The STK Sim Application Toolkit is a Universal Standard used to create applications that reside on network simcards. Normally it is not possible to load applications on to a network simcards and only the network can supply functions that use the STK.
Solutions Point Limited Specialise in Sim Overlay technology which consists of a FPCB (Flexible Printed Circuit Board) thats 0.1 mm thick and has a Micro controller mounted and fits underneath network simcards in mobile phone sim gates.
This allows the provision of new applications through the use of the sim over lay technology. The Default STK provided by the network sim operator is ignored and its possible to Provide custom applications that use the Sim Application Toolkit.
This has already been successfully demonstrated with Solutions Point Limited’s Flag ship Sim overlay Product www.RebelSimCard.com
Current Applications Created so far include
1 Mobile Phone Unlocking
2 Least Cost international Call Routing using Call Though
3 Least Cost international Call Routing using Call Back
This Blog article is about new and emerging phone models and software versions and will give an insight to users on how the rebel simcard Team create unlock solutions.
Lets Take for example the new iphone 3G 3.0 OS and the iphone 3GS model due for release very soon this month. This will be a real challenge and we shall see which company can produce the World First Solution for unlocking.
The Rebel simcard Team invest very heavilty in R&D and is the reason behind the success of Rebel Simcard. Back in January the Rebel Simcard Launched the Worlds First Reverse Engineering Tool for Scanning Hex Data used to Create unlock Solutions for Rebel Simcard for all the Beta Testers/Resellers and for Students of Smart Card Technology worldwide.
The Tool comes with 4 FPCB (flexible Printed Curcuit Board) connections that can fit in to virtually any mobile phone in the world. This way once the setup has been made its possible to then plug the network simcard in the hex scanner and thus capture all data communications that are exchanged by the mobile phone and simcard.
This is a tool kit to help scan network simcards so we can add support to the rebel sim for new network simcards and new iphone firmwares and models that come out and continue to dominate the mobile phone simcard unlocking technology Industry.
This shows how serious we take our leadership of the simcard unlocking Field.
Also this toolkit can be used by the enginners of tomorrow to learn about APDU’s and scanning methods.
As the rebel sim card Team has distributed over 800 Hex scanners worldwide. This is the only reason rebel simcard is and will always have Worldwide Compatiblity as Rebel simcard is tested on mobile networks all over the world and data is collected and new improvemnts are made all the time as we can obtian realtime data and feedback from our beta testig Team.
The Other Real Benefit of being a Rebel simcard user is the ability for users to apply the updates in the comfort of thier home and when new updates and releases are created by us then simply users need to use a PC and the Update Software we provide with the Rebel Simcard Programmers.
This is of great benefit as rebel simcard users do not need to keep on purchasing new rebel simcards with new firmwares and then have to wait for delivery of the products each time apple release a new firmware. As the Rebel simcard Clients are Based worldwide this can save alot of money on Postage fees and avoid additional delays in using the Latest Technology from us.
The Rebel Simcard Team have always Delivered World First Solutions and we are very committed and focussed at the moment on bringing the world the First unlock solution for the iphone 3.0 OS and iphone 3G model.
IF you have a mobile phone where no unlock is possible and you would like to work with us to make the solutions possible then kit is the way forward and by sending us hex scans made using the scanner we can look in to this without having to send the phone to us.
If you are interested in scanning new phone models and firmwares of phones and wish to provide the scan data to the rebel simcard team then this Kit is Designed Especially for you. At the same time you can learn more about smarcards and how they communicate with the mobile phones and extend your knowledge and have chance to Win a Trip to to the UK HQ of rebel simcard and recieve extra training on Creating new Unlock Solutions using smartcard technology.
These Integrated Circuit Cards come in two forms when we categorize them based on the way we use tem, contact and contact-less. The former is easily identified due to its characteristic gold connector plate.
Originally the ISO Standard (7816-2) defined eight contacts, but only 6 are actually used to communicate with the outside world and rest two are marked as RFU (Reserved for future use). The contact-less cards optionally may contain its own power source, however mostly the operating power is provided to the contact-less card by means of an inductive loop that uses low frequency electronic magnetic radiation. The signals needed for communication with the reader devices may be transmitted in a similar way or can use capacitive coupling or even an optical connection (IR).
The Contact card is the most widely used ICC to date largely because of its use as telephone prepayment card. Yes! The SIM card that we you use in our cell phones is just a Smart card without the plastic base. Most contact cards contain only a simple integrated circuit although some also use two chips; the other one is used to perform complex cryptographic computations (which I’ll explain shortly). The chip itself varies considerably between vendors and each takes it own way of programming application for it, but the Java Card™ initiative by Sun has made it a breeze to write Smart Card applications that can be downloaded onto the memory of these cards and can execute on any type of chip which supports the Java Card runtime environment. I’ll come to programming the Smart cards in next article of this series.
