Is GSM a blackbox in OpenMoko

Shawn Rutledge shawn.t.rutledge at
Fri Dec 14 22:32:34 CET 2007

On Dec 14, 2007 8:04 AM, Torsten Schlabach <tschlabach at> wrote:
> There is for example somthing in Bluetooth called "SIM access profile"
> which is a mean to share a SIM card over Bluetooth. This is used by some
> built-in car phones (not to mix up with simple hands-free sets, which
> just transmit the audio over the Bluetooth connection) which read the
> SIM card of the mobile in your pocket when you enter the car.
> I was looking at implementing whatever mechanism where I could host a
> SIM card that I legally own on a server and communicate with that SIM
> card over whatever network connection (WiFi if available, maybe UMTS,
> Bluetooth, ...).

If it can be done via SIM access profile, it could also be done on a
server as you suggest.  So the GSM module must provide some AT
commands to access whatever you need in order to implement SIM access
profile, right?  They probably consider that as long as the card is
"live" (actually connected to a card reader) and the exchange of
information (challenge/response) is the same as it would be if the
card were physically connected to the radio that is using it, then the
security is preserved.  The communications with the card are not
secret, but the key which the card stores is the secret, and the
communication stream does not reveal it.

So why don't you investigate how to do that?  First figure out how to
implement SIM access profile (specs for that from the Bluetooth SIG
would probably explain how.)  Then you have code which would work just
as well on a server that has a GSM module connected via serial line,
and a Bluetooth dongle for the SIM access.  (You can buy a GSM module
from SparkFun for that, and probably connect it via one of those
DLP-232 USB-to-serial cables.)  Then, maybe figure out how to do the
same communications with the SIM card, with a simple USB SIM card
reader, so that the extra GSM module is not required (since it's only
being used as a card reader, effectively).

> But as I cannot hook the communication between the GSM modem and the SIM
> card (which is some kind of serial line connection) I have no means of
> doing that.

Not directly with existing FIC hardware, but you could get out your
spectrum analyzer and monitor the communications.  But it's
cryptography... it's not meant to be easy to crack.  But if you only
want  to provide a "wireless extension cable" to the physical SIM,
that's already sanctioned.

Another idea would be to use a GSM module with an Asterisk server.
Then you could use that virtual phone from anywhere that you have
network access to reach the server.  (But then you could also buy VOIP
termination service, to virtualize it completely... so how is it
better to use GSM?)  If you wanted to use it remotely, without a
pre-existing network connection, it's a chicken/egg problem... you
need the network in order to access the SIM remotely, but you're not
going to have GPRS until you access the SIM.

More information about the device-owners mailing list