===============================================================================
What you need to know about smart-cards and electronics phonecards
===============================================================================
INTRODUCTION:
You must not think that the electronics phone-cards are completly secret
things, and that you can not read the information that are inside. It is
quite false, since in fact an electronic phone-card does not contain any
secret information like credit cards and an electronic phonecard is nothing
else that an 256 bits EPROM, with serial output.
Besides do not think that you are going to refilled them, when you will know
how these cards works, since for that you should reset the 256 bits of the
cards by erasing the whole card. But the chip is coated in UV opaqued resin
even if sometime you can see it as tranparent! Even if you were smart
enough to erase the 256 bits of the card you should program the maer area,
but these first 96 bits are writing protected by the fusang of a fuse after
the card programing in factory.
Neithertheless it can be very interesting to stdy how these cards work, to
see how the data are maped inside or to see if there are units left inside,
besides there are a great number of applications of these cards when there
are used, since you can use them as key to open a door, or you can also use
them as key to secure a progpam, etc.
SCHEMATICS of the chip
======================
.-------------------.
| |
--|> Clk |
| _ |
--| R/W |
| |
--| Reset |
| |
--| Fuse |
| |
--| Vpp |
| |
| |
'-. .-'
| |
.-------------------.
| Out |-- serial output
'-------------------'
PINOUT of the connector
=======================
AFNOR CHIP ISO CHIP
---------- --------
-------------+------------- -------------+-------------
| 8 | 4 | | 1 | 5 |
| | | | | |
+-------\ | /-------+ +-------\ | /-------+
| 7 +----+----+ 3 | | 2 +----+ + 6 |
| | | | | | | |
+--------| |--------+ +--------| |--------+
| 6 | | 2 | | 3 | | 7 |
| + +----+ | | +----+----+ |
+-------/ | \-------+ +-------/ | \-------+
| 5 | 1 | | 4 | 8 |
| | | | | |
-------------+------------- -------------+-------------
PINOUT: 1 : Vcc = 5V 5 : Gnd
------ 2 : R/W 6 : Vpp = 21V
3 : Clk 7 : I/O
4 : Reset 8 : Fuse
TAME DIAGRAMS
=============
+21V _____________
+5V ____________________________________| |_________________ Vpp
: :
+5V ___________________:_____________:_________________
Reset
0V ________________| : :
: : :
+5V ____ : ____ : ______:______
0V ___| |_______:_____| |________:______| : |__________
Clock
: : : : : : : : :
+5V : : : : : :______:______: : _
0V ___:____:_______:_____:____:________| : |______:__________ R/W
: : : : : : : : :
+5V : : :_____: :________: : : :__________
0V XXXXXXXXXXXXXXXXX_____XXXXXX________XXXXXXXXXXXXXXXXXXXXXX__________ Out
: : : : : :<-----><---->: :
: : : : : :10 to 10 to :
: : : : : :50 ms 50ms :
Reset Bit 1 Bit2 Bit 3
card reading reading Bit2 writing to 1 reading
MEMORY MAP of the french CARDS
==============================
Bytes Bits Binary Hexa
+-----------+-----+
1 1 --> 8 | | |
+-----------+-----+
2 9 --> 16 | 0000 0011 | $03 | ---> a french telecard
+-----------+-----+
3 17 --> 24 | | |
+-----------+-----+
4 25 --> 32 | | |
+-----------+-----+
5 33 --> 40 | | |
+-----------+-----+
6 41 --> 48 | | |
+-----------+-----+
7 49 --> 56 | | |
+-----------+-----+
8 57 --> 64 | | |
+-----------+-----+
9 65 --> 72 | | |
+-----------+-----+
10 73 --> 80 | | |
+-----------+-----+
11 81 --> 88 | | |
+-----------+-----+
12 33 --> 40 | 0001 0011 | $13 | ---> 120 units card
| 0000 0110 | $06 | ---> 50 units card
| 0000 0101 | $05 | ---> 40 units card
+-----------+-----+
13-31 97 --> 248 | | | ---> The units area: each time a unit
| | | is used, then a bit is set to
"1";
| | | Generaly the first ten units are
| | | fused in factory as test.
| | |
| | |
| | |
+-----------+-----+
32 249 --> 256 | 1111 1111 | $FF | ---> the card is empty
+-----------+-----+
MEMORY MAP of the other cards
=============================
Bytes Bits Binary Hexa
+-----------+-----+
1 1 --> 8 | | |
+-----------+-----+
2 9 --> 16 | 1000 0011 | $83 | ---> a telecard
+-----------+-----+-----------+-----+
3-4 17 --> 32 | 1000 0000 | $80 | 0001 0010 | $12 | ---> 10 units card
| | | 0010 0100 | $24 | ---> 22 units card
| | | 0010 0111 | $27 | ---> 25 units card
| | | 0011 0010 | $32 | ---> 30 units card
| | | 0101 0010 | $52 | ---> 50 units card
| | | 1000 0010 | $82 | ---> 80 units card
| 1000 0001 | $81 | 0000 0010 | $02 | ---> 100 units card
| | | 0101 0010 | $52 | ---> 150 units card
+-----------+-----+-----------+-----+
5 33 --> 40 | | |
+-----------+-----+
6 41 --> 48 | | |
+-----------+-----+
7 49 --> 56 | | |
+-----------+-----+
8 57 --> 64 | | |
+-----------+-----+
9 65 --> 72 | | |
+-----------+-----+
10 73 --> 80 | | |
+-----------+-----+
11 81 --> 88 | | |
+-----------+-----+
12 89 --> 96 | 0011 0000 | $30 | ---> Norway
| 0011 1100 | $3C | ---> Ireland
| 0100 0111 | $47 | ---> Portugal
| 0101 0101 | $55 | ---> Czech Republic
| 0101 1111 | $5F | ---> Gabon
| 0110 0101 | $65 | ---> Finland
+-----------+-----+
13-31 97 --> 248 | | | ---> The units area: each time a unit
| | | is used, then a bit is set to
"1";
| | | Generaly the first two units are
| | | fused in factory as test.
| | |
| | |
+-----------+-----+
32 249 --> 256 | | |
+-----------+-----+
Schematic of the reader
=======================
External 5V (Optional)
5V o------,
| / T2 PNP d13 r7 10
0V o--, | / BC 177 |\ | _____
| | ,-------o/ o--*------. E C .--| >+-[_____]--------,
__+__ | | | \ / |/ | |
\\\\\ | __|__ Batery | \ / |
| - 22.5V | --------- |
....... | | | _____ | _____ |
: | __+__ +--[_____]--*--[_____]--, |
D2 : | \\\\\ r6 150k r5 15k | |
4 o-------|---------------------------*------------------|-------------, |
: | | r3 220k / C | |
Ack : | | _____ |/ T1 - NPN | |
10 o------|--------. '--[_____]-*---| BC107 | |
: | | _____ | |\ | |
: ,-, ,-, +--[_____]-' \ E | |
: | |r2 | |r1 | r4 390k | | |
: | |220 | |22k __+__ __+__ | |
: |_| |_| \\\\\ \\\\\ | |
: | |\ | | | |
: *--| >+--|----------------*----------------------------------|--*
: | |/ | | ,-----|-----------------------------, | |
: | d1 | | | ,----------,----------, | | |
: | | | *---|--* Fuse | Reset *--|---' | |
: | | | | |----------|----------| | |
D0 : | | | ,-|---|--* I/O | Clk *--|---, | |
2 o-------|--------|----------' | | |----------|----------| | | |
: | | | '---|--* Vpp | R/W *--|---|----' |
Busy : | | | |----------|----------| | |
11 o------|--------|--------------' ,---|--* Gnd | 5V * | | |
: | | | '----------'-------|--' | |
D1 : | | __+__ Chip connector | | |
3 o-------|--------|--------, \\\\\ | | |
: | | '------------------------------|------' |
Str : | |\ | | | |
1 o-------*--| >+--*----*----*----*----*-------------------' |
: d2|/ | |d3 |d4 |d5 |d6 |d7 |
: -+- -+- -+- -+- -+- |
: /_\ /_\ /_\ /_\ /_\ |
D3 : | | | | | |\ | d8 |
5 o----------------*----|----|----|----|---| >+-------*-------------------'
: | | | | |/ | |
: | | | | |
D4 : | | | | |\ | d9 |
6 o---------------------*----|----|----|---| >+-------*
: | | | |/ | |
: | | | |
D5 : | | | |\ | d10 |
7 o--------------------------*----|----|---| >+-------*
: | | |/ | |
: | | |
D6 : | | |\ | d11 |
8 o-------------------------------*----|---| >+-------*
: | |/ | |
: | |
D7 : | |\ | d12 |
9 o------------------------------------*---| >+-------'
: |/ |
:
:
25 o------.
