【准备工作】 采用特定手段切出diag口,连接qxdm抓取日志,然后放到QCAT中过滤,0x1987 log id,另存为txt作为后续分析的输入。 如下图是IPhone 13的日志示例, 搜索 Slot Id 的所有字段,可以看到这个log中包含了两个卡槽的日志。其中 slot_2为eSIM, slot_1是实体SIM。
image.png (70.73 KB, 下载次数: 0)
下载附件
2025-6-21 13:55 上传
我们重点关注的是Slot2的数据,所以需要制作一个工具将两个卡槽的日志进行分类整理。并且将其中关键的数据交互提取出来。 【算法设计过程】 程序设计思路如下:(1)采用Slot Id = SLOT_1 和 Slot Id = SLOT_2作为过滤不同卡槽日志的关键词 (2) 根据ETSI TS 102 221 V17.4.0协议找到对应命令字节转换为相应的命令含义, 在日志中找到5字节长度的command APDU, 取出第二个字节作为Command(协议称为 Instruction) 字节,这个字节代表了此命令的含义。 比如E2就是”STORE DATA”指令
image.png (34.49 KB, 下载次数: 0)
下载附件
2025-6-21 13:56 上传
根据协议将常用的字节指令用python 字典翻译如下:
image.png (161.11 KB, 下载次数: 0)
下载附件
2025-6-21 13:56 上传
image.png (38.06 KB, 下载次数: 0)
下载附件
2025-6-21 13:57 上传
将直到遇到下一个已知指令之前的所有RX和TX交互过程进行整合为一个Session. 核心代码如下:
image.png (85.27 KB, 下载次数: 0)
下载附件
2025-6-21 13:57 上传
image.png (84.71 KB, 下载次数: 0)
下载附件
2025-6-21 13:58 上传
image.png (78.94 KB, 下载次数: 0)
下载附件
2025-6-21 13:58 上传
对于常见的文件单元内容进行解析, 示例如下:
image.png (93.14 KB, 下载次数: 0)
下载附件
2025-6-21 13:58 上传
image.png (147.54 KB, 下载次数: 0)
下载附件
2025-6-21 13:59 上传
【实际验证】 加载之前存储人IPhone13的eSIM进行OTA的过程如下,可以看到基本的分析过程和下载的eSIM关键参数:从工具分析来看,前面有一系列的数据下载过程STORE DATA. 随后就是按照UICC的APDU协议进行从参数的更新。
image.png (80.61 KB, 下载次数: 0)
下载附件
2025-6-21 13:59 上传
以Terminal Profile为例,点击 Terminal Profile,我们可以看到终端向eSIM发送的数据如红色圈所示:
image.png (51.26 KB, 下载次数: 0)
下载附件
2025-6-21 14:01 上传
80 10 00 00 2D FF FF FF FF 7F 9D 00 DF BF 00 00 1F E2 00 00 00 C3 F0 00 07 00 01 68 00 51 01 00 00 00 08 02 80 07 70 06 03 00 00 00 00 00 00 00 00 A0 将红圈的部分拷贝出来,放到更专业的SIM APDU解码器中进行解码,可以解码出此款手机的支持对于SIM卡方面功能的支持能力如下. 这就相当于破解出了针对这张eSIM的话,手机都支持什么能力。
1000 .... = Class Coding: ETSI TS 102.221 (0x8)
.... 00.. = Secure Messaging Indication: No SM used between terminal and card (0x0)
.... ..00 = Logical Channel number: 0
Instruction: TERMINAL PROFILE (0x10)
Terminal Profile Byte 1 (Download): 0xff, Profile Download, SMS-PP Data Download, CB Data Download, Menu Selection, SMS-PP data download is supported, Timer expiration, Call Control by USIM is supported, Call Control by USIM is supported
.... ...1 = Profile Download: Supported
.... ..1. = SMS-PP Data Download: Supported
.... .1.. = CB Data Download: Supported
.... 1... = Menu Selection: Supported
...1 .... = SMS-PP data download is supported: Yes
..1. .... = Timer expiration: Supported
.1.. .... = Call Control by USIM is supported: Yes
1... .... = Call Control by USIM is supported: Yes
Terminal Profile Byte 2 (Other): 0xff, Command result, Call Control by USIM, Call Control by USIM is supported, MO SMS control by SIM, Call Control by USIM is supported, UCS2 Entry, UCS2 Display, Display of Extension Text
.... ...1 = Command result: Supported
.... ..1. = Call Control by USIM: Supported
.... .1.. = Call Control by USIM is supported: Yes
.... 1... = MO SMS control by SIM: Supported
...1 .... = Call Control by USIM is supported: Yes
..1. .... = UCS2 Entry: Supported
.1.. .... = UCS2 Display: Supported
1... .... = Display of Extension Text: Supported
Terminal Profile Byte 3 (Proactive SIM): 0xff, Proactive SIM: DISPLAY TEXT, Proactive SIM: GET INKEY, Proactive SIM: GET INPUT, Proactive SIM: MORE TIME, Proactive SIM: PLAY TONE, Proactive SIM: POLL INTERVAL, Proactive SIM: POLLING OFF
.... ...1 = Proactive SIM: DISPLAY TEXT: Supported
.... ..1. = Proactive SIM: GET INKEY: Supported
.... .1.. = Proactive SIM: GET INPUT: Supported
