Ady Wicaksono Daily Activities

Archive for the ‘Telco – GSM’ Category

function convert8bitTo7bit with PHP

with one comment

As per GSM 03.40 we can send up to 140 octets (8-bit data), so if we send 7-bit data (septet) we can send up to 160 7-bit ASCII characters. Few days ago I need a function to convert a string to septet hexadecimal representation with PHP without any luck. I tried googling with keyword “convert 8bit to 7bit PHP”, “convert octet to septet PHP”, and similar keyword with no luck.

So I managed to create my own function that works fine so far (hopefully) (but I don’t care if my algo is not optimal nor bad:)) below:


<?
function strToHex($string)
{
    $hex='';
    for ($i=0; $i < strlen($string); $i++)
    {
        $hex .= dechex(ord($string[$i]));
    }
    return $hex;
}
function hexToStr($hex)
{
    $string='';
    for ($i=0; $i < strlen($hex)-1; $i+=2)
    {
        $string .= chr(hexdec($hex[$i].$hex[$i+1]));
    }
    return $string;
}

function hexbin($hex){
    $bin='';
    for($i=0;$i<strlen($hex);$i++)
        $bin.=str_pad(decbin(hexdec($hex{$i})),4,'0',STR_PAD_LEFT);
       return $bin;
} 

function binhex($bin){
    $hex='';
    for($i=strlen($bin)-4;$i>=0;$i-=4)
        $hex.=dechex(bindec(substr($bin,$i,4)));
   return strrev($hex);
}

function Convert8BitTo7Bit($string){
	// Convert String to Hex first
	// E.g *135# will be converted to 2A 31 33 35 23
	$string = strToHex($string);
	// print   "STR = $string\n";
	$total = "";
	for($i = 0; $i < strlen($string); ){
		// Get 1st character string, it's 2 character hex
		$X = $string[$i++].$string[$i++];
		// Convert it to binary
		$my8bit = hexbin($X);
		//print "(8bit) ==> $my8bit\n";
		// remove left side of octet, it shall be septet
		// e.g 2A in octet is 00101010 (8 bit), remove most left 0 --> 0101010 (7 bit)
		$my7bit = substr($my8bit,1,7);
		//print "(7bit) ==>  $my7bit\n";
        // Concatenate it
		$total = $my7bit.$total;
	}
	// Padding the string
	if(strlen($total) % 8 != 0){
		$p1     = (intval((strlen($total) / 8)) + 1) *  8;
		$total  = str_pad($total,$p1,'0',STR_PAD_LEFT);
	}
	$pad   = 7;
	// Conversion begin
	for($i = strlen($total) - 1; $i >= 0 ; $i--){
		$mypad[$pad--] = $total[$i];
		if($pad < 0 || $i <= 0){
			$pad  = 7;
			$tmp1 = array_reverse($mypad);
			//print_r($tmp1);
			$tmp2 = implode($tmp1);
			$res = binhex($tmp2);
			$result .= "$res";
		}
	}
	return $result;
}


?>


To use that code, we simply call the function like this

print Convert8BitTo7Bit("*135#")."\n";

It will print “AAD8AC3602” which represent hexcode to be send on top of TP-UD GSM 03.40

Another wxample: we have 160 characters to send like below
“Test SMS content 160 characters will be displayed as 140 octets. Test SMS content 160 characters will be displayed as 140 octets.Test SMS content 160 characters”

With calling

print Convert8BitTo7Bit("Test SMS content 160 characters will be displayed as 140 octets. Test SMS content 160 characters will be displayed as 140 octets.Test SMS content 160 characters");

We get 140 octets/bytes hexadecimal code for this:


d4f29c0e9a36a7a0f1db4d2fbbe9a0980d061aa3c3f2f0985e96cf41f7349b0d129741e4f41cce0ee7cb6450780e8ad160a0f7985ea6cf5d206a794e074d9b53d0f8eda697dd7450cc06038dd16179784c2fcbe7a07b9acd0689cb20727a0e6787f36532283c07c56830d07b4c2fd3e72e6a794e074d9b53d0f8eda697dd7450cc06038dd16179784c2fcbe7

