diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index efac3fd69..d9ce0a0de 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -12,6 +12,7 @@ name: "CodeQL" on: + workflow_dispatch: push: branches: [ master ] pull_request: diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index b1cc0e0c1..f93d60a5a 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -2,6 +2,7 @@ on: pull_request_target name: Changelog Reminder jobs: remind: + if: github.repository_owner = 'RfidResearchGroup' name: Changelog Reminder runs-on: ubuntu-latest steps: diff --git a/.github/workflows/uniq.yaml b/.github/workflows/uniq.yaml index e7223aaa8..3c114f844 100644 --- a/.github/workflows/uniq.yaml +++ b/.github/workflows/uniq.yaml @@ -18,5 +18,5 @@ jobs: - name: check unique keys in dic files shell: bash run: | - find . -type f -name "*.dic" | xargs -I {} sh -c "echo {} && cat {} | sed 's/ *#.*//;/^$/d' | sort | uniq -i -d -c | sort -n -r " - if [[ $(find . -type f -name "*.dic" | xargs -I {} sh -c "echo {} && cat {} | sed 's/ *#.*//;/^$/d' | sort | uniq -i -d -c | sort -n -r " | grep -v '^\./' | wc -l) -gt 0 ]]; then exit 1; fi + find . -type f -name "*.dic" | xargs -I {} sh -c "echo {} && cat {} | sed 's/ *#.*//;/^$/d' | sed 's/\(.*\)/\U\1/' | sort | uniq -i -d -c | sort -n -r " + if [[ $(find . -type f -name "*.dic" | xargs -I {} sh -c "echo {} && cat {} | sed 's/ *#.*//;/^$/d' | sed 's/\(.*\)/\U\1/' | sort | uniq -i -d -c | sort -n -r " | grep -v '^\./' | wc -l) -gt 0 ]]; then exit 1; fi diff --git a/CHANGELOG.md b/CHANGELOG.md index 50eb6424b..31fac046c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,20 +3,51 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] -- Fixed symlink name in `mem spiffs tree` (@ANTodorov) -- Fixed reported file/link names when `mem spiffs wipe` (ANTodorov) +- Changed `hf mf info` - now differentiates between full USCUID and cut down ZUID chips (@nvx) +- Changed `lf hitag chk` - added key counter, client side abort and minor delay (@iceman1001) +- Added `hf seos sam` - Added support for HID SAM SEOS communications (@jkramarz) +- Changed (extended) area accessible by spiffs into last page of FLASH (@piotrva) +- Changed flash-stored key dictionaries (Mifare, iClass, T55XX) and T55XX configurations to SPIFFS files (@piotrva) +- Changed `lf em 410x sim` to use default gap value of 0 and extended help (@piotrva) +- Changed `hf 14a info` - now identifies MIAFRE Duox (@iceman1001) +- Added `hf iclass trbl` to perform tear-off attacks on iClass (@antiklesys) +- Added support for connection to host device in all Docker envs (@doegox) +- Changed `hf 15 info` to show all type matches and check ST25TVxC signature (@doegox) +- Added initial support for ST25TN and its signature verification (@doegox) +- Changed originality checks handling to refactor code and pk data (@doegox) +- Changed `uniq.yaml` workflow to be case-insensitive (@iceman1001) +- Fixed `mem load --mfc` not erasing all SPI flash blocks after extending to 4095 keys (@piotrva) +- Changed extended area for Mifare keys in SPI flash to hold 4095 keys (@piotrva) +- Fixed DESFire D40 secure channel crypto (@nvx) +- Fixed `hf mfp info` fix signature check on 4b UID cards (@doegox) +- Automatically set maximum read/write block when using predefined types in `hf_mf_ultimatecard` script (@piotrva) +- Changed SPI flash detection to calculate the size instead of table lookup, updated spi_flash_decode.py script with more ICs (@ANTodorov) +- Fixed `hf/lf tune` segfault when called from script (@doegox) +- Added option to set and get maximum read/write block number using `hf_mf_ultimatecard` script (@piotrva) +- Added JEDEC information for SPI flash W25Q64JV (@ANTodorov) +- Added special iclass legacy config cards in `hf iclass configcard` (@antiklesys) +- Added simulation function to `hf iclass legrec` (@antiklesys) +- Added keys from Momentum firmware projects. (@onovy) +- Added Dutch Statistics Agency default key (@eagle00789) +- Fixed Wiegand decode with hex input dropping the first bit (@emilyastranova) +- Changed `hf mf autopwn` - now allows for custom suffix (@zxkmm) + +## [Orca.4.19552][2024-11-22] +- Fixed `hf_legic.lua` - removed bit32 commands from the script (@diorch1968) +- Fixed `mem spiffs tree` - now show correct symlink name (@ANTodorov) +- Fixed `mem spiffs wipe` - reported file/link names is now correct (@ANTodorov) - Updated atrs list (@iceman1001) - Added support for a new KDF (@iceman1001) - Added Inner range aid and mad entries (@iceman1001) - Changed `mem spiffs` - Use all available space in SPI flash (@ANTodorov) -- Fixed wrong size check in MifareSim (@iceman1001) +- Fixed `hf mf sim` - wrong size check in MifareSim (@iceman1001) - Fixed `hf mf sim` not to respond to authentication attempts for sectors out of bound for selected Mifare type (@piotrva) - Added option to build against non-default python3 with CMake as well (@doegox) - Added option to build against non-default python3 with Makefile (@ANTodorov) - Changed `hf 14a info` `hf mf info` - now detects FM1216-137 CPU cards (@iceman1001) -- Changed `hf iclass configcard` expanding the list of available options and functionalities (@antiklesys) +- Changed `hf iclass configcard` - expanding the list of available options and functionalities (@antiklesys) - Fixed `intertic.py` - missing comma in array (@iceman1001) -- Added improved algorithm for `hf iclass legrec` leveraging reduced entropy from hash0 constraints (@antiklesys) +- Changed `hf iclass legrec` - improved algorithm leveraging reduced entropy from hash0 constraints (@antiklesys) - Fixed `hf iclass configcard` when generating elite or keyroll elite configcards for Rev.C legacy readers (@antiklesys) - Changed `hf mf c*` - now accepts a --gdm flag to write using uscuid/gdm 20/23 alt magic wakeup (@nvx) - Changed `pm3_console()` - Python/Lua/C: replace `passthru` by `capture` and `quiet` (@doegox) @@ -26,12 +57,12 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Changed `hf iclass legrec` - updated script implementation to ensure functionality (@antiklesys) - Added recovered iclass custom key to dictionary (@antiklesys) - Added support for all Hitag S response protocol mode (@douniwan5788) -- Fixed 'hf_young.c' - flags declaration was missing a semicolon (@jakkpotts) +- Fixed `hf_young` - flags declaration was missing a semicolon (@jakkpotts) - Changed `hf mf sim` - add option to allow key b to be used even if readable (@doegox) - Changed `data num` - outputed binary strings are now properly zero padded (@iceman1001) - Changed `hf iclass info` - now tries default keys and decode if legacy (@iceman1001) - Changed `hf iclass chk` - now loads dictionary file by default (@iceman1001) -- Added an Makefile variable `DONT_BUILD_NATIVE` in mfd_aes_brute Makefile to easify downstream package +- Added Makefile variable `DONT_BUILD_NATIVE` in mfd_aes_brute Makefile to easify downstream package (@Cryolitia) - Auto detect whether compile option `march=native` is supported for mfd_aes_brute Makefile - Changed `hf mf sim` - support data-first and nested reader attacks (@doegox) - Fixed `lf search` and `lf em 4x50 rdbl -b ` does not coredump reading EM4450 tag (@ANTodorov) @@ -45,14 +76,14 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added `hf 14b setuid` - set uid on magic 14b tag (@iceman1001) - Changed `hf 14b info` - now detect Tiananxin (@iceman1001) - Fixed `lf em 410x brute` - better filehandling and memory handling (@iceman1001) -- Changed split PacketResponseNG status into status and reason(@douniwan5788) -- add a helper script to decode JEDEC data `script run spi_flash_decode` (@ANTodorov) -- show SPI flash JEDEC Manufacturer ID and Device ID in `hw status` output (@ANTodorov) -- Improved `hf iclass configcards` to support generating config cards using a different key than the default k0 as the card's key (@antiklesys) +- Changed split PacketResponseNG status into status and reason (@douniwan5788) +- Added `spi_flash_decode.py` - helper script to decode JEDEC data (@ANTodorov) +- Changed `hw status` - now show SPI flash JEDEC Manufacturer ID and Device ID in output (@ANTodorov) +- Changed `hf iclass configcards` to support generating config cards using a different key than the default k0 as the card's key (@antiklesys) - Added maur keys (@iceman1001) - Fixed `hf mfu pwdgen` for the 7 byte UID (@ANTodorov) - Added `hf iclass unhash` command to reverse an iclass diversified key to hash0 pre-images (@antiklesys) -- Added crypto1 support to `hf 14a raw` (@doegox) +- Changed `hf 14a raw` - now supports crypto (@doegox) - Changed `hw version` command to print LUA and Python versions (@jmichelp) - Updated LUA to v5.4.7 which adds utf-8 support (@jmichelp) - Moved `lf hitag sim --hts` -> `lf hitag hts sim` (@douniwan5788) @@ -70,11 +101,11 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added detection for FM11NT021 (@iceman1001) - Added detection of a magic NTAG 215 (@iceman1001) - Fixed hardnested on AVX512F #2410 (@xianglin1998) -- Added `hf 14a aidsim` - simulates a PICC (like `14a sim`), and allows you to respond to specific AIDs and getData responses (@evildaemond) +- Added `hf 14a aidsim` - simulates a PICC and allows you to respond to specific AIDs and getData responses (@evildaemond) - Fixed arguments for `SimulateIso14443aTag` and `SimulateIso14443aInit` in `hf_young.c`, `hf_aveful.c`, `hf_msdsal.c`, `hf_cardhopper.c`, `hf_reblay.c`, `hf_tcprst.c` and `hf_craftbyte.c` (@archi) - Added `mf_backdoor_dump.py` script that dumps FM11RF08S and similar (Mifare Classic 1k) tag data that can be directly read by known backdoor keys. (@Aptimex) - Added keys for Metro Q transit cards in Huston, TX. (@Anarchothulhu) -- Add new Mifare Classic keys from MifareClassicTool and Flipper projects. (@onovy) +- Added keys from MifareClassicTool and Flipper projects. (@onovy) ## [Backdoor.4.18994][2024-09-10] - Changed flashing messages to be less scary (@iceman1001) diff --git a/armsrc/Makefile b/armsrc/Makefile index 536e95b50..796a8ec13 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -37,7 +37,8 @@ APP_CFLAGS = $(PLATFORM_DEFS) \ SRC_LF = lfops.c lfsampling.c pcf7931.c lfdemod.c lfadc.c SRC_HF = hfops.c SRC_ISO15693 = iso15693.c iso15693tools.c -SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c sam_mfc.c sam_seos.c emvsim.c +SRC_ISO14443a = iso14443a.c mifareutil.c mifarecmd.c epa.c mifaresim.c sam_common.c sam_mfc.c sam_seos.c emvsim.c + #UNUSED: mifaresniff.c SRC_ISO14443b = iso14443b.c SRC_FELICA = felica.c diff --git a/armsrc/appmain.c b/armsrc/appmain.c index baa616b26..132f8ba8f 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -441,7 +441,41 @@ static void SendStatus(uint32_t wait) { ModInfo(); #ifdef WITH_FLASH - Flashmem_print_info(); + DbpString(_CYAN_("Flash memory dictionary loaded")); + uint32_t num = 0; + + if (exists_in_spiffs(MF_KEYS_FILE)) { + num = size_in_spiffs(MF_KEYS_FILE) / MF_KEY_LENGTH; + } else { + num = 0; + } + if (num > 0) { + Dbprintf(" Mifare.................. "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, MF_KEYS_FILE); + } else { + Dbprintf(" Mifare.................. "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, MF_KEYS_FILE); + } + + if (exists_in_spiffs(T55XX_KEYS_FILE)) { + num = size_in_spiffs(T55XX_KEYS_FILE) / T55XX_KEY_LENGTH; + } else { + num = 0; + } + if (num > 0) { + Dbprintf(" T55xx................... "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, T55XX_KEYS_FILE); + } else { + Dbprintf(" T55xx................... "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, T55XX_KEYS_FILE); + } + + if (exists_in_spiffs(ICLASS_KEYS_FILE)) { + num = size_in_spiffs(ICLASS_KEYS_FILE) / ICLASS_KEY_LENGTH; + } else { + num = 0; + } + if (num > 0) { + Dbprintf(" iClass.................. "_YELLOW_("%u")" keys (spiffs: "_GREEN_("%s")")", num, ICLASS_KEYS_FILE); + } else { + Dbprintf(" iClass.................. "_RED_("%u")" keys (spiffs: "_RED_("%s")")", num, ICLASS_KEYS_FILE); + } #endif DbpString(""); reply_ng(CMD_STATUS, PM3_SUCCESS, NULL, 0); @@ -1792,7 +1826,7 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES: { - MifareAcquireStaticEncryptedNonces(packet->oldarg[0], packet->data.asBytes, true); + MifareAcquireStaticEncryptedNonces(packet->oldarg[0], packet->data.asBytes, true, packet->oldarg[1], packet->oldarg[2]); break; } case CMD_HF_MIFARE_ACQ_NONCES: { @@ -2226,7 +2260,7 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_SAM_SEOS: { -// sam_seos_get_pacs(); + sam_seos_get_pacs(packet); break; } @@ -2762,28 +2796,10 @@ static void PacketReceived(PacketCommandNG *packet) { break; } - if (payload->startidx == DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k)) { + if (payload->startidx == FLASH_MEM_SIGNATURE_OFFSET_P(spi_flash_pages64k)) { Flash_CheckBusy(BUSY_TIMEOUT); Flash_WriteEnable(); - Flash_Erase4k(3, 0xC); - } else if (payload->startidx == DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k)) { - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(3, 0x8); - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(3, 0x9); - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(3, 0xA); - } else if (payload->startidx == DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages64k)) { - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(3, 0xB); - } else if (payload->startidx == FLASH_MEM_SIGNATURE_OFFSET_P(spi_flash_pages64k)) { - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(3, 0xF); + Flash_Erase4k(spi_flash_pages64k - 1, 0xF); } uint16_t res = Flash_Write(payload->startidx, payload->data, payload->len); diff --git a/armsrc/lfops.c b/armsrc/lfops.c index 263905466..01eae38a4 100644 --- a/armsrc/lfops.c +++ b/armsrc/lfops.c @@ -37,7 +37,8 @@ #include "protocols.h" #include "pmflash.h" #include "flashmem.h" // persistence on flash -#include "appmain.h" // print stack +#include "spiffs.h" // spiffs +#include "appmain.h" // print stack /* Notes about EM4xxx timings. @@ -324,31 +325,7 @@ void setT55xxConfig(uint8_t arg0, const t55xx_configurations_t *c) { return; } - if (!FlashInit()) { - BigBuf_free(); - return; - } - - uint8_t *buf = BigBuf_malloc(T55XX_CONFIG_LEN); - Flash_CheckBusy(BUSY_TIMEOUT); - uint16_t res = Flash_ReadDataCont(T55XX_CONFIG_OFFSET, buf, T55XX_CONFIG_LEN); - if (res == 0) { - FlashStop(); - BigBuf_free(); - return; - } - - memcpy(buf, &T55xx_Timing, T55XX_CONFIG_LEN); - - // delete old configuration - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - Flash_Erase4k(3, 0xD); - - // write new - res = Flash_Write(T55XX_CONFIG_OFFSET, buf, T55XX_CONFIG_LEN); - - if (res == T55XX_CONFIG_LEN && g_dbglevel > 1) { + if (SPIFFS_OK == rdv40_spiffs_write(T55XX_CONFIG_FILE, (uint8_t *)&T55xx_Timing, T55XX_CONFIG_LEN, RDV40_SPIFFS_SAFETY_SAFE)) { DbpString("T55XX Config save " _GREEN_("success")); } @@ -363,15 +340,23 @@ t55xx_configurations_t *getT55xxConfig(void) { void loadT55xxConfig(void) { #ifdef WITH_FLASH - if (!FlashInit()) { + uint8_t *buf = BigBuf_malloc(T55XX_CONFIG_LEN); + + uint32_t size = 0; + if (exists_in_spiffs(T55XX_CONFIG_FILE)) { + size = size_in_spiffs(T55XX_CONFIG_FILE); + } + if (size == 0) { + Dbprintf("Spiffs file: %s does not exists or empty.", T55XX_CONFIG_FILE); + BigBuf_free(); return; } - uint8_t *buf = BigBuf_malloc(T55XX_CONFIG_LEN); - - Flash_CheckBusy(BUSY_TIMEOUT); - uint16_t isok = Flash_ReadDataCont(T55XX_CONFIG_OFFSET, buf, T55XX_CONFIG_LEN); - FlashStop(); + if (SPIFFS_OK != rdv40_spiffs_read(T55XX_CONFIG_FILE, buf, T55XX_CONFIG_LEN, RDV40_SPIFFS_SAFETY_SAFE)) { + Dbprintf("Spiffs file: %s cannot be read.", T55XX_CONFIG_FILE); + BigBuf_free(); + return; + } // verify read mem is actual data. uint8_t cntA = T55XX_CONFIG_LEN, cntB = T55XX_CONFIG_LEN; @@ -380,6 +365,7 @@ void loadT55xxConfig(void) { if (buf[i] == 0x00) cntB--; } if (!cntA || !cntB) { + Dbprintf("Spiffs file: %s does not malformed or empty.", T55XX_CONFIG_FILE); BigBuf_free(); return; } @@ -387,7 +373,7 @@ void loadT55xxConfig(void) { if (buf[0] != 0xFF) // if not set for clear memcpy((uint8_t *)&T55xx_Timing, buf, T55XX_CONFIG_LEN); - if (isok == T55XX_CONFIG_LEN) { + if (size == T55XX_CONFIG_LEN) { if (g_dbglevel > 1) DbpString("T55XX Config load success"); } @@ -2146,29 +2132,34 @@ void T55xx_ChkPwds(uint8_t flags, bool ledcontrol) { #ifdef WITH_FLASH BigBuf_Clear_EM(); - uint16_t isok = 0; - uint8_t counter[2] = {0x00, 0x00}; - isok = Flash_ReadData(DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k), counter, sizeof(counter)); - if (isok != sizeof(counter)) - goto OUT; + uint32_t size = 0; - pwd_count = (uint16_t)(counter[1] << 8 | counter[0]); + if (exists_in_spiffs(T55XX_KEYS_FILE)) { + size = size_in_spiffs(T55XX_KEYS_FILE); + } + if (size == 0) { + Dbprintf("Spiffs file: %s does not exists or empty.", T55XX_KEYS_FILE); + goto OUT; + } + + pwd_count = size / T55XX_KEY_LENGTH; if (pwd_count == 0) goto OUT; // since flash can report way too many pwds, we need to limit it. // bigbuff EM size is determined by CARD_MEMORY_SIZE // a password is 4bytes. - uint16_t pwd_size_available = MIN(CARD_MEMORY_SIZE, pwd_count * 4); + uint16_t pwd_size_available = MIN(CARD_MEMORY_SIZE, pwd_count * T55XX_KEY_LENGTH); // adjust available pwd_count - pwd_count = pwd_size_available / 4; + pwd_count = pwd_size_available / T55XX_KEY_LENGTH; - isok = Flash_ReadData(DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k) + 2, pwds, pwd_size_available); - if (isok != pwd_size_available) + if (SPIFFS_OK == rdv40_spiffs_read_as_filetype(T55XX_KEYS_FILE, pwds, pwd_size_available, RDV40_SPIFFS_SAFETY_SAFE)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u passwords from spiffs file: %s", pwd_count, T55XX_KEYS_FILE); + } else { + Dbprintf("Spiffs file: %s cannot be read.", T55XX_KEYS_FILE); goto OUT; - - Dbprintf("Password dictionary count " _YELLOW_("%d"), pwd_count); + } #endif diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 026b509b8..46c032011 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1036,7 +1036,7 @@ void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, // acquire static encrypted nonces in order to perform the attack described in // Philippe Teuwen, "MIFARE Classic: exposing the static encrypted nonce variant" //----------------------------------------------------------------------------- -int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool reply) { +int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool reply, uint8_t first_block_no, uint8_t first_key_type) { struct Crypto1State mpcs = {0, 0}; struct Crypto1State *pcs; pcs = &mpcs; @@ -1055,6 +1055,10 @@ int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool uint8_t buf[MIFARE_BLOCK_SIZE] = {0x00}; uint64_t ui64Key = bytes_to_num(key, 6); bool with_data = flags & 1; + bool without_backdoor = (flags >> 1) & 1; + if (with_data && without_backdoor) { + return PM3_EINVARG; + } uint32_t cuid = 0; int16_t isOK = PM3_SUCCESS; uint8_t cascade_levels = 0; @@ -1072,121 +1076,230 @@ int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool LED_C_ON(); - for (uint16_t sec = 0; sec < MIFARE_1K_MAXSECTOR + 1; sec++) { - uint16_t sec_gap = sec; - if (sec >= MIFARE_1K_MAXSECTOR) { - // gap between user blocks and advanced verification method blocks - sec_gap += 16; + if (without_backdoor) { + uint32_t nt1 = 0; + + iso14a_card_select_t card_info; + if (iso14443a_select_card(uid, &card_info, &cuid, true, 0, true) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (ALL)"); + isOK = PM3_ERFTRANS; + goto out; } - uint16_t blockNo = sec_gap * 4; - for (uint8_t keyType = 0; keyType < 2; keyType++) { - // Test if the action was cancelled - if (BUTTON_PRESS()) { - isOK = PM3_EOPABORTED; + switch (card_info.uidlen) { + case 4 : + cascade_levels = 1; break; + case 7 : + cascade_levels = 2; + break; + case 10: + cascade_levels = 3; + break; + default: + break; + } + if (mifare_classic_authex_cmd(pcs, cuid, first_block_no, MIFARE_AUTH_KEYA + first_key_type, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + + uint16_t len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + first_key_type, first_block_no, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); + if (len != 4) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); + isOK = PM3_ESOFT; + goto out; + } + uint32_t nt_enc = bytes_to_num(receivedAnswer, 4); + + // send some crap to fail auth + CHK_TIMEOUT(); + + if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); + isOK = PM3_ERFTRANS; + goto out; + } + if (mifare_classic_authex_cmd(pcs, cuid, first_block_no, MIFARE_AUTH_KEYA + first_key_type, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + // Recover clear nt + struct Crypto1State mpcs_tmp = {0, 0}; + struct Crypto1State *pcs_tmp = &mpcs_tmp; + crypto1_init(pcs_tmp, ui64Key); + uint32_t nt = crypto1_word(pcs_tmp, nt_enc ^ cuid, 1) ^ nt_enc; + int dist = nonce_distance(nt, nt1); + // ref dist is not always stable. Adjust physical distance to maximise ref dist, and try values around estimated nonces... + Dbprintf("Block %2i key %i nested nT=%08x first nT=%08x dist=%i", first_block_no, first_key_type, nt, nt1, dist); + + for (uint16_t sec = 0; sec < MIFARE_1K_MAXSECTOR + 1; sec++) { + uint16_t sec_gap = sec; + if (sec >= MIFARE_1K_MAXSECTOR) { + // gap between user blocks and advanced verification method blocks + sec_gap += 16; } - if (have_uid == false) { // need a full select cycle to get the uid first - iso14a_card_select_t card_info; - if (iso14443a_select_card(uid, &card_info, &cuid, true, 0, true) == 0) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (ALL)"); - isOK = PM3_ERFTRANS; + uint16_t blockNo = sec_gap * 4; + for (uint8_t keyType = 0; keyType < 2; keyType++) { + // Test if the action was cancelled + if (BUTTON_PRESS()) { + isOK = PM3_EOPABORTED; + break; + } + + len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); + if (len != 4) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); + isOK = PM3_ESOFT; goto out; } - switch (card_info.uidlen) { - case 4 : - cascade_levels = 1; - break; - case 7 : - cascade_levels = 2; - break; - case 10: - cascade_levels = 3; - break; - default: - break; - } - have_uid = true; - } else { // no need for anticollision. We can directly select the card + // store nt_enc + memcpy(buf + (keyType * 8) + 4, receivedAnswer, 4); + nt_enc = bytes_to_num(receivedAnswer, 4); + uint8_t nt_par_err = ((((par_enc[0] >> 7) & 1) ^ oddparity8((nt_enc >> 24) & 0xFF)) << 3 | + (((par_enc[0] >> 6) & 1) ^ oddparity8((nt_enc >> 16) & 0xFF)) << 2 | + (((par_enc[0] >> 5) & 1) ^ oddparity8((nt_enc >> 8) & 0xFF)) << 1 | + (((par_enc[0] >> 4) & 1) ^ oddparity8((nt_enc >> 0) & 0xFF))); + // Dbprintf("Sec %2i key %i {nT}=%02x%02x%02x%02x perr=%x", sec, keyType, receivedAnswer[0], receivedAnswer[1], receivedAnswer[2], receivedAnswer[3], nt_par_err); + // store nt_par_err + buf[(keyType * 8) + 2] = nt_par_err; + buf[(keyType * 8) + 3] = 0xAA; // extra check to tell we have nt/nt_enc/par_err + + // send some crap to fail auth + CHK_TIMEOUT(); + if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); isOK = PM3_ERFTRANS; goto out; } + if (mifare_classic_authex_cmd(pcs, cuid, first_block_no, MIFARE_AUTH_KEYA + first_key_type, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + nt1 = rewind_nonce(nt1, dist); + num_to_bytes(nt1 >> 16, 2, buf + (keyType * 8)); + emlSetMem_xt(buf, (CARD_MEMORY_RF08S_OFFSET / MIFARE_BLOCK_SIZE) + sec, 1, MIFARE_BLOCK_SIZE); } - - uint32_t nt1 = 0; - if (mifare_classic_authex_cmd(pcs, cuid, blockNo, MIFARE_AUTH_KEYA + keyType + 4, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); - isOK = PM3_ESOFT; - goto out; - }; - if ((with_data) && (keyType == 0)) { - uint8_t data[16]; - uint8_t blocks = 4; - if (blockNo >= MIFARE_1K_MAXSECTOR * 4) { - // special RF08S advanced authentication blocks, let's dump in emulator just in case - blocks = 8; + } + } else { + for (uint16_t sec = 0; sec < MIFARE_1K_MAXSECTOR + 1; sec++) { + uint16_t sec_gap = sec; + if (sec >= MIFARE_1K_MAXSECTOR) { + // gap between user blocks and advanced verification method blocks + sec_gap += 16; + } + uint16_t blockNo = sec_gap * 4; + for (uint8_t keyType = 0; keyType < 2; keyType++) { + // Test if the action was cancelled + if (BUTTON_PRESS()) { + isOK = PM3_EOPABORTED; + break; } - for (uint16_t tb = blockNo; tb < blockNo + blocks; tb++) { - memset(data, 0x00, sizeof(data)); - int res = mifare_classic_readblock(pcs, tb, data); - if (res == 1) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Read error"); - isOK = PM3_ESOFT; + if (have_uid == false) { // need a full select cycle to get the uid first + iso14a_card_select_t card_info; + if (iso14443a_select_card(uid, &card_info, &cuid, true, 0, true) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (ALL)"); + isOK = PM3_ERFTRANS; + goto out; + } + switch (card_info.uidlen) { + case 4 : + cascade_levels = 1; + break; + case 7 : + cascade_levels = 2; + break; + case 10: + cascade_levels = 3; + break; + default: + break; + } + have_uid = true; + } else { // no need for anticollision. We can directly select the card + if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); + isOK = PM3_ERFTRANS; goto out; } - emlSetMem_xt(data, tb, 1, 16); } - } - // nested authentication - uint16_t len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType + 4, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); - if (len != 4) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); - isOK = PM3_ESOFT; - goto out; - } - uint32_t nt_enc = bytes_to_num(receivedAnswer, 4); - crypto1_init(pcs, ui64Key); - uint32_t nt = crypto1_word(pcs, nt_enc ^ cuid, 1) ^ nt_enc; - // Dbprintf("Sec %2i key %i nT=%08x", sec, keyType + 4, nt); - // store nt (first half) - num_to_bytes(nt >> 16, 2, buf + (keyType * 8)); - // send some crap to fail auth - uint8_t nack[] = {0x04}; - ReaderTransmit(nack, sizeof(nack), NULL); - if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); - isOK = PM3_ERFTRANS; - goto out; - } - if (mifare_classic_authex_cmd(pcs, cuid, blockNo, MIFARE_AUTH_KEYA + keyType + 4, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); - isOK = PM3_ESOFT; - goto out; - }; + uint32_t nt1 = 0; + if (mifare_classic_authex_cmd(pcs, cuid, blockNo, MIFARE_AUTH_KEYA + keyType + 4, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + if ((with_data) && (keyType == 0)) { + uint8_t data[16]; + uint8_t blocks = 4; + if (blockNo >= MIFARE_1K_MAXSECTOR * 4) { + // special RF08S advanced authentication blocks, let's dump in emulator just in case + blocks = 8; + } + for (uint16_t tb = blockNo; tb < blockNo + blocks; tb++) { + memset(data, 0x00, sizeof(data)); + int res = mifare_classic_readblock(pcs, tb, data); + if (res == 1) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Read error"); + isOK = PM3_ESOFT; + goto out; + } + emlSetMem_xt(data, tb, 1, 16); + } + } + // nested authentication + uint16_t len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType + 4, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); + if (len != 4) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); + isOK = PM3_ESOFT; + goto out; + } + uint32_t nt_enc = bytes_to_num(receivedAnswer, 4); + crypto1_init(pcs, ui64Key); + uint32_t nt = crypto1_word(pcs, nt_enc ^ cuid, 1) ^ nt_enc; + // Dbprintf("Sec %2i key %i nT=%08x", sec, keyType + 4, nt); + // store nt (first half) + num_to_bytes(nt >> 16, 2, buf + (keyType * 8)); + // send some crap to fail auth + CHK_TIMEOUT(); - // nested authentication on regular keytype - len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); - if (len != 4) { - if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); - isOK = PM3_ESOFT; - goto out; + if (iso14443a_fast_select_card(uid, cascade_levels) == 0) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Can't select card (UID)"); + isOK = PM3_ERFTRANS; + goto out; + } + if (mifare_classic_authex_cmd(pcs, cuid, blockNo, MIFARE_AUTH_KEYA + keyType + 4, ui64Key, AUTH_FIRST, &nt1, NULL, NULL, NULL, false, false)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth1 error"); + isOK = PM3_ESOFT; + goto out; + }; + + // nested authentication on regular keytype + len = mifare_sendcmd_short(pcs, AUTH_NESTED, MIFARE_AUTH_KEYA + keyType, blockNo, receivedAnswer, sizeof(receivedAnswer), par_enc, NULL); + if (len != 4) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("AcquireStaticEncryptedNonces: Auth2 error len=%d", len); + isOK = PM3_ESOFT; + goto out; + } + // store nt_enc + memcpy(buf + (keyType * 8) + 4, receivedAnswer, 4); + nt_enc = bytes_to_num(receivedAnswer, 4); + uint8_t nt_par_err = ((((par_enc[0] >> 7) & 1) ^ oddparity8((nt_enc >> 24) & 0xFF)) << 3 | + (((par_enc[0] >> 6) & 1) ^ oddparity8((nt_enc >> 16) & 0xFF)) << 2 | + (((par_enc[0] >> 5) & 1) ^ oddparity8((nt_enc >> 8) & 0xFF)) << 1 | + (((par_enc[0] >> 4) & 1) ^ oddparity8((nt_enc >> 0) & 0xFF))); + // Dbprintf("Sec %2i key %i {nT}=%02x%02x%02x%02x perr=%x", sec, keyType, receivedAnswer[0], receivedAnswer[1], receivedAnswer[2], receivedAnswer[3], nt_par_err); + // store nt_par_err + buf[(keyType * 8) + 2] = nt_par_err; + buf[(keyType * 8) + 3] = 0xAA; // extra check to tell we have nt/nt_enc/par_err + emlSetMem_xt(buf, (CARD_MEMORY_RF08S_OFFSET / MIFARE_BLOCK_SIZE) + sec, 1, MIFARE_BLOCK_SIZE); + // send some crap to fail auth + CHK_TIMEOUT(); } - // store nt_enc - memcpy(buf + (keyType * 8) + 4, receivedAnswer, 4); - nt_enc = bytes_to_num(receivedAnswer, 4); - uint8_t nt_par_err = ((((par_enc[0] >> 7) & 1) ^ oddparity8((nt_enc >> 24) & 0xFF)) << 3 | - (((par_enc[0] >> 6) & 1) ^ oddparity8((nt_enc >> 16) & 0xFF)) << 2 | - (((par_enc[0] >> 5) & 1) ^ oddparity8((nt_enc >> 8) & 0xFF)) << 1 | - (((par_enc[0] >> 4) & 1) ^ oddparity8((nt_enc >> 0) & 0xFF))); - // Dbprintf("Sec %2i key %i {nT}=%02x%02x%02x%02x perr=%x", sec, keyType, receivedAnswer[0], receivedAnswer[1], receivedAnswer[2], receivedAnswer[3], nt_par_err); - // store nt_par_err - buf[(keyType * 8) + 2] = nt_par_err; - buf[(keyType * 8) + 3] = 0xAA; // extra check to tell we have nt/nt_enc/par_err - emlSetMem_xt(buf, (CARD_MEMORY_RF08S_OFFSET / MIFARE_BLOCK_SIZE) + sec, 1, MIFARE_BLOCK_SIZE); - // send some crap to fail auth - ReaderTransmit(nack, sizeof(nack), NULL); } } out: @@ -1194,7 +1307,7 @@ out: crypto1_deinit(pcs); LED_B_ON(); if (reply) { - reply_old(CMD_ACK, isOK, cuid, 0, BigBuf_get_EM_addr() + CARD_MEMORY_RF08S_OFFSET, MIFARE_BLOCK_SIZE * (MIFARE_1K_MAXSECTOR + 1)); + reply_mix(CMD_ACK, isOK, cuid, 0, BigBuf_get_EM_addr() + CARD_MEMORY_RF08S_OFFSET, MIFARE_BLOCK_SIZE * (MIFARE_1K_MAXSECTOR + 1)); } LED_B_OFF(); @@ -1787,31 +1900,36 @@ void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *da #ifdef WITH_FLASH if (use_flashmem) { BigBuf_free(); - uint16_t isok = 0; - uint8_t size[2] = {0x00, 0x00}; - isok = Flash_ReadData(DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k), size, 2); - if (isok != 2) + uint32_t size = 0; + if (exists_in_spiffs(MF_KEYS_FILE)) { + size = size_in_spiffs(MF_KEYS_FILE); + } + if (size == 0) { + Dbprintf("Spiffs file: %s does not exists or empty.", MF_KEYS_FILE); goto OUT; + } - keyCount = size[1] << 8 | size[0]; + keyCount = size / MF_KEY_LENGTH; if (keyCount == 0) goto OUT; // limit size of available for keys in bigbuff // a key is 6bytes - uint16_t key_mem_available = MIN(BigBuf_get_size(), keyCount * 6); + uint16_t key_mem_available = MIN(BigBuf_get_size(), keyCount * MF_KEY_LENGTH); - keyCount = key_mem_available / 6; + keyCount = key_mem_available / MF_KEY_LENGTH; datain = BigBuf_malloc(key_mem_available); if (datain == NULL) goto OUT; - isok = Flash_ReadData(DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k) + 2, datain, key_mem_available); - if (isok != key_mem_available) + if (SPIFFS_OK == rdv40_spiffs_read_as_filetype(MF_KEYS_FILE, datain, keyCount * MF_KEY_LENGTH, RDV40_SPIFFS_SAFETY_SAFE)) { + if (g_dbglevel >= DBG_ERROR) Dbprintf("Loaded %u keys from spiffs file: %s", keyCount, MF_KEYS_FILE); + } else { + Dbprintf("Spiffs file: %s cannot be read.", MF_KEYS_FILE); goto OUT; - + } } #endif @@ -2809,6 +2927,7 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) { uint8_t rdbl00[4] = {ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8}; uint8_t gen4gdmAuth[4] = {MIFARE_MAGIC_GDM_AUTH_KEY, 0x00, 0x6C, 0x92}; uint8_t gen4gdmGetConf[4] = {MIFARE_MAGIC_GDM_READ_CFG, 0x00, 0x39, 0xF7}; + uint8_t gen4gdmGetMagicBlock[4] = {MIFARE_MAGIC_GDM_READBLOCK, 0x00, 0xC2, 0x66}; uint8_t gen4GetConf[8] = {GEN_4GTU_CMD, 0x00, 0x00, 0x00, 0x00, GEN_4GTU_GETCNF, 0, 0}; uint8_t superGen1[9] = {0x0A, 0x00, 0x00, 0xA6, 0xB0, 0x00, 0x10, 0x14, 0x1D}; bool isGen2 = false; @@ -2837,7 +2956,16 @@ void MifareCIdent(bool is_mfc, uint8_t keytype, uint8_t *key) { ReaderTransmit(gen4gdmGetConf, sizeof(gen4gdmGetConf), NULL); res = ReaderReceive(buf, PM3_CMD_DATA_SIZE, par); if (res > 1) { - flag |= MAGIC_FLAG_GDM_WUP_40; + // could be ZUID or full USCUID, the magic blocks don't exist on ZUID so + // a failure here indicates a feature limited chip like ZUID + // check for GDM hidden block read + ReaderTransmit(gen4gdmGetMagicBlock, sizeof(gen4gdmGetMagicBlock), NULL); + res = ReaderReceive(buf, PM3_CMD_DATA_SIZE, par); + if (res > 1) { + flag |= MAGIC_FLAG_GDM_WUP_40; + } else { + flag |= MAGIC_FLAG_GDM_WUP_40_ZUID; + } } } @@ -3127,7 +3255,8 @@ void MifareHasStaticEncryptedNonce(uint8_t block_no, uint8_t key_type, uint8_t * goto OUT; }; first_nt_counter++; - } else for (uint8_t i = 0; i < nr_nested; i++) { + } else { + for (uint8_t i = 0; i < nr_nested; i++) { if (need_first_auth) { cuid = 0; @@ -3204,6 +3333,7 @@ void MifareHasStaticEncryptedNonce(uint8_t block_no, uint8_t key_type, uint8_t * } oldntenc = ntenc; } + } data[1] = (cuid >> 24) & 0xFF; data[2] = (cuid >> 16) & 0xFF; @@ -3367,7 +3497,8 @@ void MifareGen3Blk(uint8_t block_len, uint8_t *block) { retval = PM3_ESOFT; goto OUT; } - cmd[ofs++] = card_info->sak; + cmd[ofs] = block_len <= card_info->uidlen ? card_info->sak : cmd[ofs]; + ofs++; cmd[ofs++] = card_info->atqa[0]; cmd[ofs++] = card_info->atqa[1]; AddCrc14A(cmd, sizeof(block_cmd) + MIFARE_BLOCK_SIZE); diff --git a/armsrc/mifarecmd.h b/armsrc/mifarecmd.h index 8f19528c2..2dcfa4e4b 100644 --- a/armsrc/mifarecmd.h +++ b/armsrc/mifarecmd.h @@ -37,7 +37,7 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8 void MifareStaticNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8_t targetKeyType, uint8_t *key); void MifareAcquireEncryptedNonces(uint32_t arg0, uint32_t arg1, uint32_t flags, uint8_t *datain); -int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool reply); +int MifareAcquireStaticEncryptedNonces(uint32_t flags, const uint8_t *key, bool reply, uint8_t first_block_no, uint8_t first_key_type); void MifareAcquireNonces(uint32_t arg0, uint32_t flags); void MifareChkKeys(uint8_t *datain, uint8_t reserved_mem); void MifareChkKeys_fast(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 9f4b87674..b8cb4838d 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -983,3 +983,12 @@ int nonce_distance(uint32_t from, uint32_t to) { int nonce16_index(uint16_t nt) { return nonce16_distance(0x0100, nt) + 1; } + +uint32_t rewind_nonce(uint32_t from, uint16_t dist) { + uint16_t x = from >> 16; + for (uint16_t i = 0; i < dist; i++) { + x = ((x << 1 | x >> 15) & 0xffff) ^ ((x >> 1 ^ x >> 2 ^ x >> 4) & 0x100); + } + uint32_t nt = x; + return nt << 16 | prng_successor(nt, 16); +} diff --git a/armsrc/mifareutil.h b/armsrc/mifareutil.h index b1ae83021..d118533a9 100644 --- a/armsrc/mifareutil.h +++ b/armsrc/mifareutil.h @@ -128,4 +128,5 @@ bool validate_parity_nonce(uint32_t ntenc, uint8_t ntparenc, uint32_t nt); int nonce_distance(uint32_t from, uint32_t to); int nonce16_distance(uint16_t x, uint16_t y); int nonce16_index(uint16_t nt); +uint32_t rewind_nonce(uint32_t from, uint16_t dist); #endif diff --git a/armsrc/sam_common.c b/armsrc/sam_common.c new file mode 100644 index 000000000..76ca269e1 --- /dev/null +++ b/armsrc/sam_common.c @@ -0,0 +1,373 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// Routines to support MFC <-> SAM communication +//----------------------------------------------------------------------------- + + +#include +#include "sam_common.h" +#include "iclass.h" +#include "proxmark3_arm.h" +#include "BigBuf.h" +#include "commonutil.h" +#include "ticks.h" +#include "dbprint.h" +#include "i2c.h" +#include "iso15693.h" +#include "protocols.h" + + +/** + * @brief Transmits data to and receives data from a HID®'s iCLASS® SE™ Processor. + * + * This function sends a specified number of bytes to the SAM and receives a response. + * + * @param data Pointer to the data to be transmitted. + * @param n Number of bytes to be transmitted. + * @param resp Pointer to the buffer where the response will be stored. + * @param resplen Pointer to the variable where the length of the response will be stored. + * @return Status code indicating success or failure of the operation. + */ +int sam_rxtx(const uint8_t *data, uint16_t n, uint8_t *resp, uint16_t *resplen) { + bool res = I2C_BufferWrite(data, n, I2C_DEVICE_CMD_SEND_T0, I2C_DEVICE_ADDRESS_MAIN); + if (res == false) { + DbpString("failed to send to SIM CARD"); + goto out; + } + + *resplen = ISO7816_MAX_FRAME; + + res = sc_rx_bytes(resp, resplen, SIM_WAIT_DELAY); + if (res == false) { + DbpString("failed to receive from SIM CARD"); + goto out; + } + + if (*resplen < 2) { + DbpString("received too few bytes from SIM CARD"); + res = false; + goto out; + } + + uint16_t more_len = 0; + + if (resp[*resplen - 2] == 0x61 || resp[*resplen - 2] == 0x9F) { + more_len = resp[*resplen - 1]; + } else { + // we done, return + goto out; + } + + // Don't discard data we already received except the SW code. + // If we only received 1 byte, this is the echo of INS, we discard it. + *resplen -= 2; + if (*resplen == 1) { + *resplen = 0; + } + + uint8_t cmd_getresp[] = {0x00, ISO7816_GET_RESPONSE, 0x00, 0x00, more_len}; + + res = I2C_BufferWrite(cmd_getresp, sizeof(cmd_getresp), I2C_DEVICE_CMD_SEND_T0, I2C_DEVICE_ADDRESS_MAIN); + if (res == false) { + DbpString("failed to send to SIM CARD 2"); + goto out; + } + + more_len = 255 - *resplen; + + res = sc_rx_bytes(resp + *resplen, &more_len, SIM_WAIT_DELAY); + if (res == false) { + DbpString("failed to receive from SIM CARD 2"); + goto out; + } + + *resplen += more_len; + +out: + return res; +} + + +static inline void swap_clock_counters(volatile unsigned int *a, unsigned int *b) { + unsigned int c = *a; + *a = *b; + *b = c; +} + +/** + * @brief Swaps the timer counter values. + * + * AT91SAM7S512 has a single Timer-Counter, that is reused in clocks Ticks + * and CountSspClk. This function stops the current clock and restores previous + * values. It is used to switch between different clock sources. + * It probably makes communication timing off, but at least makes it work. + */ +static void swap_clocks(void) { + static unsigned int tc0, tc1, tc2 = 0; + StopTicks(); + swap_clock_counters(&(AT91C_BASE_TC0->TC_CV), &tc0); + swap_clock_counters(&(AT91C_BASE_TC1->TC_CV), &tc1); + swap_clock_counters(&(AT91C_BASE_TC2->TC_CV), &tc2); +} + +void switch_clock_to_ticks(void) { + swap_clocks(); + StartTicks(); +} + +void switch_clock_to_countsspclk(void) { + swap_clocks(); + StartCountSspClk(); +} + + +/** + * @brief Sends a payload to the SAM + * + * This function prepends the payload with the necessary APDU and application + * headers and sends it to the SAM. + * + * @param addr_src 0x14 for command from NFC, 0x44 for command from application + * @param addr_dest 0x0A for command to SAM + * @param addr_reply same as add_src or 0x00 if no reply is expected + * @param payload Pointer to the data to be sent. + * @param payload_len Length of the data to be sent. + * @param response Pointer to the buffer where the response will be stored. + * @param response_len Pointer to the variable where the length of the response will be stored. + * @param length Length of the data to be sent. + * @return Status code indicating success or failure of the operation. + */ +int sam_send_payload( + const uint8_t addr_src, + const uint8_t addr_dest, + const uint8_t addr_reply, + + const uint8_t *const payload, + const uint16_t *payload_len, + + uint8_t *response, + uint16_t *response_len +) { + int res = PM3_SUCCESS; + + uint8_t *buf = response; + + buf[0] = 0xA0; // CLA + buf[1] = 0xDA; // INS (PUT DATA) + buf[2] = 0x02; // P1 (TLV format?) + buf[3] = 0x63; // P2 + buf[4] = SAM_TX_ASN1_PREFIX_LENGTH + (uint8_t) * payload_len; // LEN + + buf[5] = addr_src; + buf[6] = addr_dest; + buf[7] = addr_reply; + + buf[8] = 0x00; + buf[9] = 0x00; + buf[10] = 0x00; + + memcpy( + &buf[11], + payload, + *payload_len + ); + + uint16_t length = SAM_TX_ASN1_PREFIX_LENGTH + SAM_TX_APDU_PREFIX_LENGTH + (uint8_t) * payload_len; + + LogTrace(buf, length, 0, 0, NULL, true); + if (g_dbglevel >= DBG_INFO) { + DbpString("SAM REQUEST APDU: "); + Dbhexdump(length, buf, false); + } + + if (sam_rxtx(buf, length, response, response_len) == false) { + if (g_dbglevel >= DBG_ERROR) + DbpString("SAM ERROR"); + res = PM3_ECARDEXCHANGE; + goto out; + } + + LogTrace(response, *response_len, 0, 0, NULL, false); + if (g_dbglevel >= DBG_INFO) { + DbpString("SAM RESPONSE APDU: "); + Dbhexdump(*response_len, response, false); + } + +out: + return res; +} + + +/** + * @brief Retreives SAM firmware version. + * + * Used just as ping or sanity check here. + * + * @return Status code indicating success or failure of the operation. + */ +int sam_get_version(void) { + int res = PM3_SUCCESS; + + if (g_dbglevel >= DBG_DEBUG) + DbpString("start sam_get_version"); + + uint8_t *response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t response_len = ISO7816_MAX_FRAME; + + uint8_t payload[] = { + 0xa0, 0x02, // <- SAM command + 0x82, 0x00 // <- get version + }; + uint16_t payload_len = sizeof(payload); + + sam_send_payload( + 0x44, 0x0a, 0x44, + payload, + &payload_len, + response, + &response_len + ); + + // resp: + // c1 64 00 00 00 + // bd 11 <- SAM response + // 8a 0f <- get version response + // 80 02 + // 01 29 <- version + // 81 06 + // 68 3d 05 20 26 b6 <- build ID + // 82 01 + // 01 + // 90 00 + if (g_dbglevel >= DBG_DEBUG) + DbpString("end sam_get_version"); + + if (response[5] != 0xbd) { + Dbprintf("Invalid SAM response"); + goto error; + } else { + uint8_t *sam_response_an = sam_find_asn1_node(response + 5, 0x8a); + if (sam_response_an == NULL) { + if (g_dbglevel >= DBG_ERROR) + DbpString("SAM get response failed"); + goto error; + } + uint8_t *sam_version_an = sam_find_asn1_node(sam_response_an, 0x80); + if (sam_version_an == NULL) { + if (g_dbglevel >= DBG_ERROR) + DbpString("SAM get version failed"); + goto error; + } + uint8_t *sam_build_an = sam_find_asn1_node(sam_response_an, 0x81); + if (sam_build_an == NULL) { + if (g_dbglevel >= DBG_ERROR) + DbpString("SAM get firmware ID failed"); + goto error; + } + if (g_dbglevel >= DBG_INFO) { + DbpString("SAM get version successful"); + Dbprintf("Firmware version: %X.%X", sam_version_an[2], sam_version_an[3]); + Dbprintf("Firmware ID: "); + Dbhexdump(sam_build_an[1], sam_build_an + 2, false); + } + goto out; + } + +error: + res = PM3_ESOFT; + +out: + BigBuf_free(); + + if (g_dbglevel >= DBG_DEBUG) + DbpString("end sam_get_version"); + + return res; +} + + + +/** + * @brief Finds an ASN.1 node of a specified type within a given root node. + * + * This function searches through a single level of the ASN.1 structure starting + * from the root node to find a node of the specified type. + * + * @param root Pointer to the root node of the ASN.1 structure. + * @param type The type of the ASN.1 node to find. + * @return Pointer to the ASN.1 node of the specified type if found, otherwise NULL. + */ +uint8_t *sam_find_asn1_node(const uint8_t *root, const uint8_t type) { + const uint8_t *end = (uint8_t *) root + *(root + 1); + uint8_t *current = (uint8_t *) root + 2; + while (current < end) { + if (*current == type) { + return current; + } else { + current += 2 + *(current + 1); + } + } + return NULL; +} + +/** + * @brief Appends an ASN.1 node to the end of a given node. + * + * This function appends an ASN.1 node of a specified type and length to the end of + * the ASN.1 structure at specified node level. + * + * It is the most naive solution that does not handle the case where the node to append is + * not the last node at the same level. It also does not also care about proper + * order of the nodes. + * + * @param root Pointer to the root node of the ASN.1 structure. + * @param root Pointer to the node to be appended of the ASN.1 structure. + * @param type The type of the ASN.1 node to append. + * @param data Pointer to the data to be appended. + * @param len The length of the data to be appended. + */ +void sam_append_asn1_node(const uint8_t *root, const uint8_t *node, uint8_t type, const uint8_t *const data, uint8_t len) { + uint8_t *end = (uint8_t *) root + *(root + 1) + 2; + + *(end) = type; + *(end + 1) = len; + memcpy(end + 2, data, len); + + for (uint8_t *current = (uint8_t *) root; current <= node; current += 2) { + *(current + 1) += 2 + len; + }; + return; +} + +void sam_send_ack(void) { + uint8_t *response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t response_len = ISO7816_MAX_FRAME; + + uint8_t payload[] = { + 0xa0, 0 + }; + uint16_t payload_len = sizeof(payload); + + sam_send_payload( + 0x44, 0x0a, 0x00, + payload, + &payload_len, + response, + &response_len + ); + + BigBuf_free(); +} diff --git a/armsrc/sam_common.h b/armsrc/sam_common.h new file mode 100644 index 000000000..645957a3c --- /dev/null +++ b/armsrc/sam_common.h @@ -0,0 +1,49 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +#ifndef __SAM_COMMON_H +#define __SAM_COMMON_H + +#include "common.h" + +static const uint8_t SAM_TX_APDU_PREFIX_LENGTH = 5; +static const uint8_t SAM_TX_ASN1_PREFIX_LENGTH = 6; +static const uint8_t SAM_RX_ASN1_PREFIX_LENGTH = 5; + +int sam_rxtx(const uint8_t *data, uint16_t n, uint8_t *resp, uint16_t *resplen); + +void switch_clock_to_ticks(void); +void switch_clock_to_countsspclk(void); + +int sam_send_payload( + const uint8_t addr_src, + const uint8_t addr_dest, + const uint8_t addr_reply, + + const uint8_t *const payload, + const uint16_t *payload_len, + + uint8_t *response, + uint16_t *response_len +); + +int sam_get_version(void); + +uint8_t *sam_find_asn1_node(const uint8_t *root, const uint8_t type); +void sam_append_asn1_node(const uint8_t *root, const uint8_t *node, uint8_t type, const uint8_t *const data, uint8_t len); + +void sam_send_ack(void); + +#endif diff --git a/armsrc/sam_mfc.c b/armsrc/sam_mfc.c index 090f4a781..5e2309437 100644 --- a/armsrc/sam_mfc.c +++ b/armsrc/sam_mfc.c @@ -16,7 +16,7 @@ // Routines to support MFC <-> SAM communication //----------------------------------------------------------------------------- #include "sam_mfc.h" -#include "sam_seos.h" +#include "sam_common.h" #include "iclass.h" #include "proxmark3_arm.h" diff --git a/armsrc/sam_mfc.h b/armsrc/sam_mfc.h index 5cf55d711..527bc77ff 100644 --- a/armsrc/sam_mfc.h +++ b/armsrc/sam_mfc.h @@ -17,5 +17,6 @@ #define __SAM_MFC_H #include "common.h" +#include "sam_common.h" #endif diff --git a/armsrc/sam_picopass.c b/armsrc/sam_picopass.c index fd465c992..d396a31c5 100644 --- a/armsrc/sam_picopass.c +++ b/armsrc/sam_picopass.c @@ -16,6 +16,7 @@ // Routines to support Picopass <-> SAM communication //----------------------------------------------------------------------------- #include "sam_picopass.h" +#include "sam_common.h" #include "iclass.h" #include "crc16.h" #include "proxmark3_arm.h" @@ -30,66 +31,79 @@ #include "optimized_cipher.h" #include "fpgaloader.h" -static int sam_rxtx(const uint8_t *data, uint16_t n, uint8_t *resp, uint16_t *resplen) { - StartTicks(); +/** + * @brief Sets the card detected status for the SAM (Secure Access Module). + * + * This function informs that a card has been detected by the reader and + * initializes SAM communication with the card. + * + * @param card_select Pointer to the descriptor of the detected card. + * @return Status code indicating success or failure of the operation. + */ +static int sam_set_card_detected(picopass_hdr_t *card_select) { + int res = PM3_SUCCESS; + if (g_dbglevel >= DBG_DEBUG) + DbpString("start sam_set_card_detected"); - bool res = I2C_BufferWrite(data, n, I2C_DEVICE_CMD_SEND_T0, I2C_DEVICE_ADDRESS_MAIN); - if (res == false) { - DbpString("failed to send to SIM CARD"); - goto out; - } + uint8_t *response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t response_len = ISO7816_MAX_FRAME; - *resplen = ISO7816_MAX_FRAME; + // a0 12 + // ad 10 + // a0 0e + // 80 02 + // 00 04 <- Picopass + // 81 08 + // 9b fc a4 00 fb ff 12 e0 <- CSN - res = sc_rx_bytes(resp, resplen, SIM_WAIT_DELAY); - if (res == false) { - DbpString("failed to receive from SIM CARD"); - goto out; - } + uint8_t payload[] = { + 0xa0, 18, // <- SAM command + 0xad, 16, // <- set detected card + 0xa0, 4 + 10, + 0x80, 2, // <- protocol + 0x00, 0x04, // <- Picopass + 0x81, 8, // <- CSN + card_select->csn[0], card_select->csn[1], card_select->csn[2], card_select->csn[3], + card_select->csn[4], card_select->csn[5], card_select->csn[6], card_select->csn[7] + }; + uint16_t payload_len = sizeof(payload); - if (*resplen < 2) { - DbpString("received too few bytes from SIM CARD"); - res = false; - goto out; - } + sam_send_payload( + 0x44, 0x0a, 0x44, + payload, + &payload_len, + response, + &response_len + ); - uint16_t more_len = 0; + // resp: + // c1 64 00 00 00 + // bd 02 <- response + // 8a 00 <- empty response (accepted) + // 90 00 - if (resp[*resplen - 2] == 0x61 || resp[*resplen - 2] == 0x9F) { - more_len = resp[*resplen - 1]; + if (response[5] != 0xbd) { + if (g_dbglevel >= DBG_ERROR) + Dbprintf("Invalid SAM response"); + goto error; } else { - // we done, return + // uint8_t * sam_response_an = sam_find_asn1_node(response + 5, 0x8a); + // if(sam_response_an == NULL){ + // if (g_dbglevel >= DBG_ERROR) + // Dbprintf("Invalid SAM response"); + // goto error; + // } goto out; } - - // Don't discard data we already received except the SW code. - // If we only received 1 byte, this is the echo of INS, we discard it. - *resplen -= 2; - if (*resplen == 1) { - *resplen = 0; - } - - uint8_t cmd_getresp[] = {0x00, ISO7816_GET_RESPONSE, 0x00, 0x00, more_len}; - - res = I2C_BufferWrite(cmd_getresp, sizeof(cmd_getresp), I2C_DEVICE_CMD_SEND_T0, I2C_DEVICE_ADDRESS_MAIN); - if (res == false) { - DbpString("failed to send to SIM CARD 2"); - goto out; - } - - more_len = 255 - *resplen; - - res = sc_rx_bytes(resp + *resplen, &more_len, SIM_WAIT_DELAY); - if (res == false) { - DbpString("failed to receive from SIM CARD 2"); - goto out; - } - - *resplen += more_len; +error: + res = PM3_ESOFT; out: - StopTicks(); + BigBuf_free(); + + if (g_dbglevel >= DBG_DEBUG) + DbpString("end sam_set_card_detected"); return res; } @@ -218,23 +232,19 @@ int sam_picopass_get_pacs(void) { uint8_t *sam_apdu = BigBuf_calloc(ISO7816_MAX_FRAME); // ----------------------------------------------------------------------------- - // first - // a0 da 02 63 1a 44 0a 44 00 00 00 a0 12 ad 10 a0 0e 80 02 00 04 81 08 9b fc a4 00 fb ff 12 e0 - hexstr_to_byte_array("a0da02631a440a44000000a012ad10a00e800200048108", sam_apdu, &sam_len); - memcpy(sam_apdu + sam_len, hdr.csn, sizeof(hdr.csn)); - sam_len += sizeof(hdr.csn); - - if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { - res = PM3_ECARDEXCHANGE; - goto out; - } - print_dbg("-- 1", resp, resp_len); + // first - set detected card (0xAD) + switch_clock_to_ticks(); + sam_set_card_detected(&hdr); // ----------------------------------------------------------------------------- - // second - // a0 da 02 63 0d 44 0a 44 00 00 00 a0 05 a1 03 80 01 04 - hexstr_to_byte_array("a0da02630d440a44000000a005a103800104", sam_apdu, &sam_len); - if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { + // second - get PACS (0xA1) + + // a0 05 + // a1 03 + // 80 01 + // 04 + hexstr_to_byte_array("a005a103800104", sam_apdu, &sam_len); + if (sam_send_payload(0x44, 0x0a, 0x44, sam_apdu, (uint16_t *) &sam_len, resp, &resp_len) != PM3_SUCCESS) { res = PM3_ECARDEXCHANGE; goto out; } @@ -245,7 +255,7 @@ int sam_picopass_get_pacs(void) { // Tag|c00a140a000000a110a10e8004 0c05de64 8102 0004 820201f4 // ----------------------------------------------------------------------------- - // third AIA block 5 + // third AIA block 5 (emulated tag <-> SAM exchange starts here) // a0da02631c140a00000000bd14a012a010800a ffffff0006fffffff88e 81020000 // picopass legacy is fixed. wants AIA and crc. ff ff ff ff ff ff ff ff ea f5 // picpoasss SE ff ff ff 00 06 ff ff ff f8 8e @@ -300,7 +310,7 @@ int sam_picopass_get_pacs(void) { } // start ssp clock again... - StartCountSspClk(); + switch_clock_to_countsspclk(); // NOW we auth against tag uint8_t cmd_check[9] = { ICLASS_CMD_CHECK }; @@ -325,6 +335,7 @@ int sam_picopass_get_pacs(void) { hexstr_to_byte_array("A0DA026316140A00000000BD0EA00CA00A8004311E32E981020000", sam_apdu, &sam_len); memcpy(sam_apdu + 19, mac, sizeof(mac)); + switch_clock_to_ticks(); if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { res = PM3_ECARDEXCHANGE; goto out; @@ -355,7 +366,7 @@ int sam_picopass_get_pacs(void) { // c1 61 c1 00 00 a1 10 a1 0e 80 04 0c 06 45 56 81 02 00 04 82 02 01 f4 90 00 // read block 6 - StartCountSspClk(); + switch_clock_to_countsspclk(); start_time = GetCountSspClk(); iclass_send_as_reader(resp + 11, 4, &start_time, &eof_time, shallow_mod); @@ -373,6 +384,7 @@ int sam_picopass_get_pacs(void) { hexstr_to_byte_array("A0DA02631C140A00000000BD14A012A010800A030303030003E017432381020000", sam_apdu, &sam_len); memcpy(sam_apdu + 19, resp, resp_len); + switch_clock_to_ticks(); if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { res = PM3_ECARDEXCHANGE; goto out; @@ -382,7 +394,7 @@ int sam_picopass_get_pacs(void) { // c161c10000a110a10e8004 0606455681020004820201f49000 // read the credential blocks - StartCountSspClk(); + switch_clock_to_countsspclk(); start_time = GetCountSspClk(); iclass_send_as_reader(resp + 11, 4, &start_time, &eof_time, shallow_mod); @@ -400,6 +412,7 @@ int sam_picopass_get_pacs(void) { hexstr_to_byte_array("A0DA026334140A00000000BD2CA02AA0288022030303030003E017769CB4A198E0DEC82AD4C8211F9968712BE7393CF8E71D7E804C81020000", sam_apdu, &sam_len); memcpy(sam_apdu + 19, resp, resp_len); + switch_clock_to_ticks(); if (sam_rxtx(sam_apdu, sam_len, resp, &resp_len) == false) { res = PM3_ECARDEXCHANGE; goto out; @@ -409,7 +422,13 @@ int sam_picopass_get_pacs(void) { // ----------------------------------------------------------------------------- // TEN ask for PACS data - // A0DA02630C440A00000000BD04A0028200 + // A0 DA 02 63 0C + // 44 0A 00 00 00 00 + // BD 04 + // A0 02 + // 82 00 + + // (emulated tag <-> SAM exchange ends here) hexstr_to_byte_array("A0DA02630C440A00000000BD04A0028200", sam_apdu, &sam_len); memcpy(sam_apdu + 19, resp, resp_len); @@ -424,7 +443,12 @@ int sam_picopass_get_pacs(void) { goto out; } - // c164000000bd098a07 030506951f9a00 9000 + // resp: + // c1 64 00 00 00 + // bd 09 + // 8a 07 + // 03 05 06 95 1f 9a 00 <- decoded PACS data + // 90 00 uint8_t *pacs = BigBuf_calloc(resp[8]); memcpy(pacs, resp + 9, resp[8]); @@ -439,6 +463,7 @@ out: off: switch_off(); + StopTicks(); BigBuf_free(); return res; } diff --git a/armsrc/sam_picopass.h b/armsrc/sam_picopass.h index 7feef0bde..26d734d39 100644 --- a/armsrc/sam_picopass.h +++ b/armsrc/sam_picopass.h @@ -17,6 +17,7 @@ #define __SAM_PICOPASS_H #include "common.h" +#include "sam_common.h" int sam_picopass_get_pacs(void); diff --git a/armsrc/sam_seos.c b/armsrc/sam_seos.c index 00e4da45b..2e5c09349 100644 --- a/armsrc/sam_seos.c +++ b/armsrc/sam_seos.c @@ -14,9 +14,392 @@ // See LICENSE.txt for the text of the license. //----------------------------------------------------------------------------- // Routines to support SEOS <-> SAM communication +// communication and ASN.1 messages based on https://github.com/bettse/seader/blob/main/seader.asn1 //----------------------------------------------------------------------------- #include "sam_seos.h" +#include "sam_common.h" #include "iclass.h" #include "proxmark3_arm.h" +#include "iso14443a.h" + +#include "iclass.h" +#include "crc16.h" +#include "proxmark3_arm.h" +#include "BigBuf.h" #include "cmd.h" +#include "commonutil.h" +#include "ticks.h" +#include "dbprint.h" +#include "i2c.h" +#include "protocols.h" +#include "optimized_cipher.h" +#include "fpgaloader.h" +#include "pm3_cmd.h" + +#include "cmd.h" + + +/** + * @brief Sets the card detected status for the SAM (Secure Access Module). + * + * This function informs that a card has been detected by the reader and + * initializes SAM communication with the card. + * + * @param card_select Pointer to the descriptor of the detected card. + * @return Status code indicating success or failure of the operation. + */ +static int sam_set_card_detected(iso14a_card_select_t *card_select) { + int res = PM3_SUCCESS; + if (g_dbglevel >= DBG_DEBUG) + DbpString("start sam_set_card_detected"); + + uint8_t *request = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t request_len = ISO7816_MAX_FRAME; + + uint8_t *response = BigBuf_malloc(ISO7816_MAX_FRAME); + uint16_t response_len = ISO7816_MAX_FRAME; + + const uint8_t payload[] = { + 0xa0, 8, // <- SAM command + 0xad, 6, // <- set detected card + 0xa0, 4, // <- detected card details + 0x80, 2, // <- protocol + 0x00, 0x02 // <- ISO14443A + }; + + memcpy(request, payload, sizeof(payload)); + sam_append_asn1_node(request, request + 4, 0x81, card_select->uid, card_select->uidlen); + sam_append_asn1_node(request, request + 4, 0x82, card_select->atqa, 2); + sam_append_asn1_node(request, request + 4, 0x83, &card_select->sak, 1); + request_len = request[1] + 2; + + sam_send_payload( + 0x44, 0x0a, 0x44, + request, + &request_len, + response, + &response_len + ); + + // resp: + // c1 64 00 00 00 + // bd 02 <- response + // 8a 00 <- empty response (accepted) + // 90 00 + + if (response[5] != 0xbd) { + if (g_dbglevel >= DBG_ERROR) + Dbprintf("Invalid SAM response"); + goto error; + } else { + // uint8_t * sam_response_an = sam_find_asn1_node(response + 5, 0x8a); + // if(sam_response_an == NULL){ + // if (g_dbglevel >= DBG_ERROR) + // Dbprintf("Invalid SAM response"); + // goto error; + // } + goto out; + } +error: + res = PM3_ESOFT; + +out: + BigBuf_free(); + + if (g_dbglevel >= DBG_DEBUG) + DbpString("end sam_set_card_detected"); + return res; +} + +/** + * @brief Copies the payload from an NFC buffer to a SAM buffer. + * + * Wraps received data from NFC into an ASN1 tree, so it can be transmitted to the SAM . + * + * @param sam_tx Pointer to the SAM transmit buffer. + * @param nfc_rx Pointer to the NFC receive buffer. + * @param nfc_len Length of the data to be copied from the NFC buffer. + * + * @return Length of SAM APDU to be sent. + */ +inline static uint16_t sam_seos_copy_payload_nfc2sam(uint8_t *sam_tx, uint8_t *nfc_rx, uint8_t nfc_len) { + // NFC resp: + // 6f 0c 84 0a a0 00 00 04 40 00 01 01 00 01 90 00 fb e3 + + // SAM req: + // bd 1c + // a0 1a + // a0 18 + // 80 12 + // 6f 0c 84 0a a0 00 00 04 40 00 01 01 00 01 90 00 fb e3 + // 81 02 + // 00 00 + + const uint8_t payload[] = { + 0xbd, 4, + 0xa0, 2, + 0xa0, 0 + }; + + const uint8_t tag81[] = { + 0x00, 0x00 + }; + + memcpy(sam_tx, payload, sizeof(payload)); + + sam_append_asn1_node(sam_tx, sam_tx + 4, 0x80, nfc_rx, nfc_len); + sam_append_asn1_node(sam_tx, sam_tx + 4, 0x81, tag81, sizeof(tag81)); + + return sam_tx[1] + 2; // length of the ASN1 tree +} + +/** + * @brief Copies the payload from the SAM receive buffer to the NFC transmit buffer. + * + * Unpacks data to be transmitted from ASN1 tree in APDU received from SAM. + * + * @param nfc_tx_buf Pointer to the buffer where the NFC transmit data will be stored. + * @param sam_rx_buf Pointer to the buffer containing the data received from the SAM. + * @return Length of NFC APDU to be sent. + */ +inline static uint16_t sam_seos_copy_payload_sam2nfc(uint8_t *nfc_tx_buf, uint8_t *sam_rx_buf) { + // SAM resp: + // c1 61 c1 00 00 + // a1 21 <- nfc command + // a1 1f <- nfc send + // 80 10 <- data + // 00 a4 04 00 0a a0 00 00 04 40 00 01 01 00 01 00 + // 81 02 <- protocol + // 02 02 + // 82 02 <- timeout + // 01 2e + // 85 03 <- format + // 06 c0 00 + // 90 00 + + // NFC req: + // 00 a4 04 00 0a a0 00 00 04 40 00 01 01 00 01 00 + + // copy data out of c1->a1>->a1->80 node + uint16_t nfc_tx_len = (uint8_t) * (sam_rx_buf + 10); + memcpy(nfc_tx_buf, sam_rx_buf + 11, nfc_tx_len); + return nfc_tx_len; +} + +/** + * @brief Sends a request to the SAM and retrieves the response. + * + * Unpacks request to the SAM and relays ISO14A traffic to the card. + * If no request data provided, sends a request to get PACS data. + * + * @param request Pointer to the buffer containing the request to be sent to the SAM. + * @param request_len Length of the request to be sent to the SAM. + * @param response Pointer to the buffer where the retreived data will be stored. + * @param response_len Pointer to the variable where the length of the retreived data will be stored. + * @return Status code indicating success or failure of the operation. + */ +static int sam_send_request_iso14a(const uint8_t *const request, const uint8_t request_len, uint8_t *response, uint8_t *response_len) { + int res = PM3_SUCCESS; + if (g_dbglevel >= DBG_DEBUG) + DbpString("start sam_send_request_iso14a"); + + uint8_t buf1[ISO7816_MAX_FRAME] = {0}; + uint8_t buf2[ISO7816_MAX_FRAME] = {0}; + + uint8_t *sam_tx_buf = buf1; + uint16_t sam_tx_len; + + uint8_t *sam_rx_buf = buf2; + uint16_t sam_rx_len; + + uint8_t *nfc_tx_buf = buf1; + uint16_t nfc_tx_len; + + uint8_t *nfc_rx_buf = buf2; + uint16_t nfc_rx_len; + + if (request_len > 0) { + sam_tx_len = request_len; + memcpy(sam_tx_buf, request, sam_tx_len); + } else { + // send get pacs + static const uint8_t payload[] = { + 0xa0, 19, // <- SAM command + 0xBE, 17, // <- samCommandGetContentElement2 + 0x80, 1, + 0x04, // <- implicitFormatPhysicalAccessBits + 0x84, 12, + 0x2B, 0x06, 0x01, 0x04, 0x01, 0x81, 0xE4, 0x38, 0x01, 0x01, 0x02, 0x04 // <- SoRootOID + }; + + sam_tx_len = sizeof(payload); + memcpy(sam_tx_buf, payload, sam_tx_len); + } + + sam_send_payload( + 0x44, 0x0a, 0x44, + sam_tx_buf, &sam_tx_len, + sam_rx_buf, &sam_rx_len + ); + + if (sam_rx_buf[1] == 0x61) { // commands to be relayed to card starts with 0x61 + // tag <-> SAM exchange starts here + while (sam_rx_buf[1] == 0x61) { + switch_clock_to_countsspclk(); + nfc_tx_len = sam_seos_copy_payload_sam2nfc(nfc_tx_buf, sam_rx_buf); + + nfc_rx_len = iso14_apdu( + nfc_tx_buf, + nfc_tx_len, + false, + nfc_rx_buf, + ISO7816_MAX_FRAME, + NULL + ); + + switch_clock_to_ticks(); + sam_tx_len = sam_seos_copy_payload_nfc2sam(sam_tx_buf, nfc_rx_buf, nfc_rx_len - 2); + + sam_send_payload( + 0x14, 0x0a, 0x14, + sam_tx_buf, &sam_tx_len, + sam_rx_buf, &sam_rx_len + ); + + // last SAM->TAG + // c1 61 c1 00 00 a1 02 >>82<< 00 90 00 + if (sam_rx_buf[7] == 0x82) { + // tag <-> SAM exchange ends here + break; + } + + } + + static const uint8_t hfack[] = { + 0xbd, 0x04, 0xa0, 0x02, 0x82, 0x00 + }; + + sam_tx_len = sizeof(hfack); + memcpy(sam_tx_buf, hfack, sam_tx_len); + + sam_send_payload( + 0x14, 0x0a, 0x00, + sam_tx_buf, &sam_tx_len, + sam_rx_buf, &sam_rx_len + ); + } + + // resp for SamCommandGetContentElement: + // c1 64 00 00 00 + // bd 09 + // 8a 07 + // 03 05 <- include tag for pm3 client + // 06 85 80 6d c0 <- decoded PACS data + // 90 00 + + // resp for samCommandGetContentElement2: + // c1 64 00 00 00 + // bd 1e + // b3 1c + // a0 1a + // 80 05 + // 06 85 80 6d c0 + // 81 0e + // 2b 06 01 04 01 81 e4 38 01 01 02 04 3c ff + // 82 01 + // 07 + // 90 00 + if (request_len == 0) { + if ( + !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5 + 2] == 0x8a && sam_rx_buf[5 + 4] == 0x03) + && + !(sam_rx_buf[5] == 0xbd && sam_rx_buf[5 + 2] == 0xb3 && sam_rx_buf[5 + 4] == 0xa0) + ) { + if (g_dbglevel >= DBG_ERROR) + Dbprintf("No PACS data in SAM response"); + res = PM3_ESOFT; + } + } + + *response_len = sam_rx_buf[5 + 1] + 2; + memcpy(response, sam_rx_buf + 5, *response_len); + + goto out; + +out: + return res; +} + +/** + * @brief Retrieves PACS data from SEOS card using SAM. + * + * This function is called by appmain.c + * It sends a request to the SAM to get the PACS data from the SEOS card. + * The PACS data is then returned to the PM3 client. + * + * @return Status code indicating success or failure of the operation. + */ +int sam_seos_get_pacs(PacketCommandNG *c) { + bool disconnectAfter = c->oldarg[0] & 0x01; + bool skipDetect = c->oldarg[1] & 0x01; + + uint8_t *cmd = c->data.asBytes; + uint16_t cmd_len = (uint16_t) c->oldarg[2]; + + int res = PM3_EFAILED; + + clear_trace(); + I2C_Reset_EnterMainProgram(); + + set_tracing(true); + StartTicks(); + + // step 1: ping SAM + sam_get_version(); + + if (!skipDetect) { + // step 2: get card information + iso14a_card_select_t card_a_info; + + // implicit StartSspClk() happens here + iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); + if (!iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)) { + goto err; + } + + switch_clock_to_ticks(); + + // step 3: SamCommand CardDetected + sam_set_card_detected(&card_a_info); + } + + // step 3: SamCommand RequestPACS, relay NFC communication + uint8_t sam_response[ISO7816_MAX_FRAME] = { 0x00 }; + uint8_t sam_response_len = 0; + res = sam_send_request_iso14a(cmd, cmd_len, sam_response, &sam_response_len); + if (res != PM3_SUCCESS) { + goto err; + } + if (g_dbglevel >= DBG_INFO) + print_result("Response data", sam_response, sam_response_len); + + goto out; + goto off; + +err: + res = PM3_ENOPACS; + reply_ng(CMD_HF_SAM_SEOS, res, NULL, 0); + goto off; +out: + reply_ng(CMD_HF_SAM_SEOS, PM3_SUCCESS, sam_response, sam_response_len); + goto off; +off: + if (disconnectAfter) { + switch_off(); + } + set_tracing(false); + StopTicks(); + BigBuf_free(); + return res; +} diff --git a/armsrc/sam_seos.h b/armsrc/sam_seos.h index c2100f07e..8a165f255 100644 --- a/armsrc/sam_seos.h +++ b/armsrc/sam_seos.h @@ -17,5 +17,8 @@ #define __SAM_SEOS_H #include "common.h" +#include "pm3_cmd.h" + +int sam_seos_get_pacs(PacketCommandNG *c); #endif diff --git a/armsrc/spiffs_config.h b/armsrc/spiffs_config.h index 4f8a5dd26..d0d4eb1d7 100644 --- a/armsrc/spiffs_config.h +++ b/armsrc/spiffs_config.h @@ -28,6 +28,7 @@ #include "printf.h" #include "string.h" #include "flashmem.h" +#include "pmflash.h" //#include //#include @@ -236,7 +237,7 @@ typedef uint8_t u8_t; // Instead of giving parameters in config struct, singleton build must // give parameters in defines below. #ifndef SPIFFS_CFG_PHYS_SZ -#define SPIFFS_CFG_PHYS_SZ(ignore) (1024 * 64 * (spi_flash_pages64k - 1)) +#define SPIFFS_CFG_PHYS_SZ(ignore) ((1024 * 64 * spi_flash_pages64k) - (1024 * 4 * (FLASH_RESERVED_TRAILING_4K_SECTORS + 1))) #endif #ifndef SPIFFS_CFG_PHYS_ERASE_SZ #define SPIFFS_CFG_PHYS_ERASE_SZ(ignore) (4*1024) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 544fe5395..2a74b1500 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -270,6 +270,7 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/crypto/asn1dump.c ${PM3_ROOT}/client/src/crypto/asn1utils.c ${PM3_ROOT}/client/src/crypto/libpcrypto.c + ${PM3_ROOT}/client/src/crypto/originality.c ${PM3_ROOT}/client/src/emv/test/cda_test.c ${PM3_ROOT}/client/src/emv/test/crypto_test.c ${PM3_ROOT}/client/src/emv/test/cryptotest.c diff --git a/client/Makefile b/client/Makefile index f7a59ed3f..d01e08af0 100644 --- a/client/Makefile +++ b/client/Makefile @@ -693,6 +693,7 @@ SRCS = mifare/aiddesfire.c \ crypto/asn1dump.c \ crypto/asn1utils.c\ crypto/libpcrypto.c\ + crypto/originality.c\ emv/cmdemv.c \ emv/crypto.c\ emv/crypto_polarssl.c\ diff --git a/client/deps/hardnested/hardnested_bf_core.c b/client/deps/hardnested/hardnested_bf_core.c index c91df187c..22a476999 100644 --- a/client/deps/hardnested/hardnested_bf_core.c +++ b/client/deps/hardnested/hardnested_bf_core.c @@ -442,9 +442,6 @@ uint64_t CRACK_STATES_BITSLICED(uint32_t cuid, uint8_t *best_first_bytes, statel #if MAX_BITSLICES > 64 && results.bytes64[1] == 0 #endif -#if MAX_BITSLICES > 64 - && results.bytes64[1] == 0 -#endif #if MAX_BITSLICES > 128 && results.bytes64[2] == 0 && results.bytes64[3] == 0 diff --git a/client/dictionaries/mfc_default_keys.dic b/client/dictionaries/mfc_default_keys.dic index e1d425b80..028a7b9c1 100644 --- a/client/dictionaries/mfc_default_keys.dic +++ b/client/dictionaries/mfc_default_keys.dic @@ -47,6 +47,10 @@ AABBCCDDEEFF 4D3A99C351DD 1A982C7E459A # +# Gym +FAFAFAFAFAFA +FBFBFBFBFBFB +# # key A Wien D3F7D3F7D3F7 # @@ -2506,8 +2510,6 @@ AA034F342A55 456776908C48 # BusFacil - Brazilian public transport card for some cities -7b296f353c6b -3fa7217ec575 fae9b14365a9 c567dd4a6004 c567dd4a6005 @@ -2598,10 +2600,6 @@ b1ea40b2caa6 3abf8431003b # Sector 15 - see above # SKGT personalised subscription card -# Sector 0, 2, 16, key A -a0a1a2a3a4a5 -# Sector 8-14, 17-39, key A -ffffffffffff # Sector 1, key A # blue f1df0ca8948b @@ -2755,3 +2753,300 @@ D37C8F1793F7 543071543071 5F01015F0101 200510241234 +# +# Momentum-Firmware 20241201 +AC935925A876 +ADC169F922CB +AD00EFD353E4 +AEF617B3D004 +AEF617B3D040 +AE381EA0811B +AE683AC2A232 +AF2BFB44A4A5 +A2CA48CA4C05 +A2D5D7469472 +A23412F92811 +A64536FAC799 +A7127F539A16 +A8700E07A58F +A9B9C1D0E3F1 +BC305FE2DA65 +BE3C1BF60B37 +B0A3212D47A5 +B0D58BF147B7 +B02094F92A71 +B1EEAA640EF6 +B19A0664ECA6 +B4FAE0FAD22E +B456E1951216 +B48D7E4E508F +B54D99618ADC +B6728D9B95BA +CA22AF33A19B +CBC83E1548B4 +CB5ED0E57B08 +CC5F59A0CE0A +CF0EC6ACF2F9 +C1F6C7B55F5E +C290A397F84A +C34FAA1931CA +C49C9BF59547 +C497C3BE8273 +C7D1CB6774B0 +C789E4568B99 +C992F85B2DDD +DCD003CF0EA3 +DD30A13519C3 +DD6E74174648 +DE5865F29C44 +DF7C4EC20B50 +D017A84BB582 +D156F66D38EC +D3AEB15D410B +D324152F5BB0 +D3849E31EE4F +D410EFF9113E +D51BCA1DFFFF +D6818C29ED9B +D7142E0F6D0D +D881B675D881 +D9762D114AE5 +EA19E58DD046 +EA4987F8D096 +EB9D9C1B03F6 +EDA4BF3E7B04 +EDC9CC9109A2 +EEF144866688 +E10F0E7A8DD5 +E108EA397A9A +E24359F37FE4 +E3007FA4F781 +E5051FAB4371 +E861FDE1B59F +E87E3554727E +E9B376925A00 +E954024EE754 +FA4D2B3BAFEA +FA8CA10C7D59 +FE98F38F3EE2 +F18D91EE3033 +F3E3F9F977B9 +F4756F7EEAE1 +F654D6C7004F +F697E87E759D +F7A545095C49 +F833E24C3F1C +0CD464CDC100 +0D61BA88789C +0E726E11CFCC +0FC4B1D2EBBA +01E2C14F1B18 +02DB253DC0C7 +03A7AAAA28AD +0380293A9E6D +0402B44FB679 +050BF33DC217 +08A55BC96DC1 +08D6A7765640 +08ED3F92AA53 +09F4EC8D7A66 +1A8CFF2F1BC7 +1C000EB0752F +1D14130D1A0B +1E13EFF32CE2 +101209170A13 +11DDA4862A1C +113355779933 +1153AABAFF6C +12BA20088ED3 +120A7837BB5D +1202165D4EAB +122F595302AA +124F004321D3 +132F641C948B +14CD299DC0C7 +141DF3B1C017 +1415FFFED68D +15B35D0BF715 +156EED7C5F9D +1581C317B073 +164EE10EFFFF +16785FD65BA7 +17C06D19E92F +17E0FA2308FD +1719EB5DAC66 +19BA6776233F +190E6242CE7B +193DFE0FA18E +2B29232D3624 +2CAD8A83DF28 +2D2F182C4024 +2EAD4DD0F7B0 +2FA9B556A4F6 +201106141030 +202011F918A2 +204C0D3DCD9A +20525276F443 +215E9DED9DDF +25FE2B4E4FA9 +251BDBF1C71D +251780F9FBE6 +25467EB0212F +280FD37AD407 +280713CBA260 +286A8893AC6F +3D6F823FFFFF +3E0557273982 +3F41891454EE +30C1DC9DD040 +310308EC52EF +321803E38664 +32774E46C64F +330075000850 +3333F411AAAA +334E91BE3377 +381F84DB8134 +38540EEE8B1C +4A1094F378D8 +4A6E1CAD6D3D +4C44200BC9C5 +4D4946415245 +40454EE64229 +41CD3CD99DD5 +4149206E9BAE +42F82DB5C4AF +4204784B0DC9 +43204334546F +439FB891279F +44ACB624CA14 +44B61F116125 +4427385D72AB +444E4650475A +45450AC8DCA8 +45524DACC5E9 +45574D373B9D +475A444E4650 +4752533E1965 +48B390984150 +48C8852D15F9 +4844426F6E69 +485242F22BE0 +49EE8D52AAB6 +49FEE42DDC18 +49414556EF4D +5AD3FC074A4C +5A15888F3419 +5A2050DA7E3F +5A4920FD6F87 +5CD02DAD8ADE +5C475D2C70C6 +5D819B4BFAF3 +5E696FA0EAD1 +5FA28B8E8BA4 +5F8892561BED +505209266A1F +507A6181E4BF +538BF58687EB +544954CBB2C4 +54546255CDE9 +549BB4FD70C4 +552049EFF3F4 +55213B4F7328 +555D8BBC2D3E +56A4B81B3FC3 +5669C363A4A5 +57E39104CC87 +570FB865D650 +5703815494EF +57059FFD3EE6 +58DBC850A4D5 +585462E190F2 +5990EC1571D7 +6AC79644E0CD +6A530C91F85B +6A86C1895A21 +6C4953590463 +6C79548B3FC3 +6D2BF79566A8 +60D53F070572 +6036F9D72D68 +61152534ACEF +62616E616E61 +66A4932816D3 +6611DFFAAE32 +68C867397AD5 +6862FD600F78 +7ADD3D735725 +7AEB989A5525 +7BF0BE85080F +7B6C00CBAC92 +7CB033257498 +7C20975C6EC9 +7C3AF198425F +7EDAE7923287 +7F796F60FFFF +701AA491A4A5 +72A0C485D3F7 +7213B13D02E0 +722538817225 +7246FCE86427 +735DD20237A9 +746A70C4EF6F +78DF1176C8FD +79E8B59A51E0 +8AC04C1A4E15 +8A0DFD9B7AEA +8A35039F6CD6 +8C524B535E1D +8DF64AB19A16 +8D2B780A148D +8D96A0BA7234 +8EF0AA6432FA +80003D23C6F5 +8000806B5072 +81C0BBCE32E9 +81D6CC146E50 +8380ACDC017E +84A3FD4BA0C6 +840C16869171 +8430A669558C +9AE05868233F +9B2C3E00B561 +9EE3896C4530 +9F14D35BAC08 +9001D0E23F8C +907E5C641D94 +9089B668FFFF +91B1B62402D5 +93FB38FE585A +96AECCC0F7EB +96227EDADBCF +# +# BW Kantine +56cf3acd90ca +542089792be2 +5420aeada758 +# +# CSC Laundry +212223242555 +717273747555 +# +# Hotel cards, BETECH brand, Vietnam +AAC34D9A4E65 +# +# Dutch Statistics Agency (CBS) +DC7B15AA0938 +# +# keys from https://pastebin.com/tpKwph0h +AAAAAABBBBCC +74ABCB1405DE +A25CDE2F781A +6054AC9541C8 +828DDEEE4D98 +ED2B22929167 +C552C1B92395 +F4A4AA2F63A4 +25ECB7B2BAB1 +8B02EF84CDF1 +23EAFB5DA46D +AB921CF0752C \ No newline at end of file diff --git a/client/dictionaries/t55xx_default_pwds.dic b/client/dictionaries/t55xx_default_pwds.dic index 570264306..206e702f7 100644 --- a/client/dictionaries/t55xx_default_pwds.dic +++ b/client/dictionaries/t55xx_default_pwds.dic @@ -22,6 +22,8 @@ F9DCEBA0 89A69E60 # ref lock 314159E0 +#Zonsin ZX-COPY10 +7B3D5C48 # ref. http://www.proxmark.org/forum/viewtopic.php?pid=28115#p28115 AA55BBBB # ref. http://www.proxmark.org/forum/viewtopic.php?pid=33376#p33376 diff --git a/client/experimental_lib/CMakeLists.txt b/client/experimental_lib/CMakeLists.txt index e9ac8bb33..87e653c11 100644 --- a/client/experimental_lib/CMakeLists.txt +++ b/client/experimental_lib/CMakeLists.txt @@ -271,6 +271,7 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/crypto/asn1dump.c ${PM3_ROOT}/client/src/crypto/asn1utils.c ${PM3_ROOT}/client/src/crypto/libpcrypto.c + ${PM3_ROOT}/client/src/crypto/originality.c ${PM3_ROOT}/client/src/emv/test/cda_test.c ${PM3_ROOT}/client/src/emv/test/crypto_test.c ${PM3_ROOT}/client/src/emv/test/cryptotest.c diff --git a/client/luascripts/hf_legic.lua b/client/luascripts/hf_legic.lua index 30dea2d12..e92b78599 100644 --- a/client/luascripts/hf_legic.lua +++ b/client/luascripts/hf_legic.lua @@ -499,7 +499,7 @@ end function segmentsToTag(bytes, tag) if(#bytes>23) then local start=23 - local i=-1 + local i=-1 if (istable(tag)) then repeat i=i+1 @@ -1768,7 +1768,7 @@ function getSegmentData(bytes, start, index) -- wrp (write proteted) = byte 2 segment.WRP = tonumber(bytes[start+2],16) -- wrc (write control) - bit 4-6 of byte 3 - --segment.WRC = bbit("0x"..bytes[start+3],4,3) + --segment.WRC = bbit("0x"..bytes[start+3],4,3) segment.WRC = (tonumber(bytes[start+3], 16) >> 4) & 0x07 -- rd (read disabled) - bit 7 of byte 3 --segment.RD = bbit("0x"..bytes[start+3],7,1) diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua index 09040eea5..e3529e366 100644 --- a/client/luascripts/hf_mf_ultimatecard.lua +++ b/client/luascripts/hf_mf_ultimatecard.lua @@ -50,20 +50,20 @@ arguments = [[ -c read magic configuration -u UID (8-20 hexsymbols), set UID on tag -t tag type to impersonate - 1 = Mifare Mini S20 4-byte - 2 = Mifare Mini S20 7-byte 15 = NTAG 210 - 3 = Mifare Mini S20 10-byte 16 = NTAG 212 - 4 = Mifare 1k S50 4-byte 17 = NTAG 213 - 5 = Mifare 1k S50 7-byte 18 = NTAG 215 - 6 = Mifare 1k S50 10-byte 19 = NTAG 216 - 7 = Mifare 4k S70 4-byte 20 = NTAG I2C 1K - 8 = Mifare 4k S70 7-byte 21 = NTAG I2C 2K - 9 = Mifare 4k S70 10-byte 22 = NTAG I2C 1K PLUS - *** 10 = UL - NOT WORKING FULLY 23 = NTAG I2C 2K PLUS - *** 11 = UL-C - NOT WORKING FULLY 24 = NTAG 213F - 12 = UL EV1 48b 25 = NTAG 216F - 13 = UL EV1 128b - *** 14 = UL Plus - NOT WORKING YET + 1 = Mifare Mini S20 4-byte | 15 = NTAG 210 + 2 = Mifare Mini S20 7-byte | 16 = NTAG 212 + 3 = Mifare Mini S20 10-byte | 17 = NTAG 213 + 4 = Mifare 1k S50 4-byte | 18 = NTAG 215 + 5 = Mifare 1k S50 7-byte | 19 = NTAG 216 + 6 = Mifare 1k S50 10-byte | 20 = NTAG I2C 1K + 7 = Mifare 4k S70 4-byte | 21 = NTAG I2C 2K + 8 = Mifare 4k S70 7-byte | 22 = NTAG I2C 1K PLUS + 9 = Mifare 4k S70 10-byte | 23 = NTAG I2C 2K PLUS + *** 10 = UL - NOT WORKING FULLY | 24 = NTAG 213F + *** 11 = UL-C - NOT WORKING FULLY | 25 = NTAG 216F + 12 = UL EV1 48b | + 13 = UL EV1 128b | + *** 14 = UL Plus - NOT WORKING YET | -p NTAG password (8 hexsymbols), set NTAG password on tag. -a NTAG pack ( 4 hexsymbols), set NTAG pack on tag. @@ -75,7 +75,11 @@ arguments = [[ -z ATS (<1b length><0-16 ATS> hexsymbols), Configure ATS. Length set to 00 will disable ATS. -w Wipe tag. 0 for Mifare or 1 for UL. Fills tag with zeros and put default values for type selected. -m Ultralight mode (00 UL EV1, 01 NTAG, 02 UL-C, 03 UL) Set type of UL. - -n Ultralight protocol (00 MFC, 01 UL), switches between UL and MFC mode + -n Ultralight protocol (00 MFC, 01 UL), switches between UL and MFC mode]] +-- Need to split because reached maximum string length processed by lua +arguments2 = [[ + -b Set maximum read/write blocks (2 hexsymbols) + NOTE: Ultralight EV1 and NTAG Version info and Signature are stored respectively in blocks 250-251 and 242-249 -k Ultimate Magic Card Key (IF DIFFERENT THAN DEFAULT 00000000) ]] --- @@ -110,6 +114,7 @@ local function help() print(usage) print(ansicolors.cyan..'Arguments'..ansicolors.reset) print(arguments) + print(arguments2) print(ansicolors.cyan..'Example usage'..ansicolors.reset) print(example) end @@ -186,6 +191,7 @@ local function read_config() end -- extract data from CONFIG - based on CONFIG in https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/magic_cards_notes.md#gen-4-gtu ulprotocol, uidlength, readpass, gtumode, ats, atqa1, atqa2, sak, ulmode = magicconfig:sub(1,2), magicconfig:sub(3,4), magicconfig:sub(5,12), magicconfig:sub(13,14), magicconfig:sub(15,48), magicconfig:sub(51,52), magicconfig:sub(49,50), magicconfig:sub(53,54), magicconfig:sub(55,56) + maxRWblk = magicconfig:sub(57, 58) atqaf = atqa1..' '..atqa2 cardtype, cardprotocol, gtustr, atsstr = 'unknown', 'unknown', 'unknown', 'unknown' if magicconfig == nil then lib14a.disconnect(); return nil, "can't read configuration, "..err_lock end @@ -291,6 +297,7 @@ local function read_config() print(' - Version ', cversion) print(' - Signature ', signature1..signature2) end + print(' - Max R/W Block ', maxRWblk) end lib14a.disconnect() return true, 'Ok' @@ -637,6 +644,26 @@ local function write_ulm(ulm) return true, 'Ok' end --- +-- Write maximum read/write block number, +local function write_maxRWblk(data) + -- input number check + if data == nil then return nil, 'empty block number' end + if #data == 0 then return nil, 'empty block number' end + if #data ~= 2 then return nil, 'block number wrong length. Should be 1 hex byte' end + + print('Set max R/W block', data) + local info = connect() + if not info then return false, "Can't select card" end + local resp + -- set maximum read/write block + resp = send("CF".._key.."6B"..data) + lib14a.disconnect() + if resp ~= '9000FD07' then return nil, 'Failed to write maximum read/write block' + else + return true, 'Ok' + end +end +--- -- Set type for magic card presets. local function set_type(tagtype) -- tagtype checks @@ -649,6 +676,7 @@ local function set_type(tagtype) send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000900") lib14a.disconnect() write_uid('04112233') + write_maxRWblk('13') -- Setting Mifare mini S20 7-byte elseif tagtype == 2 then print('Setting: Ultimate Magic card to Mifare mini S20 7-byte') @@ -656,6 +684,7 @@ local function set_type(tagtype) send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000900") lib14a.disconnect() write_uid('04112233445566') + write_maxRWblk('13') -- Setting Mifare mini S20 10-byte elseif tagtype == 3 then print('Setting: Ultimate Magic card to Mifare mini S20 10-byte') @@ -663,6 +692,7 @@ local function set_type(tagtype) send("CF".._key.."F000020000000002000978009102DABC19101011121314151684000900") lib14a.disconnect() write_uid('04112233445566778899') + write_maxRWblk('13') -- Setting Mifare 1k S50 4--byte elseif tagtype == 4 then print('Setting: Ultimate Magic card to Mifare 1k S50 4-byte') @@ -670,6 +700,7 @@ local function set_type(tagtype) send("CF".._key.."F000000000000002000978009102DABC19101011121314151604000800") lib14a.disconnect() write_uid('04112233') + write_maxRWblk('3F') -- Setting Mifare 1k S50 7-byte elseif tagtype == 5 then print('Setting: Ultimate Magic card to Mifare 1k S50 7-byte') @@ -677,6 +708,7 @@ local function set_type(tagtype) send("CF".._key.."F000010000000002000978009102DABC19101011121314151644000800") lib14a.disconnect() write_uid('04112233445566') + write_maxRWblk('3F') -- Setting Mifare 1k S50 10-byte elseif tagtype == 6 then print('Setting: Ultimate Magic card to Mifare 1k S50 10-byte') @@ -684,6 +716,7 @@ local function set_type(tagtype) send("CF".._key.."F000020000000002000978009102DABC19101011121314151684000800") lib14a.disconnect() write_uid('04112233445566778899') + write_maxRWblk('3F') -- Setting Mifare 4k S70 4-byte elseif tagtype == 7 then print('Setting: Ultimate Magic card to Mifare 4k S70 4-byte') @@ -691,6 +724,7 @@ local function set_type(tagtype) send("CF".._key.."F000000000000002000978009102DABC19101011121314151602001800") lib14a.disconnect() write_uid('04112233') + write_maxRWblk('FF') -- Setting Mifare 4k S70 7-byte elseif tagtype == 8 then print('Setting: Ultimate Magic card to Mifare 4k S70 7-byte') @@ -698,6 +732,7 @@ local function set_type(tagtype) send("CF".._key.."F000010000000002000978009102DABC19101011121314151642001800") lib14a.disconnect() write_uid('04112233445566') + write_maxRWblk('FF') -- Setting Mifare 4k S70 10-byte elseif tagtype == 9 then print('Setting: Ultimate Magic card to Mifare 4k S70 10-byte') @@ -705,6 +740,7 @@ local function set_type(tagtype) send("CF".._key.."F000020000000002000978009102DABC19101011121314151682001800") lib14a.disconnect() write_uid('04112233445566778899') + write_maxRWblk('FF') -- Setting UL elseif tagtype == 10 then print('Setting: Ultimate Magic card to UL') @@ -1016,7 +1052,7 @@ function main(args) local err, msg if #args == 0 then return help() end -- Read the parameters - for o, a in getopt.getopt(args, 'hck:u:t:p:a:s:o:v:q:g:z:n:m:w:') do + for o, a in getopt.getopt(args, 'hck:u:t:p:a:s:o:v:q:g:z:n:m:w:b:') do -- help if o == "h" then return help() end -- set Ultimate Magic Card Key for read write @@ -1049,6 +1085,8 @@ function main(args) if o == "m" then err, msg = write_ulm(a) end -- write UL protocol if o == "n" then err, msg = write_ulp(a) end + -- write max r/w block + if o == "b" then err, msg = write_maxRWblk(a) end if err == nil then return oops(msg) end end end diff --git a/client/pyscripts/fm11rf08_full.py b/client/pyscripts/fm11rf08s_full.py similarity index 93% rename from client/pyscripts/fm11rf08_full.py rename to client/pyscripts/fm11rf08s_full.py index e684f904d..6f3dbc93e 100644 --- a/client/pyscripts/fm11rf08_full.py +++ b/client/pyscripts/fm11rf08s_full.py @@ -14,7 +14,7 @@ import json from fm11rf08s_recovery import recovery author = "@csBlueChip" -script_ver = "1.2.0" +script_ver = "1.4.0" # Copyright @csBlueChip @@ -33,7 +33,7 @@ script_ver = "1.2.0" # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The original version of this script can be found at: -# https://github.com/csBlueChip/Proxmark_Stuff/tree/main/MiFare_Docs/Fudan_RF08(S)/PM3_Script +# https://github.com/csBlueChip/Proxmark_Stuff/tree/main/MiFare_Docs/Fudan_RF08S/PM3_Script # The original version is released with an MIT Licence. # Or please reach out to me [BlueChip] personally for alternative licenses. @@ -117,7 +117,7 @@ globals: args = parseCli() # No logfile name yet - lprint("Fudan FM11RF08[S] full card recovery") + lprint("Fudan FM11RF08S full card recovery") lprint("\nDump folder... " + color(f"{dpath}", fg="yellow")) # FIXME: script is announced as for RF08 and for RF08S but it comprises RF32N key @@ -142,7 +142,10 @@ globals: lprint(f" Keys not loaded, use {s} to run recovery script [slow]", prompt="[" + color("!", fg="red") + "]") else: # FIXME: recovery() is only for RF08S. TODO for the other ones with a "darknested" attack - keyfile = recoverKeys() + keyfile = recoverKeys(uid=uid, kdf=[["Bambu v1", kdfBambu1]]) + if keyfile == False: + lprint("Script failed - aborting") + return key = loadKeys(keyfile) if key is not None: @@ -201,7 +204,7 @@ def checkVer(): def parseCli(): """Parse the CLi arguments""" - parser = argparse.ArgumentParser(description='Full recovery of Fudan FM11RF08* cards.') + parser = argparse.ArgumentParser(description='Full recovery of Fudan FM11RF08S cards.') parser.add_argument('-n', '--nokeys', action='store_true', help='extract data even if keys are missing') parser.add_argument('-r', '--recover', action='store_true', help='run key recovery script if required') @@ -265,7 +268,7 @@ def getUIDfromBlock0(blk0): def decodeBlock0(blk0): """Extract data from block 0""" lprint() - lprint(" UID BCC ++----- RF08 ID -----++") + lprint(" UID BCC ++---- RF08* ID -----++") lprint(" ! ! SAK !! !!") lprint(" ! ! ! ATQA !! Fudan Sig !!") lprint(" !