.... 1... = Proactive SIM: MORE TIME: Supported
...1 .... = Proactive SIM: PLAY TONE: Supported
..1. .... = Proactive SIM: POLL INTERVAL: Supported
.1.. .... = Proactive SIM: POLLING OFF: Supported
1... .... = Proactive SIM: REFRESH: Supported
[鈥Terminal Profile Byte 4 (Proactive SIM): 0xff, Proactive SIM: SELECT ITEM, Proactive SIM: SEND SHORT MESSAGE, Proactive SIM: SEND SS, Proactive SIM: SEND USSD, Proactive SIM: SET UP CALL, Proactive SIM: SET UP MENU, Proactive SIM: PR
.... ...1 = Proactive SIM: SELECT ITEM: Supported
.... ..1. = Proactive SIM: SEND SHORT MESSAGE: Supported
.... .1.. = Proactive SIM: SEND SS: Supported
.... 1... = Proactive SIM: SEND USSD: Supported
...1 .... = Proactive SIM: SET UP CALL: Supported
..1. .... = Proactive SIM: SET UP MENU: Supported
.1.. .... = Proactive SIM: PROVIDE LOCAL INFORMATION: Supported
1... .... = Proactive SIM: PROVIDE LOCAL INFORMATION (NMR): Supported
Terminal Profile Byte 5 (Event driven information): 0x7f, Proactive SIM: SET UP EVENT LIST, Event: MT call, Event: Call connected, Event: Call disconnected, Event: Location status, Event: User activity, Event: Idle screen available
.... ...1 = Proactive SIM: SET UP EVENT LIST: Supported
.... ..1. = Event: MT call: Supported
.... .1.. = Event: Call connected: Supported
.... 1... = Event: Call disconnected: Supported
...1 .... = Event: Location status: Supported
..1. .... = Event: User activity: Supported
.1.. .... = Event: Idle screen available: Supported
0... .... = Event: Card reader status: Not supported
Terminal Profile Byte 6 (Event driven information extension): 0x9d, Event: Language Selection, Event: Data Available, Event: Channel Status, Event: Access Technology Change, Event: Network Search Mode Change
.... ...1 = Event: Language Selection: Supported
.... ..0. = Event: Browser Termination: Not supported
.... .1.. = Event: Data Available: Supported
.... 1... = Event: Channel Status: Supported
...1 .... = Event: Access Technology Change: Supported
..0. .... = Event: Display parameters changed: Not supported
.0.. .... = Event: Local Connection: Not supported
1... .... = Event: Network Search Mode Change: Supported
Terminal Profile Byte 7 (Multiple card proactive commands): 0x00
.... ...0 = Proactive SIM: POWER ON CARD: Not supported
.... ..0. = Proactive SIM: POWER OFF CARD: Not supported
.... .0.. = Proactive SIM: PERFORM CARD APDU: Not supported
.... 0... = Proactive SIM: GET READER STATUS (status): Not supported
...0 .... = Proactive SIM: GET READER STATUS (identifier): Not supported
000. .... = RFU: 0x0
[鈥Terminal Profile Byte 8 (Proactive SIM): 0xdf, Proactive SIM: TIMER MANAGEMENT (start, stop), Proactive SIM: TIMER MANAGEMENT (get current value), Proactive SIM: PROVIDE LOCAL INFORMATION (date, time, tz), Proactive SIM: GET INKEY, P
.... ...1 = Proactive SIM: TIMER MANAGEMENT (start, stop): Supported
.... ..1. = Proactive SIM: TIMER MANAGEMENT (get current value): Supported
.... .1.. = Proactive SIM: PROVIDE LOCAL INFORMATION (date, time, tz): Supported
.... 1... = Proactive SIM: GET INKEY: Supported
...1 .... = Proactive SIM: SET UP IDLE MODE TEXT: Supported
..0. .... = Proactive SIM: RUN AT COMMAND: Not supported
.1.. .... = Proactive SIM: SETUP CALL: Supported
1... .... = Proactive SIM: Call Control by USIM is supported: Yes
[鈥Terminal Profile Byte 9: 0xbf, DISPLAY TEXT, SEND DTMF command, Proactive SIM: PROVIDE LOCAL INFORMATION (NMR), Proactive SIM: PROVIDE LOCAL INFORMATION (language), Proactive SIM: PROVIDE LOCAL INFORMATION (Timing Advance), Proactive
.... ...1 = DISPLAY TEXT: Supported
.... ..1. = SEND DTMF command: Supported
.... .1.. = Proactive SIM: PROVIDE LOCAL INFORMATION (NMR): Supported
.... 1... = Proactive SIM: PROVIDE LOCAL INFORMATION (language): Supported
...1 .... = Proactive SIM: PROVIDE LOCAL INFORMATION (Timing Advance): Supported
..1. .... = Proactive SIM: LANGUAGE NOTIFICATION: Supported
.0.. .... = Proactive SIM: LAUNCH BROWSER: Not supported
1... .... = Proactive SIM: PROVIDE LOCAL INFORMATION (Access Technology): Supported
Terminal Profile Byte 10 (Soft keys support): 0x00
.... ...0 = Soft keys support for SELECT ITEM: Not supported
.... ..0. = Soft Keys support for SET UP MENU: Not supported
0000 00.. = RFU: 0x00
Terminal Profile Byte 11 (Soft keys information): 0x00
0000 0000 = Maximum number of soft keys available: 0
Terminal Profile Byte 12 (Bearer Independent protocol proactive commands, class "e"): 0x1f, Proactive SIM: OPEN CHANNEL, Proactive SIM: CLOSE CHANNEL, Proactive SIM: RECEIVE DATA, Proactive SIM: SEND DATA, Proactive SIM: GET CHANNEL STATUS
.... ...1 = Proactive SIM: OPEN CHANNEL: Supported
.... ..1. = Proactive SIM: CLOSE CHANNEL: Supported
.... .1.. = Proactive SIM: RECEIVE DATA: Supported
.... 1... = Proactive SIM: SEND DATA: Supported
...1 .... = Proactive SIM: GET CHANNEL STATUS: Supported
..0. .... = Proactive SIM: SERVICE SEARCH: Not supported
.0.. .... = Proactive SIM: GET SERVICE INFORMATION: Not supported
0... .... = Proactive SIM: DECLARE SERVICE: Not supported
Terminal Profile Byte 13 (Bearer Independent protocol supported bearers, class "e"): 0xe2, GPRS bearer
.... ...0 = CSD bearer: Not supported
.... ..1. = GPRS bearer: Supported
.... .0.. = Bluetooth bearer: Not supported
.... 0... = IrDA bearer: Not supported
...0 .... = RS232 bearer: Not supported
111. .... = Number of Channels: 7
Terminal Profile Byte 14 (Screen height): 0x00
...0 0000 = Display height (chars): 0
..0. .... = No display capability: Not supported
.0.. .... = No keypad available: Not supported
0... .... = Screen sizing parameters: Not supported
Terminal Profile Byte 15 (Screen width): 0x00
.000 0000 = Display width (chars): 0
0... .... = Variable size fonts: Not supported
Terminal Profile Byte 16 (Screen effects): 0x00
.... ...0 = Display resize: Not supported
.... ..0. = Text Wrapping: Not supported
.... .0.. = Text Scrolling: Not supported
.... 0... = Text Attributes: Not supported
...0 .... = RFU: 0x0
000. .... = Width reduction when in menu: 0
Terminal Profile Byte 17 (Bearer independent protocol supported transport interface/bearers, class "e"): 0xc3, TCP client mode remote connection, UDP client mode remote connection, E-UTRAN bearer, HSDPA bearer
.... ...1 = TCP client mode remote connection: Supported
.... ..1. = UDP client mode remote connection: Supported
.... .0.. = TCP server mode: Not supported
.... 0... = TCP client mode local connection: Not supported
...0 .... = UDP client mode local connection: Not supported
..0. .... = Direct communication channel: Not supported
.1.. .... = E-UTRAN bearer: Supported
1... .... = HSDPA bearer: Supported
