Ludovic Rousseau's blog: October 2012

A few days ago I discovered a nice tool: cardpeek.

Project

The project is hosted at http://code.google.com/p/cardpeek/.
It is Free Software and uses the GNU GPL v3 licence.

From the project web site:

Cardpeek is a Linux/Windows tool to read the contents of ISO7816 smartcards. It features a GTK GUI to represent card data is a tree view, and is extendable with a scripting language (LUA).

The goal of this project is to allow smartcard owners to be better informed about what type of personal information is stored in these devices.

The tool currently reads the contents of :

EMV cards, including NFC ones.

Navigo public transport cards (partially supports MOBIB as well)

The French health card "Vitale 2"

Electronic/Biometric passports in BAC security mode.

It can also read the following cards with limited interpretation of data:

Some Mifare cards (such as the Thalys card);

Moneo, the French electronic purse;

GSM SIM cards.

More info on the Wiki here: http://code.google.com/p/cardpeek/wiki/Main

Installation

It is easy to install under Debian GNU/Linux. You may need to install some dependencies related to the lua language. The program is written in C and lua. The parts sending smart card commands are lua scripts. I do not yet have lua in my list of languages for PC/SC.

You may be unable to run the ./configure script. I already reported this problem. run autoreconf -vis to get correct symlinks.

Examples

EMV

I tried with an EMV card.

The application gives a lot of information. For example you have access to the card transaction records.

In this example I payed 48.11€ on the August 30th of 2012. This transaction was to fil the tank with gasoline but the card do not store information about the merchant.

Navigo Pass

I do not have a Navigo Pass myself so I reused the screen copy from the cardpeek project navigo page.

From the project:

The "calypso" script included in cardpeek can read the content of Navigo cards used in Paris. It provides enhanced "event log" analysis notably with subway/train station names, as illustrated in the screenshot above. It has been successfully tested on Navigo Découverte, Navigo and Navigo Intégrale cards.

SIM

The support is SIM card is indicated as beta but does work quiet well.

For example you can dump the phone book stored in your SIM card.

I guess it is in beta mode because not all the fields are parsed and displayed in a human readable format.

Conclusion

Cardpeek is a very nice tool to explore many common kinds of smart cards. It is tech savvy oriented.

Since 2010 I provide a way to parse an ATR online using a web page. I also provide a Python script to do the same using a command line tool.

I am not a user interface design expert. But I like to have important elements in color. Syntax colorization is a great invention. So I decided to add color to the ATR parsing results.

Web page

Available at http://smartcard-atr.appspot.com/

Before

Parsing ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1

TS = 0x3B	Direct Convention
T0 = 0xFA	Y(1): b1111, K: 10 (historical bytes)
TA(1) = 0x13	Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
TB(1) = 0x00	VPP is not electrically connected
TC(1) = 0xFF	Extra guard time: 255 (special value)
TD(1) = 0x81	Y(i+1) = b1000, Protocol T=1
----
TD(2) = 0x31	Y(i+1) = b0011, Protocol T=1
----
TA(3) = 0x80	IFSC: 128
TB(3) = 0x45	Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes	00 31 C1 73 C0 01 00 00 90 00
Category indicator byte: 0x00	(compact TLV data object) Tag: 3, Len: 1 (card service data byte) Card service data byte: 193 - Application selection: by full DF name - Application selection: by partial DF name - EF.DIR and EF.ATR access services: by GET RECORD(s) command - Card without MF Tag: 7, Len: 3 (card capabilities) Selection methods: 192 - DF selection by partial DF name - DF selection by full DF name Data coding byte: 1 - Behaviour of write functions: one-time write - Value 'FF' for the first byte of BER-TLV tag fields: valid - Data unit in quartets: 1 Command chaining, length fields and logical channels: 0 - Logical channel number assignment: No logical channel - Maximum number of logical channels: 0 Mandatory status indicator (3 last bytes) LCS (life card cycle): 0 (No information given) SW: 9000 ()
TCK = 0xB1	(correct checksum)

Possibly identified card: OpenPGP

After

Parsing ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1

TS = 0x3B	Direct Convention
T0 = 0xFA	Y(1): b1111, K: 10 (historical bytes)
TA(1) = 0x13	Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
TB(1) = 0x00	VPP is not electrically connected
TC(1) = 0xFF	Extra guard time: 255 (special value)
TD(1) = 0x81	Y(i+1) = b1000, Protocol T=1
----
TD(2) = 0x31	Y(i+1) = b0011, Protocol T=1
----
TA(3) = 0x80	IFSC: 128
TB(3) = 0x45	Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes	00 31 C1 73 C0 01 00 00 90 00
Category indicator byte: 0x00	(compact TLV data object) Tag: 3, Len: 1 (card service data byte) Card service data byte: 193 - Application selection: by full DF name - Application selection: by partial DF name - EF.DIR and EF.ATR access services: by GET RECORD(s) command - Card without MF Tag: 7, Len: 3 (card capabilities) Selection methods: 192 - DF selection by partial DF name - DF selection by full DF name Data coding byte: 1 - Behaviour of write functions: one-time write - Value 'FF' for the first byte of BER-TLV tag fields: valid - Data unit in quartets: 1 Command chaining, length fields and logical channels: 0 - Logical channel number assignment: No logical channel - Maximum number of logical channels: 0 Mandatory status indicator (3 last bytes) LCS (life card cycle): 0 (No information given) SW: 90 00 ()
TCK = 0xB1	correct checksum

Possibly identified card: OpenPGP

Command line

The same software is also available as a command line tool: parseATR.py

Before

ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
TS = 0x3B --> Direct Convention
T0 = 0xFA --> Y(1): b1111, K: 10 (historical bytes)
 TA(1) = 0x13 --> Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
 TB(1) = 0x00 --> VPP is not electrically connected
 TC(1) = 0xFF --> Extra guard time: 255 (special value)
 TD(1) = 0x81 --> Y(i+1) = b1000, Protocol T=1
----
 TD(2) = 0x31 --> Y(i+1) = b0011, Protocol T=1
----
 TA(3) = 0x80 --> IFSC: 128
 TB(3) = 0x45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes --> 00 31 C1 73 C0 01 00 00 90 00
  Category indicator byte: 0x00 -->  (compact TLV data object)
    Tag: 3, Len: 1 (card service data byte)
      Card service data byte: 193
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card without MF
    Tag: 7, Len: 3 (card capabilities)
      Selection methods: 192
        - DF selection by partial DF name
        - DF selection by full DF name
      Data coding byte: 1
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: valid
        - Data unit in quartets: 1
      Command chaining, length fields and logical channels: 0
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 0
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0 (No information given)
      SW: 9000 ()
TCK = 0xB1  --> (correct checksum)
Possibly identified card: OpenPGP

After

ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
TS = 0x3B --> Direct Convention
T0 = 0xFA --> Y(1): b1111, K: 10 (historical bytes)
 TA(1) = 0x13 --> Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
 TB(1) = 0x00 --> VPP is not electrically connected
 TC(1) = 0xFF --> Extra guard time: 255 (special value)
 TD(1) = 0x81 --> Y(i+1) = b1000, Protocol T=1
----
 TD(2) = 0x31 --> Y(i+1) = b0011, Protocol T=1
----
 TA(3) = 0x80 --> IFSC: 128
 TB(3) = 0x45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes --> 00 31 C1 73 C0 01 00 00 90 00
  Category indicator byte: 0x00 -->  (compact TLV data object)
    Tag: 3, Len: 1 (card service data byte)
      Card service data byte: 193
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card without MF
    Tag: 7, Len: 3 (card capabilities)
      Selection methods: 192
        - DF selection by partial DF name
        - DF selection by full DF name
      Data coding byte: 1
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: valid
        - Data unit in quartets: 1
      Command chaining, length fields and logical channels: 0
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 0
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0 (No information given)
      SW: 90 00 ()
TCK = 0xB1  --> correct checksum
Possibly identified card: OpenPGP

Conclusion

I like colorization.

Ludovic Rousseau's blog

Friday, October 26, 2012

cardpeek: A tool to read the contents of smartcards

Project

Installation

Examples

EMV

Navigo Pass

SIM

Conclusion

Sunday, October 7, 2012

New version of libccid: 1.4.8

Monday, October 1, 2012

Parsing an ATR: now in color

Web page

Before

After

Command line

Before

After

Conclusion