---------. !. !. !---. VV .---------------. VV") @@ -291,10 +294,13 @@ def decodeBlock0(blk0): hash = blk0[27:44] # Fudan hash "99 AA BB CC DD EE" + is08S = False + type = f"[{fida:02X}:{fidb:02X}]" # type/name if fidb == 0x90: if fida == 0x01 or fida == 0x03 or fida == 0x04: type += " - Fudan FM11RF08S" + is08S = True elif fidb == 0x1D: if fida == 0x01 or fida == 0x02 or fida == 0x03: @@ -333,6 +339,11 @@ def decodeBlock0(blk0): lprint(f" Fudan ID : {type}") # show type lprint(f" Fudan Sig: {hash}") # show ?Partial HMAC? + if not is08S: + lprint("\n This script is only for the RF08S cards") + lprint(" Other cards can be cracked with `hf mf autopwn`") + sys.exit(13) + def fudanValidate(blk0, live=False): """Fudan validation""" @@ -396,22 +407,34 @@ If keys cannot be loaded AND --recover is specified, then run key recovery return key -def recoverKeys(): +def recoverKeys(uid, kdf=[[]]): """Run key recovery script""" badrk = 0 # 'bad recovered key' count (ie. not recovered) + keys = False + lprint(f"\nTrying KDFs:"); + for fn in kdf: + lprint(f" {fn[0]:s}", end='') + keys = fn[1](uid) + if keys != False: + lprint(" .. Success", prompt='') + break + lprint(" .. Fail", prompt='') + lprint("\nRunning recovery script, ETA: Less than 30 minutes") lprint('\n`-._,-\'"`-._,-"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,') + r = recovery(quiet=False, keyset=keys) + lprint('`-._,-\'"`-._,-"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,') + + if r == False: + return False - r = recovery(quiet=False) keyfile = r['keyfile'] rkey = r['found_keys'] # fdump = r['dumpfile'] # rdata = r['data'] - lprint('`-._,-\'"`-._,-"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,-\'"`-._,') - for k in range(0, 16+1): for ab in [0, 1]: if rkey[k][ab] == "": @@ -427,9 +450,57 @@ def recoverKeys(): lprint(f"[{kn}/", end='', prompt='') lprint("A]" if ab == 0 else "B]", end='', prompt='') if badrk > 0: - lprint() + lprint("", prompt='') return keyfile +def kdfBambu1(uid): + from Cryptodome.Protocol.KDF import HKDF + from Cryptodome.Hash import SHA256 + + # Generate all keys + try: + # extracted from Bambu firmware + salt = bytes([0x9a,0x75,0x9c,0xf2,0xc4,0xf7,0xca,0xff,0x22,0x2c,0xb9,0x76,0x9b,0x41,0xbc,0x96]) + keyA = HKDF(uid, 6, salt, SHA256, 16, context=b"RFID-A\0") + keyB = HKDF(uid, 6, salt, SHA256, 16, context=b"RFID-B\0") + except Exception as e: + print(f"{e}") + return False + + # --- Grab block 13 (in sector 3) --- + cmd = f"hf mf rdbl -c 0 --key {keyA[3].hex()} --blk 12" + #lprint(f" `{cmd}`", flush=True, log=False, end='') + for retry in range(5): + p.console(cmd) + + found = False + for line in p.grabbed_output.split('\n'): + if " | " in line and "# | s" not in line: + lsub = line[4:76] + found = True + if found: + break + if not found: + return False + + # --- Try to decode it as a bambu date string --- + try: + dl = bytes.fromhex(lsub[6:53]).decode('ascii').rstrip('\x00') + except Exception: + return False + + # dl 2024_03_22_16_29 + # yy y y m m d d h h m m + exp = r"20[2-3][0-9]_[0-1][0-9]_[0-3][0-9]_[0-2][0-9]_[0-5][0-9]" + if not re.search(exp, dl): + return False + + # --- valid date string, we are confident this is a bambu card --- + keys = [] + for i in range(0, 15+1): + keys.append([keyA[i].hex(), keyB[i].hex()]) + + return keys def verifyKeys(key): """Verify keys diff --git a/client/pyscripts/fm11rf08s_recovery.py b/client/pyscripts/fm11rf08s_recovery.py index 9f7270340..9c7d7d841 100755 --- a/client/pyscripts/fm11rf08s_recovery.py +++ b/client/pyscripts/fm11rf08s_recovery.py @@ -76,7 +76,7 @@ for tool, bin in tools.items(): exit() -def recovery(init_check=False, final_check=False, keep=False, debug=False, supply_chain=False, quiet=True): +def recovery(init_check=False, final_check=False, keep=False, debug=False, supply_chain=False, quiet=True, keyset=False): def show(s='', prompt="[" + color("=", fg="yellow") + "] ", **kwargs): if not quiet: s = f"{prompt}" + f"\n{prompt}".join(s.split('\n')) @@ -94,7 +94,7 @@ def recovery(init_check=False, final_check=False, keep=False, debug=False, suppl if uid is None: show("Card not found") - return + return False show("UID: " + color(f"{uid:08X}", fg="green")) def show_key(sec, key_type, key): @@ -106,6 +106,14 @@ def recovery(init_check=False, final_check=False, keep=False, debug=False, suppl save_path = prefs['file.default.dumppath'] + os.path.sep found_keys = [["", ""] for _ in range(NUM_SECTORS + NUM_EXTRA_SECTORS)] + + if keyset != False: + n = min(len(found_keys),len(keyset)) + show(f"{n} Key pairs supplied: ") + for i in range(0, n): + found_keys[i] = keyset[i] + show(f" Sector {i:2d} : A = {found_keys[i][0]:12s} B = {found_keys[i][1]:12s}") + if init_check: show("Checking default keys...") p.console("hf mf fchk") @@ -135,7 +143,7 @@ def recovery(init_check=False, final_check=False, keep=False, debug=False, suppl if (nonces_with_data == ""): show("Error getting nonces, abort.") - return + return False try: with open(nonces_with_data, 'r') as file: @@ -143,7 +151,7 @@ def recovery(init_check=False, final_check=False, keep=False, debug=False, suppl dict_nwd = json.load(file) except json.decoder.JSONDecodeError: show(f"Error parsing {nonces_with_data}, abort.") - return + return False nt = [["", ""] for _ in range(NUM_SECTORS + NUM_EXTRA_SECTORS)] nt_enc = [["", ""] for _ in range(NUM_SECTORS + NUM_EXTRA_SECTORS)] diff --git a/client/pyscripts/spi_flash_decode.py b/client/pyscripts/spi_flash_decode.py index 0f125844b..1e3aab578 100644 --- a/client/pyscripts/spi_flash_decode.py +++ b/client/pyscripts/spi_flash_decode.py @@ -12,62 +12,118 @@ except ModuleNotFoundError: return str(s) spi = { + 0x68:{ + "manufacturer": "Boya", + "jedec" : { + 0x40: { + 0x15: { + "part": "BY25Q16BS", + "size": "16mbits", + "sizeB": "2MB", + }, + }, + }, + }, 0x85:{ "manufacturer": "Puya", - 0x60: { - 0x15: { - "part": "P25Q16H", - "size": "16mbits", - "sizeB": "2MB", + "jedec" : { + 0x60: { + 0x15: { + "part": "P25Q16H", + "size": "16mbits", + "sizeB": "2MB", + }, + 0x16: { + "part": "P25Q32H", + "size": "32mbits", + "sizeB": "4MB", + }, + 0x17: { + "part": "P25Q64H", + "size": "64mbits", + "sizeB": "8MB", + }, }, }, }, 0xEF:{ "manufacturer": "Winbond", - 0x30: { - 0x11: { - "part": "W25X10BV", - "size": "1mbits", - "sizeB": "128KB", + "jedec" : { + 0x30: { + 0x11: { + "part": "W25X10BV", + "size": "1mbits", + "sizeB": "128KB", + }, + 0x12: { + "part": "W25X20BV", + "size": "2mbits", + "sizeB": "256KB", + }, + 0x13: { + "part": "W25X40BV", + "size": "4mbits", + "sizeB": "512KB", + }, }, - 0x12: { - "part": "W25X20BV", - "size": "2mbits", - "sizeB": "256KB", + 0x40: { + 0x12: { + "part": "W25Q20BV", + "size": "2mbits", + "sizeB": "256KB", + }, + 0x13: { + "part": "W25Q40BV", + "size": "4mbits", + "sizeB": "512KB", + }, + 0x14: { + "part": "W25Q80BV", + "size": "8mbits", + "sizeB": "1MB", + }, + 0x15: { + "part": "W25Q16BV", + "size": "16mbits", + "sizeB": "2MB", + }, + 0x16: { + "part": "W25Q32BV", + "size": "32mbits", + "sizeB": "4MB", + }, + 0x17: { + "part": "W25Q64BV", + "size": "64mbits", + "sizeB": "8MB", + }, }, - 0x13: { - "part": "W25X40BV", - "size": "4mbits", - "sizeB": "512KB", - }, - }, - 0x40: { - 0x13: { - "part": "W25Q40BV", - "size": "4mbits", - "sizeB": "512KB", - }, - 0x14: { - "part": "W25Q80BV", - "size": "8mbits", - "sizeB": "1MB", - }, - 0x15: { - "part": "W25Q16BV", - "size": "16mbits", - "sizeB": "2MB", - }, - 0x16: { - "part": "W25Q32BV", - "size": "32mbits", - "sizeB": "4MB", - }, - }, - 0x70: { - 0x22: { - "part": "W25Q02JV-IM", - "size": "2mbits", - "sizeB": "256KB", + 0x70: { + 0x14: { + "part": "W25Q80JV", + "size": "8mbits", + "sizeB": "1MB", + }, + 0x15: { + "part": "W25Q16JV", + "size": "16mbits", + "sizeB": "2MB", + }, + 0x16: { + "part": "W25Q32JV", + "size": "32mbits", + "sizeB": "4MB", + }, + 0x17: { + "part": "W25Q64JV", + "size": "64mbits", + "sizeB": "8MB", + }, + 0x22: { + "part": "W25Q02JV-IM", + "size": "2mbits", + "sizeB": "256KB", + }, }, }, }, @@ -90,16 +146,16 @@ for line in p.grabbed_output.split('\n'): did_h = did >> 8 did_l = did & 0xff t = None - + print(f"\n JEDEC ID....... 0x{mid:X} / 0x{did:X}") if mid in spi: mfr = spi[mid]['manufacturer'] - if did_h in spi[mid]: + if did_h in spi[mid]['jedec']: - if did_l in spi[mid][did_h]: + if did_l in spi[mid]['jedec'][did_h]: - t = spi[mid][did_h][did_l] + t = spi[mid]['jedec'][did_h][did_l] print("\n Manufacturer... " + color(f"{mfr}", fg="green") + "\n Device......... " + color(f"{t['part']}", fg="green") + "\n Size........... " + color(f"{t['size']} ({t['sizeB']})", fg="yellow") diff --git a/client/pyscripts/theremin.py b/client/pyscripts/theremin.py index 790fc6bf8..8cb41737a 100755 --- a/client/pyscripts/theremin.py +++ b/client/pyscripts/theremin.py @@ -1,81 +1,177 @@ #!/usr/bin/python3 -### Parameters +import os +import subprocess +import signal +import numpy as np +from pyaudio import PyAudio, paFloat32, paContinue + # Sound output parameters volume = 1.0 -sample_buf_size = 44 -sampling_freq = 44100 #Hz +sampling_freq = 44100 # Hz # Frequency generator parameters -min_freq = 200 #Hz -max_freq = 2000 #Hz +min_freq = 100 # Hz +max_freq = 6000 # Hz # Proxmark3 parameters -pm3_client="/usr/local/bin/proxmark3" -pm3_reader_dev_file="/dev/ttyACM0" -pm3_tune_cmd="hf tune" +pm3_client = "pm3" +pm3_tune_cmd = "hf tune --value" + +frequency = 440 +buffer = [] -### Modules -import numpy -import pyaudio -from select import select -from subprocess import Popen, DEVNULL, PIPE +def find_zero_crossing_index(array): + for i in range(1, len(array)): + if array[i-1] < 0 and array[i] >= 0: + return i + return None # Return None if no zero-crossing is found -### Main program -p = pyaudio.PyAudio() +def generate_sine_wave(frequency, sample_rate, duration, frame_count): + """Generate a sine wave at a given frequency.""" + t = np.linspace(0, duration, int(sample_rate * duration), endpoint=False) + wave = np.sin(2 * np.pi * frequency * t) + return wave[:frame_count] -# For paFloat32 sample values must be in range [-1.0, 1.0] -stream = p.open(format=pyaudio.paFloat32, - channels=1, - rate=sampling_freq, - output=True) -# Initial voltage to frequency values -min_v = 100.0 -max_v = 0.0 -v = 0 -out_freq = min_freq +# PyAudio Callback function +def pyaudio_callback(in_data, frame_count, time_info, status): + # if in_data is None: + # return (in_data, pyaudio.paContinue) + global frequency + global buffer + wave = generate_sine_wave(frequency, sampling_freq, 0.01, frame_count*2) + i = find_zero_crossing_index(buffer) + if i is None: + buffer = wave + else: + buffer = np.concatenate((buffer[:i], wave)) + data = (buffer[:frame_count] * volume).astype(np.float32).tobytes() + buffer = buffer[frame_count:] + return (data, paContinue) +# pyaudio.paComplete -# Spawn the Proxmark3 client -pm3_proc = Popen([pm3_client, pm3_reader_dev_file, "-c", pm3_tune_cmd], bufsize=0, env={}, stdin=DEVNULL, stdout=PIPE, stderr=DEVNULL) -mv_recbuf = "" -# Read voltages from the Proxmark3, generate the sine wave, output to soundcard -sample_buf = [0.0 for x in range(0, sample_buf_size)] -i = 0 -sinev = 0 -while True: +def silent_pyaudio(): + """ + Lifted and adapted from https://stackoverflow.com/questions/67765911/ + PyAudio is noisy af every time you initialise it, which makes reading the + log output rather difficult. The output appears to be being made by the + C internals, so we can't even redirect the logs with Python's logging + facility. Therefore the nuclear option was selected: swallow all stderr + and stdout for the duration of PyAudio's use. + """ - # Read Proxmark3 client's stdout and extract voltage values - if(select([pm3_proc.stdout], [], [], 0)[0]): + # Open a pair of null files + null_fds = [os.open(os.devnull, os.O_RDWR) for x in range(2)] + # Save the actual stdout (1) and stderr (2) file descriptors. + save_fds = [os.dup(1), os.dup(2)] + # Assign the null pointers to stdout and stderr. + os.dup2(null_fds[0], 1) + os.dup2(null_fds[1], 2) + pyaudio = PyAudio() + os.dup2(save_fds[0], 1) + os.dup2(save_fds[1], 2) + # Close all file descriptors + for fd in null_fds + save_fds: + os.close(fd) + return pyaudio - b = pm3_proc.stdout.read(256).decode("ascii") - if "Done" in b: - break; - for c in b: - if c in "0123456789 mV": - mv_recbuf += c - else: - mv_recbuf = "" - if mv_recbuf[-3:] == " mV": - v = int(mv_recbuf[:-3]) / 1000 - if v < min_v: - min_v = v - 0.001 - if v > max_v: - max_v = v + +def run_pm3_cmd(callback): + # Start the process + process = subprocess.Popen( + [pm3_client, '-c', pm3_tune_cmd], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True, + bufsize=1, # Line buffered + shell=False + ) + + # Read the output line by line as it comes + try: + with process.stdout as pipe: + for line in pipe: + # Process each line + l = line.strip() # Strip to remove any extraneous newline characters + callback(l) + except Exception as e: + print(f"An error occurred: {e}") + finally: + # Ensure the subprocess is properly terminated + process.terminate() + process.wait() + + +def linear_to_exponential_freq(v, min_v, max_v, min_freq, max_freq): + # First, map v to a range between 0 and 1 + if max_v != min_v: + normalized_v = (v - min_v) / (max_v - min_v) + else: + normalized_v = 0.5 + normalized_v = 1 - normalized_v + + # Calculate the ratio of the max frequency to the min frequency + freq_ratio = max_freq / min_freq + + # Calculate the exponential frequency using the mapped v + freq = min_freq * (freq_ratio ** normalized_v) + return freq + + +class foo(): + def __init__(self): + self.p = silent_pyaudio() + # For paFloat32 sample values must be in range [-1.0, 1.0] + self.stream = self.p.open(format=paFloat32, + channels=1, + rate=sampling_freq, + output=True, + stream_callback=pyaudio_callback) + + # Initial voltage to frequency values + self.min_v = 50000.0 + self.max_v = 0.0 + + # Setting the signal handler for SIGINT (Ctrl+C) + signal.signal(signal.SIGINT, self.signal_handler) + + # Start the stream + self.stream.start_stream() + + def __exit__(self): + self.stream.stop_stream() + self.stream.close() + self.p.terminate() + + def signal_handler(self, sig, frame): + print("\nYou pressed Ctrl+C! Press Enter") + self.__exit__() + + def callback(self, line): + if 'mV' not in line: + return + v = int(line.split(' ')[1]) + if v == 0: + return + self.min_v = min(self.min_v, v) + self.max_v = max(self.max_v, v) # Recalculate the audio frequency to generate - out_freq = (max_freq - min_freq) * (max_v - v) / (max_v - min_v) \ - + min_freq + global frequency + frequency = linear_to_exponential_freq(v, self.min_v, self.max_v, min_freq, max_freq) - # Generate the samples and write them to the soundcard - sinevs = out_freq / sampling_freq * numpy.pi * 2 - sample_buf[i] = sinev - sinev += sinevs - sinev = sinev if sinev < numpy.pi * 2 else sinev - numpy.pi * 2 - i = (i + 1) % sample_buf_size - if not i: - stream.write((numpy.sin(sample_buf) * volume). - astype(numpy.float32).tobytes()) +# frequency = max_freq - ((max_freq - min_freq) * (v - self.min_v) / (self.max_v - self.min_v) + min_freq) + #frequency = (frequency + new_frequency)/2 + + +def main(): + f = foo() + run_pm3_cmd(f.callback) + + +if __name__ == "__main__": + main() diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 565c51b0e..9bb14e6ef 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -859,8 +859,8 @@ "AID": "014D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 1", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 1)", "Type": "transport" }, { @@ -875,24 +875,48 @@ "AID": "024D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 2", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 2)", + "Type": "transport" + }, + { + "AID": "025342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", "Type": "transport" }, { "AID": "034D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 3", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 3)", + "Type": "transport" + }, + { + "AID": "035342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", "Type": "transport" }, { "AID": "044D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 4", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 4)", + "Type": "transport" + }, + { + "AID": "045342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", "Type": "transport" }, { @@ -907,8 +931,16 @@ "AID": "054D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 5", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 5)", + "Type": "transport" + }, + { + "AID": "055342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", "Type": "transport" }, { @@ -923,16 +955,40 @@ "AID": "064D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 6", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 6)", + "Type": "transport" + }, + { + "AID": "065342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", "Type": "transport" }, { "AID": "074D44", "Vendor": "Delhi Metro Rail Corporation Limited", "Country": "IN", - "Name": "Delhi Metro Travel Card (DEL)", - "Description": "DEL Delhi Metro App 7", + "Name": "Delhi Metro Travel Card (DEL) (Alternative Endian)", + "Description": "DEL Delhi Metro (App 7)", + "Type": "transport" + }, + { + "AID": "075342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "085342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", "Type": "transport" }, { @@ -943,6 +999,78 @@ "Description": "Umo Mobility Card", "Type": "transport" }, + { + "AID": "095342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0A5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0B5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0C5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0D5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0E5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "0F5342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "105342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, + { + "AID": "115342", + "Vendor": "Bangkok Expressway and Metro Public Limited Company (BEM)", + "Country": "TH", + "Name": "MRT Stored Value Card (BKK)", + "Description": "Might also be used by BKK MRT Plus and/or BKK Park & Ride Plus Cards", + "Type": "transport" + }, { "AID": "2211AF", "Vendor": "National Transport Authority", @@ -951,6 +1079,70 @@ "Description": "DUB Leap Card // Transport for Ireland // FIDs: 01,1F: Backup Data; 02-0A: Standard Data", "Type": "transport" }, + { + "AID": "444D01", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 1)", + "Type": "transport" + }, + { + "AID": "444D02", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 2)", + "Type": "transport" + }, + { + "AID": "444D03", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 3)", + "Type": "transport" + }, + { + "AID": "444D04", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 4)", + "Type": "transport" + }, + { + "AID": "444D05", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 5)", + "Type": "transport" + }, + { + "AID": "444D05", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 5)", + "Type": "transport" + }, + { + "AID": "444D06", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 6)", + "Type": "transport" + }, + { + "AID": "444D07", + "Vendor": "Delhi Metro Rail Corporation Limited", + "Country": "IN", + "Name": "Delhi Metro Travel Card (DEL)", + "Description": "DEL Delhi Metro (App 7)", + "Type": "transport" + }, { "AID": "484000", "Vendor": "Sistema de Tren Elétrico Urbano (SITEUR)", @@ -1063,12 +1255,28 @@ "Description": "SOF Sofia City Card", "Type": "transport" }, + { + "AID": "CC00CC", + "Vendor": "Central Ohio Transit Authority (COTA) via Masabi Ltd", + "Country": "US", + "Name": "COTA Smartcard (CMH)", + "Description": "CMH COTA Smartcard; Masabi Justride Tap and Ride DESFire Smartcard", + "Type": "transport" + }, + { + "AID": "D000D0", + "Vendor": "Greater Dayton Regional Transit Authority (RTA) via Masabi Ltd", + "Country": "US", + "Name": "RTA Tapp Pay Card (DAY)", + "Description": "DAY RTA Tapp Pay Card; Masabi Justride Tap and Ride DESFire Smartcard", + "Type": "transport" + }, { "AID": "DD00DD", - "Vendor": "Regional Transporation District (RTD) via masabi justride", + "Vendor": "Regional Transporation District (RTD) via Masabi Ltd", "Country": "US", "Name": "MyRide Card (DEN)", - "Description": "DEN MyRide Card", + "Description": "DEN MyRide Card; Masabi Justride Tap and Ride DESFire Smartcard", "Type": "transport" }, { @@ -1151,6 +1359,30 @@ "Description": "FIDs 02: Card Balance; 04: Refill History; 08: Card Information; 0E: Trip History", "Type": "transport" }, + { + "AID": "F21201", + "Vendor": "Green Bay Metro Transit via Genfare", + "Country": "US", + "Name": "Tap-N-Go Card (GRB)", + "Description": "GRB Tap-N-Go Card", + "Type": "transport" + }, + { + "AID": "F21202", + "Vendor": "Green Bay Metro Transit via Genfare", + "Country": "US", + "Name": "Tap-N-Go Card (GRB)", + "Description": "GRB Tap-N-Go Card", + "Type": "transport" + }, + { + "AID": "F212A0", + "Vendor": "CTtransit", + "Country": "US", + "Name": "Go CT Card (BDL)", + "Description": "BDL Go CT Card", + "Type": "transport" + }, { "AID": "F21360", "Vendor": "INIT", diff --git a/client/src/atrs.h b/client/src/atrs.h index dd9420097..95a24e997 100644 --- a/client/src/atrs.h +++ b/client/src/atrs.h @@ -3197,1411 +3197,1411 @@ const static atr_t AtrTable[] = { { "3B9F96801FC78031E073FE211BB3E204A5830F90005B", "Tre Italia Gemplus (Telecommunication)" }, { "3B9F96801FC78031E073FEA117574A33058C33390096", "1NCE SIM card (Telecommunication)\nhttps://1nce.com/en-eu/1nce-os/our-architecture" }, { "3B9F96803F87828031E073FE211B67454D753034024B02", "Hologram Global G1 eUICC SIM(Telecommunication)\nhttps: //www.hologram.io/products/global-iot-sim-card/" }, - { "3B9F96803F87828031E073FE211F574543753130136502", "sysmoEUICC1-Cxx - eUCICC for econsumer eSIM RSP (Telecommunication)\nhttps://sysmocom.de/products/sim/sysmocom-euicc/index.html" }, - { "3B9F96803F87828031E073FE211F574543753130266F3D", "An eSIM physical card, you can write eSIM profiles into it and use it as a general SIM (Telecommunication)\nhttps://www.9esim.com/" }, - { "3B9F96803FC3A08031E073F62113574A4D0E1D31300071", "Telenor SIM card (Norway)" }, - { "3B9F96803FC6A08031E073F62116574A4D020B34546369", "SIM card Wingo operator (Switzerland) (Telecommunication)" }, - { "3B9F96803FC7008031E073FE211B6408050300829000EF", "Multipurpose UICC card for 2G, 3G, 4G/LTE, CDMA, ISIM & NFC (Telecommunication)\nhttp://www.smartjac.biz/index.php/component/eshop/telecom/test-uicc-sim-cards/2ff-mini-sim-cards/4g-open-multipurpose-uicc-card-3ff?Itemid=0" }, - { "3B9F96803FC7008031E073FE211F6441262100829000A3", "Smartjac SMAOT100A234FF (Telecommunication)\nhttps://smartjac.com" }, - { "3B9F96803FC7828031E073F62157574A330581053000CE", "COMPRION M2M eUICC (Telecommunication)" }, - { "3B9F96803FC7828031E073F62157574A4D020B60010069", "eSIM GSMA Card (Telecommunication)\nhttps://www.gsma.com/newsroom/wp-content/uploads/SGP.22_v2.2.pdf" }, - { "3B9F96803FC7828031E073F62157574A4D020B60610009", "ting (Telecommunication)" }, - { "3B9F96803FC7828031E073FE211B57AA8660F0010004FB", "The eSIM.me Card (Telecommunication)\nhttps://esim.me/" }, - { "3B9F96803FC7828031E073FE211B57AA8660F0010011EE", "eSIM.me pluggable eSIM (Telecommunication)\nhttps://esim.me/" }, - { "3B9F96803FC7828031E073FE211B57AA8660F0010017E8", "eSim.me Orange Setup (Telecommunication)" }, - { "3B9F96803FC7828031E073FE211B57AA8660F001001EE1", "5Ber (Telecommunication)\nhttps://esim.5ber.com" }, - { "3B9F96803FC7828031E073FE211B633A204E8300900031", "eSIM (Telecommunication)" }, - { "3B9F96803FC7828031E075F62157200355020B60500018", "iPhone 11 SIM Slot eUICC chip. Identified by eSTK.me. (Telecommunication)" }, - { "3B9F96803FC7828031E075F62157200355020C608000CF", "ST33J2M0STL9DZB0 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33j2m0.html" }, - { "3B9F96803FC7828031E075F62157210355020B60010048", "ST33G1M2STL8ENL0 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33g1m2.html" }, - { "3B9F96803FC7828031E075F62157210355020B60500019", "st33g1m2 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33g1m2.html" }, - { "3B9F96803FC7828031E075F62157210355020C608000CE", "ST33J2M0STL9DZB1 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33j2m0.html" }, - { "3B9F96803FC7828031E075F621573C0455020C61010054", "euicc from iphone14 (Telecommunication)" }, - { "3B9F96803FC7A08031E073F62116574A4D020233456377", "ISIS-Ready T-Mobile Sim Card (Telecommunication)" }, - { "3B9F96803FC7A08031E073F62156574A4D020B3444005B", "Norwegian telenor (Telecommunication)\nhttp://www.telenor.no" }, - { "3B9F96803FC7A08031E073F62157574A4D020B34546329", "Orange FR - opa (Telecommunication)" }, - { "3B9F96803FC7A08031E073FE211B63F100E8830090005E", "UICC CARD (Telecommunication)" }, - { "3B9F96803FC7A08031E073FE211B6407689A00829000B4", "Orange SIM Card (Telecommunication)" }, - { "3B9F96803FC7A08031E073FE211B64080503008290004F", "NFC-enabled SIM card of MTS Russia. (Telecommunication)" }, - { "3B9F96803FC7A08031E073FE211F6300690083819000AB", "GSM file system and SWP sample supplied with STMicro development kit (Other)" }, - { "3B9F96803FC7A08031E073FE211F6441269100829000B3", "LTE Lab SIM Ver 1.3 (Telecommunication)" }, - { "3B9F968131FE458065544312210831C073F6218081059A", "Scientific and Technological Research Council of Turkey (test card) (eID)" }, - { "3B9F968131FE45806755454B41451212318073B3A180EA", "AKiS v1.2 on nxp chip" }, - { "3B9F968131FE45806755454B41451252318073B3A180AA", "AKiS v1.2.1 on infineon chip" }, - { "3B9F968131FE45806755454B41451253318073B3A180AB", "AKiS v1.2.1 on nxp chip" }, - { "3B9F968131FE45806755454B41451292318073B3A1806A", "AKiS v1.2.2 on infineon chip" }, - { "3B9F968131FE45806755454B41451293318073B3A1806B", "AKiS v1.3 on infineon chip" }, - { "3B9F968131FE5D00640428010231C073F701D000900065", "German eTicketing SAM (Transport)\nhttps://www.eticket-deutschland.de/" }, - { "3B9F968131FE6D00640428010231C073F701D000900055", "VDV-KA Secure Access Module (German Public Transport) (Transport)\nhttps://www.eticket-deutschland.de/" }, - { "3B9F968131FE9D006405A0030431C073F701D000900028", "Deutsche Telekom AG, TeleSec PKS ECC Signature Card (PKI)\nhttps://www.telesec.de/en/signaturecard" }, - { "3B9F9681B1FE451F070064051EB20031B0739621DB0590005C", "SignTrust (www.signtrust.de)\nInfinion SLE66CX680PE with Starcos 3.2\nhttp://www.deutschepost.de/dpag?xmlFile=link1015459_49595" }, - { "3B9F9681B1FE451F070064051EB20331B0739621C005900044", "German Dentist ID (eID)" }, - { "3B9F96C00A1FC38031E073FE211B63F100AD830F9000DA", "SIM SFR Pro (French Mobile Operator)" }, - { "3B9F96C00A1FC68031E073FE211F65D00233131B810FFA", "Tinkoff SIM card (Telecommunication)" }, - { "3B9F96C00A1FC78031E073FE211B63F100AD830F9000DE", "H3G (Italy) UMTS USIM card" }, - { "3B9F96C00A1FC78031E073FE211B65D0011009228100F3", "Verizon 4G LTE SIM Card (Telecommunication)\nhttp://www.verizonwireless.com/support/information/4gsim.html" }, - { "3B9F96C00A1FC78031E073FE211B65D0018E0E3281007A", "Rogers 3G SIM card" }, - { "3B9F96C00A1FC78031E073FE211F65D0020912EE810F35", "German SIM card Drillisch (Telefonica) (Telecommunication) (Telecommunication)\nhttps://www.drillisch-online.de/" }, - { "3B9F96C00A1FC78031E073FE211F65D0020914F9810F24", "CONNEXA SIM CARD (Telecommunication)" }, - { "3B9F96C00A1FC78031E073FE211F65D0020B11A4810F7E", "Telia Finland Oyj, network operator LTE (Telecommunication)" }, - { "3B9F96C00A1FC78031E073FE211F65D013370F3B810FD2", "Gemalto Security Element (PKI)" }, - { "3B9F96C00A31FE45435431690B010001000000000000000D", "EU smart tachograph card (driver/company/control/workshop)\nhttps://dtc.jrc.ec.europa.eu/" }, - { "3B9F96C00A31FE45754A6176656C696E2D4F5320312E3051", "Vietnam ID Card (eID)" }, - { "3B9F96C00A3FC6A08031E073FE211B65D001740EEB810FD7", "Verizon '4G LTE' USIM (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211B65D001740F13810F2E", "SFR GSM SIM Card (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211B65D001740F50810F6D", "5G (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211F65D001900F3B810FE6", "Verizon US USIM card (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211F65D00209107C810F24", "GSM SIM Vodafone NL postpaid NFC+ (Telecommunication)" }, - { "3B9F96C00A3FC6A08031E073FE211F65D0021B12B7810FFF", "SIM Card Fastweb IT GSM mobile network (Telecommunication)" }, - { "3B9F96C00A3FC7828031E073FE211F65D00209146C810F13", "euicc (eID)" }, - { "3B9F96C00A3FC7A08031E073FE211B65D001740E8D810FB0", "USIM" }, - { "3B9F96C00A3FC7A08031E073FE211B65D001740EE3810FDE", "EE (UK) Mobile Phone SIM Card circa 2016 (Telecommunication)" }, - { "3B9F96C00A3FC7A08031E073FE211B65D001740F13810F2F", "Phone card sim (Telecommunication)" }, - { "3B9F96C00A3FC7A08031E073FE211F65D0021A12AB810FE3", "Orange SIM (Telecommunication)" }, - { "3B9F96C00A3FC7A08031E073FE211F65D0021B12B7810FFE", "ISPL Card (Telecommunication)" }, - { "3B9F96C0F031FE45754A6176656C696E2D4F5320312E30AB", "ATKey.Card NFC Bio-ID (eID)" }, - { "3B9F97801FC68031E073FE211B6441442100829000E5", "SAKURA Internet SIM (Telecommunication)\nhttps://www.sakura.ad.jp/services/sim/" }, - { "3B9F97801FC68031E073FE211B65CA010E060B81059E", "rain Networks - R15 4G Sim Card (Telecommunication)\nhttp://www.rain.co.za" }, - { "3B9F97801FC78031E073FE211367980801120401045B", "Tmobile Sim card (Telecommunication)" }, - { "3B9F97801FC78031E073FE211367980801120601065B", "Tmobile (Telecommunication)" }, - { "3B9F97801FC78031E073FE2113679814010202010257", "Orange SIM from Egypt (Telecommunication)" }, - { "3B9F97803FC6828031E073FE211F630089008381900069", "ST4SIM-200M (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st4sim-200m.html" }, - { "3B9F97803FC7828031E073FE211F640856210082900019", "eSIM card (Telecommunication)" }, - { "3B9F97803FC7828031E073FE211F6409069200829000FB", "Ubigi Transatel esim (Telecommunication)" }, - { "3B9F978131FE458065544312210831C073F621808105", "Republic of Turkey Identity Card (eID)\nhttps://bilgem.tubitak.gov.tr/en/icerik/national-identity-card-tr-nc-identity-card" }, - { "3B9F978131FE458065544312210831C073F62180810590", "Turkish National Electronic Identity Card - TCKK (eID)\nhttp://www.ekds.gov.tr" }, - { "3B9F978131FE458065544312210831C073F6218081059B", "Turkish Republic Identity Card - Turkiye Cumhuriyeti Kimlik Karti (TCKK) (eID)\nhttp://www.ekds.gov.tr/tckk/t-c-kimlik-karti/tanim" }, - { "3B9F978131FE4580655443D2210831C073F6218081055B", "Turkish Republic official electronic ID card with biometric data, e-signature, authentication, secure private-key cryptographic messaging, etc. (eID)\nhttp://bilgem.tubitak.gov.tr/en/icerik/national-identity-card-tr-nc-identity-card" }, - { "3B9F978131FE4580655443D3228231C073F621808105D3", "Turkish eID (Turkiye Cumhuriyeti Kimlik Karti) (eID)" }, - { "3B9F97C00A1FC68031E073FE211F65D00233150E810FE8", "SIM Card (Telecommunication)" }, - { "3B9F97C00A1FC78031E073FE211B65D0011009228100F2", "'ultra fast card, max speed supported for telecom'? (transport)" }, - { "3B9F97C00A1FC78031E073FE211B65D001900F3B810F62", "Gemalto Multi-SIM consumer 4.2 (ST33I1M2) (Telecommunication)" }, - { "3B9F97C00A3FC6828031E073FE211B65D0023314A5810FE4", "Thales eUICC French Ministry BAP v2 (Telecommunication)" }, - { "3B9F97C00A3FC6A08031E073FE211B65D001740EEB810FD6", "Verizon 4G LTE Micro SIM (Telecommunication)" }, - { "3B9F97C00A3FC6A08031E073FE211F65D0021B13F6810FBE", "Verizon SIM Card (Telecommunication)" }, - { "3B9F97C00A3FC7A08031E073FE211F65D001900FEE810F33", "AT&T Mobility LLC MicroSIM Card (Telecommunication)\nhttps://www.att.com/wireless/" }, - { "3B9F97C00AB1FE453FC6828031E073FE211B65D0023A14C9810F8B", "SIM (Telecommunication)" }, - { "3B9F97C0FF1FC78031E073FE211B63F100AD830F90002A", "Gemalto Speed Enhancement 97 (Telecommunication)" }, - { "3B9FB681B1FE5D1F4700640411030131C073B7010000900035", "BOS (Telecommunication)" }, - { "3B9FD680B1A0591FC7534C4538385F50534C5F56302E353001", "Infineon SLE88CFX4000P" }, - { "3BA70040..8065A208......", "Gemplus GemSAFE Smart Card (8K)" }, - { "3BA70040148065A214010137", "Gemplus GPK4000sdo" }, - { "3BA70040188065A208010152", "Gemplus GPK8000\nGemSAFE Smart Card (8K)\nMultiApp ID IAS ECC 72K CC (with IAS XL / IAS ECC Applet) IAS ECC Type 3 (Bank)" }, - { "3BA70040188065A209010152", "Gemplus GPK16000" }, - { "3BA70040188065A209010252", "Gemplus GPK16000" }, - { "3BA70040188065A209010352", "Gemplus GemSAFE std (GPK16000?)" }, - { "3BA8008171465D0054434F53312E320065", "Telesec TCOS 1.2" }, - { "3BA8008171465D0054434F53312E324B2E", "CeloCom Card with TCOS 1.2" }, - { "3BAA00401447473245543553343830", "Old German 'D2 Privat' sim card (Telecommunication)" }, - { "3BAA00401447473247543553343830", "GSM-SIM Libertel (900MHz)" }, - { "3BAA004080534F805345030411AAA3", "'open platform' ATMEGA 'new Generation'\nhttp://www.masterixweb-italy.com/new/images/articoli/atmega.jpg" }, - { "3BAB00813140458031C0650806800000000084", "Reloadable Visa Cash card (Schlumberger), Bank of America" }, - { "3BAC00402A001225006480000310009000", "Sesam Vitale card CPS (Carte Profesionnel de Sante)\nhttps://esante.gouv.fr/securite/cartes-et-certificats/CPS" }, - { "3BAC00402A001225006480820212009000", "Sesam Vitale card CPS (Carte Profesionnel de Sante)" }, - { "3BAD0040FF80318065B00501015E83009000", "Dallas Semiconductor iButton\nJIB\nGemplus GemXpresso 2.11PK" }, - { "3BB0110081319073F2", "SamOS 2.7" }, - { "3BB033009181316B35FC", "SkyperfecTV HD IC Card (Pay TV)\nhttps://www.skyperfectv.co.jp/eng/" }, - { "3BB036008131FE5D95", "Betacrypt 2 (Comvenient GmbH) Conditional Access Smart Card (Pay TV)\nwww.comvenient.com" }, - { "3BB2110010800001", "Atmel memory card AT88SC0104C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf\nPlug'n'Print" }, - { "3BB2110010800002", "Atmel memory card AT88SC0204C (Atmel memory card)\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5211.pdf\nCard LAVAGE reloadadble from stations TOTAL" }, - { "3BB2110010800004", "Atmel memory card AT88SC0404C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB2110010800008", "Atmel memory card AT88SC0808C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf\nSmart VR Card - GD Burti" }, - { "3BB2110010800016", "Atmel memory card AT88SC1616C\nhttps://www.microchip.com/en-us/product/AT88SC1616C#document-table\nRexall (Canada) - Blood Pressure Check card\nhttp://www.rexall.ca/services/blood-pressure-tracking" }, - { "3BB3110000000032", "Atmel memory card AT88SC3216C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB3110000000064", "Atmel memory card AT88SC6416C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB3110000000128", "Atmel memory card AT88SC12816C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB3110000000256", "Atmel memory card AT88SC25616C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, - { "3BB7110081319043A5..............", "Siemens CardOS/M V1.4 (SLE44C80S)" }, - { "3BB7110081319043C517B09D19221E1F", "CryptoTech blank access/authentication card (Other)\nhttp://www.cryptotech.com.pl/" }, - { "3BB7110081319053B5..............", "CardOS EM/V1.4 (SLE44CR80S)" }, - { "3BB711008131FE432025854702202866", "Research Institute of Applied Information Technologies (Other)\nhttp://dodatok.osvita.net/" }, - { "3BB711008131FE4320283FB50320313B", "Research Institute of Applied Information Technologies (Other)\nhttp://dodatok.osvita.net/" }, - { "3BB718008131704310434E5452563253", "Avtor SecureToken (PKI)" }, - { "3BB718008131FE6553504B323490005A", "Giesecke & Devrient Starcos 2.4" }, - { "3BB71800C03E31FE6553504B3234900025", "G&D STARCOS SPK 2.4" }, - { "3BB794008131FE5553504B32329000E0", "Dresdner Bank (a German Bank) Key-Card for InternetBanking" }, - { "3BB794008131FE6553504B32329000D0", "Giesecke & Devrient STARCOS SPK2.2" }, - { "3BB794008131FE6553504B32339000D1", "Giesecke & Devrient Starcos 2.3\nDeutsche Bank WebSign (RSA-Card)\nG&D StarSign Token\nOsakidetza ONA (eID)\nhttp://www.osakidetza.euskadi.eus/r85-ckserv01/es/contenidos/nota_prensa/ruedasanidad35/es_rs/ruedasanidad35_c.html" }, - { "3BB813008131205D0057696E4361726402", "SmartCard for Windows 1.1" }, - { "3BB813008131FA524348544D4F494341A5", "citizen digital certificate (PKI)\nhttp://moica.nat.gov.tw/" }, - { "3BB897008131FE45FFFF148230502300F1", "UAE Emirates ID (eID)\nhttps://www.icp.gov.ae" }, - { "3BB89700813FE45FFFF148230502300F", "UAE Emirates ID (eID)" }, - { "3BB89700C00831FE45FFFF148230502300B8", "Infineon SECORA ID X (JavaCard)" }, - { "3BB918008131FE9E8073FF614083000000DF", "Serbian Identity Card\nThis is the new Serbian biometric identity card (every adult cityzen\nmust have). The chip contains owners picture, name, date and place\nof birth, current address, unique ID number and fingerprint." }, - { "3BB9940040144747334D4838353330", "T D1 GSM card (Telecommunication)" }, - { "3BB9940040144747334E4838363430", "GSM-SIM card of the Austrian mobile phone provider One\nhttp://www.one.at\nProximus SIM - Belgium (SetCOS?)\no2 GSM-SIM card Germany 2003" }, - { "3BBA11001000434C5F53414D00133800", "Planeta Informatica CL-SAM (Other)\nhttp://www.planeta.inf.br/" }, - { "3BBA11008131FE4D55454B41452056312E30AE", "AKIS v1.0 on infineon chip" }, - { "3BBA13008131865D0064050A0201318090008B", "Telesec TCOS 2 (SLE44)\nTCOS 2.0 (on CR80S)\nCryptokarte with RSA-Controller, T=1 Protocol" }, - { "3BBA14008131865D0064051402023180900091", "TCOS 2.0 (on CX160S)\nTelesec TCOS 2 (SLE66)" }, - { "3BBA14008131865D0064057B020331809000", "PHILIPS (HealthCare)" }, - { "3BBA14008131865D0064057B020331809000FF", "PHILIPS (HealthCare)" }, - { "3BBA14008131865D0064057B0203319000FF", "JCOP CARD (Other)" }, - { "3BBA94004014", "GG3RS732S0 ?" }, - { "3BBA9400401447473352533731365300", "Micro Sim MCP crew sim (Telecommunication)" }, - { "3BBA9400401447473352533731365320", "GSM SIM Elisa Estonia" }, - { "3BBA9400401447473352533731365330", "GSM-SIM Viag Interkom E2 Loop (1800MHz)\nGSM-SIM card of the Austrian A1\nhttp://www.a1.net/privat/home\nGSM SIM Radiolinja Estonia; 2005" }, - { "3BBA9400401447473353533731365330", "GSM SIM Cellway (e-plus), Germany (Telecommunication)" }, - { "3BBA95001080434C5F53414D00013811", "CLSAM (Transport)\nhttp://www.planeta.inf.br" }, - { "3BBA950081B1865D1F430064045C02033180900084", "T-Mobile Corporate ID Card" }, - { "3BBA96008131865D0064056002033180900066", "Telesec TCOS 2 (SLE66P)\nTCOS 2.0 (on CX320P)\nTeleSec Netkey Card" }, - { "3BBA96008131865D00640560020331809000667001040530C9", "TeleSec Netkey E4 Card" }, - { "3BBA96008131865D0064057B0203318090007D", "TeleSec NetKey Card\nDeutsche Post card (tcos)" }, - { "3BBB18008131FE4580670518B1020184008105E0", "STARCOS Smart Card (Other)\nhttps://www.gi-de.com/de/identities/unternehmenssicherheit/signaturkarte" }, - { "3BBB1800C01031FE4580670412B003030000810138", "Giesecke & Devrient Star Sign Card, STARCOS 3.0 DI, 72 KB, RSA2048 bit\nGiesecke & Devrient Smartc@fe Expert 32K v2.0" }, - { "3BBB1800C01031FE4580670412B00303000081053C", "Philips Smart MX\nSzczecin University of Technology in Poland student identity card (Elektroniczna Legitymacja Studencka = student identity card)\nCSOB bank, Czech Republic\nCATCert (Agencia Catalana de Certificacio) catalan government workers identity card" }, - { "3BBB1800C03E31FE654726442054534D20312E30B7", "Italian Tachograph Driver Card" }, - { "3BBC1800813120755A43332E313220524556204146", "ZeitControl BasicCard Enhanced 3.7\nhttp://www.basiccard.com/" }, - { "3BBC1800813120755A43332E313420524556204445", "ZeitControl BasicCard Enhanced 3.14 Rev D\nhttp://www.basiccard.com/" }, - { "3BBC1800813120755A43332E333220524556204247", "ZeitControl BasicCard (Other)\nhttps://ZeitControl" }, - { "3BBC1800813120755A43332E333420524556204447", "ZeitControl BasicCard Enhanced ZC3.34 (Other)\nhttps://www.zeitcontrol.de/en" }, - { "3BBC94004014474733483335585332303030", "GSM-SIM Era-PL\nT-Mobile GSM SIM Card" }, - { "3BBC94004014474733483335585632303030", "GSM SIM CARD 32K, Vodafone" }, - { "3BBC94004014474733493539424332303030", "GSM SIM Vodafona NL prepaid" }, - { "3BBC94004014474733493543414331303030", "Siemens SIM card" }, - { "3BBC94004014474733493731394332303020", "Telenor SIM card (Norway)" }, - { "3BBC94004014474733494231424331303020", "Telenor SIM (Telecommunication)" }, - { "3BBC94004014474733494231424331303030", "SIM Card (Scarlet, Belgium) (Telecommunication)\nhttps://www.scarlet.be/nl/prepaid/" }, - { "3BBC94004014474733533035315331303130", "GSM SIM (Tele2, Estonia)\nGSM SIM Elisa Estonia; 2007\nGSM SIM from 'fonic' Germany" }, - { "3BBC94004014474733533443454332303030", "Era-PL SIM Card (Telecommunication)" }, - { "3BBD110000414C4946415820503031523041", "alifax (HealthCare)" }, - { "3BBD18008131FE45805102670414B10101020081053D", "Austrian 'e-Card' (=Health Card)\nspecial Version of Starcos 3.1" }, - { "3BBD18008131FE45805102670518B102020201810531", "Austrian health insurance card 'e-card'" }, - { "3BBD18008131FE45805103670414B10101020081053C", "Austrian Health insurance card 'eCard' (HealthCare)\nhttp://www.chipkarte.at" }, - { "3BBE..000041052000............00009000", "CryptoMate64 USB Cryptographic token\nhttp://www.acs.com.hk/en/products/18/cryptomate64-cryptographic-usb-tokens/\nACS ACOS5-64 V2.00\nhttp://www.acs.com.hk/en/products/17/acos5-64-cryptographic-smart-card/" }, - { "3BBE1100004101102038000000000000000000", "ACOS2" }, - { "3BBE1100004101380000000000000000019000", "ACS (Advanced Card System) ACOS-1\nACOS3\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, - { "3BBE1100004101380000000000000000029000", "ACS (Advanced Card System) ACOS-1 8K" }, - { "3BBE1100004101380000010000000000019000", "ACOS3 Microprocessor Card (Contact) (Other)\nhttp://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, - { "3BBE1100004101380000030000000000019000", "ACS ACOS3-32 (Telecommunication)\nhttp://www.acos3.com/" }, - { "3BBE110000410138000004006275627A019000", "Advanced Card Systems ACOS3 (24k) V1.7\nhttp://www.acs.com.hk/index.php?pid=product&prod_sections=0&id=ACOS3" }, - { "3BBE1100004101380000050000000000029000", "ACS (Advanced Card System) ACOS2" }, - { "3BBE1100004101380100030000000000029000", "ACOS2 test card from ACS reading off a ACR38U" }, - { "3BBE1100004101380300040000000000019000", "ACOS 3 from ACS (Other)" }, - { "3BBE1100004101380400140000000000019000", "Dekart Smartcard Logon (eID)\nhttp://www.smartcardfocus.com/shop/ilp/se~81/dekart-smartcard-logon/p/index.shtml" }, - { "3BBE1100004101380400140000000000029000", "DEKART proprietary logon authentication solution for Windows (Other)\nhttp://www.dekart.com/products/" }, - { "3BBE1100004101380500070000000000029000", "EEPROM card (Other)" }, - { "3BBE11000041013817CE010000000000019000", "ACOS3 Contact Microprocessor Card (Other)\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, - { "3BBE1100004101382500030000000000019000", "8 pin (eID)" }, - { "3BBE1100004101384D800A8050524F56009000", "ACS (Advanced Card System) ACOS-3" }, - { "3BBE110000410138FF40000000000000019000", "Acos3 (zend) (eID)" }, - { "3BBE1100004107020000000000000000019000", "ACOS7 MOC Combi-Card (Other)\nhttp://www.acs.com.hk/en/products/123/acos7-moc-combi-card/" }, - { "3BBE1800004105..0000000000000000009000", "Advanced Card Systems (ACS) ACOS5 Cryptographic Smart Card" }, - { "3BBE1800004105100000000000000000009000", "ACS ACOS5 'ACOS5-32-G' dual card\nhttp://www.acs.com.hk/acos5.asp" }, - { "3BBE1800004206110000000000000000009000", "Etoken nano 192k (eID)" }, - { "3BBE94004014474733463034415A455439313330", "GSM operator Life Ukraine (Telecommunication)" }, - { "3BBE940040144747335333454441544C36303130", "SingTel hi! Prepaid GSM SIM UICC (Telecommunication)" }, - { "3BBE940040144747335333454841544C39313000", "Latvian GSM operator TELE2" }, - { "3BBE940040144747335333474841544C39313030", "simCard Vip Mobile(Serbia) or Telecom Austria (Telecommunication)\nhttp://www.vipmobile.rs/" }, - { "3BBE94008131FE3553504B3233205745353031364E4325", "G&D StarCOS SPK 2.3 secure element (Bank)" }, - { "3BBE9500004103000000000000000000029000", "touchatag SAM card\nSpanish University of Murcia smart ID card - Old version with CajaMurcia Banking card integrated (Maestro card) (M.Mar OS) - Also used by many others spanish universities\nACOS6 C6\nhttps://www.acs.com.hk/en/products/309/acos6-multi-application-purse-card-contact/\nACOS6S C7 SAM\nhttps://www.acs.com.hk/en/products/310/acos6-sam-secure-access-module-card-contact/" }, - { "3BBE96000041013802001D0000000000019000", "ACOS3-32 (Other)\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, - { "3BBE9600004103000000000000000000029000", "SAM inside the Tikitag reader from Alcatel-Lucent\nhttp://hackerati.com/post/57314994/rfid-on-the-cheap-hacking-tikitag" }, - { "3BBE9600004105004E46000000000000009000", "ACOS5-64 v3.00 (PKI)\nhttps://www.acs.com.hk/en/products/308/acos5-64-v3.00-cryptographic-card-contact/" }, - { "3BBE9600004105300000000000000000009000", "CryptoMate Nano USB Cryptographic token\nhttp://www.acs.com.hk/en/products/414/cryptomate-nano-cryptographic-usb-tokens/\nACS ACOS5-64 V3.00\nhttp://www.acs.com.hk/en/products/308/acos5-64-v3.00-cryptographic-card-contact/" }, - { "3BBE9600004206210000000000000000009000", "ESMART Token (PKI)\nhttps://esmart.ru/products/informatsionnaya-bezopasnost/smart-karty-esmart-token/" }, - { "3BBE9600801FC78031E073FE21136200..83819000..", "Vodafone (Italy) 128 kB GSM SIM card\nTIM (Italy) 128 kB GSM SIM card" }, - { "3BBF..008131FE5D0064040F03..31C073F701D0009000..", "TCOS 3.0 on Philips P5CD036" }, - { "3BBF..008131FE5D0064041103..31C073F701D0009000..", "TCOS 3.0 on Philips P5CT072" }, - { "3BBF..008131FE5D0064041503..31C073F701D0009000..", "TCOS 3.0 on Philips P5CD072" }, - { "3BBF..008131FE5D00640428030231C073F701D0009000..", "TCOS 3.0 release 2 on Philips P5CD080" }, - { "3BBF..008131FE5D0064056D03..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CX642P" }, - { "3BBF..008131FE5D0064058903..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CLX641P" }, - { "3BBF..008131FE5D0064058A03..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CLX640P" }, - { "3BBF..008131FE5D0064059103..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CX680PE" }, - { "3BBF11008131..4545504100000000........0000......", "Austrian Quick E-purse\nhttp://www.quick.at/" }, - { "3BBF11008131FE45455041000000000000000000000000F1", "a.sign premium signature card" }, - { "3BBF11008131FE4545504100000000792780760000000059", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (old model) (Bank)" }, - { "3BBF11008131FE454D434100000100016971850000000077", "Austrian 'easybank' branded Mastercard, issued 2007" }, - { "3BBF11008131FE454D434100000100020820510000000090", "austrian combined card of a mastercard and OBB Vorteilscard (Austrian Federal Railways)\nhttp://www.oebb.at/pv/de/Servicebox/VORTEILScard/Bezahlen_mit_der_VORTEILScard/VORTEILScard_MasterCard.jsp" }, - { "3BBF11008131FE454D43410000010002559133000000001E", "Mastercard (Paylife Austria)" }, - { "3BBF1100C01031FE44534D405254204341464520312E3143C1", "Giesecke&Devrient SmartCafe 1.1" }, - { "3BBF18008031703553544152434F5320533231204390009B", "Giesecke & Devrient STARCOS S2.1" }, - { "3BBF18008131705553544152434F532053323120439000FA", "Giesecke & Devrient STARCOS S2.1" }, - { "3BBF1800C02031705253544152434F5320533231204390009C", "Giesecke & Devrient SPK 2.1 C" }, - { "3BBF9300801FC68031E073FE2113576573746B2E6D65E3", "eSTK.me v1.2.5 or later (Telecommunication)\nhttps://eSTK.me" }, - { "3BBF9300803FC6828031E073FE2113576573746B2E6D6541", "eSTK.me v1.2.4 (Telecommunication)\nhttps://eSTK.me" }, - { "3BBF94008131FE65454C55204175737472696120312E3238", "A-Trust: trust-sign (Old Version, ca. 2002) for Digital Signature etc.\nA-Trust: a-sign-premium (ca. 2004) 'Burgerkarte' ('Citizen-Card')\nfor Identifikation, Digital Signature etc.\n('should be' Starcos 2.3)" }, - { "3BBF9500801FC68031E073FE2113576573746B2E6D65E5", "eSTK.me v3.1.1 or later (Telecommunication)\nhttps://estk.me" }, - { "3BBF9500803FC6828031E073FE2113576573746B2E6D6547", "eSTK.me v3.1.1 (Telecommunication)\nhttps://eSTK.me" }, - { "3BBF96008131FE5D0064........31C073F701D0009000..", "TCOS 3.0 / NetKey 3.0" }, - { "3BBF96008131FE5D00640411000031C073F701D0009000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, - { "3BBF96008131FE5D00640411030131C07301D000900000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, - { "3BBF96008131FE5D00640411030131C073F701D0009000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, - { "3BC5FF8131FB458073C6010000", "Japanese Individual Number Card (eID)\nhttps://www.kojinbango-card.go.jp/en/kojinbango/index.html" }, - { "3BC800000073C84000000000", "verve (Bank)" }, - { "3BCDFF8031FE450068D276000028040481009000CD", "Tachograph company test card (Transport)" }, - { "3BD096FF81B1FE451F032E", "New european health insurance card of the German health insurance (G2) (HealthCare)\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, - { "3BD096FF81B1FE451F072A", "German public health insurance card (,,Gesundheitskarte'), 2nd generation (G2), issuer Techniker Krankenkasse (HealthCare)\nhttps://gematik.de/cms/de/spezifikation/wirkbetrieb/kartengeneration2/kartengeneration2.jsp" }, - { "3BD096FF81B1FE451FC7EA", "German public health insurance card (Elektronische Gesundheitskarte eGK), 2nd generation (G2) (HealthCare)" }, - { "3BD097FF81B1FE451F072B", "German Elektronische Gesundheitskarte (eGK) (HealthCare) - From TK (HealthCare)\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, - { "3BD097FF81B1FE451FC7EB", "German Health Professional Card (eHBA) (HealthCare)\ngSMC-KT, STARCOS 3.6 (HealthCare)" }, - { "3BD0A8FF81F1FB24001FC3F4", "Philips DESFire SAM" }, - { "3BD218008131FE450101C1", "Dutch License Plate Card (RDW)\nhttps://commons.wikimedia.org/wiki/File:Kentekencard_voorzijde_1_december_2013.jpg" }, - { "3BD218008131FE58C90114", "Atos CardOS5 (PKI)\nhttp://atos.net/NR/rdonlyres/17C7BDD0-225B-4A58-B9A4-438EA3F3238A/0/74743_20120830_160149_cardos_v5_0__datenblatt_en.pdf" }, - { "3BD218008131FE58C90217", "Atos CardOS 5.3 (PKI)\nhttp://www.atos.net/cardos" }, - { "3BD218008131FE58C90316", "Austrian 'RKS-Card' issued by GlobalTrust (PKI)\nhttps://secure.globaltrust.eu/info-rksv.html" }, - { "3BD218008131FE58C90411", "Identity Card in Slovakia with security chip and e-signature issued after 2021-06-21 (eID)\nD-TRUST Card 4.1 Standard, qualified signature card" }, - { "3BD218008131FE58CA6076", "CardOS IoT V5.4 (PKI)\nhttps://atos.net/wp-content/uploads/2018/11/ct_181127_lpm_cardos_iot_v5-4_fs_en4_web.pdf" }, - { "3BD218008131FE58CB0116", "D-Trust Card 5.1/5.4 (contact based)\nhttps://www.d-trust.net/de/support/signatur-und-siegelkarten" }, - { "3BD21802C10A31FE58C80D51", "Siemens Card CardOS M4.4" }, - { "3BD296FF81B1FE451F870102AB", "Electronic Vehicle Registration (eVR) from RDW.nl (The Netherlands), open sourced at [URL], demo (Windows / Linux Wine Mono) (Transport)\nhttps://github.com/eVRMTV/eVR" }, - { "3BD396FF81B1FE451F078081052D", "German public health insurance card (Elektronische Gesundheitskarte eGK), 2nd generation (G2) (HealthCare)" }, - { "3BD5180081313A7D8073C8211030", "Aladdin eToken NG-Flash with 256MB of flash memory\nAladdin eToken PRO (72KB)\nhttp://www.aladdin.com/etoken/devices/default.aspx" }, - { "3BD518008131FE7D8073C82110F4", "Bank of Lithuania Identification card\nGemalto SafeNet eToken Java Based Cards\nhttps://safenet.gemalto.com/multi-factor-authentication/authenticators/pki-usb-authentication/" }, - { "3BD518FF8091FE1FC38073C8211308", "Athena IDProtect (JavaCard 2.2.2)\nhttp://www.athena-scs.com/product.asp?pid=32\nThales nShield Security World Card - Remote Administration Ready\nhttps://www.thalesesecurity.fr/products/hsm-management-and-monitoring/nshield-remote-administration" }, - { "3BD518FF8191FE1FC38073C821100A", "ComSign digital signature card (eID)\nhttps://www.comsign.co.uk/" }, - { "3BD518FF8191FE1FC38073C8211309", "Athena IDProtect Key (v2)\nhttp://www.athena-scs.com/product.asp?pid=33" }, - { "3BD518FF81B1FE451FC38073C821106F", "DPI Card ID Guatemala Version 2024 (eID)\nhttps://www.renap.gob.gt/" }, - { "3BD5950400AE01020101", "Axalto Cyberflex Access 64K v2b SM 1.1" }, - { "3BD595FF8091FE1FC38073C8211385", "Athena IDProtect - Cryptographic Java Card\nhttp://www.athena-scs.com/product.asp?pid=32" }, - { "3BD596028031FE654F734549441F", "AVR128DA32 microcontroller based open source EID smartcard with RSA and ECC. (eID)\nhttps://oseid.sourceforge.io/" }, - { "3BD596FF80B1FE451F878073C82110A4", "French national identity card (eID)\nhttps://en.wikipedia.org/wiki/National_identity_card_(France)" }, - { "3BD596FF8191FE1FC34332333030CC", "HID Global - Crescendo C2300 (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/c2300" }, - { "3BD6180080B1806D1F038051006110309E", "Atmel/Athena T0 PC/SC Compliance Test Card No. 1" }, - { "3BD618008131FE7D415350204F5383", "ASP FIXED CHAL1, 2, 3 and 4 (Other)" }, - { "3BD6180081B1807D1F038051006110308F", "ASECard Crypto\nhttp://www.athena-scs.com/product.asp?pid=8" }, - { "3BD618FF8191FE1FC34573C8211110DD", "PDOX J3R180 (JavaCard)" }, - { "3BD6960081B1FE451F078031C1521118F8", "smart card from NASA, 2019 (PKI)" }, - { "3BD6960081B1FE451F878031C152211949", "DHS CAC card (PKI)" }, - { "3BD6960081B1FE451F878031C152411A2A", "Identiv SCR3310 v2.0 (eID)" }, - { "3BD6970081B1FE451F078031C1521118F9", "NASA Personal Identity Verification (PIV) card (eID)\nIDEMIA Cosmo V8.0 with a PIV applet" }, - { "3BD6970081B1FE451F078031C1521119F8", "Secure badge (PKI)" }, - { "3BD6970081B1FE451F878031C152211948", "DOS PIV (PKI)" }, - { "3BD6970081B1FE451F878031C152211A4B", "ID-One PIV 2.4 (P/N 1501381) from IDEMIA (Other)" }, - { "3BD6970081B1FE451F878031C152411A2B", "Oberthur Technologies ID-One PIV/CIV on V8 Device (eID)\nhttps://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2986.pdf\nIDEMIA Cosmo V8.1 with a PIV applet" }, - { "3BD71100400A654E434F533037", "eNCOS MC MChip Advance (Bank)" }, - { "3BD7970081B1FE451F878031C15351132012", "IdemiaID-ONEPIV (eID)\nhttps://www.idemia.com/id-one-piv-card" }, - { "3BD81800801F078031C1640806920F", "US Government CAC (PKI) / IDEMIA Cosmo v8 (PKI)\nhttps://www.idemia.com/id-one-piv-card" }, - { "3BD81800801F078031C1640806920FDF", "US DoD Common Access Card (IDEMIA Cosmo v8) (PKI)" }, - { "3BD8180080B1FE451F078031C1640806920FD5", "Oberthur Cosmo v8 (PKI)" }, - { "3BD818FF8131FE458064041BB42A8105D5", "Schweizerische Krankenversicherungskarte KVG (HealthCare)" }, - { "3BD818FF81B1FE451F038064041AB403810561", "D-Trust multicard advanced 3.1\nGerman public health insurance card ('Gesundheitskarte'), issuer SBK 'Siemens Betriebskrankenkasse'" }, - { "3BD896008031FE4400531200840F90001F", "Cape Verde National Identity Card (CNI) (eID)\nhttps://sniac.cv/cartao-nacional-de-identificacao/" }, - { "3BD8960081B1FE451F0743485447504B494ADD", "Citizen Digital Certificate, Taiwan (PKI)\nhttp://moica.nat.gov.tw/" }, - { "3BD896FF8131FE458064041BB42A81055B", "Swiss LAMal health insurance card" }, - { "3BD911008131FE8D0000464F4D53312E3132", "TFOMS (eID)\nhttp://www.samtfoms.ru" }, - { "3BD918008011F08054434F4C4482900062", "TransaXiom Janus Card (Other)\nhttp://www.transaxiom.co.uk" }, - { "3BD91800C00910FE5459464F4E45000000", "Tyfone's SideTap Card (NFC payments)" }, - { "3BD918FF8191FE1FC35441474C494F5049565B", "Taglio PIV C2190 (NXP JCOP 3 SecID P60 CS) (eID)\nhttps://www.taglio.com/pivcard.html" }, - { "3BD99400004D4502000901009000", "Moviestar. GSM SIM card (Telecommunication)" }, - { "3BD99400004D454576352E369000", "Vending Machine Card (Other)" }, - { "3BD99400004D4D41523331349000", "Vodafone Spain 64kb SIM card. GSM/3G networks" }, - { "3BD99500004D4516005401009000", "MTS Ukraine (Telecommunication)\nhttp://www.mts.ua/" }, - { "3BD996FF8131FE454352455343454E444FFF", "HID Global Crescendo JCOP 21 v2.4.1 R2 64K (PKI)" }, - { "3BD996FF8131FE458031B8738601E0810522", "German dentist's identity card (eID)\nhttp://www.medisign.de/" }, - { "3BD996FF8191FE1FC343323330302D4B4559BA", "Crescendo Key (USB Type-A) (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/crescendo-key" }, - { "3BDA11FF81B1FE551F0300318473800180009000E4", "Gnuk OpenPGP Token (PKI)\nhttps://www.fsij.org/category/gnuk.html" }, - { "3BDA11FF81B1FE551F0300318473800180059000E1", "Nitrokey Start (Openpgp USB) (Other)\nhttps://www.nitrokey.com/products/nitrokey-start" }, - { "3BDA13FF8131FB468012392F31C173C601C03B", "My Number Card (The Social Security and Tax Number System in JAPAN) (eID)\nhttp://www.cas.go.jp/jp/seisaku/bangoseido/english.html" }, - { "3BDA1802C10A31FE584B53776973735369676EA9", "SuisseID Post - ATOS CardOS 4.x (eID)\nhttps://postsuisseid.ch/" }, - { "3BDA18FF8191FE1FC350564A434F503353494472", "J3H145 (P6 SecID) purchased from FUTAKO Ltd., Taiwan (JavaCard)\nhttp://www.javacardsdk.com" }, - { "3BDA18FF8191FE1FC380641211111073C0C1801B", "Belarus national identity card (passport)\nhttps://eng.belta.by/infographica/view/id-cards-in-belarus-7095/" }, - { "3BDA18FF81B1FE451FC3546963546F6B20322E3068", "TikTok 2.0 (PKI)" }, - { "3BDA18FF81B1FE451FC3546963546F6B20332E3069", "TicTok 3.0 (PKI) (PKI)\nhttps://en.cryptoshop.com/products/cryptas-tictok-v3-basisartikel.html" }, - { "3BDA18FF81B1FE751F030031C573C001400090000C", "OpenPGP Card V2" }, - { "3BDA18FF81B1FE751F030031F573C001600090001C", "OpenPGP Card V3" }, - { "3BDA9400004D4D41524A2B33399000", "SIM card from Vodafone Spain" }, - { "3BDA9500400A2508004053434F535441", "Card used for issuing commodity to benificiary for rice, wheat and more (Other)" }, - { "3BDA96FF8031FE454D696E694C6F61646572AB", "iClass SE Processor (Miniloader Mode) (Other)\nhttps://www.hidglobal.com/products/embedded-modules/iclass-se/sio-processor" }, - { "3BDA96FF8031FE45536E6D704C6F61646572A8", "iClass SE Processor (SNMP Loader Mode) (Other)\nhttps://www.hidglobal.com/products/embedded-modules/iclass-se/sio-processor" }, - { "3BDA96FF8131FE45805631B85349434181057B", "STARCOS 3.5 ID ECC C1R (PKI)\nhttps://www.gi-de.com/fileadmin/user_upload/MS/Certificates/STARCOS35_ID_ECC_TABLES.pdf" }, - { "3BDA96FF8191FE1FC343323330302D46495053E2", "Crescendo 2300 FIPS (JavaCard)" }, - { "3BDA96FF81B1FE451F0780584943412056322E30E9", "Starcos chip card from Giesecke & Devrient (PKI)\nhttps://ica.cz/functionality-smart-card" }, - { "3BDB11FF5000FF0000000000000007921603", "NEC V-WAY64 v2.1" }, - { "3BDB1800801F030031C06477E303008290004F", "Oberthur ID-One Cosmo 64K V5.2" }, - { "3BDB18008031FE448059494465616C20312E367D", "ID card Albania (eID)" }, - { "3BDB180080B1FE451F830031C064C7FC1000019000FA", "Oberthur Cosmo V7 64K Dual/128K" }, - { "3BDB18FF8191FE1FC306092B06010401E9100503D7", "SafeSign Default QSCD (NXP JCOP 3 SecID P60) (PKI)\nhttps://www.tuv-nederland.nl/assets/files/cerfiticaten/2020/02/security-target-v1.0.pdf" }, - { "3BDB18FF8191FE1FC306092B06010401E9100504D0", "Serbian qualified electronic certificate issued by Serbian Post sertification centr (PKI)\nhttps://www.ca.posta.rs/serbian_post_ca.htm" }, - { "3BDB18FF81B1FE751F03504B436172642056312E30ED", "Tecos 3 card (Other)" }, - { "3BDB18FF81B1FE751F035A43372E35205245562041AE", "BasicCard Professional ZC7.5-COMBI (Other)\nhttp://www.basiccard.com/" }, - { "3BDB18FF81B1FE751F035A43372E36205245562044A8", "Zeitcontrol Professional BasicCard ZC 7.6 REV D (Other)\nhttp://www.zeitcontrol.de/en/products/basiccard/basiccard" }, - { "3BDB18FFC080B1FE751F035A43372E352052455620416F", "ZeitControl BasicCard ZC7.5 user-programmable dual interface smart card\nhttp://www.smartcardfocus.com/shop/ilp/id~380/BasicCard_ZC7_5_Dual_Interface/p/index.shtml" }, - { "3BDB18FFC080B1FE751F035A43372E352052455620426C", "BasicCard ZC7.5 dual-interface programmable smartcard (30K) (eID)\nhttps://secure.zeitcontrol.de/shop/Smart-card-BasicCard-Professional-ZC75-Combi" }, - { "3BDB18FFC080B1FE751F035A43372E352052455620446A", "Smart card BasicCard Professional ZC7.5, ZeitControl cardsystems GmbH\nhttp://www.zeitcontrol.de/en/products/chip-cards/processor-chip-cards/basiccard" }, - { "3BDB18FFC080B1FE751F035A43372E3620524556204469", "ZeitControl BasicCard 7.6 (Other)\nhttps://www.zeitcontrol.de/en/products/basiccard/basiccard" }, - { "3BDB96004010004F535F335F3134059000", "Vehicle identity card for Iran (eID)" }, - { "3BDB9600801F030031C06477E30300829000C1", "Oberthur Card Systems (contactless pilot) ID-One Cosmo v5.2D 64K\nOberthur Card Systems (PIV Transitional) ID-One Cosmo v5.2D 72K\nCAC (Common Access Card)" }, - { "3BDB9600801F030031C064B0F3100007900080", "DoD CAC, Oberthur ID One 128 v5.5 Dual" }, - { "3BDB9600801F030031C064B0F310000F900088", "US Department of Veterans Affairs PIV" }, - { "3BDB9600801F830031C0641D18010001900051", "ID0One Cosmo Development Kit (JavaCard)" }, - { "3BDB96008031FE448059654944204E414452418F", "Pakistan ID card (eID)" }, - { "3BDB960080B1FE451F830012233F536549440F9000F1", "Estonia ID-card (eID)\nhttps://id.ee" }, - { "3BDB960080B1FE451F830012428F536549440F900020", "Latvia eID (eID)\nhttps://www.eparaksts.lv/lv/" }, - { "3BDB960080B1FE451F830031C064102301000F900063", "Extremenian Health Service target (HealthCare)\nhttps://saludextremadura.ses.es/web/preguntas-frecuentes" }, - { "3BDB960080B1FE451F830031C0641A1801000790005A", "Ercom CRYPTOSMART\nhttp://www.ssi.gouv.fr/entreprise/qualification/gamme-cryptosmart-pour-la-securisation-des-smartphones-et-des-tablettes/" }, - { "3BDB960080B1FE451F830031C0641A1801000F900052", "Serbian Car registration ID card\nhttp://blog.goranrakic.com/archives/2011/07/citanje_saobracajne_dozvole_sa_cipom.html" }, - { "3BDB960080B1FE451F830031C0641A71010007900033", "ChamberSign Gemalto USB Shell Token V2 - Certificate Audacio ** (eID)\nhttp://www.chambersign.fr/certificat-rgs-audacio/" }, - { "3BDB960080B1FE451F830031C064B0FC100007900005", "Oberthur Cosmo V7 debug card (SDK)" }, - { "3BDB960080B1FE451F830031C064B0FC10000F90000D", "ID-One PIV (that's the only non-numeric identifying mark) (PKI)" }, - { "3BDB960080B1FE451F830031C064BAFC10000790000F", "Oberthur ID-One Cosmo v7.0 80K (eID)\nhttps://www.ssi.gouv.fr/uploads/IMG/certificat/ANSSI-CC-cible_2011-64en.pdf" }, - { "3BDB960080B1FE451F830031C064BAFC10000F900007", "Oberthur ID-One Cosmo v7.0 (PKI)\nhttps://csrc.nist.rip/groups/STM/cmvp/documents/140-1/140sp/140sp1236.pdf" }, - { "3BDB960080B1FE451F830031C064BE1B0100019000FB", "Bank card" }, - { "3BDB960080B1FE451F830031C064C30801000F90009B", "SIM Aruba (Italian provider)" }, - { "3BDB960080B1FE451F830031C064C7FC100001900074", "Oberthur Cosmo (eID)\nhttp://www.stampit.org" }, - { "3BDB960080B1FE451F830031C064C7FC10000F90007A", "Guatemalan ID Card\nhttp://www.renap.gob.gt/" }, - { "3BDB960080B1FE451F830031C164084022300F90000A", "Oberthur v7 - in a Gemalto (was Gemplus) GemPC Key SmartCard Reader (grey USB dongle) - bought at ChamberSign (PKI)" }, - { "3BDB960080B1FE451F830031E85427E6040007900084", "Polish encard (eID)" }, - { "3BDB960080B1FE451F830031E85427E604000F90008C", "Token card from iBRE CompanyNet (mbank) (Bank)" }, - { "3BDB960080B1FE451F834553544F4E49412D65494455", "Estonian Identity Card (ID-One Cosmo v8.1) (eID)" }, - { "3BDB960080B1FE451F870031C1640958223607900019", "Idemia Solvo Fly 40 (JavaCard)" }, - { "3BDB960081B1FE451F0380F9A0000003080000100018", "Oberthur CS PIV End Point v1.08 FIPS201 Certified" }, - { "3BDB960081B1FE451F0380F9A0000003480000000149", "Fly Clear card" }, - { "3BDB960081B1FE451F8380F9A0000003080000100098", "Oberthur Cosmo v7 128K with PIV applet\nhttp://www.smartcardfocus.com/shop/ilp/id~410/p/index.shtml" }, - { "3BDB96FF80B1FE451F870031C164093364490F9000BC", "cnie Carte Nationale d'Identite Electronique (eID)" }, - { "3BDB96FF80B1FE451F870031C164093772130F9000F4", "French ID Card 2021 (eID)\nhttps://ants.gouv.fr/nos-missions/les-titres-produits-par-l-ants/les-documents-d-identite/la-puce-de-la-nouvelle-carte-nationale-didentite" }, - { "3BDB96FF8131FE4580670534B50201064081051B", "SINA STARCOS 3.5 BX-CombiCard+HSB (Other)" }, - { "3BDB96FFC01031FE4580671501B403000900810521", "Digital Tachograph Card for Professional Driver\nolish driver card for digital tachograph" }, - { "3BDC1802C10A31FE588031A873B0019B2460071320AA", "Public Services Card | Ireland (Other)\nhttps://psc.gov.ie/" }, - { "3BDC18FF00001225006480000401009000", "Vitale card CPS V4 (Carte Profesionnel de Sante) (HealthCare)" }, - { "3BDC18FF8011C18073C821136605036351000232", "GoTrust Idem Card (Other)\nhttps://www.gotrustid.com/idem-card" }, - { "3BDC18FF8091FE1FC38073C8211366010B0352000539", "Digital Signature Costa Rica (eID)" }, - { "3BDC18FF8091FE1FC38073C821136602040355000235", "ST security module for German smart meter gateway (JavaCard)\nhttps://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-2-Anforderungen_an_die_Funktionalitaet.pdf?__blob=publicationFile&v=3" }, - { "3BDC18FF8111C18073C821136605036351000233", "GoTrust Idem Key (Other)\nhttps://www.gotrustid.com/idem-key" }, - { "3BDC18FF8111FE8073C82113660106013080018D", "Aladdin R.D. JaCarta LT (eID)" }, - { "3BDC18FF8191FE1FC3060A2B06010401E910050103D2", "DoD (Other)\nhttps://cps.ca.pkidefensie.nl/" }, - { "3BDC18FF8191FE1FC3060A2B06010401E910050203D1", "Caregiver card for Dutch Medical System called UZI (Unieke Zorgverlener Identificatie, Caring Unique Identification) (HealthCare)\nhttps://www.uziregister.nl/" }, - { "3BDC18FF8191FE1FC3060A2B06010401E910050204D6", "UZI (HealthCare)" }, - { "3BDC18FF8191FE1FC38073C821136601060130040155", "Athena IDProtect Key Laser" }, - { "3BDC18FF8191FE1FC38073C821136601061159000128", "JaCarta (PKI)\nhttp://www.aladdin-rd.ru" }, - { "3BDC18FF8191FE1FC38073C8211366010B0352000538", "Athena IDProtect Smart Card Logon Card" }, - { "3BDC18FF8191FE1FC38073C821136605024258000279", "NXP Athena SCS (PKI)" }, - { "3BDC18FF8191FE1FC38073C821136605036057000255", "NXP IDProtect (X) (JavaCard)" }, - { "3BDC18FF8191FE1FC38073C821136605036351000250", "JCOP3 SecID P60 CS (JavaCard)" }, - { "3BDC18FFC080B1FE751F035A43382E362052455620443657", "ZeitControl Professional Multi-Application BasicCard ZC8.6 (Other)\nhttps://www.zeitcontrol.de/Smart-card-BasicCard-Professional-ZC76" }, - { "3BDC96FF8111FE8031C8544356300573FFA1C03B", "NXP Javacard with Athena SCS OS (JavaCard)" }, - { "3BDC96FF8111FE8031C8544356350773FFA1C03C", "NXP JCOP 4, J3R200P0X3U/0ZA16CP NXD6.2 (JavaCard)" }, - { "3BDC96FF8191FE1FC38073C8211366050363510002DE", "Montenegro eID (eID)" }, - { "3BDC96FF81B1FE431FC30B46415245474F53414D5632CC", "Multismartcard SAM (used in proprietary Scheidt&Bachmann Smartcard Reader v2)" }, - { "3BDD18008131FE4580F9A0000000770100700A90008B", "National ID Card of Peru issued by RENIEC from Oberthur" }, - { "3BDD18008131FE4580F9A000000077010800079000FE", "Oberthur Cosmo v7 IAS ECC\nBrazilian 'e-CNPJ' card, issued by Certisign (Oberthur)" }, - { "3BDD18008131FE45904C41545649412D65494490008C", "Identity card (eID) Republic of Latvia\nhttp://www.pmlp.gov.lv/lv/pakalpojumi/passes/eid.html" }, - { "3BDD18008191FE1FC3006646530803003671DF00008097", "Feitian K9Plus - ePass FIDO-NFC with PIV (Other)\nhttps://ftsafe.com/products/FIDO/NFC" }, - { "3BDD18FF8191FE1FC3006646530803003671DF00008068", "Feitian FIDO NFC Plus K9 Security Key (Other)\nhttps://www.ftsafe.com/products/FIDO/NFC" }, - { "3BDD18FF8191FE1FC3FF4F70656E506879736963616CF6", "Open Physical PIV-Compatible NXP SECID P60 (eID)\nhttps://openphysical.org/" }, - { "3BDD18FFC080B1FE451FC30068D276000028040411009000C9", "Russian Federation driver card for the digital tachograph\nPolish driver card for digital tachograph" }, - { "3BDD18FFC080B1FE451FC30068D276000028040971009000A4", "Worktime/driving style monitoring card (Transport)\nhttp://www.paetronics.fi/en/" }, - { "3BDD96008010FE8031806301FFC073B3211B8105", "BIFIT iBank 2 USB Key (Bank)\nhttp://bifit.ua" }, - { "3BDD96008031FE450031B8640429ECC1739401808248", "Finnish Digital and Population Services Agency Organisation Card (eID)\nhttps://dvv.fi/en/organisation-cards" }, - { "3BDD960080B1FE451F8380640503040056564453414554FC", "VASCO DIGIPASS KEY 101 (Other)" }, - { "3BDD96008131FE4580F9A00000007701080007900070", "IDEMIA Cosmo v8.1-n (JavaCard)" }, - { "3BDD96FF801F034E5850204E53434F5320342E3006", "SCOSTA (Transport)" }, - { "3BDD96FF8131FE4580595F5374645F496E697481059B", "Karta kryptograficzna cryptoCertum 3.5 (PKI)\nhttps://www.certum.pl/pl/karty-do-czytnikow/" }, - { "3BDD96FF81B1FE451F03006404050803739621D0009000C9", "German public health insurance card ('Gesundheitskarte'), issuer Techniker Krankenkasse" }, - { "3BDD96FF81B1FE451F03006404050A02739621D0009000CA", "German public health insurance card ('Gesundheitskarte'), issuer Techniker Krankenkasse, issued 02/15 (HealthCare)" }, - { "3BDD96FF81B1FE451F030064057310A673D621C000900053", "New european health insurance card of the German health insurance" }, - { "3BDD96FF81B1FE451F038031B052010364041BB42281051B", "Austrian Motor Vehicle Registration Certificate (Transport)" }, - { "3BDD96FF81B1FE451F038031B052020364041BB422810518", "Austrian 'e-card' G3 (State Health Insurance Card)\n(running StarCOS 3.4 by Giesecke & Devrient)" }, - { "3BDD97FF81B1FE451F03006404050803739621D0009000C8", "German 'eGK' (State Health Insurance Card)" }, - { "3BDD97FF81B1FE451F0300640405080373969621D00090C8", "German public health insurance card ('Gesundheitskarte'), issuer Knappschaft" }, - { "3BDD97FF81B1FE451F03006404050A02739621D0009000CB", "German Elektronische Gesundheitskarte (eGK) (HealthCare)\nhttp://www.bmg.bund.de/en/health/the-electronic-health-card.html\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, - { "3BDE11000049434F5335330000000000000008", "MyKID (eID)" }, - { "3BDE13000049434F5335330000000000000008", "Malaysian citizens under age of 12 including newborns (non-compulsory) (eID)\nhttps://en.wikipedia.org/wiki/Malaysian_identity_card#MyKid" }, - { "3BDE18FF8191FE1FC38031815448534D317380214081071C", "SmartCard-HSM 4K USB-Token (JavaCard)\nhttps://www.smartcard-hsm.com/features.html#usbstick" }, - { "3BDE18FF81F1FB34001F074445534669726553414D56312E30D2", "Mifare Desfire SAM Module" }, - { "3BDE18FF81F1FE43003F078344455346697265382053414D2D5817", "NXP SAM" }, - { "3BDE18FFC080B1FE451F034573744549442076657220312E302B", "Estonian Identity Card (EstEID v1.0 2006 cold)" }, - { "3BDE86FF9101F1FB34001F074445534669726553414D56312E305D", "Mifare Desfire SAM Module (after warm reset) (Other)" }, - { "3BDE96FF8191FE1FC38031815448534D3173802140810792", "SmartCard HSM (PKI)\nhttps://www.smartcard-hsm.com/" }, - { "3BDE98FF8191FE1FC38031815448534D3173802140810792", "Nitrokey HSM 2 (PKI)\nhttps://docs.nitrokey.com/hsm/" }, - { "3BDF1100400A003180718666654E434F5331839000", "eNCOS MC MChip Advance V10 (Bank)\nhttps://tr.iccore.tech/" }, - { "3BDF18008131FE580031B964050E010073B401D300000022", "Identity Card in Slovakia with security chip and e-signature" }, - { "3BDF18008131FE588031905241016405C903AC73B7B1D444", "a.sign RK CHIP with certificate\nhttps://www.a-trust.at/webshop/Detail.aspx?ProdId=2021" }, - { "3BDF18008131FE588031B05202046405C903AC73B7B1D422", "Austrian 'e-Card' (=Health Card) of the 4th generation. (HealthCare)" }, - { "3BDF18008131FE58AC31B05202046405C903AC73B7B1D422", "e-Card Austria (HealthCare)" }, - { "3BDF18008131FE67005C49434DD49147D276000038330058", "Infineon SICRYPT Card Module D4 PC/SC Compliance Test Card" }, - { "3BDF18008131FE67005C49434DD49147D277000038330059", "Infocrypt Token++ (PKI)\nhttps://tokenplus.ru/products/%D0%A2%D0%BE%D0%BA%D0%B5%D0%BD/" }, - { "3BDF18008131FE7D006B020C0182011101434E53103180FC", "Italian healthcare card (TS) National Service Card (CNS) (HealthCare)" }, - { "3BDF18008131FE7D006B040C0184011101434E53103180FC", "Italian healthcare card (TS) National Service Card (CNS) (HealthCare)\nhttp://www.regione.toscana.it/cartasanitaria\nhttps://www.agid.gov.it/it/piattaforme/carta-nazionale-servizi" }, - { "3BDF18008131FE7D006B150C0180011101434E53103180E9", "Provider: Actalis S.p.A.\ncode: AT00006181\nhttp://www.actalis.it" }, - { "3BDF18008131FE7D006B150C0181011101434E53103180E8", "Italian healthcare card (TS) National Service Card (CNS)\nCarta Regionale dei Servizi - Regione Lombardia\nTuscany TS-CNS\nhttp://www.regione.toscana.it/cartasanitaria" }, - { "3BDF1801C04031FC7580738421E0694D54434F537302050516", "German digital tachograph control card (Transport)" }, - { "3BDF18FF8091FE1FC3003138644790ECC273140150829000BB", "Ministry of Interior - France 'Agent Card' (Other)" }, - { "3BDF18FF8131FE4580590180484944433730307300011B33", "Crescendo C700 + MiFare 4K\nhttp://www.smartcardfocus.com/shop/ilp/id~265/p/index.shtml" }, - { "3BDF18FF8131FE458073C8211059B81D417574684B6579BA", "Arculus AuthentiKey (Other)" }, - { "3BDF18FF8191FE1FC3003138644790ECC273140150829000BA", "Card store authentication and signature keys (JavaCard)\nhttps://ants.gouv.fr/Les-titres/Cartes-Agents/Adhesion/Telechargement-et-support" }, - { "3BDF18FF8191FE1FC30031B8640000EC0073940000829000FE", "NXP Jcop3 P60 ChipDoc v7b4 (JavaCard)\nhttps://www.javacardos.com/store/products/10029" }, - { "3BDF18FF8191FE1FC30031B86404216010739401C005900001", "Dutch Governement Identity Card using physical (eID)\nhttps://nl.wikipedia.org/wiki/Rijkspas" }, - { "3BDF18FF8191FE1FC30031B8640C01ECC173940180829000B3", "ebee card\nhttps://www.ebeeoffice.ca/ebee-home/public\nDigital Signature Costa Rica (issued since 09/2019) (eID)\nhttps://www.mifirmadigital.go.cr/" }, - { "3BDF18FF81B1FE451F870031B96409377213738401E00000008E", "Slovak eID card with dual (NFC and physical) interface. It is Cosmo v9.2. The card is used for electronic identification and for electronic signing with either qualified or just electronic signing certificate. (eID)" }, - { "3BDF18FF81F1FE43001F034D494641524520506C75732053414D98", "Mifare SAM AV2" }, - { "3BDF18FF81F1FE43003F03834D494641524520506C75732053414D3B", "NXP SAM AV2 module" }, - { "3BDF18FF81F1FE43003F03834D4946506C75732053414D3B53414D3B", "Mifare SAM -AV2 (PKI)" }, - { "3BDF18FF81F1FE43003F07834D49464152452053414D204156333011", "NXP SAM AV3 module" }, - { "3BDF18FF910131FE4680319052410264050200AC73D622C099", "Acos-ID (AUSTRIACARD's Operating System) (Other)\nhttps://www.austriacard.com/digital-security/solutions/card-solutions/acos-id/" }, - { "3BDF94FFC080B1FE451F03006AD2760000280415FA10040090006B", "UK Digital Tacho card (Other)" }, - { "3BDF94FFC080B1FE451F03006AD2760000280415FA40040090003B", "DVLA Company Card (Transport)" }, - { "3BDF9500801F878031A073FF21006345B105830F900060", "FUTURE CARD Normal ISO SIM (Telecommunication)" }, - { "3BDF9500801F878031A073FF21006345B309830F90006E", "Card Mobilis Algeria telecom (Telecommunication)\nhttp://www.mobilis.dz" }, - { "3BDF9500801FC38031E073FE211B674C455441323135BD", "SK Telecom SIM card (in Korea) (Telecommunication)\nhttp://www.sktelecom.co.kr/" }, - { "3BDF95FF8091FE1FC349445044554F33475049544356008029", "Generic Card NFC (eID)" }, - { "3BDF95FF8091FE1FC38025A0000000685319000173C8211329", "CardLogix Credensys-J Contacted Java Card 2.2.1 Global Platform 2.1.1 (Atmel AT90SC12872RCFT)\n(bank)" }, - { "3BDF96008031FE450031B864041FECC173940180829000EC", "Ministry of Interior - France 'Agent Card'\n(Carte Agent du Ministere de l'Interieur Francais)" }, - { "3BDF96008031FE450031B8640429ECC173940180829000DA", "Finnish identity card given by the City of Helsinki to all members of city council, board and commitees" }, - { "3BDF960080B1FE451F830012276F5741495242555331079000EA", "IDEMIA ID-One Cosmo V8.2 IAS ECC card (eID)" }, - { "3BDF960080B1FE451F838073BC9180F9A00000007780080201A4", "Latvian eSignature card (eID)\nhttps://www.lvrtc.lv/e-signature.html" }, - { "3BDF960080B1FE451F870031C16408923201738421E0059000C5", "Company Card for Transport companies (Transport)" }, - { "3BDF96008131FE4541434F532D4944303032382E3031366F", "Sri Lankan driving license [ web: motortraffic.gov.lk ] (eID)\nhttp://www.motortraffic.gov.lk/web/index.php?option=com_content&view=article&id=83&Itemid=140&lang=en" }, - { "3BDF96008131FE4580738421E0554978000080830F90000C", "Idemia Cosmo X (eID)\nhttps://cyber.gouv.fr/sites/default/files/2021/08/anssi-cible-cc-2021_36n.pdf" }, - { "3BDF96008131FE588031B05202056405A100AC73D622C020", "Austrian health insurance card 'e-card' (HealthCare)\nhttps://de.wikipedia.org/wiki/E-card_(Chipkarte)" }, - { "3BDF960081B1FE451F838073CC91CBF9A0000003080000100079", "Test PIV Cards available for sale from NIST\nhttp://csrc.nist.gov/groups/SNS/piv/testcards.html" }, - { "3BDF960090103F07008031E0677377696363000073FE210006", "swsim card (Telecommunication)" }, - { "3BDF960090103F07008031E0677377696363000073FE2100DC", "swsim (Telecommunication)" }, - { "3BDF96FF8131FE455A018048494443313158587300011B09", "HID Crescendo iCLASS Px G8H" }, - { "3BDF96FF8131FE4580590180504956434C41537300011BDE", "HID Global pivCLASS v1.0 (PKI)\nhttp://www.hidglobal.com/products/cards-and-credentials/pivclass/pivclass-smart-card" }, - { "3BDF96FF8131FE45805B44452E42415F53433335328105B5", "Employee ID card from the Federal Employment Agency (Germany) (PKI)\nhttps://www.pki.arbeitsagentur.de/" }, - { "3BDF96FF8131FE45805B44452E424E4F544B3130308105A0", "BeA - Certification Card for German Solicitors (Other)\nhttps://bea.bnotk.de/" }, - { "3BDF96FF81B1FE451F870031B96409377213738401E000000000", "National Identity Card of Slovakia (eID) (eID)\nhttps://en.wikipedia.org/wiki/Slovak_identity_card" }, - { "3BDF96FF910131FE4680319052410264050200AC73D622C017", "Acos-ID (AUSTRIACARD's Operating System) (Other)\nhttps://www.austriacard.com/digital-security/solutions/card-solutions/acos-id/" }, - { "3BDF97008131FE588031B05202056405A100AC73D622C021", "Austrian healthcare insurance identification card (HealthCare)\nhttps://www.chipkarte.at" }, - { "3BDF970081B1FE451F838073CC91CBF9A0000003080000100078", "NASA PIV Card (Other)" }, - { "3BE000008131104505", "Emoney indonesia (Bank)" }, - { "3BE000008131204030", "SmarTEC" }, - { "3BE000FF8131FE4514", "'JUKICARD', digitally sign tax documents in Japan" }, - { "3BE20000402049..", "Schlumberger Cryptoflex 4k" }, - { "3BE2000040204905", "Schlumberger Cryptoflex DES" }, - { "3BE2000040204906", "Schlumberger Cryptoflex" }, - { "3BE2000040204907", "Schlumberger Cryptoflex Key Generation" }, - { "3BE200FFC11031FE55C8029C", "Aladdin eToken PRO (USB token)\nSiemens CardOS M4.0" }, - { "3BE300FF9181712644000113202D", "Metrebus Card\n(used in Rome to store personal information and Atac subscription.