection" adapter (design files in | 24 FPC cable and the Icestick board: |
| 25 boards/sim-fpc-pasv directory) from the fall of 2022. The electrical connection | |
| 26 from the ME/ID SIM socket to the physical SIM is direct and physically | |
| 27 continuous (no switches, no Heisenbugs), and a trio of FPGA I/O pins (configured | |
| 28 as inputs) are connected directly to this SIM bus with jumper wires. | |
| 29 | 25 |
| 30 This hw setup is intended only as a very temporary prototype until we get hw | 26 * sim-fpc-pasv board produced in the fall of 2022 |
| 31 setup version 1 described below. The present hw setup version 0 works ONLY if | 27 * mv-sniffer board produced in the fall of 2023 |
| 32 the ME/ID operates with class B voltage levels: if you try class A (5V), you'll | |
| 33 instantly damage the FPGA by grossly exceeding its Absolute Maximum Ratings | |
| 34 (don't do it!), and if you try class C (1.8V), the high level will fall right | |
| 35 between Vil_max and Vih_min, causing the FPGA to receive garbage. However, this | |
| 36 otherwise-unusable hw setup was good enough to prove the FPGA logic working, | |
| 37 using an FCDEV3B as the ME/ID, manually forced into class B operation. | |
| 38 | 28 |
| 39 HW setup version 1 | 29 The first board (sim-fpc-pasv) passively interconnects an FPC connector for |
| 40 ================== | 30 SIMtrace cables, a physical SIM socket and a bunch of 2.54 mm header pins, |
| 31 bringing out all lines of the SIM-ME electrical interface. This board was | |
| 32 originally produced a year ago for the purpose of observing SIM voltages and | |
| 33 clocks with an oscilloscope. The second board adds one active component: | |
| 34 Nexperia 74LVC4T3144 dual supply logic voltage level translator IC, powered | |
| 35 from SIM_VCC on its A side and from Icestick board +3.3V rail on its B side. | |
| 41 | 36 |
| 42 (coming very soon) | 37 The buffer IC receives (sniffs) the SIM-ME electrical interface at whichever |
| 43 | 38 voltage the ME puts out (everything from 1.8V to 5V is accepted) and puts out |
| 44 Compared to hw setup version 0, one extra component is added between the | 39 the same signals at the fixed logic voltage level needed by the FPGA on the |
| 45 sim-fpc-pasv adapter and the Icestick board: another little adapter board called | 40 Icestick; the FPGA then sniffs the ISO 7816-3 protocol just above the electrical |
| 46 "SIMtrace-ice multivolt sniffer", design files in boards/mv-sniffer directory. | 41 level. |
| 47 The only active component on the mv-sniffer board is a Nexperia 74LVC4T3144 dual | |
| 48 supply logic voltage level translator IC, powered from SIM_VCC on its A side | |
| 49 and from Icestick board +3.3V rail on its B side. | |
| 50 | |
| 51 The mv-sniffer PCB has been fabricated and received at FreeCalypso HQ, but we | |
| 52 still need to get it assembled, which will require at least one trip to | |
| 53 Technotronix, or maybe even two trips. Once we have this board assembled, we | |
| 54 should have a working SIM sniffing path that is fully compatible with all 3 | |
| 55 voltage classes, per the original intent of FC SIMsniff project. | |
| 56 | 42 |
| 57 Wire assignments for this HW setup | 43 Wire assignments for this HW setup |
| 58 ---------------------------------- | 44 ---------------------------------- |
| 59 | 45 |
| 60 A 6-wire ribbon cable, cut from a standard multicolor ribbon cable spool and | 46 A 6-wire ribbon cable, cut from a standard multicolor ribbon cable spool and |
| 61 outfitted with custom crimped connectors, will be used to make the connection | 47 outfitted with custom crimped connectors, is used to make the connection |
| 62 between sim-fpc-pasv and mv-sniffer boards. Wire color assignments in this | 48 between sim-fpc-pasv and mv-sniffer boards. Wire color assignments in this |
| 63 ad hoc connection cable are: | 49 ad hoc connection cable are: |
| 64 | 50 |
| 65 Wire SIM interface pin | 51 Wire SIM interface pin |
| 66 --------------------------------- | 52 --------------------------------- |
| 74 HW setup version 2 | 60 HW setup version 2 |
| 75 ================== | 61 ================== |
| 76 | 62 |
| 77 (a little more distant, but will be needed before wider spread) | 63 (a little more distant, but will be needed before wider spread) |
| 78 | 64 |
| 79 The solution with separate sim-fpc-pasv and mv-sniffer boards is expected to be | 65 The solution with separate sim-fpc-pasv and mv-sniffer boards is quite |
| 80 quite inconvenient because of the number of pieces required - clutter on the lab | 66 inconvenient because of the number of pieces required - clutter on the lab |
| 81 bench - plus poor electrical design with jumper wires between the two boards | 67 bench - plus poor electrical design with jumper wires between the two boards |
| 82 extending the electrical length of the SIM bus before the LVC buffer. In the | 68 extending the electrical length of the SIM bus before the LVC buffer. In the |
| 83 fully polished version of FC SIMsniff, these two adapter boards will need to be | 69 fully polished version of FC SIMsniff, these two adapter boards will need to be |
| 84 combined into one. The final FreeCalypso SIMsniff pod is expected to be a | 70 combined into one. The final FreeCalypso SIMsniff pod is expected to be a |
| 85 single board (still very simple and low cost) featuring the following | 71 single board (still very simple and low cost) featuring the following |
| 88 1) SIMtrace FPC connector | 74 1) SIMtrace FPC connector |
| 89 2) SIM socket | 75 2) SIM socket |
| 90 3) 74LVC4T3144 buffer IC | 76 3) 74LVC4T3144 buffer IC |
| 91 4) SIM bus solidly connected between components 1, 2 and 3 | 77 4) SIM bus solidly connected between components 1, 2 and 3 |
| 92 5) A header for FPGA board connection, wired to the 'B' side of component 3 | 78 5) A header for FPGA board connection, wired to the 'B' side of component 3 |
| 79 | |
| 80 HW setup version 0 (historical) | |
| 81 =============================== | |
| 82 | |
| 83 In the beginning of FC SIMsniff project, there was no new custom hardware - but | |
| 84 we did have our sim-fpc-pasv board from a year ago, and we got the Icestick | |
| 85 board outfitted with header pins. Our first hw setup thus consisted of jumper | |
| 86 wires connecting from FPGA I/O pins (plus Icestick GND) directly to SIM bus pins | |
| 87 on the sim-fpc-pasv adapter. | |
| 88 | |
| 89 This hw setup could not be used for any real SIM-ME sniffing: a class A (5V) ME | |
| 90 would destroy the FPGA (grossly exceeds Absolute Maximum Ratings), while class C | |
| 91 (1.8V) operation produced by all newer ME (from Calypso+Iota onward) cannot be | |
| 92 picked up directly by the FPGA as the high logic level falls right between | |
| 93 Vil_max and Vih_min, causing the FPGA to receive garbage. However, this setup | |
| 94 worked with FCDEV3B forced into class B operation, and was used to develop our | |
| 95 FPGA logic and prove it working before the arrival of mv-sniffer board. |