Page 2 of 6 FirstFirst 123456 LastLast
Results 21 to 40 of 112

Thread: msay MKII interface project (gw1 hacks)

  1. #21
    Senior Member gw1's Avatar
    Join Date
    Jan 2008
    Location
    Hobart
    Posts
    957
    Thanks
    49
    Thanked 608 Times in 213 Posts
    Rep Power
    267
    Reputation
    1901

    Default

    Also, I notice you seem to be using a polyester capacitor for C9 0.47uF. Is that true? Polyester capacitors are fine for audio applications but have poor high frequency response and aren't much good for supply decoupling. If you can't find an X7R ceramic you'd be better off using a tantalum, or even another of those 0.1uF ceramic capacitors for C9 rather than a polyester.

    I mean, it will still work with a polyester. It's just less than ideal.



  • #22
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    Quote Originally Posted by gw1 View Post
    My suggestion of jumper link to improve card socket power decoupling was just for your prototype. For your next PCB revision I suggest, rather than a jumper link, simply reroute your +5V as shown below. You don't need the jumper link at all (and the link's inductance is undesirable).

    Done!


    Quote Originally Posted by gw1 View Post
    When transistor T2 isn't used, if you place a capacitor from pin 5 to GND it seeds the startup state one way, and if you instead place the capacitor between pin 5 and pin 8 (+5V) it seeds the startup state the other way. Yes?
    Yes, when C23 is grounded the output is low, if at +5V the output is high.

    Quote Originally Posted by gw1 View Post
    If that is so, there's no reason the seeding mechanism shouldn't work even when T2 is present. You'll need to pull pin 5 in the opposite direction to before though, because of T2's inverting effect!
    I know, the transistor there is suppose to work as an NOT GATE (inverter), when the input as his base is high the output(collector) is low and so on, but is not working that way. Changing the C23 configuration the output of IC7 is high but mean nothing to T2 as his first state, S1 works fine.

    Maybe R1 is too low.

  • #23
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    Quote Originally Posted by gw1 View Post
    Also, I notice you seem to be using a polyester capacitor for C9 0.47uF. Is that true? Polyester capacitors are fine for audio applications but have poor high frequency response and aren't much good for supply decoupling. If you can't find an X7R ceramic you'd be better off using a tantalum, or even another of those 0.1uF ceramic capacitors for C9 rather than a polyester.

    I mean, it will still work with a polyester. It's just less than ideal.
    The guy sold me as a high voltage ceramic, but i told him that it looks like those old 90's Philips Polyester caps, the same guy/store sold me that multi layer ceramic caps that you see on the board. The guy must know something or is selling wrong stuff (??)

    Later i will change, at my prototype board, that to a 220nF multi layer ceramic, is the higher value that i have at home.

    Talking about "supply decoupling" some years ago i've found it talk about the correct values for supply decoupling.
    Last edited by msay; 23-02-09 at 06:20 PM.

  • #24
    Senior Member gw1's Avatar
    Join Date
    Jan 2008
    Location
    Hobart
    Posts
    957
    Thanks
    49
    Thanked 608 Times in 213 Posts
    Rep Power
    267
    Reputation
    1901

    Default

    That article about supply decoupling is very good.

    R1 value of 1.5K seems right to me.

    Can you please toggle 555 so that pin 3 is high and measure the voltages on IC7 pin 3, on each end of R13, and on IC4 pin 9. Then toggle pin 3 low and repeat. Post your eight measurements for us to see.

    Other things to try in the meantime:
    • Check you don't have a short circuit around IC5 pins 12 & 13
    • Check for bad joints around R21, T2, R13 and pins 9-11 on IC4 and IC5.
    • Replace T2, making sure it's actually a BC547 (or BC548), not something else.
    • Replace R21 by a 10K resistor, and mount an additional 2K2-4K7 resistor between T2 base and emitter.
    • Try replacing R13 with a 4K7, 5K6 or 6K8 to see if it makes a difference (it shouldn't).


    You say the circuit works when you're not using T2. I'm curious - what exactly do you do to test the circuit without T2? Do you desolder T2 and connect a flylead between IC7 pin 3 and IC4 pin 9? If not, how do you do it?

