Useful Things for Smart Card Users

FAQ
Smart Card Links
Java Card

Home Page Entry: Useful Things for Smart Card Users

created: 23. Sept. 2003; last modified: 22. May 2009
Copyright © 2003-2009 Wolfgang Rankl, Munich
Impressum und rechtliche Hinweise

zum SeitenanfangContent

Useful things to read

Modules for Smart Card Microcontroller

Examples for application level Communication

SIM

trace of SIM - Mobile Phone communication

trace of USIM - Mobile Phone communication

Geldkarte (German national purse)

Conncetion of a Smart Card to a Microcontroller

Instructions for Smart Card current measurement

Intercept the Communication between Terminal and Smart Card

T=0 Implementation in C on an ARM processor (in German, from Stephan Hüls)

Example for a T=0 Communication between Terminal and Smart Card

zum SeitenanfangUseful things to read

About

On these sides are a number of interesting texts over smart cards, which are summarized here.

In the following text you find an overview about smart card operatings systems: Chipkarten Betriebssysteme (PDF, German). A short overiews about some basic communication principles and smart card commands give the Beihefter (PDF, German).

A rather good entrance into SIMs (subscriber identity modules = the smart card in GSM) is the following read sample from the Handbuch der Chipkarten Die SIM (2,5 MByte, PDF, German). Based on this you should have also a look at the examples for the SIM communication further on this side.

There exist also a condensed version of the chapter about smart card security in the Smart Card Handbook Overview about Attacks on Smart Cards (PDF, English) and also from the Handbuch der Chipkarten Angriffe auf Chipkarten (PDF, German)

zum SeitenanfangModules for Smart Card Microcontroller

Smart Card Modules

The following is a poster with an enormous amount of different smart card modules. If got it from Endre Nagy from Hungary who is the collector of this fantastic collection of smart card modules.

Smart Card Module Poster (April 2005 Edition, GIF, 1,7 MByte)

zum SeitenanfangExamples for application level Communication

Overview

The following examples are typical for the communication between terminal and smart card. The advantage thereby is that neither terminals nor smart card is necessary.

SIM

This example shows the communication between terminal and SIM with some typical commands such as SELECT, READ BINARY, READ RECORD and VERIFY pin.
Communication with SIM (Version 4 from, 3. June 2004, PDF, 0,7 MByte)

SIM - Mobile Phone

This example shows the communication between a mobile phone and a SIM for layer 7 (application layer) and layer 2 (data transmission layer). It was made with an Siemens SL55 mobile phone in the T-Mobile GSM D1 network and the IT³-Monitor from ORGA Test System.
Communication between SIM and mobile phone (PDF, 2,5 MByte)

USIM - Mobile Phone

Trace of a complete 3G session between a Vodafone 3G USIM and a Nokia 7600 mobile phone. The trace was made with IT3Move! from ORGA Test Systems and shows all decoded commands and responses from power on untill power down of the session.
I want to say thank you very much to ORGA Test Systems for providing me with this trace.
Communication between USIM and mobile phone (zipped RFT, 55 kByte)

Geldkarte

This example shows the communication between terminal and Geldkarte (German national purse) when reading the purse saldo.
Communication with Geldkarte (Version 3 from, 3. June 2004, PDF, 1 MByte)

zum SeitenanfangConncetion of a Smart Card to a Microcontroller

This circuitry could be used for typical micro controller based smart card, e.g. SIM (= smart Card for GSM mobile phones). It will work for 5 V smart cards. For 3 V smart cards the voltages should be adapted.

The circuitry can support the standard ISO/IEC 7816-3 switch on/off sequences. This sequences are controlled by the software of the terminal.

Most of the smart cards will work, if the driver on terminal side supports at least 20 mA output current for Vcc. For smart cards who needs more current a switch transistor between + 5 V and the smart card on/off port of the terminal should be placed.

This examples need 3 output and 1 in-/output port on the terminal side. One port could be saved by a capacitor generated reset of the smart card, with the disadvantage of a incorrect switch on/off sequence.

