SLE4442 Smart Card adapter (KF-011C)

I successfully used the tree command this morning to get the SIM file structure. I had to tweak pysim to not look for the echo of its own commands.

I modded the firmware to stop status line

The design of the phoenix interface means that whatever it sends gets seen by the receive side. This is probably deliberate so if the card starts sending it is seen. Especially as ignoring a failed command can be dodgy, e.g. you send equivalent of cd to card to select a file and then read or write.

I am away from desk for a couple of days so can not post any details. My copy of pysim is on GitHub GitHub - LawrenceK/pysim: A python tool to explore and program SIMs / USIMs / ISIMs. Mirror of if any one else wants to play.

1 Like
    //printf("stop bit: %d parity bit: %d data bits: %d\n", hwuart_stop_bits, hwuart_parity, hwuart_data_bits);
    pio_sm_set_enabled(pio, sm, false); //pause the RX state machine? maybe just discard the byte?
    pio_sm_put_blocking(pio, sm-1, data);
    pio_hwuart_wait_idle(pio, sm-1);//wait for the TX state machine to finish
    pio_sm_set_enabled(pio, sm, true); //enable the RX state machine again

I looked into the local echo. It should be disabling the RX during TX. I don’t get any local echo when I type into bridge mode. Do you think it is coming from the Bus Pirate? It’s completely possible, but I couldn’t reproduce it.

Have a good away from keyboard.

No the buspirate is not echoing the characters being sent to the SIM card. An old fashioned serial interface phoenix adaptor does echo, due to the minimal electronicss interface. So pysim expects the echo… it is not really a buspirate problem, but a tweak to pysim.

If you look in this schematic you will see the interface to pin7 of SIM will basically loop back the data out to the input

Should I add a flag for that as well? Echo back to maintain compatibility? Seems like many half duplex situations might expect that as well.

If it is minimal code I would say yes.

Two lines probably. I’ll add it as the default with an override flag.

Added -s flag to suppress local echo, local echo is enabled by default because thus far 100% of apps expect that :slight_smile:

1 Like

Great that now works out of the box…

I have yet to get a macro file onto the buspirate but this is the output from pySim-shell for those who wan to use Ians smartcard/sim adaaptors to explore random sim cards.

lawrence@dell7520:~/git/pysim$ ./ --device /dev/buspirate-text --baud 9600
No reader/driver specified; falling back to default (Serial reader)
Using reader serial:/dev/buspirate-text
Waiting for card…
Info: Card is of type: UICC
Detected UICC Add-on “SIM”
AIDs on card:
USIM: a0000000871002ff49ff0589 (EF.DIR)
ADF.ISD: a000000003000000
Welcome to pySim-shell!
(C) 2021-2023 by Harald Welte, sysmocom - s.f.m.c. GmbH and contributors
Online manual available at pySim-shell — osmopysim-usermanual documentation
pySIM-shell (00:MF)> tree
DF.GSM 7f20 GSM Network related files
EF.LP 6f05 Language Preference
EF.Kc 6f20 Ciphering key Kc
EF.PLMNsel 6f30 PLMN selector
EF.HPPLMN 6f31 Higher Priority PLMN search period
EF.ACMmax 6f37 ACM maximum value
EF.SST 6f38 SIM service table
EF.ACM 6f39 Accumulated call meter

This was my attempt at a mcro file to set it up, note that one step says no to existing setup of the mode,
sc.txt (250 Bytes)

1 Like

I just don’t get it. It’s still not working. I used the sc.txt setup. Before I type bridge, I type:

a 2 
@ 2

And I get
HDPLXUART> 0x3b 0x3d 0x95 0x00 0x80 0x67 0xaf 0x03 0x0f 0x01 0x7c 0x06 0x0e 0x83 0x3e 0x9f 0x16

So that works.
But I type “bridge -s” and try Lawrence’s pySim code and type

./ -b 9600 -d /dev/buspirate-binary

And I get card not found


Full output:

problem.txt (3.0 KB)

And when I press the button, I get the 0x3b sequence displayed.

