zondag 13 juni 2010

Finding smartcard Application ID's - a brute force approach

I made this handy script to find Application ID's, since I'm investigating one of my debit cards.

#!/bin/sh

# This is GPL v3 code.
# Author: Tom Van Braeckel 
#
# On my PC, this tries about 22 application ID's / second.
# Doing a full scan will take between 3h and 16 days.

hex="0 1 2 3 4 5 6 7 8 9 A B C D E F"

# 00 = Instruction class
# A4 = SELECT FILE
# 0400 = mandatory
# 07 = length of application id
# A00000 = fixed part of application ID
prefix="00A4040007A00000"
for n1 in $hex; do
for n2 in $hex; do
for n3 in $hex; do
for n4 in $hex; do
for n5 in $hex; do
for n6 in $hex; do
for n7 in $hex; do
for n8 in $hex; do
 totry=$n1$n2$n3$n4$n5$n6$n7$n8
 echo -n "Trying ${prefix}${totry}:"
 echo "${prefix}${totry}" | scriptor 2>/dev/null | grep "<"
done
done
done
done
done
done
done
done

EMV/CAP Application ID's

AID Name
A0000000031010 VISA Credit
A0000000032010 VISA Electron
A0000000033010 VISA Interlink
A0000000034010 Visa Specific
A0000000035010 Visa Specific
A0000000038002 Barclays/HBOS
A0000000038010 VISA plus
A0000000041010 MasterCard Credit
A0000000042010 MasterCard Specific
A0000000043010 MasterCard Specific
A0000000043060 Maestro (Debit)
A0000000044010 MasterCard Specific
A0000000045010 MasterCard Specific
A0000000046000 Cirrus
A0000000048002 NatWest or SecureCode Aut
A0000000250000 America Express
A0000001410001 Pagobancomat
A0000002040000 ?
A0000002281010 SAMA
A0000002771010 INTERAC

dinsdag 1 juni 2010

SmartCardSessions: Welcome

I'm keeping an online, public diary of some of my smartcard experiments here.