Non-Removable eSIM Spying

Test tool / Mobile test tool

Non-Removable eSIM Spying

Spy on communication between cellular modems and non-removable eSIM or iSIM.

Mobile Spy is essential for anyone in the mobile industry who needs to analyze communication between mobile handsets and SIM/USIM cards or between M2M, Consumer and IoT RSP devices and eUICC.

Overview.

Non-Removable eSIM Spying is a fully integrated module that can be added to Mobile Spy allowing you to spy between cellular modems, baseband chips etc and soldered non-removable eUICC (NRe) or integrated eSIM (iSIM) without the need to use any proprietary test hardware.

All modem communications including NRe and iSIM initialization and any eSIM profile download or management operations are fully translated in real time spying to make troubleshooting fast and easy, despite the fact that there is no direct physical access to the eSIM or iSIM interface.

Key benefits

Debug interoperability issues between cellular modems and non-removable eSIM/iSIM.
Assure quality through error detection.
Real time spying between devices using Mobile Spy’s
existing industry-leading translations.
MNO, MVNO and M2M Service providers can ensure
device-eSIM/iSIM compatibility with their profiles.
OEMs/cellular modem manufacturers and EUMs can
resolve interoperability issues between the cellular
modem and the eSIM/iSIM.

Key features

Spy on soldered non-removable eUICC (NRe) or
integrated eSIM (iSIM) without the need to use any
proprietary test hardware.
Support for Qualcomm USB Driver (QUD) - other chipsets planned.
Compatible with Mobile Spy’s existing telecoms
translations including GSMA M2M SGP.02, Consumer
eSIM SGP.22 & IoT SGP.32.

How it works.

Currently, support is available for devices with Qualcomm chipsets; however, support for other chipsets and devices is planned for the future. To begin, set up a free Qualcomm account to gain access to the Qualcomm USB Driver (QUD). Then, contact the OEM to obtain instructions on how to enable the diagnostic port on the device, which is necessary for Mobile Spy to utilize the QUD. Finally, connect the test laptop (where Mobile Spy is installed) directly to the device via USB.

What's in the box.

Hardware (depending on your choice of hardware).

SmartConnect (contact spying for 3G-5G/GSM and contactless).
SmartWave Box (contactless spying).
National Instruments Corporation (NI) MP300 SC2 ISO and SWP SPY (contact spying for 3G-5G/GSM and SWP/HCI).
NI MP300 ACL1 and Digital Antenna (contactless spying).

Specifications

Translation modules and standards supported.

Mobile Spy Core: ISO 7816 translation of the T=0 and T=1 protocols.
GSM: Translation of GSM session commands, files, SAT (SIM Application Toolkit) commands and the Bearer Independent Protocol (BIP) channel.
3G-5G: Translation of 3G-5G (W-CDMA) USIM and ISIM commands, files, BIP and GlobalPlatform Secure Element Access Control (ARA-M and PKCS#15).
CDMA: Translation of CDMA2000 commands, files and CDMA Card Application Toolkit (CCAT).
Contactless/NFC: Translation of contactless sessions against ISO 14443 (including APDUs sent over the contactless interface).
GSMA M2M eSIM SGP.02: Consumer eSIM SGP.22 and IoT eSIM SGP.32.

GSMA eSIM Decryption and translation of SMS SCP80 and TLS SCP81 in M2M sessions on ES5, ES8 and ES6 including translation of ASN.1 formatted function requests and responses in Consumer sessions on ES10x, ES6 and ES8+ and IoT sessions on ES10a, 10b, ESep and ES8+.

Card Management: Translation of GlobalPlatform commands, OTA RFM/ RAM over CAT_TP and SMS, Secured Command Packets (ETSI 102 225 and 3GPP 31.115), RAM Over HTTP (GlobalPlatform Amd. B) including Remote APDU structures (ETSI 102 226 and 3GPP 31.116), SCP02, SCP03 (GlobalPlatform Amd. D) and GSMA’s eUICC and related security protocols.
SWP: Translation of SWP communication, views for LLC and HCI layers, decoding S1 and S2 signals, HCI pipes in the timeline view.
Mobile Payment: Translation of mobile Visa payWave, Mastercard PayPass, American Express ExpressPay and Discover Contactless D-PAS applications for APDUs sent over the ISO 7816, contactless or SWP interfaces.
MIFARE: Translation of MIFARE Classic and MIFARE DESFire based messages on both contactless and SWP interfaces; with the appropriate keys, you can decrypt MIFARE messages to view tag memory.

Get your quote and further information

First name *

Last name *

Company profile *

Company name *

Phone number *

Email *

Country *

Libraries *

I consent to Fime processing and using my personal data to fulfill my request, and also agree to receive marketing communications in accordance with Fime’s Privacy Policy . I understand that I can withdraw my consent at any time either by using the “unsubscribe” option in the email I may receive, or by sending the request to Fime’s Data Protection Officer at dpo@fime.com

Payments advisory

Expert advisory

Fime Academy

Technical consulting

Hyperlab research and development

Test strategy

Compliance and risk

Operational effectiveness

Lab outsourcing

Find your solution

Fime Test Factory

Level 1

Level 2

Level 3

Open banking

Transport

Mobile

Instant Payments

Digital Identity

Find your solution

Card, terminal, mobile

Issuing

Acquiring

Physical testing

EMV 3-D Secure Test Platform

Biometrics

Digital Identity

Open banking, Sahamati

Healthcare, ABDM

Smart mobility, NCMC

Case study

Providing a 360 view across the entire ecosystem

Schemes

Retailers

Issuers

Vendors

Acquirers

Mobility actors

Case study

Blog articles

Case studies

eBooks

Podcasts

Presentations

Videos

Scientific papers

White papers

Events & webinars

News

Training services