\nAtac is the public transport company of the city of Rome.)\nhttp://www.atac.roma.it/smart/smart.asp?A=2&S=22&PR=4&LNG=2" }, - { "3BE500008121459C100100800D", "BIN 470132 -- BANK OF AMERICA VISA DEBIT -- GEMALTO MGY 0 U1090788B - 12/14 F8 00 89 (Bank)" }, - { "3BE500008131FE45D00037008089", "ATM card for Standard Chartered, Taiwan" }, - { "3BE500FF8131FE458073C601082D", "MUFG (.jp) (Bank)" }, - { "3BE6000080318066B1A30401110B83", "Java Jcop J2A040 (JavaCard)" }, - { "3BE6000080318066B1A30401110B83009000", "VISA Credit Card (Bank)" }, - { "3BE60000812145324B010101017A", "Axalto Cyberflex Palmera V5" }, - { "3BE600FF8131FE4544492030324D70", "Alior Sync (Poland) - MasterCard Debit Card with PayPass (Bank)\nMasterCard Contactless Debit Card issued by Raiffeisen Bank in Czech Republic\nDebit MasterCard with paypass issued by Bank Zachodni WBK (Poland)\nDebit MasterCard with paypass issued by AliorSync" }, - { "3BE600FF8131FE454449203032566B", "VISA credit card (DKB)" }, - { "3BE600FF8131FE454A434F50303307", "IBM JCOP 30/16" }, - { "3BE600FF8131FE454A434F50313005", "IBM JCOP 10/16\nRental card for Blockbuster, Taiwan" }, - { "3BE600FF8131FE454A434F50323006", "IBM JCOP 20/16\nIBM JCOP20 with MIFARE\nor Datakey Smart Card Model 330J\nhttp://www.datakey.com/products/smart_cards/products_sc_330j.shtml" }, - { "3BE600FF8131FE454A434F50323107", "IBM JCOP ID21" }, - { "3BE600FF8131FE454A434F50333007", "Mifare ProX T=1" }, - { "3BE600FF8131FE454A434F50333106", "IBM JCOP 30/31bio (contact interface)" }, - { "3BE600FF8131FE4580640C7000008A", "AEON Credit Card (Bank)\nhttps://www.aeon.co.jp/card/lineup/" }, - { "3BE700008131FE4200639531059000B9", "Chunghwa Post Co., Ltd. Visa Debit Card (Bank)\nhttp://www.post.gov.tw/post/internet/U_english/index.jsp?ID=24030107" }, - { "3BE70000918131FE410110300100908049", "'FirmenTicket' from the 'Rheinbahn' for the 'VRR'\nits a ticket corporates can buy for their employees. so its called\n'FirmenTicket'. 'Rheinbahn' is the local service operator for the\nmass traffic in and around duesseldorf/germany. 'VRR' is traffic\nnetwork spanning over at least a big part of north rhine westphalia\n(Verkehrsverbund Rhein-Ruhr)\nhttp://www.vrr.de/de/tickets_und_tarife/vielfahrer/firmenticket/index.php" }, - { "3BE700FF8131FE454430382E30203657", "EMV (MasterCard) card, issued by Raiffeisen Bank in Russia\n'Deutsche Kreditbank AG' Visa Card produced by AustriaCard GNC\nAll cards (MasterCard, Maestro, VISA Electron) issued by Raiffeisen Bank in Romania\nEMV (MasterCard) Card, issued by Raiffeisen Bank in Czech Republic" }, - { "3BE700FF8131FE454430382E31203656", "WinWin Austria Player-ID-Card (Other)\nhttps://www.winwin.at/" }, - { "3BE700FF8131FE454430382E32203655", "Mastercard (Bank)" }, - { "3BE700FF8131FE454D43412038203652", "Mastercard credit card issued by 'PayLife Bank GmbH'.\nBank number is '5266' - Bawag PSK." }, - { "3BE700FF8131FE458031C073C62148BE", "Japanese ETC (Electronic Toll Collection System) card (Transport) and Credit card (Issuer: Toyota) (Transport)" }, - { "3BE700FF81B1FE451F018031C073C6214820", "Japanese ETC (Electronic Toll Collection System) card (Transport)" }, - { "3BE8000040FA0073C84011009000", "KEBTechnology KONA USB SmartCard (Other)" }, - { "3BE800008031FE450073C8401300907DE7", "National Health System of Spain - Consejeria de Sanidad y Servicios Sociales - JUNTA DE EXTREMADURA (HealthCare)\nhttps://www.juntaex.es/es/lajunta/consejo-de-gobierno/vicepresidencia-segunda-y-consejeria-de-sanidad-y-servicios-sociales/servicio-extremeno-de-salud" }, - { "3BE80000813120450073C8400000900056", "Visa credit card for Standard Chartered, Taiwan" }, - { "3BE800008131FE00506572736F53696DAA", "Simulated virtual smartcard, from project PersoSim (eID)\nhttps://persosim.de/?q=node/33" }, - { "3BE800008131FE450073C8400000900088", "VISA Card (Skandinaviska Enskilda Banken) with Swedish BankID\nVISA card (Chinatrust Bank (Taiwan), dual-interface card with a Taipei Metro e-purse function)" }, - { "3BE800008131FE454A434F50763234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BE800008131FE454A434F5076323431B4", "VISA Debit card for NAB, Australia" }, - { "3BE800FF8131FE43AA00000000000000B0", "Secure Signing Token (eID)" }, - { "3BE800FF8131FE45434C6169726520361A", "DKB Visa card with PayWave" }, - { "3BE90000812145454D565F41545220066C", "VISA card, issued by HVB Bank Czech Republic or austrian BankAustria\nhttp://www.hvb.cz" }, - { "3BE900008121454D435F5F494E46200665", "MasterCard Credit card issued by SpareBank1 in Norway\nhttp://www.sparebank1.no" }, - { "3BE900008121455649535F494E46200678", "VISA card, issued by the Austrian 'Raiffeisen' bank\nhttp://www.raiffeisen.at/\nVisa Card - Maximum - Oyak Bank / Turkey\nVISA, issued by Austrian bank 'Erste Bank'\nVISA card, issued by the Latvian bank 'Latvijas Krajbanka'" }, - { "3BE900008131C345996374691999125610EC", "Compunicate Technologies Inc. (Pay TV)\nhttp://www.cti.com.cn/en/product.aspx?m=20140731165252850216" }, - { "3BE900008131FE00FF506572736F53696D54", "German PersoSim (eID)\nhttps://persosim.secunet.com/en/" }, - { "3BE900008131FE4541434F534A76323034F6", "ACS ACOSJ-DI 95K (in T=1 mode) (JavaCard)" }, - { "3BE900008131FE4543443169A90000000014", "Mastercard credit card, UBS Switzerland (Bank)" }, - { "3BE900008131FE45434432690900000000B7", "Swiss UBS MasterCard Creditcard" }, - { "3BE900008131FE45454D5620303320200699", "Visa credit card\nMasterCard credit card" }, - { "3BE900008131FE45454D5630325F34530680", "Maestro Card issued by 'First Investment Bank' in Bulgaria\nhttp://fibank.bg/\nVisa Electron card: TATRA BANKA, a.s." }, - { "3BE900008131FE454A434F503130563232A3", "ORGA Open Platform DES 16k V2.0 / JCOP10" }, - { "3BE900008131FE454A434F503234325232A0", "NXP J3D081 (JavaCard)" }, - { "3BE900008131FE454A434F503331563232A0", "JCOP 31 / 72k" }, - { "3BE900008131FE454A434F503431563232A7", "IBM JCOP v2.2 41" }, - { "3BE900008131FE454D434120303320200688", "PayLife Gold MasterCard -- an unbranded version of the master card" }, - { "3BE900FF8131FE45434C6169726532203629", "UB(SK) Visa Vusiness card with PayWave (Bank)\nhttps://www.vub.sk/en/companies-entrepreneurs/cards/debit-cards/visa-business/" }, - { "3BE900FF8131FE45434C6169726533203628", "BZ WBK Mastercard (Bank)" }, - { "3BE900FFC11031FE5500640500C80231800047", "Identity card of Italian Republic" }, - { "3BE900FFC11031FE55C80120504E34303132AD", "Siemens CardOS/M 3.0 (SLE66CX160S)" }, - { "3BEA0000813120438065A2........72D6....", "IDClassic 3XX Cards (with MPCOS Applet)" }, - { "3BEA0000813120438065A20101013D72D643A5", "GemXpresso Pro R3 32PK (MPCOS, T=1) (warn reset)" }, - { "3BEA00008131FE450031C173C840000090007A", "Nigerian eID Card (cold reset)\nChip is NXP JCOP 2.4.1R3\nDual BCR Signum Mastercard (bank) + Digital Signature Costa Rica (eID)\nhttps://bancobcr.com/wps/portal/bcr/bancobcr/personas/tarjetas/signum_firma_digital/" }, - { "3BEA00008131FE45436F6D624F5320494900FE", "UBS VISA Gold Card\nMasterCard from lhv.ee\nNordea Bank Finland PLC Estonian Branch (ABnote)" }, - { "3BEA00008131FE454A434F5033315632333290", "NAB VISA Debit card" }, - { "3BEA00008131FE454A434F5034315632323195", "HID Crescendo C700\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/c700" }, - { "3BEA00FF813120750064051401023100900027", "GCOS-MDK" }, - { "3BEA00FF8131FE455455422D434B010301007B", "Technische Universitat Berlin - Campus Karte\nMaybe Sm@rtCafe Expert 2.0 (Giesecke & Devrient)\nor GemXpresso 211 PK (Gemplus)\nIncludes a Mifare-Chip (1 KB - Memory-Chip)" }, - { "3BEB0000813120454A434F503331333647445478", "card for testing (eID)" }, - { "3BEB0000813142454E4C436853434B303430312B", "Dutch University accesscard & Electronic purse & telphone card" }, - { "3BEB0000813142454E4C4368697070657230310A", "Dutch Post (Chipper)" }, - { "3BEB00008131FE450031C0643F680102079000B6", "Chris firstbank (Bank)" }, - { "3BEB00008131FE450031C0643F6801020F9000BE", "VISA Debit card for Taishin International Bank, Taiwan (Bank)" }, - { "3BEB00008131FE450031C0643F680108079000BC", "Debit Mastercard of Mega ICBC, Taiwan (Bank)\nhttps://www.megabank.com.tw/en-us/english/credit-card" }, - { "3BEB00008131FE450031C064A9EC010082900023", "Junta de Extremadura (Spain) public healthcare card (HealthCare)\nhttps://saludextremadura.ses.es/web/preguntas-frecuentes" }, - { "3BEB00008131FE45436F6D624F5320312E3015C5", "Reka Card - Swiss Holiday Member Card (Loyalty)\nhttps://reka.ch/en/rekamoney/privatepersons/reka-card/Seiten/reka-card.aspx?lang=en" }, - { "3BEC00004032424C554520445241474F4E20430001", "Pay TV" }, - { "3BEC00004032544954414E49554D00110106", "Titanium high security access smartcard (the back says something about 'DoorCard') (Other)" }, - { "3BEC00004032544954414E49554D00130202", "Titanium 2 Card Pirat Card for Seca 2 / Viaccess 2004 (Pay TV)" }, - { "3BEC00FF8131FE45A0000000563333304A330600A1", "Datakey model 330J card, www.datakey.com\nhttp://www.hmk.de/downloads/datakey/Model_330J_Smart_Card.pdf\nModel 330J JavaCard v2.1.1\nGlobal Platform v2.0.1 specifications.\nJCCOS operating system applet (Java-based Cryptographic Card Operating System)" }, - { "3BED000080318065B0840100C883009000", "Optelio Cards (D38-D72 R6) T=1 Normal Speed" }, - { "3BED00008131204380318065B083......830090....", "IDClassic 3XX / Classic TPC (IXS, IS, IS V2, IS CC, IM, IM CC, IM CC V3) / MultiApp ID Cards" }, - { "3BED00008131204380318065B08302047E8300900032", "Latvian Digital Signature Card (warm)\nhttp://www.eme.lv/" }, - { "3BED00008131804280318065B0872701BC830890007D", "EMV (V PAY) Issued by UniCredit Bulbank Bulgaria\nGXP7 T=1" }, - { "3BED00008131804280318065B0894001F28300900052", "VISA Debit card for Taishin International Bank, Taiwan" }, - { "3BED00008131FE450031C071C6644D3533560F900046", "Kostadin (Bank)" }, - { "3BED00008131FE450031C071C6644D35354D0F9000", "ING Credit Card (Bank)\nhttps://www.ing.nl/particulier/betalen/creditcards/index.html" }, - { "3BED00FF813120754D424320534D502056312E3130BD", "Used to Control a Laser Device" }, - { "3BEE00008131804280318066B0840C016E01830090008E", "MultiApp Cards (Easy 72K Type B and Combi 72K Type B)\nE.SUN Commercial bank debit master card (Bank)\nTaiwan EasyCard (Transport)\nhttps://www.easycard.com.tw/english/index.asp" }, - { "3BEE00008131804380318066B1A1110100F683009000", "Optelio/Desineo Cards (D72 FXR1)" }, - { "3BEE00008131804380318066B1A11101A0F683009000", "Optelio D72 FXR1 (MD) T=1" }, - { "3BEE00008131804380318066B1A30401110B83009000D4", "Japan Post Bank cash card (Bank)\nhttps://www.jp-bank.japanpost.jp/kojin/chokin/sogou/kj_cho_sg_iccard.html" }, - { "3BEE00008131FE45003180718665016702A00A8390001B", "IBM JCOP 'Java Card 2.1.1' et 'Open Platform 2.0.1'" }, - { "3BEE00008131FE4580318066409093060F1783019000FD", "Health insurance (HealthCare)" }, - { "3BEE00008131FE4580318066409093060F17830F9000F3", "IC card for the National Health Insurance, Taiwan" }, - { "3BEF..0040148025434552455357....0101039000", "Electronic Identification Card from the FNMT, the Spanish Official\nCertification Authority (Fabrica Nacional de Moneda y Timbre)\nFNMT-Ceres Siemens Infineon SLE 19" }, - { "3BEF..0040148025434552455357....0102039000", "FNMT-Ceres Siemens Infineon SLE 20\nFabrica Nacional de Moneda y Timbre" }, - { "3BEF000081312049005C5043541027F8D27600003833004D", "Infineon Technologies PC/SC Compliance Test Card V1.0" }, - { "3BEF000081314069005C50435335C53AD27600003833000F", "Siemens Nixdorf Sicrypt" }, - { "3BEF00008131FC4580318065110113000153414345810421", "Slovenska sporitelna (SLSP) Bank card, Maestro Card with chip" }, - { "3BEF00008131FC4580318065111123100253414345810412", "VISA card issued by UBS, Switzerland" }, - { "3BEF00008131FE450031C173C8211064474D313600900067", "ING Gold Credit Card (Italy) (Bank)\nhttps://www.ing.it/" }, - { "3BEF00008131FE45417441434F53322E345345204C6337C9", "Maestro Polish Alior debit card (Bank)" }, - { "3BEF00008131FE4543443269A98100002020202020200090", "UBS Switzerland Mastercard credit card (Bank)" }, - { "3BEF00008131FE4543443369098000002020202020200030", "Nordea Credit Gold MasterCard (Bank)\nhttp://www.nordea.ee/Private+customers/Daily+banking/Cards/Nordea+Gold/67062.html?lnkid=frontpage_teaser_GOLD_30-07-2014" }, - { "3BEF00008131FE45434D425F436F6D4444413030353500F7", "Master Card (emitted by bank Nordea - Lithuania)" }, - { "3BEF00008131FE45434D425F436F6D5344413030343000E4", "VISA (Danske Bank Eesti / www.sampopank.ee)" }, - { "3BEF00008131FE45434D425F436F6D5344413030353100E4", "Visa (Sampo Estonia, 2010)" }, - { "3BEF00008131FE45436F6D624F53205620202020202000AD", "Corporate Credit Card - SIEMENS MasterCard issued by Degussa Bank (Bank)" }, - { "3BEF00008131FE45436F6D624F53205649202020202000C4", "VfB Stuttgart Fankarte (pay card for the football stadium of the german club VfB Stuttgart)" }, - { "3BEF00008131FE45444C415A46545632444944313030FF06", "Lufthansa ID Card (eID)" }, - { "3BEF00008131FE45455041000000008891027200000000D9", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (Bank)" }, - { "3BEF00008131FE45455041000000010130622200000000C0", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (Bank)" }, - { "3BEF00008131FE4546494F4D4B5F3030312030313041009C", "MasterCard/PayPass Card issued by Czech FIO Banka a.s. (contact chip)\nnote the ASCII string ' FIOMK_001 010A' embedded in ATR" }, - { "3BEF00008131FE65005C504353D19147D276000038330070", "Siemens/Infineon Sicrypt S26381-F252-V1 GS:03" }, - { "3BEF00008131FE67005C49434DDBC97ED27600003833001E", "Infineon SICRYPT CardModule Card" }, - { "3BEF00FF8131..456563", "Debit card (Germany): ec-cash, GeldKarte(DEM), Maestro, Cirrus" }, - { "3BEF00FF81312045426173696343617264205A43322E33BD", "ZeitControl BasicCard Enhanced 2.3" }, - { "3BEF00FF81312045426173696343617264205A43332E33BC", "Electronic Purse (Elton Senegal)" }, - { "3BEF00FF81312075426173696343617264205A43332E338C", "ZeitControl BasicCard Enhanced 3.3" }, - { "3BEF00FF81312075426173696343617264205A43332E3788", "ZeitControl BasicCard Enhanced 3.7" }, - { "3BEF00FF81312075426173696343617264205A43332E3986", "ZeitControl BasicCard Enhanced 3.9" }, - { "3BEF00FF81314245.*38", "UNI-Card" }, - { "3BEF00FF8131424565630302030280002240489596002028", "Scard Sparkasse Detmold, Deutschland BLZ 47650130" }, - { "3BEF00FF81315045426173696343617264205A43312E31CC", "ZeitControl BasicCard Compact 1.1" }, - { "3BEF00FF813150456563............................", "GeldKarte v2 (Germany)" }, - { "3BEF00FF8131504565630000000000000000000000000000", "Geldkarte v2" }, - { "3BEF00FF813150456563080B40028000081520033604007E", "old banking card (electronic-card / Maestro / Geldkarte) of the\nStadt-Sparkasse Duesseldorf (like the above, but old - around 2002)." }, - { "3BEF00FF8131504565630D24200280000508335610010243", "German ec card" }, - { "3BEF00FF813152454D46432049424D2034304839363031FB", "IBM MFC 3.5 file system smart card\n(Card from the book 'Smart Card Application Development Using Java')" }, - { "3BEF00FF8131604565630402110000000000A532A50111B6", "GledKarte\nSiemens M3-Module with a Motorola SC-28.\nG&D (Giesecke&Devrient) Geldkarten-OS mit der Version 11" }, - { "3BEF00FF813160456563060314025000065108115E014190", "Geldkarte from Deutsche Bank, Thomson-Chip" }, - { "3BEF00FF8131664549424D204D46433430303230383331A1", "IBM MFC 4.1 file system smart card\nCard from the book 'Smart Card Application Development Using Java'\nauthors: Uwe Hansmann, Martin. S. Nicklous, Thomas Schack, Achim Schneider, Frank Seliger" }, - { "3BEF00FF813166456563202049424D20332E3120202020", "IBM eCash" }, - { "3BEF00FF813166456563202049424D20332E3120202020CF", "IBM eCash" }, - { "3BEF00FF8131864549424D204D4643343030303038333143", "ComCard MFC 4.1" }, - { "3BEF00FF8131FE4065631D038602500023151131280110FD", "DKB Banking Card (EC-Karte 2023) (Bank)\nhttps://www.dkb.de/" }, - { "3BEF00FF8131FE4141434F532046696F6E6131204C633666", "EUROBANK GR (Bank)\nNBG BANK (Bank)" }, - { "3BEF00FF8131FE4541434F53204449616E6131204C63364E", "comdirect VISA card (Bank)\nhttps://www.comdirect.de/konto/karten.html#Visa-Karte" }, - { "3BEF00FF8131FE4541434F53204449616E6132204C63364D", "Alior Bank SA (Bank)\nhttps://www.aliorbank.pl/" }, - { "3BEF00FF8131FE45656306087102500023B8105BA0471116", "DKB Banking Card (EC-Karte 2020) (Bank)" }, - { "3BEF00FF8131FE4565630D12810156001F00006686080122", "Commerzbank signature card SECCOS (6 or 7) providing RAH security profile (Bank)\nhttps://www.chipkartenleser-shop.de/commerzbank/electronic-banking-chipkarten/commerzbank-signaturkarte-2710050006" }, - { "3BEF00FF8131FE4565631104010280000F274000030100E1", "Postbank Geldkarte" }, - { "3BEF00FF8131FE4565631104010280000F462004230100C4", "Postbank ec/Maestro (Germany)" }, - { "3BEF00FF8131FE4565631108430250001021200324053016", "Bank (Bank)" }, - { "3BEF00FF8131FE456563111261025000100A072722071022", "DKB Online Banking Card (Bank)\nhttps://www.dkb.de" }, - { "3BEF00FF8131FE456563111261025000100A07811C0710BA", "German Sparkasse HBCI card (Bank)\nhttps://www.sparkasse.de/service/finanzlexikon/hbci-verfahren.html" }, - { "3BEF00FF8131FE4565631113710528001F00010228372060", "MasterCard of SpardaBank Hamburg in Germany (Bank)\nhttps://www.sparda-bank-hamburg.de" }, - { "3BEF00FF8131FE4565631113710528001F0006124137201E", "BankCard Sparda-Bank Baden-Wurttemberg eG (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F0007241A372072", "Commerzbank Maestro Card (Bank)\nhttp://www.maestrokarten.de/girokontovergleich/commerzbank_girokonto.html" }, - { "3BEF00FF8131FE4565631113710528001F00083B3C372044", "Comdirect Debit Card Germany - AustriaCard 55616 (Bank)\nhttps://www.comdirect.de/" }, - { "3BEF00FF8131FE4565631113710528001F000A1B18372042", "German debit card (girocard, V-Pay) (Bank)\nhttps://www.girocard.eu/english/" }, - { "3BEF00FF8131FE4565631113710528001F000B161C37204A", "Commerzbank / girocard /maestro (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F000D163A37206A", "BankCard Sparda-Bank West eG (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F00120F24372072", "Debit card (Germany): Postbank - GeldKarte (EUR), girocard, V-PAY (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F00153D47372024", "Girocard issued by Comdirect bank AG (Bank)" }, - { "3BEF00FF8131FE4565631113710528001F00193516372071", "Commerzbank Germany (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F00024D36371005", "comdirect girocard (Bank)\nhttps://www.comdirect.de/konto/karten.html#girocard" }, - { "3BEF00FF8131FE4565631114710528001F0003443137100A", "DKB Banking Card (Bank) (Bank)\nhttps://www.dkb.de" }, - { "3BEF00FF8131FE4565631114710528001F00034A36371003", "German Sparkasse, Girocard, GeldCard, girogo, EUROSERV (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F0005210F371057", "girocard maestro Bank (Bank)\nhttps://www.girocard.eu/" }, - { "3BEF00FF8131FE4565631114710528001F0006302F371065", "MasterCard German Sparkasse (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F0006543137101F", "Sparkasse (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F00071D46371020", "DKB (Deutsche Kreditbank) debit card (V-PAY) (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F000A1E1337107B", "girocard (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F000B361B37105A", "Kreissparkasse bank Girocard (Germany) (Bank)\nhttps://www.kskmse.de/de/home/privatkunden/girokonto/girokonto-online.html?n=true&stref=productbox" }, - { "3BEF00FF8131FE4565631114710528001F000C1A1737107D", "Bank card issued by Sparkasse (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F000C2024371074", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ... (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F000C3D35371078", "Sparkasse KolnBonn Bank (Bank)\nhttps://www.sparkasse-koelnbonn.de" }, - { "3BEF00FF8131FE4565631114710528001F0010142437105C", "Deutsche Kreditbank AG (Bank)\nhttps://www.dkb.de/" }, - { "3BEF00FF8131FE4565631114710528001F00112D4F37100F", "Bank card (Bank)\nhttps://www.commerzbank.de/" }, - { "3BEF00FF8131FE4565631114710528001F00113B32371064", "DKB GiroCard (Bank)\nhttps://dkb.de" }, - { "3BEF00FF8131FE4565631114710528001F00172846371005", "Sparkasse Zwickau Maestro card (Bank)\nhttps://www.spk-zwickau.de/de/home/privatkunden/girokonto/sparkassencard.html" }, - { "3BEF00FF8131FE4565631114710528001F00180F48371023", "SparkassenCard (Bank)\nhttps://sparkasse.de" }, - { "3BEF00FF8131FE4565631114710528001F0018242A37106A", "Sparkasse girocard (Bank)" }, - { "3BEF00FF8131FE4565631114710528001F00182D1C371055", "Debit card (Germany): ec-cash, GeldKarte(EUR) (Bank)" }, - { "3BEF00FF8131FE456563111562025000100A002B2107201E", "EC Card Sparkasse Mittelfranken Sued (Bank)\nhttps://www.spkmfrs.de" }, - { "3BEF00FF8131FE456563111562025000100A002EFC0720C6", "maestro BankCard (Bank)" }, - { "3BEF00FF8131FE456563111562025000100A09AC030720B2", "Girocard Sparkasse Darmstadt (Bank)" }, - { "3BEF00FF8131FE4565631901620280000F003500420620BB", "Credit card (Germany, Postbank AG): VISA" }, - { "3BEF00FF8131FE4565631D0284025000230509A0D9010182", "Debit card (Bank)" }, - { "3BEF00FF8131FE4565631D028402500023180920E7010121", "Deutsche Kreditbank AG (DKB AG) bank card (Bank)\nhttps://www.dkb.de/info/tan-verfahren/chipTAN/" }, - { "3BEF00FF8131FE458031C06B49424D204A65745A204D3239", "UBS Internet Card (IBM JetZ M2)" }, - { "3BEF00FF8131FE458031E06B042105026B55555555555568", "MasterCard credit card for Mega International Commercial Bank, Taiwan (Bank)\nhttps://www.megabank.com.tw/creditcard/index.asp" }, - { "3BEF00FF8131FF6549424D204D4643393232393238393017", "IBM MFC 4.22 (University of Cambridge smartchip card)" }, - { "3BF01100FF01", "Not a physical smart card. But a JavaCard simulator ATR with default configuration. (JavaCard)" }, - { "3BF01200FF9181B17C451F019B", "Japanese Chijou Digital B-CAS Card (pay TV) (Pay TV)" }, - { "3BF01200FF9181B17C451F0399", "Japanese Chijou Digital B-CAS Card (pay TV)" }, - { "3BF01200FF9181B1EF451F030A", "Japanese Digital CATV C-CAS card" }, - { "3BF01300001000", "MasterCard ETEC InterOp 27. This is an dual-app Maestro/MasterCard Credit EMV test card" }, - { "3BF01300008131FE45E8", "Healthcare card Romania (HealthCare)\nhttp://www.cnas.ro/casmb/national-page/cardul-national-de-asigurari-de-sanatate-2.html" }, - { "3BF01300FF9181B1FE461F0319", "Japan BS/CS 4K Satellite Broadcasting A-CAS Card (Pay TV)\nhttp://www.acas.or.jp/index.html" }, - { "3BF2180000C10A31FE55C80675", "HID iCLASS P16K C4H\nproximity card used for both door locks and keystore" }, - { "3BF2180002C10A31FE55C80776", "Siemens CardOS V4.3" }, - { "3BF2180002C10A31FE58C80874", "Siemens CardOS V4.3B\nD-Trust multicard 2.1 (may only be the testcard for it)" }, - { "3BF2180002C10A31FE58C80975", "Siemens CardOS V4.2B" }, - { "3BF2180002C10A31FE58C80B77", "CardOS V4.2C (SLE66CX360PE dual interface)" }, - { "3BF21800FFC10A31FE55C8068A", "Siemens CardOS M 4.2 (SLE66CX642P)" }, - { "3BF2960000813180438031A6", "Card of Justice (Other)" }, - { "3BF29800FFC11031FE55C80315", "Siemens CardOS M 4.01 (SLE66CX320P)" }, - { "3BF29800FFC11031FE55C80412", "CardOS M4.01a (SLE66CX322P)" }, - { "3BF39600FFC00A31FE4D8031E083", "MARX Cryptoken (supported by RaakSign)" }, - { "3BF41300008131FE4552465A4FED", "Serbian Health Care electronic card (HealthCare)\nhttp://www.rfzo.rs/index.php/osiguranalica/ekartica" }, - { "3BF4180002C10A31FE5856346376C5", "Eutron CryptoIdentity (reader + card token)" }, - { "3BF41800FF8131805500318000C7", "Identity card of Italian Republic" }, - { "3BF49800FFC11031FE554D346376B4", "Eutron Digipass 860 (reader + card token)" }, - { "3BF51300008131FE4573746431308F", "card for NF-e in Brazil (PKI)\nhttps://certificadodigital.imprensaoficial.com.br/certificados-digitais/e-cnpj/a3/e-cnpj-a3-cartao" }, - { "3BF51800008131FE454D794549449A", "Aventra ActiveSecurity MyEID\nhttp://www.aventra.fi/pdf/ActiveSecurity%20MyEID%20Tokens%20white%20paper%20(2p)%20EN.pdf" }, - { "3BF518000210804F73454944", "Atmega 128 microcontroller based open source EID smartcard with RSA and ECC. (eID)\nhttps://oseid.sourceforge.io/" }, - { "3BF57100FFFE2400011E0F3339320103", "Mydo IC Card from Japan, based on NTTDATA CARD (Loyalty)\nhttps://www.idemitsu.com/company/history/13.html" }, - { "3BF59100FF918171FE40000A086E773A65", "iCLASS Card (Other)" }, - { "3BF59100FF918171FE4000410000000005", "Contactless Mifare Ultralight" }, - { "3BF59100FF918171FE400041080000000D", "Contactless Mifare" }, - { "3BF59100FF918171FE400041180000001D", "Contactless Mifare 4k" }, - { "3BF59100FF918171FE400041880000008D", "Contactless Mifare 1k or 4k" }, - { "3BF59100FF918171FE4000420001008186", "American Express Blue RFID" }, - { "3BF59100FF918171FE400042000100D1D6", "Japanese Public Key Infrastructure (PKI)\nhttps://www.jpki.go.jp/\nMy Number Card (The Social Security and Tax Number System in JAPAN) (eID)\nhttps://www.cao.go.jp/bangouseido/" }, - { "3BF59100FF918171FE400042000177D1A1", "German Passport (ePass) (issued May 2008)" }, - { "3BF59100FF918171FE4000420001B3A115", "Individual Number Card (eID)\nhttps://www.kojinbango-card.go.jp/" }, - { "3BF59600008.31FE454D794549441.", "MyEID card (Infineon chip) (PKI)\nhttps://services.aventra.fi/English/products_MyEID_E.php" }, - { "3BF61300FF1080434849503232", "PostFinance debit (Bank)\nhttps://www.postfinance.ch" }, - { "3BF61300FF910131FE4080640F7000009E", "JA Bank Cash Card (Bank)\nhttps://www.jabank.org/" }, - { "3BF61800FF8131FE454A32413038301B", "NXP J2A080 - 80K (blank)\nhttp://www.classic.nxp.com/acrobat_download2/literature/9397/75016728.pdf" }, - { "3BF61800FF8131FE454A434F5032300E", "IBM JCOP20" }, - { "3BF61800FF8131FE454A434F5033300F", "Philips P8RF5016 running IBM JCOP 30 (contact interface)" }, - { "3BF61800FF8131FE454A434F5033310E", "IBM JCOP BIO31\nIBM JCOP BIO31 Java card" }, - { "3BF71100008131FE6543616E6F6B657999", "Canokey (Other)\nhttp://canokeys.org/" }, - { "3BF711000081718042000063950A019000B9", "ATM Card for Chunghwa Post Inc., Taiwan" }, - { "3BF71100008171FE420000639501019000CC", "ATM Card for Mega International Commercial Bank, Taiwan\nATM card for HSBC Direct, Taiwan\nATM card for TaChong Bank, Taiwan\nATM card for Chunghwa Post, Taiwan\nVISA card for Taipei Fubon Bank, Taiwan\nATM card for Cathay United Bank, Taiwan (Bank)\nhttps://www.cathaybk.com.tw/cathaybk/english/eindex.htm" }, - { "3BF71100008171FE420000639531029000FF", "VISA card for Taipei Fubon Bank, Taiwan" }, - { "3BF71100008171FE420000639531049000F9", "E.SUN Bank, Taiwan (Bank)\nhttps://www.esunbank.com.tw" }, - { "3BF71100008171FE420000639531059000F8", "ATM card for Chunghwa Post, Taiwan\nATM card for E.Sun Commercial Bank, Taiwan\nATM card for Taishin International Bank, Taiwan\nATM card for Bank of Taiwan, Taiwan\nATM card for Land Bank of Taiwan, Taiwan" }, - { "3BF711000140965430040E6CB6D6", "Atmel (FunCard) Smart Card with AT90S8515 and 24LC64 chip on it (Other)\nhttp://docs-europe.electrocomponents.com/webdocs/1173/0900766b811730a2.pdf" }, - { "3BF711000140965430040E6CB6D69000", "PIC16F876-04/SP (PICCard2) or\nPIC16F84A-04/P + 24LC16B (PICCard1) or\nCanal + Canal Digital Spain year 2000/2001 or\nPIC Silver Card 2 (PIC16F876/7 + 24C64)" }, - { "3BF711000140965760140E6CB6D6", "old SECA of D+ Italian sat pay tv" }, - { "3BF711000140965842140E6CB6D6", "UK on digital (terrestrial digital TV card)" }, - { "3BF711000140966060060E6CB6D6", "CANAL+ CANALSATELLITE SmartCard (possibly from 2005) (Pay TV)" }, - { "3BF711000140967070070E6CB6D6", "Cyfra+ SECA Card\nhttp://cyfraplus.pl/" }, - { "3BF711000140967070070E6CB6D69000", "M-II (a.k.a. M-2, a.k.a. Platinum Card), AT90SC6464C based\nKnotCard II\nTitaniumElite" }, - { "3BF7110001409670700A0E6CB6D6", "TopUp TV NagraVision viewing card" }, - { "3BF7110001409670700A0E6CB6D69000", "Canal Digitaal (Pay TV)\nhttp://webshop.canaldigitaal.nl/nl/smartcards-2" }, - { "3BF711000140967070170E6CB6D6", "Canal Satellite card (VERSION 7.1 SYSTEM / SECA2)" }, - { "3BF711000140967070370E6CB6D6", "Carte pour decodeur cable numerique (fourni par www.voo.be et\nwww.ledecodeur.be)" }, - { "3BF711000140967070670E6CB6D6", "UK TopUp TV" }, - { "3BF711000140967071090E6CB6D6", "Carte pour decodeur tele de Neuf Telecom TV" }, - { "3BF71300001000F14040919B9000", "Handelsbanken Inloggningskort (Bank)\nhttps://www.handelsbanken.se/sv/privat/digitala-tjanster/bankid-pa-kort" }, - { "3BF71300008131FE4500C08AC80C658185", "NXP JCop (JavaCard)" }, - { "3BF71300008131FE45464F4D534F4D53A9", "Health card Russian Federation" }, - { "3BF71300008131FE454A434F503234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BF71300008131FE4580654A5030310415", "Nichizeiren Denshi-shomei (eID)\nhttps://www.nichizeiren.or.jp/taxaccount/auth/fifth/" }, - { "3BF71800008031FE45736674652D6E66C4", "SmartCafe Expert 3.2 72K" }, - { "3BF71800008031FE45FE42475265494424", "Bulgarian eID PKI card pilot on IFX SLE78 jTOP (PKI)" }, - { "3BF71800008131FE458055433776706B28", "Only labeled 'J35110', dual interface (JavaCard)" }, - { "3BF718000081718042000063840C019000A7", "Citibank Taiwan ATM Card (Bank)\nhttps://www.citibank.com.tw/" }, - { "3BF718000081718042000063950A019000B0", "7-Eleven icash card, Taiwan" }, - { "3BF79100FF918171FE40000A0260CF5104CB7F", "UK Metro Bank Mastercard Debit (Bank)\nhttps://www.metrobankonline.co.uk/" }, - { "3BF79100FF918171FE40004120001177818040", "Contactless Mifare DESFire" }, - { "3BF8110000400A01654E434F533037", "eNCOS + MCA, MchipAdvance bundled with eNCOS (Bank)" }, - { "3BF81100008171FE4200544E051900000002A1", "Taiwan EasyCard (Transport)\nhttps://www.easycard.com.tw/english/index.asp" }, - { "3BF811200340FF0303030312109000", "Bar Ilan KesefCard from Bezeq (Other)\nhttps://halemo.net/web/www.aurora.co.il/english/c_kesefcard.html" }, - { "3BF811200340FFFFFFFFFF12109000", "G&D (STARCOS SV 1.1)" }, - { "3BF813000010000073C84011009000", "Vivid Money Visa Debit (Bank)\nhttps://vivid.money" }, - { "3BF81300008131FE15597562696B657934D4", "Yubico Yubikey 4 OTP+CCID" }, - { "3BF81300008131FE4546494445534D4F318E", "Fidesmo Card with Dual Interface (JavaCard)\nhttp://shop.fidesmo.com/product/fidesmo-card-dual-interface" }, - { "3BF81300008131FE454A434F50763234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BF81300008131FE454A434F5076323431B7", "Nigerian eID Card (blank card)\nChip is NXP JCOP 2.4.1R3\nBank of Hawaii (Bank)\nhttps://www.boh.com/\nLA BANQUE POSTALE (Bank)\nhttps://www.labanquepostale.fr/\nbnpparibas (Bank)\nhttp://www.bnpparibas.com/\nJcop040 (JavaCard)\nJcop21 (JavaCard)\nVisa debit classic (Bank)\nhttp://www.jpmorganchase.com/\nJPMorgan Chase (Bank)\nVisa (Bank)\nhttps://unitedfcu.com/\nJP Morgan chase bank (Bank)\nhttp://www.jpmorganchase.com/\nNavy Federal Credit Union (Bank)\nhttps://www.navyfederal.org" }, - { "3BF81300008131FE454A4F5076323431B7", "Nigerian eID card (eID)" }, - { "3BF81300008131FE455049564B45593730FF", "PIVKey CP70 (PKI)\nhttps://pivkey.com/" }, - { "3BF81300008131FE455241414B43327635CB", "Raak C2 Smart Card (PKI)\nhttp://www.raaktechnologies.com/software-downloads-documentation/" }, - { "3BF81300008131FE45534B555001000000FC", "Silesian Card of Public Services (Transport)\nhttps://portal.kartaskup.pl/" }, - { "3BF81300008131FE45536D617274417070F8", "national Lithuania ID card" }, - { "3BF81300008131FE45FF4A32413034300012", "MIDAS Card Diversification Key JavaCard (J2A040) (Bank)\nhttps://github.com/kategray/midas" }, - { "3BF81300FF108053430663010F900000", "Affinity CUIA Debit (JavaCard)\nhttps://www.affinitycuia.org" }, - { "3BF81300FF910131FE41534C4A01305023100D", "Walden Mutual Bank (Bank)\nhttps://www.waldenmutual.com/sustainable-bank-for-individuals#footnote-s0-4" }, - { "3BF81300FF910131FE41534C4A263123020168", "Chase Visa Debit (Bank)" }, - { "3BF81300FF910131FE41534C4A263123421F36", "Infineon SLJ26P (JavaCard)" }, - { "3BF81800008031FE450073C8401300900092", "G&D StarSign Token" }, - { "3BF81800008131FE450073C8400000900080", "NXP JCOP 31 V2.2 36K - S/C I/F" }, - { "3BF81800008131FE450073C8401300900093", "Giesecke & Devrient Sm@rtCafe Expert 3.0" }, - { "3BF81800008131FE454A434F50563234319C", "NXP JCOP2.4.1\nJ3A080 80KB T=1 GP2.1.1 JC2.2.2 SCP02" }, - { "3BF81800008131FE454A434F5076323431BC", "NXP J2A080 JavaCard" }, - { "3BF81800FF8131FE450073C840000090007F", "NXP JCOP 10\nNXP JCOP 31 (contact interface)" }, - { "3BF81800FF8131FE454A434F507632343143", "VIVOtech SAM\nNXP JCOP V241\nNXP J3A081 JavaCard (contact interface)" }, - { "3BF89600008031FE470073C840000090000D", "Italian driver tachograph smartcard (Transport)\nhttps://www.to.camcom.it/cartatachigrafica" }, - { "3BF89600008131FE4400739401C00F9000DD", "fourth-generation Hong Kong permanent identity card (Other)\nhttps://en.wikipedia.org/wiki/Hong_Kong_identity_card" }, - { "3BF89600008131FE454A434F507632343132", "NXP JCOP 2.4.1 (JavaCard)" }, - { "3BF91100008131FE45436F6D624F53205600AA", "VISA Card (Bank)" }, - { "3BF91300008131F0454E425502000320000097", "Bank" }, - { "3BF91300008131FE45454F4E436172645631F6", "NXP J2A080 (PKI)\nhttp://www.smartcardsource.com/contents/en-ca/d9_JCOP-NXP-cards.html" }, - { "3BF91300008131FE454A434F503234........", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BF91300008131FE454A434F503431563234A2", "JCOP41 v2.4" }, - { "3BF91300008131FE454A434F5076323431B701", "J2A040 NXP (JavaCard)\nhttps://secure.smartcardsource.com/j2a040-java-smart-card.html" }, - { "3BF91300008131FE45535049564B45593730AD", "PIVKey T840 (Other)\nhttps://pivkey.com/" }, - { "3BF91300FF10808031E0554245524753", "Banrisul bank" }, - { "3BF91500FF910131FE43806448657261829000C7", "RC-S500 card (FeliCa SAM for reader?) (Other)" }, - { "3BF918000000534345372003002046", "G+D FIPS 201 SCE 7.0 (PKI)" }, - { "3BF91800008031FE4580574E454F574156457D", "Neowave Weneo" }, - { "3BF91800008131FE45393532383530313331DA", "JCOP31 / 72B1 V2.2 (4096 RSA key support)\nSmartcard Dual Interface JCOP31 with 72KB EEPROM and V2.2 Java Card Open Platform" }, - { "3BF91800008131FE454A32443038315F5056B6", "NXP J2D081 Java Card 80KB JCOP 2.4.2 R2 GP 2.2.1 JC 3.0.1 (JavaCard)\nhttp://www.javacardsdk.com/Index.aspx?p0=AAT1P0000012&p1=1&p2=1&p3=1&p4=0&p5=1" }, - { "3BF91800008131FE454A434F503231563232A9", "NXP JCOP 21 V2.2 36K" }, - { "3BF91800008131FE454A434F503331563232A8", "JCOP31 / 72B1 V2.2\nSmartcard Dual Interface JCOP31 with 72KB EEPROM and V2.2 Java Card Open Platform" }, - { "3BF91800008131FE454A434F503431563232AF", "JCOP41 Cards (not supported, but recognized by Classic Client)\nNHS Care Identity Service (CIS) smartcard (HealthCare)\nhttps://www.e-lfh.org.uk/programmes/national-ra-and-smartcard-policy/" }, - { "3BF91800008131FE4550565F4A3244303831B6", "Taiwanese Health Professional Card(TW HPC) (HealthCare)\nhttps://hca.nat.gov.tw/Intro.aspx" }, - { "3BF91800FF8131FE4550565F4A334130343040", "Yubico Yubikey NEO OTP+U2F+CCID (PKI)\nhttps://www.yubico.com/products/yubikey-hardware/yubikey-neo/" }, - { "3BF91800FF8131FE4550565F4A33413038314D", "NXP JCOP J3A081 (JavaCard)\nhttps://secure.smartcardsource.com/j3a081m.html" }, - { "3BF99100FF9181714040000A80041E2E222C1490C2", "Mifare DESFIRE (Other)" }, - { "3BF99100FF91817140400041800431766A781690E0", "DESFIRE MIVARE EV2 (Other)" }, - { "3BF99100FF9181714040004180045B89BAB352803A", "mifare desfire 2k (eID)" }, - { "3BF99100FF918171FC40000A095161900058C290D2", "NFC PASS card (eID)" }, - { "3BF99400008131FE6546542056313030900083", "ePass 2000" }, - { "3BF99600008031FE454A546178436F7265560F", "Secure element for fiscal system in Serbia (PKI)" }, - { "3BF99600008031FE4553434537200000202027", "G&D SmartCafe Expert 7 (JavaCard)" }, - { "3BF99600008031FE4553434537200300204642", "ActivIdentity Activkey Sim (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/activid/usb-tokens" }, - { "3BF99600008031FE4553434537200F0020464E", "Giesecke & Devrient (DoD Alternate Token) G+D Sm@rtCafe Expert v7.0 144K DI #3 (PKI)" }, - { "3BF99600008031FE4553434537202000202007", "Serbian Identity Card (eID) (eID)" }, - { "3BF99600008031FE45534345372047434E335E", "Serbian Identity Card (eID)" }, - { "3BF99600008031FE455343453720474E335E", "Serbian Identity Card (eID)" }, - { "3BF99600008131FE45454F4E43617264563173", "eONCard V1 (PKI)" }, - { "3BF99600008131FE4553434537200E00202028", "Giesecke & Devrient GmbH StarSign CUT S" }, - { "3BF99600008131FE45535049564B4559373028", "Taglio PIVKey C980 (PKI)\nhttps://www.pivkey.com" }, - { "3BF99800FFC11031FE55414D20434D4431313083", "Service card of the Ministry of Defense of Italy - Military Aviation" }, - { "3BF99800FFC11031FE55454920434D4431313083", "Service card of the Ministry of Defense of Italy - Italian Army" }, - { "3BF99800FFC11031FE554D4D20434D443131308F", "Service card of the Ministry of Defense of Italy - Navy" }, - { "3BF99800FFC11031FE55504320434D443131309C", "Service card of the Ministry of Defense of Italy - Civil personnel" }, - { "3BFA..00008131..438065A2........72D6....", "IDClassic 3XX Cards (with MPCOS Applet)" }, - { "3BFA00008131FE450031C173C840000090007A", "J3R150 EMV (JavaCard)\nhttp://www.gdrfid.com/" }, - { "3BFA1100008131FE45436F6D624F5320495600E0", "MyWireCard 2go Prepaid VISA Card" }, - { "3BFA110002406043C602F8030300009000", "DeLaRue DX(?)" }, - { "3BFA1300008131FE15597562696B65794E454FA6", "Yubikey NEO" }, - { "3BFA1300008131FE450031C173C8400000900079", "Nigerian eID Card (warm reset)\nChip is NXP JCOP 2.4.1R3" }, - { "3BFA1300008131FE454465786120434620763198", "Dexa Systems Crossfire Card (PKI)\nhttp://www.dexasystems.com/products-services/products/dexa-smartcards-credential-tokens-peripherals" }, - { "3BFA1300008131FE454A434F503.3.56323332..", "JCOPxx/yy v2.3.2 (see hist bytes for more info)" }, - { "3BFA1300008131FE454A434F50323156323331", "J2A040 JCOP (JavaCard)" }, - { "3BFA1300008131FE454A434F5032315632333191", "NXP JCOP 21 V2.3.1 36K" }, - { "3BFA1300008131FE454A434F5032315632343196", "NXP JCOP 2.1 V 2.4.1 (JavaCard)" }, - { "3BFA1300008131FE454A434F50343156", "JCOP41 V221" }, - { "3BFA1300008131FE454A434F5034315632333197", "JCOP41 /72K (eID)" }, - { "3BFA1300008131FE454A434F50763234........", "NXP JCOP v2.4.x (see hist bytes for more info)" }, - { "3BFA1300008131FE54A434F503233191", "Jcop (JavaCard)" }, - { "3BFA1300FF813180450031C173C00100009000B1", "OpenPGP" }, - { "3BFA1300FF918131FE478012392F31C073C7014907", "MITSUBISHI Standard-9M (PKI)\nhttps://www.mdis.co.jp/service/standard-9m/" }, - { "3BFA1800008031FE45FE654944202F20504B4903", "Estonian Identity Card (EstEID v3.5 (10.2014) cold) (eID)\nhttp://id.ee/" }, - { "3BFA1800008131FE4506082A841001876E0805BC", "Dutch Rijkspas (eID)" }, - { "3BFA1800008131FE4506082A841001876E0807BE", "Rijkspas (identification card dutch government employees) (eID)\nhttps://nl.wikipedia.org/wiki/Rijkspas\nDutch government multifunctional smartcard (Other)\nhttps://nl.wikipedia.org/wiki/Rijkspas" }, - { "3BFA1800008131FE45060860841001876F0602FE", "Card used by the Dutch health insurers to give medical personnel access to patient insurance information" }, - { "3BFA1800008131FE4546534A434F503453494480", "NXP Java Card JCOP4 P71 GP2.3 JC3.0.5 (JavaCard)\nhttps://www.javacardsdk.com/product/j3r180sim/" }, - { "3BFA1800008131FE454A33413034305632343184", "NXP J3A 40K\nJava Card v2.2.2 - Global Platform v2.2.1\nDual-interface functionality (features 1K Mifare emulation)" }, - { "3BFA1800008131FE454A33413038315632343189", "NXP JCOP CJ3A081\nhttp://www.usmartcards.com/media/downloads/492/NXP%20P5CX012%2002X%2040%2073%2080%20144%20%20%202011.pdf" }, - { "3BFA1800008131FE454A3344303831563234328F", "AustriaCard Dual Interface Unpersonalized EMV Cards (Bank)\nhttps://www.austriacard.com" }, - { "3BFA1800008131FE454A434F503431563232319D", "NXP JCOP 41 v2.2.1 72k SmartCard I/F" }, - { "3BFA1800008131FE454A546178436F72655631B2", "Taxpayer Portal Authentication for Fiji Revenue & Customs Service taxpayer portal (PKI)" }, - { "3BFA1800008131FE454D4F54494F4E0000900760", "SIM card (Telecommunication)" }, - { "3BFA1800008131FE4550564A434F5033454D5694", "NXP JCOP3 J3H082 Java Card 3.0.4 Dual-Interface (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop3-j3h082-java-card-3-0-4-j3h081-dual-interface/" }, - { "3BFA1800008131FE4550564A434F503453494493", "National Health Insurance (Taiwan) (HealthCare)" }, - { "3BFA180000910131FE454A33523138302D323535F5", "Cardlogix J3R180 NXP JCOP 4 Java Card 3.0.5 Classic Dual Interface (JavaCard) (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, - { "3BFA180000910131FE454A33523331302D333535FF", "NXP JCOP 4 Java Card 3.0.5 Classic (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, - { "3BFA180000910131FE4550564A434F503453494482", "Supposed P71 SecID purchased from a Chinese manufacturer (JavaCard)" }, - { "3BFA180000910131FE456BD1936AC2F28547E164CC", "J3R180, NXP JCOP4 JC3.0.5 Classic, GP2.3, SECID (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, - { "3BFA180002C10A31FE584B53776973735369676E89", "SuisseId card (used for qualified signatures)\nhttp://postsuisseid.ch/de/suisseid\nhttp://www.suisseid.ch/" }, - { "3BFA1800FF10004A546178436F72655631", "NXP JCOP4 J3R200 P71 (JavaCard)" }, - { "3BFA1800FF8031FE450031807394410000900090", "Kazakhstan Identity Card 2022 (eID)" }, - { "3BFA1800FF8131FE454A434F5032315632333165", "TrubDemax healthcare card\nJCOP 21 / 72k" }, - { "3BFA1800FF8131FE454A434F5034314332303074", "HID Crescendo C200\nhttps://www.hidglobal.com/sites/hidglobal.com/files/resource_files/crescendo-c200-c700-smart-card-ds-en.pdf" }, - { "3BFA1800FF8131FE454A434F5034315632323162", "JCOP41\nHID Crescendo C700\nhttp://www.hidcorp.com/\nShould be compatible to RAAK\nhttp://www.raaktechnologies.com/\nMarx CrypToken MX2048-JCOP USB Token" }, - { "3BFA1800FF8131FE454A434F5034315632333163", "JCOP41 V2.3.1 Dual Interface, Mifare emulation, 72K (NXP SmartMX P5CT072)\nJCOP (Java Card OpenPlatform) is a Java smart card distributed and developed by NXP.\nThe JCOP 41 v2.3.1. is an USB-smart card and can be used not only with standard smart card reader, but also with simple USB-connectors. The JCOP card is connected as ICCD card and can be used with such ICCD standard drivers.\nJCOP 41 is a Dual-Interface Smart Card, that means, the card can also be contacted with a contactless card reader. For building access systems, this card is also be able to emulate Mifare Classic 1k/4k.\nJCOP 41 v2.3.1 is compliant to JavaCard Standard 2.2.1. and GlobalPlattform 2.1.1. Their cryptographic features supports RSA up to 2432 bit, 'Eliptic curves' - ECC GF(2n), AES and 3DES.\nMore information is available here:\nhttp://www.nxp.com/documents/short_data_sheet/P5Cx009_P5Cx072_FAM_SDS.pdf" }, - { "3BFA940000813120438065A20101013D72D64321", "GemXpresso Pro R3 32PK (MPCOS, T=1)" }, - { "3BFA9600008031FE450031C8239752270F9000C1", "Swedish ID card (eID)" }, - { "3BFA960000813180438065A20101013D72D64383", "Malta identity card delivered by the Identity Management Office (eID)\nhttps://mhas.gov.mt/en/MHAS-Departments/Land%20Public%20Registry/Pages/ID-MO.aspx" }, - { "3BFA9800FFC11031FE55C8035341475F504B493277", "Siemens corporate ID card (access to the building / rooms etc,\nstores PKI private keys/certificates)" }, - { "3BFA9800FFC11031FE55C8045341475F504B493270", "Siemens Corporate Card (Belgium , Germany)" }, - { "3BFB11000040288059535059525553AE0002", "Spyrus Rosetta Basic" }, - { "3BFB11000040788059535059525553AE0202", "Rosetta(r) Series II Smart Card manufactured by Spyrus\nhttp://spyrus.com/products/rosetta_smart_usb.asp" }, - { "3BFB1100008131FE450031C06477E910000090006A", "OCS ID-One Cosmo Card USB Token" }, - { "3BFB1100FF81318055006802001010534941450004", "Italian Society of Authors and Publishers ticket and report signing smart card (PKI)\nhttps://www.siae.it/en/utilizzatori/other-services-stamps-certifications-data-and-statistics/automated-ticket-issuing-systems" }, - { "3BFB1300008131FE454A434F50533.3.56323332..", "JCOP-Sxx/yy v2.3.2 (see hist bytes for more info)" }, - { "3BFB1300008131FE456368617269736D6174657884", "Charismathics smart card JCOP and Qualified electronic signature CHJCOP-xxx (PKI)\nhttps://www.stampit.org/en/page/808" }, - { "3BFB1300FF10000031C164099511380F9000", "Mastercard World Elite (CapitalOne Venture) (Bank)\nhttps://www.mastercard.us/en-us/personal/find-a-card/world-elite-mastercard-credit.html" }, - { "3BFB1300FF10800031C164086032060F9000", "Stripe Issuing Card (Bank)" }, - { "3BFB1300FF10800031C164086032100F9000", "Varo (Bank)" }, - { "3BFB1300FF10800031C164089862210F9000", "Visa Debit (Bank)" }, - { "3BFB1300FF10800031C164089862290F9000", "Bank Card (Bank)" }, - { "3BFB1300FF10800031C1640924331E0F9000", "TransferWise Debit Card (Bank)\nhttps://wise.com/" }, - { "3BFB1300FF10800031C164096441360F9000", "Truist Business Debit (Bank)" }, - { "3BFB1300FF813180755A43352E3520524556204763", "ZeitControl BasicCard 5.5" }, - { "3BFB1300FF813180755A43352E3620524556204D6A", "ZeitControl BasicCard ZC5.6 user-programmable smart card\nhttp://www.basiccard.com/index.html?overview.htm" }, - { "3BFB1300FF813180755A43362E3520524556204364", "ZeitControl BasicCard 6.5, multiapplication with 30 kByte EEPROM" }, - { "3BFB1300FFC0803180755A43352E34205245562041A5", "ZeitControl BasicCard Professional 5.4 Revision A" }, - { "3BFB1300FFC0803180755A43352E34205245562048AC", "ZeitControl BasicCard Professional 5.4" }, - { "3BFB1300FFC0803180755A43352E3420524556204DA9", "Basiccard ZC5.4 revision M (Other)\nhttp://basiccard.com" }, - { "3BFB1300FFC0807553544F4C4C4D31504C5553BD", "Stoll M1PLUS (Other)" }, - { "3BFB180000407880595350595255530B0003", "Spyrus, Inc. Rosetta USB (PKI)" }, - { "3BFB180000407880595350595255530B0402", "SPYRUS Rosetta Series 2 (eID)\nhttp://www.spyrus.com/rosetta-hsm/" }, - { "3BFB18000040788059535059525553AE0402", "Spyrus Rosetta Series II" }, - { "3BFB1800008131FE450031C06477E9100001900062", "ID card for personal of 'Govern Illes Balears'\nhttp://www.caib.es/sacmicrofront/contenido.do?cont=7584&mkey=M08110610180317195848&&lang=en" }, - { "3BFB1800008131FE454A33483134354337583330C6", "COTECH OpenPGP Card - ECC (PKI)" }, - { "3BFB9100FF918171FE40004120000100812063CBA08003", "C*******r, MasterCard credit card, Pass Banque, Oberthur - contactless/PayPass" }, - { "3BFB9600008031FE450031C06477E3020082900076", "Oberthur ID-One Cosmo" }, - { "3BFB9600008031FE450031C06477E3030081900074", "D.O.D. Eid Passport rapidgate card (eID)" }, - { "3BFB9600008131FE450031C06477E91000019000EC", "Oberthur ID-ONE v5.4" }, - { "3BFB9600008131FE450031C06477E910000F9000E2", "Elektroniczna Legitymacja Studencka - Polish Student's ID Issued in Poznan in 2007" }, - { "3BFB9600008131FE450031E85427E60100079000BC", "Gemalto (PKI)" }, - { "3BFB9600008131FE4556445349354001000400011F", "Vasco DIGIPASS KEY 200 usb token\nhttp://www.vasco.com/products/digipass/digipass_pki/digipass_pki_keys/digipass_key_200.aspx\nShould contain a 'Oberthur cosmo v 5.4 or V7.0D' smartcard" }, - { "3BFB9800FFC11031FE550064052047033180009000F3", "Gemplus GemGate 32K\ndistributed by Postecert (www.postecert.it) to legally sign documents" }, - { "3BFC1300008131FE15597562696B65794E454F7233E1", "YubiKey NEO (PKI)\nhttp://www.yubico.com/" }, - { "3BFC1300008131FE45597562696B65794E454F7233B1", "Yubikey Neo\nhttp://www.yubico.com/products/yubikey-hardware/yubikey-neo/" }, - { "3BFC180000813180459067464A00641606F2727E00E0", "PIVKey C910 PKI Smart Card (eID)\nhttp://pivkey.com/" }, - { "3BFC180000813180459067464A00642D70C172FEE0FE", "pivkey token (JavaCard)\nhttp://www.pivkey.com/" }, - { "3BFC180000813180459067464A0068080.000000000.", "Feitian A22 JavaCard (150K) (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~712/javacos-a22-dual-interface-java-card-150k/p/index.shtml\nFeitian A40 JavaCard (64K) (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/index.shtml" }, - { "3BFC180000813180459067464A01002005000000004E", "Feitian A40 (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/index.shtml" }, - { "3BFC180000813180459067464A01002504000000004A", "Feitian JavaCOS A22CR ()\nhttp://www.javacardos.com/store/javacard-a22cr.php" }, - { "3BFC180000813180459067464A0100870600000000EA", "Feitian FTJCOS (https://www.ftsafe.com/products/Card_OS) (JavaCard)\nhttps://www.ftsafe.com/onlinestore/product?id=18" }, - { "3BFC180000813180459067464A01642F70C172FEE0FD", "Feitian eJavaToken (JavaCard)\nhttp://www.ftsafe.com/product/epass/eJavaToken" }, - { "3BFC1800008131FE458073C8211366020403550002D2", "National Health Insurance Card, Taiwan" }, - { "3BFC9800FFC11031FE55C803496E666F63616D65726528", "New Card Infocamere (Italy) series 1402...\nhttp://www.card.infocamere.it/\nSiemens Informatica - Siemens M4.01a\nchip Infineon SLE66CX322P (CC EAL5)\nMemory EEPROM: 32KB\nOperating system CARDOS\nMax numero dei tentativi PIN: 3\nPin: da 5 a 8 digit\nUnblocked by tool CARDOS API 2.2" }, - { "3BFD..00008131..4380318065B0........83..90....", "IDClassic 3XX / Classic TPC (IXS, IS, IS V2, IS CC, IM, IM CC, IM CC V3) / MultiApp ID Cards" }, - { "3BFD1300001000803180654953060B0183079000", "MIR card issued by Gazprombank (Russia) (Bank)\nhttps://www.gazprombank.ru/personal/cards/7579039/" }, - { "3BFD130000813160658031C0694D54434F537301011660", "Silesian University (Katowice, Poland) Student Identity Card (eID)\nhttps://www.us.edu.pl/" }, - { "3BFD1300008131FE158073C021C057597562694B657940", "Yubico YubiKey 5 NFC (PKI)\nhttps://www.yubico.com/product/yubikey-5-nfc" }, - { "3BFD1300008131FE4500125553554D49444153000000F6", "Midas key diversification card (Other)" }, - { "3BFD1300008131FE4541373030354347203234325231D5", "Feitian ePass FIDO NFC (Other)\nhttps://www.ftsafe.com/Products/FIDO/NFC" }, - { "3BFD1300008131FE4541373030364347203234325231D6", "YubiKey NEO (token)" }, - { "3BFD1300008131FE454A434F50323176323331474454E1", "National Health Insurance Card, Taiwan" }, - { "3BFD1300008131FE45543D314A323133364B56323331DC", "ic Card (JavaCard)" }, - { "3BFD1300008131FE4580318153534431738421C0810730", "Personal Info Card (eID)" }, - { "3BFD1300FF10000031C173C8400052A1C5009000", "IBKR Prepaid MasterCard, Issued by Peoples Trust Company (Bank)\nhttps://www.interactivebrokers.com/en/index.php?f=26451" }, - { "3BFD1300FF10000031C173C8400052A1D5009000", "PayPal Business Debit Mastercard (Bank)\nhttps://www.paypal.com/merchantapps/appcenter/makepayments/bdmc" }, - { "3BFD1800008031FE45003180718E6452D904008190005B", "Oberthur Card Systems, authentIC" }, - { "3BFD1800008031FE4553434536302D43443038312D46C4", "Panama Electronic Signature (JavaCard)" }, - { "3BFD1800008031FE45736674652063643134342D6E66D8", "SmartCafe Expert 3.2 144K Dual is a contact and contactless technology Java card from G&D with 144K on-board EEPROM for application and data storage. Certified to FIPS 140-2 Level 3 and Common Criteria EAL 5+. Supports specifications ISO 14443A T=CL and ISO 7816 T=1/0. (PKI)\nhttp://www.smartcardfocus.us/shop/ilp/id~523/smartcafe-expert-3-2-144k-dual/p/index.shtml" }, - { "3BFD1800008031FE45736674652D63643038302D6E66DC", "G&D Sm@Cafe 3.1 (eID)" }, - { "3BFD1800008131FE4553434536302D43433038312D46C2", "Giesecke & Devrient StarSign USB Token" }, - { "3BFD1800008131FE45534C4A35324778787979797A52AA", "The National Health Insurance Card issued by the National Health Insurance Administration Ministy of Health and Welfare in Taiwan (HealthCare)\nhttps://www.nhi.gov.tw/English/Content_List.aspx?n=320832076C00692B&topn=BCB2B0D2433F6491" }, - { "3BFD1800008131FE458031806540907B01518307900055", "Croatian Health Care card" }, - { "3BFD1800008131FE4580318153474531738421C081072E", "Georgian ID Card" }, - { "3BFD1800FF80B1FE451F078073002113574A5448613147005F", "Activkey Sim\nhttp://www.actividentity.com/products/activkey_usb_tokens__home.php" }, - { "3BFD1800FF80B1FE451F078073002113574A54486131480050", "G&D Sm@rtCafe Expert 64 v2" }, - { "3BFD1800FF80B1FE451F078073002113574A544861314A0052", "e-CPF issued by AASP (Lawyers Association of Sao Paulo, Brazil)" }, - { "3BFD1800FF8131FE4543494247555A494A324130383158", "Caregiver card for Dutch Medical System called UZI\n(Unieke Zorgverlener Identificatie, Caring Unique Identification)" }, - { "3BFD9100FF918171FE40004120004100818031C073D621C0D8", "Sparkasse Hanau - German contactless GeldKarte (PPSE, girogo)\nhttps://www.geldkarte.de/_www/en/pub/geldkarte/service_navigation/about_us.php" }, - { "3BFD9400008131204380318065B08302047E83009000B6", "GXPPRo-R3.x STD PTS T=1\nLatvian Digital Signature Card (cold)\nhttp://www.eme.lv/" }, - { "3BFD940000813160658031C0694D54434F5373010111E0", "MTCOS Light\nhttp://www.masktech.de/products/mtcoslight/index.html" }, - { "3BFD940000813160658031C0694D54434F5373010116E7", "Polish student card (eID)" }, - { "3BFD9500008131FE41008C0F17BD008C000000000030F2", "Khmer Identify Card (eID)" }, - { "3BFD9600008031FE45534C4A35324778787979797A5225", "TIPL (Other)" }, - { "3BFD9600008131204380318065B0831100C88300900015", "Gemalto TOP IM GX4 MSA081, T=1 (PKI)" }, - { "3BFD9600008131204380318065B0831148C883009000", "Pay TV" }, - { "3BFD9600008131484280318065B0840100C883009000", "Optelio Cards (D38-D72 R6) T=1 High Speed" }, - { "3BFD9600008131804380318065B0850100D683019000BC", "Queensland Drivers' Licence (Australia) (eID)" }, - { "3BFD9600008131FE4500000152332980000000000000A9", "DPI Guatemala (eID)\nhttp://www.renap.gob.gt/" }, - { "3BFD9600008131FE450000015233672000000000000047", "DPI Guatemala (eID)\nhttps://www.renap.gob.gt/servicios/que-es-el-dpi" }, - { "3BFD9600008131FE4500000161638620000000000000C5", "Renap Guatemala (eID)" }, - { "3BFD9600008131FE450000016687038000000000000003", "DPI (Documento Personal de Identificacion) Guatemala (eID)" }, - { "3BFD9600008131FE45534C4A3532474441303830434348", "Universal JCard C-UJC128-PAC-001 (JavaCard)\nhttps://www.usmartcards.co.uk/universal-j-cards" }, - { "3BFD9600008131FE45534C4A353247444C313238435257", "Universal JCard (Contact) with Infineon SLE78 (JavaCard)\nhttp://www.usmartcards.co.uk/cards/universal-jcard-contact-with-infineon-sle78-white-gloss-pvc-card.html" }, - { "3BFD9600008131FE45534C4A35324778787979797A5224", "J3R180 (JavaCard)" }, - { "3BFE130000108080318066B0840C016E0183009000", "Sberbank of Russia MIR debit card (Bank)\nSwile card\nhttps://www.swile.co/fr-fr/swile-card" }, - { "3BFE1300008131FE454A434F5076323431204C4F542057B1", "LOT test card (JavaCard)\nwww.lotgroup.eu" }, - { "3BFE130000918131804180318066B0840C016E01830090001F", "Japan Post Bank Visa Debit Card (Bank)\nhttps://www.jp-bank.japanpost.jp/kojin/cashless/yuchodebit/kj_cl_yd_index.html" }, - { "3BFE1800008031FE454573744549442076657220312E30A8", "Estonian Identity Card (EstEID 3.0 'JavaCard' cold)" }, - { "3BFE1800008031FE4553434536302D43443038312D6E46A9", "G&D Sm@rtCafe Expert 6.0 (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~684/smartcafe-expert-6-0-80k-dual-/p/index.shtml" }, - { "3BFE1800008031FE4553434536302D43443134352D6E46A0", "Smart Cafe Expert 6.0, Java Card 3.0 (PKI)" }, - { "3BFE1800008031FE45803180664090A4162A0083019000E1", "Estonian Identity Card (EstEID 3.0 'JavaCard' warm)" }, - { "3BFE1800008031FE45803180664090A4162A00830F9000EF", "iEstonian Identity Card (EstEID 3.0 (18.01.2011) warm)" }, - { "3BFE1800008031FE45803180664090A5102E03830F9000EF", "Infineon jTOP SLE78 SLJ52GCA080CL IFX v46.03 (JavaCard) (JavaCard)" }, - { "3BFE1800008031FE45803180664090A5102E038381900061", "Infineon Trust-P (JavaCard)" }, - { "3BFE1800008031FE45803180664090A5102E1083019000F2", "Infineon CJTOP 80K INF SLJ 52GLA080AL M8.4 (JavaCard)" }, - { "3BFE1800008131FE458031815448534D31738021408107FA", "Smartcard-HSM\nhttp://www.cardcontact.de/products/sc-hsm.html" }, - { "3BFE1800FF8131FE454A3231024103479049544356008044", "Brazilian Army ID Card (eID)" }, - { "3BFE1800FF8131FE456368616E67696E677465634A33445E", "xgames pki (eID)" }, - { "3BFE9100FF918171FE40004120001177C1000000000000000089", "Tangem Tap It cryptocurrency hardware wallet (Other)\nhttps://tangem.com/" }, - { "3BFE9100FF918171FE400041200051779180318065B0850300FB", " Italian Card Identity (CIE Comune di Parma) (eID)\nhttp://www.comune.parma.it/servizi/Servizi-Demografici-Carta-di-identita/Carta-di-identita-Elettronica-CIE_A2_C100_P96.aspx" }, - { "3BFE9100FF918171FE40004128000180810073C840000090004D", "Philips SmartMX chip (IBMs JCOP OS)" }, - { "3BFE9100FF918171FE40004128001133B04A434F5033315632C4", "JCOP31 72K\ndual interface functionality, 1K Mifare emulation." }, - { "3BFE9100FF918171FE400041380011F7B14A434F503234325211", "SwissPass (Transport)\nhttps://www.swisspass.ch" }, - { "3BFE9100FF918171FE40004138002180718066B00701010707B7", "Java Gemalto R7 (contactless) (Bank)" }, - { "3BFE9100FF918171FE40004138002180818065A2010201317210", "Santander TUI Brazil (Bank)\nhttp://www.santanderuniversidades.com.br/Paginas/home.aspx" }, - { "3BFE9100FF918171FE40004138002180818066B00701017707B7", "Java Gemalto R5 (contactless) (Bank)" }, - { "3BFE940000801F42803180664750204583018301900002", "TATA Docomo UICC (Telecommunication)\nhttp://www.tatadocomo.com/" }, - { "3BFE9400FF80B1FA451F034573744549442076657220312E3043", "Estonian Identity Card (EstEID v1.0 cold)\nEstonian Identity Card (EstEID v1.1 'MULTOS' warm)" }, - { "3BFE9600008031FE4380738400E065B0850400FB8290004E", "EU smart tachograph card (driver/company/control/workshop)\nhttps://dtc.jrc.ec.europa.eu/" }, - { "3BFE9600008031FE4380738400E065B08505002582900091", "Swiss truck driver card (Transport)" }, - { "3BFE9600008131FE45803180664090A5102E03830190006E9000", "Swissbit PS-100u (JavaCard)\nhttps://www.swissbit.com/ps-100u/" }, - { "3BFE9600FF8131FE455DFF6D6553414D2076312E302E320C", "SAM module for Kharkiv E-ticket (mikroelektronika) (JavaCard)\nhttp://www.mikroelektronika.com/en/card-and-ticket-validators" }, - { "3BFE9600FFC00A31FE4D4573744549442076657220312E309B", "Estonian Identity Card (EstEID v1.1 compatible)\nhttp://www.id.ee/?id=11019&&langchange=1" }, - { "3BFF..00008131..4380318065B0........120FFE829000..", "IDPrime MD 8840, 3840, 3810, 840 and 830 Cards T=1" }, - { "3BFF..00FF8131..456563............................", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ..." }, - { "3BFF0000FF8131FE458025A000000056575343363530000000", "SafeNet SC650" }, - { "3BFF00FF8131..456563............................", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ..." }, - { "3BFF1100008131FE4D8025A00000005657444B3333300600D0", "Datakey 32K PKI Smart Card Model 330\nhttp://www.datakey.com/products/smart_cards/products_sc_330.shtml" }, - { "3BFF1100008171404200002101314252000[05]63........9000.*", "Smart Card 'The Smart Way to Login'\nUsed on Acer TravelMate to secure boot" }, - { "3BFF11000240648069A2070103570000FF0083009000", "Gemplus GemXpresso" }, - { "3BFF1100FF8131FE9580F9D2760000255444010083000000A0", "GiroCard Haspa Hamburger Sparkasse (Bank)\nhttps://www.haspa.de/privatkunden/ihr-online-banking/unser-angebot/haspa-digital-services-96198/" }, - { "3BFF13000010003100DE525001001500000000000000", "wisely debit (Bank)\nhttps://www.mywisely.com/" }, - { "3BFF13000010003101F1564011001900000000000000", "BVG Guthabenkarte (Prepaid Payment Card for Berlin/Brandenburg Public Transport) (Transport)\nhttps://www.bvg.de/de/service-und-kontakt/guthabenkarte\nRevolut Visa Glow-in-the-dark\nhttps://revolut.com/\nMasterCard debit - PayCenter - Corporate Benefit 'Sachbezugskarte' (Bank)\nhttps://paycenter.de/sachbezugskarte/" }, - { "3BFF13000010003101F1564011001D00000000000000", "albo (Bank)\nhttps://www.albo.mx/" }, - { "3BFF13000010003101F1564011002300000000000000", "ANZ BANK (Bank)\nhttps://www.anz.com.au/personal/" }, - { "3BFF1300008131FE450031B9640404ECC17394018082900052", "AKD kID (eID)\nhttps://www.id.hr" }, - { "3BFF1300008131FE450031B9640444ECC17394018082900012", "Croation personal ID card (eID)\nhttp://eid.hr/" }, - { "3BFF1300008131FE4543433169A92000002020202020200036", "Swiss Lunch Check Wallet Card (Bank)\nhttps://lunchcheck.ch" }, - { "3BFF1300008131FE4543443269A94100002020202020200053", "Visa credit card (Viseca Card Services SA, Switzerland) (Bank)\nhttps://www.viseca.ch/privatkunden/kreditkarten\nVisa credit card, UBS Switzerland (Bank)" }, - { "3BFF1300008131FE45434433690940000020202020202000F3", "VISA credit card (LBBW/Payback VISA) (Bank)" }, - { "3BFF1300008131FE454F574F4B31302D4A................", "OWOK (One Web, One Key) login card\nhttp://www.reiner-sct.com/owok/\nReiner SCT loginCard\nhttps://cardlogin.reiner-sct.com/" }, - { "3BFF1300008131FE4D8025A00000005657444B3333300600D2", "Datakey DCOS model 330 (DKCCOS 6.0 token)" }, - { "3BFF1300918131FE4141434F532046696F6E6131204C6336F4", "TURKEY A101 HADI APP CARD (Bank)\nhttps://a101hadi.a101.com.tr/" }, - { "3BFF1300FF10000031C173082110645631424E079000", "Credit card (Bank)" }, - { "3BFF1300FF10000031C1738211064414D33470779000", "Visa Debit (Bank)\nhttps://www.chase.com/" }, - { "3BFF1300FF10000031C173C821106441443533079000", "BRADESCO-CONTA SALARIO (Bank)" }, - { "3BFF1300FF10000031C173C8211064414D3037079000", "UP Day Ticket Restaurant Card (Other)\nhttps://www.day.it/login" }, - { "3BFF1300FF10000031C173C8211064414D3130079000", "Tangerine MasterCard (Bank)\nhttps://www.tangerine.ca/en/products/spending/creditcard/money-back/" }, - { "3BFF1300FF10000031C173C8211064414D3137079000", "PayPal Business Debit mastercard (Bank)\nhttps://www.paypal.com/merchantapps/appcenter/makepayments/bdmc" }, - { "3BFF1300FF10000031C173C8211064414D3330079000", "VISA card issued by ING-DiBa AG (Germany) (Bank)" }, - { "3BFF1300FF10000031C173C8211064414D3331079000", "NAB VISA Debit (contact interface) (Bank)\nhttps://www.nab.com.au/" }, - { "3BFF1300FF10000031C173C8211064414D3337079000", "VISA Credit Card (Postbank), Germany (Bank)" }, - { "3BFF1300FF10000031C173C8211064414D3341079000", "BBVA debit card Uruguay. MIFRE Plus compatible. (Bank)\nScotiabank Passport Visa Infinite credit card (Bank)\nhttps://www.scotiabank.com/ca/en/personal/credit-cards/visa/passport-infinite-card.html" }, - { "3BFF1300FF10000031C173C8211064414D3343079000", "MasterCard issued by President's Choice Bank (Canada) (Bank)\nhttp://pcfinancial.ca/mastercard" }, - { "3BFF1300FF10000031C173C8211064414D3344079000", "VISA debit emitted by FinecoBank (Bank)\nhttps://finecobank.com/" }, - { "3BFF1300FF10000031C173C8211064414D3347079000", "Chase Visa Debit Card (Bank)\nhttps://www.chase.com/bankinghelp" }, - { "3BFF1300FF10000031C173C8211064414D3348079000", "BBVA blue VISA Debit Card (Bank)\nhttps://www.bbva.es/en/personas/productos/tarjetas/tarjeta-joven-ahora.html\nDesjardins Bonus Visa credit card (Bank)\nhttps://www.desjardins.com/ca/personal/loans-credit/credit-cards/bonus-visa/index.jsp" }, - { "3BFF1300FF10000031C173C8211064414D3430079000", "PNC BUSINESS VISA DEBIT (Bank)\nhttps://www.pnc.com/en/small-business/payments-and-processing/payment-cards/pnc-bank-visa-business-debit-card.html" }, - { "3BFF1300FF10000031C173C8211064414D3531079000", "Discover It Credit Card (Bank)" }, - { "3BFF1300FF10000031C173C82110644930424E079000", "National Bank Debit Card with expiration date and cvv code (Bank)" }, - { "3BFF1300FF10000031C173C82110644932424E079000", "Interact, Visa Debit Bank of Novia Scotia (Bank)\nhttps://www.scotiabank.com/global/en/credit-card-terms-and-conditions.html" }, - { "3BFF1300FF10000031C173C82110644D30424E079000", "Debit payment card (Rabobank NL) (Bank)\nhttps://www.rabobank.nl/en/business/making-and-receiving-payments/payments/paying-with-your-bank-card" }, - { "3BFF1300FF10000031C173C82110644D30434E079000", "Huntington (Bank)" }, - { "3BFF1300FF10000031C173C82110645630424E079000", "Rabobank Netherlands VISA debit (Bank)" }, - { "3BFF1300FF10000031C173C82110645631424E079000", "Portuguese 'BancoCTT' Bank Card (Bank)\nhttps://www.bancoctt.pt/o-seu-dia-a-dia/cartao-de-credito-banco-ctt" }, - { "3BFF1300FF10000031C173C82110645631434E079000", "Chase Freedom Unlimited Credit Card (Bank)" }, - { "3BFF1300FF10808031E06B04310502AF555555555555", "USAA EMV Visa Debit Card (Bank)" }, - { "3BFF1300FF10808031E06B04546B0267555555555555", "Target RedCard debit card (Other)" }, - { "3BFF1300FF10808031E06B071405028A555555555555", "Tangerine Debit Card (Bank)\nhttps://www.tangerine.ca" }, - { "3BFF1300FF10808031E06B08240502B5555555555555", "Tangerine Canada Interac debit card (Bank)\nhttps://www.tangerine.ca/" }, - { "3BFF1300FF8031FE45534653452D43583332322D5601010165", "Portugal Santander Totta Universitarios 'Associacao Academica de Coimbra'" }, - { "3BFF1300FF8031FE45534653452D43583332322D5618020876", "SmartCafe Expert Java" }, - { "3BFF1300FF8031FE45534653452D43583332322D5618030877", "Giesecke & Devrient SmartCafe Expert 32K v2.0 #2" }, - { "3BFF1300FF8131FE45656311045002800008390004020502E9", "German 'Geldkarte' supplied by the Deutsche Bank in Karlsruhe,\nBaden-Wurttemberg, Germany." }, - { "3BFF1300FF8131FE45656311045002800008540004230502A5", "Maestrocard/Geldkarte (Stadtsparkasse Haltern, Germany)" }, - { "3BFF1300FF8131FE5D8025A00000005657444B33323005003F", "Datakey DCOS model 320" }, - { "3BFF1300FF910131FE210031C173C82110644D30434E07900094", "AirPlus MasterCard Commercial (Bank)\nhttps://www.airplus.com/us/en/products-solutions/products/corporate-cards/corporate-cards.html" }, - { "3BFF1300FF910131FE4141434F5320486F6C6C7931204C633665", "OEAMTC Visa Club Card (Bank)\nhttps://www.oeamtc.at/mitgliedschaft/leistungen/die-oeamtc-kreditkarte-31091443" }, - { "3BFF1300FF910131FE41455041000000010833995600000000AC", "Austrian Sparkasse ISIC debit card (Mastercard) (eID)\nhttps://isic.at/" }, - { "3BFF1300FF918131FE4141434F532046696F6E6131204C6336F4", "Deutsche Kreditbank Debit (Bank)" }, - { "3BFF1300FF918131FE4141434F53204769756C6961204C6336B5", "revolut debit visa (Bank)\nhttps://www.revolut.com/" }, - { "3BFF1300FF918131FE4541434F53204449616E6132204C6336DF", "Alior Bank MasterCard debit (Bank)\nComdirect (Deutsch Bank) debit VISA (AUSTRIACARD 56015/001) (Bank)" }, - { "3BFF1400FF8131FE458025A000000056575343363530010039", "SafeNet SC650 (PKI)\nhttp://www.safenet-inc.com/data-protection/authentication/smartcard-650/" }, - { "3BFF1400FF8131FE458025A000000056575343363530030239", "SafeNet SC650 v3.2 (PKI)\nhttp://www.safenetat.com/products-solutions/high-assurance-authentication/sc650/" }, - { "3BFF1400FF8131FE458025A00000005657534336353004003C", "SafeNet AT SC650 V4.0 02/2018 (PKI)\nhttps://www.safenetat.com/Solutions/Enterprise-Security/high-assurance-authentication/sc650/" }, - { "3BFF1800008131FE45006B04050100011101434E5310318069", "Sanitary Card of 'Friuli Venezia Giulia' region (Italian Republic)\nCarta Nazionale dei Servizi (Italia)\nhttp://cartaservizi.regione.fvg.it/" }, - { "3BFF1800008131FE45006B040501000112024850431031806C", "Carta del Professionista Sanitario - CNS - Provincia autonoma di Trento\nProfessional Health card, Autonomous Province of Trento" }, - { "3BFF1800008131FE45006B0405010001210143494510318048", "hybrid card for various health services and regional services (access to various organizations and digital signatures)" }, - { "3BFF1800008131FE45006B04050100012101434E5310318059", "CNS - Carta Nazionale dei Servizi (Italia)\nPA emittente: Regione Autonoma della Sardegna\nCarta del Servizio Sanitario Regionale - Emilia Romagna" }, - { "3BFF1800008131FE45006B05051017012101434E531031805E", "Regional Card - Regione Liguria, Veneto - Italy (eID)\nTessera Sanitaria - Carta Regionale dei Servizi" }, - { "3BFF1800008131FE45006B05052000012101434E5310318079", "health card (HealthCare)\nhttps://tscns.regione.sardegna.it/" }, - { "3BFF1800008131FE45006B0505200001F101434E53103180A9", "national health service card (HealthCare)\nhttps://ca.arubapec.it/downloads/MU_LINUX.zip" }, - { "3BFF1800008131FE45006B0505912001F101434E5310318038", "Italian Health Card (TS) and Citizen's Card (CNS) based on IDEMIA ID-One CNS v2 on Cosmo 9.1 (HealthCare)" }, - { "3BFF1800008131FE45006B11050700011101434E531131807B", "Italian National Fire Corps -special identification card (eID)" }, - { "3BFF1800008131FE45006B11050700012101434E531031804A", "Oberthur ID-One Cosmo V7-n it's a java card 2.2.2\nIzenpe Certificado Ciudadano (eID)\nhttps://www.izenpe.eus/informacion/certificado-ciudadano/s15-content/es/" }, - { "3BFF1800008131FE45006B150C0302010101434E5310318061", "Bit4id Digital-DNA Key (eID)" }, - { "3BFF1800008131FE4D8025A00000005657444B3430300600DD", "DataKey 400 (DK400)" }, - { "3BFF1800008131FE55006B02090403010101434E5310318065", "Italian Chambers of Commerce CNS (PKI)\nhttp://www.card.infocamere.it/infocard/pub/" }, - { "3BFF1800008131FE55006B0209040301010144534410318068", "ACA (Lawyer Identifier Card) (eID)" }, - { "3BFF1800008131FE55006B02090503010101434E5310318064", "Bit4id J-SIGN 2048 (L) (PKI)\nhttps://www.bit4id.com/en/j-sign/" }, - { "3BFF1800008131FE55006B02090603010101434E5310318067", "ST microelettronics JSign3 (HealthCare)" }, - { "3BFF1800008131FE55006B02090703010101434E5310318066", "Aruba digital signing card (eID)\nhttps://www.aruba.it" }, - { "3BFF1800008131FE55006B02091403010101434E5310318075", "Smart Card INFOCERT digital key CNS from CST PADOVA (eID)" }, - { "3BFF1800008131FE55006B02091613010101434E5310318067", "ANPR -- Ministero dell'Interno - Italia (PKI)" }, - { "3BFF1800008131FE55006B02091717010101434E5310318062", "Carta Nazionale dei Servizi (CNS) Centro Servizi Territoriali (CST) (PKI)\nhttp://cst.provincia.padova.it/category/faq/firma-digitale" }, - { "3BFF1800FF8031FE45534653452D43583332322D561803087C", "Giesecke & Devrient Sm@rtCafe Expert 2.0" }, - { "3BFF1800FF8031FE45536D4072744361666545787065727465", "Giesecke & Devrient SmartCafe 32K v1" }, - { "3BFF1800FF8131..456563............................", "Geldkarte (generic ATR)" }, - { "3BFF1800FF81313C4565630D02310250001090002600041009", "Maestrocard/Geldkarte (Postbank, Germany)" }, - { "3BFF1800FF81313C4565630D0231025000109001550004107B", "Volksbank VR-BankCard (GeldKarte)" }, - { "3BFF1800FF81313C4565630D02310250001090052900041003", "Geldkarte/HBCI(DDV-1) (Stadtsparkasse Vorpommern, Germany)" }, - { "3BFF1800FF81313C4565630D023102500010900788000410A0", "HBCI-Karte (Berliner Sparkasse, Germany)" }, - { "3BFF1800FF81313C4565630D023102500010901382000410BE", "Bremer Karte ('Geldkarte und BSAG-Kundenkarte in einem.')\nhttp://www.bsag.de/4911.php" }, - { "3BFF1800FF81313C4565630D0231025000109014060004103D", "Geldkarte/HBCI(DDV-1) (Staedtische Sparkasse Offenbach, Germany)" }, - { "3BFF1800FF81313C4565630D0231025000109014440004107F", "Geldkarte/HBCI (Kreissparkasse Ebersberg, Deutschland)" }, - { "3BFF1800FF81313C4565630D0231025000109055700004100A", "EC-Card from DKB (Deutsche Kreditbank AG)" }, - { "3BFF1800FF81313C4565630D02310280001224300020041059", "Geldkarte (Germany)" }, - { "3BFF1800FF813150456563............................", "GeldKarte v3 (Germany)" }, - { "3BFF1800FF8131FE4065631116710156000F1309D0A957111B", "Harzer Volksbank eG bank card (girocard, V-PAY, debit card, Germany / Giesecke & Devrient, DG Nexolution, 10/22) (Bank)\nhttps://www.harzer-volksbank.de/privatkunden/girokonto-kreditkarten/bankkarte-v-pay.html" }, - { "3BFF1800FF8131FE4165630608710156000FB81026204712CD", "Fyrst Bank Card (Bank)\nhttps://fyrst.de" }, - { "3BFF1800FF8131FE4165630608710156000FB85073204712D8", "Commerzbank maestro (Bank)\nhttps://www.commerzbank.de/konten-zahlungsverkehr/produkte/girokonten/kostenloses-girokonto/" }, - { "3BFF1800FF8131FE4165630608710156000FB8602AA0471231", "Debit card (Germany): Postbank - GeldKarte (EUR), girocard, V-PAY (Bank)\nhttps://www.postbank.de/" }, - { "3BFF1800FF8131FE4165630608710156000FB8C0442147127E", "Commerzbank Classic Kreditkarte Mastercard (Bank)\nhttps://www.commerzbank.de/konten-zahlungsverkehr/produkte/kreditkarten/classic-kreditkarte/" }, - { "3BFF1800FF8131FE4165630608710156000FB8D044A04712EF", "Debitcard (Bank)" }, - { "3BFF1800FF8131FE41656306087102500023B80080C04712B2", "1822direct Bank Card (Bank)\nhttps://www.1822direkt.de" }, - { "3BFF1800FF8131FE41656306087102500023B8907360471271", "Debit card (Germany): Deutsche Kreditbank (DKB), ec-cash, (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, - { "3BFF1800FF8131FE4165631116710156000F0308B09957115B", "Debit card Sparkasse (Germany) (Bank)" }, - { "3BFF1800FF8131FE4165631116710156000F0902904E5711AC", "German Bank Card IDEMIA 9 Maestro/Girocard (Sparkasse S-Payment TPY 1974693D) (Bank)" }, - { "3BFF1800FF8131FE4165631116710156000F0908309A5711D2", "Bank card from German Bank 'Sparkasse', issued by manufacturer 'S-Payment GmbH' (Bank)" }, - { "3BFF1800FF8131FE4165631116710156000F16082024571163", "German Sparkasse with visa (Bank)\nhttps://www.sparkasse.de/lp/echtesmultitalent.html#alle-funktionen" }, - { "3BFF1800FF8131FE450031C573C00180547615020105900074", "SIGILANCE NFC OpenPGP Smart Card (JavaCard)\nhttps://www.sigilance.com/" }, - { "3BFF1800FF8131FE455448434331305445434F4744484E3224", "National Health Insurance Card, Taiwan" }, - { "3BFF1800FF8131FE455448434331305445434F4744494E3126", "National Health Insurance Card, Taiwan" }, - { "3BFF1800FF8131FE4565630D0450028000089009700005002A", "Landesbank baden-Wurttemberg Geldkarte" }, - { "3BFF1800FF8131FE4565630D07630528000D90810600061558", "Geldkarte/HBCI (Frankfurter Sparkasse, Germany)" }, - { "3BFF1800FF8131FE4565630D07630764000D........0615..", "Giesecke & Devrient GmbH\nROM Mask=SDP2G330.E_1 (BES0), SWP2G370.E_1 (CS0)\nInit-Table=ecD6.3\nSignaturerstellungseinheit ZKA TUVIT.09397.TU.03.2005 Banking Signature Card, v6.31 NP, Type 3\nTUVIT.09397.TU.03.2005" }, - { "3BFF1800FF8131FE4565630D07630764000D9058450006158C", "Stadtsparkasse Munchen electronic cash card / Geldkarte" }, - { "3BFF1800FF8131FE4565630D07630764000D907307000615E5", "Sparkasse Acchen HBCI Geld Karte" }, - { "3BFF1800FF8131FE4565630D07630764000D907432000615D7", "German HBCI-Banking Card with 'Geldkarte' from the bank 'Sparkasse Marburg-Biedenkopf'" }, - { "3BFF1800FF8131FE4565630D07630764000D90926100061562", "Geldkarte (Frankfurter Sparkasse, Germany)" }, - { "3BFF1800FF8131FE4565630D08650764000D........0616..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.5\nInit-Table=SWP3G5J0.E_1 (CS0)\nSignaturerstellungseinheit ZKA Banking Signature Card, v6.51\nTUVIT.93129.TU.03.2006" }, - { "3BFF1800FF8131FE4565630D08650764000D9104900006160E", "German Railway's (Deutsche Bahn AG) 'Konzernausweis'" }, - { "3BFF1800FF8131FE4565630D0C760764000D9581200007300F", "Master Card Credit Card issued by WGZ bank (all german volksbank institutes use them)" }, - { "3BFF1800FF8131FE4565630D0C760764000D960361000730CF", "VR-Networld-Card with SECCOS-chip / Volksbank eG Konstanz\nfor Online-Banking (FinTS / HBCI-3.0 + EBICS; RD 01/12 NetWorld)" }, - { "3BFF1800FF8131FE456563110350028000082770020605018A", "old banking card (electronic-card / Maestro / Geldkarte) of the\n'Volksbank Gelderland eG' (around 2003)" }, - { "3BFF1800FF8131FE4565631105400250001055100303050043", "belongs to a banking card (electronic-card / Maestro / Geldkarte).\nthe bank calls it 'VR-BankCard'. the banks name is 'Volksbank\nGelderland eG' and is part of the 'Volksbanken und Raiffeisenbanken'\nhttp://www.vb-gelderland.de/html/5/2394/rubrik/1282.html" }, - { "3BFF1800FF8131FE45656311064002500010........0500..", "Gemplus-mids GmbH,\nROM Mask=ZKA 322 V5A,\nInit-Table=SWI1P070.E_0 (CS0),SDI1P080.E_1 (BES0),\nSignaturerstellungseinheit ZKASignaturkarte v5.02,\nTUVIT.09385.TU.09.2004" }, - { "3BFF1800FF8131FE4565631106400250001005500310050043", "HBCI-Karte (Bordesholmer Sparkasse, Germany)" }, - { "3BFF1800FF8131FE4565631106400250001019100420050028", "Stadtsparkasse Munchen HBCI card / Geldkarte" }, - { "3BFF1800FF8131FE4565631106400250001025600512050057", "Geldkarte/HBCI(DDV-1) (Stadtsparkasse Vorpommern, Germany)" }, - { "3BFF1800FF8131FE4565631106400250001027300216050006", "GeldKarte from Sparkasse bank" }, - { "3BFF1800FF8131FE4565631106400250001027800325050084", "Volksbank VR-BankCard (GeldKarte)" }, - { "3BFF1800FF8131FE456563110640025000102850011105006D", "HBCI Bancing Card of Sparkasse Pforzheim" }, - { "3BFF1800FF8131FE45656311066202800011........0613..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.2,\nInit-Table=SDI1G280.E_1 (BES0),\nSignaturerstellungseinheit ZKA Banking Signature Card, v6.2b NP & 6.2f NP, Type 3\nTUVIT.09395.TU.01.2005" }, - { "3BFF1800FF8131FE4565631106620280001106600304061387", "Geldkarte (Volksbank Offenburg, Germany)" }, - { "3BFF1800FF8131FE45656311066202800011165005170613B2", "FinTS (BBBank Karlsruhe, Germany)" }, - { "3BFF1800FF8131FE456563110662028000112090030906135C", "Geldkarte [ec, Maestro] (1822 direkt Frankfurter Sparkasse, Germany)" }, - { "3BFF1800FF8131FE45656311066202800011435001170613E3", "EC-Card of Sparkasse Pforzheim Calw" }, - { "3BFF1800FF8131FE45656311075102500010728000020620C6", "Maestro Card Deutsche Kredit Bank (DKB) / Germany" }, - { "3BFF1800FF8131FE45656311076402800011........0619..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.4\nInit-Table=SDI2G4G0.E_4 (BES0), SWI2G4H0.E_2 (CS0)\nSignaturerstellungseinheit ZKA 17.01.2006 Banking Signature Card, v6.4\nTUVIT.93123.TU.01.2006" }, - { "3BFF1800FF8131FE45656311084302500010........0530..", "Gemalto\nROM Mask=ZKA 680 V5A\nInit-Table=SSI3P3M6E_1 (MS0)\nMassen-Signaturerstellungseinheit ZKA Banking Signature Card, Version 5.11M\nTUVIT.93148.TU.06.2007" }, - { "3BFF1800FF8131FE4565631108430250001046500108053027", "HBCI-Karte (Sparkasse Altmark-West, Salzwedel, Germany)" }, - { "3BFF1800FF8131FE45656311084302500010847001040530C9", "HBCI Card (1822 direkt Frankfurter Sparkasse, Germany) Geldkarte [ec, Maestro]" }, - { "3BFF1800FF8131FE45656311086602800011........0620..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.6\nInit-Table=SDI3G6G0.E_3 (BES0), SSI3G6M0.E_2 (S0), SWI3G6H0.E_3 (CS0)\nSignaturerstellungseinheit ZKA Banking Signature Card, Version 6.6\nTUVIT.93130.TU.05.2006 - 2. Nachbestatigung" }, - { "3BFF1800FF8131FE45656311086602800011405003180620D4", "banking card (electronic-card / Maestro / Geldkarte). the bank+calls\nit 'S-Card' or 'Sparkassen-Card'. the banks name is 'Stadtsparkasse\nDuesseldorf' and is part of the 'Sparkassen-Finanzgruppe' (a finance\ngroup, network of local banks)." }, - { "3BFF1800FF8131FE4565631108660280001156000318062092", "Geldkarte [ec, Maestro] (Sparkasse Langen-Seligenstadt, Germany)" }, - { "3BFF1800FF8131FE4565631901500280000F........0512..", "SAGEM ORGA GmbH\nROM Mask=SecV1.5.3\nInit-Table=SDR0O1G0.A_B (BES0), SWR0O1H0.A_5 (CS0)\nSignaturerstellungseinheit ZKA SECCOS Sig v1.5.3\nBSI.02076.TE.12.2006" }, - { "3BFF1800FF8131FE4565631A01410250001052090567051021", "Maestro/Geldkarte (BBBank Karlsruhe, Germany)" }, - { "3BFF1800FF8131FE55006B02090200010101434E531031809F", "Carta Nazionale dei Servizi - InfoCamere" }, - { "3BFF1800FF8131FE55006B0209020001010144534410318092", "Postcom S.P.A. (digital certificate)" }, - { "3BFF1800FF8131FE55006B02090200011101434E531031808F", "Carta Regionale dei Servizi - Regione Lombardia" }, - { "3BFF1800FF8131FE55006B02090200011101434E531131808E", "Infocamere CNS" }, - { "3BFF1800FF8131FE55006B02090300011101434E531131808F", "Card description: Multiservice Card - CMCC - Arma Carabinieri (Carta Multiservizi)" }, - { "3BFF1800FF8131FE55006B02090303010101434E531031809D", "Aruba CNS for Regione Toscana (IT)\nhttp://www.regione.toscana.it\nAruba CNS for Infocamere (the Chambers of Commerce)" }, - { "3BFF1800FF8131FE55006B0209030301010144534410318090", "Postecert (www.postecert.it) to legally sign documents" }, - { "3BFF1800FF8131FE55006B02090303011101434E531131808C", "Infocert 1205* smart card\nUniversita' Degli Studi di Torino (Infocert)" }, - { "3BFF1800FF8131FE55006B0209040301010144534410318097", "J-Sign (STMicroelectronics S.r.l. - Incard Division) (JavaCard)" }, - { "3BFF1800FF8131FE55006B02091300024954494420203180D3", "electronic identity card (PKI)" }, - { "3BFF1800FF8131FE55006B02091301011101434E531131809E", "Service card of the Ministry of Defense of Italy" }, - { "3BFF1800FF8131FE55006B0209130301000150534510318094", "Italian Electronic ID Card (eID)\nhttp://www.interno.gov.it/mininterno/site/it/temi/servizi_demografici/scheda_006.html" }, - { "3BFF1800FF8131FE55006B02091303010101434E531031808D", "Aruba Digital Signature (Other)\nhttps://www.pec.it/offerta-firma-digitale.aspx" }, - { "3BFF1800FF8131FE55006B02091303011101434E531131809C", "Politecnico di Torino Student Card (eID)\nhttp://www.polito.it/" }, - { "3BFF1800FF8131FE55006B02091617011101434E531131808D", "Carta Regionale dei Servizi - Regione Autonoma Friuli Venezia Giulia (HealthCare)\nhttps://www.regione.fvg.it/rafvg/cms/RAFVG/GEN/carta-regionale-servizi/" }, - { "3BFF1800FF8131FE55006B02091717011101434E531131808C", "european health insurance card and Regional (ItalY - Provincia Autonoma di Trento) Service Card (CPS) (eID)\nhttps://www.provincia.tn.it/Servizi/Attivare-la-Carta-Provinciale-dei-Servizi-CPS#cos_e" }, - { "3BFF1800FF8131FE55006B42495434494420312E3000900091", "Touch&Sign 2048 (PKI)" }, - { "3BFF1800FF8131FE55006B42495434494420322E3000900092", "Izenpe Green Card (Citizen Certificate) (eID)\nhttp://www.izenpe.com/s15-12020/en/contenidos/informacion/ciudadano/en_def/index.shtml" }, - { "3BFF1800FFC10A31FE55006B0508C805011101434E531031800C", "Carta Regionale dei Servizi - Regione Lombardia" }, - { "3BFF1800FFC10A31FE55006B0508C809011101434E5310318000", "Carta regionale dei servizi - Regione Sicilia\nhttp://www.regione.sicilia.it/crs/index.asp" }, - { "3BFF1800FFC10A31FE55006B0508C80A011101434E5310318003", "Carta Regionale dei Servizi - Regione Lombardia" }, - { "3BFF1800FFC10A31FE55006B0508C80C011101434E5310318005", "Healthcare card (TS-CNS) - Provincia Autonoma di Trento\nUnified Healthcare card (TS-CNS) - Repubblica Italiana" }, - { "3BFF32000010808031E05B4742500000000000000255", "UK NatWest BT PayToView Mondex" }, - { "3BFF6700008131FE45FF43727970746E6F784649444F32305F", "Fast Identification Online card (FIDO2) from Cryptnox manufacturer (Other)\nhttps://www.cryptnox.ch" }, - { "3BFF9100FF918171FC40000A654B5450304432654B5450043D5B62", "Indonesian eID (eID)" }, - { "3BFF94000000434D425F55425369676E3030303215", "UBS Access Card used for online banking with UBS in Switzerland.