  • #25
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    Quote Originally Posted by gw1 View Post
    That article about supply decoupling is very good.
    Thanks!

    Quote Originally Posted by gw1 View Post
    R1 value of 1.5K seems right to me.

    Can you please toggle 555 so that pin 3 is high and measure the voltages on IC7 pin 3, on each end of R13, and on IC4 pin 9. Then toggle pin 3 low and repeat. Post your eight measurements for us to see.

    Other things to try in the meantime:
    • Check you don't have a short circuit around IC5 pins 12 & 13
    • Check for bad joints around R21, T2, R13 and pins 9-11 on IC4 and IC5.
    • Replace T2, making sure it's actually a BC547 (or BC548), not something else.
    • Replace R21 by a 10K resistor, and mount an additional 2K2-4K7 resistor between T2 base and emitter.
    • Try replacing R13 with a 4K7, 5K6 or 6K8 to see if it makes a difference (it shouldn't).
    That is not necessary anymore, the problem is fixed, i don't know exactly why it doesn't work with this circuit in specific, my headphone amp uses the same switch with the transistor not gate to trigger a relay, this device doesn't turn it self on when i connect the AC cord to the wall and the 555 is set to start high.

    Anyway, the problem was that the 555 would start low not matter the configuration set, there was no short or anything, so i removed that capacitor and put it at SW1 to give the IC7 an initial trigger, that works, the interface start as PH mode instead of JDM.





    Here is the updated schematic:


    Quote Originally Posted by gw1 View Post
    You say the circuit works when you're not using T2. I'm curious - what exactly do you do to test the circuit without T2? Do you desolder T2 and connect a flylead between IC7 pin 3 and IC4 pin 9? If not, how do you do it?
    I did with a jumper and removing T2/R13, since IC7 was configured to start low.

  • #26
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    Man, this is a very dangerous interface, i've take notion of it today.

    I've took this interface to a friend that does cellphone repair for a well know company, since i don't have access to empty cards i need to know if the interface writes, i know it reads fine. He connects the interface to his laptop, fire up some strange apps (very, very strange i might say), ask his friend for his GSM SIM CARD, put that to an adapter and slide that in to my interface.

    After about two hours (or more i didn't count, we wore playing PS3), his was able to clone his friend GSM card in to a special one, using my interface, that can hold up to 3 different GSM SIM cards in one single chip. We wore able to recover a lot of sim card info like, personal information, phone numbers, time and date information, last numbers called, phone book, company information, functions & services activated/deactivated.... lots and lots of information, it took less than a minute to dump all that in to a text file.

    He also did some other things with it that i don't dare to talk about it here. I know that this is just an interface with "hacks" applied that does nothing by it self without a specific program, but damn, i was amazed.

    This friend told me that this can be very handy for serious work like repair and something else related, but also can be miss used.

    Because of that, i take no responsibility for what ever mess you can get in to by using it or miss using it.

    Be responsible.

  • #27
    Junior Member
    Join Date
    Jan 2008
    Posts
    155
    Thanks
    2
    Thanked 8 Times in 7 Posts
    Rep Power
    204
    Reputation
    60

    Default

    can i ask , how much does it cost to build roughly , including an etching kit etc..

    thanks

  • #28
    Senior Member
    fandtm666's Avatar
    Join Date
    Jan 2008
    Posts
    5,499
    Thanks
    244
    Thanked 982 Times in 462 Posts
    Rep Power
    1186
    Reputation
    40287

    Default

    Quote Originally Posted by xfiles_2007 View Post
    can i ask , how much does it cost to build roughly , including an etching kit etc..

    thanks
    More than it costs to buy the kit from jaycar

  • #29
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    Yes, i don't know how much it could cost at each one country, the most expensive part is the smart card adapter for about £4.22, on my country it cost about $16.00. Etching and other stuff is very hard to say, maybe under $60.00.

