First of all SIM Card is particular application of SmartCard usage hence low level part specified by series of ISO7816 standards. ISO7816-3 standard specifies the following procedure to initiate interaction between card and Interface Device:
- Cold Reset (RST)
- SIM Card answers ATR (Answer-to-Reset)
- PPS negotiation
- Data exchange
Cold Reset
Cold Reset is sending electrical reset signal to contact C2:
Above picture is showing SIM Card with USB interface which specifies additional contacts like C4, C8, C6 which are not part of ISO standard.
Answer-to-Reset (ATR)
To reset signal SIM card answers sequence of bytes and it’s structure is the following:
The aim of the ATR is declaring to the mobile phone card capabilities.The connection parameters supported by card has been specified in TA1:
TA1 encodes the indicated value of the clock rate conversion integer (Fi), the indicated value of the baud rate adjustment integer (Di) and the maximum value of the frequency supported by the card (f(max.)).
PPS negotiation
For exchanging information, the card and the handset shall agree on transmission protocol and values of transmission parameters. This process called PPS (Protocol and Parameters Selection) negotiation. After that all information exchange has to follow agreed parameters.
All these parameters based on the nominal duration of one moment of the electrical circuit I/O is named “elementary time unit” and denoted etu:
The delay between the leading edges of two consecutive characters shall be at least 12 etu, i.e. the duration of one character, (10±0,2) etu, followed by a guardtime (GT).
The following figure describes it graphically:
Let’s take an example of ATR : 3B9E96801FC78031E073FE211B66D0007A008000FA
Here TA1 byte is 96. Below the trace taken using ContactLAB tracer between mobile phone and SIM Card:
As you can see as the result of PPS negotiation mobile phone and card have agreed to the value 96 and frequency is f = 3.84 MHz.
Based on these values we can determine F and D values from the tables provided in ISO7816-3 standard:
Bits 8 to 5 | 0000 | 0001 | 0010 | 0011 | 0100 | 0101 | 0110 | 0111 |
Fi | 372 | 372 | 558 | 744 | 1116 | 1488 | 1860 | RFU |
f (max.) MHz | 4 | 5 | 6 | 8 | 12 | 16 | 20 | - |
Bits 8 to 5 | 1000 | 1001 | 1010 | 1011 | 1100 | 1101 | 1110 | 1111 |
Fi | RFU | 512 | 768 | 1024 | 1536 | 2048 | RFU | RFU |
f (max.) MHz | - | 5 | 7,5 | 10 | 15 | 20 | - | - |
Bits 4 to 1 | 0000 | 0001 | 0010 | 0011 | 0100 | 0101 | 0110 | 0111 |
Di | RFU | 1 | 2 | 4 | 8 | 16 | 32 | 64 |
Bits 4 to 1 | 1000 | 1001 | 1010 | 1011 | 1100 | 1101 | 1110 | 1111 |
Di | 12 | 20 | RFU | RFU | RFU | RFU | RFU | RFU |
- 9 = b1001 –> Fi = 512 (from the Table 7)
- 6 = b0110 –> Di = 32 (from the Table 8)
The minimum delay between two characters has to be 12 etu i.e.:
Mobile phone rejects SIM Card
Time to time you have messages like “Insert SIM Card” or “SIM Card failures” even in case of SIM Card is working on another handset. After we knows the theory we can analyze the reasons. Of course it requires some tracer equipment which is able to show precise timing of signals. Personally I am using Micropross or ContactLAB tracers depending on which one is available in my team right now. :)
The principle is pretty easy. You have to check timings of signals in two directions: Mobile phone –> SIM Card and SIM Card –> Mobile phone.
Let’s take an example:
Mobile phone –> SIM Card
Below the trace for APDU in direction Mobile phone –> SIM Card:
As you remember “The delay between the leading edges of two consecutive characters shall be at least 12 etu”. In our case 12 etu is 50.04 µS. Now pay attention to the time between 2 cursors (red and blue one). It is 55.150 µS i.e. everything is working well.
You can analyze the response of the card in the same manner and check time. If it is less than 12 etu it means issue on card side which is not respecting ISO standard and vice versa if timing is wrong from mobile phone to the SIM Card issue is in mobile phone.
Et Voila!