-1

as the title suggests I'm having difficulty in reading the contents of an unknown smart card. I've an ISO 7816 compatible IC and card, (the IC hooked up to an arduino). I can read the ATR of the card, but I'd like to read the contents of it (something like serial number or a unique address of some sort),but I'm having problems. If I understand correctly, to use APDU commands, I need to know the data structure of the card. But I don't even know what I'm looking for to be honest. How could I read everything that's on the card? Or is it impossible without knowing something about the card?

Bálint Nagy
  • 9
  • 3

2 Answers2

0

If the card is unknown, why did you assign the emv tag?

If the card has a file system (which does not apply to java cards), you can attempt to SELECT each possible file identifier. Reading everything is against the purpose of smart cards: without keys and PINs involved you will only be able to read the public snippets (i.e. unprotected stuff) which might even be non-existing.

guidot
  • 5,095
  • 2
  • 25
  • 37
0

You can find out if it's a EMV card by sending the message: SELECT 2PAY.SYS.DDF01: 00A404000E325041592E5359532E4444463031

If it replies with a list of application IDs its an EMV card, and if it replies with an error message its not.

Could try bruiting forcing the all of the public reads on the card with something like the following code:

def read_record(sfi,record):
        # read a specific record from a file
        p1= record
        p2= (sfi << 3) + 4
        le= 0x00
        apdu= READ_RECORD + [p1,p2,le]
        response, sw1, sw2= send_apdu(apdu)
        if check_return(sw1,sw2):
                return True, response
        else:
                return False, ''

This does 65k reads, so takes about 40mins to run. See http://rfidiot.org for this and more useful functions.

However, as guidot said, there may be application specific authentication you need to do before you can access these.

Tom
  • 61
  • 4