Smart Card Digging Utilities

2007 June 3
by Ilya

It is time to wipe out the dust and disclose more x-files from my personal archive. Some of you have asked and waited for this particular one for few years already. Thus, without further ado, let me introduce SMACADU – Smart Card Digging (or “Dumb” if you wish) Utilities. It is a set of very simple command line tools to poke around smart cards. By using these tools, you may explore an unknown or an obscure smart card to reveal its layout and functionality. There are three tools in SMACADU: smacdig, smacget and smactty.

smacdig
This tool let you map all existing objects within specified Dedicated File, even if the smart card does not have DIR command or it tries to hide an object from DIR. Such mapping is a continuous procedure which you may terminate any moment by pressing a key. You may also specify a DF path and/or initial object’s ID to start from.

smacget
You can dump any publicly accessible Elementary File (EF) from smart card to file by using smacget. Simply specify the full path of EF and it will be extracted to file named as EF’s ID.

smactty
This is the APDU console that you may use to directly send commands to a smart card. To use this tool, you need to know what is PC/SC and at least C0 A4 00 00 02 3F 00 must ring some bells.

Run any of these tools without parameters will output usage info and a list of available smart card readers. You must specify desired smart card reader by its name as a first parameter then. You do not need to specify a whole name actually; an unique substring from the name would do just fine. For smactty, you may specify characters inside APDU commands as is, without remembering their hexadecimal representation - use “-“ in front of a character. For example, you may simply type -p-a-s-s-w-o-r-d instead of 70 61 73 73 77 6F 72 64.

SMACADU were written as Windows console applications to be compiled with Microsoft Visual C compiler. If you need to port these utilities to gcc/Linux then feel free to do so; the source code provided below.

Download:

Reddit this / Add to del.icio.us / Digg this!
10 Comments leave one →
2007 November 12
henrik larsen permalink

i can read with SMACADU the information written on Dutch ChipKnip?

2007 November 13

Sorry, Henrik, I’ve no idea about Dutch ChipKnip. If it is a CardOS-based smart-card then smacadu might work right away. Anyway, smactty must work regardless of OS type as long as this ChipKnip is a smart-card which responds to APDU commands.

2008 November 3
Anonymous permalink

Please make a Linux port.

2008 November 4

Perhaps I will make a Linux port later. It would depend on having a free time for that.

2008 November 27
steve permalink

Handy set of tools, though I have to admit, I’m finding the RFID learning curve rather steep… For example, “PC/SC” mean little to me and “C0 A4 00 00 02 3F 00″ are just a bunch of hex digits.

I’ve successfully used smacdig to map two RFID tags I have… however both give the same numbers:

ef01: 6f1c8302ef018801018a010582060c00001200058c064fffffffffffab00
ef03: 6f1c8302ef038801038a010582060c00001000058c064fffffffff00ab00

I had thought that these were blocks of data… but, since two distinct cards (which behave differently with a 3rd-party app) give the same output from smacdig. By any chance can you point a newcomer at suitably gentle documentation?

2008 December 3

Steve,
There is nothing wrong about two different cards having a similar file structure. Probably they both just comply with some standard or an application.

The numbers you see for EF01 are not the file content but its attributes returned by SELECT FILE command. I’m not sure about a public gentle documentation but you may try ISO 7816-4 for example.

The learning curve may be steep but it well pays back. Basically you can get anything a card is capable of, regardless of any clumsy PKCS11, etc. from a vendor. It is not like I saw all PKCS11 implementations in the universe, but all those I saw were quite slipshod.

2008 December 17
Ravi permalink

Hi friends,

How do i know the size of integrated circuit embedded in smart card.

Thanks

Ravi Kumar

2009 August 8

Dear Friends,

How can I find winscard.h

with best regards,
Vahid Tavakkoli

2010 January 3

how can i make a copy of printer smart card chip if i have the original one ?

2010 March 22
PhilT permalink

@steve:
What you’ve mapped is actually the internal SAM of your Tikitag/touchatag reader and not the RFID tags. Try again without tag and you’ll get the same result ;-)

Leave A Comment

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS