SIMulator: SIM Tracing on a (Pico-)Budget

TL;DR

This paper demonstrates that full SIM tracing can be achieved using low-cost, simple hardware like Raspberry Pi Pico, making cellular network research more accessible and affordable.

Contribution

It introduces a novel, low-cost method for SIM tracing using microcontrollers, reducing hardware complexity and costs compared to traditional specialized equipment.

Findings

Achieved full SIM tracing with Raspberry Pi Pico and UART interfaces.

Reduced hardware complexity by electrically decoupling SIM and modem.

Made SIM tracing accessible to broader research and hobbyist communities.

Abstract

SIM tracing -- the ability to inspect, modify, and relay communication between a SIM card and modem -- has become a significant technique in cellular network research. It enables essential security- and development-related applications such as fuzzing communication interfaces, extracting session keys, monitoring hidden SIM activity (e.g., proactive SIM commands or over-the-air updates), and facilitating scalable, distributed measurement platforms through SIM reuse. Traditionally, achieving these capabilities has relied on specialized hardware, which can pose financial and logistical burdens for researchers, particularly those new to the field. In this work, we show that full SIM tracing functionality can be achieved using only simple, widely available components, such as UART interfaces and GPIO ports. We port these capabilities to low-cost microcontrollers, exemplified by the Raspberry Pi Pico (4~USD). Unlike other approaches, it dramatically reduces hardware complexity by electrically decoupling the SIM and the modem and only transferring on APDU level. By significantly reducing hardware requirements and associated costs, we aim to make SIM tracing techniques accessible to a broader community of researchers and hobbyists, fostering wider exploration and experimentation in cellular network research.