  • #30
    Senior Member gw1's Avatar
    Join Date
    Jan 2008
    Location
    Hobart
    Posts
    957
    Thanks
    49
    Thanked 608 Times in 213 Posts
    Rep Power
    267
    Reputation
    1901

    Default

    Quote Originally Posted by msay View Post
    this is a very dangerous interface
    No more dangerous than a pair of binoculars, a blank cassette or CDROM media, or a telephone, or a photocopier. None are intrinsically dangerous. All are tools which have many practical uses including communication, legitimate business and education. Like most tools they also have potential illegal uses such as privacy invasion, theft of intellectual property, harassment etc. That's nothing new. Everything under the sun can be put to illegal uses - bricks, pliers, chainsaws, you name it. The only real difference about smartcard interfaces is they provide means to communicate with smartcards in a matter that few people ever do - at level of binary data. There are higher level tools of course which are tailored for specific applications, some of which may be obviously and blatantly illegal. People shouldn't be afraid of making, owning or using technical hardware or software just because of potential for illegal use by others.

    There *is* a chance you may get investigated by police on request of business interests if you develop a public profile that makes them think you might be doing something illegal. You may not be doing anything illegal but they may trick you into saying something that makes you look illegal, and that is where the real danger lies.

  • #31
    Senior Member
    LeroyPatrol's Avatar
    Join Date
    Jan 2008
    Location
    N.E. Vic
    Posts
    16,229
    Thanks
    3,528
    Thanked 4,710 Times in 2,797 Posts
    Rep Power
    1669
    Reputation
    46551

    Default

    Quote Originally Posted by msay View Post
    Yes, i don't know how much it could cost at each one country, the most expensive part is the smart card adapter for about £4.22, on my country it cost about $16.00. Etching and other stuff is very hard to say, maybe under $60.00.
    You might be able to do a little production run of boards and make a few $$$ on the side People can then drill and assemble them.

    Leroy

  • #32
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    Quote Originally Posted by gw1 View Post
    No more dangerous than a pair of binoculars, a blank cassette or CDROM media, or a telephone, or a photocopier. None are intrinsically dangerous. All are tools which have many practical uses including communication, legitimate business and education. Like most tools they also have potential illegal uses such as privacy invasion, theft of intellectual property, harassment etc. That's nothing new. Everything under the sun can be put to illegal uses - bricks, pliers, chainsaws, you name it. The only real difference about smartcard interfaces is they provide means to communicate with smartcards in a matter that few people ever do - at level of binary data. There are higher level tools of course which are tailored for specific applications, some of which may be obviously and blatantly illegal. People shouldn't be afraid of making, owning or using technical hardware or software just because of potential for illegal use by others.

    There *is* a chance you may get investigated by police on request of business interests if you develop a public profile that makes them think you might be doing something illegal. You may not be doing anything illegal but they may trick you into saying something that makes you look illegal, and that is where the real danger lies.
    Yes i know how this goes.

    Quote Originally Posted by LeroyPatrol View Post
    You might be able to do a little production run of boards and make a few $$$ on the side People can then drill and assemble them.

    Leroy
    Thanks but, the schematic is public now, i'm sure that some company or other person will deal with it and sell it, i really don't care, maybe some one would make a smd version of it.

  • #33
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    After the experience at my friends home, i got my old SIM card and make a run on it:



    Is a disabled chip, i did some tests here with success (read/write), this are some parts of a big text file:

    Code:
    3F00:7F20:6F38:  SIM service table
    ------------------------------------------------------------------------------
    Response: 00 00 00 0D 6F 38 04 00 15 F5 55 01 02 00 00 
    ----------------------------------------
    File ID           :6F38
    Type of file      :EF  
    Structure of File :Transparent
    File Size         :000D
    Read Access       :CHV (PIN) 1
    Write Access      :CHV (PIN) 5
    Increase Access   :Never
    Rehabilitate      :CHV (PIN) 5
    Invalidate        :CHV (PIN) 5
    File Status       :Not Invalidated
    