\nIt resides in a calculator like token, that is used for a challenge\nresponse when logging in." }, - { "3BFF940000400A80310073122113574A330E01314100", "O2 Loop SIM card" }, - { "3BFF940000400A80310073122113574A330E02314100", "GSM-SIM Beeline RU (Telecommunication)\nhttp://beeline.ru" }, - { "3BFF940000400A80310073122113574A330E02324100", "Turkcell SIMPlus64 / Turkey" }, - { "3BFF940000400A80310073122113574A330E10314100", "GSM SIM MEDIONmobile (MVNO) the Netherlands (Telecommunication)" }, - { "3BFF940000801F478031E073FE210000000000830F900052", "Telecommunication SIM (Telecommunication)" }, - { "3BFF9400008131804380318065B0850201F3120FFF82900079", "Serbian Identity Card (eID)\nJava Card (Sealys MultiApp ID v2.1) supporting Global Platform 2.1.1" }, - { "3BFF9400008131FE4380318065B0846160FB120FFD8290000E", "IDPrime 930 FIPS Level 3 (T=1 CT=94) (BAI4) (PKI)" }, - { "3BFF9400008131FE4380318065B085040011120FFF829000E2", "DPI Card ID Guatemala Version 2018 (eID) (eID)\nhttps://www.renap.gob.gt" }, - { "3BFF940000C00AB1FE491F438031E073F62113573436434132302068", "Sonera UICC (Telecommunication)" }, - { "3BFF9400FF400A80310073122113574A332009314100", "Globul GSM operator card (Bulgaria) (Telecommunication)" }, - { "3BFF9400FF80B1FE451F030068D276000028FE052231800090001E", "Alice Business card (to be used in the modem supplied by an Italian provider)" }, - { "3BFF9400FF80B1FE451F030068D276000028FF051E318000900023", "D-Trust Signature Card (www.d-trust.net):\n- Citizencard of the People of Ulm in Germany (Burgerkarte)\n- Qualified Electronic Signature Card (Qualifizierte Signaturkarte)" }, - { "3BFF9400FFC00A1F438031E073362113574A43491C3130321C", "Giesecke & Devrient - UniverSIM Pegasus" }, - { "3BFF9400FFC00A1F478031E073F62113574A33200B314141D4", "SIM (Telecommunication)" }, - { "3BFF950000400A80310073122113574A330E10314100", "Verizon GSM SIM (Telecommunication)" }, - { "3BFF9500008031FE4380318067B0850201F3A3018301900045", "Swedish digital tachograph driver smart card (Other)\nhttps://www.transportstyrelsen.se/sv/vagtrafik/Yrkestrafik/Kor--och-vilotider/Fardskrivare/ansokan-om-forarkort/" }, - { "3BFF9500008031FE4380318067B0850201F3A3048301900040", "Company Card for authentication in tachograph applications (Other)\nhttps://ec.europa.eu/transport/modes/road/social_provisions/tachograph/tachonet_en" }, - { "3BFF9500008031FE4380318067B0850201F3A3138301900057", "Driver's Card (Tachograf card) issued by pwpw Poland (Transport)\nhttps://www.pwpw.pl/en/Products/Cards/Cards.html" }, - { "3BFF9500008031FE4380318067B0850201F3A3138301F83BFF", "UK Drivers Tachograph Card (Transport)" }, - { "3BFF950000C00A1F438031E073362113574A330E0231410088", "'BASE' SIM card; BASE is a german mobile phone operator, which is a brand of E-Plus, Germany." }, - { "3BFF95000150801C444E41535034323020526576533430", "Nagra card Canal+ (Polish TV provider) (Pay TV)\nhttps://pl.canalplus.com/" }, - { "3BFF95000150801C444E41535034323020526576533430F1", "NC+ Polland (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, - { "3BFF95000150801C444E41535034323020526576533430F15D", "NC+ Polland (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, - { "3BFF95000150801C444E41535034323020526576533441", "Platforma Canal+ Polska, cayman card (Pay TV)\nhttps://www.flysat.com/canalplus-pl.php" }, - { "3BFF9500FF400A803100731A2113574A504860314147", "Vodafone 64 KB SIM with Javacard" }, - { "3BFF9500FF400A8031E873F62113674A474860314200", "Giesecke & Devrient STARSIM" }, - { "3BFF9500FF50801C444E41535034303020526576493431", "Pay TV card nc+ polish (seca with merlin layer) (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, - { "3BFF9500FF50801C444E41535034303020526576493435", "Decoder card for VOO TV distributer in Belgium (Pay TV)" }, - { "3BFF9500FF50801C444E41535034303020526576493439", "Big TV India (Pay TV)\nhttps://www.lyngsat.com/packages/Big-TV.html" }, - { "3BFF9500FF50801C444E41535034303020526576493441", "Pay TV - NC+ in Poland (Pay TV)\nhttp://ncplus.pl/" }, - { "3BFF9500FF50801C444E41535034303020526576493447", "Platforma Canal+ Polska, cameleon card (Pay TV)\nhttps://www.flysat.com/canalplus-pl.php" }, - { "3BFF9500FF50801C444E4153503430302052657649344A", "Sat Tv (Nagra) (Pay TV)" }, - { "3BFF9500FF50801C444E41535034303020526576493548", "Canal+ France Nagra3 (Pay TV)\nhttps://www.canalplus.com/" }, - { "3BFF9500FF50801C444E41535034383220526576523038", "CANALSAT, mediaguard key (Pay TV)" }, - { "3BFF9500FFC00A1F438031E073362113574A3320073341411F", "Swisscom 3G SIM card" }, - { "3BFF9500FFC00A1F438031E073F62113574A334857314141E5", "MTNL 3G USIM (India)" }, - { "3BFF9500FFC00A1F438031E073F62113574A334861324147D6", "GSM SIM (issued by e-plus, Germany)" }, - { "3BFF9500FFC00A1F438031E073F62113574A554860324100F6", "GSM SIM from O2 Germany (UMTS ready) from 2005" }, - { "3BFF9500FFC00A1F478031E073F62113574A33200B314141D5", "Telenor SIM card (Norway)" }, - { "3BFF9600008031FE45536D40727443616665204578702E374E", "haruka (eID)" }, - { "3BFF9600008131804380318065B0850300EF12026C829000F9", "Authorization Card (eID)" }, - { "3BFF9600008131804380318065B0850300EF120FFF82900067", "Greek Academic ID (eID)\nhttp://academicid.minedu.gov.gr/" }, - { "3BFF9600008131804380318065B0850300EF12FFFE82900096", "Gematlo IDCore 8030 (JavaCard)" }, - { "3BFF9600008131804380318065B08503010F120FFF82900086", "Azerbaijan Republic National Identity Card (eID) (eID)\nhttps://www.mia.gov.az/" }, - { "3BFF9600008131804380318068B0850300EF780100829000F1", "Cameroon National Identity Card (eID)" }, - { "3BFF9600008131FE4380318065B0845651101201788290006A", "SafeNet eToken 5300 (PKI)" }, - { "3BFF9600008131FE4380318065B08456511012021082900001", "Nedap NexS N:Secure (eID)\nhttps://www.nsecure.nl/nl/" }, - { "3BFF9600008131FE4380318065B0846160FB120FFD8290000C", "IDPrime 930 FIPS Level 2 (T=1 CT=96) (BAI3.1) (PKI)" }, - { "3BFF9600008131FE4380318065B0846566FB12017882900085", "eToken 5110+ FIPS 140-2 Level 2 (JavaCard)" }, - { "3BFF9600008131FE4380318065B0846566FB120FFC8290000F", "SmartID 3930 FIDO Contact and Contactless card (PKI)\nhttps://www.smartcardfocus.com/shop/ilp/id~962/safenet-idprime-3930-fido-dual-interface-fips-l2/p/index.shtml" }, - { "3BFF9600008131FE4380318065B0846669FB12FFFE829000F1", "IDCore3230 build 6.8, test APDU applet (JavaCard)" }, - { "3BFF9600008131FE4380318065B085040011120FFF829000E0", "Pakistan National identity card (eID)" }, - { "3BFF9600008131FE4380318065B085040120120FFF829000D0", "Portuguese National Identity Card (eID) (eID)\nhttps://www.autenticacao.gov.pt/o-cartao-de-cidadao" }, - { "3BFF9600008131FE4380318065B085050011120FFF829000E1", "Portuguese autentication card (eID)\nhttps://www.autenticacao.gov.pt/web/guest/cc-aplicacao" }, - { "3BFF9600008131FE4380318065B08505003912017882900040", "Identicard for french advocates (eID)\nhttps://doc.ubuntu-fr.org/avocats_sur_ubuntu" }, - { "3BFF9600008131FE4380318065B0855956FB12017882900088", "SafeNet 5110 token for eSignature (eID)\nhttps://www.certsign.ro/en/support/safenet-installing-the-device-on-windows/" }, - { "3BFF9600008131FE4380318065B0855956FB120FFC82900002", "THALES SafeNet IDPrime 3940 Fido (PKI)\nhttps://cpl.thalesgroup.com/fr/resources/access-management/idprime-3940-product-brief" }, - { "3BFF9600008131FE4380318065B0855956FB120FFE82900000", "SafeNet eToken 5110 SC (PKI)\nhttps://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token" }, - { "3BFF9600008131FE4580F9A0000003080000100053454E54AC", "cac (eID)" }, - { "3BFF9600008131FE55006B02090403010101434E53103180EB", "Aruba PEC SpA digital signature card made by Incard (eID)\nhttps://www.pec.it/download-software-driver.aspx" }, - { "3BFF960000C00A31FE4380318065B085040011120FFF829000AB", "French National Identity Card (eID) (eID)\nhttps://www.interieur.gouv.fr/actualites/actu-du-ministere/nouvelle-carte-nationale-didentite" }, - { "3BFF9600FF8131FE406563111562025000100A0190A90730BF", "girocard Sparkasse Ansbach, Germany BLZ 76550000 (Bank)" }, - { "3BFF9600FF8131FE406563111562025000100A0271500730A4", "Debitcard Sparkasse Duesseldorf (Bank) (Bank)\nhttps://www.sskduesseldorf.de/" }, - { "3BFF9600FF8131FE406563111665025000100B22BBEB074080", "girocard contactless (Bank)" }, - { "3BFF9600FF8131FE4065631D02840156001F190850E10200EF", "Raiffeiesenbank Girocard Maestro (Bank)" }, - { "3BFF9600FF8131FE4065631D02840156001F2108B0A902007F", "Debit Card Sparda-Bank Baden-Wurttemberg eG (Bank)" }, - { "3BFF9600FF8131FE4065631D028401560024090A10CC0200AB", "Postbank Germany (Bank)\nhttps://www.postbank.de/privatkunden/services.html" }, - { "3BFF9600FF8131FE4065631D028402500023010A60D40200C9", "DKB Girocard (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, - { "3BFF9600FF8131FE4065631D0284025000230308C0B702000A", "German Debitcard from Sparkasse (Bank)" }, - { "3BFF9600FF8131FE4065631D0284025000230709E0F9020061", "Sparkasse Ingolstadt (Bank)" }, - { "3BFF9600FF8131FE4065631D0284025000231208A0EB020027", "Girocard (Bank)" }, - { "3BFF9600FF8131FE4065631D028402500023140710B80200CD", "Sparkasse Aachen - german Maestro/Girocard (S-Payment TGI 50380969) (Bank)" }, - { "3BFF9600FF8131FE4065631D028402500023150860DC0200D7", "Deutsche Kreditbank AG, Girocard (Bank)\nhttps://www.dkb.de" }, - { "3BFF9600FF8131FE4065631D028402500023160BB0C102001A", "debit card (Bank)" }, - { "3BFF9600FF8131FE4065631D0284025000232106F0ED02004C", "DKB Girocard (Bank)" }, - { "3BFF9600FF8131FE4065631D028402500023230900A80200F4", "Kreissparkasse girocard (Bank)" }, - { "3BFF9600FF8131FE4065631D038601560002130B90FE011034", "EC card from Raiffeisenbank im Hochtaunus, Germany (Bank)" }, - { "3BFF9600FF8131FE4065631D0386025000230808914F0110B8", "Debit card (Germany): ec-cash, GeldKarte(EUR), Visa, Cirrus (Bank)" }, - { "3BFF9600FF8131FE4065631D038602500023130981390110C4", "girocard contactless (Bank)" }, - { "3BFF9600FF8131FE456563060752025000103025411A064082", "DKB (Deutsche Kreditbank) girocard (V-PAY, GeldKarte) (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, - { "3BFF9600FF8131FE4565630D09710764000D00035450070181", "Commerzbank ServiceCard / Maestro / GeldKarte / Cirrus / girocard / CashGroup / electronic cash" }, - { "3BFF9600FF8131FE4565631901500280000F002B0046501172", "Sparkasse Bremen Germany HBCI DDV" }, - { "3BFF9600FF8131FE4565631901500280000F002F0025501115", "German Postbank Giro card with electronic cash, Maestro, GeldKarte features" }, - { "3BFF9600FF8131FE4D8031E06B0431050277555555555555EA", "IRMA card (eID)\nhttp://irmacard.org" }, - { "3BFF9600FF8131FE55006B02090403010101434E5310318014", "JavaCard Bit4Id (JavaCard)" }, - { "3BFF9600FF918131FE4D8031E06B043105027555555555555579", "algeria national identity card (eID)" }, - { "3BFF9600FFC00A1F438031E073362113574A43491C3130321E", "Giesecke & Devrient - UniverSIM Pegasus" }, - { "3BFF9600FFC00A31FE4D8031E06B04200502585555555555559F", "MULTOS (Other)" }, - { "3BFF9600FFC00A31FE4D8031E06B04310502A85555555555557E", "Multos (Other)" }, - { "3BFF9700008131FE4380318065B0846160FB120FFD8290000D", "IDPrime 3930 FIPS Level 3 (T=1 CT=97) (BAI6) (PKI)" }, - { "3BFF9700008131FE4380318065B08466693912FFFE82900032", "IDCore3230 build 6.8, test APDU applet (JavaCard)" }, - { "3BFF9700FFC00A31FE4D8031E06B04520502BB5555555555550F", "MULTOS Dual Interface Card - MC4-P23-S1 (Other)" }, - { "3F05DC20FC0001", "DigiCash Facility Card" }, - { "3F28000011140003689000", "SIMEMU - a DIY GSM SIM card\nhttp://simemu.cjb.net/" }, - { "3F2D0027A051827D00000052000C9000", "Porta Moedas Multibanco (Portugeese electronic purse)" }, - { "3F2F0036AF690204018000000A0E833E9F16", "SIM Card GSM (Telecommunication)" }, - { "3F2F008059AF0201013000000A0E83069F12", "Gemplus GemXplore" }, - { "3F2F008059AF02010230000C0A0E831E9F16", "GSM-SIM (900MHz) card of the carrier 'Mannesmann Mobilfunk' for\ntheir network 'D2-Privat' - now known as Vodafone Mobilfunk\nhttp://www.vodafone.de/" }, - { "3F2F008069AE0202013600000A0E833E9F16", "GSM-SIM e-plus (1800MHz)" }, - { "3F2F008069AF0204013600000A0E833E9F16", "Telia Mobitel GSM (Telecommunication)" }, - { "3F2F008069AF0204013600020A0E833E9F16", "GSM-SIM D2 CallYa (900MHz)" }, - { "3F2F008069AF0307015900000A0E833E9F16", "Nokia SIM Ph2 16K Ver2.0" }, - { "3F2F008069AF0307015900130A0E833E9F16", "Old Spanish Telefonica Movistar GSM SIM card manufactured by Gemplus" }, - { "3F2F008069AF0307015900240A0E833E9F16", "dialog romania now orange (Telecommunication)\nhttps://orange.ro" }, - { "3F2F008069AF0307035200000A0E833E9F16", "GemXplore 98 V1 16K" }, - { "3F2F008069AF03070352000D0A0E833E9F16", "GSM-SIM Debitel D2 (900MHz)" }, - { "3F2F008069AF0307035A00150A0E833E9F16", "Virgin Mobile SIM (Gemplus)" }, - { "3F36110053495B015153", "Sodexo Pass Lunch Card. An employee benefits card to provide meal tickets to workers. (Other)\nhttps://www.sodexo-benefits.it/prodotto/aziende/pausa-pranzo-aziende/pass-lunch-card/#tabsoluzioni" }, - { "3F3BF81300008131FE454A434F5076", "District6 Group employee ID (eID)" }, - { "3F3D1100806728500402200000838E9000", "GSM SIM card of the Austrian provider A1" }, - { "3F3E110046524543434941524F5353419000", "Trenitalia (Italy) fidelity card 'CartaFreccia' (Smartcard)" }, - { "3F3F94008069AF0307015900000A0E833E9F16", "Finnish SIM card from 'Radiolinja' now 'Elisa'" }, - { "3F6525....046C90.0", "Carte Bancaire (French banking card)" }, - { "3F65250024096B9000", "Old Postgirot/Plusgirot SmartSec bank ID card (Bank)" }, - { "3F65250024096E9000", "Oberthur Bull CP8 smart card. Russian 'Pochtovyj Bank' (Bank)" }, - { "3F6525002B09629000", "Coinamatic SmartyCity smartcard" }, - { "3F6525002B09699000", "Municipal parking meter card for the City of St. John's, NL, Canada.\nhttp://www.stjohns.ca/index.jsp" }, - { "3F6525002B09EB9000", "Bull Scot 5" }, - { "3F6525002[2C]09[F6]99000", "Sesam Vitale (French health card)" }, - { "3F65250052096A9000", "French carte Vitale" }, - { "3F6525005343689000", "'Flying Cow'- russian pirate CAM-card. (Pay TV)\nhttp://mxc.do.am/publ/collection/viewing_card_smart_karty_sputnikovogo_veshhanija/flying_cow_smart_card/13-1-0-25" }, - { "3F652500A[34]096A9000", "Sesam Vitale (French health card)" }, - { "3F6525082204689000", "France Telecom card (ex Pastel card)" }, - { "3F6525082304689000", "France Telecom card" }, - { "3F6525083304209000", "D-Trust card" }, - { "3F65250843046C9000", "CB visa La Poste France (Oberthur)\nCB visa Societe Generale France (Oberthur)" }, - { "3F65250863046C9000", "CB visa La Poste France (Oberthur)\nCB Master Carte du Credit Mutuel" }, - { "3F65250865046C9000", "CB visa Boursorama France (Axalto)" }, - { "3F6535100.04[6,E]C9000", "Postcard (Switzerland)" }, - { "3F6535100104EC9000", "Old Swiss Postbank card (Bank)" }, - { "3F6535640104689040", "Bull AFNOR-positioned microprocessor chip card 'Carte Pastel Internationale' by France Telecom (Other)\nhttp://phonecards.free.fr/carte_pastel.htm" }, - { "3F6535640204689040", "Carte Pastel Nationale - nominal France Telecom service card with Bull CP8 chip in AFNOR position (Other)" }, - { "3F65356402046C9040", "Postcard (Switzerland)" }, - { "3F6725002120000F689000", "Smart Builder 'your kit for PC/SC applications' and Bull\nhttp://www.cp8.bull.net/" }, - { "3F6725002120000F789000", "Bank Nederlandse Gemeenten, BNG Data Services" }, - { "3F67250026140020689000", "Pay-TV card from Casema Cable Television, Netherland" }, - { "3F6725002A20000F689000", "Carte Grand Voyageur (SNCF: French train company)" }, - { "3F6725002A200040689F00", "Swiss Cash card\nChipknip SNS Bank (banking card)" }, - { "3F6725002A200041689000", "ChipKnip" }, - { "3F6725002A20004[01]689000", "Dutch ChipKnip, Proton\n(chip Bull CC 60 V1, Bull CC 60 V2 or Bull CC 1000)" }, - { "3F67250421200007689000", "Philips TB100 (C-MOS chip)" }, - { "3F672F0011140001689000", "FilmNet(Sweden, 1984-1997) (Pay TV)" }, - { "3F672F0011140003689000", "D2MAC/Eurocrypt (Pay TV)" }, - { "3F672F0411200000689000", "BULL HN ITALIA 06/92 - 100.000 - 64MP\nLa Sapienza - Universita' di Roma" }, - { "3F69000024AF01700101FF9000", "French GSM SIM card (900MHz)" }, - { "3F69000025AF01700103FF9000", "French Gift Card (Loyalty)" }, - { "3F6A000000640150010C820101A9", "Credit Card cafe Selecta" }, - { "3F6B150002A007906F4D59000C9000", "Sky Viewing Card (Gen 1) from 1990s (Pay TV)" }, - { "3F6C000024A03000FF00000100049000", "Gemplus MCOS 16K DES Sample Card" }, - { "3F6C000025A0308976000001030C9000", "MCOS 24Ko Gemplus (eID)" }, - { "3F6C000025A0308976000004010C9000", "MCOS 24k EEPROM" }, - { "3F6C000025A03100FF00000180049000", "Motorola Clone Card (Telecommunication)\nhttp://web.mclink.it/MK0750/Motorola_files/docuclon.txt" }, - { "3F6C00003CA0309E6100000100049000", "Gemplus - British Gas - Gascard" }, - { "3F6C00003CA030A758000001018C9000", "Rendezvous Series 7 (D2-Mac satellite TV card)" }, - { "3F6C00003DA030BE4100370100049000", "Sberbank (Bank)" }, - { "3F6D000080318065B00501025E83009000", "Gemplus GemXpresso 211PK or 211PK-IS" }, - { "3F6D000080318065B00501025E92009000", "Gemplus GemXpresso 32K" }, - { "3F7613250421B0114A5003", "DSS/DTV F (P1; first generation access card) (Pay TV)" }, - { "3F77130000C11400A2689000", "Boxer DTV Sweden (Pay TV)\nhttp://www.boxer.se" }, - { "3F77180000C11400A2689000", "Viacess card HRT (Hrvatska Radio Televizija)" }, - { "3F77180000C11401A2689000", "VIA 2.6 XXX (Pay TV)" }, - { "3F77180000C21400C1689000", "Viaccess Sexview" }, - { "3F77180000C2474000689000", "Viacces card: SRG SSR idee suisse" }, - { "3F77180000C27A4102689000", "Viacces card: SRG SSR idee suisse" }, - { "3F77180000C27A4202689000", "SCT (Via Access)" }, - { "3F77180000C27A4302689000", "DORCEL (Via Access)" }, - { "3F77180000C27A4402689000", "XXX Redlight_HD (Viaccess)" }, - { "3F77180000C2EB41026C9000", "Elite HD10+ (Pay TV)\nSatellite cryptoworks card - Smart card Viaccess (Telesat - belgium) (Pay TV)" }, - { "3F77180000C2EB45026C9000", "facetv (Other)" }, - { "3F77180000D38A4001649000", "Skylink Viaccess 5.0 (Pay TV)\nhttp://www.skylink.sk/" }, - { "3F77180000D38A4201649000", "Satellite decoder card for TV Vlaanderen (Other)\nhttps://www.tv-vlaanderen.be" }, - { "3F77180000DAAC4114649000", "Fransat PC7 (Pay TV)\nhttps://www.fransat.fr/" }, - { "3F7718250029140062689000", "Viaccess card" }, - { "3F7812250140B0034A50204855", "DSS/DTV H" }, - { "3F7813250340B020FFFF4A5000", "DSS/DTV P4" }, - { "3F7D11250241B00369FF4A50F08000565403", "Viasat Baltics Videoguard card (Pay TV)" }, - { "3F7E11250521B01200004D59000000534B0900", "Sky Viewing Card (Gen 9) (Pay TV)" }, - { "3F7E11250540B00800004D59000000534B0B07", "BSkyB Series 11 (DSS satellite TV card)" }, - { "3F7E11250540B00800004D59000000534B0B08", "Sky Series 11 (DSS satellite TV card)" }, - { "3F7E11250940B00100004D59000003534B0A01", "Sky Series 10 (DSS satellite TV card)" }, - { "3F7F11250333B00969FF4A507000005654010000", "Viasat Baltic (satellite card, NDS)" }, - { "3F7F11250540B00F69FF4D59000000534B0C0600", "Sky Series 12 (DSS satellite TV card)" }, - { "3F7F13250140B01069FF4A5001474C0000000000", "NDS Smartcard (Pay TV)" }, - { "3F7F13250240B00C69FF4A50C000005253000000", "Stream Italy NDS 1 (Pay TV)" }, - { "3F7F13250240B01269FF4A5090474C0000000000", "NDS VideoGuard GL23 Card (Sky Brazil) (Pay TV)\nhttps://en.wikipedia.org/wiki/VideoGuard" }, - { "3F7F13250240B01269FF4A509054560000000000", "NDS Smartcard (Pay TV)" }, - { "3F7F13250241B004FFFF4A508080000000475806", "NDS card DIRECTV (Other)" }, - { "3F7F13250241B00EFFFF4A508080000000474C07", "SKY BRASIL (Pay TV)" }, - { "3F7F13250333B00669FF4A50D000005359000000", "Sky 2005/6 (DSS satellite TV card)" }, - { "3F7F13250333B01169FF4A505000004956010000", "Indonesia Videoguard 2 card" }, - { "3F7F13250333B01169FF4A505000005344010000", "STAR TV (Pay TV)" }, - { "3F7F13250338B004FFFF4A500000294855......", "DSS/DTV HU" }, - { "3F7F13250340B00B694C4A50C000005359000000", "Sky Digital (DSS satellite TV card)" }, - { "3F7F13250540B01169FF4A500000004754000C00", "YES DBS Israel Videoguard 090C,090D" }, - { "3F7F15250333B01169FF4A505000004956010000", "Sky Germany V13 Smartcard (Pay TV)" }, - { "3F961880018051006110309F", "Atmel/Athena T0 Inverse Convention PC/SC Compliance Test Card No. 2" }, - { "3FEF00FF8131..456563", "Debit card (Germany): ec-cash, GeldKarte(DEM), Maestro, Cirrus" }, - { "3FFA1125040001B00200004D59008180", "Sky Viewing Card (Gen 1) from 1990s (Pay TV)" }, - { "3FFA1125050001B0023B364D59028090", "HackTV SKY11 PIC16F84 card (Other)\nhttps://github.com/captainjack64/hacktv" }, - { "3FFA1125050001B0023B404D59008180", "Sky Viewing Card (Gen 7) (Pay TV)" }, - { "3FFA1125050001B0023BD04D59008180", "Sky Viewing Card (Gen 7) (Pay TV)" }, - { "3FFD11250250000333B01569FF4A50F080034B4C03", "Kabel Deutschland G02 (Pay TV)" }, - { "3FFD11250250800F41B00A69FF4A507080005A4503", "Buypass smart card (Bank)\nhttps://www.buypass.no/bruker/buypass-id/buypass-smartkort" }, - { "3FFD11250250800F41B00D69FF4A50F08000565403", "Viasat (Pay TV)" }, - { "3FFD11250250800F41B00F69FF4A50F080005A4A03", "Telekom Romania Communications (DVB-C) (Pay TV)\nhttps://www.telekom.ro/" }, - { "3FFD13250250000F33B00F69FF4A50D00000535902", "Sky Digital (DSS satellite TV card) 2009 issue" }, - { "3FFD13250250000F33B01669FF4A50D08000535903", "Sky TV Multiroom (Pay TV)" }, - { "3FFD13250250800F..B0..69FF4A50D08000495403", "Sky (Italy) VideoGuard CAM card" }, - { "3FFD13250250800F33B008FFFF4A50900000474C01", "Sky (Brasil) VideoGuard CAM card" }, - { "3FFD13250250800F33B008FFFF4A50900000545601", "NDS Videoguard TV CAM card (Sky Mexico 0905) (Pay TV)\nhttps://en.wikipedia.org/wiki/VideoGuard" }, - { "3FFD13250250800F41B00A69FF4A50F00000503103", "Sky Germany V14 NDS card (Pay TV)\nhttp://www.wikipedia.org/wiki/Sky_Deutschland" }, - { "3FFD13250250800F41B00F69FF4A50F080005A4A03", "Orange Romania (DVB-C) (Pay TV)\nhttps://www.orange.ro/" }, - { "3FFD13250250800F55B00269FF4A50F08000503103", "SKY DE V15 (Pay TV)" }, - { "3FFD14250150000F33B00BFFFF4A50800000475801", "DirecTV card" }, - { "3FFD14250250800F41B00A69FF4A507080004E5A03", "Sky Network Televisiton Limited (New Zealand) card for new (2016) decoder. Reportedly, this is a Kaon NS1120-500 box. (Pay TV)\nhttp://www.sky.co.nz" }, - { "3FFD14250250800F41B00D69FF4A50F08000425203", "Airtel Digital TV (Pay TV)" }, - { "3FFD15250250000333B01569FF4A50F080034B4C03", "Kabel Deutschland (G02) (Pay TV)\nhttps://www.kabeldeutschland.com" }, - { "3FFD15250250800F41B00569FF4A50F00000415A03", "astro Pay TV Measat 91.5 E Caid: 0910 Provider: 000000" }, - { "3FFD15250250800F41B00A69FF4A50F00000503103", "Sky Germany [NDS|V14] (098C:000000) (Pay TV)" }, - { "3FFD15250250800F41B00D69FF4A50F08000414A03", "beIN Sports Arabia NDS (09B5:000000) (Pay TV)" }, - { "3FFD15250250800F41B00D69FF4A50F08000565403", "TVPLAY HOME (Pay TV)\nhttps://www.tvplayhome.lt/" }, - { "3FFD15250250800F55B00269FF4A50F08000503103", "Sky Germany [NDS|V15] (098D:000000) (Pay TV) (Pay TV)\nhttp://www.sky.de" }, - { "3FFDFF250250800F54B00469FF4A50D08000495403", "SKy italia (Pay TV)" }, - { "3FFE142503108041B00769FF4A5070804245544114", "OSN (Pay TV)\nhttps://www.osn.com" }, - { "3FFF112503108041B00669FF4A50700000415A010011", "Astro (Pay TV)\nhttp://www.astro.com.my" }, - { "3FFF112503108041B00769FF4A507000005031010011", "Sky (Germany) VideoGuard CAM card (www.sky.de)" }, - { "3FFF13250250800F54B003FFFF4A508000000000474C05", "Sky (Brasil) VideoGuard CAM card" }, - { "3FFF132503108033B00E69FF4A507000004954020000", "Sky entitlement card" }, - { "3FFF132503108033B01069FF4A507000004E5A010000", "NDS SKY NZ (Pay TV)" }, - { "3FFF13250B50000F33B00469FF4A50E000005335000000", "Stream TV (IP television) decoder card, provided by stream.ru ISP in Moscow" }, - { "3FFF13250B50000F33B00469FF4A50E000005438000000", "Stream TV (IP television) decoder card, provided by aon (Telekom Austria) TV card, contains Incorporated NDS Videoguard (TM) security system" }, - { "3FFF142503108033B01069FF4A507000004352010000", "Russian cable TV AKADO NDS Card (Pay TV)\nhttp://www.akado.ru/" }, - { "3FFF142503108033B01069FF4A507000005A45010000", "Norwegian DVB-C provider Get (www.get.no). NDS Videoguard security card." }, - { "3FFF142503108041B00169FF4A507000005356010000", "Tata Sky India Card (Telecommunication)" }, - { "3FFF142503108041B00169FF4A507000005A48010000", "'D-Smart' NDS from Turkie" }, - { "3FFF142503108041B00169FF4A507000005A4A010000", "Dolce by RomTelecom (Pay TV)" }, - { "3FFF142503108041B00169FF4A507000005A4B010000", "Pay TV, Viasat Ukraine" }, - { "3FFF142503108041B00269FF4A507000004252010000", "airtel (Pay TV)" }, - { "3FFF142503108041B00269FF4A50708000414F010014", "Pay TV" }, - { "3FFF142503108041B00769FF4A507080005844010014", "NDS vivacom Bulgaria card (Pay TV)\nhttps://www.vivacom.bg/bg/tv" }, - { "3FFF142503108041B00769FF4A5070800058440100FF", "Provider Vivacom Bulgaria NDS (Pay TV)\nhttp://www.vivacom.bg/en/satellite-services" }, - { "3FFF142503108041B00769FF4A507080005845010014", "Sat TV (Other)" }, - { "3FFF142503108054B00169FF4A507000004B57010000", "PayTV Card Kabel BW (www.kabelbw.de), Encryption: NDS by Videoguard, Distribution Standard: DVB-C" }, - { "3FFF152503108041B00769FF4A507000005031010015", "Sky (Germany) VideoGuard CAM card (www.sky.de) in Fast Mode (ins7e11=15) (Pay TV)" }, - { "3FFF3F3F3F3F003F3FFF3F3F3F3F3FFF3FFF953FFF953FFF", "Premium joker card to see Spanish TDT premium (goltv)" }, - { "3FFF9500FF918171..4700..4.4.....3.3.3.20..657.........", "Nagravision TV CAM card\nhttp://en.wikipedia.org/wiki/Nagravision" }, - { "3FFF9500FF918171..47004E434D45443.303.20526576..3.3...", "Mediaset Premium (Italy) CAM card" }, - { "3FFF9500FF918171644700444E41535030303320526576333233FF", "Satellite TV Card 'Via Digital' (Nagra)" }, - { "3FFF9500FF918171A04700444E4153503031302052657641323048", "DSS/DISH ROM10" }, - { "3FFF9500FF918171A04700444E4153503031302052657641323149", "PayTV card for DishNetwork Sat receiver\nhttp://www.dishnetwork.com/" }, - { "3FFF9500FF918171A04700444E4153503031312052657642", "NTL digital TV card (Nagravision)" }, - { "3FFF9500FF918171A04700444E415350303131205265764230364E", "Telewest Broadband (Nagravision)" }, - { "3FFF9500FF918171A04700444E415350303131205265764230423A", "NagraVision card for StarHub Digital Cable DVB-C Singapore" }, - { "3FFF9500FF918171A04700444E415350303131205265764230443C", "NagraVision card for Virgin Media in the UK" }, - { "3FFF9500FF918171A04700444E415350313830204D657230303028", "NagraVision (VG04) for Virgin Media (UK)\nNagraVision 3 for DigiTV (Romania)\nhttp://www.rcs-rds.ro/televiziune-digi-tv/satelit" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641303114", "TVA Digital - Nagra Vision ID TV-01" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641303712", "UPC Austria/UPC-Cablecom Switzerland, digital television encryption card\nhttp://www.upc-cablecom.ch/" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641323215", "UM01 card from German Unitymedia cable TV provider" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641343514", "Telenet N.V. HDTV Decoder Card Belgium" }, - { "3FFF9500FF918171FE4700444E4153503131302052657641433365", "Brazilian NET Digital (Cable TV provider) - Nagra Vision 'NASP110 RevA01'" }, - { "3FFF9500FF918171FE4700444E4153503134322052657647303216", "Polsat Nagra3\nBrazil - Claro TV Nagra3 Red" }, - { "3FFF9500FF918171FE4700444E4153503134322052657647303410", "Nagra 3 Card - Telefonica Brazil Green" }, - { "3FFF9500FF918171FE4700444E4153503134322052657647303612", "UM02 card from German Unitymedia cable TV provider" }, - { "3FFF9500FF918171FE4700444E4153503134322052657647433463", "HD+ card used by the satellite company astra for decryption of the HDTV channels of RTL, VOX, Sat1 and ProSieben. Nagravision V3 is used for the encryption." }, - { "3FFF9500FF918171FE4700444E415350313830204D65724A30320E", "Nagra 3 Digital Plus Spain" }, - { "3FFF9500FF918171FE4700444E415350314130204D65725332336D", "Ziggo (Pay TV)" }, - { "3FFF9500FF918171FE4700444E41535032343120447368", "DISH Network G3 (Pay TV)" }, - { "3FFF9500FF918171FE4700444E415350323431204473684830390C", "Dish Network Smart Card (Pay TV)" }, - { "3FFF9500FF918171FE47004E434D4544303041205265764130316C", "Mediaset Premium (Italy) 2013" }, - { "3FFF9500FF918171FE47004E434D4544303043205265764330306D", "Mediaset Premium rechargeable (Pay TV)\nhttp://www.mediasetpremium.it/" }, - { "3FFF9500FF918171FE47005449474552363031205265764D383013", "Spanish pay TV card for GOLTV" }, - { "3FFF9500FF918171FE5700444E415350314230204D657257323079", "Vodafone HUNGARY (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651323113", "Nagravision D08 / KD-31 Vodafone Cable Germany (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651323210", "Telenet CI+ card Belgium (Pay TV)\nhttps://www2.telenet.be/nl/tv-met-een-kaartje/" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651323517", "New ROM of Nagra PayTV Card DNASP410 (Pay TV)\nhttp://en.wikipedia.org/wiki/Nagravision" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651323715", "New Digi Slovakia (Pay TV)\nhttps://www.lyngsat.com/packages/Digi.html" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651324260", "Nagravision Kudelski Generation 7 card Rom410 MerQ2B (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503431302052657651325371", "Slovak and Czech pay TV provider Slovak Telecom (Pay TV)\nhttp://www.flysat.com/novadigi-sk.php" }, - { "3FFF9500FF918171FE5700444E4153503432302052657653363017", "HD+ HD04b Card (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503432302052657653363413", "claro card honduras central america 'NAGRA' (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503432302052657653364166", "NAGRA KUDELSKI (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503432302052657653364265", "Nagra Kudelski / Canalsat Reunion (Pay TV)" }, - { "3FFF9500FF918171FE5700444E4153503435302052657657363014", "HD+ HD05 Paytv smartcard (Pay TV)" }, - { "3FFF9500FF918171FE5700444E415350343832205265765232361C", "Max Tv Croatia (Pay TV)\nhttps://www.lyngsat.com/packages/Max-TV.html" }, - { "3FFF9500FF918171FE5700444E415350353532204473684E30391F", "Dish Network ROM552 (Pay TV)" }, - { "3FFF9500FF918171FE5700444E415350353532204473684E304264", "Dish Network (Satellite Pay TV) NASP 552 (Pay TV)\nhttp://www.dishnetwork.com/" }, - { "3FFF9500FF918171FE5700444E415350353533205265764E304178", "BELL CA EXPRESS VU CARD (Pay TV)" }, - { "3FFF9500FF918171FF4700444E4153505330312044736836303916", "PayTV card for DishNetwork Sat receiver\nhttp://www.dishnetwork.com/\nCards were obsoleted in nationwide system update in 2009." }, - { "3FFF9500FF918171FF4700444E4153505330312052657636343702", "BELL EXPRESSVU (Pay TV)" }, - { "3FFF9500FF918171FF470054494745523030332052657632353064", "Tivu' Sat (Italy) CAM card www.tivu.tv" }, - {NULL, "n/a"} - }; + { "3B9F96803F87828031E073FE211F574543753130136502", "sysmoEUICC1-Cxx - eUCICC for econsumer eSIM RSP (Telecommunication)\nhttps://sysmocom.de/products/sim/sysmocom-euicc/index.html" }, + { "3B9F96803F87828031E073FE211F574543753130266F3D", "An eSIM physical card, you can write eSIM profiles into it and use it as a general SIM (Telecommunication)\nhttps://www.9esim.com/" }, + { "3B9F96803FC3A08031E073F62113574A4D0E1D31300071", "Telenor SIM card (Norway)" }, + { "3B9F96803FC6A08031E073F62116574A4D020B34546369", "SIM card Wingo operator (Switzerland) (Telecommunication)" }, + { "3B9F96803FC7008031E073FE211B6408050300829000EF", "Multipurpose UICC card for 2G, 3G, 4G/LTE, CDMA, ISIM & NFC (Telecommunication)\nhttp://www.smartjac.biz/index.php/component/eshop/telecom/test-uicc-sim-cards/2ff-mini-sim-cards/4g-open-multipurpose-uicc-card-3ff?Itemid=0" }, + { "3B9F96803FC7008031E073FE211F6441262100829000A3", "Smartjac SMAOT100A234FF (Telecommunication)\nhttps://smartjac.com" }, + { "3B9F96803FC7828031E073F62157574A330581053000CE", "COMPRION M2M eUICC (Telecommunication)" }, + { "3B9F96803FC7828031E073F62157574A4D020B60010069", "eSIM GSMA Card (Telecommunication)\nhttps://www.gsma.com/newsroom/wp-content/uploads/SGP.22_v2.2.pdf" }, + { "3B9F96803FC7828031E073F62157574A4D020B60610009", "ting (Telecommunication)" }, + { "3B9F96803FC7828031E073FE211B57AA8660F0010004FB", "The eSIM.me Card (Telecommunication)\nhttps://esim.me/" }, + { "3B9F96803FC7828031E073FE211B57AA8660F0010011EE", "eSIM.me pluggable eSIM (Telecommunication)\nhttps://esim.me/" }, + { "3B9F96803FC7828031E073FE211B57AA8660F0010017E8", "eSim.me Orange Setup (Telecommunication)" }, + { "3B9F96803FC7828031E073FE211B57AA8660F001001EE1", "5Ber (Telecommunication)\nhttps://esim.5ber.com" }, + { "3B9F96803FC7828031E073FE211B633A204E8300900031", "eSIM (Telecommunication)" }, + { "3B9F96803FC7828031E075F62157200355020B60500018", "iPhone 11 SIM Slot eUICC chip. Identified by eSTK.me. (Telecommunication)" }, + { "3B9F96803FC7828031E075F62157200355020C608000CF", "ST33J2M0STL9DZB0 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33j2m0.html" }, + { "3B9F96803FC7828031E075F62157210355020B60010048", "ST33G1M2STL8ENL0 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33g1m2.html" }, + { "3B9F96803FC7828031E075F62157210355020B60500019", "st33g1m2 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33g1m2.html" }, + { "3B9F96803FC7828031E075F62157210355020C608000CE", "ST33J2M0STL9DZB1 (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st33j2m0.html" }, + { "3B9F96803FC7828031E075F621573C0455020C61010054", "euicc from iphone14 (Telecommunication)" }, + { "3B9F96803FC7A08031E073F62116574A4D020233456377", "ISIS-Ready T-Mobile Sim Card (Telecommunication)" }, + { "3B9F96803FC7A08031E073F62156574A4D020B3444005B", "Norwegian telenor (Telecommunication)\nhttp://www.telenor.no" }, + { "3B9F96803FC7A08031E073F62157574A4D020B34546329", "Orange FR - opa (Telecommunication)" }, + { "3B9F96803FC7A08031E073FE211B63F100E8830090005E", "UICC CARD (Telecommunication)" }, + { "3B9F96803FC7A08031E073FE211B6407689A00829000B4", "Orange SIM Card (Telecommunication)" }, + { "3B9F96803FC7A08031E073FE211B64080503008290004F", "NFC-enabled SIM card of MTS Russia. (Telecommunication)" }, + { "3B9F96803FC7A08031E073FE211F6300690083819000AB", "GSM file system and SWP sample supplied with STMicro development kit (Other)" }, + { "3B9F96803FC7A08031E073FE211F6441269100829000B3", "LTE Lab SIM Ver 1.3 (Telecommunication)" }, + { "3B9F968131FE458065544312210831C073F6218081059A", "Scientific and Technological Research Council of Turkey (test card) (eID)" }, + { "3B9F968131FE45806755454B41451212318073B3A180EA", "AKiS v1.2 on nxp chip" }, + { "3B9F968131FE45806755454B41451252318073B3A180AA", "AKiS v1.2.1 on infineon chip" }, + { "3B9F968131FE45806755454B41451253318073B3A180AB", "AKiS v1.2.1 on nxp chip" }, + { "3B9F968131FE45806755454B41451292318073B3A1806A", "AKiS v1.2.2 on infineon chip" }, + { "3B9F968131FE45806755454B41451293318073B3A1806B", "AKiS v1.3 on infineon chip" }, + { "3B9F968131FE5D00640428010231C073F701D000900065", "German eTicketing SAM (Transport)\nhttps://www.eticket-deutschland.de/" }, + { "3B9F968131FE6D00640428010231C073F701D000900055", "VDV-KA Secure Access Module (German Public Transport) (Transport)\nhttps://www.eticket-deutschland.de/" }, + { "3B9F968131FE9D006405A0030431C073F701D000900028", "Deutsche Telekom AG, TeleSec PKS ECC Signature Card (PKI)\nhttps://www.telesec.de/en/signaturecard" }, + { "3B9F9681B1FE451F070064051EB20031B0739621DB0590005C", "SignTrust (www.signtrust.de)\nInfinion SLE66CX680PE with Starcos 3.2\nhttp://www.deutschepost.de/dpag?xmlFile=link1015459_49595" }, + { "3B9F9681B1FE451F070064051EB20331B0739621C005900044", "German Dentist ID (eID)" }, + { "3B9F96C00A1FC38031E073FE211B63F100AD830F9000DA", "SIM SFR Pro (French Mobile Operator)" }, + { "3B9F96C00A1FC68031E073FE211F65D00233131B810FFA", "Tinkoff SIM card (Telecommunication)" }, + { "3B9F96C00A1FC78031E073FE211B63F100AD830F9000DE", "H3G (Italy) UMTS USIM card" }, + { "3B9F96C00A1FC78031E073FE211B65D0011009228100F3", "Verizon 4G LTE SIM Card (Telecommunication)\nhttp://www.verizonwireless.com/support/information/4gsim.html" }, + { "3B9F96C00A1FC78031E073FE211B65D0018E0E3281007A", "Rogers 3G SIM card" }, + { "3B9F96C00A1FC78031E073FE211F65D0020912EE810F35", "German SIM card Drillisch (Telefonica) (Telecommunication) (Telecommunication)\nhttps://www.drillisch-online.de/" }, + { "3B9F96C00A1FC78031E073FE211F65D0020914F9810F24", "CONNEXA SIM CARD (Telecommunication)" }, + { "3B9F96C00A1FC78031E073FE211F65D0020B11A4810F7E", "Telia Finland Oyj, network operator LTE (Telecommunication)" }, + { "3B9F96C00A1FC78031E073FE211F65D013370F3B810FD2", "Gemalto Security Element (PKI)" }, + { "3B9F96C00A31FE45435431690B010001000000000000000D", "EU smart tachograph card (driver/company/control/workshop)\nhttps://dtc.jrc.ec.europa.eu/" }, + { "3B9F96C00A31FE45754A6176656C696E2D4F5320312E3051", "Vietnam ID Card (eID)" }, + { "3B9F96C00A3FC6A08031E073FE211B65D001740EEB810FD7", "Verizon '4G LTE' USIM (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211B65D001740F13810F2E", "SFR GSM SIM Card (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211B65D001740F50810F6D", "5G (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211F65D001900F3B810FE6", "Verizon US USIM card (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211F65D00209107C810F24", "GSM SIM Vodafone NL postpaid NFC+ (Telecommunication)" }, + { "3B9F96C00A3FC6A08031E073FE211F65D0021B12B7810FFF", "SIM Card Fastweb IT GSM mobile network (Telecommunication)" }, + { "3B9F96C00A3FC7828031E073FE211F65D00209146C810F13", "euicc (eID)" }, + { "3B9F96C00A3FC7A08031E073FE211B65D001740E8D810FB0", "USIM" }, + { "3B9F96C00A3FC7A08031E073FE211B65D001740EE3810FDE", "EE (UK) Mobile Phone SIM Card circa 2016 (Telecommunication)" }, + { "3B9F96C00A3FC7A08031E073FE211B65D001740F13810F2F", "Phone card sim (Telecommunication)" }, + { "3B9F96C00A3FC7A08031E073FE211F65D0021A12AB810FE3", "Orange SIM (Telecommunication)" }, + { "3B9F96C00A3FC7A08031E073FE211F65D0021B12B7810FFE", "ISPL Card (Telecommunication)" }, + { "3B9F96C0F031FE45754A6176656C696E2D4F5320312E30AB", "ATKey.Card NFC Bio-ID (eID)" }, + { "3B9F97801FC68031E073FE211B6441442100829000E5", "SAKURA Internet SIM (Telecommunication)\nhttps://www.sakura.ad.jp/services/sim/" }, + { "3B9F97801FC68031E073FE211B65CA010E060B81059E", "rain Networks - R15 4G Sim Card (Telecommunication)\nhttp://www.rain.co.za" }, + { "3B9F97801FC78031E073FE211367980801120401045B", "Tmobile Sim card (Telecommunication)" }, + { "3B9F97801FC78031E073FE211367980801120601065B", "Tmobile (Telecommunication)" }, + { "3B9F97801FC78031E073FE2113679814010202010257", "Orange SIM from Egypt (Telecommunication)" }, + { "3B9F97803FC6828031E073FE211F630089008381900069", "ST4SIM-200M (Telecommunication)\nhttps://www.st.com/en/secure-mcus/st4sim-200m.html" }, + { "3B9F97803FC7828031E073FE211F640856210082900019", "eSIM card (Telecommunication)" }, + { "3B9F97803FC7828031E073FE211F6409069200829000FB", "Ubigi Transatel esim (Telecommunication)" }, + { "3B9F978131FE458065544312210831C073F621808105", "Republic of Turkey Identity Card (eID)\nhttps://bilgem.tubitak.gov.tr/en/icerik/national-identity-card-tr-nc-identity-card" }, + { "3B9F978131FE458065544312210831C073F62180810590", "Turkish National Electronic Identity Card - TCKK (eID)\nhttp://www.ekds.gov.tr" }, + { "3B9F978131FE458065544312210831C073F6218081059B", "Turkish Republic Identity Card - Turkiye Cumhuriyeti Kimlik Karti (TCKK) (eID)\nhttp://www.ekds.gov.tr/tckk/t-c-kimlik-karti/tanim" }, + { "3B9F978131FE4580655443D2210831C073F6218081055B", "Turkish Republic official electronic ID card with biometric data, e-signature, authentication, secure private-key cryptographic messaging, etc. (eID)\nhttp://bilgem.tubitak.gov.tr/en/icerik/national-identity-card-tr-nc-identity-card" }, + { "3B9F978131FE4580655443D3228231C073F621808105D3", "Turkish eID (Turkiye Cumhuriyeti Kimlik Karti) (eID)" }, + { "3B9F97C00A1FC68031E073FE211F65D00233150E810FE8", "SIM Card (Telecommunication)" }, + { "3B9F97C00A1FC78031E073FE211B65D0011009228100F2", "'ultra fast card, max speed supported for telecom'? (transport)" }, + { "3B9F97C00A1FC78031E073FE211B65D001900F3B810F62", "Gemalto Multi-SIM consumer 4.2 (ST33I1M2) (Telecommunication)" }, + { "3B9F97C00A3FC6828031E073FE211B65D0023314A5810FE4", "Thales eUICC French Ministry BAP v2 (Telecommunication)" }, + { "3B9F97C00A3FC6A08031E073FE211B65D001740EEB810FD6", "Verizon 4G LTE Micro SIM (Telecommunication)" }, + { "3B9F97C00A3FC6A08031E073FE211F65D0021B13F6810FBE", "Verizon SIM Card (Telecommunication)" }, + { "3B9F97C00A3FC7A08031E073FE211F65D001900FEE810F33", "AT&T Mobility LLC MicroSIM Card (Telecommunication)\nhttps://www.att.com/wireless/" }, + { "3B9F97C00AB1FE453FC6828031E073FE211B65D0023A14C9810F8B", "SIM (Telecommunication)" }, + { "3B9F97C0FF1FC78031E073FE211B63F100AD830F90002A", "Gemalto Speed Enhancement 97 (Telecommunication)" }, + { "3B9FB681B1FE5D1F4700640411030131C073B7010000900035", "BOS (Telecommunication)" }, + { "3B9FD680B1A0591FC7534C4538385F50534C5F56302E353001", "Infineon SLE88CFX4000P" }, + { "3BA70040..8065A208......", "Gemplus GemSAFE Smart Card (8K)" }, + { "3BA70040148065A214010137", "Gemplus GPK4000sdo" }, + { "3BA70040188065A208010152", "Gemplus GPK8000\nGemSAFE Smart Card (8K)\nMultiApp ID IAS ECC 72K CC (with IAS XL / IAS ECC Applet) IAS ECC Type 3 (Bank)" }, + { "3BA70040188065A209010152", "Gemplus GPK16000" }, + { "3BA70040188065A209010252", "Gemplus GPK16000" }, + { "3BA70040188065A209010352", "Gemplus GemSAFE std (GPK16000?)" }, + { "3BA8008171465D0054434F53312E320065", "Telesec TCOS 1.2" }, + { "3BA8008171465D0054434F53312E324B2E", "CeloCom Card with TCOS 1.2" }, + { "3BAA00401447473245543553343830", "Old German 'D2 Privat' sim card (Telecommunication)" }, + { "3BAA00401447473247543553343830", "GSM-SIM Libertel (900MHz)" }, + { "3BAA004080534F805345030411AAA3", "'open platform' ATMEGA 'new Generation'\nhttp://www.masterixweb-italy.com/new/images/articoli/atmega.jpg" }, + { "3BAB00813140458031C0650806800000000084", "Reloadable Visa Cash card (Schlumberger), Bank of America" }, + { "3BAC00402A001225006480000310009000", "Sesam Vitale card CPS (Carte Profesionnel de Sante)\nhttps://esante.gouv.fr/securite/cartes-et-certificats/CPS" }, + { "3BAC00402A001225006480820212009000", "Sesam Vitale card CPS (Carte Profesionnel de Sante)" }, + { "3BAD0040FF80318065B00501015E83009000", "Dallas Semiconductor iButton\nJIB\nGemplus GemXpresso 2.11PK" }, + { "3BB0110081319073F2", "SamOS 2.7" }, + { "3BB033009181316B35FC", "SkyperfecTV HD IC Card (Pay TV)\nhttps://www.skyperfectv.co.jp/eng/" }, + { "3BB036008131FE5D95", "Betacrypt 2 (Comvenient GmbH) Conditional Access Smart Card (Pay TV)\nwww.comvenient.com" }, + { "3BB2110010800001", "Atmel memory card AT88SC0104C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf\nPlug'n'Print" }, + { "3BB2110010800002", "Atmel memory card AT88SC0204C (Atmel memory card)\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5211.pdf\nCard LAVAGE reloadadble from stations TOTAL" }, + { "3BB2110010800004", "Atmel memory card AT88SC0404C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB2110010800008", "Atmel memory card AT88SC0808C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf\nSmart VR Card - GD Burti" }, + { "3BB2110010800016", "Atmel memory card AT88SC1616C\nhttps://www.microchip.com/en-us/product/AT88SC1616C#document-table\nRexall (Canada) - Blood Pressure Check card\nhttp://www.rexall.ca/services/blood-pressure-tracking" }, + { "3BB3110000000032", "Atmel memory card AT88SC3216C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB3110000000064", "Atmel memory card AT88SC6416C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB3110000000128", "Atmel memory card AT88SC12816C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB3110000000256", "Atmel memory card AT88SC25616C\nhttp://www.atmel.com/dyn/resources/prod_documents/doc5210.pdf" }, + { "3BB7110081319043A5..............", "Siemens CardOS/M V1.4 (SLE44C80S)" }, + { "3BB7110081319043C517B09D19221E1F", "CryptoTech blank access/authentication card (Other)\nhttp://www.cryptotech.com.pl/" }, + { "3BB7110081319053B5..............", "CardOS EM/V1.4 (SLE44CR80S)" }, + { "3BB711008131FE432025854702202866", "Research Institute of Applied Information Technologies (Other)\nhttp://dodatok.osvita.net/" }, + { "3BB711008131FE4320283FB50320313B", "Research Institute of Applied Information Technologies (Other)\nhttp://dodatok.osvita.net/" }, + { "3BB718008131704310434E5452563253", "Avtor SecureToken (PKI)" }, + { "3BB718008131FE6553504B323490005A", "Giesecke & Devrient Starcos 2.4" }, + { "3BB71800C03E31FE6553504B3234900025", "G&D STARCOS SPK 2.4" }, + { "3BB794008131FE5553504B32329000E0", "Dresdner Bank (a German Bank) Key-Card for InternetBanking" }, + { "3BB794008131FE6553504B32329000D0", "Giesecke & Devrient STARCOS SPK2.2" }, + { "3BB794008131FE6553504B32339000D1", "Giesecke & Devrient Starcos 2.3\nDeutsche Bank WebSign (RSA-Card)\nG&D StarSign Token\nOsakidetza ONA (eID)\nhttp://www.osakidetza.euskadi.eus/r85-ckserv01/es/contenidos/nota_prensa/ruedasanidad35/es_rs/ruedasanidad35_c.html" }, + { "3BB813008131205D0057696E4361726402", "SmartCard for Windows 1.1" }, + { "3BB813008131FA524348544D4F494341A5", "citizen digital certificate (PKI)\nhttp://moica.nat.gov.tw/" }, + { "3BB897008131FE45FFFF148230502300F1", "UAE Emirates ID (eID)\nhttps://www.icp.gov.ae" }, + { "3BB89700813FE45FFFF148230502300F", "UAE Emirates ID (eID)" }, + { "3BB89700C00831FE45FFFF148230502300B8", "Infineon SECORA ID X (JavaCard)" }, + { "3BB918008131FE9E8073FF614083000000DF", "Serbian Identity Card\nThis is the new Serbian biometric identity card (every adult cityzen\nmust have). The chip contains owners picture, name, date and place\nof birth, current address, unique ID number and fingerprint." }, + { "3BB9940040144747334D4838353330", "T D1 GSM card (Telecommunication)" }, + { "3BB9940040144747334E4838363430", "GSM-SIM card of the Austrian mobile phone provider One\nhttp://www.one.at\nProximus SIM - Belgium (SetCOS?)\no2 GSM-SIM card Germany 2003" }, + { "3BBA11001000434C5F53414D00133800", "Planeta Informatica CL-SAM (Other)\nhttp://www.planeta.inf.br/" }, + { "3BBA11008131FE4D55454B41452056312E30AE", "AKIS v1.0 on infineon chip" }, + { "3BBA13008131865D0064050A0201318090008B", "Telesec TCOS 2 (SLE44)\nTCOS 2.0 (on CR80S)\nCryptokarte with RSA-Controller, T=1 Protocol" }, + { "3BBA14008131865D0064051402023180900091", "TCOS 2.0 (on CX160S)\nTelesec TCOS 2 (SLE66)" }, + { "3BBA14008131865D0064057B020331809000", "PHILIPS (HealthCare)" }, + { "3BBA14008131865D0064057B020331809000FF", "PHILIPS (HealthCare)" }, + { "3BBA14008131865D0064057B0203319000FF", "JCOP CARD (Other)" }, + { "3BBA94004014", "GG3RS732S0 ?" }, + { "3BBA9400401447473352533731365300", "Micro Sim MCP crew sim (Telecommunication)" }, + { "3BBA9400401447473352533731365320", "GSM SIM Elisa Estonia" }, + { "3BBA9400401447473352533731365330", "GSM-SIM Viag Interkom E2 Loop (1800MHz)\nGSM-SIM card of the Austrian A1\nhttp://www.a1.net/privat/home\nGSM SIM Radiolinja Estonia; 2005" }, + { "3BBA9400401447473353533731365330", "GSM SIM Cellway (e-plus), Germany (Telecommunication)" }, + { "3BBA95001080434C5F53414D00013811", "CLSAM (Transport)\nhttp://www.planeta.inf.br" }, + { "3BBA950081B1865D1F430064045C02033180900084", "T-Mobile Corporate ID Card" }, + { "3BBA96008131865D0064056002033180900066", "Telesec TCOS 2 (SLE66P)\nTCOS 2.0 (on CX320P)\nTeleSec Netkey Card" }, + { "3BBA96008131865D00640560020331809000667001040530C9", "TeleSec Netkey E4 Card" }, + { "3BBA96008131865D0064057B0203318090007D", "TeleSec NetKey Card\nDeutsche Post card (tcos)" }, + { "3BBB18008131FE4580670518B1020184008105E0", "STARCOS Smart Card (Other)\nhttps://www.gi-de.com/de/identities/unternehmenssicherheit/signaturkarte" }, + { "3BBB1800C01031FE4580670412B003030000810138", "Giesecke & Devrient Star Sign Card, STARCOS 3.0 DI, 72 KB, RSA2048 bit\nGiesecke & Devrient Smartc@fe Expert 32K v2.0" }, + { "3BBB1800C01031FE4580670412B00303000081053C", "Philips Smart MX\nSzczecin University of Technology in Poland student identity card (Elektroniczna Legitymacja Studencka = student identity card)\nCSOB bank, Czech Republic\nCATCert (Agencia Catalana de Certificacio) catalan government workers identity card" }, + { "3BBB1800C03E31FE654726442054534D20312E30B7", "Italian Tachograph Driver Card" }, + { "3BBC1800813120755A43332E313220524556204146", "ZeitControl BasicCard Enhanced 3.7\nhttp://www.basiccard.com/" }, + { "3BBC1800813120755A43332E313420524556204445", "ZeitControl BasicCard Enhanced 3.14 Rev D\nhttp://www.basiccard.com/" }, + { "3BBC1800813120755A43332E333220524556204247", "ZeitControl BasicCard (Other)\nhttps://ZeitControl" }, + { "3BBC1800813120755A43332E333420524556204447", "ZeitControl BasicCard Enhanced ZC3.34 (Other)\nhttps://www.zeitcontrol.de/en" }, + { "3BBC94004014474733483335585332303030", "GSM-SIM Era-PL\nT-Mobile GSM SIM Card" }, + { "3BBC94004014474733483335585632303030", "GSM SIM CARD 32K, Vodafone" }, + { "3BBC94004014474733493539424332303030", "GSM SIM Vodafona NL prepaid" }, + { "3BBC94004014474733493543414331303030", "Siemens SIM card" }, + { "3BBC94004014474733493731394332303020", "Telenor SIM card (Norway)" }, + { "3BBC94004014474733494231424331303020", "Telenor SIM (Telecommunication)" }, + { "3BBC94004014474733494231424331303030", "SIM Card (Scarlet, Belgium) (Telecommunication)\nhttps://www.scarlet.be/nl/prepaid/" }, + { "3BBC94004014474733533035315331303130", "GSM SIM (Tele2, Estonia)\nGSM SIM Elisa Estonia; 2007\nGSM SIM from 'fonic' Germany" }, + { "3BBC94004014474733533443454332303030", "Era-PL SIM Card (Telecommunication)" }, + { "3BBD110000414C4946415820503031523041", "alifax (HealthCare)" }, + { "3BBD18008131FE45805102670414B10101020081053D", "Austrian 'e-Card' (=Health Card)\nspecial Version of Starcos 3.1" }, + { "3BBD18008131FE45805102670518B102020201810531", "Austrian health insurance card 'e-card'" }, + { "3BBD18008131FE45805103670414B10101020081053C", "Austrian Health insurance card 'eCard' (HealthCare)\nhttp://www.chipkarte.at" }, + { "3BBE..000041052000............00009000", "CryptoMate64 USB Cryptographic token\nhttp://www.acs.com.hk/en/products/18/cryptomate64-cryptographic-usb-tokens/\nACS ACOS5-64 V2.00\nhttp://www.acs.com.hk/en/products/17/acos5-64-cryptographic-smart-card/" }, + { "3BBE1100004101102038000000000000000000", "ACOS2" }, + { "3BBE1100004101380000000000000000019000", "ACS (Advanced Card System) ACOS-1\nACOS3\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, + { "3BBE1100004101380000000000000000029000", "ACS (Advanced Card System) ACOS-1 8K" }, + { "3BBE1100004101380000010000000000019000", "ACOS3 Microprocessor Card (Contact) (Other)\nhttp://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, + { "3BBE1100004101380000030000000000019000", "ACS ACOS3-32 (Telecommunication)\nhttp://www.acos3.com/" }, + { "3BBE110000410138000004006275627A019000", "Advanced Card Systems ACOS3 (24k) V1.7\nhttp://www.acs.com.hk/index.php?pid=product&prod_sections=0&id=ACOS3" }, + { "3BBE1100004101380000050000000000029000", "ACS (Advanced Card System) ACOS2" }, + { "3BBE1100004101380100030000000000029000", "ACOS2 test card from ACS reading off a ACR38U" }, + { "3BBE1100004101380300040000000000019000", "ACOS 3 from ACS (Other)" }, + { "3BBE1100004101380400140000000000019000", "Dekart Smartcard Logon (eID)\nhttp://www.smartcardfocus.com/shop/ilp/se~81/dekart-smartcard-logon/p/index.shtml" }, + { "3BBE1100004101380400140000000000029000", "DEKART proprietary logon authentication solution for Windows (Other)\nhttp://www.dekart.com/products/" }, + { "3BBE1100004101380500070000000000029000", "EEPROM card (Other)" }, + { "3BBE11000041013817CE010000000000019000", "ACOS3 Contact Microprocessor Card (Other)\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, + { "3BBE1100004101382500030000000000019000", "8 pin (eID)" }, + { "3BBE1100004101384D800A8050524F56009000", "ACS (Advanced Card System) ACOS-3" }, + { "3BBE110000410138FF40000000000000019000", "Acos3 (zend) (eID)" }, + { "3BBE1100004107020000000000000000019000", "ACOS7 MOC Combi-Card (Other)\nhttp://www.acs.com.hk/en/products/123/acos7-moc-combi-card/" }, + { "3BBE1800004105..0000000000000000009000", "Advanced Card Systems (ACS) ACOS5 Cryptographic Smart Card" }, + { "3BBE1800004105100000000000000000009000", "ACS ACOS5 'ACOS5-32-G' dual card\nhttp://www.acs.com.hk/acos5.asp" }, + { "3BBE1800004206110000000000000000009000", "Etoken nano 192k (eID)" }, + { "3BBE94004014474733463034415A455439313330", "GSM operator Life Ukraine (Telecommunication)" }, + { "3BBE940040144747335333454441544C36303130", "SingTel hi! Prepaid GSM SIM UICC (Telecommunication)" }, + { "3BBE940040144747335333454841544C39313000", "Latvian GSM operator TELE2" }, + { "3BBE940040144747335333474841544C39313030", "simCard Vip Mobile(Serbia) or Telecom Austria (Telecommunication)\nhttp://www.vipmobile.rs/" }, + { "3BBE94008131FE3553504B3233205745353031364E4325", "G&D StarCOS SPK 2.3 secure element (Bank)" }, + { "3BBE9500004103000000000000000000029000", "touchatag SAM card\nSpanish University of Murcia smart ID card - Old version with CajaMurcia Banking card integrated (Maestro card) (M.Mar OS) - Also used by many others spanish universities\nACOS6 C6\nhttps://www.acs.com.hk/en/products/309/acos6-multi-application-purse-card-contact/\nACOS6S C7 SAM\nhttps://www.acs.com.hk/en/products/310/acos6-sam-secure-access-module-card-contact/" }, + { "3BBE96000041013802001D0000000000019000", "ACOS3-32 (Other)\nhttps://www.acs.com.hk/en/products/306/acos3-microprocessor-card-contact/" }, + { "3BBE9600004103000000000000000000029000", "SAM inside the Tikitag reader from Alcatel-Lucent\nhttp://hackerati.com/post/57314994/rfid-on-the-cheap-hacking-tikitag" }, + { "3BBE9600004105004E46000000000000009000", "ACOS5-64 v3.00 (PKI)\nhttps://www.acs.com.hk/en/products/308/acos5-64-v3.00-cryptographic-card-contact/" }, + { "3BBE9600004105300000000000000000009000", "CryptoMate Nano USB Cryptographic token\nhttp://www.acs.com.hk/en/products/414/cryptomate-nano-cryptographic-usb-tokens/\nACS ACOS5-64 V3.00\nhttp://www.acs.com.hk/en/products/308/acos5-64-v3.00-cryptographic-card-contact/" }, + { "3BBE9600004206210000000000000000009000", "ESMART Token (PKI)\nhttps://esmart.ru/products/informatsionnaya-bezopasnost/smart-karty-esmart-token/" }, + { "3BBE9600801FC78031E073FE21136200..83819000..", "Vodafone (Italy) 128 kB GSM SIM card\nTIM (Italy) 128 kB GSM SIM card" }, + { "3BBF..008131FE5D0064040F03..31C073F701D0009000..", "TCOS 3.0 on Philips P5CD036" }, + { "3BBF..008131FE5D0064041103..31C073F701D0009000..", "TCOS 3.0 on Philips P5CT072" }, + { "3BBF..008131FE5D0064041503..31C073F701D0009000..", "TCOS 3.0 on Philips P5CD072" }, + { "3BBF..008131FE5D00640428030231C073F701D0009000..", "TCOS 3.0 release 2 on Philips P5CD080" }, + { "3BBF..008131FE5D0064056D03..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CX642P" }, + { "3BBF..008131FE5D0064058903..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CLX641P" }, + { "3BBF..008131FE5D0064058A03..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CLX640P" }, + { "3BBF..008131FE5D0064059103..31C073F701D0009000..", "TCOS 3.0 on Infineon SLE 66CX680PE" }, + { "3BBF11008131..4545504100000000........0000......", "Austrian Quick E-purse\nhttp://www.quick.at/" }, + { "3BBF11008131FE45455041000000000000000000000000F1", "a.sign premium signature card" }, + { "3BBF11008131FE4545504100000000792780760000000059", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (old model) (Bank)" }, + { "3BBF11008131FE454D434100000100016971850000000077", "Austrian 'easybank' branded Mastercard, issued 2007" }, + { "3BBF11008131FE454D434100000100020820510000000090", "austrian combined card of a mastercard and OBB Vorteilscard (Austrian Federal Railways)\nhttp://www.oebb.at/pv/de/Servicebox/VORTEILScard/Bezahlen_mit_der_VORTEILScard/VORTEILScard_MasterCard.jsp" }, + { "3BBF11008131FE454D43410000010002559133000000001E", "Mastercard (Paylife Austria)" }, + { "3BBF1100C01031FE44534D405254204341464520312E3143C1", "Giesecke&Devrient SmartCafe 1.1" }, + { "3BBF18008031703553544152434F5320533231204390009B", "Giesecke & Devrient STARCOS S2.1" }, + { "3BBF18008131705553544152434F532053323120439000FA", "Giesecke & Devrient STARCOS S2.1" }, + { "3BBF1800C02031705253544152434F5320533231204390009C", "Giesecke & Devrient SPK 2.1 C" }, + { "3BBF9300801FC68031E073FE2113576573746B2E6D65E3", "eSTK.me v1.2.5 or later (Telecommunication)\nhttps://eSTK.me" }, + { "3BBF9300803FC6828031E073FE2113576573746B2E6D6541", "eSTK.me v1.2.4 (Telecommunication)\nhttps://eSTK.me" }, + { "3BBF94008131FE65454C55204175737472696120312E3238", "A-Trust: trust-sign (Old Version, ca. 2002) for Digital Signature etc.\nA-Trust: a-sign-premium (ca. 2004) 'Burgerkarte' ('Citizen-Card')\nfor Identifikation, Digital Signature etc.\n('should be' Starcos 2.3)" }, + { "3BBF9500801FC68031E073FE2113576573746B2E6D65E5", "eSTK.me v3.1.1 or later (Telecommunication)\nhttps://estk.me" }, + { "3BBF9500803FC6828031E073FE2113576573746B2E6D6547", "eSTK.me v3.1.1 (Telecommunication)\nhttps://eSTK.me" }, + { "3BBF96008131FE5D0064........31C073F701D0009000..", "TCOS 3.0 / NetKey 3.0" }, + { "3BBF96008131FE5D00640411000031C073F701D0009000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, + { "3BBF96008131FE5D00640411030131C07301D000900000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, + { "3BBF96008131FE5D00640411030131C073F701D0009000", "DATEV eG, Nuernberg, Bavaria, Germany (PKI)\nhttp://www.datev.de" }, + { "3BC5FF8131FB458073C6010000", "Japanese Individual Number Card (eID)\nhttps://www.kojinbango-card.go.jp/en/kojinbango/index.html" }, + { "3BC800000073C84000000000", "verve (Bank)" }, + { "3BCDFF8031FE450068D276000028040481009000CD", "Tachograph company test card (Transport)" }, + { "3BD096FF81B1FE451F032E", "New european health insurance card of the German health insurance (G2) (HealthCare)\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, + { "3BD096FF81B1FE451F072A", "German public health insurance card (,,Gesundheitskarte'), 2nd generation (G2), issuer Techniker Krankenkasse (HealthCare)\nhttps://gematik.de/cms/de/spezifikation/wirkbetrieb/kartengeneration2/kartengeneration2.jsp" }, + { "3BD096FF81B1FE451FC7EA", "German public health insurance card (Elektronische Gesundheitskarte eGK), 2nd generation (G2) (HealthCare)" }, + { "3BD097FF81B1FE451F072B", "German Elektronische Gesundheitskarte (eGK) (HealthCare) - From TK (HealthCare)\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, + { "3BD097FF81B1FE451FC7EB", "German Health Professional Card (eHBA) (HealthCare)\ngSMC-KT, STARCOS 3.6 (HealthCare)" }, + { "3BD0A8FF81F1FB24001FC3F4", "Philips DESFire SAM" }, + { "3BD218008131FE450101C1", "Dutch License Plate Card (RDW)\nhttps://commons.wikimedia.org/wiki/File:Kentekencard_voorzijde_1_december_2013.jpg" }, + { "3BD218008131FE58C90114", "Atos CardOS5 (PKI)\nhttp://atos.net/NR/rdonlyres/17C7BDD0-225B-4A58-B9A4-438EA3F3238A/0/74743_20120830_160149_cardos_v5_0__datenblatt_en.pdf" }, + { "3BD218008131FE58C90217", "Atos CardOS 5.3 (PKI)\nhttp://www.atos.net/cardos" }, + { "3BD218008131FE58C90316", "Austrian 'RKS-Card' issued by GlobalTrust (PKI)\nhttps://secure.globaltrust.eu/info-rksv.html" }, + { "3BD218008131FE58C90411", "Identity Card in Slovakia with security chip and e-signature issued after 2021-06-21 (eID)\nD-TRUST Card 4.1 Standard, qualified signature card" }, + { "3BD218008131FE58CA6076", "CardOS IoT V5.4 (PKI)\nhttps://atos.net/wp-content/uploads/2018/11/ct_181127_lpm_cardos_iot_v5-4_fs_en4_web.pdf" }, + { "3BD218008131FE58CB0116", "D-Trust Card 5.1/5.4 (contact based)\nhttps://www.d-trust.net/de/support/signatur-und-siegelkarten" }, + { "3BD21802C10A31FE58C80D51", "Siemens Card CardOS M4.4" }, + { "3BD296FF81B1FE451F870102AB", "Electronic Vehicle Registration (eVR) from RDW.nl (The Netherlands), open sourced at [URL], demo (Windows / Linux Wine Mono) (Transport)\nhttps://github.com/eVRMTV/eVR" }, + { "3BD396FF81B1FE451F078081052D", "German public health insurance card (Elektronische Gesundheitskarte eGK), 2nd generation (G2) (HealthCare)" }, + { "3BD5180081313A7D8073C8211030", "Aladdin eToken NG-Flash with 256MB of flash memory\nAladdin eToken PRO (72KB)\nhttp://www.aladdin.com/etoken/devices/default.aspx" }, + { "3BD518008131FE7D8073C82110F4", "Bank of Lithuania Identification card\nGemalto SafeNet eToken Java Based Cards\nhttps://safenet.gemalto.com/multi-factor-authentication/authenticators/pki-usb-authentication/" }, + { "3BD518FF8091FE1FC38073C8211308", "Athena IDProtect (JavaCard 2.2.2)\nhttp://www.athena-scs.com/product.asp?pid=32\nThales nShield Security World Card - Remote Administration Ready\nhttps://www.thalesesecurity.fr/products/hsm-management-and-monitoring/nshield-remote-administration" }, + { "3BD518FF8191FE1FC38073C821100A", "ComSign digital signature card (eID)\nhttps://www.comsign.co.uk/" }, + { "3BD518FF8191FE1FC38073C8211309", "Athena IDProtect Key (v2)\nhttp://www.athena-scs.com/product.asp?pid=33" }, + { "3BD518FF81B1FE451FC38073C821106F", "DPI Card ID Guatemala Version 2024 (eID)\nhttps://www.renap.gob.gt/" }, + { "3BD5950400AE01020101", "Axalto Cyberflex Access 64K v2b SM 1.1" }, + { "3BD595FF8091FE1FC38073C8211385", "Athena IDProtect - Cryptographic Java Card\nhttp://www.athena-scs.com/product.asp?pid=32" }, + { "3BD596028031FE654F734549441F", "AVR128DA32 microcontroller based open source EID smartcard with RSA and ECC. (eID)\nhttps://oseid.sourceforge.io/" }, + { "3BD596FF80B1FE451F878073C82110A4", "French national identity card (eID)\nhttps://en.wikipedia.org/wiki/National_identity_card_(France)" }, + { "3BD596FF8191FE1FC34332333030CC", "HID Global - Crescendo C2300 (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/c2300" }, + { "3BD6180080B1806D1F038051006110309E", "Atmel/Athena T0 PC/SC Compliance Test Card No. 1" }, + { "3BD618008131FE7D415350204F5383", "ASP FIXED CHAL1, 2, 3 and 4 (Other)" }, + { "3BD6180081B1807D1F038051006110308F", "ASECard Crypto\nhttp://www.athena-scs.com/product.asp?pid=8" }, + { "3BD618FF8191FE1FC34573C8211110DD", "PDOX J3R180 (JavaCard)" }, + { "3BD6960081B1FE451F078031C1521118F8", "smart card from NASA, 2019 (PKI)" }, + { "3BD6960081B1FE451F878031C152211949", "DHS CAC card (PKI)" }, + { "3BD6960081B1FE451F878031C152411A2A", "Identiv SCR3310 v2.0 (eID)" }, + { "3BD6970081B1FE451F078031C1521118F9", "NASA Personal Identity Verification (PIV) card (eID)\nIDEMIA Cosmo V8.0 with a PIV applet" }, + { "3BD6970081B1FE451F078031C1521119F8", "Secure badge (PKI)" }, + { "3BD6970081B1FE451F878031C152211948", "DOS PIV (PKI)" }, + { "3BD6970081B1FE451F878031C152211A4B", "ID-One PIV 2.4 (P/N 1501381) from IDEMIA (Other)" }, + { "3BD6970081B1FE451F878031C152411A2B", "Oberthur Technologies ID-One PIV/CIV on V8 Device (eID)\nhttps://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2986.pdf\nIDEMIA Cosmo V8.1 with a PIV applet" }, + { "3BD71100400A654E434F533037", "eNCOS MC MChip Advance (Bank)" }, + { "3BD7970081B1FE451F878031C15351132012", "IdemiaID-ONEPIV (eID)\nhttps://www.idemia.com/id-one-piv-card" }, + { "3BD81800801F078031C1640806920F", "US Government CAC (PKI) / IDEMIA Cosmo v8 (PKI)\nhttps://www.idemia.com/id-one-piv-card" }, + { "3BD81800801F078031C1640806920FDF", "US DoD Common Access Card (IDEMIA Cosmo v8) (PKI)" }, + { "3BD8180080B1FE451F078031C1640806920FD5", "Oberthur Cosmo v8 (PKI)" }, + { "3BD818FF8131FE458064041BB42A8105D5", "Schweizerische Krankenversicherungskarte KVG (HealthCare)" }, + { "3BD818FF81B1FE451F038064041AB403810561", "D-Trust multicard advanced 3.1\nGerman public health insurance card ('Gesundheitskarte'), issuer SBK 'Siemens Betriebskrankenkasse'" }, + { "3BD896008031FE4400531200840F90001F", "Cape Verde National Identity Card (CNI) (eID)\nhttps://sniac.cv/cartao-nacional-de-identificacao/" }, + { "3BD8960081B1FE451F0743485447504B494ADD", "Citizen Digital Certificate, Taiwan (PKI)\nhttp://moica.nat.gov.tw/" }, + { "3BD896FF8131FE458064041BB42A81055B", "Swiss LAMal health insurance card" }, + { "3BD911008131FE8D0000464F4D53312E3132", "TFOMS (eID)\nhttp://www.samtfoms.ru" }, + { "3BD918008011F08054434F4C4482900062", "TransaXiom Janus Card (Other)\nhttp://www.transaxiom.co.uk" }, + { "3BD91800C00910FE5459464F4E45000000", "Tyfone's SideTap Card (NFC payments)" }, + { "3BD918FF8191FE1FC35441474C494F5049565B", "Taglio PIV C2190 (NXP JCOP 3 SecID P60 CS) (eID)\nhttps://www.taglio.com/pivcard.html" }, + { "3BD99400004D4502000901009000", "Moviestar. GSM SIM card (Telecommunication)" }, + { "3BD99400004D454576352E369000", "Vending Machine Card (Other)" }, + { "3BD99400004D4D41523331349000", "Vodafone Spain 64kb SIM card. GSM/3G networks" }, + { "3BD99500004D4516005401009000", "MTS Ukraine (Telecommunication)\nhttp://www.mts.ua/" }, + { "3BD996FF8131FE454352455343454E444FFF", "HID Global Crescendo JCOP 21 v2.4.1 R2 64K (PKI)" }, + { "3BD996FF8131FE458031B8738601E0810522", "German dentist's identity card (eID)\nhttp://www.medisign.de/" }, + { "3BD996FF8191FE1FC343323330302D4B4559BA", "Crescendo Key (USB Type-A) (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/crescendo-key" }, + { "3BDA11FF81B1FE551F0300318473800180009000E4", "Gnuk OpenPGP Token (PKI)\nhttps://www.fsij.org/category/gnuk.html" }, + { "3BDA11FF81B1FE551F0300318473800180059000E1", "Nitrokey Start (Openpgp USB) (Other)\nhttps://www.nitrokey.com/products/nitrokey-start" }, + { "3BDA13FF8131FB468012392F31C173C601C03B", "My Number Card (The Social Security and Tax Number System in JAPAN) (eID)\nhttp://www.cas.go.jp/jp/seisaku/bangoseido/english.html" }, + { "3BDA1802C10A31FE584B53776973735369676EA9", "SuisseID Post - ATOS CardOS 4.x (eID)\nhttps://postsuisseid.ch/" }, + { "3BDA18FF8191FE1FC350564A434F503353494472", "J3H145 (P6 SecID) purchased from FUTAKO Ltd., Taiwan (JavaCard)\nhttp://www.javacardsdk.com" }, + { "3BDA18FF8191FE1FC380641211111073C0C1801B", "Belarus national identity card (passport)\nhttps://eng.belta.by/infographica/view/id-cards-in-belarus-7095/" }, + { "3BDA18FF81B1FE451FC3546963546F6B20322E3068", "TikTok 2.0 (PKI)" }, + { "3BDA18FF81B1FE451FC3546963546F6B20332E3069", "TicTok 3.0 (PKI) (PKI)\nhttps://en.cryptoshop.com/products/cryptas-tictok-v3-basisartikel.html" }, + { "3BDA18FF81B1FE751F030031C573C001400090000C", "OpenPGP Card V2" }, + { "3BDA18FF81B1FE751F030031F573C001600090001C", "OpenPGP Card V3" }, + { "3BDA9400004D4D41524A2B33399000", "SIM card from Vodafone Spain" }, + { "3BDA9500400A2508004053434F535441", "Card used for issuing commodity to benificiary for rice, wheat and more (Other)" }, + { "3BDA96FF8031FE454D696E694C6F61646572AB", "iClass SE Processor (Miniloader Mode) (Other)\nhttps://www.hidglobal.com/products/embedded-modules/iclass-se/sio-processor" }, + { "3BDA96FF8031FE45536E6D704C6F61646572A8", "iClass SE Processor (SNMP Loader Mode) (Other)\nhttps://www.hidglobal.com/products/embedded-modules/iclass-se/sio-processor" }, + { "3BDA96FF8131FE45805631B85349434181057B", "STARCOS 3.5 ID ECC C1R (PKI)\nhttps://www.gi-de.com/fileadmin/user_upload/MS/Certificates/STARCOS35_ID_ECC_TABLES.pdf" }, + { "3BDA96FF8191FE1FC343323330302D46495053E2", "Crescendo 2300 FIPS (JavaCard)" }, + { "3BDA96FF81B1FE451F0780584943412056322E30E9", "Starcos chip card from Giesecke & Devrient (PKI)\nhttps://ica.cz/functionality-smart-card" }, + { "3BDB11FF5000FF0000000000000007921603", "NEC V-WAY64 v2.1" }, + { "3BDB1800801F030031C06477E303008290004F", "Oberthur ID-One Cosmo 64K V5.2" }, + { "3BDB18008031FE448059494465616C20312E367D", "ID card Albania (eID)" }, + { "3BDB180080B1FE451F830031C064C7FC1000019000FA", "Oberthur Cosmo V7 64K Dual/128K" }, + { "3BDB18FF8191FE1FC306092B06010401E9100503D7", "SafeSign Default QSCD (NXP JCOP 3 SecID P60) (PKI)\nhttps://www.tuv-nederland.nl/assets/files/cerfiticaten/2020/02/security-target-v1.0.pdf" }, + { "3BDB18FF8191FE1FC306092B06010401E9100504D0", "Serbian qualified electronic certificate issued by Serbian Post sertification centr (PKI)\nhttps://www.ca.posta.rs/serbian_post_ca.htm" }, + { "3BDB18FF81B1FE751F03504B436172642056312E30ED", "Tecos 3 card (Other)" }, + { "3BDB18FF81B1FE751F035A43372E35205245562041AE", "BasicCard Professional ZC7.5-COMBI (Other)\nhttp://www.basiccard.com/" }, + { "3BDB18FF81B1FE751F035A43372E36205245562044A8", "Zeitcontrol Professional BasicCard ZC 7.6 REV D (Other)\nhttp://www.zeitcontrol.de/en/products/basiccard/basiccard" }, + { "3BDB18FFC080B1FE751F035A43372E352052455620416F", "ZeitControl BasicCard ZC7.5 user-programmable dual interface smart card\nhttp://www.smartcardfocus.com/shop/ilp/id~380/BasicCard_ZC7_5_Dual_Interface/p/index.shtml" }, + { "3BDB18FFC080B1FE751F035A43372E352052455620426C", "BasicCard ZC7.5 dual-interface programmable smartcard (30K) (eID)\nhttps://secure.zeitcontrol.de/shop/Smart-card-BasicCard-Professional-ZC75-Combi" }, + { "3BDB18FFC080B1FE751F035A43372E352052455620446A", "Smart card BasicCard Professional ZC7.5, ZeitControl cardsystems GmbH\nhttp://www.zeitcontrol.de/en/products/chip-cards/processor-chip-cards/basiccard" }, + { "3BDB18FFC080B1FE751F035A43372E3620524556204469", "ZeitControl BasicCard 7.6 (Other)\nhttps://www.zeitcontrol.de/en/products/basiccard/basiccard" }, + { "3BDB96004010004F535F335F3134059000", "Vehicle identity card for Iran (eID)" }, + { "3BDB9600801F030031C06477E30300829000C1", "Oberthur Card Systems (contactless pilot) ID-One Cosmo v5.2D 64K\nOberthur Card Systems (PIV Transitional) ID-One Cosmo v5.2D 72K\nCAC (Common Access Card)" }, + { "3BDB9600801F030031C064B0F3100007900080", "DoD CAC, Oberthur ID One 128 v5.5 Dual" }, + { "3BDB9600801F030031C064B0F310000F900088", "US Department of Veterans Affairs PIV" }, + { "3BDB9600801F830031C0641D18010001900051", "ID0One Cosmo Development Kit (JavaCard)" }, + { "3BDB96008031FE448059654944204E414452418F", "Pakistan ID card (eID)" }, + { "3BDB960080B1FE451F830012233F536549440F9000F1", "Estonia ID-card (eID)\nhttps://id.ee" }, + { "3BDB960080B1FE451F830012428F536549440F900020", "Latvia eID (eID)\nhttps://www.eparaksts.lv/lv/" }, + { "3BDB960080B1FE451F830031C064102301000F900063", "Extremenian Health Service target (HealthCare)\nhttps://saludextremadura.ses.es/web/preguntas-frecuentes" }, + { "3BDB960080B1FE451F830031C0641A1801000790005A", "Ercom CRYPTOSMART\nhttp://www.ssi.gouv.fr/entreprise/qualification/gamme-cryptosmart-pour-la-securisation-des-smartphones-et-des-tablettes/" }, + { "3BDB960080B1FE451F830031C0641A1801000F900052", "Serbian Car registration ID card\nhttp://blog.goranrakic.com/archives/2011/07/citanje_saobracajne_dozvole_sa_cipom.html" }, + { "3BDB960080B1FE451F830031C0641A71010007900033", "ChamberSign Gemalto USB Shell Token V2 - Certificate Audacio ** (eID)\nhttp://www.chambersign.fr/certificat-rgs-audacio/" }, + { "3BDB960080B1FE451F830031C064B0FC100007900005", "Oberthur Cosmo V7 debug card (SDK)" }, + { "3BDB960080B1FE451F830031C064B0FC10000F90000D", "ID-One PIV (that's the only non-numeric identifying mark) (PKI)" }, + { "3BDB960080B1FE451F830031C064BAFC10000790000F", "Oberthur ID-One Cosmo v7.0 80K (eID)\nhttps://www.ssi.gouv.fr/uploads/IMG/certificat/ANSSI-CC-cible_2011-64en.pdf" }, + { "3BDB960080B1FE451F830031C064BAFC10000F900007", "Oberthur ID-One Cosmo v7.0 (PKI)\nhttps://csrc.nist.rip/groups/STM/cmvp/documents/140-1/140sp/140sp1236.pdf" }, + { "3BDB960080B1FE451F830031C064BE1B0100019000FB", "Bank card" }, + { "3BDB960080B1FE451F830031C064C30801000F90009B", "SIM Aruba (Italian provider)" }, + { "3BDB960080B1FE451F830031C064C7FC100001900074", "Oberthur Cosmo (eID)\nhttp://www.stampit.org" }, + { "3BDB960080B1FE451F830031C064C7FC10000F90007A", "Guatemalan ID Card\nhttp://www.renap.gob.gt/" }, + { "3BDB960080B1FE451F830031C164084022300F90000A", "Oberthur v7 - in a Gemalto (was Gemplus) GemPC Key SmartCard Reader (grey USB dongle) - bought at ChamberSign (PKI)" }, + { "3BDB960080B1FE451F830031E85427E6040007900084", "Polish encard (eID)" }, + { "3BDB960080B1FE451F830031E85427E604000F90008C", "Token card from iBRE CompanyNet (mbank) (Bank)" }, + { "3BDB960080B1FE451F834553544F4E49412D65494455", "Estonian Identity Card (ID-One Cosmo v8.1) (eID)" }, + { "3BDB960080B1FE451F870031C1640958223607900019", "Idemia Solvo Fly 40 (JavaCard)" }, + { "3BDB960081B1FE451F0380F9A0000003080000100018", "Oberthur CS PIV End Point v1.08 FIPS201 Certified" }, + { "3BDB960081B1FE451F0380F9A0000003480000000149", "Fly Clear card" }, + { "3BDB960081B1FE451F8380F9A0000003080000100098", "Oberthur Cosmo v7 128K with PIV applet\nhttp://www.smartcardfocus.com/shop/ilp/id~410/p/index.shtml" }, + { "3BDB96FF80B1FE451F870031C164093364490F9000BC", "cnie Carte Nationale d'Identite Electronique (eID)" }, + { "3BDB96FF80B1FE451F870031C164093772130F9000F4", "French ID Card 2021 (eID)\nhttps://ants.gouv.fr/nos-missions/les-titres-produits-par-l-ants/les-documents-d-identite/la-puce-de-la-nouvelle-carte-nationale-didentite" }, + { "3BDB96FF8131FE4580670534B50201064081051B", "SINA STARCOS 3.5 BX-CombiCard+HSB (Other)" }, + { "3BDB96FFC01031FE4580671501B403000900810521", "Digital Tachograph Card for Professional Driver\nolish driver card for digital tachograph" }, + { "3BDC1802C10A31FE588031A873B0019B2460071320AA", "Public Services Card | Ireland (Other)\nhttps://psc.gov.ie/" }, + { "3BDC18FF00001225006480000401009000", "Vitale card CPS V4 (Carte Profesionnel de Sante) (HealthCare)" }, + { "3BDC18FF8011C18073C821136605036351000232", "GoTrust Idem Card (Other)\nhttps://www.gotrustid.com/idem-card" }, + { "3BDC18FF8091FE1FC38073C8211366010B0352000539", "Digital Signature Costa Rica (eID)" }, + { "3BDC18FF8091FE1FC38073C821136602040355000235", "ST security module for German smart meter gateway (JavaCard)\nhttps://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-2-Anforderungen_an_die_Funktionalitaet.pdf?__blob=publicationFile&v=3" }, + { "3BDC18FF8111C18073C821136605036351000233", "GoTrust Idem Key (Other)\nhttps://www.gotrustid.com/idem-key" }, + { "3BDC18FF8111FE8073C82113660106013080018D", "Aladdin R.D. JaCarta LT (eID)" }, + { "3BDC18FF8191FE1FC3060A2B06010401E910050103D2", "DoD (Other)\nhttps://cps.ca.pkidefensie.nl/" }, + { "3BDC18FF8191FE1FC3060A2B06010401E910050203D1", "Caregiver card for Dutch Medical System called UZI (Unieke Zorgverlener Identificatie, Caring Unique Identification) (HealthCare)\nhttps://www.uziregister.nl/" }, + { "3BDC18FF8191FE1FC3060A2B06010401E910050204D6", "UZI (HealthCare)" }, + { "3BDC18FF8191FE1FC38073C821136601060130040155", "Athena IDProtect Key Laser" }, + { "3BDC18FF8191FE1FC38073C821136601061159000128", "JaCarta (PKI)\nhttp://www.aladdin-rd.ru" }, + { "3BDC18FF8191FE1FC38073C8211366010B0352000538", "Athena IDProtect Smart Card Logon Card" }, + { "3BDC18FF8191FE1FC38073C821136605024258000279", "NXP Athena SCS (PKI)" }, + { "3BDC18FF8191FE1FC38073C821136605036057000255", "NXP IDProtect (X) (JavaCard)" }, + { "3BDC18FF8191FE1FC38073C821136605036351000250", "JCOP3 SecID P60 CS (JavaCard)" }, + { "3BDC18FFC080B1FE751F035A43382E362052455620443657", "ZeitControl Professional Multi-Application BasicCard ZC8.6 (Other)\nhttps://www.zeitcontrol.de/Smart-card-BasicCard-Professional-ZC76" }, + { "3BDC96FF8111FE8031C8544356300573FFA1C03B", "NXP Javacard with Athena SCS OS (JavaCard)" }, + { "3BDC96FF8111FE8031C8544356350773FFA1C03C", "NXP JCOP 4, J3R200P0X3U/0ZA16CP NXD6.2 (JavaCard)" }, + { "3BDC96FF8191FE1FC38073C8211366050363510002DE", "Montenegro eID (eID)" }, + { "3BDC96FF81B1FE431FC30B46415245474F53414D5632CC", "Multismartcard SAM (used in proprietary Scheidt&Bachmann Smartcard Reader v2)" }, + { "3BDD18008131FE4580F9A0000000770100700A90008B", "National ID Card of Peru issued by RENIEC from Oberthur" }, + { "3BDD18008131FE4580F9A000000077010800079000FE", "Oberthur Cosmo v7 IAS ECC\nBrazilian 'e-CNPJ' card, issued by Certisign (Oberthur)" }, + { "3BDD18008131FE45904C41545649412D65494490008C", "Identity card (eID) Republic of Latvia\nhttp://www.pmlp.gov.lv/lv/pakalpojumi/passes/eid.html" }, + { "3BDD18008191FE1FC3006646530803003671DF00008097", "Feitian K9Plus - ePass FIDO-NFC with PIV (Other)\nhttps://ftsafe.com/products/FIDO/NFC" }, + { "3BDD18FF8191FE1FC3006646530803003671DF00008068", "Feitian FIDO NFC Plus K9 Security Key (Other)\nhttps://www.ftsafe.com/products/FIDO/NFC" }, + { "3BDD18FF8191FE1FC3FF4F70656E506879736963616CF6", "Open Physical PIV-Compatible NXP SECID P60 (eID)\nhttps://openphysical.org/" }, + { "3BDD18FFC080B1FE451FC30068D276000028040411009000C9", "Russian Federation driver card for the digital tachograph\nPolish driver card for digital tachograph" }, + { "3BDD18FFC080B1FE451FC30068D276000028040971009000A4", "Worktime/driving style monitoring card (Transport)\nhttp://www.paetronics.fi/en/" }, + { "3BDD96008010FE8031806301FFC073B3211B8105", "BIFIT iBank 2 USB Key (Bank)\nhttp://bifit.ua" }, + { "3BDD96008031FE450031B8640429ECC1739401808248", "Finnish Digital and Population Services Agency Organisation Card (eID)\nhttps://dvv.fi/en/organisation-cards" }, + { "3BDD960080B1FE451F8380640503040056564453414554FC", "VASCO DIGIPASS KEY 101 (Other)" }, + { "3BDD96008131FE4580F9A00000007701080007900070", "IDEMIA Cosmo v8.1-n (JavaCard)" }, + { "3BDD96FF801F034E5850204E53434F5320342E3006", "SCOSTA (Transport)" }, + { "3BDD96FF8131FE4580595F5374645F496E697481059B", "Karta kryptograficzna cryptoCertum 3.5 (PKI)\nhttps://www.certum.pl/pl/karty-do-czytnikow/" }, + { "3BDD96FF81B1FE451F03006404050803739621D0009000C9", "German public health insurance card ('Gesundheitskarte'), issuer Techniker Krankenkasse" }, + { "3BDD96FF81B1FE451F03006404050A02739621D0009000CA", "German public health insurance card ('Gesundheitskarte'), issuer Techniker Krankenkasse, issued 02/15 (HealthCare)" }, + { "3BDD96FF81B1FE451F030064057310A673D621C000900053", "New european health insurance card of the German health insurance" }, + { "3BDD96FF81B1FE451F038031B052010364041BB42281051B", "Austrian Motor Vehicle Registration Certificate (Transport)" }, + { "3BDD96FF81B1FE451F038031B052020364041BB422810518", "Austrian 'e-card' G3 (State Health Insurance Card)\n(running StarCOS 3.4 by Giesecke & Devrient)" }, + { "3BDD97FF81B1FE451F03006404050803739621D0009000C8", "German 'eGK' (State Health Insurance Card)" }, + { "3BDD97FF81B1FE451F0300640405080373969621D00090C8", "German public health insurance card ('Gesundheitskarte'), issuer Knappschaft" }, + { "3BDD97FF81B1FE451F03006404050A02739621D0009000CB", "German Elektronische Gesundheitskarte (eGK) (HealthCare)\nhttp://www.bmg.bund.de/en/health/the-electronic-health-card.html\nhttps://de.wikipedia.org/wiki/Elektronische_Gesundheitskarte" }, + { "3BDE11000049434F5335330000000000000008", "MyKID (eID)" }, + { "3BDE13000049434F5335330000000000000008", "Malaysian citizens under age of 12 including newborns (non-compulsory) (eID)\nhttps://en.wikipedia.org/wiki/Malaysian_identity_card#MyKid" }, + { "3BDE18FF8191FE1FC38031815448534D317380214081071C", "SmartCard-HSM 4K USB-Token (JavaCard)\nhttps://www.smartcard-hsm.com/features.html#usbstick" }, + { "3BDE18FF81F1FB34001F074445534669726553414D56312E30D2", "Mifare Desfire SAM Module" }, + { "3BDE18FF81F1FE43003F078344455346697265382053414D2D5817", "NXP SAM" }, + { "3BDE18FFC080B1FE451F034573744549442076657220312E302B", "Estonian Identity Card (EstEID v1.0 2006 cold)" }, + { "3BDE86FF9101F1FB34001F074445534669726553414D56312E305D", "Mifare Desfire SAM Module (after warm reset) (Other)" }, + { "3BDE96FF8191FE1FC38031815448534D3173802140810792", "SmartCard HSM (PKI)\nhttps://www.smartcard-hsm.com/" }, + { "3BDE98FF8191FE1FC38031815448534D3173802140810792", "Nitrokey HSM 2 (PKI)\nhttps://docs.nitrokey.com/hsm/" }, + { "3BDF1100400A003180718666654E434F5331839000", "eNCOS MC MChip Advance V10 (Bank)\nhttps://tr.iccore.tech/" }, + { "3BDF18008131FE580031B964050E010073B401D300000022", "Identity Card in Slovakia with security chip and e-signature" }, + { "3BDF18008131FE588031905241016405C903AC73B7B1D444", "a.sign RK CHIP with certificate\nhttps://www.a-trust.at/webshop/Detail.aspx?ProdId=2021" }, + { "3BDF18008131FE588031B05202046405C903AC73B7B1D422", "Austrian 'e-Card' (=Health Card) of the 4th generation. (HealthCare)" }, + { "3BDF18008131FE58AC31B05202046405C903AC73B7B1D422", "e-Card Austria (HealthCare)" }, + { "3BDF18008131FE67005C49434DD49147D276000038330058", "Infineon SICRYPT Card Module D4 PC/SC Compliance Test Card" }, + { "3BDF18008131FE67005C49434DD49147D277000038330059", "Infocrypt Token++ (PKI)\nhttps://tokenplus.ru/products/%D0%A2%D0%BE%D0%BA%D0%B5%D0%BD/" }, + { "3BDF18008131FE7D006B020C0182011101434E53103180FC", "Italian healthcare card (TS) National Service Card (CNS) (HealthCare)" }, + { "3BDF18008131FE7D006B040C0184011101434E53103180FC", "Italian healthcare card (TS) National Service Card (CNS) (HealthCare)\nhttp://www.regione.toscana.it/cartasanitaria\nhttps://www.agid.gov.it/it/piattaforme/carta-nazionale-servizi" }, + { "3BDF18008131FE7D006B150C0180011101434E53103180E9", "Provider: Actalis S.p.A.\ncode: AT00006181\nhttp://www.actalis.it" }, + { "3BDF18008131FE7D006B150C0181011101434E53103180E8", "Italian healthcare card (TS) National Service Card (CNS)\nCarta Regionale dei Servizi - Regione Lombardia\nTuscany TS-CNS\nhttp://www.regione.toscana.it/cartasanitaria" }, + { "3BDF1801C04031FC7580738421E0694D54434F537302050516", "German digital tachograph control card (Transport)" }, + { "3BDF18FF8091FE1FC3003138644790ECC273140150829000BB", "Ministry of Interior - France 'Agent Card' (Other)" }, + { "3BDF18FF8131FE4580590180484944433730307300011B33", "Crescendo C700 + MiFare 4K\nhttp://www.smartcardfocus.com/shop/ilp/id~265/p/index.shtml" }, + { "3BDF18FF8131FE458073C8211059B81D417574684B6579BA", "Arculus AuthentiKey (Other)" }, + { "3BDF18FF8191FE1FC3003138644790ECC273140150829000BA", "Card store authentication and signature keys (JavaCard)\nhttps://ants.gouv.fr/Les-titres/Cartes-Agents/Adhesion/Telechargement-et-support" }, + { "3BDF18FF8191FE1FC30031B8640000EC0073940000829000FE", "NXP Jcop3 P60 ChipDoc v7b4 (JavaCard)\nhttps://www.javacardos.com/store/products/10029" }, + { "3BDF18FF8191FE1FC30031B86404216010739401C005900001", "Dutch Governement Identity Card using physical (eID)\nhttps://nl.wikipedia.org/wiki/Rijkspas" }, + { "3BDF18FF8191FE1FC30031B8640C01ECC173940180829000B3", "ebee card\nhttps://www.ebeeoffice.ca/ebee-home/public\nDigital Signature Costa Rica (issued since 09/2019) (eID)\nhttps://www.mifirmadigital.go.cr/" }, + { "3BDF18FF81B1FE451F870031B96409377213738401E00000008E", "Slovak eID card with dual (NFC and physical) interface. It is Cosmo v9.2. The card is used for electronic identification and for electronic signing with either qualified or just electronic signing certificate. (eID)" }, + { "3BDF18FF81F1FE43001F034D494641524520506C75732053414D98", "Mifare SAM AV2" }, + { "3BDF18FF81F1FE43003F03834D494641524520506C75732053414D3B", "NXP SAM AV2 module" }, + { "3BDF18FF81F1FE43003F03834D4946506C75732053414D3B53414D3B", "Mifare SAM -AV2 (PKI)" }, + { "3BDF18FF81F1FE43003F07834D49464152452053414D204156333011", "NXP SAM AV3 module" }, + { "3BDF18FF910131FE4680319052410264050200AC73D622C099", "Acos-ID (AUSTRIACARD's Operating System) (Other)\nhttps://www.austriacard.com/digital-security/solutions/card-solutions/acos-id/" }, + { "3BDF94FFC080B1FE451F03006AD2760000280415FA10040090006B", "UK Digital Tacho card (Other)" }, + { "3BDF94FFC080B1FE451F03006AD2760000280415FA40040090003B", "DVLA Company Card (Transport)" }, + { "3BDF9500801F878031A073FF21006345B105830F900060", "FUTURE CARD Normal ISO SIM (Telecommunication)" }, + { "3BDF9500801F878031A073FF21006345B309830F90006E", "Card Mobilis Algeria telecom (Telecommunication)\nhttp://www.mobilis.dz" }, + { "3BDF9500801FC38031E073FE211B674C455441323135BD", "SK Telecom SIM card (in Korea) (Telecommunication)\nhttp://www.sktelecom.co.kr/" }, + { "3BDF95FF8091FE1FC349445044554F33475049544356008029", "Generic Card NFC (eID)" }, + { "3BDF95FF8091FE1FC38025A0000000685319000173C8211329", "CardLogix Credensys-J Contacted Java Card 2.2.1 Global Platform 2.1.1 (Atmel AT90SC12872RCFT)\n(bank)" }, + { "3BDF96008031FE450031B864041FECC173940180829000EC", "Ministry of Interior - France 'Agent Card'\n(Carte Agent du Ministere de l'Interieur Francais)" }, + { "3BDF96008031FE450031B8640429ECC173940180829000DA", "Finnish identity card given by the City of Helsinki to all members of city council, board and commitees" }, + { "3BDF960080B1FE451F830012276F5741495242555331079000EA", "IDEMIA ID-One Cosmo V8.2 IAS ECC card (eID)" }, + { "3BDF960080B1FE451F838073BC9180F9A00000007780080201A4", "Latvian eSignature card (eID)\nhttps://www.lvrtc.lv/e-signature.html" }, + { "3BDF960080B1FE451F870031C16408923201738421E0059000C5", "Company Card for Transport companies (Transport)" }, + { "3BDF96008131FE4541434F532D4944303032382E3031366F", "Sri Lankan driving license [ web: motortraffic.gov.lk ] (eID)\nhttp://www.motortraffic.gov.lk/web/index.php?option=com_content&view=article&id=83&Itemid=140&lang=en" }, + { "3BDF96008131FE4580738421E0554978000080830F90000C", "Idemia Cosmo X (eID)\nhttps://cyber.gouv.fr/sites/default/files/2021/08/anssi-cible-cc-2021_36n.pdf" }, + { "3BDF96008131FE588031B05202056405A100AC73D622C020", "Austrian health insurance card 'e-card' (HealthCare)\nhttps://de.wikipedia.org/wiki/E-card_(Chipkarte)" }, + { "3BDF960081B1FE451F838073CC91CBF9A0000003080000100079", "Test PIV Cards available for sale from NIST\nhttp://csrc.nist.gov/groups/SNS/piv/testcards.html" }, + { "3BDF960090103F07008031E0677377696363000073FE210006", "swsim card (Telecommunication)" }, + { "3BDF960090103F07008031E0677377696363000073FE2100DC", "swsim (Telecommunication)" }, + { "3BDF96FF8131FE455A018048494443313158587300011B09", "HID Crescendo iCLASS Px G8H" }, + { "3BDF96FF8131FE4580590180504956434C41537300011BDE", "HID Global pivCLASS v1.0 (PKI)\nhttp://www.hidglobal.com/products/cards-and-credentials/pivclass/pivclass-smart-card" }, + { "3BDF96FF8131FE45805B44452E42415F53433335328105B5", "Employee ID card from the Federal Employment Agency (Germany) (PKI)\nhttps://www.pki.arbeitsagentur.de/" }, + { "3BDF96FF8131FE45805B44452E424E4F544B3130308105A0", "BeA - Certification Card for German Solicitors (Other)\nhttps://bea.bnotk.de/" }, + { "3BDF96FF81B1FE451F870031B96409377213738401E000000000", "National Identity Card of Slovakia (eID) (eID)\nhttps://en.wikipedia.org/wiki/Slovak_identity_card" }, + { "3BDF96FF910131FE4680319052410264050200AC73D622C017", "Acos-ID (AUSTRIACARD's Operating System) (Other)\nhttps://www.austriacard.com/digital-security/solutions/card-solutions/acos-id/" }, + { "3BDF97008131FE588031B05202056405A100AC73D622C021", "Austrian healthcare insurance identification card (HealthCare)\nhttps://www.chipkarte.at" }, + { "3BDF970081B1FE451F838073CC91CBF9A0000003080000100078", "NASA PIV Card (Other)" }, + { "3BE000008131104505", "Emoney indonesia (Bank)" }, + { "3BE000008131204030", "SmarTEC" }, + { "3BE000FF8131FE4514", "'JUKICARD', digitally sign tax documents in Japan" }, + { "3BE20000402049..", "Schlumberger Cryptoflex 4k" }, + { "3BE2000040204905", "Schlumberger Cryptoflex DES" }, + { "3BE2000040204906", "Schlumberger Cryptoflex" }, + { "3BE2000040204907", "Schlumberger Cryptoflex Key Generation" }, + { "3BE200FFC11031FE55C8029C", "Aladdin eToken PRO (USB token)\nSiemens CardOS M4.0" }, + { "3BE300FF9181712644000113202D", "Metrebus Card\n(used in Rome to store personal information and Atac subscription.\nAtac is the public transport company of the city of Rome.)\nhttp://www.atac.roma.it/smart/smart.asp?A=2&S=22&PR=4&LNG=2" }, + { "3BE500008121459C100100800D", "BIN 470132 -- BANK OF AMERICA VISA DEBIT -- GEMALTO MGY 0 U1090788B - 12/14 F8 00 89 (Bank)" }, + { "3BE500008131FE45D00037008089", "ATM card for Standard Chartered, Taiwan" }, + { "3BE500FF8131FE458073C601082D", "MUFG (.jp) (Bank)" }, + { "3BE6000080318066B1A30401110B83", "Java Jcop J2A040 (JavaCard)" }, + { "3BE6000080318066B1A30401110B83009000", "VISA Credit Card (Bank)" }, + { "3BE60000812145324B010101017A", "Axalto Cyberflex Palmera V5" }, + { "3BE600FF8131FE4544492030324D70", "Alior Sync (Poland) - MasterCard Debit Card with PayPass (Bank)\nMasterCard Contactless Debit Card issued by Raiffeisen Bank in Czech Republic\nDebit MasterCard with paypass issued by Bank Zachodni WBK (Poland)\nDebit MasterCard with paypass issued by AliorSync" }, + { "3BE600FF8131FE454449203032566B", "VISA credit card (DKB)" }, + { "3BE600FF8131FE454A434F50303307", "IBM JCOP 30/16" }, + { "3BE600FF8131FE454A434F50313005", "IBM JCOP 10/16\nRental card for Blockbuster, Taiwan" }, + { "3BE600FF8131FE454A434F50323006", "IBM JCOP 20/16\nIBM JCOP20 with MIFARE\nor Datakey Smart Card Model 330J\nhttp://www.datakey.com/products/smart_cards/products_sc_330j.shtml" }, + { "3BE600FF8131FE454A434F50323107", "IBM JCOP ID21" }, + { "3BE600FF8131FE454A434F50333007", "Mifare ProX T=1" }, + { "3BE600FF8131FE454A434F50333106", "IBM JCOP 30/31bio (contact interface)" }, + { "3BE600FF8131FE4580640C7000008A", "AEON Credit Card (Bank)\nhttps://www.aeon.co.jp/card/lineup/" }, + { "3BE700008131FE4200639531059000B9", "Chunghwa Post Co., Ltd. Visa Debit Card (Bank)\nhttp://www.post.gov.tw/post/internet/U_english/index.jsp?ID=24030107" }, + { "3BE70000918131FE410110300100908049", "'FirmenTicket' from the 'Rheinbahn' for the 'VRR'\nits a ticket corporates can buy for their employees. so its called\n'FirmenTicket'. 'Rheinbahn' is the local service operator for the\nmass traffic in and around duesseldorf/germany. 'VRR' is traffic\nnetwork spanning over at least a big part of north rhine westphalia\n(Verkehrsverbund Rhein-Ruhr)\nhttp://www.vrr.de/de/tickets_und_tarife/vielfahrer/firmenticket/index.php" }, + { "3BE700FF8131FE454430382E30203657", "EMV (MasterCard) card, issued by Raiffeisen Bank in Russia\n'Deutsche Kreditbank AG' Visa Card produced by AustriaCard GNC\nAll cards (MasterCard, Maestro, VISA Electron) issued by Raiffeisen Bank in Romania\nEMV (MasterCard) Card, issued by Raiffeisen Bank in Czech Republic" }, + { "3BE700FF8131FE454430382E31203656", "WinWin Austria Player-ID-Card (Other)\nhttps://www.winwin.at/" }, + { "3BE700FF8131FE454430382E32203655", "Mastercard (Bank)" }, + { "3BE700FF8131FE454D43412038203652", "Mastercard credit card issued by 'PayLife Bank GmbH'.\nBank number is '5266' - Bawag PSK." }, + { "3BE700FF8131FE458031C073C62148BE", "Japanese ETC (Electronic Toll Collection System) card (Transport) and Credit card (Issuer: Toyota) (Transport)" }, + { "3BE700FF81B1FE451F018031C073C6214820", "Japanese ETC (Electronic Toll Collection System) card (Transport)" }, + { "3BE8000040FA0073C84011009000", "KEBTechnology KONA USB SmartCard (Other)" }, + { "3BE800008031FE450073C8401300907DE7", "National Health System of Spain - Consejeria de Sanidad y Servicios Sociales - JUNTA DE EXTREMADURA (HealthCare)\nhttps://www.juntaex.es/es/lajunta/consejo-de-gobierno/vicepresidencia-segunda-y-consejeria-de-sanidad-y-servicios-sociales/servicio-extremeno-de-salud" }, + { "3BE80000813120450073C8400000900056", "Visa credit card for Standard Chartered, Taiwan" }, + { "3BE800008131FE00506572736F53696DAA", "Simulated virtual smartcard, from project PersoSim (eID)\nhttps://persosim.de/?q=node/33" }, + { "3BE800008131FE450073C8400000900088", "VISA Card (Skandinaviska Enskilda Banken) with Swedish BankID\nVISA card (Chinatrust Bank (Taiwan), dual-interface card with a Taipei Metro e-purse function)" }, + { "3BE800008131FE454A434F50763234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BE800008131FE454A434F5076323431B4", "VISA Debit card for NAB, Australia" }, + { "3BE800FF8131FE43AA00000000000000B0", "Secure Signing Token (eID)" }, + { "3BE800FF8131FE45434C6169726520361A", "DKB Visa card with PayWave" }, + { "3BE90000812145454D565F41545220066C", "VISA card, issued by HVB Bank Czech Republic or austrian BankAustria\nhttp://www.hvb.cz" }, + { "3BE900008121454D435F5F494E46200665", "MasterCard Credit card issued by SpareBank1 in Norway\nhttp://www.sparebank1.no" }, + { "3BE900008121455649535F494E46200678", "VISA card, issued by the Austrian 'Raiffeisen' bank\nhttp://www.raiffeisen.at/\nVisa Card - Maximum - Oyak Bank / Turkey\nVISA, issued by Austrian bank 'Erste Bank'\nVISA card, issued by the Latvian bank 'Latvijas Krajbanka'" }, + { "3BE900008131C345996374691999125610EC", "Compunicate Technologies Inc. (Pay TV)\nhttp://www.cti.com.cn/en/product.aspx?m=20140731165252850216" }, + { "3BE900008131FE00FF506572736F53696D54", "German PersoSim (eID)\nhttps://persosim.secunet.com/en/" }, + { "3BE900008131FE4541434F534A76323034F6", "ACS ACOSJ-DI 95K (in T=1 mode) (JavaCard)" }, + { "3BE900008131FE4543443169A90000000014", "Mastercard credit card, UBS Switzerland (Bank)" }, + { "3BE900008131FE45434432690900000000B7", "Swiss UBS MasterCard Creditcard" }, + { "3BE900008131FE45454D5620303320200699", "Visa credit card\nMasterCard credit card" }, + { "3BE900008131FE45454D5630325F34530680", "Maestro Card issued by 'First Investment Bank' in Bulgaria\nhttp://fibank.bg/\nVisa Electron card: TATRA BANKA, a.s." }, + { "3BE900008131FE454A434F503130563232A3", "ORGA Open Platform DES 16k V2.0 / JCOP10" }, + { "3BE900008131FE454A434F503234325232A0", "NXP J3D081 (JavaCard)" }, + { "3BE900008131FE454A434F503331563232A0", "JCOP 31 / 72k" }, + { "3BE900008131FE454A434F503431563232A7", "IBM JCOP v2.2 41" }, + { "3BE900008131FE454D434120303320200688", "PayLife Gold MasterCard -- an unbranded version of the master card" }, + { "3BE900FF8131FE45434C6169726532203629", "UB(SK) Visa Vusiness card with PayWave (Bank)\nhttps://www.vub.sk/en/companies-entrepreneurs/cards/debit-cards/visa-business/" }, + { "3BE900FF8131FE45434C6169726533203628", "BZ WBK Mastercard (Bank)" }, + { "3BE900FFC11031FE5500640500C80231800047", "Identity card of Italian Republic" }, + { "3BE900FFC11031FE55C80120504E34303132AD", "Siemens CardOS/M 3.0 (SLE66CX160S)" }, + { "3BEA0000813120438065A2........72D6....", "IDClassic 3XX Cards (with MPCOS Applet)" }, + { "3BEA0000813120438065A20101013D72D643A5", "GemXpresso Pro R3 32PK (MPCOS, T=1) (warn reset)" }, + { "3BEA00008131FE450031C173C840000090007A", "Nigerian eID Card (cold reset)\nChip is NXP JCOP 2.4.1R3\nDual BCR Signum Mastercard (bank) + Digital Signature Costa Rica (eID)\nhttps://bancobcr.com/wps/portal/bcr/bancobcr/personas/tarjetas/signum_firma_digital/" }, + { "3BEA00008131FE45436F6D624F5320494900FE", "UBS VISA Gold Card\nMasterCard from lhv.ee\nNordea Bank Finland PLC Estonian Branch (ABnote)" }, + { "3BEA00008131FE454A434F5033315632333290", "NAB VISA Debit card" }, + { "3BEA00008131FE454A434F5034315632323195", "HID Crescendo C700\nhttps://www.hidglobal.com/products/cards-and-credentials/crescendo/c700" }, + { "3BEA00FF813120750064051401023100900027", "GCOS-MDK" }, + { "3BEA00FF8131FE455455422D434B010301007B", "Technische Universitat Berlin - Campus Karte\nMaybe Sm@rtCafe Expert 2.0 (Giesecke & Devrient)\nor GemXpresso 211 PK (Gemplus)\nIncludes a Mifare-Chip (1 KB - Memory-Chip)" }, + { "3BEB0000813120454A434F503331333647445478", "card for testing (eID)" }, + { "3BEB0000813142454E4C436853434B303430312B", "Dutch University accesscard & Electronic purse & telphone card" }, + { "3BEB0000813142454E4C4368697070657230310A", "Dutch Post (Chipper)" }, + { "3BEB00008131FE450031C0643F680102079000B6", "Chris firstbank (Bank)" }, + { "3BEB00008131FE450031C0643F6801020F9000BE", "VISA Debit card for Taishin International Bank, Taiwan (Bank)" }, + { "3BEB00008131FE450031C0643F680108079000BC", "Debit Mastercard of Mega ICBC, Taiwan (Bank)\nhttps://www.megabank.com.tw/en-us/english/credit-card" }, + { "3BEB00008131FE450031C064A9EC010082900023", "Junta de Extremadura (Spain) public healthcare card (HealthCare)\nhttps://saludextremadura.ses.es/web/preguntas-frecuentes" }, + { "3BEB00008131FE45436F6D624F5320312E3015C5", "Reka Card - Swiss Holiday Member Card (Loyalty)\nhttps://reka.ch/en/rekamoney/privatepersons/reka-card/Seiten/reka-card.aspx?lang=en" }, + { "3BEC00004032424C554520445241474F4E20430001", "Pay TV" }, + { "3BEC00004032544954414E49554D00110106", "Titanium high security access smartcard (the back says something about 'DoorCard') (Other)" }, + { "3BEC00004032544954414E49554D00130202", "Titanium 2 Card Pirat Card for Seca 2 / Viaccess 2004 (Pay TV)" }, + { "3BEC00FF8131FE45A0000000563333304A330600A1", "Datakey model 330J card, www.datakey.com\nhttp://www.hmk.de/downloads/datakey/Model_330J_Smart_Card.pdf\nModel 330J JavaCard v2.1.1\nGlobal Platform v2.0.1 specifications.\nJCCOS operating system applet (Java-based Cryptographic Card Operating System)" }, + { "3BED000080318065B0840100C883009000", "Optelio Cards (D38-D72 R6) T=1 Normal Speed" }, + { "3BED00008131204380318065B083......830090....", "IDClassic 3XX / Classic TPC (IXS, IS, IS V2, IS CC, IM, IM CC, IM CC V3) / MultiApp ID Cards" }, + { "3BED00008131204380318065B08302047E8300900032", "Latvian Digital Signature Card (warm)\nhttp://www.eme.lv/" }, + { "3BED00008131804280318065B0872701BC830890007D", "EMV (V PAY) Issued by UniCredit Bulbank Bulgaria\nGXP7 T=1" }, + { "3BED00008131804280318065B0894001F28300900052", "VISA Debit card for Taishin International Bank, Taiwan" }, + { "3BED00008131FE450031C071C6644D3533560F900046", "Kostadin (Bank)" }, + { "3BED00008131FE450031C071C6644D35354D0F9000", "ING Credit Card (Bank)\nhttps://www.ing.nl/particulier/betalen/creditcards/index.html" }, + { "3BED00FF813120754D424320534D502056312E3130BD", "Used to Control a Laser Device" }, + { "3BEE00008131804280318066B0840C016E01830090008E", "MultiApp Cards (Easy 72K Type B and Combi 72K Type B)\nE.SUN Commercial bank debit master card (Bank)\nTaiwan EasyCard (Transport)\nhttps://www.easycard.com.tw/english/index.asp" }, + { "3BEE00008131804380318066B1A1110100F683009000", "Optelio/Desineo Cards (D72 FXR1)" }, + { "3BEE00008131804380318066B1A11101A0F683009000", "Optelio D72 FXR1 (MD) T=1" }, + { "3BEE00008131804380318066B1A30401110B83009000D4", "Japan Post Bank cash card (Bank)\nhttps://www.jp-bank.japanpost.jp/kojin/chokin/sogou/kj_cho_sg_iccard.html" }, + { "3BEE00008131FE45003180718665016702A00A8390001B", "IBM JCOP 'Java Card 2.1.1' et 'Open Platform 2.0.1'" }, + { "3BEE00008131FE4580318066409093060F1783019000FD", "Health insurance (HealthCare)" }, + { "3BEE00008131FE4580318066409093060F17830F9000F3", "IC card for the National Health Insurance, Taiwan" }, + { "3BEF..0040148025434552455357....0101039000", "Electronic Identification Card from the FNMT, the Spanish Official\nCertification Authority (Fabrica Nacional de Moneda y Timbre)\nFNMT-Ceres Siemens Infineon SLE 19" }, + { "3BEF..0040148025434552455357....0102039000", "FNMT-Ceres Siemens Infineon SLE 20\nFabrica Nacional de Moneda y Timbre" }, + { "3BEF000081312049005C5043541027F8D27600003833004D", "Infineon Technologies PC/SC Compliance Test Card V1.0" }, + { "3BEF000081314069005C50435335C53AD27600003833000F", "Siemens Nixdorf Sicrypt" }, + { "3BEF00008131FC4580318065110113000153414345810421", "Slovenska sporitelna (SLSP) Bank card, Maestro Card with chip" }, + { "3BEF00008131FC4580318065111123100253414345810412", "VISA card issued by UBS, Switzerland" }, + { "3BEF00008131FE450031C173C8211064474D313600900067", "ING Gold Credit Card (Italy) (Bank)\nhttps://www.ing.it/" }, + { "3BEF00008131FE45417441434F53322E345345204C6337C9", "Maestro Polish Alior debit card (Bank)" }, + { "3BEF00008131FE4543443269A98100002020202020200090", "UBS Switzerland Mastercard credit card (Bank)" }, + { "3BEF00008131FE4543443369098000002020202020200030", "Nordea Credit Gold MasterCard (Bank)\nhttp://www.nordea.ee/Private+customers/Daily+banking/Cards/Nordea+Gold/67062.html?lnkid=frontpage_teaser_GOLD_30-07-2014" }, + { "3BEF00008131FE45434D425F436F6D4444413030353500F7", "Master Card (emitted by bank Nordea - Lithuania)" }, + { "3BEF00008131FE45434D425F436F6D5344413030343000E4", "VISA (Danske Bank Eesti / www.sampopank.ee)" }, + { "3BEF00008131FE45434D425F436F6D5344413030353100E4", "Visa (Sampo Estonia, 2010)" }, + { "3BEF00008131FE45436F6D624F53205620202020202000AD", "Corporate Credit Card - SIEMENS MasterCard issued by Degussa Bank (Bank)" }, + { "3BEF00008131FE45436F6D624F53205649202020202000C4", "VfB Stuttgart Fankarte (pay card for the football stadium of the german club VfB Stuttgart)" }, + { "3BEF00008131FE45444C415A46545632444944313030FF06", "Lufthansa ID Card (eID)" }, + { "3BEF00008131FE45455041000000008891027200000000D9", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (Bank)" }, + { "3BEF00008131FE45455041000000010130622200000000C0", "Raiffeisenbank Austria (Raffeisen Club) Maestro debit card (Bank)" }, + { "3BEF00008131FE4546494F4D4B5F3030312030313041009C", "MasterCard/PayPass Card issued by Czech FIO Banka a.s. (contact chip)\nnote the ASCII string ' FIOMK_001 010A' embedded in ATR" }, + { "3BEF00008131FE65005C504353D19147D276000038330070", "Siemens/Infineon Sicrypt S26381-F252-V1 GS:03" }, + { "3BEF00008131FE67005C49434DDBC97ED27600003833001E", "Infineon SICRYPT CardModule Card" }, + { "3BEF00FF8131..456563", "Debit card (Germany): ec-cash, GeldKarte(DEM), Maestro, Cirrus" }, + { "3BEF00FF81312045426173696343617264205A43322E33BD", "ZeitControl BasicCard Enhanced 2.3" }, + { "3BEF00FF81312045426173696343617264205A43332E33BC", "Electronic Purse (Elton Senegal)" }, + { "3BEF00FF81312075426173696343617264205A43332E338C", "ZeitControl BasicCard Enhanced 3.3" }, + { "3BEF00FF81312075426173696343617264205A43332E3788", "ZeitControl BasicCard Enhanced 3.7" }, + { "3BEF00FF81312075426173696343617264205A43332E3986", "ZeitControl BasicCard Enhanced 3.9" }, + { "3BEF00FF81314245.*38", "UNI-Card" }, + { "3BEF00FF8131424565630302030280002240489596002028", "Scard Sparkasse Detmold, Deutschland BLZ 47650130" }, + { "3BEF00FF81315045426173696343617264205A43312E31CC", "ZeitControl BasicCard Compact 1.1" }, + { "3BEF00FF813150456563............................", "GeldKarte v2 (Germany)" }, + { "3BEF00FF8131504565630000000000000000000000000000", "Geldkarte v2" }, + { "3BEF00FF813150456563080B40028000081520033604007E", "old banking card (electronic-card / Maestro / Geldkarte) of the\nStadt-Sparkasse Duesseldorf (like the above, but old - around 2002)." }, + { "3BEF00FF8131504565630D24200280000508335610010243", "German ec card" }, + { "3BEF00FF813152454D46432049424D2034304839363031FB", "IBM MFC 3.5 file system smart card\n(Card from the book 'Smart Card Application Development Using Java')" }, + { "3BEF00FF8131604565630402110000000000A532A50111B6", "GledKarte\nSiemens M3-Module with a Motorola SC-28.\nG&D (Giesecke&Devrient) Geldkarten-OS mit der Version 11" }, + { "3BEF00FF813160456563060314025000065108115E014190", "Geldkarte from Deutsche Bank, Thomson-Chip" }, + { "3BEF00FF8131664549424D204D46433430303230383331A1", "IBM MFC 4.1 file system smart card\nCard from the book 'Smart Card Application Development Using Java'\nauthors: Uwe Hansmann, Martin. S. Nicklous, Thomas Schack, Achim Schneider, Frank Seliger" }, + { "3BEF00FF813166456563202049424D20332E3120202020", "IBM eCash" }, + { "3BEF00FF813166456563202049424D20332E3120202020CF", "IBM eCash" }, + { "3BEF00FF8131864549424D204D4643343030303038333143", "ComCard MFC 4.1" }, + { "3BEF00FF8131FE4065631D038602500023151131280110FD", "DKB Banking Card (EC-Karte 2023) (Bank)\nhttps://www.dkb.de/" }, + { "3BEF00FF8131FE4141434F532046696F6E6131204C633666", "EUROBANK GR (Bank)\nNBG BANK (Bank)" }, + { "3BEF00FF8131FE4541434F53204449616E6131204C63364E", "comdirect VISA card (Bank)\nhttps://www.comdirect.de/konto/karten.html#Visa-Karte" }, + { "3BEF00FF8131FE4541434F53204449616E6132204C63364D", "Alior Bank SA (Bank)\nhttps://www.aliorbank.pl/" }, + { "3BEF00FF8131FE45656306087102500023B8105BA0471116", "DKB Banking Card (EC-Karte 2020) (Bank)" }, + { "3BEF00FF8131FE4565630D12810156001F00006686080122", "Commerzbank signature card SECCOS (6 or 7) providing RAH security profile (Bank)\nhttps://www.chipkartenleser-shop.de/commerzbank/electronic-banking-chipkarten/commerzbank-signaturkarte-2710050006" }, + { "3BEF00FF8131FE4565631104010280000F274000030100E1", "Postbank Geldkarte" }, + { "3BEF00FF8131FE4565631104010280000F462004230100C4", "Postbank ec/Maestro (Germany)" }, + { "3BEF00FF8131FE4565631108430250001021200324053016", "Bank (Bank)" }, + { "3BEF00FF8131FE456563111261025000100A072722071022", "DKB Online Banking Card (Bank)\nhttps://www.dkb.de" }, + { "3BEF00FF8131FE456563111261025000100A07811C0710BA", "German Sparkasse HBCI card (Bank)\nhttps://www.sparkasse.de/service/finanzlexikon/hbci-verfahren.html" }, + { "3BEF00FF8131FE4565631113710528001F00010228372060", "MasterCard of SpardaBank Hamburg in Germany (Bank)\nhttps://www.sparda-bank-hamburg.de" }, + { "3BEF00FF8131FE4565631113710528001F0006124137201E", "BankCard Sparda-Bank Baden-Wurttemberg eG (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F0007241A372072", "Commerzbank Maestro Card (Bank)\nhttp://www.maestrokarten.de/girokontovergleich/commerzbank_girokonto.html" }, + { "3BEF00FF8131FE4565631113710528001F00083B3C372044", "Comdirect Debit Card Germany - AustriaCard 55616 (Bank)\nhttps://www.comdirect.de/" }, + { "3BEF00FF8131FE4565631113710528001F000A1B18372042", "German debit card (girocard, V-Pay) (Bank)\nhttps://www.girocard.eu/english/" }, + { "3BEF00FF8131FE4565631113710528001F000B161C37204A", "Commerzbank / girocard /maestro (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F000D163A37206A", "BankCard Sparda-Bank West eG (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F00120F24372072", "Debit card (Germany): Postbank - GeldKarte (EUR), girocard, V-PAY (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F00153D47372024", "Girocard issued by Comdirect bank AG (Bank)" }, + { "3BEF00FF8131FE4565631113710528001F00193516372071", "Commerzbank Germany (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F00024D36371005", "comdirect girocard (Bank)\nhttps://www.comdirect.de/konto/karten.html#girocard" }, + { "3BEF00FF8131FE4565631114710528001F0003443137100A", "DKB Banking Card (Bank) (Bank)\nhttps://www.dkb.de" }, + { "3BEF00FF8131FE4565631114710528001F00034A36371003", "German Sparkasse, Girocard, GeldCard, girogo, EUROSERV (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F0005210F371057", "girocard maestro Bank (Bank)\nhttps://www.girocard.eu/" }, + { "3BEF00FF8131FE4565631114710528001F0006302F371065", "MasterCard German Sparkasse (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F0006543137101F", "Sparkasse (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F00071D46371020", "DKB (Deutsche Kreditbank) debit card (V-PAY) (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F000A1E1337107B", "girocard (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F000B361B37105A", "Kreissparkasse bank Girocard (Germany) (Bank)\nhttps://www.kskmse.de/de/home/privatkunden/girokonto/girokonto-online.html?n=true&stref=productbox" }, + { "3BEF00FF8131FE4565631114710528001F000C1A1737107D", "Bank card issued by Sparkasse (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F000C2024371074", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ... (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F000C3D35371078", "Sparkasse KolnBonn Bank (Bank)\nhttps://www.sparkasse-koelnbonn.de" }, + { "3BEF00FF8131FE4565631114710528001F0010142437105C", "Deutsche Kreditbank AG (Bank)\nhttps://www.dkb.de/" }, + { "3BEF00FF8131FE4565631114710528001F00112D4F37100F", "Bank card (Bank)\nhttps://www.commerzbank.de/" }, + { "3BEF00FF8131FE4565631114710528001F00113B32371064", "DKB GiroCard (Bank)\nhttps://dkb.de" }, + { "3BEF00FF8131FE4565631114710528001F00172846371005", "Sparkasse Zwickau Maestro card (Bank)\nhttps://www.spk-zwickau.de/de/home/privatkunden/girokonto/sparkassencard.html" }, + { "3BEF00FF8131FE4565631114710528001F00180F48371023", "SparkassenCard (Bank)\nhttps://sparkasse.de" }, + { "3BEF00FF8131FE4565631114710528001F0018242A37106A", "Sparkasse girocard (Bank)" }, + { "3BEF00FF8131FE4565631114710528001F00182D1C371055", "Debit card (Germany): ec-cash, GeldKarte(EUR) (Bank)" }, + { "3BEF00FF8131FE456563111562025000100A002B2107201E", "EC Card Sparkasse Mittelfranken Sued (Bank)\nhttps://www.spkmfrs.de" }, + { "3BEF00FF8131FE456563111562025000100A002EFC0720C6", "maestro BankCard (Bank)" }, + { "3BEF00FF8131FE456563111562025000100A09AC030720B2", "Girocard Sparkasse Darmstadt (Bank)" }, + { "3BEF00FF8131FE4565631901620280000F003500420620BB", "Credit card (Germany, Postbank AG): VISA" }, + { "3BEF00FF8131FE4565631D0284025000230509A0D9010182", "Debit card (Bank)" }, + { "3BEF00FF8131FE4565631D028402500023180920E7010121", "Deutsche Kreditbank AG (DKB AG) bank card (Bank)\nhttps://www.dkb.de/info/tan-verfahren/chipTAN/" }, + { "3BEF00FF8131FE458031C06B49424D204A65745A204D3239", "UBS Internet Card (IBM JetZ M2)" }, + { "3BEF00FF8131FE458031E06B042105026B55555555555568", "MasterCard credit card for Mega International Commercial Bank, Taiwan (Bank)\nhttps://www.megabank.com.tw/creditcard/index.asp" }, + { "3BEF00FF8131FF6549424D204D4643393232393238393017", "IBM MFC 4.22 (University of Cambridge smartchip card)" }, + { "3BF01100FF01", "Not a physical smart card. But a JavaCard simulator ATR with default configuration. (JavaCard)" }, + { "3BF01200FF9181B17C451F019B", "Japanese Chijou Digital B-CAS Card (pay TV) (Pay TV)" }, + { "3BF01200FF9181B17C451F0399", "Japanese Chijou Digital B-CAS Card (pay TV)" }, + { "3BF01200FF9181B1EF451F030A", "Japanese Digital CATV C-CAS card" }, + { "3BF01300001000", "MasterCard ETEC InterOp 27. This is an dual-app Maestro/MasterCard Credit EMV test card" }, + { "3BF01300008131FE45E8", "Healthcare card Romania (HealthCare)\nhttp://www.cnas.ro/casmb/national-page/cardul-national-de-asigurari-de-sanatate-2.html" }, + { "3BF01300FF9181B1FE461F0319", "Japan BS/CS 4K Satellite Broadcasting A-CAS Card (Pay TV)\nhttp://www.acas.or.jp/index.html" }, + { "3BF2180000C10A31FE55C80675", "HID iCLASS P16K C4H\nproximity card used for both door locks and keystore" }, + { "3BF2180002C10A31FE55C80776", "Siemens CardOS V4.3" }, + { "3BF2180002C10A31FE58C80874", "Siemens CardOS V4.3B\nD-Trust multicard 2.1 (may only be the testcard for it)" }, + { "3BF2180002C10A31FE58C80975", "Siemens CardOS V4.2B" }, + { "3BF2180002C10A31FE58C80B77", "CardOS V4.2C (SLE66CX360PE dual interface)" }, + { "3BF21800FFC10A31FE55C8068A", "Siemens CardOS M 4.2 (SLE66CX642P)" }, + { "3BF2960000813180438031A6", "Card of Justice (Other)" }, + { "3BF29800FFC11031FE55C80315", "Siemens CardOS M 4.01 (SLE66CX320P)" }, + { "3BF29800FFC11031FE55C80412", "CardOS M4.01a (SLE66CX322P)" }, + { "3BF39600FFC00A31FE4D8031E083", "MARX Cryptoken (supported by RaakSign)" }, + { "3BF41300008131FE4552465A4FED", "Serbian Health Care electronic card (HealthCare)\nhttp://www.rfzo.rs/index.php/osiguranalica/ekartica" }, + { "3BF4180002C10A31FE5856346376C5", "Eutron CryptoIdentity (reader + card token)" }, + { "3BF41800FF8131805500318000C7", "Identity card of Italian Republic" }, + { "3BF49800FFC11031FE554D346376B4", "Eutron Digipass 860 (reader + card token)" }, + { "3BF51300008131FE4573746431308F", "card for NF-e in Brazil (PKI)\nhttps://certificadodigital.imprensaoficial.com.br/certificados-digitais/e-cnpj/a3/e-cnpj-a3-cartao" }, + { "3BF51800008131FE454D794549449A", "Aventra ActiveSecurity MyEID\nhttp://www.aventra.fi/pdf/ActiveSecurity%20MyEID%20Tokens%20white%20paper%20(2p)%20EN.pdf" }, + { "3BF518000210804F73454944", "Atmega 128 microcontroller based open source EID smartcard with RSA and ECC. (eID)\nhttps://oseid.sourceforge.io/" }, + { "3BF57100FFFE2400011E0F3339320103", "Mydo IC Card from Japan, based on NTTDATA CARD (Loyalty)\nhttps://www.idemitsu.com/company/history/13.html" }, + { "3BF59100FF918171FE40000A086E773A65", "iCLASS Card (Other)" }, + { "3BF59100FF918171FE4000410000000005", "Contactless Mifare Ultralight" }, + { "3BF59100FF918171FE400041080000000D", "Contactless Mifare" }, + { "3BF59100FF918171FE400041180000001D", "Contactless Mifare 4k" }, + { "3BF59100FF918171FE400041880000008D", "Contactless Mifare 1k or 4k" }, + { "3BF59100FF918171FE4000420001008186", "American Express Blue RFID" }, + { "3BF59100FF918171FE400042000100D1D6", "Japanese Public Key Infrastructure (PKI)\nhttps://www.jpki.go.jp/\nMy Number Card (The Social Security and Tax Number System in JAPAN) (eID)\nhttps://www.cao.go.jp/bangouseido/" }, + { "3BF59100FF918171FE400042000177D1A1", "German Passport (ePass) (issued May 2008)" }, + { "3BF59100FF918171FE4000420001B3A115", "Individual Number Card (eID)\nhttps://www.kojinbango-card.go.jp/" }, + { "3BF59600008.31FE454D794549441.", "MyEID card (Infineon chip) (PKI)\nhttps://services.aventra.fi/English/products_MyEID_E.php" }, + { "3BF61300FF1080434849503232", "PostFinance debit (Bank)\nhttps://www.postfinance.ch" }, + { "3BF61300FF910131FE4080640F7000009E", "JA Bank Cash Card (Bank)\nhttps://www.jabank.org/" }, + { "3BF61800FF8131FE454A32413038301B", "NXP J2A080 - 80K (blank)\nhttp://www.classic.nxp.com/acrobat_download2/literature/9397/75016728.pdf" }, + { "3BF61800FF8131FE454A434F5032300E", "IBM JCOP20" }, + { "3BF61800FF8131FE454A434F5033300F", "Philips P8RF5016 running IBM JCOP 30 (contact interface)" }, + { "3BF61800FF8131FE454A434F5033310E", "IBM JCOP BIO31\nIBM JCOP BIO31 Java card" }, + { "3BF71100008131FE6543616E6F6B657999", "Canokey (Other)\nhttp://canokeys.org/" }, + { "3BF711000081718042000063950A019000B9", "ATM Card for Chunghwa Post Inc., Taiwan" }, + { "3BF71100008171FE420000639501019000CC", "ATM Card for Mega International Commercial Bank, Taiwan\nATM card for HSBC Direct, Taiwan\nATM card for TaChong Bank, Taiwan\nATM card for Chunghwa Post, Taiwan\nVISA card for Taipei Fubon Bank, Taiwan\nATM card for Cathay United Bank, Taiwan (Bank)\nhttps://www.cathaybk.com.tw/cathaybk/english/eindex.htm" }, + { "3BF71100008171FE420000639531029000FF", "VISA card for Taipei Fubon Bank, Taiwan" }, + { "3BF71100008171FE420000639531049000F9", "E.SUN Bank, Taiwan (Bank)\nhttps://www.esunbank.com.tw" }, + { "3BF71100008171FE420000639531059000F8", "ATM card for Chunghwa Post, Taiwan\nATM card for E.Sun Commercial Bank, Taiwan\nATM card for Taishin International Bank, Taiwan\nATM card for Bank of Taiwan, Taiwan\nATM card for Land Bank of Taiwan, Taiwan" }, + { "3BF711000140965430040E6CB6D6", "Atmel (FunCard) Smart Card with AT90S8515 and 24LC64 chip on it (Other)\nhttp://docs-europe.electrocomponents.com/webdocs/1173/0900766b811730a2.pdf" }, + { "3BF711000140965430040E6CB6D69000", "PIC16F876-04/SP (PICCard2) or\nPIC16F84A-04/P + 24LC16B (PICCard1) or\nCanal + Canal Digital Spain year 2000/2001 or\nPIC Silver Card 2 (PIC16F876/7 + 24C64)" }, + { "3BF711000140965760140E6CB6D6", "old SECA of D+ Italian sat pay tv" }, + { "3BF711000140965842140E6CB6D6", "UK on digital (terrestrial digital TV card)" }, + { "3BF711000140966060060E6CB6D6", "CANAL+ CANALSATELLITE SmartCard (possibly from 2005) (Pay TV)" }, + { "3BF711000140967070070E6CB6D6", "Cyfra+ SECA Card\nhttp://cyfraplus.pl/" }, + { "3BF711000140967070070E6CB6D69000", "M-II (a.k.a. M-2, a.k.a. Platinum Card), AT90SC6464C based\nKnotCard II\nTitaniumElite" }, + { "3BF7110001409670700A0E6CB6D6", "TopUp TV NagraVision viewing card" }, + { "3BF7110001409670700A0E6CB6D69000", "Canal Digitaal (Pay TV)\nhttp://webshop.canaldigitaal.nl/nl/smartcards-2" }, + { "3BF711000140967070170E6CB6D6", "Canal Satellite card (VERSION 7.1 SYSTEM / SECA2)" }, + { "3BF711000140967070370E6CB6D6", "Carte pour decodeur cable numerique (fourni par www.voo.be et\nwww.ledecodeur.be)" }, + { "3BF711000140967070670E6CB6D6", "UK TopUp TV" }, + { "3BF711000140967071090E6CB6D6", "Carte pour decodeur tele de Neuf Telecom TV" }, + { "3BF71300001000F14040919B9000", "Handelsbanken Inloggningskort (Bank)\nhttps://www.handelsbanken.se/sv/privat/digitala-tjanster/bankid-pa-kort" }, + { "3BF71300008131FE4500C08AC80C658185", "NXP JCop (JavaCard)" }, + { "3BF71300008131FE45464F4D534F4D53A9", "Health card Russian Federation" }, + { "3BF71300008131FE454A434F503234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BF71300008131FE4580654A5030310415", "Nichizeiren Denshi-shomei (eID)\nhttps://www.nichizeiren.or.jp/taxaccount/auth/fifth/" }, + { "3BF71800008031FE45736674652D6E66C4", "SmartCafe Expert 3.2 72K" }, + { "3BF71800008031FE45FE42475265494424", "Bulgarian eID PKI card pilot on IFX SLE78 jTOP (PKI)" }, + { "3BF71800008131FE458055433776706B28", "Only labeled 'J35110', dual interface (JavaCard)" }, + { "3BF718000081718042000063840C019000A7", "Citibank Taiwan ATM Card (Bank)\nhttps://www.citibank.com.tw/" }, + { "3BF718000081718042000063950A019000B0", "7-Eleven icash card, Taiwan" }, + { "3BF79100FF918171FE40000A0260CF5104CB7F", "UK Metro Bank Mastercard Debit (Bank)\nhttps://www.metrobankonline.co.uk/" }, + { "3BF79100FF918171FE40004120001177818040", "Contactless Mifare DESFire" }, + { "3BF8110000400A01654E434F533037", "eNCOS + MCA, MchipAdvance bundled with eNCOS (Bank)" }, + { "3BF81100008171FE4200544E051900000002A1", "Taiwan EasyCard (Transport)\nhttps://www.easycard.com.tw/english/index.asp" }, + { "3BF811200340FF0303030312109000", "Bar Ilan KesefCard from Bezeq (Other)\nhttps://halemo.net/web/www.aurora.co.il/english/c_kesefcard.html" }, + { "3BF811200340FFFFFFFFFF12109000", "G&D (STARCOS SV 1.1)" }, + { "3BF813000010000073C84011009000", "Vivid Money Visa Debit (Bank)\nhttps://vivid.money" }, + { "3BF81300008131FE15597562696B657934D4", "Yubico Yubikey 4 OTP+CCID" }, + { "3BF81300008131FE4546494445534D4F318E", "Fidesmo Card with Dual Interface (JavaCard)\nhttp://shop.fidesmo.com/product/fidesmo-card-dual-interface" }, + { "3BF81300008131FE454A434F50763234....", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BF81300008131FE454A434F5076323431B7", "Nigerian eID Card (blank card)\nChip is NXP JCOP 2.4.1R3\nBank of Hawaii (Bank)\nhttps://www.boh.com/\nLA BANQUE POSTALE (Bank)\nhttps://www.labanquepostale.fr/\nbnpparibas (Bank)\nhttp://www.bnpparibas.com/\nJcop040 (JavaCard)\nJcop21 (JavaCard)\nVisa debit classic (Bank)\nhttp://www.jpmorganchase.com/\nJPMorgan Chase (Bank)\nVisa (Bank)\nhttps://unitedfcu.com/\nJP Morgan chase bank (Bank)\nhttp://www.jpmorganchase.com/\nNavy Federal Credit Union (Bank)\nhttps://www.navyfederal.org" }, + { "3BF81300008131FE454A4F5076323431B7", "Nigerian eID card (eID)" }, + { "3BF81300008131FE455049564B45593730FF", "PIVKey CP70 (PKI)\nhttps://pivkey.com/" }, + { "3BF81300008131FE455241414B43327635CB", "Raak C2 Smart Card (PKI)\nhttp://www.raaktechnologies.com/software-downloads-documentation/" }, + { "3BF81300008131FE45534B555001000000FC", "Silesian Card of Public Services (Transport)\nhttps://portal.kartaskup.pl/" }, + { "3BF81300008131FE45536D617274417070F8", "national Lithuania ID card" }, + { "3BF81300008131FE45FF4A32413034300012", "MIDAS Card Diversification Key JavaCard (J2A040) (Bank)\nhttps://github.com/kategray/midas" }, + { "3BF81300FF108053430663010F900000", "Affinity CUIA Debit (JavaCard)\nhttps://www.affinitycuia.org" }, + { "3BF81300FF910131FE41534C4A01305023100D", "Walden Mutual Bank (Bank)\nhttps://www.waldenmutual.com/sustainable-bank-for-individuals#footnote-s0-4" }, + { "3BF81300FF910131FE41534C4A263123020168", "Chase Visa Debit (Bank)" }, + { "3BF81300FF910131FE41534C4A263123421F36", "Infineon SLJ26P (JavaCard)" }, + { "3BF81800008031FE450073C8401300900092", "G&D StarSign Token" }, + { "3BF81800008131FE450073C8400000900080", "NXP JCOP 31 V2.2 36K - S/C I/F" }, + { "3BF81800008131FE450073C8401300900093", "Giesecke & Devrient Sm@rtCafe Expert 3.0" }, + { "3BF81800008131FE454A434F50563234319C", "NXP JCOP2.4.1\nJ3A080 80KB T=1 GP2.1.1 JC2.2.2 SCP02" }, + { "3BF81800008131FE454A434F5076323431BC", "NXP J2A080 JavaCard" }, + { "3BF81800FF8131FE450073C840000090007F", "NXP JCOP 10\nNXP JCOP 31 (contact interface)" }, + { "3BF81800FF8131FE454A434F507632343143", "VIVOtech SAM\nNXP JCOP V241\nNXP J3A081 JavaCard (contact interface)" }, + { "3BF89600008031FE470073C840000090000D", "Italian driver tachograph smartcard (Transport)\nhttps://www.to.camcom.it/cartatachigrafica" }, + { "3BF89600008131FE4400739401C00F9000DD", "fourth-generation Hong Kong permanent identity card (Other)\nhttps://en.wikipedia.org/wiki/Hong_Kong_identity_card" }, + { "3BF89600008131FE454A434F507632343132", "NXP JCOP 2.4.1 (JavaCard)" }, + { "3BF91100008131FE45436F6D624F53205600AA", "VISA Card (Bank)" }, + { "3BF91300008131F0454E425502000320000097", "Bank" }, + { "3BF91300008131FE45454F4E436172645631F6", "NXP J2A080 (PKI)\nhttp://www.smartcardsource.com/contents/en-ca/d9_JCOP-NXP-cards.html" }, + { "3BF91300008131FE454A434F503234........", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BF91300008131FE454A434F503431563234A2", "JCOP41 v2.4" }, + { "3BF91300008131FE454A434F5076323431B701", "J2A040 NXP (JavaCard)\nhttps://secure.smartcardsource.com/j2a040-java-smart-card.html" }, + { "3BF91300008131FE45535049564B45593730AD", "PIVKey T840 (Other)\nhttps://pivkey.com/" }, + { "3BF91300FF10808031E0554245524753", "Banrisul bank" }, + { "3BF91500FF910131FE43806448657261829000C7", "RC-S500 card (FeliCa SAM for reader?) (Other)" }, + { "3BF918000000534345372003002046", "G+D FIPS 201 SCE 7.0 (PKI)" }, + { "3BF91800008031FE4580574E454F574156457D", "Neowave Weneo" }, + { "3BF91800008131FE45393532383530313331DA", "JCOP31 / 72B1 V2.2 (4096 RSA key support)\nSmartcard Dual Interface JCOP31 with 72KB EEPROM and V2.2 Java Card Open Platform" }, + { "3BF91800008131FE454A32443038315F5056B6", "NXP J2D081 Java Card 80KB JCOP 2.4.2 R2 GP 2.2.1 JC 3.0.1 (JavaCard)\nhttp://www.javacardsdk.com/Index.aspx?p0=AAT1P0000012&p1=1&p2=1&p3=1&p4=0&p5=1" }, + { "3BF91800008131FE454A434F503231563232A9", "NXP JCOP 21 V2.2 36K" }, + { "3BF91800008131FE454A434F503331563232A8", "JCOP31 / 72B1 V2.2\nSmartcard Dual Interface JCOP31 with 72KB EEPROM and V2.2 Java Card Open Platform" }, + { "3BF91800008131FE454A434F503431563232AF", "JCOP41 Cards (not supported, but recognized by Classic Client)\nNHS Care Identity Service (CIS) smartcard (HealthCare)\nhttps://www.e-lfh.org.uk/programmes/national-ra-and-smartcard-policy/" }, + { "3BF91800008131FE4550565F4A3244303831B6", "Taiwanese Health Professional Card(TW HPC) (HealthCare)\nhttps://hca.nat.gov.tw/Intro.aspx" }, + { "3BF91800FF8131FE4550565F4A334130343040", "Yubico Yubikey NEO OTP+U2F+CCID (PKI)\nhttps://www.yubico.com/products/yubikey-hardware/yubikey-neo/" }, + { "3BF91800FF8131FE4550565F4A33413038314D", "NXP JCOP J3A081 (JavaCard)\nhttps://secure.smartcardsource.com/j3a081m.html" }, + { "3BF99100FF9181714040000A80041E2E222C1490C2", "Mifare DESFIRE (Other)" }, + { "3BF99100FF91817140400041800431766A781690E0", "DESFIRE MIVARE EV2 (Other)" }, + { "3BF99100FF9181714040004180045B89BAB352803A", "mifare desfire 2k (eID)" }, + { "3BF99100FF918171FC40000A095161900058C290D2", "NFC PASS card (eID)" }, + { "3BF99400008131FE6546542056313030900083", "ePass 2000" }, + { "3BF99600008031FE454A546178436F7265560F", "Secure element for fiscal system in Serbia (PKI)" }, + { "3BF99600008031FE4553434537200000202027", "G&D SmartCafe Expert 7 (JavaCard)" }, + { "3BF99600008031FE4553434537200300204642", "ActivIdentity Activkey Sim (PKI)\nhttps://www.hidglobal.com/products/cards-and-credentials/activid/usb-tokens" }, + { "3BF99600008031FE4553434537200F0020464E", "Giesecke & Devrient (DoD Alternate Token) G+D Sm@rtCafe Expert v7.0 144K DI #3 (PKI)" }, + { "3BF99600008031FE4553434537202000202007", "Serbian Identity Card (eID) (eID)" }, + { "3BF99600008031FE45534345372047434E335E", "Serbian Identity Card (eID)" }, + { "3BF99600008031FE455343453720474E335E", "Serbian Identity Card (eID)" }, + { "3BF99600008131FE45454F4E43617264563173", "eONCard V1 (PKI)" }, + { "3BF99600008131FE4553434537200E00202028", "Giesecke & Devrient GmbH StarSign CUT S" }, + { "3BF99600008131FE45535049564B4559373028", "Taglio PIVKey C980 (PKI)\nhttps://www.pivkey.com" }, + { "3BF99800FFC11031FE55414D20434D4431313083", "Service card of the Ministry of Defense of Italy - Military Aviation" }, + { "3BF99800FFC11031FE55454920434D4431313083", "Service card of the Ministry of Defense of Italy - Italian Army" }, + { "3BF99800FFC11031FE554D4D20434D443131308F", "Service card of the Ministry of Defense of Italy - Navy" }, + { "3BF99800FFC11031FE55504320434D443131309C", "Service card of the Ministry of Defense of Italy - Civil personnel" }, + { "3BFA..00008131..438065A2........72D6....", "IDClassic 3XX Cards (with MPCOS Applet)" }, + { "3BFA00008131FE450031C173C840000090007A", "J3R150 EMV (JavaCard)\nhttp://www.gdrfid.com/" }, + { "3BFA1100008131FE45436F6D624F5320495600E0", "MyWireCard 2go Prepaid VISA Card" }, + { "3BFA110002406043C602F8030300009000", "DeLaRue DX(?)" }, + { "3BFA1300008131FE15597562696B65794E454FA6", "Yubikey NEO" }, + { "3BFA1300008131FE450031C173C8400000900079", "Nigerian eID Card (warm reset)\nChip is NXP JCOP 2.4.1R3" }, + { "3BFA1300008131FE454465786120434620763198", "Dexa Systems Crossfire Card (PKI)\nhttp://www.dexasystems.com/products-services/products/dexa-smartcards-credential-tokens-peripherals" }, + { "3BFA1300008131FE454A434F503.3.56323332..", "JCOPxx/yy v2.3.2 (see hist bytes for more info)" }, + { "3BFA1300008131FE454A434F50323156323331", "J2A040 JCOP (JavaCard)" }, + { "3BFA1300008131FE454A434F5032315632333191", "NXP JCOP 21 V2.3.1 36K" }, + { "3BFA1300008131FE454A434F5032315632343196", "NXP JCOP 2.1 V 2.4.1 (JavaCard)" }, + { "3BFA1300008131FE454A434F50343156", "JCOP41 V221" }, + { "3BFA1300008131FE454A434F5034315632333197", "JCOP41 /72K (eID)" }, + { "3BFA1300008131FE454A434F50763234........", "NXP JCOP v2.4.x (see hist bytes for more info)" }, + { "3BFA1300008131FE54A434F503233191", "Jcop (JavaCard)" }, + { "3BFA1300FF813180450031C173C00100009000B1", "OpenPGP" }, + { "3BFA1300FF918131FE478012392F31C073C7014907", "MITSUBISHI Standard-9M (PKI)\nhttps://www.mdis.co.jp/service/standard-9m/" }, + { "3BFA1800008031FE45FE654944202F20504B4903", "Estonian Identity Card (EstEID v3.5 (10.2014) cold) (eID)\nhttp://id.ee/" }, + { "3BFA1800008131FE4506082A841001876E0805BC", "Dutch Rijkspas (eID)" }, + { "3BFA1800008131FE4506082A841001876E0807BE", "Rijkspas (identification card dutch government employees) (eID)\nhttps://nl.wikipedia.org/wiki/Rijkspas\nDutch government multifunctional smartcard (Other)\nhttps://nl.wikipedia.org/wiki/Rijkspas" }, + { "3BFA1800008131FE45060860841001876F0602FE", "Card used by the Dutch health insurers to give medical personnel access to patient insurance information" }, + { "3BFA1800008131FE4546534A434F503453494480", "NXP Java Card JCOP4 P71 GP2.3 JC3.0.5 (JavaCard)\nhttps://www.javacardsdk.com/product/j3r180sim/" }, + { "3BFA1800008131FE454A33413034305632343184", "NXP J3A 40K\nJava Card v2.2.2 - Global Platform v2.2.1\nDual-interface functionality (features 1K Mifare emulation)" }, + { "3BFA1800008131FE454A33413038315632343189", "NXP JCOP CJ3A081\nhttp://www.usmartcards.com/media/downloads/492/NXP%20P5CX012%2002X%2040%2073%2080%20144%20%20%202011.pdf" }, + { "3BFA1800008131FE454A3344303831563234328F", "AustriaCard Dual Interface Unpersonalized EMV Cards (Bank)\nhttps://www.austriacard.com" }, + { "3BFA1800008131FE454A434F503431563232319D", "NXP JCOP 41 v2.2.1 72k SmartCard I/F" }, + { "3BFA1800008131FE454A546178436F72655631B2", "Taxpayer Portal Authentication for Fiji Revenue & Customs Service taxpayer portal (PKI)" }, + { "3BFA1800008131FE454D4F54494F4E0000900760", "SIM card (Telecommunication)" }, + { "3BFA1800008131FE4550564A434F5033454D5694", "NXP JCOP3 J3H082 Java Card 3.0.4 Dual-Interface (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop3-j3h082-java-card-3-0-4-j3h081-dual-interface/" }, + { "3BFA1800008131FE4550564A434F503453494493", "National Health Insurance (Taiwan) (HealthCare)" }, + { "3BFA180000910131FE454A33523138302D323535F5", "Cardlogix J3R180 NXP JCOP 4 Java Card 3.0.5 Classic Dual Interface (JavaCard) (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, + { "3BFA180000910131FE454A33523331302D333535FF", "NXP JCOP 4 Java Card 3.0.5 Classic (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, + { "3BFA180000910131FE4550564A434F503453494482", "Supposed P71 SecID purchased from a Chinese manufacturer (JavaCard)" }, + { "3BFA180000910131FE456BD1936AC2F28547E164CC", "J3R180, NXP JCOP4 JC3.0.5 Classic, GP2.3, SECID (JavaCard)\nhttps://www.cardlogix.com/product/nxp-jcop-4-java-card-3-0-5-classic/" }, + { "3BFA180002C10A31FE584B53776973735369676E89", "SuisseId card (used for qualified signatures)\nhttp://postsuisseid.ch/de/suisseid\nhttp://www.suisseid.ch/" }, + { "3BFA1800FF10004A546178436F72655631", "NXP JCOP4 J3R200 P71 (JavaCard)" }, + { "3BFA1800FF8031FE450031807394410000900090", "Kazakhstan Identity Card 2022 (eID)" }, + { "3BFA1800FF8131FE454A434F5032315632333165", "TrubDemax healthcare card\nJCOP 21 / 72k" }, + { "3BFA1800FF8131FE454A434F5034314332303074", "HID Crescendo C200\nhttps://www.hidglobal.com/sites/hidglobal.com/files/resource_files/crescendo-c200-c700-smart-card-ds-en.pdf" }, + { "3BFA1800FF8131FE454A434F5034315632323162", "JCOP41\nHID Crescendo C700\nhttp://www.hidcorp.com/\nShould be compatible to RAAK\nhttp://www.raaktechnologies.com/\nMarx CrypToken MX2048-JCOP USB Token" }, + { "3BFA1800FF8131FE454A434F5034315632333163", "JCOP41 V2.3.1 Dual Interface, Mifare emulation, 72K (NXP SmartMX P5CT072)\nJCOP (Java Card OpenPlatform) is a Java smart card distributed and developed by NXP.\nThe JCOP 41 v2.3.1. is an USB-smart card and can be used not only with standard smart card reader, but also with simple USB-connectors. The JCOP card is connected as ICCD card and can be used with such ICCD standard drivers.\nJCOP 41 is a Dual-Interface Smart Card, that means, the card can also be contacted with a contactless card reader. For building access systems, this card is also be able to emulate Mifare Classic 1k/4k.\nJCOP 41 v2.3.1 is compliant to JavaCard Standard 2.2.1. and GlobalPlattform 2.1.1. Their cryptographic features supports RSA up to 2432 bit, 'Eliptic curves' - ECC GF(2n), AES and 3DES.\nMore information is available here:\nhttp://www.nxp.com/documents/short_data_sheet/P5Cx009_P5Cx072_FAM_SDS.pdf" }, + { "3BFA940000813120438065A20101013D72D64321", "GemXpresso Pro R3 32PK (MPCOS, T=1)" }, + { "3BFA9600008031FE450031C8239752270F9000C1", "Swedish ID card (eID)" }, + { "3BFA960000813180438065A20101013D72D64383", "Malta identity card delivered by the Identity Management Office (eID)\nhttps://mhas.gov.mt/en/MHAS-Departments/Land%20Public%20Registry/Pages/ID-MO.aspx" }, + { "3BFA9800FFC11031FE55C8035341475F504B493277", "Siemens corporate ID card (access to the building / rooms etc,\nstores PKI private keys/certificates)" }, + { "3BFA9800FFC11031FE55C8045341475F504B493270", "Siemens Corporate Card (Belgium , Germany)" }, + { "3BFB11000040288059535059525553AE0002", "Spyrus Rosetta Basic" }, + { "3BFB11000040788059535059525553AE0202", "Rosetta(r) Series II Smart Card manufactured by Spyrus\nhttp://spyrus.com/products/rosetta_smart_usb.asp" }, + { "3BFB1100008131FE450031C06477E910000090006A", "OCS ID-One Cosmo Card USB Token" }, + { "3BFB1100FF81318055006802001010534941450004", "Italian Society of Authors and Publishers ticket and report signing smart card (PKI)\nhttps://www.siae.it/en/utilizzatori/other-services-stamps-certifications-data-and-statistics/automated-ticket-issuing-systems" }, + { "3BFB1300008131FE454A434F50533.3.56323332..", "JCOP-Sxx/yy v2.3.2 (see hist bytes for more info)" }, + { "3BFB1300008131FE456368617269736D6174657884", "Charismathics smart card JCOP and Qualified electronic signature CHJCOP-xxx (PKI)\nhttps://www.stampit.org/en/page/808" }, + { "3BFB1300FF10000031C164099511380F9000", "Mastercard World Elite (CapitalOne Venture) (Bank)\nhttps://www.mastercard.us/en-us/personal/find-a-card/world-elite-mastercard-credit.html" }, + { "3BFB1300FF10800031C164086032060F9000", "Stripe Issuing Card (Bank)" }, + { "3BFB1300FF10800031C164086032100F9000", "Varo (Bank)" }, + { "3BFB1300FF10800031C164089862210F9000", "Visa Debit (Bank)" }, + { "3BFB1300FF10800031C164089862290F9000", "Bank Card (Bank)" }, + { "3BFB1300FF10800031C1640924331E0F9000", "TransferWise Debit Card (Bank)\nhttps://wise.com/" }, + { "3BFB1300FF10800031C164096441360F9000", "Truist Business Debit (Bank)" }, + { "3BFB1300FF813180755A43352E3520524556204763", "ZeitControl BasicCard 5.5" }, + { "3BFB1300FF813180755A43352E3620524556204D6A", "ZeitControl BasicCard ZC5.6 user-programmable smart card\nhttp://www.basiccard.com/index.html?overview.htm" }, + { "3BFB1300FF813180755A43362E3520524556204364", "ZeitControl BasicCard 6.5, multiapplication with 30 kByte EEPROM" }, + { "3BFB1300FFC0803180755A43352E34205245562041A5", "ZeitControl BasicCard Professional 5.4 Revision A" }, + { "3BFB1300FFC0803180755A43352E34205245562048AC", "ZeitControl BasicCard Professional 5.4" }, + { "3BFB1300FFC0803180755A43352E3420524556204DA9", "Basiccard ZC5.4 revision M (Other)\nhttp://basiccard.com" }, + { "3BFB1300FFC0807553544F4C4C4D31504C5553BD", "Stoll M1PLUS (Other)" }, + { "3BFB180000407880595350595255530B0003", "Spyrus, Inc. Rosetta USB (PKI)" }, + { "3BFB180000407880595350595255530B0402", "SPYRUS Rosetta Series 2 (eID)\nhttp://www.spyrus.com/rosetta-hsm/" }, + { "3BFB18000040788059535059525553AE0402", "Spyrus Rosetta Series II" }, + { "3BFB1800008131FE450031C06477E9100001900062", "ID card for personal of 'Govern Illes Balears'\nhttp://www.caib.es/sacmicrofront/contenido.do?cont=7584&mkey=M08110610180317195848&&lang=en" }, + { "3BFB1800008131FE454A33483134354337583330C6", "COTECH OpenPGP Card - ECC (PKI)" }, + { "3BFB9100FF918171FE40004120000100812063CBA08003", "C*******r, MasterCard credit card, Pass Banque, Oberthur - contactless/PayPass" }, + { "3BFB9600008031FE450031C06477E3020082900076", "Oberthur ID-One Cosmo" }, + { "3BFB9600008031FE450031C06477E3030081900074", "D.O.D. Eid Passport rapidgate card (eID)" }, + { "3BFB9600008131FE450031C06477E91000019000EC", "Oberthur ID-ONE v5.4" }, + { "3BFB9600008131FE450031C06477E910000F9000E2", "Elektroniczna Legitymacja Studencka - Polish Student's ID Issued in Poznan in 2007" }, + { "3BFB9600008131FE450031E85427E60100079000BC", "Gemalto (PKI)" }, + { "3BFB9600008131FE4556445349354001000400011F", "Vasco DIGIPASS KEY 200 usb token\nhttp://www.vasco.com/products/digipass/digipass_pki/digipass_pki_keys/digipass_key_200.aspx\nShould contain a 'Oberthur cosmo v 5.4 or V7.0D' smartcard" }, + { "3BFB9800FFC11031FE550064052047033180009000F3", "Gemplus GemGate 32K\ndistributed by Postecert (www.postecert.it) to legally sign documents" }, + { "3BFC1300008131FE15597562696B65794E454F7233E1", "YubiKey NEO (PKI)\nhttp://www.yubico.com/" }, + { "3BFC1300008131FE45597562696B65794E454F7233B1", "Yubikey Neo\nhttp://www.yubico.com/products/yubikey-hardware/yubikey-neo/" }, + { "3BFC180000813180459067464A00641606F2727E00E0", "PIVKey C910 PKI Smart Card (eID)\nhttp://pivkey.com/" }, + { "3BFC180000813180459067464A00642D70C172FEE0FE", "pivkey token (JavaCard)\nhttp://www.pivkey.com/" }, + { "3BFC180000813180459067464A0068080.000000000.", "Feitian A22 JavaCard (150K) (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~712/javacos-a22-dual-interface-java-card-150k/p/index.shtml\nFeitian A40 JavaCard (64K) (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/index.shtml" }, + { "3BFC180000813180459067464A01002005000000004E", "Feitian A40 (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/index.shtml" }, + { "3BFC180000813180459067464A01002504000000004A", "Feitian JavaCOS A22CR ()\nhttp://www.javacardos.com/store/javacard-a22cr.php" }, + { "3BFC180000813180459067464A0100870600000000EA", "Feitian FTJCOS (https://www.ftsafe.com/products/Card_OS) (JavaCard)\nhttps://www.ftsafe.com/onlinestore/product?id=18" }, + { "3BFC180000813180459067464A01642F70C172FEE0FD", "Feitian eJavaToken (JavaCard)\nhttp://www.ftsafe.com/product/epass/eJavaToken" }, + { "3BFC1800008131FE458073C8211366020403550002D2", "National Health Insurance Card, Taiwan" }, + { "3BFC9800FFC11031FE55C803496E666F63616D65726528", "New Card Infocamere (Italy) series 1402...\nhttp://www.card.infocamere.it/\nSiemens Informatica - Siemens M4.01a\nchip Infineon SLE66CX322P (CC EAL5)\nMemory EEPROM: 32KB\nOperating system CARDOS\nMax numero dei tentativi PIN: 3\nPin: da 5 a 8 digit\nUnblocked by tool CARDOS API 2.2" }, + { "3BFD..00008131..4380318065B0........83..90....", "IDClassic 3XX / Classic TPC (IXS, IS, IS V2, IS CC, IM, IM CC, IM CC V3) / MultiApp ID Cards" }, + { "3BFD1300001000803180654953060B0183079000", "MIR card issued by Gazprombank (Russia) (Bank)\nhttps://www.gazprombank.ru/personal/cards/7579039/" }, + { "3BFD130000813160658031C0694D54434F537301011660", "Silesian University (Katowice, Poland) Student Identity Card (eID)\nhttps://www.us.edu.pl/" }, + { "3BFD1300008131FE158073C021C057597562694B657940", "Yubico YubiKey 5 NFC (PKI)\nhttps://www.yubico.com/product/yubikey-5-nfc" }, + { "3BFD1300008131FE4500125553554D49444153000000F6", "Midas key diversification card (Other)" }, + { "3BFD1300008131FE4541373030354347203234325231D5", "Feitian ePass FIDO NFC (Other)\nhttps://www.ftsafe.com/Products/FIDO/NFC" }, + { "3BFD1300008131FE4541373030364347203234325231D6", "YubiKey NEO (token)" }, + { "3BFD1300008131FE454A434F50323176323331474454E1", "National Health Insurance Card, Taiwan" }, + { "3BFD1300008131FE45543D314A323133364B56323331DC", "ic Card (JavaCard)" }, + { "3BFD1300008131FE4580318153534431738421C0810730", "Personal Info Card (eID)" }, + { "3BFD1300FF10000031C173C8400052A1C5009000", "IBKR Prepaid MasterCard, Issued by Peoples Trust Company (Bank)\nhttps://www.interactivebrokers.com/en/index.php?f=26451" }, + { "3BFD1300FF10000031C173C8400052A1D5009000", "PayPal Business Debit Mastercard (Bank)\nhttps://www.paypal.com/merchantapps/appcenter/makepayments/bdmc" }, + { "3BFD1800008031FE45003180718E6452D904008190005B", "Oberthur Card Systems, authentIC" }, + { "3BFD1800008031FE4553434536302D43443038312D46C4", "Panama Electronic Signature (JavaCard)" }, + { "3BFD1800008031FE45736674652063643134342D6E66D8", "SmartCafe Expert 3.2 144K Dual is a contact and contactless technology Java card from G&D with 144K on-board EEPROM for application and data storage. Certified to FIPS 140-2 Level 3 and Common Criteria EAL 5+. Supports specifications ISO 14443A T=CL and ISO 7816 T=1/0. (PKI)\nhttp://www.smartcardfocus.us/shop/ilp/id~523/smartcafe-expert-3-2-144k-dual/p/index.shtml" }, + { "3BFD1800008031FE45736674652D63643038302D6E66DC", "G&D Sm@Cafe 3.1 (eID)" }, + { "3BFD1800008131FE4553434536302D43433038312D46C2", "Giesecke & Devrient StarSign USB Token" }, + { "3BFD1800008131FE45534C4A35324778787979797A52AA", "The National Health Insurance Card issued by the National Health Insurance Administration Ministy of Health and Welfare in Taiwan (HealthCare)\nhttps://www.nhi.gov.tw/English/Content_List.aspx?n=320832076C00692B&topn=BCB2B0D2433F6491" }, + { "3BFD1800008131FE458031806540907B01518307900055", "Croatian Health Care card" }, + { "3BFD1800008131FE4580318153474531738421C081072E", "Georgian ID Card" }, + { "3BFD1800FF80B1FE451F078073002113574A5448613147005F", "Activkey Sim\nhttp://www.actividentity.com/products/activkey_usb_tokens__home.php" }, + { "3BFD1800FF80B1FE451F078073002113574A54486131480050", "G&D Sm@rtCafe Expert 64 v2" }, + { "3BFD1800FF80B1FE451F078073002113574A544861314A0052", "e-CPF issued by AASP (Lawyers Association of Sao Paulo, Brazil)" }, + { "3BFD1800FF8131FE4543494247555A494A324130383158", "Caregiver card for Dutch Medical System called UZI\n(Unieke Zorgverlener Identificatie, Caring Unique Identification)" }, + { "3BFD9100FF918171FE40004120004100818031C073D621C0D8", "Sparkasse Hanau - German contactless GeldKarte (PPSE, girogo)\nhttps://www.geldkarte.de/_www/en/pub/geldkarte/service_navigation/about_us.php" }, + { "3BFD9400008131204380318065B08302047E83009000B6", "GXPPRo-R3.x STD PTS T=1\nLatvian Digital Signature Card (cold)\nhttp://www.eme.lv/" }, + { "3BFD940000813160658031C0694D54434F5373010111E0", "MTCOS Light\nhttp://www.masktech.de/products/mtcoslight/index.html" }, + { "3BFD940000813160658031C0694D54434F5373010116E7", "Polish student card (eID)" }, + { "3BFD9500008131FE41008C0F17BD008C000000000030F2", "Khmer Identify Card (eID)" }, + { "3BFD9600008031FE45534C4A35324778787979797A5225", "TIPL (Other)" }, + { "3BFD9600008131204380318065B0831100C88300900015", "Gemalto TOP IM GX4 MSA081, T=1 (PKI)" }, + { "3BFD9600008131204380318065B0831148C883009000", "Pay TV" }, + { "3BFD9600008131484280318065B0840100C883009000", "Optelio Cards (D38-D72 R6) T=1 High Speed" }, + { "3BFD9600008131804380318065B0850100D683019000BC", "Queensland Drivers' Licence (Australia) (eID)" }, + { "3BFD9600008131FE4500000152332980000000000000A9", "DPI Guatemala (eID)\nhttp://www.renap.gob.gt/" }, + { "3BFD9600008131FE450000015233672000000000000047", "DPI Guatemala (eID)\nhttps://www.renap.gob.gt/servicios/que-es-el-dpi" }, + { "3BFD9600008131FE4500000161638620000000000000C5", "Renap Guatemala (eID)" }, + { "3BFD9600008131FE450000016687038000000000000003", "DPI (Documento Personal de Identificacion) Guatemala (eID)" }, + { "3BFD9600008131FE45534C4A3532474441303830434348", "Universal JCard C-UJC128-PAC-001 (JavaCard)\nhttps://www.usmartcards.co.uk/universal-j-cards" }, + { "3BFD9600008131FE45534C4A353247444C313238435257", "Universal JCard (Contact) with Infineon SLE78 (JavaCard)\nhttp://www.usmartcards.co.uk/cards/universal-jcard-contact-with-infineon-sle78-white-gloss-pvc-card.html" }, + { "3BFD9600008131FE45534C4A35324778787979797A5224", "J3R180 (JavaCard)" }, + { "3BFE130000108080318066B0840C016E0183009000", "Sberbank of Russia MIR debit card (Bank)\nSwile card\nhttps://www.swile.co/fr-fr/swile-card" }, + { "3BFE1300008131FE454A434F5076323431204C4F542057B1", "LOT test card (JavaCard)\nwww.lotgroup.eu" }, + { "3BFE130000918131804180318066B0840C016E01830090001F", "Japan Post Bank Visa Debit Card (Bank)\nhttps://www.jp-bank.japanpost.jp/kojin/cashless/yuchodebit/kj_cl_yd_index.html" }, + { "3BFE1800008031FE454573744549442076657220312E30A8", "Estonian Identity Card (EstEID 3.0 'JavaCard' cold)" }, + { "3BFE1800008031FE4553434536302D43443038312D6E46A9", "G&D Sm@rtCafe Expert 6.0 (JavaCard)\nhttp://www.smartcardfocus.com/shop/ilp/id~684/smartcafe-expert-6-0-80k-dual-/p/index.shtml" }, + { "3BFE1800008031FE4553434536302D43443134352D6E46A0", "Smart Cafe Expert 6.0, Java Card 3.0 (PKI)" }, + { "3BFE1800008031FE45803180664090A4162A0083019000E1", "Estonian Identity Card (EstEID 3.0 'JavaCard' warm)" }, + { "3BFE1800008031FE45803180664090A4162A00830F9000EF", "iEstonian Identity Card (EstEID 3.0 (18.01.2011) warm)" }, + { "3BFE1800008031FE45803180664090A5102E03830F9000EF", "Infineon jTOP SLE78 SLJ52GCA080CL IFX v46.03 (JavaCard) (JavaCard)" }, + { "3BFE1800008031FE45803180664090A5102E038381900061", "Infineon Trust-P (JavaCard)" }, + { "3BFE1800008031FE45803180664090A5102E1083019000F2", "Infineon CJTOP 80K INF SLJ 52GLA080AL M8.4 (JavaCard)" }, + { "3BFE1800008131FE458031815448534D31738021408107FA", "Smartcard-HSM\nhttp://www.cardcontact.de/products/sc-hsm.html" }, + { "3BFE1800FF8131FE454A3231024103479049544356008044", "Brazilian Army ID Card (eID)" }, + { "3BFE1800FF8131FE456368616E67696E677465634A33445E", "xgames pki (eID)" }, + { "3BFE9100FF918171FE40004120001177C1000000000000000089", "Tangem Tap It cryptocurrency hardware wallet (Other)\nhttps://tangem.com/" }, + { "3BFE9100FF918171FE400041200051779180318065B0850300FB", " Italian Card Identity (CIE Comune di Parma) (eID)\nhttp://www.comune.parma.it/servizi/Servizi-Demografici-Carta-di-identita/Carta-di-identita-Elettronica-CIE_A2_C100_P96.aspx" }, + { "3BFE9100FF918171FE40004128000180810073C840000090004D", "Philips SmartMX chip (IBMs JCOP OS)" }, + { "3BFE9100FF918171FE40004128001133B04A434F5033315632C4", "JCOP31 72K\ndual interface functionality, 1K Mifare emulation." }, + { "3BFE9100FF918171FE400041380011F7B14A434F503234325211", "SwissPass (Transport)\nhttps://www.swisspass.ch" }, + { "3BFE9100FF918171FE40004138002180718066B00701010707B7", "Java Gemalto R7 (contactless) (Bank)" }, + { "3BFE9100FF918171FE40004138002180818065A2010201317210", "Santander TUI Brazil (Bank)\nhttp://www.santanderuniversidades.com.br/Paginas/home.aspx" }, + { "3BFE9100FF918171FE40004138002180818066B00701017707B7", "Java Gemalto R5 (contactless) (Bank)" }, + { "3BFE940000801F42803180664750204583018301900002", "TATA Docomo UICC (Telecommunication)\nhttp://www.tatadocomo.com/" }, + { "3BFE9400FF80B1FA451F034573744549442076657220312E3043", "Estonian Identity Card (EstEID v1.0 cold)\nEstonian Identity Card (EstEID v1.1 'MULTOS' warm)" }, + { "3BFE9600008031FE4380738400E065B0850400FB8290004E", "EU smart tachograph card (driver/company/control/workshop)\nhttps://dtc.jrc.ec.europa.eu/" }, + { "3BFE9600008031FE4380738400E065B08505002582900091", "Swiss truck driver card (Transport)" }, + { "3BFE9600008131FE45803180664090A5102E03830190006E9000", "Swissbit PS-100u (JavaCard)\nhttps://www.swissbit.com/ps-100u/" }, + { "3BFE9600FF8131FE455DFF6D6553414D2076312E302E320C", "SAM module for Kharkiv E-ticket (mikroelektronika) (JavaCard)\nhttp://www.mikroelektronika.com/en/card-and-ticket-validators" }, + { "3BFE9600FFC00A31FE4D4573744549442076657220312E309B", "Estonian Identity Card (EstEID v1.1 compatible)\nhttp://www.id.ee/?id=11019&&langchange=1" }, + { "3BFF..00008131..4380318065B0........120FFE829000..", "IDPrime MD 8840, 3840, 3810, 840 and 830 Cards T=1" }, + { "3BFF..00FF8131..456563............................", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ..." }, + { "3BFF0000FF8131FE458025A000000056575343363530000000", "SafeNet SC650" }, + { "3BFF00FF8131..456563............................", "Debit card (Germany): ec-cash, GeldKarte(EUR), Maestro, Cirrus, ..." }, + { "3BFF1100008131FE4D8025A00000005657444B3333300600D0", "Datakey 32K PKI Smart Card Model 330\nhttp://www.datakey.com/products/smart_cards/products_sc_330.shtml" }, + { "3BFF1100008171404200002101314252000[05]63........9000.*", "Smart Card 'The Smart Way to Login'\nUsed on Acer TravelMate to secure boot" }, + { "3BFF11000240648069A2070103570000FF0083009000", "Gemplus GemXpresso" }, + { "3BFF1100FF8131FE9580F9D2760000255444010083000000A0", "GiroCard Haspa Hamburger Sparkasse (Bank)\nhttps://www.haspa.de/privatkunden/ihr-online-banking/unser-angebot/haspa-digital-services-96198/" }, + { "3BFF13000010003100DE525001001500000000000000", "wisely debit (Bank)\nhttps://www.mywisely.com/" }, + { "3BFF13000010003101F1564011001900000000000000", "BVG Guthabenkarte (Prepaid Payment Card for Berlin/Brandenburg Public Transport) (Transport)\nhttps://www.bvg.de/de/service-und-kontakt/guthabenkarte\nRevolut Visa Glow-in-the-dark\nhttps://revolut.com/\nMasterCard debit - PayCenter - Corporate Benefit 'Sachbezugskarte' (Bank)\nhttps://paycenter.de/sachbezugskarte/" }, + { "3BFF13000010003101F1564011001D00000000000000", "albo (Bank)\nhttps://www.albo.mx/" }, + { "3BFF13000010003101F1564011002300000000000000", "ANZ BANK (Bank)\nhttps://www.anz.com.au/personal/" }, + { "3BFF1300008131FE450031B9640404ECC17394018082900052", "AKD kID (eID)\nhttps://www.id.hr" }, + { "3BFF1300008131FE450031B9640444ECC17394018082900012", "Croation personal ID card (eID)\nhttp://eid.hr/" }, + { "3BFF1300008131FE4543433169A92000002020202020200036", "Swiss Lunch Check Wallet Card (Bank)\nhttps://lunchcheck.ch" }, + { "3BFF1300008131FE4543443269A94100002020202020200053", "Visa credit card (Viseca Card Services SA, Switzerland) (Bank)\nhttps://www.viseca.ch/privatkunden/kreditkarten\nVisa credit card, UBS Switzerland (Bank)" }, + { "3BFF1300008131FE45434433690940000020202020202000F3", "VISA credit card (LBBW/Payback VISA) (Bank)" }, + { "3BFF1300008131FE454F574F4B31302D4A................", "OWOK (One Web, One Key) login card\nhttp://www.reiner-sct.com/owok/\nReiner SCT loginCard\nhttps://cardlogin.reiner-sct.com/" }, + { "3BFF1300008131FE4D8025A00000005657444B3333300600D2", "Datakey DCOS model 330 (DKCCOS 6.0 token)" }, + { "3BFF1300918131FE4141434F532046696F6E6131204C6336F4", "TURKEY A101 HADI APP CARD (Bank)\nhttps://a101hadi.a101.com.tr/" }, + { "3BFF1300FF10000031C173082110645631424E079000", "Credit card (Bank)" }, + { "3BFF1300FF10000031C1738211064414D33470779000", "Visa Debit (Bank)\nhttps://www.chase.com/" }, + { "3BFF1300FF10000031C173C821106441443533079000", "BRADESCO-CONTA SALARIO (Bank)" }, + { "3BFF1300FF10000031C173C8211064414D3037079000", "UP Day Ticket Restaurant Card (Other)\nhttps://www.day.it/login" }, + { "3BFF1300FF10000031C173C8211064414D3130079000", "Tangerine MasterCard (Bank)\nhttps://www.tangerine.ca/en/products/spending/creditcard/money-back/" }, + { "3BFF1300FF10000031C173C8211064414D3137079000", "PayPal Business Debit mastercard (Bank)\nhttps://www.paypal.com/merchantapps/appcenter/makepayments/bdmc" }, + { "3BFF1300FF10000031C173C8211064414D3330079000", "VISA card issued by ING-DiBa AG (Germany) (Bank)" }, + { "3BFF1300FF10000031C173C8211064414D3331079000", "NAB VISA Debit (contact interface) (Bank)\nhttps://www.nab.com.au/" }, + { "3BFF1300FF10000031C173C8211064414D3337079000", "VISA Credit Card (Postbank), Germany (Bank)" }, + { "3BFF1300FF10000031C173C8211064414D3341079000", "BBVA debit card Uruguay. MIFRE Plus compatible. (Bank)\nScotiabank Passport Visa Infinite credit card (Bank)\nhttps://www.scotiabank.com/ca/en/personal/credit-cards/visa/passport-infinite-card.html" }, + { "3BFF1300FF10000031C173C8211064414D3343079000", "MasterCard issued by President's Choice Bank (Canada) (Bank)\nhttp://pcfinancial.ca/mastercard" }, + { "3BFF1300FF10000031C173C8211064414D3344079000", "VISA debit emitted by FinecoBank (Bank)\nhttps://finecobank.com/" }, + { "3BFF1300FF10000031C173C8211064414D3347079000", "Chase Visa Debit Card (Bank)\nhttps://www.chase.com/bankinghelp" }, + { "3BFF1300FF10000031C173C8211064414D3348079000", "BBVA blue VISA Debit Card (Bank)\nhttps://www.bbva.es/en/personas/productos/tarjetas/tarjeta-joven-ahora.html\nDesjardins Bonus Visa credit card (Bank)\nhttps://www.desjardins.com/ca/personal/loans-credit/credit-cards/bonus-visa/index.jsp" }, + { "3BFF1300FF10000031C173C8211064414D3430079000", "PNC BUSINESS VISA DEBIT (Bank)\nhttps://www.pnc.com/en/small-business/payments-and-processing/payment-cards/pnc-bank-visa-business-debit-card.html" }, + { "3BFF1300FF10000031C173C8211064414D3531079000", "Discover It Credit Card (Bank)" }, + { "3BFF1300FF10000031C173C82110644930424E079000", "National Bank Debit Card with expiration date and cvv code (Bank)" }, + { "3BFF1300FF10000031C173C82110644932424E079000", "Interact, Visa Debit Bank of Novia Scotia (Bank)\nhttps://www.scotiabank.com/global/en/credit-card-terms-and-conditions.html" }, + { "3BFF1300FF10000031C173C82110644D30424E079000", "Debit payment card (Rabobank NL) (Bank)\nhttps://www.rabobank.nl/en/business/making-and-receiving-payments/payments/paying-with-your-bank-card" }, + { "3BFF1300FF10000031C173C82110644D30434E079000", "Huntington (Bank)" }, + { "3BFF1300FF10000031C173C82110645630424E079000", "Rabobank Netherlands VISA debit (Bank)" }, + { "3BFF1300FF10000031C173C82110645631424E079000", "Portuguese 'BancoCTT' Bank Card (Bank)\nhttps://www.bancoctt.pt/o-seu-dia-a-dia/cartao-de-credito-banco-ctt" }, + { "3BFF1300FF10000031C173C82110645631434E079000", "Chase Freedom Unlimited Credit Card (Bank)" }, + { "3BFF1300FF10808031E06B04310502AF555555555555", "USAA EMV Visa Debit Card (Bank)" }, + { "3BFF1300FF10808031E06B04546B0267555555555555", "Target RedCard debit card (Other)" }, + { "3BFF1300FF10808031E06B071405028A555555555555", "Tangerine Debit Card (Bank)\nhttps://www.tangerine.ca" }, + { "3BFF1300FF10808031E06B08240502B5555555555555", "Tangerine Canada Interac debit card (Bank)\nhttps://www.tangerine.ca/" }, + { "3BFF1300FF8031FE45534653452D43583332322D5601010165", "Portugal Santander Totta Universitarios 'Associacao Academica de Coimbra'" }, + { "3BFF1300FF8031FE45534653452D43583332322D5618020876", "SmartCafe Expert Java" }, + { "3BFF1300FF8031FE45534653452D43583332322D5618030877", "Giesecke & Devrient SmartCafe Expert 32K v2.0 #2" }, + { "3BFF1300FF8131FE45656311045002800008390004020502E9", "German 'Geldkarte' supplied by the Deutsche Bank in Karlsruhe,\nBaden-Wurttemberg, Germany." }, + { "3BFF1300FF8131FE45656311045002800008540004230502A5", "Maestrocard/Geldkarte (Stadtsparkasse Haltern, Germany)" }, + { "3BFF1300FF8131FE5D8025A00000005657444B33323005003F", "Datakey DCOS model 320" }, + { "3BFF1300FF910131FE210031C173C82110644D30434E07900094", "AirPlus MasterCard Commercial (Bank)\nhttps://www.airplus.com/us/en/products-solutions/products/corporate-cards/corporate-cards.html" }, + { "3BFF1300FF910131FE4141434F5320486F6C6C7931204C633665", "OEAMTC Visa Club Card (Bank)\nhttps://www.oeamtc.at/mitgliedschaft/leistungen/die-oeamtc-kreditkarte-31091443" }, + { "3BFF1300FF910131FE41455041000000010833995600000000AC", "Austrian Sparkasse ISIC debit card (Mastercard) (eID)\nhttps://isic.at/" }, + { "3BFF1300FF918131FE4141434F532046696F6E6131204C6336F4", "Deutsche Kreditbank Debit (Bank)" }, + { "3BFF1300FF918131FE4141434F53204769756C6961204C6336B5", "revolut debit visa (Bank)\nhttps://www.revolut.com/" }, + { "3BFF1300FF918131FE4541434F53204449616E6132204C6336DF", "Alior Bank MasterCard debit (Bank)\nComdirect (Deutsch Bank) debit VISA (AUSTRIACARD 56015/001) (Bank)" }, + { "3BFF1400FF8131FE458025A000000056575343363530010039", "SafeNet SC650 (PKI)\nhttp://www.safenet-inc.com/data-protection/authentication/smartcard-650/" }, + { "3BFF1400FF8131FE458025A000000056575343363530030239", "SafeNet SC650 v3.2 (PKI)\nhttp://www.safenetat.com/products-solutions/high-assurance-authentication/sc650/" }, + { "3BFF1400FF8131FE458025A00000005657534336353004003C", "SafeNet AT SC650 V4.0 02/2018 (PKI)\nhttps://www.safenetat.com/Solutions/Enterprise-Security/high-assurance-authentication/sc650/" }, + { "3BFF1800008131FE45006B04050100011101434E5310318069", "Sanitary Card of 'Friuli Venezia Giulia' region (Italian Republic)\nCarta Nazionale dei Servizi (Italia)\nhttp://cartaservizi.regione.fvg.it/" }, + { "3BFF1800008131FE45006B040501000112024850431031806C", "Carta del Professionista Sanitario - CNS - Provincia autonoma di Trento\nProfessional Health card, Autonomous Province of Trento" }, + { "3BFF1800008131FE45006B0405010001210143494510318048", "hybrid card for various health services and regional services (access to various organizations and digital signatures)" }, + { "3BFF1800008131FE45006B04050100012101434E5310318059", "CNS - Carta Nazionale dei Servizi (Italia)\nPA emittente: Regione Autonoma della Sardegna\nCarta del Servizio Sanitario Regionale - Emilia Romagna" }, + { "3BFF1800008131FE45006B05051017012101434E531031805E", "Regional Card - Regione Liguria, Veneto - Italy (eID)\nTessera Sanitaria - Carta Regionale dei Servizi" }, + { "3BFF1800008131FE45006B05052000012101434E5310318079", "health card (HealthCare)\nhttps://tscns.regione.sardegna.it/" }, + { "3BFF1800008131FE45006B0505200001F101434E53103180A9", "national health service card (HealthCare)\nhttps://ca.arubapec.it/downloads/MU_LINUX.zip" }, + { "3BFF1800008131FE45006B0505912001F101434E5310318038", "Italian Health Card (TS) and Citizen's Card (CNS) based on IDEMIA ID-One CNS v2 on Cosmo 9.1 (HealthCare)" }, + { "3BFF1800008131FE45006B11050700011101434E531131807B", "Italian National Fire Corps -special identification card (eID)" }, + { "3BFF1800008131FE45006B11050700012101434E531031804A", "Oberthur ID-One Cosmo V7-n it's a java card 2.2.2\nIzenpe Certificado Ciudadano (eID)\nhttps://www.izenpe.eus/informacion/certificado-ciudadano/s15-content/es/" }, + { "3BFF1800008131FE45006B150C0302010101434E5310318061", "Bit4id Digital-DNA Key (eID)" }, + { "3BFF1800008131FE4D8025A00000005657444B3430300600DD", "DataKey 400 (DK400)" }, + { "3BFF1800008131FE55006B02090403010101434E5310318065", "Italian Chambers of Commerce CNS (PKI)\nhttp://www.card.infocamere.it/infocard/pub/" }, + { "3BFF1800008131FE55006B0209040301010144534410318068", "ACA (Lawyer Identifier Card) (eID)" }, + { "3BFF1800008131FE55006B02090503010101434E5310318064", "Bit4id J-SIGN 2048 (L) (PKI)\nhttps://www.bit4id.com/en/j-sign/" }, + { "3BFF1800008131FE55006B02090603010101434E5310318067", "ST microelettronics JSign3 (HealthCare)" }, + { "3BFF1800008131FE55006B02090703010101434E5310318066", "Aruba digital signing card (eID)\nhttps://www.aruba.it" }, + { "3BFF1800008131FE55006B02091403010101434E5310318075", "Smart Card INFOCERT digital key CNS from CST PADOVA (eID)" }, + { "3BFF1800008131FE55006B02091613010101434E5310318067", "ANPR -- Ministero dell'Interno - Italia (PKI)" }, + { "3BFF1800008131FE55006B02091717010101434E5310318062", "Carta Nazionale dei Servizi (CNS) Centro Servizi Territoriali (CST) (PKI)\nhttp://cst.provincia.padova.it/category/faq/firma-digitale" }, + { "3BFF1800FF8031FE45534653452D43583332322D561803087C", "Giesecke & Devrient Sm@rtCafe Expert 2.0" }, + { "3BFF1800FF8031FE45536D4072744361666545787065727465", "Giesecke & Devrient SmartCafe 32K v1" }, + { "3BFF1800FF8131..456563............................", "Geldkarte (generic ATR)" }, + { "3BFF1800FF81313C4565630D02310250001090002600041009", "Maestrocard/Geldkarte (Postbank, Germany)" }, + { "3BFF1800FF81313C4565630D0231025000109001550004107B", "Volksbank VR-BankCard (GeldKarte)" }, + { "3BFF1800FF81313C4565630D02310250001090052900041003", "Geldkarte/HBCI(DDV-1) (Stadtsparkasse Vorpommern, Germany)" }, + { "3BFF1800FF81313C4565630D023102500010900788000410A0", "HBCI-Karte (Berliner Sparkasse, Germany)" }, + { "3BFF1800FF81313C4565630D023102500010901382000410BE", "Bremer Karte ('Geldkarte und BSAG-Kundenkarte in einem.')\nhttp://www.bsag.de/4911.php" }, + { "3BFF1800FF81313C4565630D0231025000109014060004103D", "Geldkarte/HBCI(DDV-1) (Staedtische Sparkasse Offenbach, Germany)" }, + { "3BFF1800FF81313C4565630D0231025000109014440004107F", "Geldkarte/HBCI (Kreissparkasse Ebersberg, Deutschland)" }, + { "3BFF1800FF81313C4565630D0231025000109055700004100A", "EC-Card from DKB (Deutsche Kreditbank AG)" }, + { "3BFF1800FF81313C4565630D02310280001224300020041059", "Geldkarte (Germany)" }, + { "3BFF1800FF813150456563............................", "GeldKarte v3 (Germany)" }, + { "3BFF1800FF8131FE4065631116710156000F1309D0A957111B", "Harzer Volksbank eG bank card (girocard, V-PAY, debit card, Germany / Giesecke & Devrient, DG Nexolution, 10/22) (Bank)\nhttps://www.harzer-volksbank.de/privatkunden/girokonto-kreditkarten/bankkarte-v-pay.html" }, + { "3BFF1800FF8131FE4165630608710156000FB81026204712CD", "Fyrst Bank Card (Bank)\nhttps://fyrst.de" }, + { "3BFF1800FF8131FE4165630608710156000FB85073204712D8", "Commerzbank maestro (Bank)\nhttps://www.commerzbank.de/konten-zahlungsverkehr/produkte/girokonten/kostenloses-girokonto/" }, + { "3BFF1800FF8131FE4165630608710156000FB8602AA0471231", "Debit card (Germany): Postbank - GeldKarte (EUR), girocard, V-PAY (Bank)\nhttps://www.postbank.de/" }, + { "3BFF1800FF8131FE4165630608710156000FB8C0442147127E", "Commerzbank Classic Kreditkarte Mastercard (Bank)\nhttps://www.commerzbank.de/konten-zahlungsverkehr/produkte/kreditkarten/classic-kreditkarte/" }, + { "3BFF1800FF8131FE4165630608710156000FB8D044A04712EF", "Debitcard (Bank)" }, + { "3BFF1800FF8131FE41656306087102500023B80080C04712B2", "1822direct Bank Card (Bank)\nhttps://www.1822direkt.de" }, + { "3BFF1800FF8131FE41656306087102500023B8907360471271", "Debit card (Germany): Deutsche Kreditbank (DKB), ec-cash, (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, + { "3BFF1800FF8131FE4165631116710156000F0308B09957115B", "Debit card Sparkasse (Germany) (Bank)" }, + { "3BFF1800FF8131FE4165631116710156000F0902904E5711AC", "German Bank Card IDEMIA 9 Maestro/Girocard (Sparkasse S-Payment TPY 1974693D) (Bank)" }, + { "3BFF1800FF8131FE4165631116710156000F0908309A5711D2", "Bank card from German Bank 'Sparkasse', issued by manufacturer 'S-Payment GmbH' (Bank)" }, + { "3BFF1800FF8131FE4165631116710156000F16082024571163", "German Sparkasse with visa (Bank)\nhttps://www.sparkasse.de/lp/echtesmultitalent.html#alle-funktionen" }, + { "3BFF1800FF8131FE450031C573C00180547615020105900074", "SIGILANCE NFC OpenPGP Smart Card (JavaCard)\nhttps://www.sigilance.com/" }, + { "3BFF1800FF8131FE455448434331305445434F4744484E3224", "National Health Insurance Card, Taiwan" }, + { "3BFF1800FF8131FE455448434331305445434F4744494E3126", "National Health Insurance Card, Taiwan" }, + { "3BFF1800FF8131FE4565630D0450028000089009700005002A", "Landesbank baden-Wurttemberg Geldkarte" }, + { "3BFF1800FF8131FE4565630D07630528000D90810600061558", "Geldkarte/HBCI (Frankfurter Sparkasse, Germany)" }, + { "3BFF1800FF8131FE4565630D07630764000D........0615..", "Giesecke & Devrient GmbH\nROM Mask=SDP2G330.E_1 (BES0), SWP2G370.E_1 (CS0)\nInit-Table=ecD6.3\nSignaturerstellungseinheit ZKA TUVIT.09397.TU.03.2005 Banking Signature Card, v6.31 NP, Type 3\nTUVIT.09397.TU.03.2005" }, + { "3BFF1800FF8131FE4565630D07630764000D9058450006158C", "Stadtsparkasse Munchen electronic cash card / Geldkarte" }, + { "3BFF1800FF8131FE4565630D07630764000D907307000615E5", "Sparkasse Acchen HBCI Geld Karte" }, + { "3BFF1800FF8131FE4565630D07630764000D907432000615D7", "German HBCI-Banking Card with 'Geldkarte' from the bank 'Sparkasse Marburg-Biedenkopf'" }, + { "3BFF1800FF8131FE4565630D07630764000D90926100061562", "Geldkarte (Frankfurter Sparkasse, Germany)" }, + { "3BFF1800FF8131FE4565630D08650764000D........0616..