[鈥Terminal Profile Byte 18 (Bearer independent protocol): 0xf0, Proactive SIM: PROVIDE LOCAL INFORMATION (ESN), CALL CONTROL on GPRS, Proactive SIM: PROVIDE LOCAL INFORMATION (IMEISV), Proactive SIM: PROVIDE LOCAL INFORMATION (Search M
.... ...0 = Proactive SIM: DISPLAY TEXT (Variable Time out): Not supported
.... ..0. = Proactive SIM: GET INKEY (help is supported): Not supported
.... .0.. = USB bearer: Not supported
.... 0... = Proactive SIM: GET INKEY (Variable Timeout): Not supported
...1 .... = Proactive SIM: PROVIDE LOCAL INFORMATION (ESN): Supported
..1. .... = CALL CONTROL on GPRS: Supported
.1.. .... = Proactive SIM: PROVIDE LOCAL INFORMATION (IMEISV): Supported
1... .... = Proactive SIM: PROVIDE LOCAL INFORMATION (Search Mode change): Supported
Terminal Profile Byte 19 (TIA/EIA-136-C facilities): 0x00
.... 0000 = TIA/EIA Version: 0
0000 .... = RFU: 0x0
Terminal Profile Byte 20 (TIA/EIA/IS-820-A facilities): 0x07
0000 0111 = Reserved: 0x07
Terminal Profile Byte 21 (Extended Launch Browser Capability): 0x00
.... ...0 = WML: Not supported
.... ..0. = XHTML: Not supported
.... .0.. = HTML: Not supported
.... 0... = CHTML: Not supported
0000 .... = RFU: 0x0
Terminal Profile Byte 22: 0x01, UTRAN PS with extended parameters
.... ...1 = UTRAN PS with extended parameters: Supported
.... ..0. = Proactive SIM: PROVIDE LOCAL INFORMATION (battery state): Not supported
.... .0.. = Proactive SIM: PLAY TONE (Melody tones and Themed tones supported): Not supported
.... 0... = Multi-media Calls in SET UP CALL: Not supported
...0 .... = Toolkit-initiated GBA: Not supported
..0. .... = Proactive SIM: RETRIEVE MULTIMEDIA MESSAGE: Not supported
.0.. .... = Proactive SIM: SUBMIT MULTIMEDIA MESSAGE: Not supported
0... .... = Proactive SIM: DISPLAY MULTIMEDIA MESSAGE: Not supported
Terminal Profile Byte 23: 0x68, Alpha Identifier in REFRESH command, Proactive SIM: PROVIDE LOCAL INFORMATION (MEID), Proactive SIM: PROVIDE LOCAL INFORMATION (NMR(UTRAN/E-UTRAN))
.... ...0 = Proactive SIM: SET FRAMES: Not supported
.... ..0. = Proactive SIM: GET FRAMES STATUS: Not supported
.... .0.. = MMS notification download: Not supported
.... 1... = Alpha Identifier in REFRESH command: Supported
...0 .... = Geographical Location Reporting: Not supported
..1. .... = Proactive SIM: PROVIDE LOCAL INFORMATION (MEID): Supported
.1.. .... = Proactive SIM: PROVIDE LOCAL INFORMATION (NMR(UTRAN/E-UTRAN)): Supported
0... .... = USSD Data download and application mode: Not supported
Terminal Profile Byte 24 (Class "i"): 0x00
.... 0000 = Maximum number of frames supported: 0
0000 .... = RFU: 0x0
Terminal Profile Byte 25 (Event driven information extensions): 0x51, Event: Browsing status, Event: Network Rejection for GERAN/UTRAN, Event: Network Rejection for E-UTRAN
.... ...1 = Event: Browsing status: Supported
.... ..0. = Event: MMS Transfer status: Not supported
.... .0.. = Event: Frame Information changed: Not supported
.... 0... = Event: I-WLAN Access status: Not supported
...1 .... = Event: Network Rejection for GERAN/UTRAN: Supported
..0. .... = Event: HCI connectivity: Not supported
.1.. .... = Event: Network Rejection for E-UTRAN: Supported
0... .... = Multiple access technologies supported in Event Access Technology Change and PROVIDE LOCAL INFORMATION: Not supported
Terminal Profile Byte 26 (Event driven information extensions): 0x01, Event: CSG Cell Selection