Figure 2
Let us now consider the use of the 6 contacts used by the ICC:
Vcc is the supply voltage that drives the chips and is generally 3 to 5 volts with 10% deviation allowed. It used to be in 5-volt range prior to the recent move towards low power devices to make these cards.
Vss/GND pin is used to provide the substrate or ground reference voltage against which the Vcc potential is measured. It is usually 0 volts.
Reset is the signal line that is used to send the signal to the integrated circuit in order to reset it. This is a complex process that we shall describe later in more detail. There are two ways a card is reset:
Warm Reset: When a Signal is sent through this pin to reset the ICC.
Cold Reset: When the supply voltage is turned off and on again. Ejecting the card out and inserting again will have the same effect.
Clock pin is used to drive the logic of the embedded IC and is also used as the reference for the serial communications synchronization. This pin is provided because the ICC doesn’t have any clock generator onboard and needs this as external input. The card reader device provides this clock. The clock frequency is 5MHz generally but many high end ICCs use frequency multipliers to operate at higher frequencies up to 40 MHz.
Vpp pin is now optional and used only in old cards. Previously it was used for the high voltage signal that is necessary to program the EPROM memory. It was provided with two voltage levels. The lower one (or the idle state) is held down by the Card Reader device, until the higher level (or the active state) is required.
I/O pin is the serial input/output (SIO) connector. This is the signal line by which the underlying circuit receives commands and interchanges data with the outside world. This process will be explained in more detail when we talk about programming applications that receive these commands.
Answer The APDU (Application Protocol Data Unit) is the communication unit between a reader and a card. The structure of an APDU is defined by the ISO 7816 standards.
There are two categories of APDUs: command APDUs and response APDUs. As the name implies, the former is sent by the reader to the card: it contains a mandatory 5-byte header and from 0 to up to 255 bytes of data. The latter is sent by the card to the reader: it contains a mandatory 2-byte status word and from 0 to up to 256 bytes of data.
The APDU is an application level protocol as specified in the ISO 7816-4, which takes place between a smart card and a host application for the communication purpose.
APDU consist of two structures, as defined below:
Command APDU (C-APDU: this command is used by the host application to send command to the card.
Header: it consist of 4 bytes:-
Class of instruction (CLA)
Instruction code (INS)
Parameters: P1 and 2
Optional body: varies in length.
Lc = specifies the length of the optional body or the data field (Bytes).
Le = specifies the length of the data or the number of bytes that the host is expecting in response to the command sent.
Data field contains the data that are sent to the card for executing the instruction specified in the header.
Response APDU (R-APDU): this command is used by the card in order to respond to the command send by the host application.
Optional body: it consist of data field whose length is specified by the Le
Trailer: it consist of two words SW1 and SW2 called as status word, which denotes the processing state in the card after the execution of the command APDU.
Structure of the APDU is given below:
1. Command APDU
Mandatory Header
Optional body
CLA
INS
P1
P2
Lc
Data Field
Le
2. Response APDU
Optional body
Mandatory Trailer
Data Field
SW1
SW1
Note:
A command is always paired with response APDU
The data field is optional in both command APDU and response APDU.
The second case further divides the command and response APDU in four categories.
There is no transfer of data to or from the card
C- APDU: contains header only.
R- APDU: contains only the trailer status word.
There is no transfer of data to the card but data are returned from the card
C- APDU: contains Le only, which specifies the number of data bytes in the corresponding response APDU.
There is transfer of data to the card but no data is returned from the card
C- APDU: contains Lc and data field, Lc which specifies the length of the data field.
R-APDU: contains the trailer status word SW1 and SW2.
There is transfer of data to the card and data is returned from the card
C- APDU: contains Lc and data field and Le.
R-APDU: contains both the optional body and the trailer status word SW1 and SW2.
This transmission protocol uses Application Protocol Data Units (APDU), which can be either commands or responses. These are sent across the electrical interface between the SIM and the mobile equipment, or the SIM-ME interface for short.
CLA
INS
P1
P2
P3
Data
Command APDU format.
There are five fields in an APDU command. The class of instruction (CLA) is always A0 for GSM. The instruction code (INS) indicates the particular command to be performed. P1, P2, and P3 are parameters for the command, with P3 containing the length of the Data segment, if any.
Data
SW1
SW2
Response APDU format.
The response to a command is returned in three fields. The Data portion, if any, contains information requested in the command. SW1 and SW2 are status words indicating the success or failure of the command.
A number of commands are defined for GSM SIM cards, including functions to read and write data, confirm security features, and run the GSM authentication algorithm. Completing an entire GSM procedure may require a series of APDU command/response pairs.