    FF 3C C3 0F 0F 00 FF 0F 00 0C 00 00 00 
    ------------------------------------------------------------------------------
    Service  1: CHV (PIN)1 disable function        :Allocated And Activated
    Service  2: Abbreviated Dialling Numbers (ADN) :Allocated And Activated
    Service  3: Fixed Dialling Numbers (FDN)       :Allocated And Activated
    Service  4: Short Message Storage (SMS)        :Allocated And Activated
    Service  5: Advice of Charge (AoC)             :Not Allocated
    Service  6: Capability Config. Parameters (CCP):Allocated And Activated
    Service  7: PLMN Selector                      :Allocated And Activated
    Service  8: Party Subaddress                   :Not Allocated
    Service  9: MSISDN                             :Allocated And Activated
    Service 10: Extension 1                        :Not Allocated
    Service 11: Extension 2                        :Not Allocated
    Service 12: SMS Parameters                     :Allocated And Activated
    Service 13: Last Number Dialled (LND)          :Allocated And Activated
    Service 14: Cell Broadcast Message Identifier  :Allocated And Activated
    Service 15: Group Identifier Level 1           :Not Allocated
    Service 16: Group Identifier Level 2           :Not Allocated
    Service 17: Service Provider Name              :Allocated And Activated
    Service 18: Service Dialling Numbers (SDN)     :Allocated And Activated
    Service 19: Extension 3                        :Not Allocated
    Service 20: RFU                                :Not Allocated
    Service 21: VCGS Group Identifier List (EF VGCS and EF VGCSS )   :Not Allocated
    Service 22: VBS Group Identifier List (EF VBS and EF VBSS )      :Not Allocated
    Service 23: Enhanced Multi-Level Precedence & Pre-emption Service:Not Allocated
    Service 24: Automatic Answer for eMLPP         :Not Allocated
    Service 25: Data download via SMS-CB           :Allocated And Activated
    Service 26: Data download via SMS-PP           :Allocated And Activated
    Service 27: Menu selection                     :Allocated And Activated
    Service 28: Call control                       :Allocated And Activated
    Service 29: Proactive SIM                      :Allocated And Activated
    Service 30: Cell Broadcast Message Identifier Ranges             :Allocated And Activated
    Service 31: Barred Dialling Numbers (BDN)      :Not Allocated
    Service 32: Extension 4                        :Not Allocated
    Service 33: De-personalization Control Keys    :Not Allocated
    Service 34: Co-operative Network List          :Not Allocated
    This is the write test, i've add some numbers, funny numbers and names with the SIM Edit.

    Code:
    3F00:7F10:6F3A:  Abbreviated Dialling Numbers
    ------------------------------------------------------------------------------
    Response: 00 00 1C 52 6F 3A 04 00 11 F5 22 01 02 01 1D 
    ----------------------------------------
    File ID           :6F3A
    Type of file      :EF  
    Structure of File :Linear Fixed
    File Size         :1C52
    Number of a rec.  :FA
    Length of a rec.  :1D
    Read Access       :CHV (PIN) 1
    Write Access      :CHV (PIN) 1
    Increase Access   :Never
    Rehabilitate      :CHV (PIN) 2
    Invalidate        :CHV (PIN) 2
    File Status       :Not Invalidated
    
    74 65 73 74 FF FF FF FF FF FF FF FF FF FF FF 05 81 46 46 46 46 FF FF FF FF FF FF FF FF 
    6D 73 61 79 20 53 4D 41 52 54 20 43 41 52 44 05 81 21 43 65 87 FF FF FF FF FF FF FF FF 
    67 77 31 20 48 41 43 4B 53 FF FF FF FF FF FF 05 81 89 67 45 23 FF FF FF FF FF FF FF FF 
    49 73 20 74 68 69 73 20 77 6F 72 6B 69 6E 67 05 81 11 11 22 22 FF FF FF FF FF FF FF FF 
    FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
    FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
    .......... cut ..........
    ------------------------------------------------------------------------------
    1: 64646464             test
    2: 12345678             msay SMART CARD
    3: 98765432             gw1 HACKS
    4: 11112222             Is this working
    The most strange info is this:
    Code:
    Trying to reset card...
    Reset Successful
    
    RX ATR  : 69 A5 .......... more strings .......... 
    
