Update on Overleaf.

Chapters/Evaluation.tex

@@ -34,9 +34,23 @@
 % the firmware update tool is a binary
 % analysation with ghidra -> rev engeneering
 % looking at dissassembled code -> trying to guess functions based on their implementation
+% this is something unique to the estk.me esim since all other esims neither offer an public update utility nor having a custom publicly documented flash endpoint for newer firmware
+% Etsi (check which version) defines that all sims and esim have to have some sort of update utility
+% application updates can be perfomred via global platform commands although requiring the manufacturer keys to unlock the smartcard
 
 
 % TODO: explain fwupd mechanism here
+% update mechanism offers 2 functions: get_version and flash_firmware
+% the custom flash endpoint is locate under the aid A06573746B6D65FFFFFFFF6677757064
+% the aid is the hex encoded text 'estkmeÿÿÿÿfwupd' 
+
+% get_version retrieves the version code of the currently installed firmware by sending the apdu packet APDU(class=0xAA, instruction=0xFF, p1=0x00, p2=0x00, le=0x08)
+% our estk.me esim responds with Version 'T001V06' which corresponds to the 4.6.0 received via the euicc info 1
+% this shows that this is an older estk.me model with the current one having the firmware version 'T3V7' as shown in newer firmware versions
+% the firmware update happens ins 6 Steps: setup, unlock, send_program_block, validate, and check_flash_status
+%
+% setup: to setup esim.me for flashing, the firmware update tool selects the custom flashing endpoint with the APDU command APDUPacket(cla=0x01, ins=0x55, p1=0x55, p2=0x55) and enters the esim into flashing mode
+% unlock: 
 
 % we could reimplement the code in python -> see implementation
 % with the reimplementation we could analyze the traffic further and apply similar mutations as used in the apdu fuzzing section (cref)