Anyway, there’s 1 thing missing here:
as per GSM 03.38

If the total number of characters to be sent equals (8n 1) where n=1,2,3 etc. then there are 7 spare bits at the end of the message. To avoid the situation where the receiving entity confuses 7 binary zero pad bits as the @ character, the carriage return or character (defined in clause 6.1.1) shall be used for padding in this situation, just as for Cell Broadcast.
If is intended to be the last character and the message (including the wanted ) ends on an octet boundary, then another must be added together with a padding bit 0. The receiving entity will perform the carriage return function twice, but this will not result in misoperation as the definition of in clause 6.1.1 is identical to the definition of .
The receiving entity shall remove the final character where the message ends on an octet boundary with as the last character.

So please fix this function and if the latest one is 0x00, replace it with 0X1A (Carriage Return) 😉

Advertisements

Written by adywicaksono

December 24, 2009 at 4:24 pm

Sending USSD Proactive Command on Javacard

with 4 comments

First at all, take a look at below Send USSD APDU Proactive Command:

|---[:] COMMAND DETAILS
|---[:] Command Number: 01
|---[:] Command Type: Send USSD
|---[:] Command Qualifier: RFU ==> value: 00
|---[:] DEVICE IDENTITIES
|---[:] Source Device: SIM Card
|---[:] Destination Device: Network
|---[:] ALPHA IDENTIFIER
|---[:] Sending your request
|---[:] USSD STRING: 0F AA 58 6C 36 02
|---[:] Card Status: 90 00
\---[:] Raw data: D027810301120082028183851453656E64696E6720796F757220726571756573748A060FAA586C36029000

This is example of APDU for Send USSD Proactive Command on javacard with USSD string *113#.
The code for sending is very simple:

ProHdlr.init((byte)PRO_CMD_SEND_USSD,(byte)0x00,(byte)DEV_ID_NETWORK);
ProHdlr.appendTLV(TAG_ALPHA_IDENTIFIER, USSD_TITLE_EN,(short)0x00,(short)USSD_TITLE_EN.length);
ProHdlr.appendTLV((byte)(TAG_USSD_STRING), USSDBuffer, (short)0x01, (short)f);
ProHdlr.send();

Where ProHdlr is ProactiveHandler, USSD_TITLE_EN is static byte for alpha identifier to be used
during sending the USSD request, USSDBuffer is buffer for USSD string, f is length of data of USSD string.

The most important thing here is that USSD string consist of:
1. Data Encoding Scheme (which most probably use 0x0F)
2. USSD string itself, which must be 7-bit encoded just like normal 7bit SMS.

E.g we have assigned below *113#

byte lenUSSDBuffer = (byte)0x01;
USSDBuffer[(byte)lenUSSDBuffer++] = (byte)0x0F; // Data encoding scheme
USSDBuffer[(byte)lenUSSDBuffer++] = (byte)'*';
USSDBuffer[(byte)lenUSSDBuffer++] = (byte)'1';
USSDBuffer[(byte)lenUSSDBuffer++] = (byte)'1';
USSDBuffer[(byte)lenUSSDBuffer++] = (byte)'3';
USSDBuffer[(byte)lenUSSDBuffer] = (byte)'#';

*113# will become 0xAA 0x58 0x6C 0x36 0x02 once we code it in 7-bit encoding rule (see TS 23.038).
0x0F is encoding scheme which follow standard encoding scheme for Cell Broadcast (see TS 23.038).
0x0F means GSM 7 bit default alphabet – language unspecified.

Good luck with your USSD !

