commit 4bcc023be75b747384f6e3635ef7696948838cdf
author Christina Quast <chrysh.ng+git@gmail.com> Tue Mar 24 21:59:32 2015 +0100
committer Christina Quast <chrysh.ng+git@gmail.com> Tue Mar 24 21:59:32 2015 +0100
tree 67f2a87a35999d97705abdd1fdb13da3e5e4e460
parent 5134fb6f536f6a621224bf971c9238c070638e08

Phone hack: endless loop

Motorola seems to be in an endless loop?
In any case, it only shows the motorola logo and does not react to
pressing the power button.

usb_application/phone.py

diff --git a/usb_application/phone.py b/usb_application/phone.py
index 72ad54f..121f37e 100755
--- a/usb_application/phone.py
+++ b/usb_application/phone.py
@@ -20,7 +20,12 @@
 # phone ? sim : 00 (??)
 
 # SuperSIM ATR
-atr= [0x3B, 0x9A, 0x94, 0x00, 0x92, 0x02, 0x75, 0x93, 0x11, 0x00, 0x01, 0x02, 0x02, 0x19]
+# atr= [0x3B, 0x9A, 0x94, 0x00, 0x92, 0x02, 0x75, 0x93, 0x11, 0x00, 0x01, 0x02, 0x02, 0x19]
+
+# Faster sysmocom SIM
+#atr = [0x3B, 0x99, 0x18, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60]
+atr = [0x3B, 0x99, 0x11, 0x00, 0x11, 0x88, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x60]
+
 RESP_OK = [0x60, 0x00]
 
 def find_dev():
@@ -66,7 +71,8 @@
 
 def handle_wait_rst(dev):
     # ATR handling
-    arr = dev.read(0x83, 64, 1000)    # Notification endpoint
+    print("Handle ATR")
+    arr = dev.read(0x83, 64, 300)    # Notification endpoint
 #    print("arr: ", arr)
     c=arr.pop()
 #    print(c)
@@ -74,8 +80,8 @@
     if c == ord('R'):
         # We received a Reset, so we send ATR
         written = dev.write(0x1, atr, 1000)
-#        print("Written data: ")
-#        print(written)
+        print("Written ATR of size: ")
+        print(written)
         state = WAIT_CMD;
     return state
 
@@ -86,13 +92,17 @@
     print("Received request!: ")
     print("".join("%02x " % b for b in cmd))
 
-    send_response(dev, cmd);
-    return WAIT_CMD
+    return send_response(dev, cmd);
 
 handle_msg_funcs = { WAIT_RST: handle_wait_rst,
                         WAIT_CMD: handle_wait_cmd }
 
 def handle_phone_request(dev, state):
+    if state == WAIT_CMD:
+        try:
+            state = handle_msg_funcs[WAIT_RST](dev)
+        except usb.USBError as e:
+            print e
     state = handle_msg_funcs[state](dev)
     return state
 
@@ -100,6 +110,7 @@
 
 def send_response(dev, cmd):
 # FIXME: We could get data of length 5 as well! Implement another distinct criteria!
+    state = WAIT_CMD
     if len(cmd) == 5:         # Received cmd from phone
         if cmd[INS] == 0xA4:
             resp = [cmd[INS]]       # Respond with INS byte
@@ -112,6 +123,8 @@
                     0x83, 0x8A]
             SW = [0x90, 0x00]
             resp = [cmd[INS]] + data + SW       # Respond with INS byte
+            #resp = SW       # Respond with INS byte
+            state = WAIT_RST
         else:
             print("Unknown cmd")
             resp = [0x60, 0x00]
@@ -128,7 +141,8 @@
     print("Cmd, resp: ")
     print("".join("%02x " % b for b in cmd))
     print("".join("%02x " % b for b in resp))
-
+        
+    return state
 
 def emulate_sim():
     dev = find_dev()