    Card Information    Hex          Decimal
    ---------------------------------------------------
    Card ID           FFFFFCFF       ############ (hided numbers)
    IRD Number        00030300       ######## (hided numbers)
    USW               FCFF           64767
    Fuse/Guide        A5 FC          165 252
    Time Zone         FF             ??? (DST)
    Rating            FC             ???
    Spending Limit    FFFF           $655.35
    ---------------------------------------------------
    
    Channel Tier      Expires
    ---------------------------------------------------
     1.  FF FF        Jan  2013   Day 63  (M=FC, D=FF)
     2.  FF FC        Apr  2013   Day 63  (M=FF, D=FF)
     3.  FC FF        Apr  2013   Day 60  (M=FF, D=FC)
     4.  FF FF        Jan  2013   Day 63  (M=FC, D=FF)
     5.  FF FC        Apr  2013   Day 63  (M=FF, D=FF)
     6.  FC FF        Apr  2013   Day 60  (M=FF, D=FC)
     7.  FF FF        Jan  2013   Day 63  (M=FC, D=FF)
     8.  FF FC        Apr  2013   Day 63  (M=FF, D=FF)
     9.  FC FF        Apr  2013   Day 60  (M=FF, D=FC)
    10.  FF FF        Jan  2013   Day 63  (M=FC, D=FF)
    11.  FF FC        Apr  2013   Day 63  (M=FF, D=FF)
    12.  FC FF        Apr  2013   Day 60  (M=FF, D=FC)
    ---------------------------------------------------
    
    Broadcaster     Purchases      Purchase Limit
    ---------------------------------------------------
    DirectTV          $655.31          $655.34
    USSB              $655.31          $655.34
    USNCAB            $655.31          $655.34
    ...... more strange prices
    What 'DirectTV ' is doing on my SIM card
    Last edited by msay; 25-02-09 at 02:35 PM.

  • #34
    Senior Member Frank Drebin's Avatar
    Join Date
    Jan 2008
    Posts
    503
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    214
    Reputation
    11

    Default

    Is your SIM card 3G? What software is being used? PM if necessary.

    Can you supply an updated board design too - would love to build this as my next project.

    Thank you for sharing your work.

  • #35
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    Quote Originally Posted by Frank Drebin View Post
    Is your SIM card 3G? What software is being used? PM if necessary.
    No, my SIM card is not 3G, for the software google for "SimScan v2.01".

    Quote Originally Posted by Frank Drebin View Post
    Can you supply an updated board design too - would love to build this as my next project.
    My last design for this board/schematic is rev. 05 just above you.

    Quote Originally Posted by Frank Drebin View Post
    Thank you for sharing your work.
    You're welcome
    Remember that it has gw1 hacks on it

  • #36
    Senior Member Frank Drebin's Avatar
    Join Date
    Jan 2008
    Posts
    503
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    214
    Reputation
    11

    Default

    Quote Originally Posted by msay View Post
    My last design for this board/schematic is rev. 05 just above you.
    Thanks for that

    woops didnt notice the multiple pages in your pdf

    One question, is there a purpose for the 3.6864MHz xtal? Can it be replaced with one of a different frequency without issue?

    Thanks again.

  • #37
    Senior Member gw1's Avatar
    Join Date
    Jan 2008
    Location
    Hobart
    Posts
    957
    Thanks
    49
    Thanked 608 Times in 213 Posts
    Rep Power
    267
    Reputation
    1901

    Default

    Yes, most crystals between 1-10MHz will work provided it's not too fast for your card and your system is properly configured to support custom baud rates.

  • #38
    Junior Member
    Join Date
    Mar 2009
    Age
    47
    Posts
    46
    Thanks
    3
    Thanked 4 Times in 4 Posts
    Rep Power
    185
    Reputation
    24

    Default

    Thanks both of you for great work.
    i was thinking about making a phoenix card reader for my dreambox.
    i found these on the net:
    )


    Also i have a pcb with the name vp30 :

    first i was going to make the Clanzer pcb.
    then i found your pcb.
    but i think i will go for your pcb.

  • #39
    Senior Member gw1's Avatar
    Join Date
    Jan 2008
    Location
    Hobart
    Posts
    957
    Thanks
    49
    Thanked 608 Times in 213 Posts
    Rep Power
    267
    Reputation
    1901

    Default

    That VP30 (aka Art That Hurts all-burner) design you posted is ambitious and cunning, with a reasonably nice PCB. But it has a couple of dangerous features, particularly driving TxD directly into the HC00 input!

    It probably works but cuts too many corners for my liking.

  • #40
    Junior Member
    Join Date
    Feb 2009
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    185
    Reputation
    12

    Default

    For what i've learned from my own, the VP30 looks like a SC killer.

  • Page 2 of 6 FirstFirst 123456 LastLast

    Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •