From falcon at freecalypso.org Thu Dec 1 08:14:44 2022 From: falcon at freecalypso.org (Mychaela Falconia) Date: Thu, 01 Dec 2022 00:14:44 -0800 Subject: Observing SIM voltages put out by various old phones Message-ID: <20221201081534.AA5A53740133@freecalypso.org> Hello fellow SIM tracers, I just built this little gadget that allows one to observe (easily, safely, non-invasively) what voltages each given phone puts out toward the SIM: https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/sim-fpc-pasv.jpeg It is a trivial PCB adapter that connects together a SIM socket, an FPC connector that fits existing SIMtrace FPC cables, and a set of plain old 2.54 mm header pins exposing each signal on the SIM-ME interface. This adapter is purely passive, hence it doesn't need power, it does not contain any components that can be damaged by high voltages (in fact, there is not one ESD-sensitive component on this PCB!), and it does not introduce any Heisenbug effects into the SIM-ME interface under test. The usage scenario should be obvious: I insert a fitting SIMtrace FPC cable into the phone under test, the other end of that FPC cable plugs into my PCB, the SIM socket on my adapter is either filled with an actual SIM or left empty depending on the test to be performed, and I observe the voltage between GND and VCC pins. Here is that test being performed with a Nokia 2190E, one of the very first GSM phones sold in USA, circa 1995 or 1996: https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/N2190-test-front.jpeg https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/N2190-test-back.jpeg And here are some test results: * Nokia 2190E, PCS band equivalent of 2110, powered by a 5-cell NiMH battery: always puts out 5V toward the SIM. * Ericsson I888, powered by a 4-cell NiMH battery: likewise always puts out 5V toward the SIM (will probably be a little under 5.0V, but still within 5V spec, under low battery conditions), but I would not classify this phone as "Phase 1": it supports SMS, USSD, CSD via IrDA, and EFR speech codec. * Nokia 6190, PCS band equivalent of 6110 (first ARM-based GSM phone ever?), powered by a 3-cell NiMH battery: tries 3V first, if the SIM is "3V technology SIM" or "1.8V technology SIM", then the phone stays at 3V, but if there is no good ATR at 3V, then it tries 5V. If a phone is powered by a 3-cell NiMH or 1-cell Li-ion battery, then the only way it can put out 5V is by going through a boost converter, which are of course bad for battery life - thus it seems that once phones went to these lower-voltage batteries, then they started preferring 3V SIMs at the same time (while still supporting 5V SIMs in those days!), whereas phones powered by higher-voltage batteries (4 or more Ni-Cd or NiMH cells) keep it simple and always put out 5V, it seems. Now Nokia 2190E is a really finicky phone in terms of which SIMs it accepts: as the r/vintagemobilephones community on Reddit figured out, there is just one T-Mobile MVNO (LycaMobile) whose SIMs it accepts, while all others are rejected - and the worst part is, it rejects my current Themyscira SIMs too! (My SIMs are FCSIM1, equivalent of old sysmoSIM-GR2.) So what is so special about those LycaMobile SIMs which this phone accepts while rejecting all others? Examining that SIM in a card reader, I see nothing special, same deal as most operator-issued SIMs these days: native UICC/USIM/ISIM, has GSM 11.11 support for backward compat, GSM 11.11 SELECT on MF/DF indicates "1.8V technology SIM", ATR indicates all 3 voltage classes supported. Now that I have proven what I previously only suspected (the fact that this ancient Nokia always puts out 5V toward the SIM), SIMtrace2 is definitely out - however, I now also have a SIMtrace1 board, graciously donated by Kevin, and I am going to see if I can find some time to get SIMtrace1 software working and try sniffing Nokia 2190E to SIM comms in the working and not-working cases. M~