Although replacing eSIM may not be as simple as using a soldering iron, hair dryer and straight hands, each of you will be able to cope with this task.
Sometimes the mobile devices we work with can only transmit information related to cellular communication systems. In these cases, we are usually interested in things, like obtaining accounts for APN. In addition, pentester is usually interested in monitoring traffic originating from the device.
In all the above cases it is important to be able to manage SIM cards without damaging the SIM card that comes with the device.
If the device uses conventional SIM cards, we can easily perform a replacement (for example, to connect the device to our Sysmocom 3Gstation “Network in a Box”).
However, sometimes embedded embedded SIM-cards (eSIM). At the moment, MFF2 eSIM cards are used based on the 8-pin QFN case (although more precisely, the DFN-8 or SON-8 cases are used).
eSIM’y are increasingly used in devices, but these SIM cards are more difficult to replace with conventional ones.
Since there is not much information on eSIM, I could not find a match between the pins of a regular SIM card and eSIM.
Although, apparently, such a correspondence is.
Holding this hypothesis in my head, next I’ll show how to connect a regular SIM card to a device that supports work only with eSIM.
1. Extract eSIM
As with the removal of any other element with surface mounting, start c applying a flux (good quality) around the eSIM. Then you can use the hot air nozzle in the soldering station (or a cheap hair dryer). We warm up until we can freely remove eSIM.
2. Clear contact pads
We apply another flux to the released pad on the PCB. Use a soldering iron to remove excess solder. If you use a good flux, all excess should adhere to the soldering iron tip. Then you can transfer the solder to the wire cleaner.
Once you have at most removed the solder, use the braid (solder wick) to remove the residues.
3. Connect to pads
Now you need to connect the wires to the sites. In the case of MFF2 eSIM, 5 sites will be involved: 1, 3, 6, 7 and 8. The assignments for each pin are listed in the table below:
Apply a large amount of flux. In this case, you will greatly simplify the application of solder. The size of each pad is 0.4 x 0.6 mm. That is, you will need an iron tip of the appropriate size. I personally use the tips of the Chisel tip.
Apply a little solder to the tip, attach the tip to the pad so that the solder is fixed, and then remove the tip from the pad. As a result, some solder should remain on the site.
Strip the ends of the wires (I prefer to use AWG 30 colored wire) and attach the ends to each pin.
You may need to attach the wires to the printed circuit board with a glue requiring heating, in order to remove the load from the solder site.
4. Connect a regular SIM card
Now it’s time to connect the sites with our SIM-card. There are several options: through the connector or disassembled adapter for smart cards or directly (the latter way I do not recommend using because of the fragility).
eSIM’y differ from conventional SIM-cards only in form. Although replacing eSIM may not be as simple as using a soldering iron, hair dryer and straight hands, each of you will be able to cope with this task.
In itself, the use of eSIM is not a security measure, but a good way to slightly complicate the life of the researcher. However, as you could see, the solution to this problem is quite possible even at home.