Linux Ubuntu 22.04 LTS
I’ve used both screen and tio to connect.
Output of the “i” command follows:
Something is different.


This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

Bus Pirate 5 REV10
Firmware main branch (2024-04-25T10:18:08Z)
RP2040 with 264KB RAM, 128Mbit FLASH
S/N: 32104F0B33CC62E4
Storage:   0.10GB (FAT16 File System)

Configuration file: Loaded
Active mode: 
Display format: Auto
Data format: 8 bits, LSB bitorder
Pull-up resistors: OFF
Power supply: ON (3.2V/3.29V)
Current limit: OK (6.4mA/0.0mA)
Frequency generators:  
IO1: 3.571MHz, 50.00% duty cycle

1.Vout  2.IO0   3.IO1   4.IO2   5.IO3   6.IO4   7.IO5   8.IO6   9.IO7   10.GND  
6.4mA   RXTX    PWM     -       -       -       -       -       -       GND
3.3V    2.7V    3.6M    2.7V    0.0V    0.0V    0.0V    0.0V    0.0V    GND

Maybe the latest without the -s? A lot of breaking changes happened without coordination.

With the latest update to the buspirate firmware I reverted to the stock copy of pysim from osmocom, master branch no local edits.

Because buspirate in bridge mode with no options just works…

So configure the buspirate into bridge mode (half duplex 9600 etc. ) AND exit what ever terminal program connected to the buspirate and then run pysim.

That was my mistake. I have to (1) use bridge, not bridge -s", (2) I have to use the ASCII port (/dev/ttyACM0) and not the binary port, and (3) I have to disconnect my terminal program from the BusPirate (I used Control-t q with tio). . However, I’m having trouble with the Sle4442 cards. I have a TMobile SIM card that works :slight_smile:

pySIM-shell (no card)> equip
Waiting for card...
Info: Card is of type: SIM
pySIM-shell (00:MF)> cardinfo
Card info:
 Name: SIM
 ATR: 3b3d95008067af030f017c060e833e9f16
 ICCID: None
 Class-Byte: a0
 Select-Ctrl: 0000
pySIM-shell (00:MF)>
  • but that’s a different connection… Let me see if I can find a bad joint.

I am not using one of Ian’s interface adaptors. I soldered a SIM card socket I had lying around to an soic to dip adaptor PCB. 5 connections, gnd, vcc/vpp, clock, data, reset.

If you are successfully seeing ATR but it fails after that, that can only be data going to the SIM card. After the ATR all data from SIM card is in response to requests to the SIM card.

I need one of these in a bad way. Do you have any boards left? DM me and i can pay for any if you do. @ian @Bus-Pirate

1 Like

Not sure what platform you are on, Linux,windows,macos.

Can you check that the port had not come up with flow control enabled. I deliberately exit from minicom WITHOUT resetting the serial port. On Linux stty -F /dev/buspirate-text will display current configuration…

If serial configured for flow control this could explain why SIM not getting request for data.


Ubuntu 22.04 LTS
This is what I have.

stty -F /dev/buspirate-text
speed 9600 baud; line = 0;
min = 0; time = 0;
-brkint -icrnl -imaxbel
-opost -onlcr
-isig -icanon -iexten -echo -echoe -echok -echoctl -echoke

Does the utility support SLE4442? It’s a totally different bus and it would need to use the half duplex UART mode

Sorry, two wire mode with reset.

Ah no its a simcard utility. Just had to quickly look up SLE4442, they are memory cards. Sim cards have a processor on them (stating the obvious) so the utility is talking to the interface that the on card system exposes to the internals. Lots of standards.

The Mini socket works, but not the nano nor the full-size card.
I can’t test the micro card - as I don;t have a SIM of that size.

The Mini SIM cards I have are very old - so perhaps these work with the utility. The Nano is a modern SIM - so perhaps this explains why I can’t use pySym-shell test the card. Thanks for the clarification. I was growing very frustrated.