.... ...1 = Event: CSG Cell Selection: Supported
.... ..0. = Event: Contactless state request: Not supported
0000 00.. = RFU: 0x00
Terminal Profile Byte 27 (Event driven information extensions): 0x00
0000 0000 = RFU: 0x00
Terminal Profile Byte 28 (Text attributes): 0x00
.... ...0 = Alignment left: Not supported
.... ..0. = Alignment centre: Not supported
.... .0.. = Alignment right: Not supported
.... 0... = Font size normal: Not supported
...0 .... = Font size large: Not supported
..0. .... = Font size small: Not supported
00.. .... = RFU: 0x0
Terminal Profile Byte 29 (Text attributes): 0x00
.... ...0 = Style normal: Not supported
.... ..0. = Style bold: Not supported
.... .0.. = Style italic: Not supported
.... 0... = Style underlined: Not supported
...0 .... = Style strikethrough: Not supported
..0. .... = Style text foreground colour: Not supported
.0.. .... = Style text background colour: Not supported
0... .... = RFU: 0x0
Terminal Profile Byte 30: 0x08, "Steering of Roaming" REFRESH
.... ...0 = I-WLAN bearer: Not supported
.... ..0. = Proactive SIM: PROVIDE LOCAL INFORMATION (WSID of the current I-WLAN connection): Not supported
.... .0.. = TERMINAL APPLICATIONS: Not supported
.... 1... = "Steering of Roaming" REFRESH: Supported
...0 .... = Proactive SIM: ACTIVATE: Not supported
..0. .... = Proactive SIM: Geographical Location Request: Not supported
.0.. .... = Proactive SIM: PROVIDE LOCAL INFORMATION (Broadcast Network Information): Not supported
0... .... = "Steering of Roaming for I-WLAN" REFRESH: Not supported
Terminal Profile Byte 31: 0x02, CSG cell discovery
.... ...0 = Proactive SIM: Contactless State Changed: Not supported
.... ..1. = CSG cell discovery: Supported
.... .0.. = Confirmation parameters supported for OPEN CHANNEL in Terminal Server Mode: Not supported
.... 0... = Communication Control for IMS: Not supported
...0 .... = CAT over the modem interface: Not supported
..0. .... = Event: Incoming IMS Data: Not supported
.0.. .... = Event: IMS Registration: Not supported
0... .... = Proactive SIM: Profile Container, Envelope Container, COMMAND CONTAINER and ENCAPSULATED SESSION CONTROL: Not supported
Terminal Profile Byte 32: 0x80, Support of refresh enforcement policy
.... ...0 = IMS bearer: Not supported
.... ..0. = Proactive SIM: PROVIDE LOCAL INFORMATION (H(e)NB IP address): Not supported
.... .0.. = Proactive SIM: PROVIDE LOCAL INFORMATION (H(e)NB surrounding macrocells): Not supported
.... 0... = Launch parameters supported for OPEN CHANNEL in Terminal Server Mode: Not supported
...0 .... = Direct communication channel supported for OPEN CHANNEL in Terminal Server Mode: Not supported
..0. .... = Proactive SIM: Security for Profile Container, Envelope Container, COMMAND CONTAINER and ENCAPSULATED SESSION CONTROL: Not supported
.0.. .... = CAT service list for eCAT client: Not supported
1... .... = Support of refresh enforcement policy: Supported
[鈥Terminal Profile Byte 33: 0x07, Support of DNS server address request for OPEN CHANNEL related to packet data service bearer, Support of Network Access Name reuse indication for CLOSE CHANNEL related to packet data service bearer, Ev
.... ...1 = Support of DNS server address request for OPEN CHANNEL related to packet data service bearer: Supported
