Observing SIM voltages put out by various old phones

Thu Dec 1 08:14:44 UTC 2022

Hello fellow SIM tracers,

I just built this little gadget that allows one to observe (easily,
safely, non-invasively) what voltages each given phone puts out toward
the SIM:

https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/sim-fpc-pasv.jpeg

It is a trivial PCB adapter that connects together a SIM socket, an FPC
connector that fits existing SIMtrace FPC cables, and a set of plain
old 2.54 mm header pins exposing each signal on the SIM-ME interface.
This adapter is purely passive, hence it doesn't need power, it does
not contain any components that can be damaged by high voltages (in
fact, there is not one ESD-sensitive component on this PCB!), and it
does not introduce any Heisenbug effects into the SIM-ME interface
under test.  The usage scenario should be obvious: I insert a fitting
SIMtrace FPC cable into the phone under test, the other end of that
FPC cable plugs into my PCB, the SIM socket on my adapter is either
filled with an actual SIM or left empty depending on the test to be
performed, and I observe the voltage between GND and VCC pins.

Here is that test being performed with a Nokia 2190E, one of the very
first GSM phones sold in USA, circa 1995 or 1996:

https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/N2190-test-front.jpeg
https://www.freecalypso.org/members/falcon/pictures/SIM-volt-test/N2190-test-back.jpeg

And here are some test results:

* Nokia 2190E, PCS band equivalent of 2110, powered by a 5-cell NiMH
battery: always puts out 5V toward the SIM.

* Ericsson I888, powered by a 4-cell NiMH battery: likewise always
puts out 5V toward the SIM (will probably be a little under 5.0V, but
still within 5V spec, under low battery conditions), but I would not
classify this phone as "Phase 1": it supports SMS, USSD, CSD via IrDA,
and EFR speech codec.

* Nokia 6190, PCS band equivalent of 6110 (first ARM-based GSM phone
ever?), powered by a 3-cell NiMH battery: tries 3V first, if the SIM
is "3V technology SIM" or "1.8V technology SIM", then the phone stays
at 3V, but if there is no good ATR at 3V, then it tries 5V.

If a phone is powered by a 3-cell NiMH or 1-cell Li-ion battery, then
the only way it can put out 5V is by going through a boost converter,
which are of course bad for battery life - thus it seems that once
phones went to these lower-voltage batteries, then they started
preferring 3V SIMs at the same time (while still supporting 5V SIMs in
those days!), whereas phones powered by higher-voltage batteries (4 or
more Ni-Cd or NiMH cells) keep it simple and always put out 5V, it
seems.

Now Nokia 2190E is a really finicky phone in terms of which SIMs it
accepts: as the r/vintagemobilephones community on Reddit figured out,
there is just one T-Mobile MVNO (LycaMobile) whose SIMs it accepts,
while all others are rejected - and the worst part is, it rejects my
current Themyscira SIMs too!  (My SIMs are FCSIM1, equivalent of old
sysmoSIM-GR2.)  So what is so special about those LycaMobile SIMs
which this phone accepts while rejecting all others?  Examining that
SIM in a card reader, I see nothing special, same deal as most
operator-issued SIMs these days: native UICC/USIM/ISIM, has GSM 11.11
support for backward compat, GSM 11.11 SELECT on MF/DF indicates "1.8V
technology SIM", ATR indicates all 3 voltage classes supported.

Now that I have proven what I previously only suspected (the fact that
this ancient Nokia always puts out 5V toward the SIM), SIMtrace2 is
definitely out - however, I now also have a SIMtrace1 board, graciously
donated by Kevin, and I am going to see if I can find some time to get
SIMtrace1 software working and try sniffing Nokia 2190E to SIM comms
in the working and not-working cases.

M~