Written by adywicaksono

December 6, 2009 at 11:52 am

Posted in SmartCard, Telco - GSM

Setup Call – APDU, Call Control by SIM, Call Connected Event

leave a comment »

From UICC, it send below APDU (e.g calling +6611555678111 – it’s fake number dude)

============================================================

|—[:] COMMAND DETAILS
|—[:] Command Number: 01
|—[:] Command Type: Set Up Call
|—[:] Command Qualifier: Set up call, but only if not currently busy on another call, with redial
|—[:] DEVICE IDENTITIES
|—[:] Source Device identity: UICC
|—[:] Destination Device identity: Network
|—[:] ALPHA IDENTIFIER
|—[:] Alpha identifier details Calling…
|—[:] ADDRESS
|—[:] Type-OF-Number: International number
|—[:] Numbering-Plan-Identification: ISDN/telephony numbering plan (‘The internationalpublic telecommunication numbering plan’ and E.163 recommandation)
|—[:] Dialling number: 66 15 55 67 81 11
|—[:] Card Status: 90 00
\—[:] Raw data: D01E010301100102028183050A43616C6C696E672E2E2E0607916651557618119000
============================================================

If you already register for Call Control by SIM, then below envelope data will be available to
your SIM java applet first

============================================================
[+] APDU Command: ENVELOPE – Call control
|—[:] DEVICE IDENTITIES
|—[:] Source Device identity: Terminal
|—[:] Destination Device identity: UICC
|—[:] ADDRESS
|—[:] Type-OF-Number: International number
|—[:] Numbering-Plan-Identification: ISDN/telephony numbering plan (‘The internationalpublic telecommunication numbering plan’ and E.163 recommandation)
|—[:] Dialling number: 66 15 55 67 81 11
|—[:] CAPABILITY CONFIGURATION PARAMETERS
|—[:] 06 60 04 02 00 05 81
|—[:] LOCATION INFORMATION
|—[:] Mobile Country & Network Codes(MCC & MNC): XX XX XX
|—[:] Location Area Code(LAC): 01 96
|—[:] Cell Identity Value(Cell ID): 13 A9
|—[:] Header: 80C2000021
\—[:] Data: D41F020282810607916651557618110707066004020005811307XXXXXX019613A9
============================================================

Sorry I remove MCC/MNC information 🙂

Once it’s allowed by SIM (by Call Control by SIM envelope command), then terminal/handset
will start calling

============================================================
[+] APDU Command: TERMINAL RESPONSE
|—[:] COMMAND DETAILS
|—[:] Command Number: 01
|—[:] Command Type: Set Up Call
|—[:] Command Qualifier: Set up call, but only if not currently busy on another call, with redial
|—[:] DEVICE IDENTITIES
|—[:] Source Device identity: Terminal
|—[:] Destination Device identity: UICC
|—[:] RESULT
|—[:] RESULT DETAILS : Command performed successfully
|—[:] Header: 801400000C
\—[:] Data: 010301100102028281030100
============================================================

Once connected and you register for Call Connected Event, below event will be available to your card applet
============================================================
[+] APDU Command: ENVELOPE – Event download
|—[:] EVENT LIST
|—[:] Event list detail: Call connected
|—[:] DEVICE IDENTITIES
|—[:] Source Device identity: Network
|—[:] Destination Device identity: UICC
|—[:] TRANSACTION IDENTIFIER
|—[:] List :
|—[:] Transaction Identifier 1
|—[:] TI Flag is true TI Value : 268435448
|—[:] Header: 80C200000C
\—[:] Data: D60A190101020283811C0180
============================================================

Once finished and call disconnected, below event will be available
============================================================
[+] APDU Command: ENVELOPE – Event download
|—[:] EVENT LIST
|—[:] Event list detail: Call disconnected
|—[:] DEVICE IDENTITIES
|—[:] Source Device identity: Terminal
|—[:] Destination Device identity: UICC
|—[:] TRANSACTION IDENTIFIER
|—[:] List :
|—[:] Transaction Identifier 1
|—[:] TI Flag is false TI Value : 0
|—[:] CAUSE E0 90
|—[:] Header: 80C2000010
\—[:] Data: D60E190102020282811C01001A02E090
============================================================

Written by adywicaksono

September 7, 2009 at 11:19 am

Posted in SmartCard, Telco - GSM

Provide Local Information – IMEI APDU

leave a comment »