Clock source could be every frequency from 1 MHz to 5 MHz for a typical 9600 bit/s data transmission with standard divider 372 the clock should be 3,5712 MHz.

zum SeitenanfangInstructions for Smart Card current measurement

A usual smart card use a Vcc of 5 V +/- 10 % (4,5 V - 5,5 V) and a typical current of 10 mA. This means that an operation at the minimum voltage of 4,5 V is possible. With the formula U = R * I <=> R = U/I we can calculate that a resistor with the value of 50 Ohm between smart card and Vcc can be add without any problems (if the terminal delivers 5 V supply voltage). With an oscilloscope it is then possible to measure the current as a voltage drop over this resistor. I use a 47 Ohm resistor, because this value is a standard value.

A good idea is to use the I/O line for triggering if you want to detect EEPROM writes/erases when the smart cards executes a APDU command.

With this assembly it is e.g. easy to measure EEPROM write/erase access when a Smart Card executes a command.

zum SeitenanfangIntercept the Communication between Terminal and Smart Card

This idea could be used for a simple interception of the communication between a terminal and a smart card.

This idea could be used for T=0 and T=1 transport protocols without a PPS and with the ISO/IEC 7816-3 standard parameters. It don't support most of the error corrections between smart card and terminal. To use this build the PCB circuit and start a terminal program on a PC (like Hyperterm) and set the following parameters: 9600 bit/s, 8 data bits, 1 parity bit, 2 stop bits, no handshake and even parity (9600,E,8,2).

RS232 uses +12 V (= logical 0) and -12 V (= logical 1) for data communication, but with the usual UARTs in PCs it is possible to listen also to the +5 V / +/- 0 V based terminal-smart card communication. But there is one problem. The communication between a terminal and a smart card must be inverted to be compatiple with the usual RS232 PC communication. Therefore the easiest way is to use a MAX232 converter to invert the logical levels and push the +5V/+/- 0V lebel to the RS232 +12V/-12 V level.

The following circuit diagram shows a possible connection between a smart card and a RS232 port of a PC (click on the picture for better quality).

zum SeitenanfangAufsatz über Angriffe auf Chipkarten mit Schwerpunkt PIN ????

??????????????? Analysis and realisation of the T=0 smart card transport protocol in C on an ARM processor. This is a good example how to implement the T=0 protocol with a high level language like C. The document was written by Stephan Hüls (thank you very much for this paper)

?????????????????? Erweiterung der Kommunikationsmöglichkeiten des ARM-Internet-Servers um den USB auf der Basis einer SmartCard-Schnittstelle (German, PDF, 3 MByte)

zum SeitenanfangT=0 Implementation in C on an ARM processor (in German, from Stephan Hüls)

Analysis and realisation of the T=0 smart card transport protocol in C on an ARM processor. This is a good example how to implement the T=0 protocol with a high level language like C. The document was written by Stephan Hüls (thank you very much for this paper)

Erweiterung der Kommunikationsmöglichkeiten des ARM-Internet-Servers um den USB auf der Basis einer SmartCard-Schnittstelle (German, PDF, 3 MByte)

zum SeitenanfangExample for a T=0 Communication between Terminal and Smart Card

The following is an example for a T=0 communication between a terminal and a GSM SIM card. In this example the terminal selects the MF and fetches some data about the MF directory.The yellow beams marks a transfered byte. The black beams a terminal originated message and the blue beam a smart card originated message.

First the terminal sends a SELECT MF with FID = '3F00' command to the SIM. This means the MF (FID = '3F00') should be selected. The coding of SELECT MF is: 'A0 A4 00 00 02 3F 00'. The SIM answers with the returncode SW1||SW2 = '9F 1B '. This means there are 0x1B data and this data can be fetched by a GET RESPONSE command.

The next command is a GET RESPONSE with the following coding: 'A0 C0 00 00 1B'. Then the SIM send the following data back to the terminal: '00 00 00 00 3F 00 01 FA FF AA FF 01 0E 9B 03 04 06 00 83 8A 83 8A 00 03 00 00 AA 90 00'.