How to read user data on smart card?

1
votes

First off, I'm still relatively new working with smart cards and I don't know exactly how is data stored and which data is protected on a smart card.

I'm trying to read my student identification smart card which is PIN protected. I've been programming in C++ with default windows smart card library (winscard.lib).

I've successfully read ATR header but as far as I know, ATR header contains information on how to communicate with reader, not user information.

I've tried reading binary from the card and but APDU always returns 6E 00 which indicates "Class not supported" or "Wrong instruction". Here is the code:

switch(dwProtocol)
    {
        case SCARD_PROTOCOL_T0:
        {   
            pioSendPci = *SCARD_PCI_T0;
            break;
        }
        case SCARD_PROTOCOL_T1:
        {
            pioSendPci = *SCARD_PCI_T1;
            break;
        }
        default:
        {
            printf("Detecting protocol failed!");
            printf("Press <ENTER> key to terminate!\n");
            nResponse = getchar();
            lRet = SCardReleaseContext(hContext);
            return -1;
        }
    }

    lRet = SCardTransmit(hCard,
                        &pioSendPci,
                        (LPCBYTE)&cmdRead,
                        sizeof(cmdRead),
                        NULL,
                        (LPBYTE)&recvbuffer,
                        &atrLen);

    printf("APDU return code:\n");
    printf("=================\n");
    for(i=0; i<2; i++)
    {
        printf("%02X ", recvbuffer[i]);
    }
    printf("\n");

    if(lRet!=SCARD_S_SUCCESS)
    {
        printf("Transmission failed! ErrorCode = 0x%08X\n",lRet);
        printf("Press <ENTER> key to terminate!\n");
        nResponse = getchar();
        lRet = SCardReleaseContext(hContext);
        return -1;
    }

Where cmdRead is as following:

BYTE cmdRead[] = { 0x00, 0xB0, 0x00, 0x00, 0x00, 0x00, 0xFF };

What could be wrong? Do I need to verify the card first in order to read binary? Is read binary right function to read basic data like student id?

4
c++smartcardjavacardwinscard

4 Answers

2
votes

Without a specification of the student application on the card, this is a lengthy and boring process. Assumed that you have a file system on the card (as opposed to a java card) you need to know, in which file the user data is stored, so that you can SELECT the appropriate file before issuing the READ BINARY pr READ RECORD if its a record-oriented file. You can try to find the correct file ID by trial and error, but... Note, that on smart cards the access conditions are defined with very fine granularity, so there may be files, which can be read without any authentication, and on the other extreme, there may be files only readable after having established a secure channel to be used via secure messaging (encrypted and MAC-Protected command and or response).

0
votes

I can think of two reasons why the card returns 6E00.

  1. The currently selected application is the card manager or any other applet aside from the one you want to use. You can try to perform a SELECT AID command before sending the READ command. However, you should know the instance AID of the applet you want to select to do so.

  2. The file you are trying to read is protected by secure messaging and your APDU command should be encrypted/MACed which would change the CLA byte to '0C' for example. However, you need to establish a secure channel first before you can do this.

Like @guidot said, this will be very difficult without a specification.

0
votes

First of all, as @guidot mentioned it's boring process. Not only you have complete information on javacards, but also you should know how to something like hack a smart card, because you don't have any card vendor specification and probably they use security on their card which you should know the keys.

But for your information, according to ISO 7816-4 0x6E00 means "Class not supported". You can check complete list of APDU responses in here.

The class (CLA) byte is usually 0x00, 0xA0, 0xC0 or 0xF0 and sometimes masked with 0x0C that indicates Secure Messaging on some cards.

To reach data inside applet firewall you should select that applet and applet selection occurs when the JCRE(Java Card Runtime Environment) receives a select APDU whose data match the AID of the applet. And if there be an installed security domain, then you should have those security keys in order to reach a successful applet selection.

To have a list of APDU commands communicating with the card reader check this link.

There's lots of information here about writing a smart card library in C++ , which uses WinSCard.dll to communicate with the reader.

Also this link is about file system structure in java card which would be useful if the applet stores its data in files.

and this link is an example of selecting a file in javacard.

If you want to go further through java card applet implementation, here's a guide on how to implement a java card applet. Note that, don't forget to read most important existing document like Global platform and ISO 7816.

0
votes

As Chooch said : In JAVA card , 1. You should follow AID selection then 2. since you are reader Binary file , select binary EF 2a).Since you are using P1 00 i hope You already selected the particular EF. Note : Even though i feel your command is wrong to read Binary data in ISO 7816/ ISO 14443 Smartcard .

else AS ISO 7816 4 :

Reader binary should be : CLA INS 00 BO P1 - Short File ID : MSB should be 1 : ur SID is 3 : It should be :83 P2 - should be Offset / Start Byte : eg : from 0 means : 00 if it is in between 10 : 0A Le - should be No of bytes you want to read : eg 20 bytes means : 14

So command should be : 00 B0 83 14 0A : that is it. No need more bytes to read Binary file . if you already selected EF file Insted of 83 you can give 00: Note : This is considers you dont have security conditions. If you have security condition you have to satisfy that before you read this.