From UICC to Handset:
——————————————————————————–
[+] APDU
|—[:] COMMAND DETAILS
|—[:] Command Number: 01
|—[:] Command Type: Provide Local Information
|—[:] Command Qualifier: IMEI of the terminal
|—[:] DEVICE IDENTITIES
|—[:] Source Device identity: UICC
|—[:] Destination Device identity: Terminal
|—[:] Card Status: 90 00
\—[:] Raw data: D0098103012601820281829000

Handset Response to UICC:
——————————————————————————–
[+] APDU Command
|—[:] COMMAND DETAILS
|—[:] Command Number: 01
|—[:] Command Type: Provide Local Information
|—[:] Command Qualifier: IMEI of the terminal
|—[:] DEVICE IDENTITIES
|—[:] Source Device identity: Terminal
|—[:] Destination Device identity: UICC
|—[:] RESULT
|—[:] RESULT DETAILS : Command performed successfully
|—[:] IMEI: 3A 45 02 03 03 18 38 00
|—[:] Header: 8014000016
\—[:] Data: 81030126010202828103010014083A4502030318xxxx

We get IMEI 3A 45 02 03 03 18 xx xx, sorry I override 2 latest byte

Written by adywicaksono

September 7, 2009 at 9:36 am

Posted in SmartCard, Telco - GSM

Terminal Profile APDU

leave a comment »

Hi Javacard developer, this is for your reference on Terminal Profile APDU (in this case is Nokia N86 8MP)

[+] APDU Command: TERMINAL PROFILE
|—[:] First byte (Download)
|—[:] *Call Control send by NAA
|—[:] *Reserved by 3GPP (USSD string data object support in Call Control by USIM)
|—[:] *Timer expiration
|—[:] *Reserved by 3GPP (SMS-PP data download)
|—[:] *Menu Selection
|—[:] *Reserved by 3GPP (Cell Broadcast Data Download)
|—[:] *Reserved by 3GPP (SMS-PP data download)
|—[:] *Profile Download
|—[:] Second byte (Other)
|—[:] *Display Text
|—[:] *UCS2 Display supported
|—[:] *UCS2 Entry supported
|—[:] *Call Control by NAA
|—[:] *Reserved by 3GPP (MO Short message control)
|—[:] *Call Control by NAA
|—[:] *Call Control by NAA
|—[:] *Command Result
|—[:] Third byte (Proactive UICC)
|—[:] *Proactive UICC : REFRESH
|—[:] *Proactive UICC : POLLING OFF
|—[:] *Proactive UICC : POLL INTERVAL
|—[:] *Proactive UICC : PLAY TONE
|—[:] *Proactive UICC : MORE TIME
|—[:] *Proactive UICC : GET INPUT
|—[:] *Proactive UICC : GET INKEY
|—[:] *Proactive UICC : DISPLAY TEXT
|—[:] Fourth byte (Proactive UICC)
|—[:] *Proactive UICC : PROVIDE LOCAL INFORMATION (NMR)
|—[:] *Proactive UICC : PROVIDE LOCAL INFORMATION (MCC, MNC, LAC, Cell ID & IMEI)
|—[:] *Proactive UICC : SET UP MENU
|—[:] *Proactive UICC : SET UP CALL
|—[:] *Proactive UICC : Reserved by 3GPP (SEND USSD)
|—[:] *Proactive UICC : Reserved by 3GPP (SEND SS)
|—[:] *Proactive UICC : Reserved by 3GPP (SEND SHORT MESSAGE with 3GPP-SMS-TPDU)
|—[:] *Proactive UICC : SELECT ITEM
|—[:] Fifth byte (Event driven information)
|—[:] *Event : Idle screen available
|—[:] *Event : User activity
|—[:] *Event : Location status
|—[:] *Event : Call disconnected
|—[:] *Event : Call connected
|—[:] *Event : MT CALL
|—[:] *Proactive UICC : SET UP EVENT LIST
|—[:] Sixth byte (Event driven information extensions)
|—[:] *Event : Channel status
|—[:] *Event : Data available
|—[:] *Event : Browser termination
|—[:] *Event : Language selection
|—[:] Eighth byte (Proactive UICC)
|—[:] *Call Control by NAA
|—[:] *SETUP CALL
|—[:] *SET UP IDLE MODE TEXT
|—[:] *GET INKEY
|—[:] *Proactive UICC : PROVIDE LOCAL INFORMATION(date, time and time zone)
|—[:] *Proactive UICC : TIMER MANAGEMENT (get current value)
|—[:] *Proactive UICC : TIMER MANAGEMENT(start, stop)
|—[:] Ninth byte
|—[:] *Proactive UICC : LAUNCH BROWSER
|—[:] *Proactive UICC : LANGUAGE NOTIFICATION
|—[:] *Proactive UICC : Reserved by 3 GPP (PROVIDE LOCAL INFORMATION, Timing Advance)
|—[:] *Proactive UICC : PROVIDE LOCAL INFORMATION (language)
|—[:] *Proactive UICC : PROVIDE LOCAL INFORMATION (NMR)
|—[:] *SEND DTMF command
|—[:] *DISPLAY TEXT
|—[:] Twelfth byte
|—[:] *Proactive UICC : GET CHANNEL STATUS
|—[:] *Proactive UICC : SEND DATA
|—[:] *Proactive UICC : RECEIVE DATA
|—[:] *Proactive UICC : CLOSE CHANNEL
|—[:] *Proactive UICC : OPEN CHANNEL
|—[:] Thirteenth byte
|—[:] *GPRS
|—[:] *Number of channels supported by terminal 7
|—[:] Fourteenth byte (Screen height)
|—[:] *Screen sizing Parameters supported
|—[:] *Number of characters supported down the terminal 5
|—[:] Fifteenth byte (Screen width)
|—[:] *Number of characters supported across the terminal display : 15
|—[:] Seventeenth byte
|—[:] *UDP
|—[:] *TCP
|—[:] Twenty-first byte (Extented Launch Browser Capability)
|—[:] *CHTML
|—[:] *HTML
|—[:] *XHTML
|—[:] *WML
|—[:] Additional Profile Data In: 00
|—[:] Header: 8010000017
\—[:] Data: FFFFFFFF7F0F00DF7F00001FE2850F00030000000F0000

Written by adywicaksono

September 7, 2009 at 9:01 am

Posted in SmartCard, Telco - GSM

Launch Browser APDU

leave a comment »

Launch Browser APDU

Hi Javacard developer, this is for your reference on Launch browser APDU

|—[:] COMMAND DETAILS
|—[:] Command Number: 01
|—[:] Command Type: Launch browser
|—[:] Command Qualifier: Launch browser if not already launched
|—[:] DEVICE IDENTITIES
|—[:] Source Device identity: UICC
|—[:] Destination Device identity: Display
|—[:] URL: 78 78 78 78 78 78 78 2e 78 78 2e 78 78
|—[:] Card Status: 90 00
\—[:] Raw data: D018010301150002028102310D787878787878782e78782e78789000

URL is 78 78 78 78 78 78 78 2e 78 78 2e 78 78 (xxxxxxx.xx.xx)

Written by adywicaksono

September 7, 2009 at 8:59 am

Posted in SmartCard, Telco - GSM

Lock/Unlock Javacard Applet

leave a comment »

Sometime we need to disable a javacard applet inside the SIMCard without remove it.
Once disabled, later we may want to activate it again. Global Platform spec define
a way to do this.

Let say we have javacard application with AID A00000001840840000, to lock it simply
this command through GSM 03.48 envelope command to SIMcard:

80F0408309A00000001840840000

Meanwhile, once locked/disabled, simply send this GP command to enable it:

80F0400309A00000001840840000

Detail:
0x80: CLA
0xF0: INS for SET STATUS command
0x40: To indicate that this is a javacard applet application
0x83: Set to locked meanwhile 0x03: set to unlocked (state: SELECTABLE)
0x09: Length of AID to disabled/enabled is 9 bytes
A00000001840840000: this is the AID of applet

Written by adywicaksono

October 30, 2008 at 10:13 am