.... ..1. = Support of Network Access Name reuse indication for CLOSE CHANNEL related to packet data service bearer: Supported
.... .1.. = Event: Poll Interval Negotiation: Supported
0000 0... = RFU: 0x00
下面开始针对eSIM的关键参数进行更新的过程:进行了一系列的SMS-PP Download过程,通过SIM OTA过程进行远程放号。
image.png (63.26 KB, 下载次数: 0)
下载附件
2025-6-21 14:01 上传
把TX过程的APDU单独拷贝出来整合到一起,80 C2 00 00 6BD1 69 02 02 83 81 06 07 91 28 01 08 90 99 99 0B 5A 40 0B 99 99 22 99 99 99 F9 7F F6 22 40 41 61 05 32 63 47 07 00 03 00 07 01 70 00 01 C1 15 02 01 25 25 B0 00 01 00 00 00 00 00 00 98 9C 60 FE 03 4B 63 C3 00 A4 08 0C 04 7F FF AF F1 00 D6 00 00 48 80 21 34 35 30 30 36 31 30 38 33 33 33 32 30 30 38 40 6C 74 65 2D 6C 67 75 放到SIM APDU解码器解码结果如下:
1000 .... = Class Coding: ETSI TS 102.221 (0x8)
.... 00.. = Secure Messaging Indication: No SM used between terminal and card (0x0)
.... ..00 = Logical Channel number: 0
Instruction: ENVELOPE (0xc2)
Length of Expected Response Data: 107
BER-TLV Tag: GSM/3GPP/3GPP2 - SMS-PP Download (0xd1)
Card Application Toolkit ETSI TS 102.223
Device identity: 8381
Source Device ID: Network (0x83)
Destination Device ID: SIM / USIM / UICC (0x81)
Address: 91280108909999
.001 .... = TON: International Number (0x1)
.... 0001 = NPI: ISDN/telephony numbering plan (Recommendation ITU-Ts E.164 and E.163 (0x1)
Address String: (拢貌锟斤拷锟?
3GPP SMS TPDU: 400b999922999999f97ff62240416105326347070003000701700001c11502012525b000鈥?
GSM SMS TPDU (GSM 03.40) SMS-DELIVER
0... .... = TP-RP: TP Reply Path parameter is not set in this SMS SUBMIT/DELIVER
.1.. .... = TP-UDHI: The beginning of the TP UD field contains a Header in addition to the short message
..0. .... = TP-SRI: A status report shall not be returned to the SME
.... 0... = TP-LP: The message has not been forwarded and is not a spawned message
.... .0.. = TP-MMS: More messages are waiting for the MS in this SC
.... ..00 = TP-MTI: SMS-DELIVER (0)
TP-Originating-Address - (99229999999)
Length: 11 address digits
1... .... = Extension: No extension
.001 .... = Type of number: International (1)
.... 1001 = Numbering plan: Private numbering plan (9)
TP-OA Digits: 99229999999
TP-PID: 127
01.. .... = Defines formatting for subsequent bits: 0x1
..11 1111 = Message type: (U)SIM Data download (63)
TP-DCS: 246
1111 .... = Coding Group Bits: Data coding/message class (15)
.... 0... = Reserved: 0
.... .1.. = Message coding: 8 bit data
.... ..10 = Message Class: Class 2 (U)SIM specific message (0x2)
..................................这里省略一些无用内容
TP-User-Data-Length: (71) depends on Data-Coding-Scheme
TP-User-Data
User-Data Header
User Data Header Length: 7
IE: Concatenated short messages, 8-bit reference number (SMS Control)
Information Element Identifier: 0x00
Length: 3
Message identifier: 0
Message parts: 7
Message part number: 1
IE: (U)SIM Toolkit Security Headers (SMS Control)
Information Element Identifier: 0x70
Length: 0
SMS body: 01c11502012525b00001000000000000989c60fe034b63c300a4080c047fffaff100d60000488021343530303631303833333332303038406c74652d6c6775
可以看到整个放号过程中的一些额外信息。 收到这条SMS PP Download之后对于SMS body进行解密后变成一些列对于eSIM的 Update过程。例如将CBMI单元更改新的内容的过程如下:
image.png (38.48 KB, 下载次数: 0)
下载附件
2025-6-21 14:02 上传
image.png (41.19 KB, 下载次数: 0)
下载附件
2025-6-21 14:02 上传
【验证效果】 此方法对于高通平台所有的eSIM操作都可以进行精细化分析,实现了最廉价的分析手段。 是个人在实践和研究过程中积累了大半年的心得。其中共享了关键部分的方法思路,细节不便提供,纯属个人兴趣爱好的研究,仅供学习参考!