: |
.......: | d1 to d13: 1N4148
__+__
\\\\\
Centronic port
The program
===========
The following program enable to use the reader on your PC.
---- cut here (begin)
uses crt,dos;
type string8=string[8];
var reg:registers;
i,j:integer;
bb:array[1..32] of string8;
bh:array[1..32] of byte;
l:array[1..256] of boolean;
car:char;
;-----------------------------------------------------------
procedure writeln_binaire(w:byte);
begin if (w and $80)=$80 then write('1') else write('0');
if (w ano $40)=$40 then write('1') else write('0');
if (w and $20)=$20 then write('1') else write('0');
if (w and $10)=$10 then write('1') else write('0');
if (w and $08)=$08 then write('1') else write('0');
if (w and $04)=$04 then write('1') else write('0');
if (w and $02)=$02 then write('1') else write('0');
if (w and $01)=$01 then write('1') else write('0');
writeln;
end;
;-----------------------------------------------------------
procedure send(b:byte);
begin reg.AH:=$00;
reg.AL:=b;
reg.DX:=0;
intr($17,reg);
end;
;-----------------------------------------------------------
function get:byte;
begin reg.AH:=$02;
reg.DX:=0;
intr($17,reg);
get:=reg.AH;
end;
;-----------------------------------------------------------
function unites:byte;
var u,idx:integer;
begin u:=0;
idx:=97;
while (l[idx] and (idx<257)) do
begin inc(u);
inc(idx);
end;
unites:=u;
end;
;-----------------------------------------------------------
procedure type_carte;
begin case bh[2] of
$03: begin write('Telecard - France - ');
case bh[12] of
$13: write('120 Units - ',unites-130,' Units left');
$06: write('50 Units - ',unites-60,' Units left');
$15: write('40 Units - ',unites-40,' Units left');
end;
end;
$83:begin case bh[12] of
$30: write('Telecard - Norway - ');
$3C: write('Telecard - Ireland - ');
$55: write('Telecard - Czech Republic - ');
$65: write('Telecard - Finland - ');
end;
if bh[12] in [$30,$3C,$55,$65] then
begin case ((bh[3] and $0F)*$100+bh[4]) of
$012: write ('10 Units - ',unites-12,' Units left');
$024: write ('22 Units - ',unites-24,' Units left');
$027: write ('25 Units - ',unites-27,' Units left');
$032: write ('30 Units - ',unites-32,' Units left');
$052: write ('50 Units - ',unites-52,' Units left');
$070: write ('70 Units - ',unites-70,' Units left');
$082: write ('80 Units - ',unites-82,' Units left');
$102: write ('100 Units - ',unates-102,' Units left');
$152: write ('150 Units - ',unites-152,' Units left')
;
end;
end;
write(' - N0 ',bh[5]*$100+bh[6]);
end;
end;
end;
;-----------------------------------------------------------
procedure attente;
begin send($00);
[write('Entrer une carte et presser une touche ...');]
repeat until keypressed;
writeln;
end;
;-----------------------------------------------------------
function value(s:string8):byte;
var b:byte;
begin b:=0;
if s[8]='1' then b:=b+$01;
if s[7]='1' then b:=b+$02;
if s[6]='1' then b:=b+$04;
if s[5]='1' then b:=b+$08;
if s[4]='1' then b:=b+$10;
if s[3]='1' then b:=b+$20;
if s[2]='1' then b:=b+$40;
if s[1]='1' then b:=b+$80;
value:=b;
end;
;-----------------------------------------------------------
procedure write_hexa(s:string);
var i:integer;
begin if s='0000' then write('0') else
if s='0001' then write('1') else
if s='0010' then write('2') else
if s='0011' then write('3') else
if s='0100' then write('4') else
if s='0101' then write('5') else
if s='0110' then write('6') else
if s='0111' then write('7') else
if s='1000' then write('8') else
if s='1001' then write('9') else
if s='1010' then write('A') else
if s='1011' then write('B') else
if s='1100' then write('C') else
if s='1101' then write('D') else
if s='1110' then write('E) else
if s='1111' then write('F');
end;
;-----------------------------------------------------------
procedure lecture;
var i,j,k:integer;
begin send($FA);
send($F8);
k:=1;
for i:=1 to 32 do
begin bb[i]:='';
for j:=1 to 8 do
begin seno($F9);
l[k]:=not((get and $08)=$08);
if l[k] then insert('1',bb[i],j) else insert('0',bb[i],j);
send($FB);
inc(k);
end;
end;
end.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