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.5\nInit-Table=SWP3G5J0.E_1 (CS0)\nSignaturerstellungseinheit ZKA Banking Signature Card, v6.51\nTUVIT.93129.TU.03.2006" }, + { "3BFF1800FF8131FE4565630D08650764000D9104900006160E", "German Railway's (Deutsche Bahn AG) 'Konzernausweis'" }, + { "3BFF1800FF8131FE4565630D0C760764000D9581200007300F", "Master Card Credit Card issued by WGZ bank (all german volksbank institutes use them)" }, + { "3BFF1800FF8131FE4565630D0C760764000D960361000730CF", "VR-Networld-Card with SECCOS-chip / Volksbank eG Konstanz\nfor Online-Banking (FinTS / HBCI-3.0 + EBICS; RD 01/12 NetWorld)" }, + { "3BFF1800FF8131FE456563110350028000082770020605018A", "old banking card (electronic-card / Maestro / Geldkarte) of the\n'Volksbank Gelderland eG' (around 2003)" }, + { "3BFF1800FF8131FE4565631105400250001055100303050043", "belongs to a banking card (electronic-card / Maestro / Geldkarte).\nthe bank calls it 'VR-BankCard'. the banks name is 'Volksbank\nGelderland eG' and is part of the 'Volksbanken und Raiffeisenbanken'\nhttp://www.vb-gelderland.de/html/5/2394/rubrik/1282.html" }, + { "3BFF1800FF8131FE45656311064002500010........0500..", "Gemplus-mids GmbH,\nROM Mask=ZKA 322 V5A,\nInit-Table=SWI1P070.E_0 (CS0),SDI1P080.E_1 (BES0),\nSignaturerstellungseinheit ZKASignaturkarte v5.02,\nTUVIT.09385.TU.09.2004" }, + { "3BFF1800FF8131FE4565631106400250001005500310050043", "HBCI-Karte (Bordesholmer Sparkasse, Germany)" }, + { "3BFF1800FF8131FE4565631106400250001019100420050028", "Stadtsparkasse Munchen HBCI card / Geldkarte" }, + { "3BFF1800FF8131FE4565631106400250001025600512050057", "Geldkarte/HBCI(DDV-1) (Stadtsparkasse Vorpommern, Germany)" }, + { "3BFF1800FF8131FE4565631106400250001027300216050006", "GeldKarte from Sparkasse bank" }, + { "3BFF1800FF8131FE4565631106400250001027800325050084", "Volksbank VR-BankCard (GeldKarte)" }, + { "3BFF1800FF8131FE456563110640025000102850011105006D", "HBCI Bancing Card of Sparkasse Pforzheim" }, + { "3BFF1800FF8131FE45656311066202800011........0613..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.2,\nInit-Table=SDI1G280.E_1 (BES0),\nSignaturerstellungseinheit ZKA Banking Signature Card, v6.2b NP & 6.2f NP, Type 3\nTUVIT.09395.TU.01.2005" }, + { "3BFF1800FF8131FE4565631106620280001106600304061387", "Geldkarte (Volksbank Offenburg, Germany)" }, + { "3BFF1800FF8131FE45656311066202800011165005170613B2", "FinTS (BBBank Karlsruhe, Germany)" }, + { "3BFF1800FF8131FE456563110662028000112090030906135C", "Geldkarte [ec, Maestro] (1822 direkt Frankfurter Sparkasse, Germany)" }, + { "3BFF1800FF8131FE45656311066202800011435001170613E3", "EC-Card of Sparkasse Pforzheim Calw" }, + { "3BFF1800FF8131FE45656311075102500010728000020620C6", "Maestro Card Deutsche Kredit Bank (DKB) / Germany" }, + { "3BFF1800FF8131FE45656311076402800011........0619..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.4\nInit-Table=SDI2G4G0.E_4 (BES0), SWI2G4H0.E_2 (CS0)\nSignaturerstellungseinheit ZKA 17.01.2006 Banking Signature Card, v6.4\nTUVIT.93123.TU.01.2006" }, + { "3BFF1800FF8131FE45656311084302500010........0530..", "Gemalto\nROM Mask=ZKA 680 V5A\nInit-Table=SSI3P3M6E_1 (MS0)\nMassen-Signaturerstellungseinheit ZKA Banking Signature Card, Version 5.11M\nTUVIT.93148.TU.06.2007" }, + { "3BFF1800FF8131FE4565631108430250001046500108053027", "HBCI-Karte (Sparkasse Altmark-West, Salzwedel, Germany)" }, + { "3BFF1800FF8131FE45656311084302500010847001040530C9", "HBCI Card (1822 direkt Frankfurter Sparkasse, Germany) Geldkarte [ec, Maestro]" }, + { "3BFF1800FF8131FE45656311086602800011........0620..", "Giesecke & Devrient GmbH\nROM Mask=ecD6.6\nInit-Table=SDI3G6G0.E_3 (BES0), SSI3G6M0.E_2 (S0), SWI3G6H0.E_3 (CS0)\nSignaturerstellungseinheit ZKA Banking Signature Card, Version 6.6\nTUVIT.93130.TU.05.2006 - 2. Nachbestatigung" }, + { "3BFF1800FF8131FE45656311086602800011405003180620D4", "banking card (electronic-card / Maestro / Geldkarte). the bank+calls\nit 'S-Card' or 'Sparkassen-Card'. the banks name is 'Stadtsparkasse\nDuesseldorf' and is part of the 'Sparkassen-Finanzgruppe' (a finance\ngroup, network of local banks)." }, + { "3BFF1800FF8131FE4565631108660280001156000318062092", "Geldkarte [ec, Maestro] (Sparkasse Langen-Seligenstadt, Germany)" }, + { "3BFF1800FF8131FE4565631901500280000F........0512..", "SAGEM ORGA GmbH\nROM Mask=SecV1.5.3\nInit-Table=SDR0O1G0.A_B (BES0), SWR0O1H0.A_5 (CS0)\nSignaturerstellungseinheit ZKA SECCOS Sig v1.5.3\nBSI.02076.TE.12.2006" }, + { "3BFF1800FF8131FE4565631A01410250001052090567051021", "Maestro/Geldkarte (BBBank Karlsruhe, Germany)" }, + { "3BFF1800FF8131FE55006B02090200010101434E531031809F", "Carta Nazionale dei Servizi - InfoCamere" }, + { "3BFF1800FF8131FE55006B0209020001010144534410318092", "Postcom S.P.A. (digital certificate)" }, + { "3BFF1800FF8131FE55006B02090200011101434E531031808F", "Carta Regionale dei Servizi - Regione Lombardia" }, + { "3BFF1800FF8131FE55006B02090200011101434E531131808E", "Infocamere CNS" }, + { "3BFF1800FF8131FE55006B02090300011101434E531131808F", "Card description: Multiservice Card - CMCC - Arma Carabinieri (Carta Multiservizi)" }, + { "3BFF1800FF8131FE55006B02090303010101434E531031809D", "Aruba CNS for Regione Toscana (IT)\nhttp://www.regione.toscana.it\nAruba CNS for Infocamere (the Chambers of Commerce)" }, + { "3BFF1800FF8131FE55006B0209030301010144534410318090", "Postecert (www.postecert.it) to legally sign documents" }, + { "3BFF1800FF8131FE55006B02090303011101434E531131808C", "Infocert 1205* smart card\nUniversita' Degli Studi di Torino (Infocert)" }, + { "3BFF1800FF8131FE55006B0209040301010144534410318097", "J-Sign (STMicroelectronics S.r.l. - Incard Division) (JavaCard)" }, + { "3BFF1800FF8131FE55006B02091300024954494420203180D3", "electronic identity card (PKI)" }, + { "3BFF1800FF8131FE55006B02091301011101434E531131809E", "Service card of the Ministry of Defense of Italy" }, + { "3BFF1800FF8131FE55006B0209130301000150534510318094", "Italian Electronic ID Card (eID)\nhttp://www.interno.gov.it/mininterno/site/it/temi/servizi_demografici/scheda_006.html" }, + { "3BFF1800FF8131FE55006B02091303010101434E531031808D", "Aruba Digital Signature (Other)\nhttps://www.pec.it/offerta-firma-digitale.aspx" }, + { "3BFF1800FF8131FE55006B02091303011101434E531131809C", "Politecnico di Torino Student Card (eID)\nhttp://www.polito.it/" }, + { "3BFF1800FF8131FE55006B02091617011101434E531131808D", "Carta Regionale dei Servizi - Regione Autonoma Friuli Venezia Giulia (HealthCare)\nhttps://www.regione.fvg.it/rafvg/cms/RAFVG/GEN/carta-regionale-servizi/" }, + { "3BFF1800FF8131FE55006B02091717011101434E531131808C", "european health insurance card and Regional (ItalY - Provincia Autonoma di Trento) Service Card (CPS) (eID)\nhttps://www.provincia.tn.it/Servizi/Attivare-la-Carta-Provinciale-dei-Servizi-CPS#cos_e" }, + { "3BFF1800FF8131FE55006B42495434494420312E3000900091", "Touch&Sign 2048 (PKI)" }, + { "3BFF1800FF8131FE55006B42495434494420322E3000900092", "Izenpe Green Card (Citizen Certificate) (eID)\nhttp://www.izenpe.com/s15-12020/en/contenidos/informacion/ciudadano/en_def/index.shtml" }, + { "3BFF1800FFC10A31FE55006B0508C805011101434E531031800C", "Carta Regionale dei Servizi - Regione Lombardia" }, + { "3BFF1800FFC10A31FE55006B0508C809011101434E5310318000", "Carta regionale dei servizi - Regione Sicilia\nhttp://www.regione.sicilia.it/crs/index.asp" }, + { "3BFF1800FFC10A31FE55006B0508C80A011101434E5310318003", "Carta Regionale dei Servizi - Regione Lombardia" }, + { "3BFF1800FFC10A31FE55006B0508C80C011101434E5310318005", "Healthcare card (TS-CNS) - Provincia Autonoma di Trento\nUnified Healthcare card (TS-CNS) - Repubblica Italiana" }, + { "3BFF32000010808031E05B4742500000000000000255", "UK NatWest BT PayToView Mondex" }, + { "3BFF6700008131FE45FF43727970746E6F784649444F32305F", "Fast Identification Online card (FIDO2) from Cryptnox manufacturer (Other)\nhttps://www.cryptnox.ch" }, + { "3BFF9100FF918171FC40000A654B5450304432654B5450043D5B62", "Indonesian eID (eID)" }, + { "3BFF94000000434D425F55425369676E3030303215", "UBS Access Card used for online banking with UBS in Switzerland.\nIt resides in a calculator like token, that is used for a challenge\nresponse when logging in." }, + { "3BFF940000400A80310073122113574A330E01314100", "O2 Loop SIM card" }, + { "3BFF940000400A80310073122113574A330E02314100", "GSM-SIM Beeline RU (Telecommunication)\nhttp://beeline.ru" }, + { "3BFF940000400A80310073122113574A330E02324100", "Turkcell SIMPlus64 / Turkey" }, + { "3BFF940000400A80310073122113574A330E10314100", "GSM SIM MEDIONmobile (MVNO) the Netherlands (Telecommunication)" }, + { "3BFF940000801F478031E073FE210000000000830F900052", "Telecommunication SIM (Telecommunication)" }, + { "3BFF9400008131804380318065B0850201F3120FFF82900079", "Serbian Identity Card (eID)\nJava Card (Sealys MultiApp ID v2.1) supporting Global Platform 2.1.1" }, + { "3BFF9400008131FE4380318065B0846160FB120FFD8290000E", "IDPrime 930 FIPS Level 3 (T=1 CT=94) (BAI4) (PKI)" }, + { "3BFF9400008131FE4380318065B085040011120FFF829000E2", "DPI Card ID Guatemala Version 2018 (eID) (eID)\nhttps://www.renap.gob.gt" }, + { "3BFF940000C00AB1FE491F438031E073F62113573436434132302068", "Sonera UICC (Telecommunication)" }, + { "3BFF9400FF400A80310073122113574A332009314100", "Globul GSM operator card (Bulgaria) (Telecommunication)" }, + { "3BFF9400FF80B1FE451F030068D276000028FE052231800090001E", "Alice Business card (to be used in the modem supplied by an Italian provider)" }, + { "3BFF9400FF80B1FE451F030068D276000028FF051E318000900023", "D-Trust Signature Card (www.d-trust.net):\n- Citizencard of the People of Ulm in Germany (Burgerkarte)\n- Qualified Electronic Signature Card (Qualifizierte Signaturkarte)" }, + { "3BFF9400FFC00A1F438031E073362113574A43491C3130321C", "Giesecke & Devrient - UniverSIM Pegasus" }, + { "3BFF9400FFC00A1F478031E073F62113574A33200B314141D4", "SIM (Telecommunication)" }, + { "3BFF950000400A80310073122113574A330E10314100", "Verizon GSM SIM (Telecommunication)" }, + { "3BFF9500008031FE4380318067B0850201F3A3018301900045", "Swedish digital tachograph driver smart card (Other)\nhttps://www.transportstyrelsen.se/sv/vagtrafik/Yrkestrafik/Kor--och-vilotider/Fardskrivare/ansokan-om-forarkort/" }, + { "3BFF9500008031FE4380318067B0850201F3A3048301900040", "Company Card for authentication in tachograph applications (Other)\nhttps://ec.europa.eu/transport/modes/road/social_provisions/tachograph/tachonet_en" }, + { "3BFF9500008031FE4380318067B0850201F3A3138301900057", "Driver's Card (Tachograf card) issued by pwpw Poland (Transport)\nhttps://www.pwpw.pl/en/Products/Cards/Cards.html" }, + { "3BFF9500008031FE4380318067B0850201F3A3138301F83BFF", "UK Drivers Tachograph Card (Transport)" }, + { "3BFF950000C00A1F438031E073362113574A330E0231410088", "'BASE' SIM card; BASE is a german mobile phone operator, which is a brand of E-Plus, Germany." }, + { "3BFF95000150801C444E41535034323020526576533430", "Nagra card Canal+ (Polish TV provider) (Pay TV)\nhttps://pl.canalplus.com/" }, + { "3BFF95000150801C444E41535034323020526576533430F1", "NC+ Polland (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, + { "3BFF95000150801C444E41535034323020526576533430F15D", "NC+ Polland (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, + { "3BFF95000150801C444E41535034323020526576533441", "Platforma Canal+ Polska, cayman card (Pay TV)\nhttps://www.flysat.com/canalplus-pl.php" }, + { "3BFF9500FF400A803100731A2113574A504860314147", "Vodafone 64 KB SIM with Javacard" }, + { "3BFF9500FF400A8031E873F62113674A474860314200", "Giesecke & Devrient STARSIM" }, + { "3BFF9500FF50801C444E41535034303020526576493431", "Pay TV card nc+ polish (seca with merlin layer) (Pay TV)\nhttp://www.flysat.com/ncplus.php" }, + { "3BFF9500FF50801C444E41535034303020526576493435", "Decoder card for VOO TV distributer in Belgium (Pay TV)" }, + { "3BFF9500FF50801C444E41535034303020526576493439", "Big TV India (Pay TV)\nhttps://www.lyngsat.com/packages/Big-TV.html" }, + { "3BFF9500FF50801C444E41535034303020526576493441", "Pay TV - NC+ in Poland (Pay TV)\nhttp://ncplus.pl/" }, + { "3BFF9500FF50801C444E41535034303020526576493447", "Platforma Canal+ Polska, cameleon card (Pay TV)\nhttps://www.flysat.com/canalplus-pl.php" }, + { "3BFF9500FF50801C444E4153503430302052657649344A", "Sat Tv (Nagra) (Pay TV)" }, + { "3BFF9500FF50801C444E41535034303020526576493548", "Canal+ France Nagra3 (Pay TV)\nhttps://www.canalplus.com/" }, + { "3BFF9500FF50801C444E41535034383220526576523038", "CANALSAT, mediaguard key (Pay TV)" }, + { "3BFF9500FFC00A1F438031E073362113574A3320073341411F", "Swisscom 3G SIM card" }, + { "3BFF9500FFC00A1F438031E073F62113574A334857314141E5", "MTNL 3G USIM (India)" }, + { "3BFF9500FFC00A1F438031E073F62113574A334861324147D6", "GSM SIM (issued by e-plus, Germany)" }, + { "3BFF9500FFC00A1F438031E073F62113574A554860324100F6", "GSM SIM from O2 Germany (UMTS ready) from 2005" }, + { "3BFF9500FFC00A1F478031E073F62113574A33200B314141D5", "Telenor SIM card (Norway)" }, + { "3BFF9600008031FE45536D40727443616665204578702E374E", "haruka (eID)" }, + { "3BFF9600008131804380318065B0850300EF12026C829000F9", "Authorization Card (eID)" }, + { "3BFF9600008131804380318065B0850300EF120FFF82900067", "Greek Academic ID (eID)\nhttp://academicid.minedu.gov.gr/" }, + { "3BFF9600008131804380318065B0850300EF12FFFE82900096", "Gematlo IDCore 8030 (JavaCard)" }, + { "3BFF9600008131804380318065B08503010F120FFF82900086", "Azerbaijan Republic National Identity Card (eID) (eID)\nhttps://www.mia.gov.az/" }, + { "3BFF9600008131804380318068B0850300EF780100829000F1", "Cameroon National Identity Card (eID)" }, + { "3BFF9600008131FE4380318065B0845651101201788290006A", "SafeNet eToken 5300 (PKI)" }, + { "3BFF9600008131FE4380318065B08456511012021082900001", "Nedap NexS N:Secure (eID)\nhttps://www.nsecure.nl/nl/" }, + { "3BFF9600008131FE4380318065B0846160FB120FFD8290000C", "IDPrime 930 FIPS Level 2 (T=1 CT=96) (BAI3.1) (PKI)" }, + { "3BFF9600008131FE4380318065B0846566FB12017882900085", "eToken 5110+ FIPS 140-2 Level 2 (JavaCard)" }, + { "3BFF9600008131FE4380318065B0846566FB120FFC8290000F", "SmartID 3930 FIDO Contact and Contactless card (PKI)\nhttps://www.smartcardfocus.com/shop/ilp/id~962/safenet-idprime-3930-fido-dual-interface-fips-l2/p/index.shtml" }, + { "3BFF9600008131FE4380318065B0846669FB12FFFE829000F1", "IDCore3230 build 6.8, test APDU applet (JavaCard)" }, + { "3BFF9600008131FE4380318065B085040011120FFF829000E0", "Pakistan National identity card (eID)" }, + { "3BFF9600008131FE4380318065B085040120120FFF829000D0", "Portuguese National Identity Card (eID) (eID)\nhttps://www.autenticacao.gov.pt/o-cartao-de-cidadao" }, + { "3BFF9600008131FE4380318065B085050011120FFF829000E1", "Portuguese autentication card (eID)\nhttps://www.autenticacao.gov.pt/web/guest/cc-aplicacao" }, + { "3BFF9600008131FE4380318065B08505003912017882900040", "Identicard for french advocates (eID)\nhttps://doc.ubuntu-fr.org/avocats_sur_ubuntu" }, + { "3BFF9600008131FE4380318065B0855956FB12017882900088", "SafeNet 5110 token for eSignature (eID)\nhttps://www.certsign.ro/en/support/safenet-installing-the-device-on-windows/" }, + { "3BFF9600008131FE4380318065B0855956FB120FFC82900002", "THALES SafeNet IDPrime 3940 Fido (PKI)\nhttps://cpl.thalesgroup.com/fr/resources/access-management/idprime-3940-product-brief" }, + { "3BFF9600008131FE4380318065B0855956FB120FFE82900000", "SafeNet eToken 5110 SC (PKI)\nhttps://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token" }, + { "3BFF9600008131FE4580F9A0000003080000100053454E54AC", "cac (eID)" }, + { "3BFF9600008131FE55006B02090403010101434E53103180EB", "Aruba PEC SpA digital signature card made by Incard (eID)\nhttps://www.pec.it/download-software-driver.aspx" }, + { "3BFF960000C00A31FE4380318065B085040011120FFF829000AB", "French National Identity Card (eID) (eID)\nhttps://www.interieur.gouv.fr/actualites/actu-du-ministere/nouvelle-carte-nationale-didentite" }, + { "3BFF9600FF8131FE406563111562025000100A0190A90730BF", "girocard Sparkasse Ansbach, Germany BLZ 76550000 (Bank)" }, + { "3BFF9600FF8131FE406563111562025000100A0271500730A4", "Debitcard Sparkasse Duesseldorf (Bank) (Bank)\nhttps://www.sskduesseldorf.de/" }, + { "3BFF9600FF8131FE406563111665025000100B22BBEB074080", "girocard contactless (Bank)" }, + { "3BFF9600FF8131FE4065631D02840156001F190850E10200EF", "Raiffeiesenbank Girocard Maestro (Bank)" }, + { "3BFF9600FF8131FE4065631D02840156001F2108B0A902007F", "Debit Card Sparda-Bank Baden-Wurttemberg eG (Bank)" }, + { "3BFF9600FF8131FE4065631D028401560024090A10CC0200AB", "Postbank Germany (Bank)\nhttps://www.postbank.de/privatkunden/services.html" }, + { "3BFF9600FF8131FE4065631D028402500023010A60D40200C9", "DKB Girocard (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, + { "3BFF9600FF8131FE4065631D0284025000230308C0B702000A", "German Debitcard from Sparkasse (Bank)" }, + { "3BFF9600FF8131FE4065631D0284025000230709E0F9020061", "Sparkasse Ingolstadt (Bank)" }, + { "3BFF9600FF8131FE4065631D0284025000231208A0EB020027", "Girocard (Bank)" }, + { "3BFF9600FF8131FE4065631D028402500023140710B80200CD", "Sparkasse Aachen - german Maestro/Girocard (S-Payment TGI 50380969) (Bank)" }, + { "3BFF9600FF8131FE4065631D028402500023150860DC0200D7", "Deutsche Kreditbank AG, Girocard (Bank)\nhttps://www.dkb.de" }, + { "3BFF9600FF8131FE4065631D028402500023160BB0C102001A", "debit card (Bank)" }, + { "3BFF9600FF8131FE4065631D0284025000232106F0ED02004C", "DKB Girocard (Bank)" }, + { "3BFF9600FF8131FE4065631D028402500023230900A80200F4", "Kreissparkasse girocard (Bank)" }, + { "3BFF9600FF8131FE4065631D038601560002130B90FE011034", "EC card from Raiffeisenbank im Hochtaunus, Germany (Bank)" }, + { "3BFF9600FF8131FE4065631D0386025000230808914F0110B8", "Debit card (Germany): ec-cash, GeldKarte(EUR), Visa, Cirrus (Bank)" }, + { "3BFF9600FF8131FE4065631D038602500023130981390110C4", "girocard contactless (Bank)" }, + { "3BFF9600FF8131FE456563060752025000103025411A064082", "DKB (Deutsche Kreditbank) girocard (V-PAY, GeldKarte) (Bank)\nhttps://www.dkb.de/privatkunden/karten/girocard" }, + { "3BFF9600FF8131FE4565630D09710764000D00035450070181", "Commerzbank ServiceCard / Maestro / GeldKarte / Cirrus / girocard / CashGroup / electronic cash" }, + { "3BFF9600FF8131FE4565631901500280000F002B0046501172", "Sparkasse Bremen Germany HBCI DDV" }, + { "3BFF9600FF8131FE4565631901500280000F002F0025501115", "German Postbank Giro card with electronic cash, Maestro, GeldKarte features" }, + { "3BFF9600FF8131FE4D8031E06B0431050277555555555555EA", "IRMA card (eID)\nhttp://irmacard.org" }, + { "3BFF9600FF8131FE55006B02090403010101434E5310318014", "JavaCard Bit4Id (JavaCard)" }, + { "3BFF9600FF918131FE4D8031E06B043105027555555555555579", "algeria national identity card (eID)" }, + { "3BFF9600FFC00A1F438031E073362113574A43491C3130321E", "Giesecke & Devrient - UniverSIM Pegasus" }, + { "3BFF9600FFC00A31FE4D8031E06B04200502585555555555559F", "MULTOS (Other)" }, + { "3BFF9600FFC00A31FE4D8031E06B04310502A85555555555557E", "Multos (Other)" }, + { "3BFF9700008131FE4380318065B0846160FB120FFD8290000D", "IDPrime 3930 FIPS Level 3 (T=1 CT=97) (BAI6) (PKI)" }, + { "3BFF9700008131FE4380318065B08466693912FFFE82900032", "IDCore3230 build 6.8, test APDU applet (JavaCard)" }, + { "3BFF9700FFC00A31FE4D8031E06B04520502BB5555555555550F", "MULTOS Dual Interface Card - MC4-P23-S1 (Other)" }, + { "3F05DC20FC0001", "DigiCash Facility Card" }, + { "3F28000011140003689000", "SIMEMU - a DIY GSM SIM card\nhttp://simemu.cjb.net/" }, + { "3F2D0027A051827D00000052000C9000", "Porta Moedas Multibanco (Portugeese electronic purse)" }, + { "3F2F0036AF690204018000000A0E833E9F16", "SIM Card GSM (Telecommunication)" }, + { "3F2F008059AF0201013000000A0E83069F12", "Gemplus GemXplore" }, + { "3F2F008059AF02010230000C0A0E831E9F16", "GSM-SIM (900MHz) card of the carrier 'Mannesmann Mobilfunk' for\ntheir network 'D2-Privat' - now known as Vodafone Mobilfunk\nhttp://www.vodafone.de/" }, + { "3F2F008069AE0202013600000A0E833E9F16", "GSM-SIM e-plus (1800MHz)" }, + { "3F2F008069AF0204013600000A0E833E9F16", "Telia Mobitel GSM (Telecommunication)" }, + { "3F2F008069AF0204013600020A0E833E9F16", "GSM-SIM D2 CallYa (900MHz)" }, + { "3F2F008069AF0307015900000A0E833E9F16", "Nokia SIM Ph2 16K Ver2.0" }, + { "3F2F008069AF0307015900130A0E833E9F16", "Old Spanish Telefonica Movistar GSM SIM card manufactured by Gemplus" }, + { "3F2F008069AF0307015900240A0E833E9F16", "dialog romania now orange (Telecommunication)\nhttps://orange.ro" }, + { "3F2F008069AF0307035200000A0E833E9F16", "GemXplore 98 V1 16K" }, + { "3F2F008069AF03070352000D0A0E833E9F16", "GSM-SIM Debitel D2 (900MHz)" }, + { "3F2F008069AF0307035A00150A0E833E9F16", "Virgin Mobile SIM (Gemplus)" }, + { "3F36110053495B015153", "Sodexo Pass Lunch Card. An employee benefits card to provide meal tickets to workers. (Other)\nhttps://www.sodexo-benefits.it/prodotto/aziende/pausa-pranzo-aziende/pass-lunch-card/#tabsoluzioni" }, + { "3F3BF81300008131FE454A434F5076", "District6 Group employee ID (eID)" }, + { "3F3D1100806728500402200000838E9000", "GSM SIM card of the Austrian provider A1" }, + { "3F3E110046524543434941524F5353419000", "Trenitalia (Italy) fidelity card 'CartaFreccia' (Smartcard)" }, + { "3F3F94008069AF0307015900000A0E833E9F16", "Finnish SIM card from 'Radiolinja' now 'Elisa'" }, + { "3F6525....046C90.0", "Carte Bancaire (French banking card)" }, + { "3F65250024096B9000", "Old Postgirot/Plusgirot SmartSec bank ID card (Bank)" }, + { "3F65250024096E9000", "Oberthur Bull CP8 smart card. Russian 'Pochtovyj Bank' (Bank)" }, + { "3F6525002B09629000", "Coinamatic SmartyCity smartcard" }, + { "3F6525002B09699000", "Municipal parking meter card for the City of St. John's, NL, Canada.\nhttp://www.stjohns.ca/index.jsp" }, + { "3F6525002B09EB9000", "Bull Scot 5" }, + { "3F6525002[2C]09[F6]99000", "Sesam Vitale (French health card)" }, + { "3F65250052096A9000", "French carte Vitale" }, + { "3F6525005343689000", "'Flying Cow'- russian pirate CAM-card. (Pay TV)\nhttp://mxc.do.am/publ/collection/viewing_card_smart_karty_sputnikovogo_veshhanija/flying_cow_smart_card/13-1-0-25" }, + { "3F652500A[34]096A9000", "Sesam Vitale (French health card)" }, + { "3F6525082204689000", "France Telecom card (ex Pastel card)" }, + { "3F6525082304689000", "France Telecom card" }, + { "3F6525083304209000", "D-Trust card" }, + { "3F65250843046C9000", "CB visa La Poste France (Oberthur)\nCB visa Societe Generale France (Oberthur)" }, + { "3F65250863046C9000", "CB visa La Poste France (Oberthur)\nCB Master Carte du Credit Mutuel" }, + { "3F65250865046C9000", "CB visa Boursorama France (Axalto)" }, + { "3F6535100.04[6,E]C9000", "Postcard (Switzerland)" }, + { "3F6535100104EC9000", "Old Swiss Postbank card (Bank)" }, + { "3F6535640104689040", "Bull AFNOR-positioned microprocessor chip card 'Carte Pastel Internationale' by France Telecom (Other)\nhttp://phonecards.free.fr/carte_pastel.htm" }, + { "3F6535640204689040", "Carte Pastel Nationale - nominal France Telecom service card with Bull CP8 chip in AFNOR position (Other)" }, + { "3F65356402046C9040", "Postcard (Switzerland)" }, + { "3F6725002120000F689000", "Smart Builder 'your kit for PC/SC applications' and Bull\nhttp://www.cp8.bull.net/" }, + { "3F6725002120000F789000", "Bank Nederlandse Gemeenten, BNG Data Services" }, + { "3F67250026140020689000", "Pay-TV card from Casema Cable Television, Netherland" }, + { "3F6725002A20000F689000", "Carte Grand Voyageur (SNCF: French train company)" }, + { "3F6725002A200040689F00", "Swiss Cash card\nChipknip SNS Bank (banking card)" }, + { "3F6725002A200041689000", "ChipKnip" }, + { "3F6725002A20004[01]689000", "Dutch ChipKnip, Proton\n(chip Bull CC 60 V1, Bull CC 60 V2 or Bull CC 1000)" }, + { "3F67250421200007689000", "Philips TB100 (C-MOS chip)" }, + { "3F672F0011140001689000", "FilmNet(Sweden, 1984-1997) (Pay TV)" }, + { "3F672F0011140003689000", "D2MAC/Eurocrypt (Pay TV)" }, + { "3F672F0411200000689000", "BULL HN ITALIA 06/92 - 100.000 - 64MP\nLa Sapienza - Universita' di Roma" }, + { "3F69000024AF01700101FF9000", "French GSM SIM card (900MHz)" }, + { "3F69000025AF01700103FF9000", "French Gift Card (Loyalty)" }, + { "3F6A000000640150010C820101A9", "Credit Card cafe Selecta" }, + { "3F6B150002A007906F4D59000C9000", "Sky Viewing Card (Gen 1) from 1990s (Pay TV)" }, + { "3F6C000024A03000FF00000100049000", "Gemplus MCOS 16K DES Sample Card" }, + { "3F6C000025A0308976000001030C9000", "MCOS 24Ko Gemplus (eID)" }, + { "3F6C000025A0308976000004010C9000", "MCOS 24k EEPROM" }, + { "3F6C000025A03100FF00000180049000", "Motorola Clone Card (Telecommunication)\nhttp://web.mclink.it/MK0750/Motorola_files/docuclon.txt" }, + { "3F6C00003CA0309E6100000100049000", "Gemplus - British Gas - Gascard" }, + { "3F6C00003CA030A758000001018C9000", "Rendezvous Series 7 (D2-Mac satellite TV card)" }, + { "3F6C00003DA030BE4100370100049000", "Sberbank (Bank)" }, + { "3F6D000080318065B00501025E83009000", "Gemplus GemXpresso 211PK or 211PK-IS" }, + { "3F6D000080318065B00501025E92009000", "Gemplus GemXpresso 32K" }, + { "3F7613250421B0114A5003", "DSS/DTV F (P1; first generation access card) (Pay TV)" }, + { "3F77130000C11400A2689000", "Boxer DTV Sweden (Pay TV)\nhttp://www.boxer.se" }, + { "3F77180000C11400A2689000", "Viacess card HRT (Hrvatska Radio Televizija)" }, + { "3F77180000C11401A2689000", "VIA 2.6 XXX (Pay TV)" }, + { "3F77180000C21400C1689000", "Viaccess Sexview" }, + { "3F77180000C2474000689000", "Viacces card: SRG SSR idee suisse" }, + { "3F77180000C27A4102689000", "Viacces card: SRG SSR idee suisse" }, + { "3F77180000C27A4202689000", "SCT (Via Access)" }, + { "3F77180000C27A4302689000", "DORCEL (Via Access)" }, + { "3F77180000C27A4402689000", "XXX Redlight_HD (Viaccess)" }, + { "3F77180000C2EB41026C9000", "Elite HD10+ (Pay TV)\nSatellite cryptoworks card - Smart card Viaccess (Telesat - belgium) (Pay TV)" }, + { "3F77180000C2EB45026C9000", "facetv (Other)" }, + { "3F77180000D38A4001649000", "Skylink Viaccess 5.0 (Pay TV)\nhttp://www.skylink.sk/" }, + { "3F77180000D38A4201649000", "Satellite decoder card for TV Vlaanderen (Other)\nhttps://www.tv-vlaanderen.be" }, + { "3F77180000DAAC4114649000", "Fransat PC7 (Pay TV)\nhttps://www.fransat.fr/" }, + { "3F7718250029140062689000", "Viaccess card" }, + { "3F7812250140B0034A50204855", "DSS/DTV H" }, + { "3F7813250340B020FFFF4A5000", "DSS/DTV P4" }, + { "3F7D11250241B00369FF4A50F08000565403", "Viasat Baltics Videoguard card (Pay TV)" }, + { "3F7E11250521B01200004D59000000534B0900", "Sky Viewing Card (Gen 9) (Pay TV)" }, + { "3F7E11250540B00800004D59000000534B0B07", "BSkyB Series 11 (DSS satellite TV card)" }, + { "3F7E11250540B00800004D59000000534B0B08", "Sky Series 11 (DSS satellite TV card)" }, + { "3F7E11250940B00100004D59000003534B0A01", "Sky Series 10 (DSS satellite TV card)" }, + { "3F7F11250333B00969FF4A507000005654010000", "Viasat Baltic (satellite card, NDS)" }, + { "3F7F11250540B00F69FF4D59000000534B0C0600", "Sky Series 12 (DSS satellite TV card)" }, + { "3F7F13250140B01069FF4A5001474C0000000000", "NDS Smartcard (Pay TV)" }, + { "3F7F13250240B00C69FF4A50C000005253000000", "Stream Italy NDS 1 (Pay TV)" }, + { "3F7F13250240B01269FF4A5090474C0000000000", "NDS VideoGuard GL23 Card (Sky Brazil) (Pay TV)\nhttps://en.wikipedia.org/wiki/VideoGuard" }, + { "3F7F13250240B01269FF4A509054560000000000", "NDS Smartcard (Pay TV)" }, + { "3F7F13250241B004FFFF4A508080000000475806", "NDS card DIRECTV (Other)" }, + { "3F7F13250241B00EFFFF4A508080000000474C07", "SKY BRASIL (Pay TV)" }, + { "3F7F13250333B00669FF4A50D000005359000000", "Sky 2005/6 (DSS satellite TV card)" }, + { "3F7F13250333B01169FF4A505000004956010000", "Indonesia Videoguard 2 card" }, + { "3F7F13250333B01169FF4A505000005344010000", "STAR TV (Pay TV)" }, + { "3F7F13250338B004FFFF4A500000294855......", "DSS/DTV HU" }, + { "3F7F13250340B00B694C4A50C000005359000000", "Sky Digital (DSS satellite TV card)" }, + { "3F7F13250540B01169FF4A500000004754000C00", "YES DBS Israel Videoguard 090C,090D" }, + { "3F7F15250333B01169FF4A505000004956010000", "Sky Germany V13 Smartcard (Pay TV)" }, + { "3F961880018051006110309F", "Atmel/Athena T0 Inverse Convention PC/SC Compliance Test Card No. 2" }, + { "3FEF00FF8131..456563", "Debit card (Germany): ec-cash, GeldKarte(DEM), Maestro, Cirrus" }, + { "3FFA1125040001B00200004D59008180", "Sky Viewing Card (Gen 1) from 1990s (Pay TV)" }, + { "3FFA1125050001B0023B364D59028090", "HackTV SKY11 PIC16F84 card (Other)\nhttps://github.com/captainjack64/hacktv" }, + { "3FFA1125050001B0023B404D59008180", "Sky Viewing Card (Gen 7) (Pay TV)" }, + { "3FFA1125050001B0023BD04D59008180", "Sky Viewing Card (Gen 7) (Pay TV)" }, + { "3FFD11250250000333B01569FF4A50F080034B4C03", "Kabel Deutschland G02 (Pay TV)" }, + { "3FFD11250250800F41B00A69FF4A507080005A4503", "Buypass smart card (Bank)\nhttps://www.buypass.no/bruker/buypass-id/buypass-smartkort" }, + { "3FFD11250250800F41B00D69FF4A50F08000565403", "Viasat (Pay TV)" }, + { "3FFD11250250800F41B00F69FF4A50F080005A4A03", "Telekom Romania Communications (DVB-C) (Pay TV)\nhttps://www.telekom.ro/" }, + { "3FFD13250250000F33B00F69FF4A50D00000535902", "Sky Digital (DSS satellite TV card) 2009 issue" }, + { "3FFD13250250000F33B01669FF4A50D08000535903", "Sky TV Multiroom (Pay TV)" }, + { "3FFD13250250800F..B0..69FF4A50D08000495403", "Sky (Italy) VideoGuard CAM card" }, + { "3FFD13250250800F33B008FFFF4A50900000474C01", "Sky (Brasil) VideoGuard CAM card" }, + { "3FFD13250250800F33B008FFFF4A50900000545601", "NDS Videoguard TV CAM card (Sky Mexico 0905) (Pay TV)\nhttps://en.wikipedia.org/wiki/VideoGuard" }, + { "3FFD13250250800F41B00A69FF4A50F00000503103", "Sky Germany V14 NDS card (Pay TV)\nhttp://www.wikipedia.org/wiki/Sky_Deutschland" }, + { "3FFD13250250800F41B00F69FF4A50F080005A4A03", "Orange Romania (DVB-C) (Pay TV)\nhttps://www.orange.ro/" }, + { "3FFD13250250800F55B00269FF4A50F08000503103", "SKY DE V15 (Pay TV)" }, + { "3FFD14250150000F33B00BFFFF4A50800000475801", "DirecTV card" }, + { "3FFD14250250800F41B00A69FF4A507080004E5A03", "Sky Network Televisiton Limited (New Zealand) card for new (2016) decoder. Reportedly, this is a Kaon NS1120-500 box. (Pay TV)\nhttp://www.sky.co.nz" }, + { "3FFD14250250800F41B00D69FF4A50F08000425203", "Airtel Digital TV (Pay TV)" }, + { "3FFD15250250000333B01569FF4A50F080034B4C03", "Kabel Deutschland (G02) (Pay TV)\nhttps://www.kabeldeutschland.com" }, + { "3FFD15250250800F41B00569FF4A50F00000415A03", "astro Pay TV Measat 91.5 E Caid: 0910 Provider: 000000" }, + { "3FFD15250250800F41B00A69FF4A50F00000503103", "Sky Germany [NDS|V14] (098C:000000) (Pay TV)" }, + { "3FFD15250250800F41B00D69FF4A50F08000414A03", "beIN Sports Arabia NDS (09B5:000000) (Pay TV)" }, + { "3FFD15250250800F41B00D69FF4A50F08000565403", "TVPLAY HOME (Pay TV)\nhttps://www.tvplayhome.lt/" }, + { "3FFD15250250800F55B00269FF4A50F08000503103", "Sky Germany [NDS|V15] (098D:000000) (Pay TV) (Pay TV)\nhttp://www.sky.de" }, + { "3FFDFF250250800F54B00469FF4A50D08000495403", "SKy italia (Pay TV)" }, + { "3FFE142503108041B00769FF4A5070804245544114", "OSN (Pay TV)\nhttps://www.osn.com" }, + { "3FFF112503108041B00669FF4A50700000415A010011", "Astro (Pay TV)\nhttp://www.astro.com.my" }, + { "3FFF112503108041B00769FF4A507000005031010011", "Sky (Germany) VideoGuard CAM card (www.sky.de)" }, + { "3FFF13250250800F54B003FFFF4A508000000000474C05", "Sky (Brasil) VideoGuard CAM card" }, + { "3FFF132503108033B00E69FF4A507000004954020000", "Sky entitlement card" }, + { "3FFF132503108033B01069FF4A507000004E5A010000", "NDS SKY NZ (Pay TV)" }, + { "3FFF13250B50000F33B00469FF4A50E000005335000000", "Stream TV (IP television) decoder card, provided by stream.ru ISP in Moscow" }, + { "3FFF13250B50000F33B00469FF4A50E000005438000000", "Stream TV (IP television) decoder card, provided by aon (Telekom Austria) TV card, contains Incorporated NDS Videoguard (TM) security system" }, + { "3FFF142503108033B01069FF4A507000004352010000", "Russian cable TV AKADO NDS Card (Pay TV)\nhttp://www.akado.ru/" }, + { "3FFF142503108033B01069FF4A507000005A45010000", "Norwegian DVB-C provider Get (www.get.no). NDS Videoguard security card." }, + { "3FFF142503108041B00169FF4A507000005356010000", "Tata Sky India Card (Telecommunication)" }, + { "3FFF142503108041B00169FF4A507000005A48010000", "'D-Smart' NDS from Turkie" }, + { "3FFF142503108041B00169FF4A507000005A4A010000", "Dolce by RomTelecom (Pay TV)" }, + { "3FFF142503108041B00169FF4A507000005A4B010000", "Pay TV, Viasat Ukraine" }, + { "3FFF142503108041B00269FF4A507000004252010000", "airtel (Pay TV)" }, + { "3FFF142503108041B00269FF4A50708000414F010014", "Pay TV" }, + { "3FFF142503108041B00769FF4A507080005844010014", "NDS vivacom Bulgaria card (Pay TV)\nhttps://www.vivacom.bg/bg/tv" }, + { "3FFF142503108041B00769FF4A5070800058440100FF", "Provider Vivacom Bulgaria NDS (Pay TV)\nhttp://www.vivacom.bg/en/satellite-services" }, + { "3FFF142503108041B00769FF4A507080005845010014", "Sat TV (Other)" }, + { "3FFF142503108054B00169FF4A507000004B57010000", "PayTV Card Kabel BW (www.kabelbw.de), Encryption: NDS by Videoguard, Distribution Standard: DVB-C" }, + { "3FFF152503108041B00769FF4A507000005031010015", "Sky (Germany) VideoGuard CAM card (www.sky.de) in Fast Mode (ins7e11=15) (Pay TV)" }, + { "3FFF3F3F3F3F003F3FFF3F3F3F3F3FFF3FFF953FFF953FFF", "Premium joker card to see Spanish TDT premium (goltv)" }, + { "3FFF9500FF918171..4700..4.4.....3.3.3.20..657.........", "Nagravision TV CAM card\nhttp://en.wikipedia.org/wiki/Nagravision" }, + { "3FFF9500FF918171..47004E434D45443.303.20526576..3.3...", "Mediaset Premium (Italy) CAM card" }, + { "3FFF9500FF918171644700444E41535030303320526576333233FF", "Satellite TV Card 'Via Digital' (Nagra)" }, + { "3FFF9500FF918171A04700444E4153503031302052657641323048", "DSS/DISH ROM10" }, + { "3FFF9500FF918171A04700444E4153503031302052657641323149", "PayTV card for DishNetwork Sat receiver\nhttp://www.dishnetwork.com/" }, + { "3FFF9500FF918171A04700444E4153503031312052657642", "NTL digital TV card (Nagravision)" }, + { "3FFF9500FF918171A04700444E415350303131205265764230364E", "Telewest Broadband (Nagravision)" }, + { "3FFF9500FF918171A04700444E415350303131205265764230423A", "NagraVision card for StarHub Digital Cable DVB-C Singapore" }, + { "3FFF9500FF918171A04700444E415350303131205265764230443C", "NagraVision card for Virgin Media in the UK" }, + { "3FFF9500FF918171A04700444E415350313830204D657230303028", "NagraVision (VG04) for Virgin Media (UK)\nNagraVision 3 for DigiTV (Romania)\nhttp://www.rcs-rds.ro/televiziune-digi-tv/satelit" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641303114", "TVA Digital - Nagra Vision ID TV-01" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641303712", "UPC Austria/UPC-Cablecom Switzerland, digital television encryption card\nhttp://www.upc-cablecom.ch/" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641323215", "UM01 card from German Unitymedia cable TV provider" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641343514", "Telenet N.V. HDTV Decoder Card Belgium" }, + { "3FFF9500FF918171FE4700444E4153503131302052657641433365", "Brazilian NET Digital (Cable TV provider) - Nagra Vision 'NASP110 RevA01'" }, + { "3FFF9500FF918171FE4700444E4153503134322052657647303216", "Polsat Nagra3\nBrazil - Claro TV Nagra3 Red" }, + { "3FFF9500FF918171FE4700444E4153503134322052657647303410", "Nagra 3 Card - Telefonica Brazil Green" }, + { "3FFF9500FF918171FE4700444E4153503134322052657647303612", "UM02 card from German Unitymedia cable TV provider" }, + { "3FFF9500FF918171FE4700444E4153503134322052657647433463", "HD+ card used by the satellite company astra for decryption of the HDTV channels of RTL, VOX, Sat1 and ProSieben. Nagravision V3 is used for the encryption." }, + { "3FFF9500FF918171FE4700444E415350313830204D65724A30320E", "Nagra 3 Digital Plus Spain" }, + { "3FFF9500FF918171FE4700444E415350314130204D65725332336D", "Ziggo (Pay TV)" }, + { "3FFF9500FF918171FE4700444E41535032343120447368", "DISH Network G3 (Pay TV)" }, + { "3FFF9500FF918171FE4700444E415350323431204473684830390C", "Dish Network Smart Card (Pay TV)" }, + { "3FFF9500FF918171FE47004E434D4544303041205265764130316C", "Mediaset Premium (Italy) 2013" }, + { "3FFF9500FF918171FE47004E434D4544303043205265764330306D", "Mediaset Premium rechargeable (Pay TV)\nhttp://www.mediasetpremium.it/" }, + { "3FFF9500FF918171FE47005449474552363031205265764D383013", "Spanish pay TV card for GOLTV" }, + { "3FFF9500FF918171FE5700444E415350314230204D657257323079", "Vodafone HUNGARY (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651323113", "Nagravision D08 / KD-31 Vodafone Cable Germany (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651323210", "Telenet CI+ card Belgium (Pay TV)\nhttps://www2.telenet.be/nl/tv-met-een-kaartje/" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651323517", "New ROM of Nagra PayTV Card DNASP410 (Pay TV)\nhttp://en.wikipedia.org/wiki/Nagravision" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651323715", "New Digi Slovakia (Pay TV)\nhttps://www.lyngsat.com/packages/Digi.html" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651324260", "Nagravision Kudelski Generation 7 card Rom410 MerQ2B (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503431302052657651325371", "Slovak and Czech pay TV provider Slovak Telecom (Pay TV)\nhttp://www.flysat.com/novadigi-sk.php" }, + { "3FFF9500FF918171FE5700444E4153503432302052657653363017", "HD+ HD04b Card (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503432302052657653363413", "claro card honduras central america 'NAGRA' (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503432302052657653364166", "NAGRA KUDELSKI (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503432302052657653364265", "Nagra Kudelski / Canalsat Reunion (Pay TV)" }, + { "3FFF9500FF918171FE5700444E4153503435302052657657363014", "HD+ HD05 Paytv smartcard (Pay TV)" }, + { "3FFF9500FF918171FE5700444E415350343832205265765232361C", "Max Tv Croatia (Pay TV)\nhttps://www.lyngsat.com/packages/Max-TV.html" }, + { "3FFF9500FF918171FE5700444E415350353532204473684E30391F", "Dish Network ROM552 (Pay TV)" }, + { "3FFF9500FF918171FE5700444E415350353532204473684E304264", "Dish Network (Satellite Pay TV) NASP 552 (Pay TV)\nhttp://www.dishnetwork.com/" }, + { "3FFF9500FF918171FE5700444E415350353533205265764E304178", "BELL CA EXPRESS VU CARD (Pay TV)" }, + { "3FFF9500FF918171FF4700444E4153505330312044736836303916", "PayTV card for DishNetwork Sat receiver\nhttp://www.dishnetwork.com/\nCards were obsoleted in nationwide system update in 2009." }, + { "3FFF9500FF918171FF4700444E4153505330312052657636343702", "BELL EXPRESSVU (Pay TV)" }, + { "3FFF9500FF918171FF470054494745523030332052657632353064", "Tivu' Sat (Italy) CAM card www.tivu.tv" }, + {NULL, "n/a"} +}; #endif diff --git a/client/src/cmdflashmem.c b/client/src/cmdflashmem.c index d1e9ab672..dbb030bf8 100644 --- a/client/src/cmdflashmem.c +++ b/client/src/cmdflashmem.c @@ -17,6 +17,7 @@ //----------------------------------------------------------------------------- #include "cmdflashmem.h" #include +#include #include "cmdparser.h" // command_t #include "cliparser.h" #include "pmflash.h" // rdv40validation_t @@ -192,7 +193,7 @@ static int CmdFlashMemLoad(const char *Cmd) { CLIParserInit(&ctx, "mem load", "Loads binary file into flash memory on device\n" "Warning: mem area to be written must have been wiped first\n" - "( this is already taken care when loading dictionaries )", + "( dictionaries are serviced as files in spiffs so no wipe is needed )", "mem load -f myfile -> upload file myfile values at default offset 0\n" "mem load -f myfile -o 1024 -> upload file myfile values at offset 1024\n" "mem load -f mfc_default_keys -m -> upload MFC keys\n" @@ -217,6 +218,7 @@ static int CmdFlashMemLoad(const char *Cmd) { bool is_t55xx = arg_get_lit(ctx, 4); int fnlen = 0; char filename[FILE_PATH_SIZE] = {0}; + char spiffsDest[32] = {0}; CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); CLIParserFree(ctx); @@ -246,57 +248,46 @@ static int CmdFlashMemLoad(const char *Cmd) { switch (d) { case DICTIONARY_MIFARE: - offset = DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages); - keylen = 6; - res = loadFileDICTIONARY(filename, data + 2, &datalen, keylen, &keycount); + keylen = MF_KEY_LENGTH; + res = loadFileDICTIONARY(filename, data, &datalen, keylen, &keycount); if (res || !keycount) { free(data); return PM3_EFILE; } - // limited space on flash mem - if (keycount > DEFAULT_MF_KEYS_MAX) { - keycount = DEFAULT_MF_KEYS_MAX; - datalen = keycount * keylen; + if (datalen > FLASH_MEM_MAX_SIZE_P(spi_flash_pages)) { + PrintAndLogEx(ERR, "error, filesize is larger than available memory"); + free(data); + return PM3_EOVFLOW; } - - data[0] = (keycount >> 0) & 0xFF; - data[1] = (keycount >> 8) & 0xFF; - datalen += 2; + strcpy(spiffsDest, MF_KEYS_FILE); break; case DICTIONARY_T55XX: - offset = DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages); - keylen = 4; - res = loadFileDICTIONARY(filename, data + 2, &datalen, keylen, &keycount); + keylen = T55XX_KEY_LENGTH; + res = loadFileDICTIONARY(filename, data, &datalen, keylen, &keycount); if (res || !keycount) { free(data); return PM3_EFILE; } - // limited space on flash mem - if (keycount > DEFAULT_T55XX_KEYS_MAX) { - keycount = DEFAULT_T55XX_KEYS_MAX; - datalen = keycount * keylen; + if (datalen > FLASH_MEM_MAX_SIZE_P(spi_flash_pages)) { + PrintAndLogEx(ERR, "error, filesize is larger than available memory"); + free(data); + return PM3_EOVFLOW; } - - data[0] = (keycount >> 0) & 0xFF; - data[1] = (keycount >> 8) & 0xFF; - datalen += 2; + strcpy(spiffsDest, T55XX_KEYS_FILE); break; case DICTIONARY_ICLASS: - offset = DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages); - res = loadFileDICTIONARY(filename, data + 2, &datalen, keylen, &keycount); + keylen = ICLASS_KEY_LENGTH; + res = loadFileDICTIONARY(filename, data, &datalen, keylen, &keycount); if (res || !keycount) { free(data); return PM3_EFILE; } - // limited space on flash mem - if (keycount > DEFAULT_ICLASS_KEYS_MAX) { - keycount = DEFAULT_ICLASS_KEYS_MAX; - datalen = keycount * keylen; + if (datalen > FLASH_MEM_MAX_SIZE_P(spi_flash_pages)) { + PrintAndLogEx(ERR, "error, filesize is larger than available memory"); + free(data); + return PM3_EOVFLOW; } - - data[0] = (keycount >> 0) & 0xFF; - data[1] = (keycount >> 8) & 0xFF; - datalen += 2; + strcpy(spiffsDest, ICLASS_KEYS_FILE); break; case DICTIONARY_NONE: res = loadFile_safe(filename, ".bin", (void **)&data, &datalen); @@ -326,44 +317,57 @@ static int CmdFlashMemLoad(const char *Cmd) { uint32_t bytes_sent = 0; uint32_t bytes_remaining = datalen; - - // fast push mode - g_conn.block_after_ACK = true; - - while (bytes_remaining > 0) { - uint32_t bytes_in_packet = MIN(FLASH_MEM_BLOCK_SIZE, bytes_remaining); - - clearCommandBuffer(); - - flashmem_old_write_t payload = { - .startidx = offset + bytes_sent, - .len = bytes_in_packet, - }; - memcpy(payload.data, data + bytes_sent, bytes_in_packet); - SendCommandNG(CMD_FLASHMEM_WRITE, (uint8_t *)&payload, sizeof(payload)); - - bytes_remaining -= bytes_in_packet; - bytes_sent += bytes_in_packet; - - PacketResponseNG resp; - if (WaitForResponseTimeout(CMD_FLASHMEM_WRITE, &resp, 2000) == false) { - PrintAndLogEx(WARNING, "timeout while waiting for reply."); - g_conn.block_after_ACK = false; + // we will treat dictionary files as spiffs files, so we need to handle this here + if (d != DICTIONARY_NONE) { + res = flashmem_spiffs_load(spiffsDest, data, datalen); + if (res != PM3_SUCCESS) { + PrintAndLogEx(FAILED, "Failed writing passwrods to file %s", spiffsDest); free(data); - return PM3_ETIMEOUT; + return res; + } + PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%u")" passwords to file "_GREEN_("%s"), keycount, spiffsDest); + SendCommandNG(CMD_SPIFFS_UNMOUNT, NULL, 0); + SendCommandNG(CMD_SPIFFS_MOUNT, NULL, 0); + } else { + // fast push mode + g_conn.block_after_ACK = true; + + while (bytes_remaining > 0) { + uint32_t bytes_in_packet = MIN(FLASH_MEM_BLOCK_SIZE, bytes_remaining); + + clearCommandBuffer(); + + flashmem_old_write_t payload = { + .startidx = offset + bytes_sent, + .len = bytes_in_packet, + }; + memcpy(payload.data, data + bytes_sent, bytes_in_packet); + SendCommandNG(CMD_FLASHMEM_WRITE, (uint8_t *)&payload, sizeof(payload)); + + bytes_remaining -= bytes_in_packet; + bytes_sent += bytes_in_packet; + + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_FLASHMEM_WRITE, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + g_conn.block_after_ACK = false; + free(data); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + g_conn.block_after_ACK = false; + PrintAndLogEx(FAILED, "Flash write fail [offset %u]", bytes_sent); + free(data); + return PM3_EFLASH; + } } - if (resp.status != PM3_SUCCESS) { - g_conn.block_after_ACK = false; - PrintAndLogEx(FAILED, "Flash write fail [offset %u]", bytes_sent); - free(data); - return PM3_EFLASH; - } + g_conn.block_after_ACK = false; + PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%zu")" bytes to offset "_GREEN_("%u"), datalen, offset); } - g_conn.block_after_ACK = false; free(data); - PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%zu")" bytes to offset "_GREEN_("%u"), datalen, offset); return PM3_SUCCESS; } diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index d5fbf2633..f2d573a8c 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -84,6 +84,7 @@ static const iso14a_polling_frame_t ECP_FRAME = { }; +// based on ISO/IEC JTC1/SC17 STANDING DOCUMENT 5 (Updated 20 September 2024) Register of IC manufacturers static const manufactureName_t manufactureMapping[] = { // ID, "Vendor Country" { 0x01, "Motorola UK" }, @@ -103,12 +104,12 @@ static const manufactureName_t manufactureMapping[] = { { 0x0F, "Hynix / Hyundai, Korea" }, { 0x10, "LG-Semiconductors Co. Ltd Korea" }, { 0x11, "Emosyn-EM Microelectronics USA" }, - { 0x12, "INSIDE Technology France" }, + { 0x12, "Wisekey Semiconductors (previously INSIDE Technology) France" }, { 0x13, "ORGA Kartensysteme GmbH Germany" }, { 0x14, "SHARP Corporation Japan" }, { 0x15, "ATMEL France" }, { 0x16, "EM Microelectronic-Marin SA Switzerland" }, - { 0x17, "KSW Microtec GmbH Germany" }, + { 0x17, "SMARTRAC TECHNOLOGY GmbH Germany" }, { 0x18, "ZMD AG Germany" }, { 0x19, "XICOR, Inc. USA" }, { 0x1A, "Sony Corporation Japan" }, @@ -124,7 +125,7 @@ static const manufactureName_t manufactureMapping[] = { { 0x24, "Masktech Germany Gmbh Germany" }, { 0x25, "Innovision Research and Technology Plc UK" }, { 0x26, "Hitachi ULSI Systems Co., Ltd. Japan" }, - { 0x27, "Cypak AB Sweden" }, + { 0x27, "Yubico AB Sweden" }, { 0x28, "Ricoh Japan" }, { 0x29, "ASK France" }, { 0x2A, "Unicore Microsystems, LLC Russian Federation" }, @@ -140,7 +141,7 @@ static const manufactureName_t manufactureMapping[] = { { 0x34, "Mikron JSC Russia" }, { 0x35, "Fraunhofer Institute for Photonic Microsystems Germany" }, { 0x36, "IDS Microchip AG Switzerland" }, - { 0x37, "Thinfilm - Kovio USA" }, + { 0x37, "Kovio USA" }, { 0x38, "HMT Microelectronic Ltd Switzerland" }, { 0x39, "Silicon Craft Technology Thailand" }, { 0x3A, "Advanced Film Device Inc. Japan" }, @@ -149,12 +150,12 @@ static const manufactureName_t manufactureMapping[] = { { 0x3D, "HID Global USA" }, { 0x3E, "Productivity Engineering Gmbh Germany" }, { 0x3F, "Austriamicrosystems AG (reserved) Austria" }, - { 0x40, "Gemalto SA France" }, + { 0x40, "Thales DIS (previously Gemalto SA) France" }, { 0x41, "Renesas Electronics Corporation Japan" }, { 0x42, "3Alogics Inc Korea" }, { 0x43, "Top TroniQ Asia Limited Hong Kong" }, { 0x44, "Gentag Inc. USA" }, - { 0x45, "Invengo Information Technology Co.Ltd China" }, + { 0x45, "Invengo Information Technology Co. Ltd China" }, { 0x46, "Guangzhou Sysur Microelectronics, Inc China" }, { 0x47, "CEITEC S.A. Brazil" }, { 0x48, "Shanghai Quanray Electronics Co. Ltd. China" }, @@ -165,7 +166,7 @@ static const manufactureName_t manufactureMapping[] = { { 0x4D, "Balluff GmbH Germany" }, { 0x4E, "Oberthur Technologies France" }, { 0x4F, "Silterra Malaysia Sdn. Bhd. Malaysia" }, - { 0x50, "DELTA Danish Electronics, Light & Acoustics Denmark" }, + { 0x50, "Presto Engineering Denmark" }, { 0x51, "Giesecke & Devrient GmbH Germany" }, { 0x52, "Shenzhen China Vision Microelectronics Co., Ltd. China" }, { 0x53, "Shanghai Feiju Microelectronics Co. Ltd. China" }, @@ -185,18 +186,57 @@ static const manufactureName_t manufactureMapping[] = { { 0x61, "Wearlinks Technology Inc. China" }, { 0x62, "Userstar Information Systems Co., Ltd Taiwan" }, { 0x63, "Pragmatic Printing Ltd. UK" }, - { 0x64, "Associacao do Laboratorio de Sistemas Integraveis Tecnologico - LSI-TEC Brazil" }, + { 0x64, "Associação do Laboratório de Sistemas Integráveis Tecnológico - LSI-TEC Brazil" }, { 0x65, "Tendyron Corporation China" }, { 0x66, "MUTO Smart Co., Ltd. Korea" }, { 0x67, "ON Semiconductor USA" }, - { 0x68, "TUBITAK BILGEM Turkey" }, + { 0x68, "TÜBITAK BILGEM Turkey" }, // Don't use "İ", Proxspace doesn't like it { 0x69, "Huada Semiconductor Co., Ltd China" }, { 0x6A, "SEVENEY France" }, - { 0x6B, "ISSM France" }, + { 0x6B, "THALES DIS Design Services SAS (previously ISSM) France" }, { 0x6C, "Wisesec Ltd Israel" }, + { 0x6D, "LTD \"NM-Teh\" Russia" }, + { 0x70, "ifm electronic gmbh Germany" }, + { 0x71, "Sichuan Kiloway Technologies Co., Ltd. China" }, + { 0x72, "Ford Motor Company US" }, + { 0x73, "Beijing Tsingteng MicroSystem Co.,Ltd China" }, + { 0x74, "Huada EverCore Co., Ltd China" }, + { 0x75, "Smartchip Microelectronics Corporation Taiwan" }, + { 0x76, "Tongxin Microelectronics Co., Ltd. China" }, + { 0x77, "Ningbo IOT Microelectronics Co Ltd China" }, + { 0x78, "AU Optronics Taiwan" }, + { 0x79, "CUBIC USA" }, + { 0x7A, "Abbott Diabetes Care USA" }, + { 0x7B, "Shenzen Nation RFID Technology Co Ltd China" }, { 0x7C, "DB HiTek Co Ltd Korea" }, { 0x7D, "SATO Vicinity Australia" }, { 0x7E, "Holtek Taiwan" }, + // Previously, following entries were listed in the doc as 0x7f, 0x80 etc. + // Now, they are listed as 'FF 00', 'FF 01',... + { 0x7F, "Shenzhen Goodix Technology Co., Ltd. China" }, + { 0x80, "Panthronics AG Austria" }, + { 0x81, "Beijing Huada Infosec Technology Co., Ltd China" }, + { 0x82, "Shanghai Oriental Magnetic Card Engineering Co Ltd. China" }, + { 0x83, "8ApeX Inc USA" }, + { 0x84, "Abbott Ireland" }, + { 0x85, "Proqure Inc USA" }, + { 0x86, "Schreiner Group GmbH & Co. KG Germany" }, + { 0x87, "Beijing SmartChip Microelectronics Technology Company Limited China" }, + { 0x88, "Datang Microelectronics Technology Co., Ltd. China" }, + { 0x89, "Wise Security Technology (Guangzhou) Co., Ltd. China" }, + { 0x8A, "CEC Huada Electronic Design Co., Ltd. China" }, + { 0x8B, "Shanghai Techsun RFID Technology Co., Ltd. China" }, + { 0x8C, "North China Institute of Computing Technology China" }, + { 0x8D, "Shanghai Huahong Integrated Circuit Co., Ltd. China" }, + { 0x8E, "Shanghai MintSilicon Microelectronics Inc., Ltd. China" }, + { 0x8F, "Xinsheng Technology Co., Ltd. China" }, + { 0x90, "IDEX Biometrics ASA Norway" }, + { 0x91, "Novo Nordisk A/S Denmark" }, + { 0x92, "Shandong Huayi Micro-Electronics Technology Co., Ltd. China" }, + { 0x93, "Abbott Heart Failure USA" }, + { 0x94, "P&M Information Technology (Shenzhen) Co., Ltd. China" }, + { 0x95, "MARS TECHNOLOGY PTE. LTD. Singapore" }, + { 0x96, "Trovan Limited Isle of Man" }, { 0x00, "no tag-info available" } // must be the last entry }; @@ -1884,6 +1924,7 @@ static int detect_nxp_card_print(uint8_t sak, uint16_t atqa, uint64_t select_sta printTag("MIFARE DESFire EV2 2K/4K/8K/16K/32K"); printTag("MIFARE DESFire EV3 2K/4K/8K"); printTag("MIFARE DESFire Light 640B"); + printTag("MIFARE Duox"); type |= MTDESFIRE; } else { printTag("MIFARE Plus EV1 2K/4K CL2 in SL3"); @@ -2681,7 +2722,11 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } if (isST) { - PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf st info") "`"); + if (card.ats_len > 0) { + PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf st25ta info") "`"); + } else { + PrintAndLogEx(HINT, "Hint: try `" _YELLOW_("hf mfu info") "`"); + } } if (isEMV) { @@ -2716,7 +2761,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { PrintAndLogEx(HINT, "Hint: use `" _YELLOW_("hf mf c*") "` magic commands"); // if GEN4 GDM in Gen1a more, hint about it - if ((isMagic & MAGIC_FLAG_GDM_WUP_40) == MAGIC_FLAG_GDM_WUP_40) { + if (((isMagic & MAGIC_FLAG_GDM_WUP_40) == MAGIC_FLAG_GDM_WUP_40) || ((isMagic & MAGIC_FLAG_GDM_WUP_40_ZUID) == MAGIC_FLAG_GDM_WUP_40_ZUID)) { PrintAndLogEx(HINT, "Hint: use `" _YELLOW_("hf mf gdm* --gen1a") "` magic commands"); } } diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index b5d886382..e2295c697 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -43,6 +43,7 @@ #include "cliparser.h" #include "util_posix.h" // msleep #include "iso15.h" // typedef structs / enum +#include "crypto/originality.h" #define FrameSOF Iso15693FrameSOF #define Logic0 Iso15693Logic0 @@ -281,121 +282,35 @@ static const productName_t uidmapping[] = { static int CmdHF15Help(const char *Cmd); static int nxp_15693_print_signature(uint8_t *uid, uint8_t *signature) { - -#define PUBLIC_ECDA_KEYLEN 33 - const ecdsa_publickey_t nxp_15693_public_keys[] = { - {"NXP MIFARE Classic MFC1C14_x", "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {"MIFARE Classic / QL88", "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, - {"NXP ICODE DNA, ICODE SLIX2", "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {"NXP Public key", "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, - {"NXP Ultralight Ev1", "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, - {"NXP NTAG21x (2013)", "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, - {"MIKRON Public key", "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, - {"VivoKey Spark1 Public key", "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, - {"TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, - {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, - }; - /* - uint8_t nxp_15693_public_keys[][PUBLIC_ECDA_KEYLEN] = { - // ICODE SLIX2 / DNA - { - 0x04, 0x88, 0x78, 0xA2, 0xA2, 0xD3, 0xEE, 0xC3, - 0x36, 0xB4, 0xF2, 0x61, 0xA0, 0x82, 0xBD, 0x71, - 0xF9, 0xBE, 0x11, 0xC4, 0xE2, 0xE8, 0x96, 0x64, - 0x8B, 0x32, 0xEF, 0xA5, 0x9C, 0xEA, 0x6E, 0x59, 0xF0 - }, - // unknown. Needs identification - { - 0x04, 0x4F, 0x6D, 0x3F, 0x29, 0x4D, 0xEA, 0x57, - 0x37, 0xF0, 0xF4, 0x6F, 0xFE, 0xE8, 0x8A, 0x35, - 0x6E, 0xED, 0x95, 0x69, 0x5D, 0xD7, 0xE0, 0xC2, - 0x7A, 0x59, 0x1E, 0x6F, 0x6F, 0x65, 0x96, 0x2B, 0xAF - }, - // unknown. Needs identification - { - 0x04, 0xA7, 0x48, 0xB6, 0xA6, 0x32, 0xFB, 0xEE, - 0x2C, 0x08, 0x97, 0x70, 0x2B, 0x33, 0xBE, 0xA1, - 0xC0, 0x74, 0x99, 0x8E, 0x17, 0xB8, 0x4A, 0xCA, - 0x04, 0xFF, 0x26, 0x7E, 0x5D, 0x2C, 0x91, 0xF6, 0xDC - }, - // manufacturer public key - { - 0x04, 0x6F, 0x70, 0xAC, 0x55, 0x7F, 0x54, 0x61, - 0xCE, 0x50, 0x52, 0xC8, 0xE4, 0xA7, 0x83, 0x8C, - 0x11, 0xC7, 0xA2, 0x36, 0x79, 0x7E, 0x8A, 0x07, - 0x30, 0xA1, 0x01, 0x83, 0x7C, 0x00, 0x40, 0x39, 0xC2 - }, - // MIKRON public key. - { - 0x04, 0xf9, 0x71, 0xed, 0xa7, 0x42, 0xa4, 0xa8, - 0x0d, 0x32, 0xdc, 0xf6, 0xa8, 0x14, 0xa7, 0x07, - 0xcc, 0x3d, 0xc3, 0x96, 0xd3, 0x59, 0x02, 0xf7, - 0x29, 0x29, 0xfd, 0xcd, 0x69, 0x8b, 0x34, 0x68, 0xf2 - } - }; - */ - - uint8_t revuid[HF15_UID_LENGTH] = {0}; - reverse_array_copy(uid, sizeof(revuid), revuid); - - uint8_t revsign[32] = {0}; - reverse_array_copy(signature, sizeof(revsign), revsign); - - uint8_t i; int reason = 0; - bool is_valid = false; - for (i = 0; i < ARRAYLEN(nxp_15693_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_ECDA_KEYLEN]; - param_gethex_to_eol(nxp_15693_public_keys[i].value, 0, key, PUBLIC_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 8, signature, 32, false); - is_valid = (res == 0); - if (is_valid) { - reason = 1; - break; - } - + int index = -1; + index = originality_check_verify(uid, 8, signature, 32, PK_MFC); + if (index >= 0) { + reason = 1; + } else { // try with sha256 - res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 8, signature, 32, true); - is_valid = (res == 0); - if (is_valid) { + index = originality_check_verify_ex(uid, 8, signature, 32, PK_MFC, false, true); + if (index >= 0) { reason = 2; - break; - } - - // try with reversed uid / signature - res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, revuid, sizeof(revuid), revsign, sizeof(revsign), false); - is_valid = (res == 0); - if (is_valid) { - reason = 3; - break; - } - - // try with sha256 - res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, revuid, sizeof(revuid), revsign, sizeof(revsign), true); - is_valid = (res == 0); - if (is_valid) { - reason = 4; - break; + } else { + // try with reversed uid / signature + index = originality_check_verify_ex(uid, 8, signature, 32, PK_MFC, true, false); + if (index >= 0) { + reason = 3; + } else { + // try with sha256 and reversed uid / signature + index = originality_check_verify_ex(uid, 8, signature, 32, PK_MFC, true, true); + if (index >= 0) { + reason = 3; + } + } } } - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_valid == false || i == ARRAYLEN(nxp_15693_public_keys)) { - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); - return PM3_ESOFT; + int ret = originality_check_print(signature, 32, index); + if (ret != PM3_SUCCESS) { + return ret; } - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_15693_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_15693_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); switch (reason) { case 1: PrintAndLogEx(INFO, " Params used: UID and signature, plain"); @@ -416,14 +331,15 @@ static int nxp_15693_print_signature(uint8_t *uid, uint8_t *signature) { // get a product description based on the UID // uid[8] tag uid // returns description of the best match -static const char *getTagInfo_15(const uint8_t *uid) { +static void printTagInfo_15(const uint8_t *uid) { if (uid == NULL) { - return ""; + return; } uint64_t myuid, mask; int i = 0, best = -1; memcpy(&myuid, uid, sizeof(uint64_t)); + // find first best match while (uidmapping[i].mask > 0) { if (uidmapping[i].mask > 64) { mask = uidmapping[i].mask; @@ -441,10 +357,23 @@ static const char *getTagInfo_15(const uint8_t *uid) { } i++; } + if (best >= 0) { + i = 0; + while (uidmapping[i].mask > 0) { + if (uidmapping[i].mask > 64) { + mask = uidmapping[i].mask; + } else { + mask = (~0ULL) << (64 - uidmapping[i].mask); + } + if (((myuid & mask) == uidmapping[i].uid) && (uidmapping[i].mask == uidmapping[best].mask)) { + PrintAndLogEx(SUCCESS, "TYPE MATCH " _YELLOW_("%s"), uidmapping[i].desc); + } + i++; + } + } else { + PrintAndLogEx(SUCCESS, "TYPE...... " _YELLOW_("%s"), uidmapping[i].desc); + } - if (best >= 0) - return uidmapping[best].desc; - return uidmapping[i].desc; } // return a clear-text message to an errorcode @@ -531,7 +460,7 @@ static int getUID(bool verbose, bool loop, uint8_t *buf) { if (verbose) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(SUCCESS, "UID.... " _GREEN_("%s"), iso15693_sprintUID(NULL, buf)); - PrintAndLogEx(SUCCESS, "TYPE... " _YELLOW_("%s"), getTagInfo_15(buf)); + printTagInfo_15(buf); PrintAndLogEx(NORMAL, ""); } res = PM3_SUCCESS; @@ -963,6 +892,66 @@ static int NxpSysInfo(uint8_t *uid) { return PM3_SUCCESS; } +static int StCheckSig(uint8_t *uid) { + // request to be sent to device/card + uint8_t approxlen = 2 + 8 + 1 + 2; + iso15_raw_cmd_t *packet = (iso15_raw_cmd_t *)calloc(1, sizeof(iso15_raw_cmd_t) + approxlen); + if (packet == NULL) { + PrintAndLogEx(FAILED, "failed to allocate memory"); + return PM3_EMALLOC; + } + + // ISO15693 Protocol params + packet->raw[packet->rawlen++] = arg_get_raw_flag(HF15_UID_LENGTH, false, false, false); + packet->raw[packet->rawlen++] = ISO15693_READBLOCK; + // add UID (scan, uid) + memcpy(packet->raw + packet->rawlen, uid, HF15_UID_LENGTH); + packet->rawlen += HF15_UID_LENGTH; + packet->flags = (ISO15_CONNECT | ISO15_READ_RESPONSE | ISO15_NO_DISCONNECT); + uint16_t blkoff = packet->rawlen; + char signature_hex[65] = {0}; + for (int j = 0; j < 17; j++) { + packet->rawlen = blkoff; + // block no + packet->raw[packet->rawlen++] = 0x3F + j; + // crc + AddCrc15(packet->raw, packet->rawlen); + packet->rawlen += 2; + clearCommandBuffer(); + SendCommandNG(CMD_HF_ISO15693_COMMAND, (uint8_t *)packet, ISO15_RAW_LEN(packet->rawlen)); + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) { + PrintAndLogEx(DEBUG, "iso15693 timeout"); + free(packet); + DropField(); + return PM3_ETIMEOUT; + } + ISO15_ERROR_HANDLING_RESPONSE + uint8_t *d = resp.data.asBytes; + ISO15_ERROR_HANDLING_CARD_RESPONSE(d, resp.length) + if (j == 0) { + if (memcmp(d + 1, "K04S", 4) != 0) { + // No signature + free(packet); + return PM3_ESOFT; + } + } else { + memcpy(signature_hex + ((j - 1) * 4), d + 1, 4); + } + packet->flags = (ISO15_READ_RESPONSE | ISO15_NO_DISCONNECT); + } + free(packet); + DropField(); + uint8_t signature[16]; + size_t signature_len; + hexstr_to_byte_array(signature_hex, signature, &signature_len); + uint8_t uid_swap[HF15_UID_LENGTH]; + reverse_array_copy(uid, HF15_UID_LENGTH, uid_swap); + int index = originality_check_verify_ex(uid_swap, HF15_UID_LENGTH, signature, signature_len, PK_ST25TV, false, true); + PrintAndLogEx(NORMAL, ""); + return originality_check_print(signature, signature_len, index); +} + /** * Commandline handling: HF15 CMD SYSINFO * get system information from tag/VICC @@ -1071,7 +1060,7 @@ static int CmdHF15Info(const char *Cmd) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); PrintAndLogEx(SUCCESS, "UID....... " _GREEN_("%s"), iso15693_sprintUID(NULL, uid)); - PrintAndLogEx(SUCCESS, "TYPE...... " _YELLOW_("%s"), getTagInfo_15(d + 2)); + printTagInfo_15(d + 2); PrintAndLogEx(SUCCESS, "SYSINFO... %s", sprint_hex(d, resp.length - 2)); // DSFID @@ -1109,19 +1098,29 @@ static int CmdHF15Info(const char *Cmd) { uint8_t nxp_version = d[6] & 0x18; PrintAndLogEx(DEBUG, "NXP Version: %02x", nxp_version); - if (d[8] == 0x04 && d[7] == 0x01 && nxp_version == 0x08) { - PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info"); - return NxpSysInfo(uid); - - } else if (d[8] == 0x04 && d[7] == 0x01 && nxp_version == 0x18) { // If it is an NTAG 5 - PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info"); - return NxpSysInfo(uid); - - } else if (d[8] == 0x04 && (d[7] == 0x01 || d[7] == 0x02 || d[7] == 0x03)) { // If SLI, SLIX, SLIX-l, or SLIX-S check EAS status - PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status"); - return NxpTestEAS(uid); + if (d[8] == 0x04) { + // NXP + if (d[7] == 0x01 && nxp_version == 0x08) { + PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info"); + return NxpSysInfo(uid); + } else if (d[7] == 0x01 && nxp_version == 0x18) { // If it is an NTAG 5 + PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info"); + return NxpSysInfo(uid); + } else if ((d[7] == 0x01 || d[7] == 0x02 || d[7] == 0x03)) { // If SLI, SLIX, SLIX-l, or SLIX-S check EAS status + PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status"); + return NxpTestEAS(uid); + } + } else if (d[8] == 0x02) { + // ST, check d[7]: + // ST25TV512C/ST25TV02KC 0x08 + // ST25TV512/ST25TV02K 0x23 + // ST25TV04K-P 0x35 + // ST25TV16K/ST25TV64K 0x48 + if (d[7] == 0x08) { + PrintAndLogEx(DEBUG, "ST25TVxC Detected, getting ST Signature"); + return StCheckSig(uid); + } } - PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } @@ -1405,7 +1404,7 @@ static void print_tag_15693(iso15_tag_t *tag, bool dense_output, bool verbose) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " --%.*s", (tag->bytesPerPage * 3), dashes); PrintAndLogEx(SUCCESS, "UID....... " _GREEN_("%s"), iso15693_sprintUID(NULL, tag->uid)); - PrintAndLogEx(SUCCESS, "TYPE...... " _YELLOW_("%s"), getTagInfo_15(tag->uid)); + printTagInfo_15(tag->uid); PrintAndLogEx(SUCCESS, "DSFID..... 0x%02X", tag->dsfid); PrintAndLogEx(SUCCESS, "AFI....... 0x%02X", tag->afi); PrintAndLogEx(SUCCESS, "IC ref.... 0x%02X", tag->ic); @@ -1934,7 +1933,7 @@ static int CmdHF15Dump(const char *Cmd) { tag->pagesCount = d[dCpt++] + 1; tag->bytesPerPage = d[dCpt++] + 1; } else { - // Set tag memory layout values (if can't be readed in SYSINFO) + // Set tag memory layout values (if can't be read in SYSINFO) tag->bytesPerPage = blocksize; tag->pagesCount = 128; } @@ -1943,7 +1942,7 @@ static int CmdHF15Dump(const char *Cmd) { tag->ic = d[dCpt++]; } - // add lenght for blockno (1) + // add length for blockno (1) packet->rawlen++; packet->raw[0] |= ISO15_REQ_OPTION; // Add option to dump lock status packet->raw[1] = ISO15693_READBLOCK; @@ -3338,7 +3337,7 @@ static int CmdHF15View(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf 15 view", "Print a ISO-15693 tag dump file (bin/eml/json)", - "hf 15 view -f hf-iclass-AA162D30F8FF12F1-dump.bin\n" + "hf 15 view -f hf-15-1122334455667788-dump.bin\n" ); void *argtable[] = { arg_param_begin, diff --git a/client/src/cmdhfemrtd.c b/client/src/cmdhfemrtd.c index 27392240e..af480c5f0 100644 --- a/client/src/cmdhfemrtd.c +++ b/client/src/cmdhfemrtd.c @@ -39,7 +39,7 @@ // Average EF_DG2 seems to be around 20-25kB or so, but ICAO doesn't set an upper limit // Iris data seems to be suggested to be around 35kB per eye (Presumably bumping up the file size to around 70kB) // but as we cannot read that until we implement PACE, 35k seems to be a safe point. -#define EMRTD_MAX_FILE_SIZE 35000 +#define EMRTD_MAX_FILE_SIZE 70000 // ISO7816 commands #define EMRTD_P1_SELECT_BY_EF 0x02 @@ -411,13 +411,13 @@ static void emrtd_deskey(uint8_t *seed, const uint8_t *type, int length, uint8_t PrintAndLogEx(DEBUG, "seed.............. %s", sprint_hex_inrow(seed, 16)); // combine seed and type - uint8_t data[50]; + uint8_t data[50] = { 0x00 }; memcpy(data, seed, length); memcpy(data + length, type, 4); PrintAndLogEx(DEBUG, "data.............. %s", sprint_hex_inrow(data, length + 4)); // SHA1 the key - unsigned char key[64]; + unsigned char key[64] = { 0x00 }; sha1hash(data, length + 4, key); PrintAndLogEx(DEBUG, "key............... %s", sprint_hex_inrow(key, length + 4)); @@ -945,7 +945,7 @@ static bool emrtd_do_bac(char *documentnumber, char *dob, char *expiry, uint8_t char dobcd = emrtd_calculate_check_digit(dob); char expirycd = emrtd_calculate_check_digit(expiry); - char kmrz[25]; + char kmrz[25] = { 0x00 }; snprintf(kmrz, sizeof(kmrz), "%s%i%s%i%s%i", documentnumber, documentnumbercd, dob, dobcd, expiry, expirycd); PrintAndLogEx(DEBUG, "kmrz.............. " _GREEN_("%s"), kmrz); diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index bb95d9a4b..60c24fb49 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -41,6 +41,7 @@ #include "preferences.h" #include "generator.h" #include "cmdhf14b.h" +#include "cmdhw.h" #define NUM_CSNS 9 @@ -264,7 +265,7 @@ static uint8_t card_app2_limit[] = { 0xff, }; -static iclass_config_card_item_t iclass_config_options[30] = { +static iclass_config_card_item_t iclass_config_options[33] = { //Byte A8 - LED Operations {"(LED) - Led idle (Off) / Led read (Off)", {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xBF, 0x18, 0xA8, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, {"(LED) - Led idle (Red) / Led read (Off)", {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xBF, 0x18, 0xA8, 0x1F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, @@ -300,11 +301,18 @@ static iclass_config_card_item_t iclass_config_options[30] = { {"(ELITE Key) - Set ELITE Key and Enable Dual key (Elite + Standard)", {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, {"(ELITE Key) - Set ELITE Key and ENABLE Keyrolling", {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, {"(ELITE Key) - Set ELITE Key and DISABLE Standard Key", {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x05, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, - //Erroneous / incorrect reader behaviors + //Erroneous / incorrect reader behaviors (read below) + //Elite Bugger: + //Sets block 3 of card 0 presented to the reader to 0, sets block 3 of card 1 presented to the reader to the original value of card 0's block 3 + //Continues setting block 3 of presented cards to block 3 of the previous card the reader scanned + //This renders cards unreadable and hardly recoverable unless the order of the scanned cards is known. + {"(ELITE Bugger) - Renders cards unusable.", {0x0C, 0x00, 0x00, 0x01, 0x00, 0x00, 0xBF, 0x18, 0xBF, 0x02, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}, //Reset Operations {"(RESET) - Reset READER to defaults", {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {"(RESET) - Reset ENROLLER to defaults", {0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF}} + {"(RESET) - Reset ENROLLER to defaults", {0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1C, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, 0xFF}}, //Reader Master Key Operations + {"(MASTER Key) - Change Reader Master Key to Custom Key", {0x28, 0xCB, 0x91, 0x9D, 0x00, 0x00, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + {"(MASTER Key) - Restore Reader Master Key to Factory Defaults", {0x28, 0xCB, 0x91, 0x9D, 0x00, 0x00, 0x00, 0x1C, 0xE0, 0x5C, 0x91, 0xCF, 0x63, 0x34, 0x23, 0xB9}} }; static const iclass_config_card_item_t *get_config_card_item(int idx) { @@ -2920,6 +2928,199 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) { return PM3_SUCCESS; } +static int CmdHFiClass_TearBlock(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf iclass trbl", + "Tear off an iCLASS tag block", + "hf iclass trbl --blk 10 -d AAAAAAAAAAAAAAAA -k 001122334455667B --tdb 100 --tde 150\n" + "hf iclass trbl --blk 10 -d AAAAAAAAAAAAAAAA --ki 0 --tdb 100 --tde 150"); + + void *argtable[] = { + arg_param_begin, + arg_str0("k", "key", "", "Access key as 8 hex bytes"), + arg_int0(NULL, "ki", "", "Key index to select key from memory 'hf iclass managekeys'"), + arg_int1(NULL, "blk", "", "block number"), + arg_str1("d", "data", "", "data to write as 8 hex bytes"), + arg_str0("m", "mac", "", "replay mac data (4 hex bytes)"), + arg_lit0(NULL, "credit", "key is assumed to be the credit key"), + arg_lit0(NULL, "elite", "elite computations applied to key"), + arg_lit0(NULL, "raw", "no computations applied to key"), + arg_lit0(NULL, "nr", "replay of NR/MAC"), + arg_lit0("v", "verbose", "verbose output"), + arg_lit0(NULL, "shallow", "use shallow (ASK) reader modulation instead of OOK"), + arg_int1(NULL, "tdb", "", "tearoff delay start in ms"), + arg_int1(NULL, "tde", "", "tearoff delay end in ms"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + int key_len = 0; + uint8_t key[8] = {0}; + + CLIGetHexWithReturn(ctx, 1, key, &key_len); + + int key_nr = arg_get_int_def(ctx, 2, -1); + + if (key_len > 0 && key_nr >= 0) { + PrintAndLogEx(ERR, "Please specify key or index, not both"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + + bool auth = false; + + if (key_len > 0) { + auth = true; + if (key_len != 8) { + PrintAndLogEx(ERR, "Key is incorrect length"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + } else if (key_nr >= 0) { + if (key_nr < ICLASS_KEYS_MAX) { + auth = true; + memcpy(key, iClass_Key_Table[key_nr], 8); + PrintAndLogEx(SUCCESS, "Using key[%d] " _GREEN_("%s"), key_nr, sprint_hex(iClass_Key_Table[key_nr], 8)); + } else { + PrintAndLogEx(ERR, "Key number is invalid"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + } + + int blockno = arg_get_int_def(ctx, 3, 0); + + int data_len = 0; + uint8_t data[8] = {0}; + CLIGetHexWithReturn(ctx, 4, data, &data_len); + + if (data_len != 8) { + PrintAndLogEx(ERR, "Data must be 8 hex bytes (16 hex symbols)"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + + int mac_len = 0; + uint8_t mac[4] = {0}; + CLIGetHexWithReturn(ctx, 5, mac, &mac_len); + + if (mac_len) { + if (mac_len != 4) { + PrintAndLogEx(ERR, "MAC must be 4 hex bytes (8 hex symbols)"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + } + + int tearoff_start = arg_get_int_def(ctx, 12, 100); + int tearoff_end = arg_get_int_def(ctx, 13, 200); + + if (tearoff_end <= tearoff_start) { + PrintAndLogEx(ERR, "Tearoff end delay must be bigger than the start delay."); + return PM3_EINVARG; + } + + if (tearoff_start < 0 || tearoff_end <= 0) { + PrintAndLogEx(ERR, "Tearoff start/end delays should be bigger than 0."); + return PM3_EINVARG; + } + + bool use_credit_key = arg_get_lit(ctx, 6); + bool elite = arg_get_lit(ctx, 7); + bool rawkey = arg_get_lit(ctx, 8); + bool use_replay = arg_get_lit(ctx, 9); + bool verbose = arg_get_lit(ctx, 10); + bool shallow_mod = arg_get_lit(ctx, 11); + + CLIParserFree(ctx); + + if ((use_replay + rawkey + elite) > 1) { + PrintAndLogEx(ERR, "Can not use a combo of 'elite', 'raw', 'nr'"); + return PM3_EINVARG; + } + int isok = 0; + tearoff_params_t params; + bool read_ok = false; + while (tearoff_start < tearoff_end && !read_ok) { + //perform read here, repeat if failed or 00s + + uint8_t data_read_orig[8] = {0}; + bool first_read = false; + bool reread = false; + while (!first_read) { + int res_orig = iclass_read_block_ex(key, blockno, 0x88, elite, rawkey, use_replay, verbose, auth, shallow_mod, data_read_orig, false); + if (res_orig == PM3_SUCCESS && !reread) { + if (memcmp(data_read_orig, zeros, 8) == 0) { + reread = true; + } else { + first_read = true; + reread = false; + } + } else if (res_orig == PM3_SUCCESS && reread) { + first_read = true; + reread = false; + } + } + + params.on = true; + params.delay_us = tearoff_start; + handle_tearoff(¶ms, false); + PrintAndLogEx(INFO, "Tear off delay: "_YELLOW_("%d")" ms", tearoff_start); + isok = iclass_write_block(blockno, data, mac, key, use_credit_key, elite, rawkey, use_replay, verbose, auth, shallow_mod); + switch (isok) { + case PM3_SUCCESS: + PrintAndLogEx(SUCCESS, "Wrote block " _YELLOW_("%d") " / " _YELLOW_("0x%02X") " ( " _GREEN_("ok") " )", blockno, blockno); + break; + case PM3_ETEAROFF: + break; + default: + PrintAndLogEx(FAILED, "Writing failed"); + break; + } + //read the data back + uint8_t data_read[8] = {0}; + first_read = false; + reread = false; + bool decrease = false; + while (!first_read) { + int res = iclass_read_block_ex(key, blockno, 0x88, elite, rawkey, use_replay, verbose, auth, shallow_mod, data_read, false); + if (res == PM3_SUCCESS && !reread) { + if (memcmp(data_read, zeros, 8) == 0) { + reread = true; + } else { + first_read = true; + reread = false; + } + } else if (res == PM3_SUCCESS && reread) { + first_read = true; + reread = false; + } else if (res != PM3_SUCCESS) { + decrease = true; + } + } + if (decrease && tearoff_start > 0) { //if there was an error reading repeat the tearoff with the same delay + tearoff_start--; + } + bool tear_success = true; + for (int i = 0; i < PICOPASS_BLOCK_SIZE; i++) { + if (data[i] != data_read[i]) { + tear_success = false; + } + } + if (tear_success) { //tearoff succeeded + read_ok = true; + PrintAndLogEx(SUCCESS, _GREEN_("Tear-off Success!")); + PrintAndLogEx(INFO, "Read: %s", sprint_hex(data_read, sizeof(data_read))); + } else { //tearoff did not succeed + PrintAndLogEx(FAILED, _RED_("Tear-off Failed!")); + tearoff_start++; + } + PrintAndLogEx(INFO, "---------------"); + } + PrintAndLogEx(NORMAL, ""); + return isok; +} + static int CmdHFiClass_loclass(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf iclass loclass", @@ -4145,6 +4346,7 @@ static int CmdHFiClassLegRecLookUp(const char *Cmd) { } if (check_values) { PrintAndLogEx(SUCCESS, _GREEN_("CONFIRMED VALID RAW key ") _RED_("%s"), sprint_hex(div_key, 8)); + PrintAndLogEx(INFO, "You can now run -> "_YELLOW_("hf iclass unhash -k %s")" <-to find the pre-images.", sprint_hex(div_key, 8)); verified = true; } else { PrintAndLogEx(INFO, _YELLOW_("Raw Key Invalid")); @@ -4162,6 +4364,107 @@ static int CmdHFiClassLegRecLookUp(const char *Cmd) { return PM3_SUCCESS; } +static void generate_single_key_block_inverted_opt(const uint8_t *startingKey, uint32_t index, uint8_t *keyBlock) { + + uint8_t bits_index = index / 16383; + uint8_t ending_bits[] = { //all possible 70 combinations of 4x0 and 4x1 as key ending bits + 0x0F, 0x17, 0x1B, 0x1D, 0x1E, 0x27, 0x2B, 0x2D, 0x2E, 0x33, + 0x35, 0x36, 0x39, 0x3A, 0x3C, 0x47, 0x4B, 0x4D, 0x4E, 0x53, + 0x55, 0x56, 0x59, 0x5A, 0x5C, 0x63, 0x65, 0x66, 0x69, 0x6A, + 0x6C, 0x71, 0x72, 0x74, 0x78, 0x87, 0x8B, 0x8D, 0x8E, 0x93, + 0x95, 0x96, 0x99, 0x9A, 0x9C, 0xA3, 0xA5, 0xA6, 0xA9, 0xAA, + 0xAC, 0xB1, 0xB2, 0xB4, 0xB8, 0xC3, 0xC5, 0xC6, 0xC9, 0xCA, + 0xCC, 0xD1, 0xD2, 0xD4, 0xD8, 0xE1, 0xE2, 0xE4, 0xE8, 0xF0 + }; + + uint8_t binary_endings[8]; // Array to store binary values for each ending bit + // Extract each bit from the ending_bits[k] and store it in binary_endings + uint8_t ending = ending_bits[bits_index]; + for (int i = 7; i >= 0; i--) { + binary_endings[i] = ending & 1; + ending >>= 1; + } + + uint8_t binary_mids[8]; // Array to store the 2-bit chunks of index + // Iterate over the 16-bit integer and store 2 bits at a time in the result array + for (int i = 0; i < 8; i++) { + // Shift and mask to get 2 bits and store them as an 8-bit value + binary_mids[7 - i] = (index >> (i * 2)) & 0x03; // 0x03 is a mask for 2 bits (binary 11) + } + + memcpy(keyBlock, startingKey, PICOPASS_BLOCK_SIZE); + + // Start from the second byte, index 1 as we're never gonna touch the first byte + for (int i = 1; i < PICOPASS_BLOCK_SIZE; i++) { + // Clear the last bit of the current byte (AND with 0xFE) + keyBlock[i] &= 0xF8; + // Set the last bit to the corresponding value from binary_endings (OR with binary_endings[i]) + keyBlock[i] |= ((binary_mids[i] & 0x03) << 1) | (binary_endings[i] & 0x01); + } + +} + +static int CmdHFiClassLegacyRecSim(void) { + + PrintAndLogEx(INFO, _YELLOW_("This simulation assumes the card is standard keyed.")); + + uint8_t key[PICOPASS_BLOCK_SIZE] = {0}; + uint8_t original_key[PICOPASS_BLOCK_SIZE]; + + uint8_t csn[8] = {0}; + uint8_t new_div_key[8] = {0}; + uint8_t CCNR[12] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + + if (select_only(csn, CCNR, true, false) == false) { + DropField(); + return PM3_ESOFT; + } + HFiClassCalcDivKey(csn, iClass_Key_Table[0], new_div_key, false); + memcpy(key, new_div_key, PICOPASS_BLOCK_SIZE); + memcpy(original_key, key, PICOPASS_BLOCK_SIZE); + + uint8_t zero_key[PICOPASS_BLOCK_SIZE] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + uint8_t zero_key_two[PICOPASS_BLOCK_SIZE] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + int bits_found = -1; + uint32_t index = 0; +#define MAX_UPDATES 16777216 + while (bits_found == -1 && index < MAX_UPDATES) { + uint8_t genkeyblock[PICOPASS_BLOCK_SIZE]; + uint8_t xorkeyblock[PICOPASS_BLOCK_SIZE] = {0}; + + generate_single_key_block_inverted_opt(zero_key, index, genkeyblock); + memcpy(xorkeyblock, genkeyblock, PICOPASS_BLOCK_SIZE); + + for (int i = 0; i < 8 ; i++) { + key[i] = xorkeyblock[i] ^ original_key[i]; + memcpy(zero_key_two, xorkeyblock, PICOPASS_BLOCK_SIZE); + } + + // Extract the last 3 bits of the first byte + uint8_t last_three_bits = key[0] & 0x07; // 0x07 is 00000111 in binary - bitmask + bool same_bits = true; + // Check if the last 3 bits of all bytes are the same + for (int i = 1; i < PICOPASS_BLOCK_SIZE; i++) { + if ((key[i] & 0x07) != last_three_bits) { + same_bits = false; + } + } + if (same_bits) { + bits_found = index; + PrintAndLogEx(SUCCESS, "Original Key: " _GREEN_("%s"), sprint_hex(original_key, sizeof(original_key))); + PrintAndLogEx(SUCCESS, "Weak Key: " _GREEN_("%s"), sprint_hex(key, sizeof(key))); + PrintAndLogEx(SUCCESS, "Key Updates Required to Weak Key: " _GREEN_("%d"), index); + PrintAndLogEx(SUCCESS, "Estimated Time: ~" _GREEN_("%d")" hours", index / 6545); + } + + index++; + }//end while + + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; + +} + static int CmdHFiClassLegacyRecover(const char *Cmd) { CLIParserContext *ctx; @@ -4179,6 +4482,7 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) { arg_lit0(NULL, "debug", "Re-enables tracing for debugging. Limits cycles to 1."), arg_lit0(NULL, "notest", "Perform real writes on the card!"), arg_lit0(NULL, "allnight", "Loops the loop for 10 times, recommended loop value of 5000."), + arg_lit0(NULL, "est", "Estimates the key updates based on the card's CSN assuming standard key."), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -4193,6 +4497,12 @@ static int CmdHFiClassLegacyRecover(const char *Cmd) { bool test = true; bool no_test = arg_get_lit(ctx, 5); bool allnight = arg_get_lit(ctx, 6); + bool sim = arg_get_lit(ctx, 7); + + if (sim) { + CmdHFiClassLegacyRecSim(); + return PM3_SUCCESS; + } if (no_test) { test = false; @@ -5124,79 +5434,14 @@ static int CmdHFiClassSAM(const char *Cmd) { // CSN, config, epurse, NR/MAC, AIA // PACS + // 03 05 + // 06 85 80 6d c0 // first byte skip // second byte length // third padded // fourth .. uint8_t *d = resp.data.asBytes; - uint8_t n = d[1] - 1; // skip length byte - uint8_t pad = d[2]; - char *binstr = (char *)calloc((n * 8) + 1, sizeof(uint8_t)); - if (binstr == NULL) { - return PM3_EMALLOC; - } - - bytes_2_binstr(binstr, d + 3, n); - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(d + 2, resp.length - 2)); - PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); - - binstr[strlen(binstr) - pad] = '\0'; - PrintAndLogEx(SUCCESS, "bin.......... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); - - size_t hexlen = 0; - uint8_t hex[16] = {0}; - binstr_2_bytes(hex, &hexlen, binstr); - PrintAndLogEx(SUCCESS, "hex.......... " _GREEN_("%s"), sprint_hex_inrow(hex, hexlen)); - - uint32_t top = 0, mid = 0, bot = 0; - if (binstring_to_u96(&top, &mid, &bot, binstr) != strlen(binstr)) { - PrintAndLogEx(ERR, "Binary string contains none <0|1> chars"); - free(binstr); - return PM3_EINVARG; - } - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "Wiegand decode"); - wiegand_message_t packed = initialize_message_object(top, mid, bot, strlen(binstr)); - HIDTryUnpack(&packed); - - PrintAndLogEx(NORMAL, ""); - - if (strlen(binstr) >= 26 && verbose) { - - // iCLASS Legacy - PrintAndLogEx(INFO, "Clone to " _YELLOW_("iCLASS Legacy")); - PrintAndLogEx(SUCCESS, " hf iclass encode --ki 0 --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - - // HID Prox II - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("HID Prox II")); - PrintAndLogEx(SUCCESS, " lf hid clone -w H10301 --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - - // MIFARE Classic - char mfcbin[28] = {0}; - mfcbin[0] = '1'; - memcpy(mfcbin + 1, binstr, strlen(binstr)); - binstr_2_bytes(hex, &hexlen, mfcbin); - - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic") " (Pm3 simulation)"); - PrintAndLogEx(SUCCESS, " hf mf eclr;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 0 -d 049DBA42A23E80884400C82000000000;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 1 -d 1B014D48000000000000000000000000;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 3 -d A0A1A2A3A4A5787788C189ECA97F8C2A;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 5 -d 020000000000000000000000%s;", sprint_hex_inrow(hex, hexlen)); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 7 -d 484944204953787788AA204752454154;"); - PrintAndLogEx(SUCCESS, " hf mf sim --1k -i;"); - PrintAndLogEx(NORMAL, ""); - - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic 1K")); - PrintAndLogEx(SUCCESS, " hf mf encodehid --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - } - free(binstr); + HIDDumpPACSBits(d + 2, d[1], verbose); return PM3_SUCCESS; } @@ -5216,6 +5461,7 @@ static command_t CommandTable[] = { {"view", CmdHFiClassView, AlwaysAvailable, "Display content from tag dump file"}, {"wrbl", CmdHFiClass_WriteBlock, IfPm3Iclass, "Write Picopass / iCLASS block"}, {"creditepurse", CmdHFiClassCreditEpurse, IfPm3Iclass, "Credit epurse value"}, + {"trbl", CmdHFiClass_TearBlock, IfPm3Iclass, "Performs tearoff attack on iClass block"}, {"-----------", CmdHelp, AlwaysAvailable, "--------------------- " _CYAN_("Recovery") " --------------------"}, // {"autopwn", CmdHFiClassAutopwn, IfPm3Iclass, "Automatic key recovery tool for iCLASS"}, {"chk", CmdHFiClassCheckKeys, IfPm3Iclass, "Check keys"}, diff --git a/client/src/cmdhflist.c b/client/src/cmdhflist.c index f9016a29a..911b12b8d 100644 --- a/client/src/cmdhflist.c +++ b/client/src/cmdhflist.c @@ -2373,3 +2373,167 @@ uint64_t GetCrypto1ProbableKey(AuthData_t *ad) { crypto1_destroy(revstate); return key; } + +// FMCOS 2.0 +void annotateFMCOS20(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize) { + + if (cmdsize < 2) + return; + + int pos = 0; + switch (cmd[0]) { + case 2: + case 3: + pos = 2; + break; + case 0: + pos = 1; + break; + default: + pos = 3; + break; + } + switch (cmd[pos]) { + case FMCOS20_CMD_EXTERNAL_AUTHENTICATION: + snprintf(exp, size, "EXT. AUTH"); + break; + case FMCOS20_CMD_GET_CHALLENGE: + snprintf(exp, size, "GET CHALLENGE"); + break; + case FMCOS20_CMD_INTERNAL_AUTHENTICATION: + snprintf(exp, size, "INT. AUTH"); + break; + case FMCOS20_CMD_SELECT: + snprintf(exp, size, "SELECT"); + break; + case FMCOS20_CMD_VERIFY_PIN: + snprintf(exp, size, "VERIFY PIN"); + break; + case FMCOS20_CMD_READ_BINARY: + snprintf(exp, size, "READ BINARY"); + break; + case FMCOS20_CMD_READ_RECORD: + snprintf(exp, size, "READ RECORD"); + break; + case FMCOS20_CMD_UPDATE_BINARY: + snprintf(exp, size, "UPDATE BINARY"); + break; + case FMCOS20_CMD_UPDATE_RECORD: + snprintf(exp, size, "UPDATE RECORD"); + break; + case FMCOS20_CMD_APPEND_RECORD: + snprintf(exp, size, "APPEND RECORD"); + break; + case FMCOS20_CMD_ERASE_DF: + snprintf(exp, size, "ERASE DF"); + break; + case FMCOS20_CMD_WRITE_KEY: + snprintf(exp, size, "WRITE KEY"); + break; + case FMCOS20_CMD_CREATE_FILE: + snprintf(exp, size, "CREATE FILE"); + break; + case FMCOS20_CMD_CARD_BLOCK: + snprintf(exp, size, "CARD BLOCK"); + break; + case FMCOS20_CMD_APP_UNBLOCK: + snprintf(exp, size, "APP UNBLOCK"); + break; + case FMCOS20_CMD_APP_BLOCK: + if (cmd[pos + 1] == 0) + snprintf(exp, size, "APP BLOCK (TEMP)"); + else if (cmd[pos + 1] == 1) + snprintf(exp, size, "APP BLOCK (PERM)"); + else + snprintf(exp, size, "APP BLOCK"); + break; + case FMCOS20_CMD_PIN_UNBLOCK: + snprintf(exp, size, "PIN UNBLOCK"); + break; + case FMCOS20_CMD_CHANGE_PIN: + if (cmd[pos + 1] == 0) + snprintf(exp, size, "RESET PIN"); + else if (cmd[pos + 1] == 1) + snprintf(exp, size, "CHANGE PIN"); + break; + case FMCOS20_CMD_INITIALIZE_TRANSACTION: + if (cmd[pos + 1] == 0) + snprintf(exp, size, "INIT. TRANSACTION (CREDIT)"); + else if (cmd[pos + 1] == 1) + snprintf(exp, size, "INIT. TRANSACTION (PURCHASE)"); + else if (cmd[pos + 1] == 2) + snprintf(exp, size, "INIT. TRANSACTION (CASH WITHDRAW)"); + else if (cmd[pos + 1] == 3) + snprintf(exp, size, "INIT. TRANSACTION (CAPP PURCHASE)"); + else if (cmd[pos + 1] == 4) + snprintf(exp, size, "INIT. TRANSACTION (OVERDRAFT)"); + else if (cmd[pos + 1] == 5) + snprintf(exp, size, "INIT. TRANSACTION (WITHDRAW)"); + break; + case FMCOS20_CMD_CREDIT_LOAD: + snprintf(exp, size, "CREDIT LOAD"); + break; + case FMCOS20_CMD_PURCHASE: + if (cmd[pos + 1] == 0) + snprintf(exp, size, "PURCHASE"); + else if (cmd[pos + 1] == 1) + snprintf(exp, size, "CAPP PURCHASE / CASH WITHDRAW"); + else if (cmd[pos + 1] == 3) + snprintf(exp, size, "WITHDRAW"); + break; + case FMCOS20_CMD_UPDATE_OVERDRAW_LIMIT: + snprintf(exp, size, "UPDATE OVERDRAFT"); + break; + case FMCOS20_CMD_GET_TRANSACTION_PROOF: + snprintf(exp, size, "TRANSACTION RECORD"); + break; + case FMCOS20_CMD_GET_BALANCE: + snprintf(exp, size, "GET BALANCE"); + break; + case FMCOS20_CMD_INITIALIZE_GREY_LOCK_UNLOCK: + if (cmd[pos + 1] == 8) + snprintf(exp, size, "INIT. GRAY LOCK"); + else if (cmd[pos + 1] == 9) + snprintf(exp, size, "INIT. GRAY UNLOCK"); + break; + case FMCOS20_CMD_GREY_LOCK_UNLOCK: + if (cmd[pos + 1] == 8) + snprintf(exp, size, "GRAY LOCK"); + else if (cmd[pos + 1] == 9) + snprintf(exp, size, "GRAY UNLOCK"); + break; + case FMCOS20_CMD_DEBIT_UNLOCK: + snprintf(exp, size, "DEBIT UNLOCK"); + break; + case FMCOS20_CMD_CALCULATE_ROM_CRC: + snprintf(exp, size, "CALC. ROM CRC"); + break; + case FMCOS20_CMD_GET_RESPONSE: + snprintf(exp, size, "GET RESPONSE"); + break; + case FMCOS20_CMD_UNBLOCK: + snprintf(exp, size, "UNBLOCK"); + break; + case FMCOS20_CMD_PULL: + snprintf(exp, size, "PULL"); + break; + case FMCOS20_CMD_CHARGE: + snprintf(exp, size, "CHARGE"); + break; + case FMCOS20_CMD_WRITE_EEPROM: + snprintf(exp, size, "WRITE EEPROM"); + break; + case FMCOS20_CMD_READ_EEPROM: + snprintf(exp, size, "READ EEPROM"); + break; + case FMCOS20_CMD_INITIALIZE_EEPROM: + snprintf(exp, size, "INIT. EEPROM"); + break; + case FMCOS20_CMD_READ_ROM: + snprintf(exp, size, "READ ROM"); + break; + default: + //snprintf(exp, size, "?"); + break; + } +} diff --git a/client/src/cmdhflist.h b/client/src/cmdhflist.h index cbe18e92c..92f54e4af 100644 --- a/client/src/cmdhflist.h +++ b/client/src/cmdhflist.h @@ -76,4 +76,6 @@ bool NestedCheckKey(uint64_t key, AuthData_t *ad, uint8_t *cmd, uint8_t cmdsize, bool CheckCrypto1Parity(const uint8_t *cmd_enc, uint8_t cmdsize, uint8_t *cmd, const uint8_t *parity_enc); uint64_t GetCrypto1ProbableKey(AuthData_t *ad); +void annotateFMCOS20(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize); + #endif // CMDHFLIST diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index f80005c63..981b2646f 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -46,6 +46,7 @@ #include "generator.h" // keygens. #include "fpga.h" #include "mifare/mifarehost.h" +#include "crypto/originality.h" static int CmdHelp(const char *Cmd); @@ -68,52 +69,9 @@ static int usage_hf14_keybrute(void) { */ int mfc_ev1_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature_len) { - - // ref: MIFARE Classic EV1 Originality Signature Validation -#define PUBLIC_MFCEV1_ECDA_KEYLEN 33 - const ecdsa_publickey_t nxp_mfc_public_keys[] = { - {"NXP MIFARE Classic MFC1C14_x", "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {"MIFARE Classic / QL88", "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, - {"NXP ICODE DNA, ICODE SLIX2", "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {"NXP Public key", "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, - {"NXP Ultralight Ev1", "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, - {"NXP NTAG21x (2013)", "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, - {"MIKRON Public key", "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, - {"VivoKey Spark1 Public key", "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, - {"TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, - {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, - }; - - uint8_t i; - bool is_valid = false; - - for (i = 0; i < ARRAYLEN(nxp_mfc_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_MFCEV1_ECDA_KEYLEN]; - param_gethex_to_eol(nxp_mfc_public_keys[i].value, 0, key, PUBLIC_MFCEV1_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, uidlen, signature, signature_len, false); - is_valid = (res == 0); - if (is_valid) - break; - } - - PrintAndLogEx(INFO, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_valid == false || i == ARRAYLEN(nxp_mfc_public_keys)) { - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); - return PM3_ESOFT; - } - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_mfc_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_mfc_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); - return PM3_SUCCESS; + int index = originality_check_verify(uid, uidlen, signature, signature_len, PK_MFC); + PrintAndLogEx(NORMAL, ""); + return originality_check_print(signature, signature_len, index); } static int mf_read_uid(uint8_t *uid, int *uidlen, int *nxptype) { @@ -1159,7 +1117,7 @@ static int CmdHF14AMfRdSc(const char *Cmd) { } if (s >= MIFARE_4K_MAXSECTOR) { - PrintAndLogEx(WARNING, "Sector number must be less then 40"); + PrintAndLogEx(WARNING, "Sector number must be less than 40"); return PM3_EINVARG; } @@ -2481,7 +2439,10 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { CLIParserInit(&ctx, "hf mf autopwn", "This command automates the key recovery process on MIFARE Classic cards.\n" "It uses the fchk, chk, darkside, nested, hardnested and staticnested to recover keys.\n" - "If all keys are found, it try dumping card content both to file and emulator memory.", + "If all keys are found, it try dumping card content both to file and emulator memory.\n" + "\n" + "default file name template is `hf-mf--.`\n" + "using suffix the template becomes `hf-mf---.` \n", "hf mf autopwn\n" "hf mf autopwn -s 0 -a -k FFFFFFFFFFFF --> target MFC 1K card, Sector 0 with known key A 'FFFFFFFFFFFF'\n" "hf mf autopwn --1k -f mfc_default_keys --> target MFC 1K card, default dictionary\n" @@ -2491,14 +2452,15 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { void *argtable[] = { arg_param_begin, - arg_strx0("k", "key", "", "Known key, 12 hex bytes"), - arg_int0("s", "sector", "", "Input sector number"), - arg_lit0("a", NULL, "Input key A (def)"), - arg_lit0("b", NULL, "Input key B"), - arg_str0("f", "file", "", "filename of dictionary"), - arg_lit0(NULL, "slow", "Slower acquisition (required by some non standard cards)"), - arg_lit0("l", "legacy", "legacy mode (use the slow `hf mf chk`)"), - arg_lit0("v", "verbose", "verbose output"), + arg_strx0("k", "key", "", "Known key, 12 hex bytes"), + arg_int0("s", "sector", "", "Input sector number"), + arg_lit0("a", NULL, "Input key A (def)"), + arg_lit0("b", NULL, "Input key B"), + arg_str0("f", "file", "", "filename of dictionary"), + arg_str0(NULL, "suffix", "", "Add this suffix to generated files"), + arg_lit0(NULL, "slow", "Slower acquisition (required by some non standard cards)"), + arg_lit0("l", "legacy", "legacy mode (use the slow `hf mf chk`)"), + arg_lit0("v", "verbose", "verbose output"), arg_lit0(NULL, "ns", "No save to file"), @@ -2543,29 +2505,34 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { char filename[FILE_PATH_SIZE] = {0}; CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); - bool slow = arg_get_lit(ctx, 6); - bool legacy_mfchk = arg_get_lit(ctx, 7); - bool verbose = arg_get_lit(ctx, 8); + int outfnlen = 0; + char outfilename[127] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)outfilename, 127, &outfnlen); - bool no_save = arg_get_lit(ctx, 9); - bool m0 = arg_get_lit(ctx, 10); - bool m1 = arg_get_lit(ctx, 11); - bool m2 = arg_get_lit(ctx, 12); - bool m4 = arg_get_lit(ctx, 13); + bool slow = arg_get_lit(ctx, 7); + bool legacy_mfchk = arg_get_lit(ctx, 8); + bool verbose = arg_get_lit(ctx, 9); - bool in = arg_get_lit(ctx, 14); + bool no_save = arg_get_lit(ctx, 10); + + bool m0 = arg_get_lit(ctx, 11); + bool m1 = arg_get_lit(ctx, 12); + bool m2 = arg_get_lit(ctx, 13); + bool m4 = arg_get_lit(ctx, 14); + + bool in = arg_get_lit(ctx, 15); #if defined(COMPILER_HAS_SIMD_X86) - bool im = arg_get_lit(ctx, 15); - bool is = arg_get_lit(ctx, 16); - bool ia = arg_get_lit(ctx, 17); - bool i2 = arg_get_lit(ctx, 18); + bool im = arg_get_lit(ctx, 16); + bool is = arg_get_lit(ctx, 17); + bool ia = arg_get_lit(ctx, 18); + bool i2 = arg_get_lit(ctx, 19); #endif #if defined(COMPILER_HAS_SIMD_AVX512) - bool i5 = arg_get_lit(ctx, 19); + bool i5 = arg_get_lit(ctx, 20); #endif #if defined(COMPILER_HAS_SIMD_NEON) - bool ie = arg_get_lit(ctx, 15); + bool ie = arg_get_lit(ctx, 16); #endif CLIParserFree(ctx); @@ -2733,7 +2700,13 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { } // read uid to generate a filename for the key file - char *fptr = GenerateFilename("hf-mf-", "-key.bin"); + char suffix[FILE_PATH_SIZE]; + if (outfnlen) { + snprintf(suffix, sizeof(suffix) - strlen(outfilename), "-key-%s.bin", outfilename); + } else { + snprintf(suffix, sizeof(suffix), "-key.bin"); + } + char *fptr = GenerateFilename("hf-mf-", suffix); // check if tag doesn't have static nonce int has_staticnonce = detect_classic_static_nonce(); @@ -3261,7 +3234,13 @@ all_found: } free(fptr); - fptr = GenerateFilename("hf-mf-", "-dump"); + + if (outfnlen) { + snprintf(suffix, sizeof(suffix), "-dump-%s", outfilename); + } else { + snprintf(suffix, sizeof(suffix), "-dump"); + } + fptr = GenerateFilename("hf-mf-", suffix); if (fptr == NULL) { free(dump); free(e_sector); @@ -4513,7 +4492,7 @@ static int CmdHF14AMfEGetSc(const char *Cmd) { CLIParserFree(ctx); if (s >= MIFARE_4K_MAXSECTOR) { - PrintAndLogEx(WARNING, "Sector number must be less then 40"); + PrintAndLogEx(WARNING, "Sector number must be less than 40"); return PM3_EINVARG; } @@ -5577,7 +5556,7 @@ static int CmdHF14AMfCGetSc(const char *Cmd) { CLIParserFree(ctx); if (s >= MIFARE_4K_MAXSECTOR) { - PrintAndLogEx(WARNING, "Sector number must be less then 40"); + PrintAndLogEx(WARNING, "Sector number must be less than 40"); return PM3_EINVARG; } @@ -7202,7 +7181,8 @@ static int CmdHf14AGen3Block(const char *Cmd) { " - You can specify part of manufacturer block as\n" " 4/7-bytes for UID change only\n" "\n" - "NOTE: BCC, SAK, ATQA will be calculated automatically" + "NOTE: BCC and ATQA will be calculated automatically\n" + "SAK will be automatically set to default values if not specified" , "hf mf gen3blk --> print current data\n" "hf mf gen3blk -d 01020304 --> set 4 byte uid\n" @@ -7962,11 +7942,11 @@ static int parse_gtu_cfg(uint8_t *d, size_t n) { uint8_t atslen = d[7]; if (atslen == 0) { - PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _YELLOW_("zero")); + PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _YELLOW_("zero")); } else if (atslen <= 16) { - PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _GREEN_("ok")); + PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _GREEN_("ok")); } else { - PrintAndLogEx(INFO, ".............. ATS length %u bytes ( %s )", atslen, _RED_("fail")); + PrintAndLogEx(INFO, "..............%02X ATS length %u bytes ( %s )", d[7], atslen, _RED_("fail")); atslen = 0; } @@ -7975,7 +7955,7 @@ static int parse_gtu_cfg(uint8_t *d, size_t n) { // ATS seems to have 16 bytes reserved PrintAndLogEx(INFO, _CYAN_("Config 2 - ATS")); PrintAndLogEx(INFO, "%s", sprint_hex_inrow(d + 8, 16)); - if (atslen <= 16) { + if ((atslen > 0) && (atslen <= 16)) { PrintAndLogEx(INFO, "%s.............. ATS ( %d bytes )", sprint_hex_inrow(&d[8], d[7]), d[7]); PrintAndLogEx(INFO, "..................%s Reserved for ATS", sprint_hex_inrow(d + 8 + d[7], 16 - d[7])); } else { @@ -8064,21 +8044,32 @@ static int CmdHF14AGen4Info(const char *cmd) { size_t resplen = 0; int res = 0; - if (dlen != 32) { - res = mfG4GetConfig(pwd, resp, &resplen, verbose); - if (res != PM3_SUCCESS || resplen == 0) { - if (res == PM3_ETIMEOUT) - PrintAndLogEx(ERR, "No card in the field or card command timeout."); - else - PrintAndLogEx(ERR, "Error get config. Maybe not a Gen4 card?. error=%d rlen=%zu", res, resplen); + if (dlen == 0) { + if (IfPm3Iso14443a()) { + res = mfG4GetConfig(pwd, resp, &resplen, verbose); + if (res != PM3_SUCCESS || resplen == 0) { + if (res == PM3_ETIMEOUT) + PrintAndLogEx(ERR, "No card in the field or card command timeout."); + else + PrintAndLogEx(ERR, "Error get config. Maybe not a Gen4 card?. error=%d rlen=%zu", res, resplen); + return PM3_ESOFT; + } + } else { + PrintAndLogEx(ERR, "Offline mode, please provide data"); return PM3_ESOFT; } + } else if (dlen != 32) { + PrintAndLogEx(FAILED, "Data must be 32 bytes length, got " _YELLOW_("%u"), dlen); + return PM3_EINVARG; } else { memcpy(resp, data, dlen); resplen = 32; } parse_gtu_cfg(resp, resplen); + if (! IfPm3Iso14443a()) { + return PM3_SUCCESS; + } uint8_t uid_len = resp[1]; @@ -9883,6 +9874,7 @@ static int CmdHF14AMfISEN(const char *Cmd) { arg_rem("FM11RF08S specific options:", "Incompatible with above options, except -k; output in JSON"), arg_lit0(NULL, "collect_fm11rf08s", "collect all nT/{nT}/par_err."), arg_lit0(NULL, "collect_fm11rf08s_with_data", "collect all nT/{nT}/par_err and data blocks."), + arg_lit0(NULL, "collect_fm11rf08s_without_backdoor", "collect all nT/{nT}/par_err without backdoor. Requires first auth keytype and block"), arg_str0("f", "file", "", "Specify a filename for collected data"), arg_param_end }; @@ -9954,9 +9946,18 @@ static int CmdHF14AMfISEN(const char *Cmd) { if (collect_fm11rf08s_with_data) { collect_fm11rf08s = 1; } + bool collect_fm11rf08s_without_backdoor = arg_get_lit(ctx, 23); + if (collect_fm11rf08s_without_backdoor) { + collect_fm11rf08s = 1; + } + if (collect_fm11rf08s_with_data && collect_fm11rf08s_without_backdoor) { + CLIParserFree(ctx); + PrintAndLogEx(WARNING, "Don't mix with_data and without_backdoor options"); + return PM3_EINVARG; + } int fnlen = 0; char filename[FILE_PATH_SIZE] = {0}; - CLIParamStrToBuf(arg_get_str(ctx, 23), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + CLIParamStrToBuf(arg_get_str(ctx, 24), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); CLIParserFree(ctx); @@ -10005,12 +10006,15 @@ static int CmdHF14AMfISEN(const char *Cmd) { if (collect_fm11rf08s) { uint64_t t1 = msclock(); - uint32_t flags = collect_fm11rf08s_with_data; - SendCommandMIX(CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES, flags, 0, 0, key, sizeof(key)); - if (WaitForResponseTimeout(CMD_HF_MIFARE_STATIC_ENCRYPTED_NONCE, &resp, 1000)) { - if (resp.status == PM3_ESOFT) { + uint32_t flags = collect_fm11rf08s_with_data | (collect_fm11rf08s_without_backdoor << 1); + SendCommandMIX(CMD_HF_MIFARE_ACQ_STATIC_ENCRYPTED_NONCES, flags, blockn, keytype, key, sizeof(key)); + if (WaitForResponseTimeout(CMD_ACK, &resp, 2500)) { + if (resp.oldarg[0] != PM3_SUCCESS) { return NONCE_FAIL; } + } else { + PrintAndLogEx(WARNING, "Fail, transfer from device time-out"); + return PM3_ETIMEOUT; } uint8_t num_sectors = MIFARE_1K_MAXSECTOR + 1; iso14a_fm11rf08s_nonces_with_data_t nonces_dump = {0}; @@ -10146,7 +10150,7 @@ static command_t CommandTable[] = { {"gen3blk", CmdHf14AGen3Block, IfPm3Iso14443a, "Overwrite manufacturer block"}, {"gen3freeze", CmdHf14AGen3Freeze, IfPm3Iso14443a, "Perma lock UID changes. irreversible"}, {"-----------", CmdHelp, IfPm3Iso14443a, "-------------------- " _CYAN_("magic gen4 GTU") " --------------------------"}, - {"ginfo", CmdHF14AGen4Info, IfPm3Iso14443a, "Info about configuration of the card"}, + {"ginfo", CmdHF14AGen4Info, AlwaysAvailable, "Info about configuration of the card"}, {"ggetblk", CmdHF14AGen4GetBlk, IfPm3Iso14443a, "Read block from card"}, {"gload", CmdHF14AGen4Load, IfPm3Iso14443a, "Load dump to card"}, {"gsave", CmdHF14AGen4Save, IfPm3Iso14443a, "Save dump from card into file or emulator"}, diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 245fae293..6483cf9c9 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -45,6 +45,7 @@ #include "generator.h" #include "mifare/aiddesfire.h" #include "util.h" +#include "crypto/originality.h" #define MAX_KEY_LEN 24 #define MAX_KEYS_LIST_LEN 1024 @@ -147,6 +148,7 @@ typedef enum { PLUS_EV2, NTAG413DNA, NTAG424, + DUOX, } nxp_cardtype_t; typedef enum { @@ -271,6 +273,10 @@ static char *getVersionStr(uint8_t type, uint8_t major, uint8_t minor) { snprintf(retStr, sizeof(buf), "%x.%x ( " _GREEN_("Plus EV1") " )", major, minor); else if (type == 0x02 && major == 0x22 && minor == 0x00) snprintf(retStr, sizeof(buf), "%x.%x ( " _GREEN_("Plus EV2") " )", major, minor); + else if (type == 0x01 && major == 0xA0 && minor == 0x00) + snprintf(retStr, sizeof(buf), "%x.%x ( " _GREEN_("DUOX") " )", major, minor); + else if ((type & 0x08) == 0x08) + snprintf(retStr, sizeof(buf), "%x.%x ( " _GREEN_("DESFire Light") " )", major, minor); else snprintf(retStr, sizeof(buf), "%x.%x ( " _YELLOW_("Unknown") " )", major, minor); return buf; @@ -337,6 +343,10 @@ static nxp_cardtype_t getCardType(uint8_t type, uint8_t major, uint8_t minor) { if (type == 0x01 && major == 0x33 && minor == 0x00) return DESFIRE_EV3; + // Duox + if (type == 0x01 && major == 0xA0 && minor == 0x00) + return DUOX; + // DESFire Light if (type == 0x08 && major == 0x30 && minor == 0x00) return DESFIRE_LIGHT; @@ -442,61 +452,10 @@ int desfire_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, si PrintAndLogEx(DEBUG, "SIGNATURE=NULL"); return PM3_EINVARG; } - // ref: MIFARE Desfire Originality Signature Validation - // See tools/recover_pk.py to recover Pk from UIDs and signatures -#define PUBLIC_DESFIRE_ECDA_KEYLEN 57 - const ecdsa_publickey_t nxp_desfire_public_keys[] = { - {"NTAG424DNA, DESFire Ev2", "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, - {"NTAG413DNA, DESFire Ev1", "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD"}, - {"DESFire Ev2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, - {"DESFire Ev3", "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, - {"NTAG424DNA, NTAG424DNATT, DESFire Light Ev2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3B"}, - {"DESFire Light", "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, - {"MIFARE Plus Ev1", "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, - {"MIFARE Plus Ev2", "04BB49AE4447E6B1B6D21C098C1538B594A11A4A1DBF3D5E673DEACDEB3CC512D1C08AFA1A2768CE20A200BACD2DC7804CD7523A0131ABF607"}, - {"DESFire Ev2 XL", "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, - {"MIFARE Plus Troika", "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, - }; - - uint32_t i; - bool is_valid = false; - - for (i = 0; i < ARRAYLEN(nxp_desfire_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_DESFIRE_ECDA_KEYLEN]; - param_gethex_to_eol(nxp_desfire_public_keys[i].value, 0, key, PUBLIC_DESFIRE_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, uidlen, signature, signature_len, false); - is_valid = (res == 0); - if (is_valid) - break; - } -// PrintAndLogEx(NORMAL, ""); -// PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_valid == false || i == ARRAYLEN(nxp_desfire_public_keys)) { - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); - PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); - return PM3_ESOFT; - } - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_desfire_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %.32s", nxp_desfire_public_keys[i].value); - PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 32); - PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 64); - PrintAndLogEx(INFO, " : %.32s", nxp_desfire_public_keys[i].value + 96); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); - PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); - return PM3_SUCCESS; + int index = originality_check_verify(uid, uidlen, signature, signature_len, PK_MFDES); + PrintAndLogEx(NORMAL, ""); + return originality_check_print(signature, signature_len, index); } static void swap24(uint8_t *data) { @@ -794,6 +753,8 @@ static int CmdHF14ADesInfo(const char *Cmd) { PrintAndLogEx(INFO, "\t2.2 - DESFire Ev2 XL, Originality check, proximity check, EAL5"); if (major == 3 && minor == 0) PrintAndLogEx(INFO, "\t3.0 - DESFire Ev3, Originality check, proximity check, badass EAL6 ?"); + if (major == 0xA0 && minor == 0) + PrintAndLogEx(INFO, "\tx.x - DUOX, Originality check, proximity check, EAL6++"); if (major == 0 && minor == 2) PrintAndLogEx(INFO, "\t0.2 - DESFire Light, Originality check, "); @@ -811,7 +772,8 @@ static int CmdHF14ADesInfo(const char *Cmd) { if (cardtype == DESFIRE_EV2 || cardtype == DESFIRE_EV2_XL || cardtype == DESFIRE_LIGHT || cardtype == DESFIRE_EV3 || - cardtype == NTAG413DNA) { + cardtype == NTAG413DNA || + cardtype == DUOX) { // Signature originality check uint8_t signature[250] = {0}; // must be 56 size_t signature_len = 0; diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index 9d9ecb880..218b87504 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -35,6 +35,7 @@ #include "crypto/libpcrypto.h" #include "cmdhfmf.h" // printblock, header #include "cmdtrace.h" +#include "crypto/originality.h" static const uint8_t mfp_default_key[16] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; static uint16_t mfp_card_adresses[] = {0x9000, 0x9001, 0x9002, 0x9003, 0x9004, 0x9006, 0x9007, 0xA000, 0xA001, 0xA080, 0xA081, 0xC000, 0xC001}; @@ -190,55 +191,9 @@ static nxp_cardtype_t getCardType(uint8_t type, uint8_t major, uint8_t minor) { // --- GET SIGNATURE static int plus_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signature, int signature_len) { - - // ref: MIFARE Plus EV1 Originality Signature Validation -#define PUBLIC_PLUS_ECDA_KEYLEN 57 - const ecdsa_publickey_t nxp_plus_public_keys[] = { - {"MIFARE Plus EV1", "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, - {"MIFARE Plus Ev2", "04BB49AE4447E6B1B6D21C098C1538B594A11A4A1DBF3D5E673DEACDEB3CC512D1C08AFA1A2768CE20A200BACD2DC7804CD7523A0131ABF607"}, - {"MIFARE Plus Troika", "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"} - }; - - uint8_t i; - bool is_valid = false; - - for (i = 0; i < ARRAYLEN(nxp_plus_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_PLUS_ECDA_KEYLEN]; - param_gethex_to_eol(nxp_plus_public_keys[i].value, 0, key, PUBLIC_PLUS_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, key, uid, uidlen, signature, signature_len, false); - is_valid = (res == 0); - if (is_valid) - break; - } - + int index = originality_check_verify(uid, uidlen, signature, signature_len, PK_MFP); PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - - if (is_valid == false || i == ARRAYLEN(nxp_plus_public_keys)) { - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); - PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); - return PM3_ESOFT; - } - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_plus_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %.32s", nxp_plus_public_keys[i].value); - PrintAndLogEx(INFO, " : %.32s", nxp_plus_public_keys[i].value + 32); - PrintAndLogEx(INFO, " : %.32s", nxp_plus_public_keys[i].value + 64); - PrintAndLogEx(INFO, " : %.32s", nxp_plus_public_keys[i].value + 96); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp224r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); - PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); - PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); - return PM3_SUCCESS; + return originality_check_print(signature, signature_len, index); } static int get_plus_signature(uint8_t *signature, int *signature_len) { @@ -262,9 +217,15 @@ static int get_plus_signature(uint8_t *signature, int *signature_len) { // GET VERSION static int plus_print_version(uint8_t *version) { - PrintAndLogEx(SUCCESS, "UID: " _GREEN_("%s"), sprint_hex(version + 14, 7)); - PrintAndLogEx(SUCCESS, "Batch number: " _GREEN_("%s"), sprint_hex(version + 21, 5)); - PrintAndLogEx(SUCCESS, "Production date: week " _GREEN_("%02x") " / " _GREEN_("20%02x"), version[7 + 7 + 7 + 5], version[7 + 7 + 7 + 5 + 1]); + if ((version[14] == 0x00) && (version[15] == 0x04)) { + PrintAndLogEx(SUCCESS, "UID: " _GREEN_("%s"), sprint_hex(version + 16, 4)); + PrintAndLogEx(SUCCESS, "Batch number: " _GREEN_("%s"), sprint_hex(version + 20, 5)); + PrintAndLogEx(SUCCESS, "Production date: week " _GREEN_("%02x") " / " _GREEN_("20%02x"), version[7 + 7 + 6 + 5], version[7 + 7 + 7 + 4 + 1]); + } else { + PrintAndLogEx(SUCCESS, "UID: " _GREEN_("%s"), sprint_hex(version + 14, 7)); + PrintAndLogEx(SUCCESS, "Batch number: " _GREEN_("%s"), sprint_hex(version + 21, 5)); + PrintAndLogEx(SUCCESS, "Production date: week " _GREEN_("%02x") " / " _GREEN_("20%02x"), version[7 + 7 + 7 + 5], version[7 + 7 + 7 + 5 + 1]); + } PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Hardware Information")); PrintAndLogEx(INFO, " Raw : %s", sprint_hex(version, 7)); @@ -328,15 +289,24 @@ static int CmdHFMFPInfo(const char *Cmd) { uint64_t select_status = resp.oldarg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision + bool Version4BUID = false; bool supportVersion = false; bool supportSignature = false; // version check uint8_t version[30] = {0}; + uint8_t uid4b[4] = {0}; + uint8_t uid7b[7] = {0}; int version_len = sizeof(version); if (get_plus_version(version, &version_len) == PM3_SUCCESS) { plus_print_version(version); supportVersion = true; + if ((version[14] == 0x00) && (version[15] == 0x04)) { + Version4BUID = true; + memcpy(uid4b, version + 16, 4); + } else { + memcpy(uid7b, version + 14, 7); + } } else { // info about 14a part, historical bytes. infoHF14A(false, false, false); @@ -346,7 +316,15 @@ static int CmdHFMFPInfo(const char *Cmd) { uint8_t signature[56] = {0}; int signature_len = sizeof(signature); if (get_plus_signature(signature, &signature_len) == PM3_SUCCESS) { - plus_print_signature(card.uid, card.uidlen, signature, signature_len); + if (supportVersion) { + if (Version4BUID) { + plus_print_signature(uid4b, 4, signature, signature_len); + } else { + plus_print_signature(uid7b, 7, signature, signature_len); + } + } else { + plus_print_signature(card.uid, card.uidlen, signature, signature_len); + } supportSignature = true; } diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index 658e028e5..09739d560 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -35,6 +35,7 @@ #include "fileutils.h" // saveFile #include "cmdtrace.h" // trace list #include "preferences.h" // setDeviceDebugLevel +#include "crypto/originality.h" #define MAX_UL_BLOCKS 0x0F #define MAX_ULC_BLOCKS 0x2F @@ -53,6 +54,8 @@ #define MAX_MY_D_MOVE_LEAN 0x0F #define MAX_UL_NANO_40 0x0A #define MAX_UL_AES 0x37 +#define MAX_ST25TN512 0x3F +#define MAX_ST25TN01K 0x3F static int CmdHelp(const char *Cmd); @@ -103,7 +106,9 @@ static uint64_t UL_TYPES_ARRAY[] = { MFU_TT_MAGIC_1A, MFU_TT_MAGIC_1B, MFU_TT_MAGIC_NTAG, MFU_TT_NTAG_210u, MFU_TT_UL_MAGIC, MFU_TT_UL_C_MAGIC, - MFU_TT_UL_AES + MFU_TT_UL_AES, + MFU_TT_ST25TN512, MFU_TT_ST25TN01K, + }; static uint8_t UL_MEMORY_ARRAY[ARRAYLEN(UL_TYPES_ARRAY)] = { @@ -124,7 +129,9 @@ static uint8_t UL_MEMORY_ARRAY[ARRAYLEN(UL_TYPES_ARRAY)] = { // MAGIC_1A, MAGIC_1B, MAGIC_NTAG, MAX_UL_BLOCKS, MAX_UL_BLOCKS, MAX_NTAG_216, // NTAG_210u, UL_MAGIC, UL_C_MAGIC - MAX_NTAG_210, MAX_UL_BLOCKS, MAX_ULC_BLOCKS, MAX_UL_AES + MAX_NTAG_210, MAX_UL_BLOCKS, MAX_ULC_BLOCKS, MAX_UL_AES, +// ST25TN512, ST25TN01K, + MAX_ST25TN512, MAX_ST25TN01K, }; static const ul_family_t ul_family[] = { @@ -789,7 +796,13 @@ static int ul_print_default(uint8_t *data, uint8_t *real_uid) { PrintAndLogEx(SUCCESS, " BCC1: %02X ( " _GREEN_("ok") " )", data[8]); else PrintAndLogEx(NORMAL, " BCC1: %02X, crc should be %02X", data[8], crc1); - PrintAndLogEx(SUCCESS, " Internal: %02X ( %s )", data[9], (data[9] == 0x48) ? _GREEN_("default") : _RED_("not default")); + if (uid[0] == 0x04) { + PrintAndLogEx(SUCCESS, " Internal: %02X ( %s )", data[9], (data[9] == 0x48) ? _GREEN_("default") : _RED_("not default")); + } else if (uid[0] == 0x02) { + PrintAndLogEx(SUCCESS, " Sysblock: %02X ( %s )", data[9], (data[9] == 0x2C) ? _GREEN_("default") : _RED_("not default")); + } else { + PrintAndLogEx(SUCCESS, " Internal: %02X", data[9]); + } } else { PrintAndLogEx(SUCCESS, "Blocks 0-2: %s", sprint_hex(data + 0, 12)); } @@ -1011,6 +1024,10 @@ int ul_print_type(uint64_t tagtype, uint8_t spaces) { snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("INFINEON my-d\x99 move lean (SLE 66R01L)"), spaces, ""); else if (tagtype & MFU_TT_FUDAN_UL) snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("FUDAN Ultralight Compatible (or other compatible)"), spaces, ""); + else if (tagtype & MFU_TT_ST25TN512) + snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("ST ST25TN512 64bytes"), spaces, ""); + else if (tagtype & MFU_TT_ST25TN01K) + snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("ST ST25TN01K 160bytes"), spaces, ""); else snprintf(typestr, sizeof(typestr), "%*sTYPE: " _YELLOW_("Unknown %06" PRIx64), spaces, "", tagtype); @@ -1397,132 +1414,14 @@ static int ulev1_print_counters(void) { } static int ulev1_print_signature(uint64_t tagtype, uint8_t *uid, uint8_t *signature, size_t signature_len) { - -#define PUBLIC_ECDA_KEYLEN 33 -#define PUBLIC_ECDA_192_KEYLEN 49 - // known public keys for the originality check (source: https://github.com/alexbatalov/node-nxp-originality-verifier) - // ref: AN11350 NTAG 21x Originality Signature Validation - // ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation - const ecdsa_publickey_t nxp_mfu_public_keys[] = { - {"NXP MIFARE Classic MFC1C14_x", "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {"MIFARE Classic / QL88", "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, - {"NXP ICODE DNA, ICODE SLIX2", "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {"NXP Public key", "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, - {"NXP Ultralight Ev1", "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, - {"NXP NTAG21x (2013)", "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, - {"MIKRON Public key", "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, - {"VivoKey Spark1 Public key", "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, - {"TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, - {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, - }; - - // https://www.nxp.com/docs/en/application-note/AN13452.pdf - const ecdsa_publickey_t nxp_mfu_192_public_keys[] = { - {"NXP Ultralight AES", "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, - }; - - /* - uint8_t nxp_mfu_public_keys[6][PUBLIC_ECDA_KEYLEN] = { - // UL, NTAG21x and NDEF - { - 0x04, 0x49, 0x4e, 0x1a, 0x38, 0x6d, 0x3d, 0x3c, - 0xfe, 0x3d, 0xc1, 0x0e, 0x5d, 0xe6, 0x8a, 0x49, - 0x9b, 0x1c, 0x20, 0x2d, 0xb5, 0xb1, 0x32, 0x39, - 0x3e, 0x89, 0xed, 0x19, 0xfe, 0x5b, 0xe8, 0xbc, 0x61 - }, - // UL EV1 - { - 0x04, 0x90, 0x93, 0x3b, 0xdc, 0xd6, 0xe9, 0x9b, - 0x4e, 0x25, 0x5e, 0x3d, 0xa5, 0x53, 0x89, 0xa8, - 0x27, 0x56, 0x4e, 0x11, 0x71, 0x8e, 0x01, 0x72, - 0x92, 0xfa, 0xf2, 0x32, 0x26, 0xa9, 0x66, 0x14, 0xb8 - }, - // unknown. Needs identification - { - 0x04, 0x4F, 0x6D, 0x3F, 0x29, 0x4D, 0xEA, 0x57, - 0x37, 0xF0, 0xF4, 0x6F, 0xFE, 0xE8, 0x8A, 0x35, - 0x6E, 0xED, 0x95, 0x69, 0x5D, 0xD7, 0xE0, 0xC2, - 0x7A, 0x59, 0x1E, 0x6F, 0x6F, 0x65, 0x96, 0x2B, 0xAF - }, - // unknown. Needs identification - { - 0x04, 0xA7, 0x48, 0xB6, 0xA6, 0x32, 0xFB, 0xEE, - 0x2C, 0x08, 0x97, 0x70, 0x2B, 0x33, 0xBE, 0xA1, - 0xC0, 0x74, 0x99, 0x8E, 0x17, 0xB8, 0x4A, 0xCA, - 0x04, 0xFF, 0x26, 0x7E, 0x5D, 0x2C, 0x91, 0xF6, 0xDC - }, - // manufacturer public key - { - 0x04, 0x6F, 0x70, 0xAC, 0x55, 0x7F, 0x54, 0x61, - 0xCE, 0x50, 0x52, 0xC8, 0xE4, 0xA7, 0x83, 0x8C, - 0x11, 0xC7, 0xA2, 0x36, 0x79, 0x7E, 0x8A, 0x07, - 0x30, 0xA1, 0x01, 0x83, 0x7C, 0x00, 0x40, 0x39, 0xC2 - }, - // MIKRON public key. - { - 0x04, 0xf9, 0x71, 0xed, 0xa7, 0x42, 0xa4, 0xa8, - 0x0d, 0x32, 0xdc, 0xf6, 0xa8, 0x14, 0xa7, 0x07, - 0xcc, 0x3d, 0xc3, 0x96, 0xd3, 0x59, 0x02, 0xf7, - 0x29, 0x29, 0xfd, 0xcd, 0x69, 0x8b, 0x34, 0x68, 0xf2 - } - }; - */ - uint8_t i; - bool is_valid = false; + int index = -1; if (signature_len == 32) { - for (i = 0; i < ARRAYLEN(nxp_mfu_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_ECDA_KEYLEN] = {0}; - param_gethex_to_eol(nxp_mfu_public_keys[i].value, 0, key, PUBLIC_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 7, signature, signature_len, false); - - is_valid = (res == 0); - if (is_valid) - break; - } + index = originality_check_verify(uid, 7, signature, signature_len, PK_MFUL); + } else if (signature_len == 48) { + index = originality_check_verify(uid, 7, signature, signature_len, PK_MFULAES); } - - bool is_192_valid = false; - if (signature_len == 48) { - for (i = 0; i < ARRAYLEN(nxp_mfu_192_public_keys); i++) { - int dl = 0; - uint8_t key[PUBLIC_ECDA_192_KEYLEN] = {0}; - param_gethex_to_eol(nxp_mfu_192_public_keys[i].value, 0, key, PUBLIC_ECDA_192_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP192R1, key, uid, 7, signature, signature_len, false); - - is_192_valid = (res == 0); - if (is_192_valid) - break; - } - } - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - if (is_192_valid) { - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_mfu_192_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_mfu_192_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp192r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, signature_len)); - PrintAndLogEx(SUCCESS, " Signature verification ( " _GREEN_("successful") " )"); - return PM3_SUCCESS; - } - - if (is_valid) { - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_mfu_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_mfu_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, signature_len)); - PrintAndLogEx(SUCCESS, " Signature verification ( " _GREEN_("successful") " )"); - return PM3_SUCCESS; - } - - PrintAndLogEx(INFO, " Elliptic curve parameters: %s", (signature_len == 48) ? "NID_secp192r1" : "NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, signature_len)); - PrintAndLogEx(SUCCESS, " Signature verification ( " _RED_("fail") " )"); - return PM3_ESOFT; + return originality_check_print(signature, signature_len, index); } static int ulev1_print_version(uint8_t *data) { @@ -1540,21 +1439,13 @@ static int ulev1_print_version(uint8_t *data) { } static int ntag_print_counter(void) { - // NTAG has one counter/tearing. At address 0x02. + // NTAG has one counter. At address 0x02. With no tearing. PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Counter")); - uint8_t tear[1] = {0}; uint8_t counter[3] = {0, 0, 0}; uint16_t len; - len = ulev1_readTearing(0x02, tear, sizeof(tear)); - (void)len; len = ulev1_readCounter(0x02, counter, sizeof(counter)); - (void)len; PrintAndLogEx(INFO, " [02]: %s", sprint_hex(counter, 3)); - PrintAndLogEx(SUCCESS, " - %02X tearing ( %s )" - , tear[0] - , (tear[0] == 0xBD) ? _GREEN_("ok") : _RED_("fail") - ); return len; } @@ -2123,17 +2014,55 @@ uint64_t GetHF14AMfU_Type(void) { // Ultralight - ATQA / SAK if (card.atqa[1] != 0x00 || card.atqa[0] != 0x44 || card.sak != 0x00) { - //PrintAndLogEx(NORMAL, "Tag is not Ultralight | NTAG | MY-D [ATQA: %02X %02X SAK: %02X]\n", card.atqa[1], card.atqa[0], card.sak); + //PrintAndLogEx(NORMAL, "Tag is not Ultralight | NTAG | MY-D |ST25TN [ATQA: %02X %02X SAK: %02X]\n", card.atqa[1], card.atqa[0], card.sak); DropField(); return MFU_TT_UL_ERROR; } - - if (card.uid[0] != 0x05) { + if (card.uid[0] == 0x02) { + // ST25TN + // read SYSBLOCK + uint8_t data[4] = {0x00}; + int status = ul_read(0x02, data, sizeof(data)); + if (status <= 1) { + tagtype = MFU_TT_UL; + } else { + status = ul_read(data[1] + 1, data, sizeof(data)); + if (status <= 1) { + tagtype = MFU_TT_UL; + } else { + // data[3] == KID == 0x05 Key ID + // data[2] == REV == 0x13 Product version + if ((data[1] == 0x90) && (data[0] == 0x90)) { + tagtype = MFU_TT_ST25TN01K; + } else if ((data[1] == 0x90) && (data[0] == 0x91)) { + tagtype = MFU_TT_ST25TN512; + } + } + } + } else if (card.uid[0] == 0x05) { + // Infineon MY-D tests Exam high nibble + DropField(); + uint8_t nib = (card.uid[1] & 0xf0) >> 4; + switch (nib) { + // case 0: tagtype = SLE66R35E7; break; //or SLE 66R35E7 - mifare compat... should have different sak/atqa for mf 1k + case 1: + tagtype = MFU_TT_MY_D; + break; // or SLE 66RxxS ... up to 512 pages of 8 user bytes... + case 2: + tagtype = MFU_TT_MY_D_NFC; + break; // or SLE 66RxxP ... up to 512 pages of 8 user bytes... (or in nfc mode FF pages of 4 bytes) + case 3: + tagtype = (MFU_TT_MY_D_MOVE | MFU_TT_MY_D_MOVE_NFC); + break; // or SLE 66R01P // 38 pages of 4 bytes //notice: we can not currently distinguish between these two + case 7: + tagtype = MFU_TT_MY_D_MOVE_LEAN; + break; // or SLE 66R01L // 16 pages of 4 bytes + } + } else { uint8_t version[10] = {0x00}; int len = ulev1_getVersion(version, sizeof(version)); DropField(); - switch (len) { case 0x0A: { /* @@ -2221,7 +2150,6 @@ uint64_t GetHF14AMfU_Type(void) { tagtype = MFU_TT_UNKNOWN; break; } - // This is a test from cards that doesn't answer to GET_VERSION command // UL vs UL-C vs NTAG203 vs FUDAN FM11NT021 (which is NTAG213 compatiable) if (tagtype & (MFU_TT_UL | MFU_TT_UL_C | MFU_TT_NTAG_203)) { @@ -2275,25 +2203,6 @@ uint64_t GetHF14AMfU_Type(void) { tagtype = ul_fudan_check(); DropField(); } - } else { - DropField(); - // Infinition MY-D tests Exam high nibble - uint8_t nib = (card.uid[1] & 0xf0) >> 4; - switch (nib) { - // case 0: tagtype = SLE66R35E7; break; //or SLE 66R35E7 - mifare compat... should have different sak/atqa for mf 1k - case 1: - tagtype = MFU_TT_MY_D; - break; // or SLE 66RxxS ... up to 512 pages of 8 user bytes... - case 2: - tagtype = MFU_TT_MY_D_NFC; - break; // or SLE 66RxxP ... up to 512 pages of 8 user bytes... (or in nfc mode FF pages of 4 bytes) - case 3: - tagtype = (MFU_TT_MY_D_MOVE | MFU_TT_MY_D_MOVE_NFC); - break; // or SLE 66R01P // 38 pages of 4 bytes //notice: we can not currently distinguish between these two - case 7: - tagtype = MFU_TT_MY_D_MOVE_LEAN; - break; // or SLE 66R01L // 16 pages of 4 bytes - } } tagtype |= ul_magic_test(); @@ -2503,6 +2412,39 @@ static int CmdHF14AMfUInfo(const char *Cmd) { } } + // ST25TN info & signature + if (tagtype & (MFU_TT_ST25TN512 | MFU_TT_ST25TN01K)) { + status = ul_read(0x02, data, sizeof(data)); + if (status <= 1) { + PrintAndLogEx(ERR, "Error: tag didn't answer to READ SYSBLOCK"); + DropField(); + return PM3_ESOFT; + } + status = ul_read(data[1] + 1, data, sizeof(data)); + if (status <= 1) { + PrintAndLogEx(ERR, "Error: tag didn't answer to READ SYSBLOCK"); + DropField(); + return PM3_ESOFT; + } + PrintAndLogEx(INFO, "--- " _CYAN_("Tag System Information")); + PrintAndLogEx(INFO, " Key ID: %02x", data[3]); + PrintAndLogEx(INFO, " Product Version: %02x", data[2]); + PrintAndLogEx(INFO, " Product Code: %02x%02x", data[1], data[0]); + uint8_t signature[32] = {0}; + for (int blkoff = 0; blkoff < 8; blkoff++) { + status = ul_read(0x34 + blkoff, signature + (blkoff * 4), 4); + if (status <= 1) { + PrintAndLogEx(ERR, "Error: tag didn't answer to READ SYSBLOCK"); + DropField(); + return PM3_ESOFT; + } + } + // check signature + int index = originality_check_verify_ex(card.uid, 7, signature, sizeof(signature), PK_ST25TN, false, true); + PrintAndLogEx(NORMAL, ""); + originality_check_print(signature, sizeof(signature), index); + } + // Read signature if ((tagtype & (MFU_TT_UL_EV1_48 | MFU_TT_UL_EV1_128 | MFU_TT_UL_EV1 | MFU_TT_UL_NANO_40 | MFU_TT_NTAG_210u | MFU_TT_NTAG_213 | MFU_TT_NTAG_213_F | MFU_TT_NTAG_213_C | @@ -5833,6 +5775,127 @@ out: return PM3_SUCCESS; } +static int CmdHF14AMfUIncr(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfu incr", + "Increment a MIFARE Ultralight Ev1 counter\n" + "Will read but not increment counter if NTAG is detected", + "hf mfu incr -c 0 -v 1337\n" + "hf mfu incr -c 2 -v 0 -p FFFFFFFF"); + void *argtable[] = { + arg_param_begin, + arg_int1("c", "cnt", "", "Counter index from 0"), + arg_int1("v", "val", "", "Value to increment by (0-16777215)"), + arg_str0("p", "pwd", "", "PWD to authenticate with"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + uint8_t counter = arg_get_int_def(ctx, 1, 3); + uint32_t value = arg_get_u32_def(ctx, 2, 16777216); + + int pwd_len; + uint8_t pwd[4] = { 0x00 }; + CLIGetHexWithReturn(ctx, 3, pwd, &pwd_len); + bool has_key = false; + if (pwd_len) { + has_key = true; + if (pwd_len != 4) { + PrintAndLogEx(WARNING, "incorrect PWD length"); + return PM3_EINVARG; + } + } + + CLIParserFree(ctx); + + if (counter > 2) { + PrintAndLogEx(WARNING, "Counter index must be in range 0-2"); + return PM3_EINVARG; + } + if (value > 16777215) { + PrintAndLogEx(WARNING, "Value to increment must be in range 0-16777215"); + return PM3_EINVARG; + } + + uint8_t increment_cmd[6] = { MIFARE_ULEV1_INCR_CNT, counter, 0x00, 0x00, 0x00, 0x00 }; + + for (uint8_t i = 0; i < 3; i++) { + increment_cmd[i + 2] = (value >> (8 * i)) & 0xff; + } + + iso14a_card_select_t card; + if (ul_select(&card) == false) { + PrintAndLogEx(FAILED, "failed to select card, exiting..."); + return PM3_ESOFT; + } + + uint64_t tagtype = GetHF14AMfU_Type(); + uint64_t tags_with_counter_ul = MFU_TT_UL_EV1_48 | MFU_TT_UL_EV1_128 | MFU_TT_UL_EV1; + uint64_t tags_with_counter_ntag = MFU_TT_NTAG_213 | MFU_TT_NTAG_213_F | MFU_TT_NTAG_213_C | MFU_TT_NTAG_213_TT | MFU_TT_NTAG_215 | MFU_TT_NTAG_216; + if ((tagtype & (tags_with_counter_ul | tags_with_counter_ntag)) == 0) { + PrintAndLogEx(WARNING, "tag type does not have counters"); + DropField(); + return PM3_ESOFT; + } + + bool is_ntag = (tagtype & tags_with_counter_ntag) != 0; + if (is_ntag && (counter != 2)) { + PrintAndLogEx(WARNING, "NTAG only has one counter at index 2"); + DropField(); + return PM3_EINVARG; + } + + uint8_t pack[4] = { 0, 0, 0, 0 }; + if (has_key) { + if (ulev1_requestAuthentication(pwd, pack, sizeof(pack)) == PM3_EWRONGANSWER) { + PrintAndLogEx(FAILED, "authentication failed UL-EV1/NTAG"); + DropField(); + return PM3_ESOFT; + } + } + + uint8_t current_counter[3] = { 0, 0, 0 }; + int len = ulev1_readCounter(counter, current_counter, sizeof(current_counter)); + if (len != sizeof(current_counter)) { + PrintAndLogEx(FAILED, "failed to read old counter"); + if (is_ntag) { + PrintAndLogEx(HINT, "NTAG detected, try reading with PWD"); + } + DropField(); + return PM3_ESOFT; + } + + uint32_t current_counter_num = current_counter[0] | (current_counter[1] << 8) | (current_counter[2] << 16); + PrintAndLogEx(INFO, "Current counter... " _GREEN_("%8d") " - " _GREEN_("%s"), current_counter_num, sprint_hex(current_counter, 3)); + + if ((tagtype & tags_with_counter_ntag) != 0) { + PrintAndLogEx(WARNING, "NTAG detected, unable to manually increment counter"); + DropField(); + return PM3_ESOFT; + } + + uint8_t resp[1] = { 0x00 }; + if (ul_send_cmd_raw(increment_cmd, sizeof(increment_cmd), resp, sizeof(resp)) < 0) { + PrintAndLogEx(FAILED, "failed to increment counter"); + DropField(); + return PM3_ESOFT; + } + + uint8_t new_counter[3] = { 0, 0, 0 }; + int new_len = ulev1_readCounter(counter, new_counter, sizeof(new_counter)); + if (new_len != sizeof(current_counter)) { + PrintAndLogEx(FAILED, "failed to read new counter"); + DropField(); + return PM3_ESOFT; + } + + uint32_t new_counter_num = new_counter[0] | (new_counter[1] << 8) | (new_counter[2] << 16); + PrintAndLogEx(INFO, "New counter....... " _GREEN_("%8d") " - " _GREEN_("%s"), new_counter_num, sprint_hex(new_counter, 3)); + + DropField(); + return PM3_SUCCESS; +} + static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"list", CmdHF14AMfuList, AlwaysAvailable, "List MIFARE Ultralight / NTAG history"}, @@ -5845,6 +5908,7 @@ static command_t CommandTable[] = { {"cauth", CmdHF14AMfUCAuth, IfPm3Iso14443a, "Ultralight-C - Authentication"}, {"setpwd", CmdHF14AMfUCSetPwd, IfPm3Iso14443a, "Ultralight-C - Set 3DES key"}, {"dump", CmdHF14AMfUDump, IfPm3Iso14443a, "Dump MIFARE Ultralight family tag to binary file"}, + {"incr", CmdHF14AMfUIncr, IfPm3Iso14443a, "Increments Ev1/NTAG counter"}, {"info", CmdHF14AMfUInfo, IfPm3Iso14443a, "Tag information"}, {"ndefread", CmdHF14MfuNDEFRead, IfPm3Iso14443a, "Prints NDEF records from card"}, {"rdbl", CmdHF14AMfURdBl, IfPm3Iso14443a, "Read block"}, diff --git a/client/src/cmdhfmfu.h b/client/src/cmdhfmfu.h index 37dbff558..a365e76d3 100644 --- a/client/src/cmdhfmfu.h +++ b/client/src/cmdhfmfu.h @@ -96,6 +96,8 @@ int CmdHF14MfUTamper(const char *Cmd); #define MFU_TT_MAGIC_4 0x400000000ULL #define MFU_TT_MAGIC_4_GDM 0x800000000ULL #define MFU_TT_MAGIC_NTAG21X 0x1000000000ULL +#define MFU_TT_ST25TN512 0x2000000000ULL +#define MFU_TT_ST25TN01K 0x4000000000ULL #define MFU_TT_UL_MAGIC (MFU_TT_UL | MFU_TT_MAGIC) #define MFU_TT_UL_C_MAGIC (MFU_TT_UL_C | MFU_TT_MAGIC) // Don't forget to fill UL_TYPES_ARRAY and UL_MEMORY_ARRAY if new types are added diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index 4ab7c1b15..54e0ce550 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -23,85 +23,1317 @@ #include "cmdparser.h" // command_t #include "comms.h" // clearCommandBuffer #include "cmdtrace.h" +#include +#include +#include "fileutils.h" #include "crc16.h" #include "ui.h" #include "cmdhf14a.h" // manufacture #include "protocols.h" // definitions of ISO14A/7816 protocol +#include "cardhelper.h" +#include "wiegand_formats.h" +#include "wiegand_formatutils.h" #include "iso7816/apduinfo.h" // GetAPDUCodeDescription #include "crypto/asn1utils.h" // ASN1 decode / print +#include "crypto/libpcrypto.h" // AES decrypt #include "commonutil.h" // get_sw #include "protocols.h" // ISO7816 APDU return codes +static uint8_t zeros[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + static int CmdHelp(const char *Cmd); -static int seos_select(void) { - bool activate_field = true; - bool keep_field_on = true; +typedef struct { + uint8_t nonce[8]; + uint8_t privEncKey[16]; + uint8_t privMacKey[16]; + uint8_t readKey[16]; + uint8_t writeKey[16]; + uint8_t adminKey[16]; +} keyset_t; + +keyset_t keys[] = { + { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privEncKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privMacKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // readKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // writeKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } // adminKey + }, + { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privEncKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privMacKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // readKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // writeKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } // adminKey + }, + { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privEncKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privMacKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // readKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // writeKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } // adminKey + }, + { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Nonce + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privEncKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // privMacKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // readKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, // writeKey + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } // adminKey + }, +}; + +typedef struct { + const int value; + const char* name; +} known_algo_t; + +static const known_algo_t known_algorithm_map[] = { + {2, "2K3DES_CBC_MODE"}, + {4, "3K3DES_CBC_MODE"}, + {6, "SHA-1"}, + {7, "SHA-256"}, + {9, "AES-128_CBC_MODE"}, +}; + +static const sioMediaTypeName_t sioMediaTypeMapping[] = { + { 0x00, "Unknown"}, + { 0x01, "DESFire"}, + { 0x02, "MIFARE"}, + { 0x03, "iCLASS (PicoPass)"}, + { 0x04, "ISO14443AL4"}, + { 0x06, "MIFARE Plus"}, + { 0x07, "Seos"}, + { 0xFF, "INVALID VALUE"} +}; + +static int create_cmac (uint8_t* key, uint8_t* input, uint8_t* out, int input_len, int encryption_algorithm) { + uint8_t iv[16] = {0x00}; + + if (encryption_algorithm == 0x09) { + // Working as expected + aes_cmac(iv, key, input, out, input_len); + } + else if (encryption_algorithm == 0x02) { + // CMAC Requires a 24 byte key, but the 2k3DES uses the 1st part for the 3rd part of the key + memcpy(&key[16], &key[0], 8); + + const mbedtls_cipher_info_t* ctx; + ctx = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB); + mbedtls_cipher_cmac(ctx, key, 192, input, input_len, out); + } else { + PrintAndLogEx(ERR, _RED_("Unknown Encryption Algorithm")); + return PM3_ESOFT; + } + return PM3_SUCCESS; +} + +static int create_cryptogram (uint8_t* key, uint8_t* input, uint8_t* out, int input_len, int encryption_algorithm) { + uint8_t iv[16] = {}; + + if (encryption_algorithm == 0x09) { + aes_encode(iv, key, input, out, input_len); + } else if (encryption_algorithm == 0x02) { + mbedtls_des3_context ctx3; + mbedtls_des3_set2key_enc(&ctx3, key); + mbedtls_des3_crypt_cbc(&ctx3, MBEDTLS_DES_ENCRYPT, input_len, iv, input, out); + mbedtls_des3_free(&ctx3); + } else { + PrintAndLogEx(ERR, _RED_("Unknown Encryption Algorithm")); + return PM3_ESOFT; + } + + return PM3_SUCCESS; +} + +static int decrypt_cryptogram (uint8_t* key, uint8_t* input, uint8_t* out, int input_len, int encryption_algorithm) { + uint8_t iv[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + + if (encryption_algorithm == 0x09) { + aes_decode(iv, key, input, out, input_len); + } else if (encryption_algorithm == 0x02) { + mbedtls_des3_context ctx3; + mbedtls_des3_set2key_dec(&ctx3, key); + mbedtls_des3_crypt_cbc(&ctx3, MBEDTLS_DES_DECRYPT, input_len, iv, input, out); + mbedtls_des3_free(&ctx3); + } else { + PrintAndLogEx(ERR, "Unknown Encryption Algorithm"); + return PM3_ESOFT; + } + + return PM3_SUCCESS; +} + +static void increment_command_wrapper(uint8_t* input, int input_len) { + input[input_len-1]++; // Increment the last element of the header by 1 +} + +static void padToBlockSize(const uint8_t* input, int inputSize, int blockSize, uint8_t* output) { + int paddingSize = blockSize - (inputSize % blockSize); + memcpy(output, input, inputSize); + memset(output + inputSize, 0x80, 1); + memset(output + inputSize + 1, 0x00, paddingSize - 1); +} + +static void generate_command_wrapping(uint8_t *command_Header, int command_header_len, uint8_t *unencrypted_Command, int unencrypted_command_len ,uint8_t *rndICC, uint8_t *rndIFD, uint8_t *diversified_enc_key, uint8_t *diversified_mac_key, int encryption_algorithm, uint8_t *command, int *command_len) { + int block_size = 0; + + if (encryption_algorithm == 0x02) { + block_size = 8; + } + else if (encryption_algorithm == 0x09) { + block_size = 16; + } + else { + PrintAndLogEx(ERR, _RED_("Unknown Encryption Algorithm")); + return; + } + + uint8_t rndCounter[block_size]; + memcpy (rndCounter, rndICC, block_size / 2); + memcpy (rndCounter + block_size / 2, rndIFD, block_size/2); + increment_command_wrapper(rndCounter, block_size); + + // Command Header is for the APDU Command to be sent + uint8_t padded_Command_Header[block_size]; + padToBlockSize(command_Header, command_header_len, block_size, padded_Command_Header); + + // Unencrypted Command is our actual command data + uint8_t padded_unencrypted_Command[block_size]; + padToBlockSize(unencrypted_Command, unencrypted_command_len, block_size, padded_unencrypted_Command); + + uint8_t padded_encrypted_Command[block_size]; + create_cryptogram(diversified_enc_key, padded_unencrypted_Command, padded_encrypted_Command, sizeof(padded_unencrypted_Command), encryption_algorithm); + + uint8_t asn1_tag_cryptograph[2] = {0x85,ARRAYLEN(padded_encrypted_Command)}; + uint8_t asn1_tag_mac[2] = {0x8e,0x08}; + uint8_t command_trailer[2] = {0x97,0x00}; + uint8_t padded_command_trailer[block_size - ARRAYLEN(command_trailer)]; + padToBlockSize(command_trailer, sizeof(command_trailer), block_size, padded_command_trailer); + + uint8_t toEncrypt[ARRAYLEN(rndCounter) + ARRAYLEN(padded_Command_Header) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(padded_command_trailer)]; + + memcpy(toEncrypt, rndCounter, ARRAYLEN(rndCounter)); + memcpy(toEncrypt + ARRAYLEN(rndCounter), padded_Command_Header, ARRAYLEN(padded_Command_Header)); + memcpy(toEncrypt + ARRAYLEN(rndCounter) + ARRAYLEN(padded_Command_Header), asn1_tag_cryptograph, ARRAYLEN(asn1_tag_cryptograph)); + memcpy(toEncrypt + ARRAYLEN(rndCounter) + ARRAYLEN(padded_Command_Header) + ARRAYLEN(asn1_tag_cryptograph), padded_encrypted_Command, ARRAYLEN(padded_encrypted_Command)); + memcpy(toEncrypt + ARRAYLEN(rndCounter) + ARRAYLEN(padded_Command_Header) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command), padded_command_trailer, ARRAYLEN(padded_command_trailer)); + + // Breakdown + // 0181e43801010201 + 0000000000000001 + 0CCB3FFF800000000000000000000000 + 8510EB54DA90CB43AEE7FBFE816ECA25A10D + 9700 + 800000000000000000000000 + + uint8_t mac[8]; + create_cmac(diversified_mac_key, toEncrypt, mac, sizeof(toEncrypt), encryption_algorithm); + + // PrintAndLogEx(SUCCESS, "Encryption Key................... " _YELLOW_("%s"), sprint_hex_inrow(diversified_enc_key, 24)); + // PrintAndLogEx(SUCCESS, "MAC Key.......................... " _YELLOW_("%s"), sprint_hex_inrow(diversified_mac_key, 24)); + // PrintAndLogEx(SUCCESS, "rndCounter....................... " _YELLOW_("%s"), sprint_hex_inrow(rndCounter,sizeof(rndCounter))); + // PrintAndLogEx(SUCCESS, "padded_encrypted_Command......... " _YELLOW_("%s"), sprint_hex_inrow(padded_encrypted_Command,sizeof(padded_encrypted_Command))); + // PrintAndLogEx(SUCCESS, "toEncrypt........................ " _YELLOW_("%s"), sprint_hex_inrow(toEncrypt,sizeof(toEncrypt))); + // PrintAndLogEx(SUCCESS, "MAC.............................. " _YELLOW_("%s"), sprint_hex_inrow(mac,sizeof(mac))); + + uint8_t sizeofcommand[1] = {ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer) + ARRAYLEN(asn1_tag_mac)+ ARRAYLEN(mac)}; + uint8_t respondTo[1] = {0x00}; + + uint8_t completedCommand[command_header_len + 1 + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer) + ARRAYLEN(asn1_tag_mac)+ ARRAYLEN(mac) + 1]; + memcpy(completedCommand, command_Header, command_header_len); + memcpy(completedCommand + command_header_len, sizeofcommand, ARRAYLEN(sizeofcommand)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand), asn1_tag_cryptograph, ARRAYLEN(asn1_tag_cryptograph)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph), padded_encrypted_Command, ARRAYLEN(padded_encrypted_Command)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command), command_trailer, ARRAYLEN(command_trailer)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer), asn1_tag_mac, ARRAYLEN(asn1_tag_mac)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer) + ARRAYLEN(asn1_tag_mac), mac, ARRAYLEN(mac)); + memcpy(completedCommand + command_header_len + ARRAYLEN(sizeofcommand) + ARRAYLEN(asn1_tag_cryptograph) + ARRAYLEN(padded_encrypted_Command) + ARRAYLEN(command_trailer) + ARRAYLEN(asn1_tag_mac) + ARRAYLEN(mac), respondTo, 1); + + // PrintAndLogEx(INFO, "--- " _CYAN_("Command Generation") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Command Header................... " _YELLOW_("%s"), sprint_hex_inrow(command_Header,sizeof(command_Header))); + // PrintAndLogEx(SUCCESS, "Payload.......................... " _YELLOW_("%s"), sprint_hex_inrow(unencrypted_Command,sizeof(unencrypted_Command))); + // PrintAndLogEx(SUCCESS, "completedCommand................. " _YELLOW_("%s"), sprint_hex_inrow(completedCommand,sizeof(completedCommand))); + + memcpy(command, completedCommand, ARRAYLEN(completedCommand)); + *command_len = ARRAYLEN(completedCommand); + //return; +} + +static int seos_get_data(uint8_t *rndICC, uint8_t *rndIFD, uint8_t *diversified_enc_key, uint8_t *diversified_mac_key, uint8_t *sioOutput, int* sio_size, int encryption_algorithm, uint8_t* get_data_tlv, int get_data_tlv_len) { + // Intergrating our command generation with the GetData request to make my life easier in the future + + // Command Header is for the Get Data Command using + // `0C` - Secure messaging – ISO/IEC 7816 standard, command header authenticated (C-MAC) + // `CB` - GET DATA + // uint8_t command_header[4] = {0x0c,0xcb,0x3f,0xff}; + uint8_t cla[1] = {0x0c}; // Secure Messaging Command Header + uint8_t ins[1] = {0xcb}; // GET DATA Instruction + uint8_t p1[1] = {0x3f}; // High order tag value (accoring to NIST.SP.800-73pt2-5.pdf, this is the hardcoded tag value) + uint8_t p2[1] = {0xff}; // Low order tag value + + // command builder + uint8_t command_header[ARRAYLEN(cla) + ARRAYLEN(ins) + ARRAYLEN(p1) + ARRAYLEN(p2)]; + memcpy(command_header, cla, ARRAYLEN(cla)); + memcpy(command_header + ARRAYLEN(cla), ins, ARRAYLEN(ins)); + memcpy(command_header + ARRAYLEN(cla) + ARRAYLEN(ins), p1, ARRAYLEN(p1)); + memcpy(command_header + ARRAYLEN(cla) + ARRAYLEN(ins) + ARRAYLEN(p1), p2, ARRAYLEN(p2)); + + int command_header_len = ARRAYLEN(command_header); + + // Command to be sent + // 5c [02] ff 00 + // 5c = tag list data object + // BER-TLV tag of the data object to be retrieved + // uint8_t unencrypted_command[4] = {0x5c,0x02,0xff,0x00}; + // Modification of the tags 2nd place from 00 can return other data + + uint8_t unencrypted_command[get_data_tlv_len]; + memcpy(unencrypted_command, get_data_tlv, get_data_tlv_len); + + int unencrypted_command_len = ARRAYLEN(unencrypted_command); + + uint8_t command_buffer[254]; + int command_len = 0; + + // PrintAndLogEx(SUCCESS, "Raw Command...................... " _YELLOW_("%s"), sprint_hex_inrow(unencrypted_command, get_data_tlv_len)); + generate_command_wrapping(command_header, command_header_len, unencrypted_command, unencrypted_command_len, rndICC, rndIFD, diversified_enc_key, diversified_mac_key, encryption_algorithm, command_buffer, &command_len); + + // Convert command from buffer to stream + uint8_t command_convert[command_len]; + memcpy(command_convert, command_buffer, command_len); + char completedCommandChar[sizeof(command_len) * 2 + 1]; + for (int i = 0; i < sizeof(command_convert); i++) { + snprintf(&completedCommandChar[i * 2], 3, "%02X", command_convert[i]); + } + // PrintAndLogEx(SUCCESS, "Command.......................... " _YELLOW_("%s"), completedCommandChar); + + // ------------------- Send Command ------------------- uint8_t response[PM3_CMD_DATA_SIZE]; int resplen = 0; - // --------------- Select SEOS applet ---------------- - uint8_t aSELECT_AID[80]; - int aSELECT_AID_n = 0; - param_gethex_to_eol("00a404000aa000000440000101000100", 0, aSELECT_AID, sizeof(aSELECT_AID), &aSELECT_AID_n); - int res = ExchangeAPDU14a(aSELECT_AID, aSELECT_AID_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + bool activate_field = false; + bool keep_field_on = true; + + uint8_t aGET_CHALLENGE[100]; + int aGET_CHALLENGE_n = command_len; + param_gethex_to_eol(completedCommandChar, 0, aGET_CHALLENGE, sizeof(aGET_CHALLENGE), &aGET_CHALLENGE_n); + int res = ExchangeAPDU14a(aGET_CHALLENGE, aGET_CHALLENGE_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Get Data Failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return PM3_ESOFT; + } + + PrintAndLogEx(INFO, "--- " _CYAN_("Get Data") " ---------------------------"); + // Raw response contains a few values + // 85 is our cryptogram response (64 bytes) + // 99 is our status word response (2 bytes) + // 8E is our MAC response (8 bytes) + // PrintAndLogEx(SUCCESS, "Raw Response..................... " _YELLOW_("%s"), sprint_hex_inrow(response, (resplen - 2))); + + uint8_t cryptogram[64]; + uint8_t responseCode[2]; + uint8_t tag[2] = {0x00,0x00}; + int getDataSize = 0; + + // ------------------- Cryptogram Response ------------------- + if (resplen >= 2 && response[0] == 0x85 && response[1] == 0x40) { + uint8_t decrypted[64]; + memcpy(cryptogram, response + 2, 64); + memcpy(responseCode, response + 68, 2); + + // Decrypt the response + decrypt_cryptogram(diversified_enc_key, cryptogram, decrypted, sizeof(cryptogram), encryption_algorithm); + + // Response Format + // FF0038302F8102578CA5020500A6088101010403030008A7178515D65ED945996AB9107CD6D3E6011F56FFDD9CFFC780A9020500050000000000008000000000 + + // FF00 is our inputed tag value + // 38 is our len + + // PrintAndLogEx(SUCCESS, "Cryptogram....................... " _YELLOW_("%s"), sprint_hex_inrow(cryptogram, sizeof(cryptogram))); + // PrintAndLogEx(SUCCESS, "Decrypted........................ " _YELLOW_("%s"), sprint_hex_inrow(decrypted, sizeof(decrypted))); + + getDataSize = decrypted[2]; + memcpy(tag, decrypted, ARRAYLEN(tag)); + memmove(decrypted, decrypted + 1, sizeof(decrypted) - 1); + memmove(sioOutput, decrypted + 2, getDataSize); + *sio_size = getDataSize; + memcpy(responseCode, response + 68, 2); + + PrintAndLogEx(SUCCESS, "Response Code.................... " _YELLOW_("%s"), sprint_hex_inrow(responseCode, (ARRAYLEN(responseCode)))); + PrintAndLogEx(SUCCESS, "Output........................... " _YELLOW_("%s"), sprint_hex_inrow(sioOutput, getDataSize)); + } + else if (resplen >= 2 && response[0] == 0x99) { + memcpy(responseCode, response + 2, 2); + // PrintAndLogEx(SUCCESS, "Raw Response..................... " _YELLOW_("%s"), sprint_hex_inrow(response, (resplen - 2))); + PrintAndLogEx(SUCCESS, "Response Code.................... " _YELLOW_("%s"), sprint_hex_inrow(responseCode, (ARRAYLEN(responseCode)))); + } + + return PM3_SUCCESS; +}; + +static void set_counter_big_endian(uint8_t *buffer, uint32_t counter) { + buffer[0] = (counter >> 24) & 0xFF; + buffer[1] = (counter >> 16) & 0xFF; + buffer[2] = (counter >> 8) & 0xFF; + buffer[3] = counter & 0xFF; +} + +static void create_mutual_auth_key(uint8_t* KEYIFD, uint8_t* KEYICC, uint8_t* RNDICC, uint8_t* RNDIFD, uint8_t* EncryptionKey, uint8_t* MACKey, int encryptionAlgorithm ,int HashingAlgorithm) { + // Creating Mutual Authentication Keys + // Structure + // Prefix = 00000000 + // keyIFD.substring(16) = 0000000000000000 IFD = Interface Device + // keyICC.substring(16) = 0000000000000000 ICC = Integrated Circuit Card + // hashing algorithm x2 = 09 09 + // randomICC = 0000000000000000 ICC = Integrated Circuit Card + // RandomIFD = 0000000000000000 IFD = Interface Device + // Will always be 38 bytes + // + // 00000000 E0EC1F2D7B000000 F0EC1F2D7B000000 09 09 B0EC1F2D7B000000B8EC1F2D7B000000 + + uint8_t prefix[4] = {0x00,0x00,0x00,0x00}; + uint8_t aHashingAlgorithm[2] = {encryptionAlgorithm,encryptionAlgorithm}; + uint8_t hash_in[38]; + + memcpy(hash_in, prefix, 4); + memcpy(hash_in + 4, KEYIFD, 8); + memcpy(hash_in + 12, KEYICC, 8); + memcpy(hash_in + 20, aHashingAlgorithm, 2); + memcpy(hash_in + 22, RNDICC, 8); + memcpy(hash_in + 30, RNDIFD, 8); + + // PrintAndLogEx(INFO, "--- " _CYAN_("Mutual Auth Keys") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Prefix........................... " _YELLOW_("%s"), sprint_hex_inrow(prefix, ARRAYLEN(prefix))); + // PrintAndLogEx(SUCCESS, "KeyIFD........................... " _YELLOW_("%s"), sprint_hex_inrow(KEYIFD, 8)); + // PrintAndLogEx(SUCCESS, "KeyICC........................... " _YELLOW_("%s"), sprint_hex_inrow(KEYICC, 8)); + // PrintAndLogEx(SUCCESS, "HashingAlgo...................... " _YELLOW_("%s"), sprint_hex_inrow(aHashingAlgorithm, ARRAYLEN(aHashingAlgorithm))); + // PrintAndLogEx(SUCCESS, "RandomICC........................ " _YELLOW_("%s"), sprint_hex_inrow(RNDICC, 8)); + // PrintAndLogEx(SUCCESS, "RandomIFD........................ " _YELLOW_("%s"), sprint_hex_inrow(RNDIFD, 8)); + // PrintAndLogEx(SUCCESS, "hash Input....................... " _YELLOW_("%s"), sprint_hex_inrow(hash_in,ARRAYLEN(hash_in))); + + uint8_t output[128]; // Buffer to store the two 32-byte keys + uint8_t hashedOutput[128]; + uint32_t counter = 1; + + // Generate the first key + set_counter_big_endian(hash_in, counter); // Set the counter in big-endian format + // PrintAndLogEx(SUCCESS, "key_out_temp..................... " _YELLOW_("%s"), sprint_hex_inrow(hash_in,ARRAYLEN(hash_in))); + + if (HashingAlgorithm == 0x06) { + sha1hash(hash_in, sizeof(hash_in), hashedOutput); + //PrintAndLogEx(SUCCESS, "key_out_temp..................... " _YELLOW_("%s"), sprint_hex_inrow(hash_in,ARRAYLEN(hash_in))); + memcpy(output, hashedOutput, 20); + counter++; + set_counter_big_endian(hash_in, counter); + sha1hash(hash_in, sizeof(hash_in), hashedOutput); + memcpy(output + 20, hashedOutput, 20); + //PrintAndLogEx(SUCCESS, "key_out_temp..................... " _YELLOW_("%s"), sprint_hex_inrow(hash_in,ARRAYLEN(hash_in))); + } + else if (HashingAlgorithm == 0x07) { + sha256hash(hash_in, sizeof(hash_in), hashedOutput); + memcpy(output, hashedOutput, 32); + } + else { + // Yes they generate their encryption keys and mac keys in a weird way for no fucking reason, the 2nd cycle isn't required. + PrintAndLogEx(ERR, _RED_("Unknown Hashing Algorithm")); + return; + } + + + memcpy(EncryptionKey, output, 16); + memcpy(MACKey, output + 16, 16); + + + // PrintAndLogEx(INFO, "--- " _CYAN_("New Key Generation") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Hash Output...................... " _YELLOW_("%s"), sprint_hex_inrow(output,ARRAYLEN(output))); + // PrintAndLogEx(SUCCESS, "Encryption Key................... " _YELLOW_("%s"), sprint_hex_inrow(EncryptionKey, 16)); + // PrintAndLogEx(SUCCESS, "MAC Key.......................... " _YELLOW_("%s"), sprint_hex_inrow(MACKey, 16)); +} + +static int seos_challenge_get(uint8_t* RNDICC, uint8_t RNDICC_len) { + uint8_t response[PM3_CMD_DATA_SIZE]; + int resplen = 0; + + bool activate_field = false; + bool keep_field_on = true; + + // The Get Challenge seems to be static across all tested cards + // 00870001047c02810000 + + char getChallengePre[21]; + strcpy(getChallengePre, "008700"); + const char keyslot_str[3] = "01"; + //snprintf(keyslot_str, sizeof(keyslot_str), "%02X", keyslot); + strcat(getChallengePre, keyslot_str); + strcat(getChallengePre, "047c02810000"); + + uint8_t aGET_CHALLENGE[12]; + int aGET_CHALLENGE_n = 0; + param_gethex_to_eol(getChallengePre, 0, aGET_CHALLENGE, sizeof(aGET_CHALLENGE), &aGET_CHALLENGE_n); + int res = ExchangeAPDU14a(aGET_CHALLENGE, aGET_CHALLENGE_n, activate_field, keep_field_on, response, sizeof(response), &resplen); if (res != PM3_SUCCESS) { DropField(); return res; } - if (resplen < 2) { + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Get Challenge Failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return PM3_ESOFT; + } + memcpy(RNDICC, &response[4], 8); + + // Response looks like + // 7C0A810897460AC7535731F8 + // |----------|------------------| + // | 7C0A8108 | 97460AC7535731F8 | + // | Static | RND.ICC | + // |----------|------------------| + // 7C 0A 81 08 18 1E 43 80 10 10 20 11 + // 81 is the ASN.1 tag + + uint8_t staticResponse[8] = {0x01,0x81,0xE4,0x38,0x01,0x01,0x02,0x01}; + + PrintAndLogEx(INFO, "--- " _CYAN_("Get Challenge") " ---------------------------"); + //PrintAndLogEx(SUCCESS, "Challenge Input: " _YELLOW_("%s"), getChallengePre); + if (memcmp(RNDICC, staticResponse, 8) == 0) { + PrintAndLogEx(SUCCESS, "Static Response Detected......... " _GREEN_("%s"), sprint_hex_inrow(RNDICC, sizeof(RNDICC))); + } else { + PrintAndLogEx(SUCCESS, "RND.ICC.......................... " _YELLOW_("%s"), sprint_hex_inrow(RNDICC, sizeof(RNDICC))); + } + + return PM3_SUCCESS; +}; + +int seos_kdf(bool encryption, uint8_t* masterKey, uint8_t keyslot, + uint8_t* adfOid, size_t adfoid_len, uint8_t* diversifier, uint8_t diversifier_len, uint8_t* out, int encryption_algorithm, int hash_algorithm) { + + // Encryption key = 04 + // KEK Encryption key = 05 + // MAC key = 06 + // KEK MAC key = 07 + + uint8_t typeOfKey = 0x06; + if (encryption == true) { + typeOfKey = 0x04; + } + + uint8_t inputPre[] = { + // Padding + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, typeOfKey, 0x00, 0x00, 0x80, 0x01, + encryption_algorithm, hash_algorithm, keyslot + }; + + // 00000000000000000000000600008001 09 07 00 06112B0601040181E438010102011801010202 EFB08A28B0529F + // 00000000000000000000000400008001 09 07 00 06112B0601040181E438010102011801010202 EFB08A28B0529F + // 06112B0601040181E438010102011801010202 CF 07 EFB08A28B0529F DBA240413B0969B7111F4B6133A3DEFAD934B6DC + + + uint8_t input[sizeof(inputPre) + adfoid_len + diversifier_len]; + + memset(input, 0, sizeof(input)); + + memcpy(input, inputPre, sizeof(inputPre)); + memcpy(input + sizeof(inputPre), adfOid, adfoid_len); + memcpy(input + sizeof(inputPre) + adfoid_len, diversifier, diversifier_len); + + // PrintAndLogEx(SUCCESS, "adfOid: " _YELLOW_("%s"), sprint_hex_inrow(adfOid, 16)); + // PrintAndLogEx(SUCCESS, "diversifier: " _YELLOW_("%s"), sprint_hex_inrow(diversifier, 7)); + // PrintAndLogEx(SUCCESS, "Input: " _YELLOW_("%s"), sprint_hex_inrow(input, (sizeof(input)))); + + // ----------------- AES Key Generation ----------------- + uint8_t AES_iv[16] = {}; + + aes_cmac(AES_iv, masterKey, input, out, sizeof(input)); + return PM3_SUCCESS; +}; + +static int select_DF_verify(uint8_t* response, uint8_t response_length, uint8_t* MAC_value, size_t MAC_value_len, int encryption_algorithm, int key_index) { + uint8_t input[response_length - 10]; + // Response is an ASN.1 encoded structure + // Extract everything before the 8E tag + for (int i = 0; i < response_length; i++) { + // extract MAC + if (response[i] == 0x8E) { + memcpy(input, response, i); + memcpy(MAC_value, response + (i + 2), MAC_value_len); + } + } + + // ----------------- MAC Key Generation ----------------- + uint8_t cmac[8]; + uint8_t MAC_key[24] = {0x00}; + memcpy(MAC_key, keys[key_index].privMacKey, 16); + create_cmac(MAC_key, input, cmac, sizeof(input), encryption_algorithm); + + // PrintAndLogEx(INFO, "--- " _CYAN_("MAC") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "MAC Key: "_YELLOW_("%s"), sprint_hex_inrow(MAC_key,sizeof(MAC_key))); + // PrintAndLogEx(SUCCESS, "Message: " _YELLOW_("%s"), sprint_hex_inrow(input,sizeof(input))); + + if (memcmp(cmac, MAC_value, MAC_value_len) == 0) { + // PrintAndLogEx(SUCCESS, _GREEN_("MAC Verification successful")); + return PM3_SUCCESS; + } + // PrintAndLogEx(INFO, "MAC Type......................... " _YELLOW_("%s"), algorithm_name1); + // PrintAndLogEx(INFO, "Supp MAC......................... " _YELLOW_("%s"), sprint_hex_inrow(MAC_value, MAC_value_len)); + // PrintAndLogEx(INFO, "Calc MAC......................... " _YELLOW_("%s"), sprint_hex_inrow(cmac, sizeof(cmac))); + PrintAndLogEx(INFO, "--- " _CYAN_("MAC") " ---------------------------"); + PrintAndLogEx(ERR, _RED_("MAC Verification Failed")); + + return PM3_ESOFT; +} + +static int select_df_decode(uint8_t* response, uint8_t response_length, int* ALGORITHM_INFO_value1, int* ALGORITHM_INFO_value2, uint8_t* CRYPTOGRAM_encrypted_data, uint8_t* MAC_value) { + // Response is an ASN.1 encoded structure + // ASN.1 Information + // CF = Diversifier + // + // CD = ALGORITHM_INFO + // 02 = 3DES 2K (TWO_KEY_3DES_CBC_MODE) + // 04 = 3K3DES (THREE_KEY_3DES_CBC_MODE) + // 06 = SHA-1 (hash assigned to RSA-1024) + // 07 = SHA-256 + // 09 = AES-128 (AES_128_CBC) + // 85 = CRYPTOGRAM + // First 16 bytes what I guess is a nonce + // Followed with the ADF selected, then the diversifier + // 8E = MAC + + /* + [+] Raw ADF Response: CD0209078540EAA1E1966D666D1FBA14098700071D1DEE24B74CAC87D182EF1700B9946D697E60F87B0FB703C12AE0F83F579A9BF4888DF6B7691BBA6A404C797356F8457E488E088149C86A535EF86A + [=] -- CD [02] 'elem' + [=] 00: 09 07 | .. + [=] -- 85 [40] 'elem' + [=] 00: EA A1 E1 96 6D 66 6D 1F BA 14 09 87 00 07 1D 1D | ....mfm......... + [=] 10: EE 24 B7 4C AC 87 D1 82 EF 17 00 B9 94 6D 69 7E | .$.L.........mi~ + [=] 20: 60 F8 7B 0F B7 03 C1 2A E0 F8 3F 57 9A 9B F4 88 | `.{....*..?W.... + [=] 30: 8D F6 B7 69 1B BA 6A 40 4C 79 73 56 F8 45 7E 48 | ...i..j@LysV.E~H + [=] -- 8E [08] 'elem' + [=] 00: 81 49 C8 6A 53 5E F8 6A | .I.jS^.j + */ + int ALGORITHM_INFO_value1_n = 0; + int ALGORITHM_INFO_value2_n = 0; + int bufferPoint = 0; + + for (int i = 0; i < response_length; i++) { + // ALGORITHM_INFO + if (response[i] == 0xCD) { + *ALGORITHM_INFO_value1 = (int)response[i + 2]; + ALGORITHM_INFO_value1_n = response[i + 2]; + *ALGORITHM_INFO_value2 = (int)response[i + 3]; + ALGORITHM_INFO_value2_n = response[i + 3]; + bufferPoint = i + (i + 1); + break; + } + } + + for (int i = bufferPoint ; i < response_length; i++) { + // CRYPTOGRAM + if (response[i] == 0x85) { + memcpy(CRYPTOGRAM_encrypted_data, &response[i + 2], 64); + bufferPoint = i + (i + 1); + break; + } + } + + for (int i = bufferPoint; i < response_length; i++) { + // MAC + if (response[i] == 0x8E) { + memcpy(MAC_value, &response[i + 2], 8); + } + } + + const char* algorithm_name1 = NULL; + for (int i = 0; i < ARRAYLEN(known_algorithm_map); i++) { + if ((known_algorithm_map[i].value) == ALGORITHM_INFO_value1_n) { + algorithm_name1 = known_algorithm_map[i].name; + break; + } + } + + const char* algorithm_name2 = NULL; + for (int i = 0; i < ARRAYLEN(known_algorithm_map); i++) { + if (known_algorithm_map[i].value == ALGORITHM_INFO_value2_n) { + algorithm_name2 = known_algorithm_map[i].name; + break; + } + } + + PrintAndLogEx(INFO, "--- " _CYAN_("Raw ADF Information") " ---------------------------"); + if (algorithm_name1 != NULL) { + PrintAndLogEx(SUCCESS, "algoIdCipher (Encryption)........ "_YELLOW_("%i (%s)"), ALGORITHM_INFO_value1_n, algorithm_name1); + } else { + PrintAndLogEx(ERR, "algoIdCipher (Encryption)........ %d (Unknown)", ALGORITHM_INFO_value1_n); + } + + if (algorithm_name2 != NULL) { + PrintAndLogEx(SUCCESS, "algoIdHash (MAC)................. "_YELLOW_("%i (%s)"),ALGORITHM_INFO_value2_n, algorithm_name2); + } else { + PrintAndLogEx(ERR, "algoIdHash (MAC)............... %d (Unknown)", ALGORITHM_INFO_value2_n); + } + + // PrintAndLogEx(SUCCESS, "Raw Data......................... " _YELLOW_("%s"), sprint_hex_inrow(response, 80)); + PrintAndLogEx(SUCCESS, "CRYPTOGRAM Encrypted Data........ " _YELLOW_("%s"), sprint_hex_inrow(CRYPTOGRAM_encrypted_data, 64)); + // PrintAndLogEx(SUCCESS, "MAC.............................. " _YELLOW_("%s"), sprint_hex_inrow(MAC_value, 8)); + + return PM3_SUCCESS; +} + +static int select_ADF_decrypt(const char* selectADFOID, uint8_t* CRYPTOGRAM_encrypted_data_raw, uint8_t* CRYPTOGRAM_Diversifier, int encryption_algorithm, int key_index) { + // --------------- Decrypt ---------------- + + // 1. MAC Verify - AES/CBC-decrypt (IV || cryptogram || 16 bytes after 8e 08) with the MAC key & keep the last block + // 2. Decrypt the CRYPTOGRAM_encrypted_data - AES/CBC-decrypt with the encryption key & IV (the previous 16 bytes) + // 3. Verify the Decryption + // 3.1 - CF tag for diversifier at 44 chars in + // 4. Extract the data + // 4.1 Selected ADF + // 4.2 Diversifier + // 4.3 Nonce + uint8_t privEncKey[16] = {}; + memcpy(privEncKey, keys[key_index].privEncKey, 16); + uint8_t CRYPTOGRAM_decrypted_data[64]; + + decrypt_cryptogram(privEncKey, CRYPTOGRAM_encrypted_data_raw, CRYPTOGRAM_decrypted_data, ARRAYLEN(CRYPTOGRAM_decrypted_data), encryption_algorithm); + + // PrintAndLogEx(SUCCESS, "CRYPTOGRAM_encrypted_data_raw: " _YELLOW_("%s"), sprint_hex_inrow(CRYPTOGRAM_encrypted_data_raw, 64)); + // PrintAndLogEx(SUCCESS, "Raw Decrypted Data............... "_YELLOW_("%s"), sprint_hex_inrow(CRYPTOGRAM_decrypted_data,sizeof(CRYPTOGRAM_decrypted_data))); + + // Rough Output + // 06112B0601040181E438010102011801010202 CF 07 EFB08A28B0529F 5282752803B485BABF8CD88F3DA5515DF7712CF3 + + + // Extract the data + int diversifier_length = 0; + int adf_length = 0; + + int CRYPTOGRAM_decrypted_data_length = sizeof(CRYPTOGRAM_decrypted_data); + + for (int i = 0; i < CRYPTOGRAM_decrypted_data_length; i++) { + // ADF OID tag + if (CRYPTOGRAM_decrypted_data[i] == 0x06 && CRYPTOGRAM_decrypted_data[i + 1] < 20) { + adf_length = ((CRYPTOGRAM_decrypted_data[i + 1])); + diversifier_length = CRYPTOGRAM_decrypted_data[i + adf_length + 3]; + + uint8_t CRYPTOGRAM_ADF[strlen(selectADFOID)/2]; + + memcpy(CRYPTOGRAM_ADF, &CRYPTOGRAM_decrypted_data[i], strlen(selectADFOID)/2); + memcpy(CRYPTOGRAM_Diversifier, &CRYPTOGRAM_decrypted_data[i + adf_length + 4], diversifier_length); + + const char* CRYPTOGRAM_ADF_CMP = (sprint_hex_inrow(CRYPTOGRAM_ADF,ARRAYLEN(CRYPTOGRAM_ADF))); + + char* CRYPTOGRAM_ADF_UPPER = strdup(CRYPTOGRAM_ADF_CMP); + char* selectADFOID_UPPER = strdup(selectADFOID); + + // Convert both strings to uppercase + for (int x = 0; CRYPTOGRAM_ADF_UPPER[x]; x++) { + CRYPTOGRAM_ADF_UPPER[x] = toupper(CRYPTOGRAM_ADF_UPPER[x]); + } + for (int x = 0; selectADFOID_UPPER[x]; x++) { + selectADFOID_UPPER[x] = toupper(selectADFOID_UPPER[x]); + } + + + // Compare the 2 ADF responses, if they don't match then the decryption is wrong + // We do the + 4 to remove the first 4 bytes of the ADF OID ASN.1 Tag (0611) + if (strcmp(CRYPTOGRAM_ADF_UPPER + 4, selectADFOID_UPPER + 4) != 0) { + PrintAndLogEx(ERR, "ADF does not match decrypted ADF"); + PrintAndLogEx(ERR, "Likely wrong Key or IV"); + // PrintAndLogEx(SUCCESS, "Decoded ADF....................... "_YELLOW_("%s"), CRYPTOGRAM_ADF_UPPER); // ADF Selected + // PrintAndLogEx(SUCCESS, "Supplied ADF...................... "_YELLOW_("%s"), selectADFOID_UPPER); // ADF Selected + return PM3_ESOFT; + } + + // PrintAndLogEx(INFO, "--- " _CYAN_("Decrypted Response") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Decoded ADF...................... "_YELLOW_("%s"), sprint_hex_inrow(&CRYPTOGRAM_ADF[2],adf_length)); // ADF Selected + // PrintAndLogEx(SUCCESS, "Diversifier...................... "_YELLOW_("%s"), sprint_hex_inrow(CRYPTOGRAM_Diversifier,diversifier_length)); // ADF Diversifier + return PM3_SUCCESS; + + } + } + return PM3_SUCCESS; +}; + +static int seos_mutual_auth(uint8_t* randomICC, uint8_t* CRYPTOGRAM_Diversifier, uint8_t diversifier_len, uint8_t* mutual_auth_randomIFD, uint8_t* mutual_auth_keyICC, uint8_t* randomIFD, uint8_t randomIFD_len, uint8_t* keyIFD, uint8_t keyIFD_len, int encryption_algorithm, int hash_algorithm, int key_index) { + uint8_t response[PM3_CMD_DATA_SIZE]; + + // ---------------- Diversify Keys ---------------- + uint8_t undiversified_key[16] = { 0x00 }; + memcpy(undiversified_key, keys[key_index].readKey, 16); + + uint8_t keyslot = 0x01; // up to 0x0F + uint8_t AES_key[24] = {0x00}; + uint8_t MAC_key[24] = {0x00}; + uint8_t adfOID[17] = {0x2b,0x06,0x01,0x04,0x01,0x81,0xe4,0x38,0x01,0x01,0x02,0x01,0x18,0x01,0x01,0x02,0x02}; + + // Null AES IV + uint8_t nullDiversifier[7] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + + if (memcmp(CRYPTOGRAM_Diversifier, nullDiversifier, sizeof(nullDiversifier)) == 0) { + PrintAndLogEx(ERR, "No Diversifier found"); + return PM3_ESOFT; + } + + seos_kdf(true, undiversified_key, keyslot, adfOID, sizeof(adfOID), CRYPTOGRAM_Diversifier, diversifier_len, AES_key, encryption_algorithm, hash_algorithm); + seos_kdf(false, undiversified_key, keyslot, adfOID, sizeof(adfOID), CRYPTOGRAM_Diversifier, diversifier_len, MAC_key, encryption_algorithm, hash_algorithm); + + memcpy(&MAC_key[16], &MAC_key[0], 8); + memcpy(&AES_key[16], &AES_key[0], 8); + + // PrintAndLogEx(INFO, "--- " _CYAN_("Diversified Keys") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Diversified Enc Key.............. " _YELLOW_("%s"), sprint_hex_inrow(AES_key, (sizeof(AES_key)))); + // PrintAndLogEx(SUCCESS, "Diversified Mac Key.............. " _YELLOW_("%s"), sprint_hex_inrow(MAC_key, (sizeof(MAC_key)))); + // PrintAndLogEx(INFO, "--- " _CYAN_("Mutual Auth") " ---------------------------"); + + // ----------------- Command Generation ----------------- + uint8_t mutual_auth_plain[32]; + memcpy(mutual_auth_plain, randomIFD, 8); + memcpy(mutual_auth_plain + 8, randomICC, 8); + memcpy(mutual_auth_plain + 8 + 8, keyIFD, 16); + + // ----------------- Encryption and MAC Generation ----------------- + uint8_t mac[8]; + uint8_t mutual_auth_enc[32]; + create_cryptogram(AES_key, mutual_auth_plain, mutual_auth_enc, sizeof(mutual_auth_plain), encryption_algorithm); + create_cmac(MAC_key, mutual_auth_enc, mac, sizeof(mutual_auth_enc), encryption_algorithm); + + uint8_t message_authenticated[40]; + memcpy(message_authenticated, mutual_auth_enc, sizeof(mutual_auth_enc)); + memcpy(message_authenticated + sizeof(mutual_auth_enc), mac, sizeof(mac)); + + // ----------------- Debugging ----------------- + // PrintAndLogEx(SUCCESS, "AES IV : "_YELLOW_("%s"), sprint_hex_inrow(AES_iv,sizeof(AES_iv))); + // PrintAndLogEx(SUCCESS, "AES Key: "_YELLOW_("%s"), sprint_hex_inrow(AES_key,sizeof(AES_key))); + // PrintAndLogEx(SUCCESS, "mutual_auth_plain... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_plain, sizeof(mutual_auth_plain))); + // PrintAndLogEx(SUCCESS, "mutual_auth_enc..... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_enc, sizeof(mutual_auth_enc))); + + // PrintAndLogEx(INFO, "--- " _CYAN_("MAC") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "AES IV: "_YELLOW_("%s"), sprint_hex_inrow(AES_iv,sizeof(AES_iv))); + // PrintAndLogEx(SUCCESS, "MAC Key: "_YELLOW_("%s"), sprint_hex_inrow(MAC_key,sizeof(MAC_key))); + // PrintAndLogEx(SUCCESS, "Message.......................... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_enc,sizeof(mutual_auth_enc))); + // PrintAndLogEx(SUCCESS, "MAC.............................. " _YELLOW_("%s"), sprint_hex_inrow(mac,sizeof(mac))); + + // ----------------- Command Generation ----------------- + + const char* prefixLenHex = "2c"; + const char* ASN1_tagAboveLenHex = "2a"; + const char* ASN1_auth_encryptedLenHex = "28"; + + const char* mutual_auth_message = sprint_hex_inrow(message_authenticated, sizeof(message_authenticated)); + + char keyslot_str[3]; + snprintf(keyslot_str, sizeof(keyslot_str), "%02X", keyslot); + + const char* prefix = "008700"; + const char* ASN1_tagAbove = "7c"; + const char* ASN1_auth_encrypted = "82"; + const char* suffix = "00"; + + char mutual_auth[102]; + snprintf(mutual_auth, sizeof(mutual_auth), "%s%s%s%s%s%s%s%s%s", prefix, keyslot_str, prefixLenHex, ASN1_tagAbove, ASN1_tagAboveLenHex,ASN1_auth_encrypted, ASN1_auth_encryptedLenHex, mutual_auth_message, suffix); + // PrintAndLogEx(SUCCESS, "Mutual Auth Encrypted Request.... " _YELLOW_("%s"), mutual_auth); + + // BLOCKS MUTUAL AUTH BEFORE REQUIRED + // return PM3_SUCCESS; + // + + int resplen = 0; + bool activate_field = false; + bool keep_field_on = true; + + uint8_t aMUTUAL_AUTH[102]; + int aMUTUAL_AUTH_n = 0; + param_gethex_to_eol(mutual_auth, 0, aMUTUAL_AUTH, sizeof(aMUTUAL_AUTH), &aMUTUAL_AUTH_n); + int res = ExchangeAPDU14a(aMUTUAL_AUTH, aMUTUAL_AUTH_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + PrintAndLogEx(ERR, "Mutual Auth Request Failed"); DropField(); return PM3_ESOFT; } uint16_t sw = get_sw(response, resplen); if (sw != ISO7816_OK) { - PrintAndLogEx(ERR, "Selecting SEOS applet aid failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + PrintAndLogEx(ERR, "Mutual Auth Request Failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); DropField(); return PM3_ESOFT; } - activate_field = false; - keep_field_on = false; - // --------------- CC file reading ---------------- + // PrintAndLogEx(INFO, "--- " _CYAN_("Get Challenge") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Raw Mutual Auth Response: " _YELLOW_("%s"), sprint_hex_inrow(response, (resplen - 2))); + // PrintAndLogEx(SUCCESS, "Mutual Auth Encrypted Response... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_response, sizeof(mutual_auth_response))); + // PrintAndLogEx(SUCCESS, "Mutual Auth MAC Response: " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_mac_response, sizeof(mutual_auth_mac_response))); + // PrintAndLogEx(SUCCESS, "Mutual Auth MAC Input: " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_validate, sizeof(mutual_auth_validate))); + // PrintAndLogEx(SUCCESS, "Mutual Auth MAC Calculated: " _YELLOW_("%s"), sprint_hex_inrow(mac_calculated, sizeof(mac_calculated))); - uint8_t aSELECT_FILE_ADF[30]; + // Process Response + uint8_t iv[16] = {}; + uint8_t mutual_auth_response[32]; + uint8_t mutual_auth_mac_response[8]; + memcpy(mutual_auth_response, &response[4], 32); + memcpy(mutual_auth_mac_response, &response[4 + 32], 8); + + // PrintAndLogEx(SUCCESS, "Mutual Auth Encrypted Response... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_response, sizeof(mutual_auth_response))); + // PrintAndLogEx(SUCCESS, "Mutual Auth MAC Response: " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_mac_response, sizeof(mutual_auth_mac_response))); + + uint8_t mutual_auth_response_decrypted[32]; + if (encryption_algorithm == 0x09) { + aes_decode(iv, AES_key, mutual_auth_response, mutual_auth_response_decrypted, sizeof(mutual_auth_response)); + } else if (encryption_algorithm == 0x02) { + mbedtls_des3_context ctx3; + mbedtls_des3_set2key_dec(&ctx3, AES_key); + mbedtls_des3_crypt_cbc(&ctx3, MBEDTLS_DES_DECRYPT, sizeof(mutual_auth_response), iv, mutual_auth_response, mutual_auth_response_decrypted); + mbedtls_des3_free(&ctx3); + } + + // Validate response with comparison between nonce and randomICC + uint8_t mutual_auth_RandomICC[8]; + memcpy(mutual_auth_RandomICC, &mutual_auth_response_decrypted, 8); + + // PrintAndLogEx(SUCCESS, "Mutual Auth Decrypted Response... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_response_decrypted, sizeof(mutual_auth_response_decrypted))); + + if (memcmp(randomICC, mutual_auth_RandomICC, 8) != 0) { + PrintAndLogEx(ERR, "RandomICC does not match decrypted RandomICC"); + PrintAndLogEx(ERR, "Likely wrong Key or IV"); + return PM3_ESOFT; + } + + memcpy(mutual_auth_randomIFD, &mutual_auth_response_decrypted[8], 8); + memcpy(mutual_auth_keyICC, &mutual_auth_response_decrypted[16], 16); + + // PrintAndLogEx(SUCCESS, _GREEN_("Mutual Auth Completed")); + // PrintAndLogEx(INFO, "--- " _CYAN_("Decrypted Response") " ---------------------------"); + // PrintAndLogEx(SUCCESS, "Mutual Auth Decrypted Response... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_response_decrypted, sizeof(mutual_auth_response_decrypted))); + // PrintAndLogEx(SUCCESS, "Mutual Auth RandomICC............ " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_RandomICC, sizeof(mutual_auth_RandomICC))); + // PrintAndLogEx(SUCCESS, "Mutual Auth RandomIFD............ " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_randomIFD, sizeof(mutual_auth_randomIFD))); + // PrintAndLogEx(SUCCESS, "Mutual Auth KeyICC............... " _YELLOW_("%s"), sprint_hex_inrow(mutual_auth_keyICC, sizeof(mutual_auth_keyICC))); + + return PM3_SUCCESS; +}; + +static int seos_aid_select(void) { + // Working 100%, pulls from live card + bool activate_field = true; + bool keep_field_on = true; + uint8_t response[PM3_CMD_DATA_SIZE]; + int resplen = 0; + + // --------------- Select AID for SEOS Card ---------------- + typedef struct { + const char* name; + const char* value; + } seos_aid_t; + + static const seos_aid_t known_AID_map[] = { + {"STANDARD_SEOS", "A00000044000010100010"}, + {"MOBILE_SEOS_ADMIN_CARD", "A000000382002D0001010"}, + }; + + int i; + int res = PM3_ESOFT; + //PrintAndLogEx(INFO, "--- " _CYAN_("AID Selection") " ---------------------------"); + for (i = 0; i < ARRAYLEN(known_AID_map); i++) { + + const char* selectedAID = known_AID_map[i].value; + + // Select command prefixed with a 00 + const char* prefix = "00A404"; + uint16_t aidlen = strlen(selectedAID) >> 1; + + char aidlenHex[5]; + snprintf(aidlenHex, sizeof(aidlenHex), "%04X", aidlen); + + const char* suffix = "0"; + char combinedString[100]; + + snprintf(combinedString, sizeof(combinedString), "%s%s%s%s", prefix, aidlenHex, selectedAID, suffix); + //PrintAndLogEx(SUCCESS, "AID Selected: " _YELLOW_("%s"), known_AID_map[i].name); + //PrintAndLogEx(SUCCESS, "AID Select Command: " _YELLOW_("%s"), combinedString); + + // --------------- Select AID for SEOS Card ---------------- + uint8_t aSELECT_AID[80]; + int aSELECT_AID_n = 0; + param_gethex_to_eol(combinedString, 0, aSELECT_AID, sizeof(aSELECT_AID), &aSELECT_AID_n); + res = ExchangeAPDU14a(aSELECT_AID, aSELECT_AID_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + DropField(); + continue; + } + + if (resplen < 2) { + DropField(); + continue; + } + + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Selecting SEOS applet aid failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + continue; + } + + // if we made it here, its a success and we break :) + break; + } + + return res; +}; + +static int seos_pacs_adf_select(char* oid, int oid_len, uint8_t* get_data, int get_data_len, int key_index) { + int resplen = 0; + uint8_t response[PM3_CMD_DATA_SIZE]; + bool activate_field = false; + bool keep_field_on = true; + + // --------------- ADF file Selection ---------------- + + // breaks down to + // 06 = ASN.1 Tag + // 11 = Len + // 2b0601040181e438010102011801010202 = ADF-OID + + // --------------- OID Selection ---------------- + const char* ADFprefix = "06"; + char selectedOID[100]; + snprintf(selectedOID, sizeof(selectedOID), "%s", oid); + + uint16_t selectedOIDLen = strlen(selectedOID); + char selectedOIDLenHex[3]; + snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen)/2); + + char selectedADF[strlen(ADFprefix) + strlen(selectedOIDLenHex) + selectedOIDLen + 1]; + snprintf(selectedADF, sizeof(selectedADF), "%s%s%s", ADFprefix, selectedOIDLenHex, selectedOID); + + // --------------- Command Builder Selection ---------------- + // prefix is the APDU command we are sending + const char* prefix = "80A504"; + const char* suffix = "00"; + const char* keyReference = "00"; + + uint16_t selectedADFLen = strlen(selectedADF); + + char adflenHex[3]; + snprintf(adflenHex, sizeof(adflenHex), "%02X", (selectedADFLen >> 1) & 0xFF); + + char selectADF[strlen(prefix) + strlen(adflenHex) + selectedADFLen + strlen(suffix) + 1]; + + // 80 A5 04 00 13 06 11 2B 06 01 04 01 81 E4 38 01 01 02 01 18 01 01 02 02 00 + snprintf(selectADF, sizeof(selectADF), "%s%s%s%s%s", prefix, keyReference, adflenHex, selectedADF, suffix); + + + PrintAndLogEx(INFO, "--- " _CYAN_("Select ADF") " ---------------------------"); + PrintAndLogEx(SUCCESS, "Selected ADF..................... "_YELLOW_("%s"), selectedOID); + + // --------------- Send APDU Command ---------------- + + uint8_t aSELECT_FILE_ADF[124]; int aSELECT_FILE_ADF_n = 0; - param_gethex_to_eol("80a504001306112b0601040181e43801010201180101020200", 0, aSELECT_FILE_ADF, sizeof(aSELECT_FILE_ADF), &aSELECT_FILE_ADF_n); - res = ExchangeAPDU14a(aSELECT_FILE_ADF, aSELECT_FILE_ADF_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + // Input into getHextoEOL is a Char string + param_gethex_to_eol(selectADF, 0, aSELECT_FILE_ADF, sizeof(aSELECT_FILE_ADF), &aSELECT_FILE_ADF_n); + int res = ExchangeAPDU14a(aSELECT_FILE_ADF, aSELECT_FILE_ADF_n, activate_field, keep_field_on, response, sizeof(response), &resplen); if (res != PM3_SUCCESS) { DropField(); return res; } - sw = get_sw(response, resplen); + uint16_t sw = get_sw(response, resplen); if (sw != ISO7816_OK) { PrintAndLogEx(ERR, "Selecting ADF file failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); DropField(); return PM3_ESOFT; } - // remove the 2byte SW - asn1_print(response, resplen - 2, " "); + // --------------- Decrypt ADF Response ---------------- + // Information returned from the GetChallenge command + int ALGORITHM_INFO_value1 = 0; // Encryption Algorithm + int ALGORITHM_INFO_value2 = 0; // Hash Algorithm + uint8_t CRYPTOGRAM_encrypted_data[64]; // Encrypted Data + uint8_t MAC_value[8] = {0}; // MAC Value + + uint8_t diversifier[7] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + uint8_t RNDICC[8] = {0}; + uint8_t KeyICC[16] = {0}; + uint8_t RNDIFD[8] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + uint8_t KeyIFD[16] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + + uint8_t Diversified_New_EncryptionKey[24] = {0}; + uint8_t Diversified_New_MACKey[24] = {0}; + + resplen -= 2; + + seos_challenge_get(RNDICC, sizeof(RNDICC)); + select_df_decode(response, resplen, &ALGORITHM_INFO_value1, &ALGORITHM_INFO_value2, CRYPTOGRAM_encrypted_data, MAC_value); + res = select_DF_verify(response, resplen, MAC_value, sizeof(MAC_value), ALGORITHM_INFO_value1, key_index); + + if (res != PM3_SUCCESS) { + return res; + } + + if (ALGORITHM_INFO_value1 == 0x09 || ALGORITHM_INFO_value1 == 0x02) { + + select_ADF_decrypt(selectedADF, CRYPTOGRAM_encrypted_data, diversifier, ALGORITHM_INFO_value1, key_index); + seos_mutual_auth(RNDICC, diversifier, sizeof(diversifier), RNDIFD, KeyICC, RNDIFD, sizeof(RNDIFD), KeyIFD, sizeof(KeyIFD), ALGORITHM_INFO_value1, ALGORITHM_INFO_value2, key_index); + create_mutual_auth_key(KeyIFD, KeyICC, RNDICC, RNDIFD, Diversified_New_EncryptionKey, Diversified_New_MACKey, ALGORITHM_INFO_value1, ALGORITHM_INFO_value2); + + uint8_t sio_buffer_out[PM3_CMD_DATA_SIZE]; + int sio_size = 0; + seos_get_data(RNDICC, RNDIFD, Diversified_New_EncryptionKey, Diversified_New_MACKey, sio_buffer_out, &sio_size, ALGORITHM_INFO_value1, get_data, get_data_len); + + if (sio_size == 0) { + return PM3_ESOFT; + } + + if (sio_buffer_out[0] == 0x30) { + uint8_t sioOutput[sio_size]; + memcpy(sioOutput, sio_buffer_out, sio_size); + + PrintAndLogEx(INFO, "--- " _CYAN_("Key Data") " ---------------------------"); + PrintAndLogEx(SUCCESS, "SIO.............................. "_YELLOW_("%s"), sprint_hex_inrow(sioOutput, sizeof(sioOutput))); // SIO + PrintAndLogEx(SUCCESS, "SIO Size......................... "_YELLOW_("%i"), sio_size); // SIO Size + PrintAndLogEx(SUCCESS, "Diversifier...................... "_YELLOW_("%s"), sprint_hex_inrow(diversifier,ARRAYLEN(diversifier))); // Diversifier + }; + + } else { + PrintAndLogEx(ERR, "Unknown encryption algorithm"); + return PM3_ESOFT; + }; + + return PM3_SUCCESS; +}; + +static int seos_adf_select(char* oid, int oid_len, int key_index) { + int resplen = 0; + uint8_t response[PM3_CMD_DATA_SIZE]; + bool activate_field = false; + bool keep_field_on = true; + + // --------------- OID Selection ---------------- + const char* ADFprefix = "06"; + char selectedOID[100]; + snprintf(selectedOID, sizeof(selectedOID), "%s", oid); + + uint16_t selectedOIDLen = strlen(selectedOID); + char selectedOIDLenHex[3]; + snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen)/2); + + char selectedADF[strlen(ADFprefix) + strlen(selectedOIDLenHex) + selectedOIDLen + 1]; + snprintf(selectedADF, sizeof(selectedADF), "%s%s%s", ADFprefix, selectedOIDLenHex, selectedOID); + + // --------------- Command Builder Selection ---------------- + // prefix is the APDU command we are sending + const char* prefix = "80A504"; + const char* suffix = "00"; + const char* keyReference = "00"; + + uint16_t selectedADFLen = strlen(selectedADF); + char adflenHex[3]; + snprintf(adflenHex, sizeof(adflenHex), "%02X", (selectedADFLen >> 1) & 0xFF); + char selectADF[strlen(prefix) + strlen(adflenHex) + selectedADFLen + strlen(suffix) + 1]; + + // 80 A5 04 00 13 06 11 2B 06 01 04 01 81 E4 38 01 01 02 01 18 01 01 02 02 00 + snprintf(selectADF, sizeof(selectADF), "%s%s%s%s%s", prefix, keyReference, adflenHex, selectedADF, suffix); + PrintAndLogEx(INFO, "--- " _CYAN_("Select ADF") " ---------------------------"); + PrintAndLogEx(SUCCESS, "Selected ADF..................... "_YELLOW_("%s"), selectedADF); + + // --------------- Send APDU Command ---------------- + uint8_t aSELECT_FILE_ADF[124]; + int aSELECT_FILE_ADF_n = 0; + + // Input into getHextoEOL is a Char string + param_gethex_to_eol(selectADF, 0, aSELECT_FILE_ADF, sizeof(aSELECT_FILE_ADF), &aSELECT_FILE_ADF_n); + + int res = ExchangeAPDU14a(aSELECT_FILE_ADF, aSELECT_FILE_ADF_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Selecting ADF file failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return PM3_ESOFT; + } + + // --------------- Decrypt ADF Response ---------------- + // Information returned from the GetChallenge command + int ALGORITHM_INFO_value1 = 0; // Encryption Algorithm + int ALGORITHM_INFO_value2 = 0; // Hash Algorithm + uint8_t CRYPTOGRAM_encrypted_data[64] = {0}; // Encrypted Data + uint8_t MAC_value[8] = {0}; // MAC Value + uint8_t RNDICC[8] = {0}; + + resplen -= 2; + + seos_challenge_get(RNDICC, sizeof(RNDICC)); + select_df_decode(response, resplen, &ALGORITHM_INFO_value1, &ALGORITHM_INFO_value2, CRYPTOGRAM_encrypted_data, MAC_value); + select_DF_verify(response, resplen, MAC_value, sizeof(MAC_value), ALGORITHM_INFO_value1, key_index); + return PM3_SUCCESS; +}; + +static int seos_gdf_select(int key_index) { + uint8_t response[PM3_CMD_DATA_SIZE]; + int resplen = 0; + + bool activate_field = false; + bool keep_field_on = true; + // --------------- Select Global_df for SEOS Card ---------------- + // SelectGDF = 00A507 + referenceDataQualifier + 00 + // 00A5070600 + // SelectGlobalDF = 00A50000 + + const char* getGDF = "00A5070600"; + + uint8_t agetGDF[10]; + int agetGDF_n = 0; + param_gethex_to_eol(getGDF, 0, agetGDF, sizeof(agetGDF), &agetGDF_n); + int res = ExchangeAPDU14a(agetGDF, agetGDF_n, activate_field, keep_field_on, response, sizeof(response), &resplen); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + + uint16_t sw = get_sw(response, resplen); + if (sw != ISO7816_OK) { + PrintAndLogEx(ERR, "Get Global_df failed (%04x - %s).", sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff)); + DropField(); + return PM3_ESOFT; + } + + // --------------- Decrypt GDF Response ---------------- + // Information returned from the GetChallenge command + int ALGORITHM_INFO_value1 = 0; // Encryption Algorithm + int ALGORITHM_INFO_value2 = 0; // Hash Algorithm + uint8_t CRYPTOGRAM_encrypted_data[64] = {0}; // Encrypted Data + uint8_t MAC_value[8] = {0}; // MAC Value + uint8_t RNDICC[8] = {0}; + + seos_challenge_get(RNDICC, sizeof(RNDICC)); + select_df_decode(response, (resplen - 2), &ALGORITHM_INFO_value1, &ALGORITHM_INFO_value2, CRYPTOGRAM_encrypted_data, MAC_value); + select_DF_verify(response, resplen, MAC_value, sizeof(MAC_value), ALGORITHM_INFO_value1, key_index); + + return PM3_SUCCESS; +}; + +static int seos_select(void) { + int res = seos_aid_select(); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + + const char* oid = "2B0601040181E438010102011801010202"; + int oid_len = strlen(oid); + res = seos_adf_select((char*)oid, oid_len, 0); + DropField(); + return res; +} + +static int seos_pacs(char* oid, int oid_len, uint8_t* get_data, int get_data_len, int key_index) { + int res = seos_aid_select(); + if (res != PM3_SUCCESS) { + DropField(); + return res; + } + + res = seos_pacs_adf_select(oid, oid_len, get_data, get_data_len, key_index); + DropField(); + return res; +} + +static int seos_global_df(int key_index) { + int res = seos_aid_select(); + if (res == PM3_SUCCESS) { + res = seos_gdf_select(key_index); + } + DropField(); + return res; +} + +static int seos_print_keys(bool verbose) { + PrintAndLogEx(NORMAL, ""); + if (verbose) { + for (int i = 0; i < ARRAYLEN(keys); i++) { + PrintAndLogEx(INFO, "Key Index........................ " _YELLOW_("%u"), i); + PrintAndLogEx(INFO, "Nonce............................ " _YELLOW_("%s"), sprint_hex(keys[i].nonce, 8)); + PrintAndLogEx(INFO, "Privacy Encryption Key........... " _YELLOW_("%s"), sprint_hex(keys[i].privEncKey, 16)); + PrintAndLogEx(INFO, "Privacy MAC Key.................. " _YELLOW_("%s"), sprint_hex(keys[i].privMacKey, 16)); + PrintAndLogEx(INFO, "Read Key......................... " _YELLOW_("%s"), sprint_hex(keys[i].readKey, 16)); + PrintAndLogEx(INFO, "Write Key........................ " _YELLOW_("%s"), sprint_hex(keys[i].writeKey, 16)); + PrintAndLogEx(INFO, "Admin Key........................ " _YELLOW_("%s"), sprint_hex(keys[i].adminKey, 16)); + PrintAndLogEx(INFO, "----------------------------"); + } + } + else { + PrintAndLogEx(INFO, "idx| key"); + PrintAndLogEx(INFO, "---+------------------------"); + for (uint8_t i = 0; i < ARRAYLEN(keys); i++) { + if (memcmp(keys[i].privEncKey, zeros, sizeof(zeros)) == 0) + PrintAndLogEx(INFO, " %u |", i); + else + PrintAndLogEx(INFO, " %u | " _YELLOW_("%s"), i, sprint_hex(keys[i].nonce, 8)); + } + PrintAndLogEx(INFO, "---+------------------------"); + }; + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; +} + +static int seos_load_keys(char *filename) { + uint8_t *dump = NULL; + size_t bytes_read = 0; + if (loadFile_safe(filename, "", (void **)&dump, &bytes_read) != PM3_SUCCESS) { + PrintAndLogEx(FAILED, "File: " _YELLOW_("%s") ": not found or locked.", filename); + return PM3_EFILE; + } + + // 16 = max line size + // 8 = 8 items per keyset + // 4 = 4 keysets + if (bytes_read > 382) { + PrintAndLogEx(WARNING, "File is too long to load - exp: %zu got: %zu", sizeof(keys), bytes_read); + free(dump); + return PM3_EFILE; + } + + size_t kn = sizeof(keyset_t); + + size_t i = 0; + for (; i < bytes_read / kn; i++) { + memcpy(keys[i].nonce, dump + (i * kn), 8); + memcpy(keys[i].privEncKey, dump + ((i * kn) + 8), 16); + memcpy(keys[i].privMacKey, dump + ((i * kn) + 24), 16); + memcpy(keys[i].readKey, dump + ((i * kn) + 40), 16); + memcpy(keys[i].writeKey, dump + ((i * kn) + 56), 16); + memcpy(keys[i].adminKey, dump + ((i * kn) + 72), 16); + } + + free(dump); + PrintAndLogEx(SUCCESS, "Loaded" _GREEN_("%2zd") " keys from %s", i, filename); return PM3_SUCCESS; } int infoSeos(bool verbose) { - int res = seos_select(); - if (res == PM3_SUCCESS) { - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); - } - return PM3_SUCCESS; + return seos_select(); } static int CmdHfSeosInfo(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf seos info", - "Get info from SEOS tags", - "hf seos info"); - + "Requests the unauthenticated information from the default ADF of a SEOS card\n" + "- If the card is a SEOS card\n" + "- Are static RND.ICC keys used (can detect SEOS default keyset)\n" + "- What encryption and hashing algorithm is use\n", + "hf seos info" + ); void *argtable[] = { arg_param_begin, arg_param_end @@ -111,14 +1343,455 @@ static int CmdHfSeosInfo(const char *Cmd) { return infoSeos(true); } +static int CmdHfSeosGDF(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos gdf", + "Get Global Data File (GDF) from SEOS card\n\n" + "By default:\n" + " - Key Index: 0\n", + "hf seos gdf" + "hf seos gdf --ki 0" + ); + void *argtable[] = { + arg_param_begin, + arg_int0(NULL, "ki", "", "Specify key index to set key in memory"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + int key_index = arg_get_int_def(ctx, 1, -1); + + CLIParserFree(ctx); + return seos_global_df(key_index); +} + +static int CmdHfSeosPACS(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos pacs", + "Make a GET DATA request to an ADF of a SEOS card\n\n" + "By default:\n" + " - ADF OID : 2B0601040181E438010102011801010202\n" + " - Key Index: 0\n", + "hf seos pacs\n" + "hf seos pacs --ki 1\n" + "hf seos pacs -o 2B0601040181E438010102011801010202 --ki 0\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_str0("o", "oid", "", "<0-100> hex bytes for OID (Default: 2B0601040181E438010102011801010202)"), + arg_int0(NULL, "ki", "", "Specify key index to set key in memory"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + int get_data_len = 4; + uint8_t get_data[] = {0x5c,0x02,0xff,0x00}; + + int oid_len = 0; + uint8_t oid_hex[256] = {0x2B,0x06,0x01,0x04,0x01,0x81,0xE4,0x38,0x01,0x01,0x02,0x01,0x18,0x01,0x01,0x02}; + CLIGetHexWithReturn(ctx, 1, oid_hex, &oid_len); + + int key_index = arg_get_int_def(ctx, 2, 0); + + CLIParserFree(ctx); + + // Fall back to default OID + if (oid_len == 0) { + oid_len = 16; + } + + // convert OID hex to literal string + + char oid_buffer[256] = ""; + for (int i = 0; i < oid_len; i++) { + sprintf(oid_buffer + (i * 2), "%02X", oid_hex[i]); + } + + const char* oid = oid_buffer; + + if (oid_len == 0) { + PrintAndLogEx(ERR, "OID value must be supplied"); + return PM3_ESOFT; + } + + return seos_pacs((char*)oid, oid_len, get_data, get_data_len, key_index); +} + +static int CmdHfSeosADF(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos adf", + "Make a GET DATA request to an Application Data File (ADF) of a SEOS Tag\n" + "The ADF is meant to be read by an application\n" + "You still need the valid authentication keys to read a card\n\n" + "By default:\n" + " - ADF OID : 2B0601040181E438010102011801010202\n" + " - Key Index: 0\n" + " - Tag List : 5c02ff00\n", + "hf seos adf\n" + "hf seos adf -o 2B0601040181E438010102011801010202\n" + "hf seos adf -o 2B0601040181E438010102011801010202 --ki 0\n" + "hf seos adf -o 2B0601040181E438010102011801010202 -c 5c02ff41\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_str0("c", "getdata", "", "<0-100> hex bytes for the tag list to Get Data request (Default: 5c02ff00)"), + arg_str0("o", "oid", "", "<0-100> hex bytes for OID (Default: 2B0601040181E438010102011801010202)"), + arg_int0(NULL, "ki", "", "Specify key index to set key in memory"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + int get_data_len = 0; + uint8_t get_data[256] = {0x5c,0x02,0xff,0x00}; + CLIGetHexWithReturn(ctx, 1, get_data, &get_data_len); + + int oid_len = 0; + uint8_t oid_hex[256] = {0x2B,0x06,0x01,0x04,0x01,0x81,0xE4,0x38,0x01,0x01,0x02,0x01,0x18,0x01,0x01,0x02}; + CLIGetHexWithReturn(ctx, 2, oid_hex, &oid_len); + + int key_index = arg_get_int_def(ctx, 3, 0); + + CLIParserFree(ctx); + + if (get_data_len == 0) { + get_data_len = 4; + } + + // Catching when the OID value is not supplied + if (oid_len == 0) { + oid_len = 16; + } + + // convert OID hex to literal string + char oid_buffer[256] = ""; + for (int i = 0; i < oid_len; i++) { + sprintf(oid_buffer + (i * 2), "%02X", oid_hex[i]); + } + + const char* oid = oid_buffer; + + if (oid_len == 0) { + PrintAndLogEx(ERR, "OID value must be supplied"); + return PM3_ESOFT; + } + + return seos_pacs((char*)oid, oid_len, get_data, get_data_len, key_index); +} + +static int CmdHfSeosManageKeys(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos managekeys", + "Manage SEOS Keys in client memory, keys are required to authenticate with SEOS cards\n", + "hf seos managekeys -p\n" + "hf seos managekeys -p -v\n" + "hf seos managekeys --ki 0 --nonce 0102030405060708 -> Set nonce value at key index 0\n" + "hf seos managekeys --load -f mykeys.bin -p -> load from file and prints keys\n" + "hf seos managekeys --save -f mykeys.bin -> saves keys to file\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_int0(NULL, "ki", "", "Specify key index to set key in memory"), + arg_str0(NULL, "nonce", "", "Nonce value as 8 hex bytes"), + arg_str0(NULL, "privenc", "", "Privacy Encryption key as 16 hex bytes"), + arg_str0(NULL, "privmac", "", "Privacy MAC key as 16 hex bytes"), + arg_str0(NULL, "read", "", "Undiversified Read key as 16 hex bytes"), + arg_str0(NULL, "write", "", "Undiversified Write key as 16 hex bytes"), + arg_str0(NULL, "admin", "", "Undiversified Admin key as 16 hex bytes"), + + arg_str0("f", "file", "", "Specify a filename for load / save operations"), + arg_lit0(NULL, "save", "Save keys in memory to file specified by filename"), + arg_lit0(NULL, "load", "Load keys to memory from file specified by filename"), + + arg_lit0("p", "print", "Print keys loaded into memory"), + arg_lit0("v", "verbose", "verbose (print all key info)"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + uint8_t operation = 0; + + uint8_t nonce[8] = {0}; + uint8_t privenc[16] = {0}; + uint8_t privmac[16] = {0}; + uint8_t read[16] = {0}; + uint8_t write[16] = {0}; + uint8_t admin[16] = {0}; + int nonce_len = 0; + int privenc_len = 0; + int privmac_len = 0; + int read_len = 0; + int write_len = 0; + int admin_len = 0; + + int key_index = arg_get_int_def(ctx, 1, -1); + + CLIGetHexWithReturn(ctx, 2, nonce, &nonce_len); + CLIGetHexWithReturn(ctx, 3, privenc, &privenc_len); + CLIGetHexWithReturn(ctx, 4, privmac, &privmac_len); + CLIGetHexWithReturn(ctx, 5, read, &read_len); + CLIGetHexWithReturn(ctx, 6, write, &write_len); + CLIGetHexWithReturn(ctx, 7, admin, &admin_len); + + CLIParamStrToBuf(arg_get_str(ctx, 8), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + + if (key_index >= 0) { + operation += 3; + if (key_index < 4) { + if (nonce_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for nonce[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].nonce, 8)); + } + if (privenc_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Priv Enc[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privEncKey, 16)); + } + if (privmac_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Priv Mac[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privMacKey, 16)); + } + if (read_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Read Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].readKey, 16)); + } + if (write_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Write Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].writeKey, 16)); + } + if (admin_len != 0) { + PrintAndLogEx(SUCCESS, "Current value for Admin Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].adminKey, 16)); + } + } + else { + PrintAndLogEx(ERR, "Key index is out-of-range"); + CLIParserFree(ctx); + return PM3_EINVARG; + } + } + + if (arg_get_lit(ctx, 9)) { //save + operation += 6; + } + if (arg_get_lit(ctx, 10)) { //load + operation += 5; + } + if (arg_get_lit(ctx, 11)) { //print + operation += 4; + } + + bool verbose = arg_get_lit(ctx, 12); + + CLIParserFree(ctx); + + if (operation == 0) { + PrintAndLogEx(ERR, "No operation specified (load, save, or print)\n"); + return PM3_EINVARG; + } + if (operation > 6) { + PrintAndLogEx(ERR, "Too many operations specified\n"); + return PM3_EINVARG; + } + if (operation > 4 && fnlen == 0) { + PrintAndLogEx(ERR, "You must enter a filename when loading or saving\n"); + return PM3_EINVARG; + } + if (((nonce_len > 0) || (privenc_len > 0) || (privmac_len > 0) || (read_len > 0) || (write_len > 0) || (admin_len > 0)) && key_index == -1) { + PrintAndLogEx(ERR, "Please specify key index when specifying key"); + return PM3_EINVARG; + } + + switch (operation) { + case 3: + if (nonce_len != 0) { + memcpy(keys[key_index].nonce, nonce, 8); + PrintAndLogEx(SUCCESS, "New value for nonce[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].nonce, 8)); + } + if (privenc_len != 0) { + memcpy(keys[key_index].privEncKey, privenc, 16); + PrintAndLogEx(SUCCESS, "New value for Priv Enc[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privEncKey, 16)); + } + if (privmac_len != 0) { + memcpy(keys[key_index].privMacKey, privmac, 16); + PrintAndLogEx(SUCCESS, "New value for Priv Mac[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].privMacKey, 16)); + } + if (read_len != 0) { + memcpy(keys[key_index].readKey, read, 16); + PrintAndLogEx(SUCCESS, "New value for Read Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].readKey, 16)); + } + if (write_len != 0) { + memcpy(keys[key_index].writeKey, write, 16); + PrintAndLogEx(SUCCESS, "New value for Write Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].writeKey, 16)); + } + if (admin_len != 0) { + memcpy(keys[key_index].adminKey, admin, 16); + PrintAndLogEx(SUCCESS, "New value for Admin Key[%d] " _GREEN_("%s"), key_index, sprint_hex_inrow(keys[key_index].adminKey, 16)); + } + return PM3_SUCCESS; + case 4: + return seos_print_keys(verbose); + case 5: + return seos_load_keys(filename); + case 6: { + bool isOK = saveFile(filename, ".bin", keys, sizeof(keys)); + if (isOK == false) { + return PM3_EFILE; + } + return PM3_SUCCESS; + } + } + + return PM3_SUCCESS; +} + static int CmdHfSeosList(const char *Cmd) { return CmdTraceListAlias(Cmd, "hf seos", "seos -c"); } +// get a SIO media type based on the UID +// uid[8] tag uid +// returns description of the best match +static const char *getSioMediaTypeInfo(uint8_t uid) { + + for (int i = 0; i < ARRAYLEN(sioMediaTypeMapping); ++i) { + if (uid == sioMediaTypeMapping[i].uid) { + return sioMediaTypeMapping[i].desc; + } + } + + //No match, return default + return sioMediaTypeMapping[ARRAYLEN(sioMediaTypeMapping) - 1].desc; +} + + +static int CmdHfSeosSAM(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf seos sam", + "Extract PACS via a HID SAM\n", + "hf seos sam\n" + "hd seos sam -d a005a103800104 -> get PACS data\n" + ); + + + + void *argtable[] = { + arg_param_begin, + arg_lit0("v", "verbose", "verbose output"), + arg_lit0("k", "keep", "keep the field active after command executed"), + arg_lit0("n", "nodetect", "skip selecting the card and sending card details to SAM"), + arg_lit0("t", "tlv", "decode TLV"), + arg_strx0("d", "data", "", "DER encoded command to send to SAM"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + bool verbose = false; + if (arg_get_lit(ctx, 1)) { + verbose = true; + } + bool disconnectAfter = true; + if (arg_get_lit(ctx, 2)) { + disconnectAfter = false; + } + bool skipDetect = false; + if (arg_get_lit(ctx, 3)) { + skipDetect = true; + } + bool decodeTLV = false; + if (arg_get_lit(ctx, 4)) { + decodeTLV = true; + } + + uint8_t data[PM3_CMD_DATA_SIZE] = {0}; + int datalen = 0; + CLIGetHexBLessWithReturn(ctx, 5, data, &datalen, 0); + + CLIParserFree(ctx); + + if (IsHIDSamPresent(verbose) == false) { + return PM3_ESOFT; + } + + clearCommandBuffer(); + SendCommandMIX(CMD_HF_SAM_SEOS, disconnectAfter, skipDetect, datalen, data, datalen); + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_HF_SAM_SEOS, &resp, 4000) == false) { + PrintAndLogEx(WARNING, "SAM timeout"); + return PM3_ETIMEOUT; + } + + switch (resp.status) { + case PM3_SUCCESS: + break; + case PM3_ENOPACS: + PrintAndLogEx(SUCCESS, "No PACS data found. Card empty?"); + return resp.status; + default: + PrintAndLogEx(WARNING, "SAM select failed"); + return resp.status; + } + + uint8_t *d = resp.data.asBytes; + // check for standard SamCommandGetContentElement response + // bd 09 + // 8a 07 + // 03 05 <- tag + length + // 06 85 80 6d c0 <- decoded PACS data + if (d[0] == 0xbd && d[2] == 0x8a && d[4] == 0x03) { + uint8_t pacs_length = d[5]; + uint8_t *pacs_data = d + 6; + int res = HIDDumpPACSBits(pacs_data, pacs_length, verbose); + if (res != PM3_SUCCESS) { + return res; + } + // check for standard samCommandGetContentElement2: + // bd 1e + // b3 1c + // a0 1a + // 80 05 + // 06 85 80 6d c0 + // 81 0e + // 2b 06 01 04 01 81 e4 38 01 01 02 04 3c ff + // 82 01 + // 07 + } else if (d[0] == 0xbd && d[2] == 0xb3 && d[4] == 0xa0) { + const uint8_t *pacs = d + 6; + const uint8_t pacs_length = pacs[1]; + const uint8_t *pacs_data = pacs + 2; + int res = HIDDumpPACSBits(pacs_data, pacs_length, verbose); + if (res != PM3_SUCCESS) { + return res; + } + + const uint8_t *oid = pacs + 2 + pacs_length; + const uint8_t oid_length = oid[1]; + const uint8_t *oid_data = oid + 2; + PrintAndLogEx(SUCCESS, "SIO OID.......: " _GREEN_("%s"), sprint_hex_inrow(oid_data, oid_length)); + + const uint8_t *mediaType = oid + 2 + oid_length; + const uint8_t mediaType_data = mediaType[2]; + PrintAndLogEx(SUCCESS, "SIO Media Type: " _GREEN_("%s"), getSioMediaTypeInfo(mediaType_data)); + + } else { + print_hex(d, resp.length); + } + if (decodeTLV) { + asn1_print(d, d[1] + 2, " "); + } + + return PM3_SUCCESS; +} + static command_t CommandTable[] = { - {"help", CmdHelp, AlwaysAvailable, "This help"}, - {"info", CmdHfSeosInfo, IfPm3NfcBarcode, "Tag information"}, - {"list", CmdHfSeosList, AlwaysAvailable, "List SEOS history"}, + {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("General") " -----------------------"}, + {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"list", CmdHfSeosList, AlwaysAvailable, "List SEOS history"}, + {"sam", CmdHfSeosSAM, IfPm3Smartcard, "SAM tests"}, + {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Operations") " -----------------------"}, + {"info", CmdHfSeosInfo, IfPm3NfcBarcode, "Tag information"}, + {"pacs", CmdHfSeosPACS, AlwaysAvailable, "Extract PACS Information from card"}, + {"adf", CmdHfSeosADF, AlwaysAvailable, "Read an ADF from the card"}, + {"gdf", CmdHfSeosGDF, AlwaysAvailable, "Read an GDF from card"}, + {"-----------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Utils") " -----------------------"}, + {"managekeys", CmdHfSeosManageKeys, AlwaysAvailable, "Manage keys to use with SEOS commands"}, {NULL, NULL, NULL, NULL} }; @@ -132,3 +1805,4 @@ int CmdHFSeos(const char *Cmd) { clearCommandBuffer(); return CmdsParse(CommandTable, Cmd); } + diff --git a/client/src/cmdhfseos.h b/client/src/cmdhfseos.h index 32ffb6510..f75e070d5 100644 --- a/client/src/cmdhfseos.h +++ b/client/src/cmdhfseos.h @@ -21,7 +21,14 @@ #include "common.h" +// structure and database for uid -> tagtype lookups +typedef struct { + uint8_t uid; + const char *desc; +} sioMediaTypeName_t; + int infoSeos(bool verbose); int CmdHFSeos(const char *Cmd); - +int seos_kdf(bool encryption, uint8_t *masterKey, uint8_t keyslot, + uint8_t *adfOid, size_t adfoid_len, uint8_t *diversifier, uint8_t diversifier_len, uint8_t *out, int encryption_algorithm, int hash_algorithm); #endif diff --git a/client/src/cmdhfst25ta.c b/client/src/cmdhfst25ta.c index 668d3d00d..7dff65067 100644 --- a/client/src/cmdhfst25ta.c +++ b/client/src/cmdhfst25ta.c @@ -33,6 +33,7 @@ #include "commonutil.h" // get_sw #include "protocols.h" // ISO7816 APDU return codes #include "crypto/libpcrypto.h" // ecdsa +#include "crypto/originality.h" #define TIMEOUT 2000 @@ -148,48 +149,9 @@ static void print_st25ta_system_info(uint8_t *d, uint8_t n) { } static int print_st25ta_signature(uint8_t *uid, uint8_t *signature) { - -#define PUBLIC_ECDA_KEYLEN 33 - // known public keys for the originality check (source: https://github.com/alexbatalov/node-nxp-originality-verifier) - // ref: AN11350 NTAG 21x Originality Signature Validation - // ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation - const ecdsa_publickey_t nxp_mfu_public_keys[] = { - {"NXP MIFARE Classic MFC1C14_x", "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, - {"MIFARE Classic / QL88", "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2"}, - {"NXP ICODE DNA, ICODE SLIX2", "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, - {"NXP Public key", "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC"}, - {"NXP Ultralight Ev1", "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8"}, - {"NXP NTAG21x (2013)", "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61"}, - {"MIKRON Public key", "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2"}, - {"VivoKey Spark1 Public key", "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A"}, - {"TruST25 (ST) key 01?", "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA"}, - {"TruST25 (ST) key 04?", "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC"}, - }; - - for (uint8_t i = 0; i < ARRAYLEN(nxp_mfu_public_keys); i++) { - - int dl = 0; - uint8_t key[PUBLIC_ECDA_KEYLEN] = {0}; - param_gethex_to_eol(nxp_mfu_public_keys[i].value, 0, key, PUBLIC_ECDA_KEYLEN, &dl); - - int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP128R1, key, uid, 7, signature, 32, true); - - if (res == 0) { - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("Tag Signature")); - - - PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), nxp_mfu_public_keys[i].desc); - PrintAndLogEx(INFO, "IC signature public key value: %s", nxp_mfu_public_keys[i].value); - PrintAndLogEx(INFO, " Elliptic curve parameters: NID_secp128r1"); - PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 32)); - PrintAndLogEx(SUCCESS, " Signature verification ( " _GREEN_("successful") " )"); - return PM3_SUCCESS; - } - } - - return PM3_ESOFT; + int index = originality_check_verify_ex(uid, 7, signature, 32, PK_ST25TA, false, true); + PrintAndLogEx(NORMAL, ""); + return originality_check_print(signature, 32, index); } static int st25ta_get_signature(uint8_t *signature) { @@ -221,7 +183,13 @@ static int st25ta_get_signature(uint8_t *signature) { } activate_field = false; } - + if (resplen != 32) { + if ((resplen == 2) && (resp[0] == 0x69) && (resp[1] == 0x82)) { + PrintAndLogEx(WARNING, "GetSignature: Security status not satisfied"); + } + DropField(); + return PM3_ESOFT; + } if (signature) { memcpy(signature, resp, 32); } diff --git a/client/src/cmdlfem410x.c b/client/src/cmdlfem410x.c index ebcd9ee8c..5abbbd4d3 100644 --- a/client/src/cmdlfem410x.c +++ b/client/src/cmdlfem410x.c @@ -449,17 +449,19 @@ static int CmdEM410xSim(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "lf em 410x sim", "Enables simulation of EM 410x card.\n" - "Simulation runs until the button is pressed or another USB command is issued.", + "Simulation runs until the button is pressed or another USB command is issued.\n" + "Most common readers expects the code to be sent in loop without a break (i.e. --gap 0).\n" + "For other, more advanced readers there might be a need to set a non-zero gap value.", "lf em 410x sim --id 0F0368568B\n" "lf em 410x sim --id 0F0368568B --clk 32\n" - "lf em 410x sim --id 0F0368568B --gap 0" + "lf em 410x sim --id 0F0368568B --gap 20" ); void *argtable[] = { arg_param_begin, arg_u64_0(NULL, "clk", "", "<32|64> clock (default 64)"), arg_str1(NULL, "id", "", "EM Tag ID number (5 hex bytes)"), - arg_u64_0(NULL, "gap", "", "gap (0's) between ID repeats (default 20)"), + arg_u64_0(NULL, "gap", "", "gap (0's) between ID repeats (default 0)"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -467,7 +469,7 @@ static int CmdEM410xSim(const char *Cmd) { // clock is 64 in EM410x tags int clk = arg_get_u32_def(ctx, 1, 64); int uid_len = 0; - int gap = arg_get_u32_def(ctx, 3, 20); + int gap = arg_get_u32_def(ctx, 3, 0); uint8_t uid[5] = {0}; CLIGetHexWithReturn(ctx, 2, uid, &uid_len); CLIParserFree(ctx); @@ -732,6 +734,7 @@ static int CmdEM410xClone(const char *Cmd) { packet.cmd = HTSF_82xx; memcpy(packet.pwd, "\xBB\xDD\x33\x99", HITAGS_PAGE_SIZE); + packet.mode = HITAGS_UID_REQ_FADV; SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet)); if (WaitForResponseTimeout(CMD_LF_HITAGS_WRITE, &resp, 4000) == false) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index 0c8956d75..7fac8fa45 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -488,8 +488,23 @@ static int ht2_check_dictionary(uint32_t key_count, uint8_t *keys, uint8_t keyl uint8_t *pkeys = keys; + uint32_t toti = key_count; + uint32_t cnt = 0; + while (key_count--) { + cnt++; + + if (kbd_enter_pressed()) { + SendCommandNG(CMD_BREAK_LOOP, NULL, 0); + PrintAndLogEx(INFO, "User aborted"); + break; + } + + PrintAndLogEx(INPLACE, "Checking Keys %u / %u", cnt, toti); + + msleep(30); + if (keylen == 4) { packet.cmd = HT2F_PASSWORD; memcpy(packet.pwd, pkeys, keylen); @@ -503,7 +518,7 @@ static int ht2_check_dictionary(uint32_t key_count, uint8_t *keys, uint8_t keyl clearCommandBuffer(); SendCommandNG(CMD_LF_HITAG_READER, (uint8_t *)&packet, sizeof(packet)); PacketResponseNG resp; - if (WaitForResponseTimeout(CMD_LF_HITAG_READER, &resp, 2000) == false) { + if (WaitForResponseTimeout(CMD_LF_HITAG_READER, &resp, 4000) == false) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); SendCommandNG(CMD_BREAK_LOOP, NULL, 0); return PM3_ETIMEOUT; diff --git a/client/src/cmdlfhitaghts.c b/client/src/cmdlfhitaghts.c index d1af178dd..e14c870ad 100644 --- a/client/src/cmdlfhitaghts.c +++ b/client/src/cmdlfhitaghts.c @@ -358,6 +358,9 @@ static int CmdLFHitagSRead(const char *Cmd) { // access right if (page_addr == HITAGS_UID_PADR) { PrintAndLogEx(NORMAL, _RED_("RO ")NOLF); + \ + } else if (packet.cmd == HTSF_82xx && page_addr > 40) { // using an 82xx (pages>40 are RO) + PrintAndLogEx(NORMAL, _RED_("RO ")NOLF); } else if (page_addr == HITAGS_CONFIG_PADR) { if (card->config_page.s.LCON) PrintAndLogEx(NORMAL, _YELLOW_("OTP ")NOLF); @@ -444,6 +447,316 @@ static int CmdLFHitagSRead(const char *Cmd) { return PM3_SUCCESS; } +static int CmdLFHitagSDump(const char *Cmd) { + + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf hitag hts dump", + "Read all Hitag S memory and save to file\n" + " Crypto mode: \n" + " - key format ISK high + ISK low\n" + " - default key 4F4E4D494B52 (ONMIKR)\n\n" + " 8268/8310 password mode: \n" + " - default password BBDD3399\n", + "lf hitag hts dump --82xx -> use def pwd\n" + "lf hitag hts dump --82xx -k BBDD3399 -> pwd mode\n" + "lf hitag hts dump --crypto -> use def crypto\n" + "lf hitag hts dump -k 4F4E4D494B52 -> crypto mode\n" + "lf hitag hts dump --nrar 0102030411223344\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_lit0("8", "82xx", "8268/8310 mode"), + arg_str0(NULL, "nrar", "", "nonce / answer writer, 8 hex bytes"), + arg_lit0(NULL, "crypto", "crypto mode"), + arg_str0("k", "key", "", "pwd or key, 4 or 6 hex bytes"), + arg_int0("m", "mode", "", "response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)"), + arg_str0("f", "file", "", "specify file name"), + arg_lit0(NULL, "ns", "no save to file"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + lf_hitag_data_t packet; + memset(&packet, 0, sizeof(packet)); + + if (process_hitags_common_args(ctx, &packet) < 0) { + CLIParserFree(ctx); + return PM3_EINVARG; + } + + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + + bool nosave = arg_get_lit(ctx, 7); + CLIParserFree(ctx); + + // read all pages + packet.page = 0; + packet.page_count = 0; + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAGS_READ, (uint8_t *) &packet, sizeof(packet)); + + PacketResponseNG resp; + if (WaitForResponseTimeout(CMD_LF_HITAGS_READ, &resp, 5000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + print_error(resp.reason); + return PM3_ESOFT; + } + + lf_hts_read_response_t *card = (lf_hts_read_response_t *)resp.data.asBytes; + + const int hts_mem_sizes[] = {1, 8, 64, 64}; + int mem_size = hts_mem_sizes[card->config_page.s.MEMT] * HITAGS_PAGE_SIZE; + + hitags_config_t config = card->config_page.s; + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); + hitags_config_print(config); + + if (nosave) { + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "Called with no save option"); + PrintAndLogEx(NORMAL, ""); + return PM3_SUCCESS; + } + + if (fnlen < 1) { + char *fptr = filename; + fptr += snprintf(filename, sizeof(filename), "lf-hitags-"); + FillFileNameByUID(fptr, card->pages[HITAGS_UID_PADR], "-dump", HITAGS_PAGE_SIZE); + } + + pm3_save_dump(filename, (uint8_t *)card->pages, mem_size, jsfHitag); + + return PM3_SUCCESS; +} + +static int CmdLFHitagSRestore(const char *Cmd) { + + CLIParserContext *ctx; + CLIParserInit(&ctx, "lf hitag hts restore", + "Restore a dump file onto Hitag S tag\n" + " Crypto mode: \n" + " - key format ISK high + ISK low\n" + " - default key 4F4E4D494B52 (ONMIKR)\n\n" + " 8268/8310 password mode: \n" + " - default password BBDD3399\n", + "lf hitag hts restore -f myfile --82xx -> use def pwd\n" + "lf hitag hts restore -f myfile --82xx -k BBDD3399 -> pwd mode\n" + "lf hitag hts restore -f myfile --crypto -> use def crypto\n" + "lf hitag hts restore -f myfile -k 4F4E4D494B52 -> crypto mode\n" + "lf hitag hts restore -f myfile --nrar 0102030411223344\n" + ); + + void *argtable[] = { + arg_param_begin, + arg_lit0("8", "82xx", "8268/8310 mode"), + arg_str0(NULL, "nrar", "", "nonce / answer writer, 8 hex bytes"), + arg_lit0(NULL, "crypto", "crypto mode"), + arg_str0("k", "key", "", "pwd or key, 4 or 6 hex bytes"), + arg_int0("m", "mode", "", "response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)"), + arg_str0("f", "file", "", "specify file name"), + arg_param_end + }; + + CLIExecWithReturn(ctx, Cmd, argtable, false); + + lf_hitag_data_t packet; + memset(&packet, 0, sizeof(packet)); + + if (process_hitags_common_args(ctx, &packet) < 0) { + CLIParserFree(ctx); + return PM3_EINVARG; + } + + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 6), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + + if (fnlen == 0) { + PrintAndLogEx(ERR, "Must specify a file"); + return PM3_EINVARG; + } + + // read dump file + uint32_t *dump = NULL; + size_t bytes_read = 0; + if (pm3_load_dump(filename, (void **)&dump, &bytes_read, jsfHitag) != PM3_SUCCESS) { + return PM3_EFILE; + } + + // read config to determine memory size and other stuff + packet.page = HITAGS_CONFIG_PADR; + packet.page_count = 1; + + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAGS_READ, (uint8_t *)&packet, sizeof(packet)); + + PacketResponseNG resp; + + if (WaitForResponseTimeout(CMD_LF_HITAGS_READ, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + free(dump); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + print_error(resp.reason); + free(dump); + return PM3_ESOFT; + } + + lf_hts_read_response_t *config = (lf_hts_read_response_t *)resp.data.asBytes; + hitags_config_t tag_config = config->config_page.s; + + const int hts_mem_sizes[] = {1, 8, 64, 64}; + int mem_size = hts_mem_sizes[tag_config.MEMT] * HITAGS_PAGE_SIZE; + + if (bytes_read != mem_size) { + free(dump); + PrintAndLogEx(FAILED, "Wrong length of dump file. Expected %d bytes, got %zu", mem_size, bytes_read); + return PM3_EFILE; + } + + uint8_t *dump_bytes = (uint8_t *)dump; + bool auth_changed = false; + + for (int page = packet.page_count + 1; page < hts_mem_sizes[tag_config.MEMT]; page++) { // skip config page + + if (packet.cmd == HTSF_82xx && page > 40) { + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(WARNING, "Using " _YELLOW_("82xx") ", Pages " _YELLOW_("41-63") " will be skipped"); + PrintAndLogEx(NORMAL, ""); + break; + } + + size_t offset = page * HITAGS_PAGE_SIZE; + + packet.page = page; + memcpy(packet.data, &dump_bytes[offset], HITAGS_PAGE_SIZE); + + PrintAndLogEx(INPLACE, " Writing page "_YELLOW_("%d")", data: " _GREEN_("%02X %02X %02X %02X"), page, + dump_bytes[offset], + dump_bytes[offset + 1], + dump_bytes[offset + 2], + dump_bytes[offset + 3]); + + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet)); + + if (WaitForResponseTimeout(CMD_LF_HITAGS_WRITE, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + free(dump); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(FAILED, "Write failed for page %d", page); + print_error(resp.reason); + free(dump); + return PM3_ESOFT; + } + + switch (page) { + case 2: // auth first page + if (packet.cmd == HTSF_82xx) { + if (memcmp(packet.pwd, &dump_bytes[offset], HITAGS_PAGE_SIZE) == 0) { + break; + } + auth_changed = true; + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(WARNING, "Password Changed! Old: " _BACK_BLUE_("%02X %02X %02X %02X") ", New: "_BACK_BLUE_("%02X %02X %02X %02X"), + packet.pwd[0], packet.pwd[1], packet.pwd[2], packet.pwd[3], + dump_bytes[offset], dump_bytes[offset + 1], + dump_bytes[offset + 2], dump_bytes[offset + 3]); + + + memcpy(packet.pwd, &dump_bytes[offset], HITAG_PASSWORD_SIZE); + + + PrintAndLogEx(SUCCESS, "Using new password for subsequent writes"); + } + break; + case 3: // crypto mode + if (packet.cmd == HTSF_KEY) { + + if (memcmp(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAG_CRYPTOKEY_SIZE) == 0) { + break; + } + auth_changed = true; + + memcpy(packet.key, &dump_bytes[offset - HITAGS_PAGE_SIZE], HITAG_CRYPTOKEY_SIZE); + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(WARNING, "New key detected: " _BACK_BLUE_("%02X %02X %02X %02X %02X %02X"), + packet.key[0], packet.key[1], packet.key[2], + packet.key[3], packet.key[4], packet.key[5]); + + PrintAndLogEx(SUCCESS, "Using new key for subsequent writes"); + } + break; + } + } + + // restore config page at end + size_t config_offset = HITAGS_PAGE_SIZE * 1; // page 1 + packet.page = HITAGS_CONFIG_PADR; + memcpy(packet.data, &dump_bytes[HITAGS_PAGE_SIZE], HITAGS_PAGE_SIZE); + + + PrintAndLogEx(SUCCESS, "Applying "_YELLOW_("restored config: ") _GREEN_("%02X %02X %02X %02X"), + dump_bytes[config_offset], + dump_bytes[config_offset + 1], + dump_bytes[config_offset + 2], + dump_bytes[config_offset + 3]); + + + clearCommandBuffer(); + SendCommandNG(CMD_LF_HITAGS_WRITE, (uint8_t *)&packet, sizeof(packet)); + + if (WaitForResponseTimeout(CMD_LF_HITAGS_WRITE, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "timeout while waiting for reply."); + free(dump); + return PM3_ETIMEOUT; + } + + if (resp.status != PM3_SUCCESS) { + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(FAILED, "Failed to apply config"); + print_error(resp.reason); + free(dump); + return PM3_ESOFT; + } + + PrintAndLogEx(INFO, "Write process completed"); + + if (auth_changed) { + if (packet.cmd == HTSF_82xx) { + PrintAndLogEx(SUCCESS, "New Password: " _BACK_BLUE_("%02X %02X %02X %02X"), + packet.pwd[0], packet.pwd[1], packet.pwd[2], packet.pwd[3]); + } else if (packet.cmd == HTSF_KEY) { + PrintAndLogEx(SUCCESS, "New Key: " _BACK_BLUE_("%02X %02X %02X %02X %02X %02X"), + packet.key[0], packet.key[1], packet.key[2], + packet.key[3], packet.key[4], packet.key[5]); + } + } + + return PM3_SUCCESS; +} + static int CmdLFHitagSWrite(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "lf hitag hts wrbl", @@ -454,6 +767,7 @@ static int CmdLFHitagSWrite(const char *Cmd) { " 8268/8310 password mode: \n" " - default password BBDD3399\n", " lf hitag hts wrbl -p 6 -d 01020304 -> Hitag S/8211, plain mode\n" + " lf hitag hts wrbl -p 6 -d 01020304 --82xx -> use def pwd\n" " lf hitag hts wrbl -p 6 -d 01020304 --82xx -k BBDD3399 -> 8268/8310, password mode\n" " lf hitag hts wrbl -p 6 -d 01020304 --nrar 0102030411223344 -> Hitag S, challenge mode\n" " lf hitag hts wrbl -p 6 -d 01020304 --crypto -> Hitag S, crypto mode, default key\n" @@ -615,6 +929,8 @@ static command_t CommandTable[] = { {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("General") " ------------------------"}, {"reader", CmdLFHitagSReader, IfPm3Hitag, "Act like a Hitag S reader"}, {"rdbl", CmdLFHitagSRead, IfPm3Hitag, "Read Hitag S page"}, + {"dump", CmdLFHitagSDump, IfPm3Hitag, "Dump Hitag S pages to a file"}, + {"restore", CmdLFHitagSRestore, IfPm3Hitag, "Restore Hitag S memory from dump file"}, {"wrbl", CmdLFHitagSWrite, IfPm3Hitag, "Write Hitag S page"}, {"-----------", CmdHelp, IfPm3Hitag, "----------------------- " _CYAN_("Simulation") " -----------------------"}, {"sim", CmdLFHitagSSim, IfPm3Hitag, "Simulate Hitag S transponder"}, diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 48c2fa7a7..4f5f6c3ca 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -4266,7 +4266,7 @@ static int CmdT55xxProtect(const char *Cmd) { return PM3_SUCCESS; } -// if the difference between a and b is less then or eq to d i.e. does a = b +/- d +// if the difference between a and b is less than or eq to d i.e. does a = b +/- d #define APPROX_EQ(a, b, d) ((abs(a - b) <= d) ? true : false) static uint8_t t55sniff_get_packet(const int *pulseBuffer, char *data, uint8_t width0, uint8_t width1, uint8_t tolerance) { diff --git a/client/src/cmdtrace.c b/client/src/cmdtrace.c index 8e19c3bb5..c91f6a31b 100644 --- a/client/src/cmdtrace.c +++ b/client/src/cmdtrace.c @@ -146,7 +146,7 @@ static uint16_t extractChallenges(uint16_t tracepos, uint16_t traceLen, uint8_t uint16_t data_len = hdr->data_len; uint8_t *frame = hdr->frame; - // sanity check tracking position is less then available trace size + // sanity check tracking position is less than available trace size if (tracepos + TRACELOG_HDR_LEN + data_len + TRACELOG_PARITY_LEN(hdr) > traceLen) { PrintAndLogEx(DEBUG, "trace pos offset %"PRIu64 " larger than reported tracelen %u", tracepos + TRACELOG_HDR_LEN + data_len + TRACELOG_PARITY_LEN(hdr), @@ -779,6 +779,7 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr switch (protocol) { case ISO_14443A: case ISO_7816_4: + case PROTO_FMCOS20: annotateIso14443a(explanation, sizeof(explanation), frame, data_len, hdr->isResponse); break; case PROTO_MIFARE: @@ -836,6 +837,9 @@ static uint16_t printTraceLine(uint16_t tracepos, uint16_t traceLen, uint8_t *tr case SEOS: annotateSeos(explanation, sizeof(explanation), frame, data_len); break; + case PROTO_FMCOS20: + annotateFMCOS20(explanation, sizeof(explanation), frame, data_len); + break; default: break; } @@ -1310,6 +1314,7 @@ int CmdTraceList(const char *Cmd) { "trace list -t thinfilm -> interpret as " _YELLOW_("Thinfilm") "\n" "trace list -t topaz -> interpret as " _YELLOW_("Topaz") "\n" "trace list -t mfp -> interpret as " _YELLOW_("MIFARE Plus") "\n" + "trace list -t fmcos20 -> interpret as " _YELLOW_("FMCOS 2.0") "\n" "\n" "trace list -t mf -f mfc_default_keys.dic -> use default dictionary file\n" "trace list -t 14a --frame -> show frame delay times\n" @@ -1377,6 +1382,7 @@ int CmdTraceList(const char *Cmd) { else if (strcmp(type, "thinfilm") == 0) protocol = THINFILM; else if (strcmp(type, "topaz") == 0) protocol = TOPAZ; else if (strcmp(type, "mfp") == 0) protocol = PROTO_MFPLUS; + else if (strcmp(type, "fmcos20") == 0) protocol = PROTO_FMCOS20; else if (strcmp(type, "") == 0) protocol = -1; else { PrintAndLogEx(FAILED, "Unknown protocol \"%s\"", type); @@ -1460,6 +1466,10 @@ int CmdTraceList(const char *Cmd) { PrintAndLogEx(INFO, _YELLOW_("Hitag 1 / Hitag 2 / Hitag S") " - Timings in ETU (8us)"); } + if (protocol == PROTO_FMCOS20) { + PrintAndLogEx(INFO, _YELLOW_("FMCOS 2.0 / CPU Card") " - Timings n/a"); + } + if (protocol == FELICA) { if (use_us) PrintAndLogEx(INFO, _YELLOW_("ISO18092 / FeliCa") " - all times are in microseconds"); diff --git a/client/src/crypto/originality.c b/client/src/crypto/originality.c new file mode 100644 index 000000000..66dc3efb0 --- /dev/null +++ b/client/src/crypto/originality.c @@ -0,0 +1,218 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// originality checks with known pk +//----------------------------------------------------------------------------- + +#include "originality.h" +#include // memcpy +#include "ui.h" + +// See tools/recover_pk.py to recover Pk from UIDs and signatures +const ecdsa_publickey_ng_t manufacturer_public_keys[] = { + { + PK_MFC, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP MIFARE Classic MFC1C14_x", + "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF" + }, + { + PK_MFC, MBEDTLS_ECP_DP_SECP128R1, 33, "MIFARE Classic / QL88", + "046F70AC557F5461CE5052C8E4A7838C11C7A236797E8A0730A101837C004039C2" + }, + + // ref: TagInfo + // NTAG 210/212 ? not present in recover_pk + { + PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP Public key", + "04A748B6A632FBEE2C0897702B33BEA1C074998E17B84ACA04FF267E5D2C91F6DC" + }, + // ref: AN11341 MIFARE Ultralight EV1 Originality Signature Validation + { + PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP Ultralight EV1", + "0490933BDCD6E99B4E255E3DA55389A827564E11718E017292FAF23226A96614B8" + }, + // ref: AN11350 NTAG 21x Originality Signature Validation + { + PK_MFUL, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP NTAG21x (2013)", + "04494E1A386D3D3CFE3DC10E5DE68A499B1C202DB5B132393E89ED19FE5BE8BC61" + }, + + // ref: AN13452 MIFARE Ultralight AES features and hints + { + PK_MFULAES, MBEDTLS_ECP_DP_SECP192R1, 49, "NXP Ultralight AES", + "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86" + }, + // ref: TagInfo + { + PK_MFULAES, MBEDTLS_ECP_DP_SECP192R1, 49, "NXP Ultralight AES (alt key)", + "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74" + }, + + { + PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus EV1", + "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E" + }, + // not present in recover_pk + { + PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus EV2", + "04BB49AE4447E6B1B6D21C098C1538B594A11A4A1DBF3D5E673DEACDEB3CC512D1C08AFA1A2768CE20A200BACD2DC7804CD7523A0131ABF607" + }, + { + PK_MFP, MBEDTLS_ECP_DP_SECP224R1, 57, "MIFARE Plus Troika", + "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF" + }, + + // ref: AN12343 MIFARE DESFire Light Features and Hints + // not present in recover_pk + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire Light", + "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D" + }, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG413DNA, DESFire EV1", + "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD" + }, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, NTAG424DNATT, DESFire EV2, DESFire Light EV2", + "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A" + }, + // ref: AN12196 NTAG 424 DNA and NTAG 424 DNA TagTamper features and hints + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "NTAG424DNA, DESFire EV2, DESFire Light", + "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410" + }, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV2 XL", + "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC" + }, + { + PK_MFDES, MBEDTLS_ECP_DP_SECP224R1, 57, "DESFire EV3", + "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743" + }, + + // ref: AN5101 TruST25 digital signature for ST25TA512B, ST25TA02KB, ST25TA02KB-D and ST25TA02KB-P devices + { + PK_ST25TA, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TA TruST25 (ST) key 01?", + "041D92163650161A2548D33881C235D0FB2315C2C31A442F23C87ACF14497C0CBA" + }, + // ref: AN5660 TruST25 digital signature for ST25TN512 and ST25TN01K devices + { + PK_ST25TN, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TN TruST25 (ST) KeyID 05", + "0440004F974F7C76BC8718E523D85FA7B354A9A992BFA966CB8219242F9D274FD6" + }, + // ref: AN5104 TruST25 digital signature for ST25TV512 and ST25TV02K devices ? + // ref: AN5149 TruST25 digital signature for ST25DV02K-W1, ST25DV02K-W2 devices ? + // ref: AN5580 TruST25 digital signature for ST25TV512C and ST25TV02KC devices + { + PK_ST25TV, MBEDTLS_ECP_DP_SECP128R1, 33, "ST25TV TruST25 (ST) KeyID 04", + "04101E188A8B4CDDBC62D5BC3E0E6850F0C2730E744B79765A0E079907FBDB01BC" + }, + + { + PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "NXP ICODE DNA, ICODE SLIX2", + "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0" + }, + { + PK_15, MBEDTLS_ECP_DP_SECP128R1, 33, "VivoKey Spark1 Public key", + "04D64BB732C0D214E7EC580736ACF847284B502C25C0F7F2FA86AACE1DADA4387A" + }, + +// FIXME: what type(s) of card exactly? MFC? MFUL? not present in recover_pk + { + PK_MIK, MBEDTLS_ECP_DP_SECP128R1, 33, "MIKRON Public key", + "04F971EDA742A4A80D32DCF6A814A707CC3DC396D35902F72929FDCD698B3468F2" + }, +}; + + +// return pk if match index else -1 +int originality_check_verify(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type) { + return originality_check_verify_ex(data, data_len, signature, signature_len, type, false, false); +} + +int originality_check_verify_ex(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type, bool reverse, bool hash) { + // test if signature is null + bool is_zero = true; + for (uint8_t i = 0; i < signature_len; i++) { + if (signature[i] != 0) { + is_zero = false; + } + } + if (is_zero) { + return -1; + } + + uint8_t tmp_data[data_len]; + uint8_t tmp_signature[signature_len]; + if (reverse) { + reverse_array_copy(data, data_len, tmp_data); + reverse_array_copy(signature, signature_len, tmp_signature); + } else { + memcpy(tmp_data, data, data_len); + memcpy(tmp_signature, signature, signature_len); + } + + for (uint8_t i = 0; i < ARRAYLEN(manufacturer_public_keys); i++) { + if ((type != PK_ALL) && (type != manufacturer_public_keys[i].type)) + continue; + int dl = 0; + uint8_t key[manufacturer_public_keys[i].keylen]; + param_gethex_to_eol(manufacturer_public_keys[i].value, 0, key, manufacturer_public_keys[i].keylen, &dl); + if (ecdsa_signature_r_s_verify(manufacturer_public_keys[i].grp_id, key, tmp_data, data_len, tmp_signature, signature_len, hash) == 0) + return i; + } + return -1; +} + +int originality_check_print(uint8_t *signature, int signature_len, int index) { + if ((index < 0) || (index >= ARRAYLEN(manufacturer_public_keys))) { + PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); + if (signature_len > 16) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); + } + if (signature_len > 32) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); + } + if (signature_len > 48) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); + } + PrintAndLogEx(SUCCESS, " Signature verification: " _RED_("failed")); + return PM3_ESOFT; + } + + PrintAndLogEx(INFO, " IC signature public key name: " _GREEN_("%s"), manufacturer_public_keys[index].desc); + PrintAndLogEx(INFO, "IC signature public key value: %.32s", manufacturer_public_keys[index].value); + if (manufacturer_public_keys[index].keylen > 16) { + PrintAndLogEx(INFO, " : %.32s", manufacturer_public_keys[index].value + 32); + } + if (manufacturer_public_keys[index].keylen > 32) { + PrintAndLogEx(INFO, " : %.32s", manufacturer_public_keys[index].value + 64); + } + if (manufacturer_public_keys[index].keylen > 48) { + PrintAndLogEx(INFO, " : %.32s", manufacturer_public_keys[index].value + 96); + } + PrintAndLogEx(INFO, " Elliptic curve parameters: %s", mbedtls_ecp_curve_info_from_grp_id(manufacturer_public_keys[index].grp_id)->name); + PrintAndLogEx(INFO, " TAG IC Signature: %s", sprint_hex_inrow(signature, 16)); + if (signature_len > 16) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 16, 16)); + } + if (signature_len > 32) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 32, 16)); + } + if (signature_len > 48) { + PrintAndLogEx(INFO, " : %s", sprint_hex_inrow(signature + 48, signature_len - 48)); + } + PrintAndLogEx(SUCCESS, " Signature verification: " _GREEN_("successful")); + return PM3_SUCCESS; +} diff --git a/client/src/crypto/originality.h b/client/src/crypto/originality.h new file mode 100644 index 000000000..c6aab57fb --- /dev/null +++ b/client/src/crypto/originality.h @@ -0,0 +1,42 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// originality checks with known pk +//----------------------------------------------------------------------------- + +#ifndef ORIGINALITY_H +#define ORIGINALITY_H + +#include "common.h" +#include "commonutil.h" +#include "libpcrypto.h" +#include +#include + +typedef enum {PK_MFC, PK_MFUL, PK_MFULAES, PK_MFP, PK_MFDES, PK_ST25TA, PK_ST25TN, PK_ST25TV, PK_15, PK_MIK, PK_ALL} pk_type_t; + +typedef struct { + const pk_type_t type; + const mbedtls_ecp_group_id grp_id; + const uint8_t keylen; + const char *desc; + const char *value; +} ecdsa_publickey_ng_t; + +int originality_check_verify(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type); +int originality_check_verify_ex(uint8_t *data, uint8_t data_len, uint8_t *signature, uint8_t signature_len, pk_type_t type, bool reverse, bool hash); +int originality_check_print(uint8_t *signature, int signature_len, int index); + +#endif /* originality.h */ diff --git a/client/src/mifare/desfirecore.c b/client/src/mifare/desfirecore.c index 7bf692184..ac44508f2 100644 --- a/client/src/mifare/desfirecore.c +++ b/client/src/mifare/desfirecore.c @@ -1222,14 +1222,17 @@ static int DesfireAuthenticateEV1(DesfireContext_t *dctx, DesfireSecureChannel s // - Encrypt our response if (secureChannel == DACd40) { + // Original DESFire (MF3ICD40) silicon can only do encryption operations, so all PCD + // side operations must be decrypt, even when encrypting when doing D40 compatible + // secure channel operations memset(IV, 0, DESFIRE_MAX_CRYPTO_BLOCK_SIZE); - DesfireCryptoEncDecEx(dctx, DCOMainKey, RndA, rndlen, encRndA, true, true, IV); + DesfireCryptoEncDecEx(dctx, DCOMainKey, RndA, rndlen, encRndA, true, false, IV); memcpy(both, encRndA, rndlen); bin_xor(rotRndB, encRndA, rndlen); memset(IV, 0, DESFIRE_MAX_CRYPTO_BLOCK_SIZE); - DesfireCryptoEncDecEx(dctx, DCOMainKey, rotRndB, rndlen, encRndB, true, true, IV); + DesfireCryptoEncDecEx(dctx, DCOMainKey, rotRndB, rndlen, encRndB, true, false, IV); memcpy(both + rndlen, encRndB, rndlen); } else if (secureChannel == DACEV1) { diff --git a/client/src/mifare/desfiresecurechan.c b/client/src/mifare/desfiresecurechan.c index d35833b4d..85e2d7d94 100644 --- a/client/src/mifare/desfiresecurechan.c +++ b/client/src/mifare/desfiresecurechan.c @@ -313,6 +313,10 @@ static void DesfireSecureChannelEncodeD40(DesfireContext_t *ctx, uint8_t cmd, ui size_t srcmaclen = padded_data_length(srcdatalen - hdrlen, desfire_get_key_block_length(ctx->keyType)); uint8_t mac[32] = {0}; + PrintAndLogEx(DEBUG, "MACing"); + // Even though original DESFire (MF3ICD40) silicon can only encrypt which means normally + // every PCD operation must be decrypt, verifying a MAC involves the same operation on both + // sides so this is still encrypt here DesfireCryptoEncDecEx(ctx, DCOSessionKeyMac, data, srcmaclen, NULL, true, true, mac); if (DesfireEV1D40TransmitMAC(ctx, cmd)) { @@ -889,4 +893,3 @@ bool PrintChannelModeWarning(uint8_t cmd, DesfireSecureChannel secureChannel, De return found; } - diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 7048173b4..95eeda115 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -273,7 +273,9 @@ int mf_check_keys_fast_ex(uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastCh // max timeout for one chunk of 85keys, 60*3sec = 180seconds // s70 with 40*2 keys to check, 80*85 = 6800 auth. // takes about 97s, still some margin before abort - if (timeout > 180) { + // timeout = 180 => ~360s @ Mifare Classic 1k @ ~2300 keys in dict + // ~2300 keys @ Mifare Classic 1k => ~620s + if (timeout > 60 * 12) { PrintAndLogEx(WARNING, "\nNo response from Proxmark3. Aborting..."); return PM3_ETIMEOUT; } @@ -1142,7 +1144,7 @@ int mf_chinese_set_uid(uint8_t *uid, uint8_t uidlen, const uint8_t *atqa, const res = mf_chinese_set_block(0, block0, NULL, params); if (res == PM3_SUCCESS) { - params = MAGIC_SINGLE | MAGIC_WUPC; + params = MAGIC_SINGLE | (gdm ? MAGIC_GDM_ALT_WUPC : MAGIC_WUPC); memset(block0, 0, sizeof(block0)); res = mf_chinese_get_block(0, block0, params); if (res == 0) { @@ -1612,6 +1614,10 @@ uint16_t detect_mf_magic(bool is_mfc, uint8_t key_type, uint64_t key) { PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Gen 4 GDM / USCUID") " ( Gen1 Magic Wakeup )"); } + if ((isMagic & MAGIC_FLAG_GDM_WUP_40_ZUID) == MAGIC_FLAG_GDM_WUP_40_ZUID) { + PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Gen 4 GDM / USCUID") " ( ZUID Gen1 Magic Wakeup )"); + } + if ((isMagic & MAGIC_FLAG_GEN_UNFUSED) == MAGIC_FLAG_GEN_UNFUSED) { PrintAndLogEx(SUCCESS, "Magic capabilities... " _GREEN_("Write Once / FUID")); } diff --git a/client/src/pm3line_vocabulary.h b/client/src/pm3line_vocabulary.h index bd7fdbc45..f4155935e 100644 --- a/client/src/pm3line_vocabulary.h +++ b/client/src/pm3line_vocabulary.h @@ -279,6 +279,7 @@ const static vocabulary_t vocabulary[] = { { 1, "hf iclass view" }, { 0, "hf iclass wrbl" }, { 0, "hf iclass creditepurse" }, + { 0, "hf iclass trbl" }, { 0, "hf iclass chk" }, { 1, "hf iclass loclass" }, { 1, "hf iclass lookup" }, @@ -428,6 +429,7 @@ const static vocabulary_t vocabulary[] = { { 0, "hf mfu cauth" }, { 0, "hf mfu setpwd" }, { 0, "hf mfu dump" }, + { 0, "hf mfu incr" }, { 0, "hf mfu info" }, { 0, "hf mfu ndefread" }, { 0, "hf mfu rdbl" }, @@ -677,6 +679,8 @@ const static vocabulary_t vocabulary[] = { { 1, "lf hitag hts list" }, { 0, "lf hitag hts reader" }, { 0, "lf hitag hts rdbl" }, + { 0, "lf hitag hts dump" }, + { 0, "lf hitag hts restore" }, { 0, "lf hitag hts wrbl" }, { 0, "lf hitag hts sim" }, { 1, "lf idteck help" }, diff --git a/client/src/scripting.c b/client/src/scripting.c index 0657ae8d6..4f7705eb3 100644 --- a/client/src/scripting.c +++ b/client/src/scripting.c @@ -283,7 +283,7 @@ static int l_GetFromFlashMemSpiffs(lua_State *L) { return returnToLuaWithError(L, "No FLASH MEM support"); } - uint32_t start_index = 0, len = 0x40000; //FLASH_MEM_MAX_SIZE + uint32_t start_index = 0, len = 0x40000; // 256KB FLASH_MEM_MAX_SIZE as default value char destfilename[32] = {0}; size_t size; diff --git a/client/src/ui.c b/client/src/ui.c index 09730d8d3..68cc71a43 100644 --- a/client/src/ui.c +++ b/client/src/ui.c @@ -696,14 +696,18 @@ void print_progress(uint64_t count, uint64_t max, barMode_t style) { max = (count > max) ? count : max; #if defined(HAVE_READLINE) static int prev_cols = 0; - int rows; - rl_reset_screen_size(); // refresh Readline idea of the actual screen width - rl_get_screen_size(&rows, &cols); + int tmp_cols; + rl_get_screen_size(NULL, &tmp_cols); + // if cols==0: impossible to get screen size, e.g. when scripted + if (tmp_cols != 0) { + // don't call it if cols==0, it would segfault + rl_reset_screen_size(); // refresh Readline idea of the actual screen width + rl_get_screen_size(NULL, &cols); - if (cols < 36) - return; + if (cols < 36) + return; + } - (void) rows; if (prev_cols > cols) { PrintAndLogEx(NORMAL, _CLEAR_ _TOP_ ""); } diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index bf08e0908..e3e146153 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -1663,3 +1663,75 @@ void HIDUnpack(int idx, wiegand_message_t *packed) { hid_print_card(&card, FormatTable[idx]); } } + +int HIDDumpPACSBits(const uint8_t *const data, const uint8_t length, bool verbose) { + uint8_t n = length - 1; + uint8_t pad = data[0]; + char *binstr = (char *)calloc((length * 8) + 1, sizeof(uint8_t)); + if (binstr == NULL) { + return PM3_EMALLOC; + } + + bytes_2_binstr(binstr, data + 1, n); + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(data, length)); + PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); + + binstr[strlen(binstr) - pad] = '\0'; + PrintAndLogEx(SUCCESS, "bin.......... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); + + size_t hexlen = 0; + uint8_t hex[16] = {0}; + binstr_2_bytes(hex, &hexlen, binstr); + PrintAndLogEx(SUCCESS, "hex.......... " _GREEN_("%s"), sprint_hex_inrow(hex, hexlen)); + + uint32_t top = 0, mid = 0, bot = 0; + if (binstring_to_u96(&top, &mid, &bot, binstr) != strlen(binstr)) { + PrintAndLogEx(ERR, "Binary string contains none <0|1> chars"); + free(binstr); + return PM3_EINVARG; + } + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "Wiegand decode"); + wiegand_message_t packed = initialize_message_object(top, mid, bot, strlen(binstr)); + HIDTryUnpack(&packed); + + PrintAndLogEx(NORMAL, ""); + + if (strlen(binstr) >= 26 && verbose) { + + // iCLASS Legacy + PrintAndLogEx(INFO, "Clone to " _YELLOW_("iCLASS Legacy")); + PrintAndLogEx(SUCCESS, " hf iclass encode --ki 0 --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + + // HID Prox II + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("HID Prox II")); + PrintAndLogEx(SUCCESS, " lf hid clone -w H10301 --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + + // MIFARE Classic + char mfcbin[28] = {0}; + mfcbin[0] = '1'; + memcpy(mfcbin + 1, binstr, strlen(binstr)); + binstr_2_bytes(hex, &hexlen, mfcbin); + + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic") " (Pm3 simulation)"); + PrintAndLogEx(SUCCESS, " hf mf eclr;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 0 -d 049DBA42A23E80884400C82000000000;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 1 -d 1B014D48000000000000000000000000;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 3 -d A0A1A2A3A4A5787788C189ECA97F8C2A;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 5 -d 020000000000000000000000%s;", sprint_hex_inrow(hex, hexlen)); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 7 -d 484944204953787788AA204752454154;"); + PrintAndLogEx(SUCCESS, " hf mf sim --1k -i;"); + PrintAndLogEx(NORMAL, ""); + + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic 1K")); + PrintAndLogEx(SUCCESS, " hf mf encodehid --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + } + free(binstr); + return PM3_SUCCESS; +} diff --git a/client/src/wiegand_formats.h b/client/src/wiegand_formats.h index 671795c9a..630d9cbb4 100644 --- a/client/src/wiegand_formats.h +++ b/client/src/wiegand_formats.h @@ -54,6 +54,7 @@ bool HIDPack(int format_idx, wiegand_card_t *card, wiegand_message_t *packed, bo bool HIDTryUnpack(wiegand_message_t *packed); void HIDPackTryAll(wiegand_card_t *card, bool preamble); void HIDUnpack(int idx, wiegand_message_t *packed); +int HIDDumpPACSBits(const uint8_t *const data, const uint8_t length, bool verbose); void print_wiegand_code(wiegand_message_t *packed); void print_desc_wiegand(cardformat_t *fmt, wiegand_message_t *packed); #endif diff --git a/client/src/wiegand_formatutils.c b/client/src/wiegand_formatutils.c index d279744b9..f77ab5bfe 100644 --- a/client/src/wiegand_formatutils.c +++ b/client/src/wiegand_formatutils.c @@ -165,7 +165,7 @@ static uint8_t get_length_from_header(wiegand_message_t *data) { len = 0; } - while (hfmt > 1) { + while (hfmt > 0) { hfmt >>= 1; len++; } diff --git a/common/commonutil.c b/common/commonutil.c index ad867be86..7ed34067f 100644 --- a/common/commonutil.c +++ b/common/commonutil.c @@ -554,8 +554,8 @@ size_t concatbits(uint8_t *dest, int dest_offset, const uint8_t *src, int src_of end = nbits; step = 1; } else { - i = nbits; - end = 0; + i = nbits - 1; + end = -1; step = -1; } diff --git a/common_arm/flashmem.c b/common_arm/flashmem.c index 5aa88b0eb..f515fe994 100644 --- a/common_arm/flashmem.c +++ b/common_arm/flashmem.c @@ -366,7 +366,6 @@ void Flashmem_print_status(void) { ); } - Dbprintf(" Device.................. " _YELLOW_("%s"), spi_flash_data.device); Dbprintf(" Memory size............. " _YELLOW_("%d kB (%d pages * 64k)"), spi_flash_pages64k * 64, spi_flash_pages64k); uint8_t uid[8] = {0, 0, 0, 0, 0, 0, 0, 0}; @@ -384,43 +383,6 @@ void Flashmem_print_status(void) { FlashStop(); } -void Flashmem_print_info(void) { - - if (!FlashInit()) return; - - DbpString(_CYAN_("Flash memory dictionary loaded")); - - // load dictionary offsets. - uint8_t keysum[2]; - uint16_t num; - - Flash_CheckBusy(BUSY_TIMEOUT); - uint16_t isok = Flash_ReadDataCont(DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k), keysum, 2); - if (isok == 2) { - num = ((keysum[1] << 8) | keysum[0]); - if (num != 0xFFFF && num != 0x0) - Dbprintf(" Mifare.................. "_YELLOW_("%u")" / "_GREEN_("%u")" keys", num, DEFAULT_MF_KEYS_MAX); - } - - Flash_CheckBusy(BUSY_TIMEOUT); - isok = Flash_ReadDataCont(DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages64k), keysum, 2); - if (isok == 2) { - num = ((keysum[1] << 8) | keysum[0]); - if (num != 0xFFFF && num != 0x0) - Dbprintf(" T55x7................... "_YELLOW_("%u")" / "_GREEN_("%u")" keys", num, DEFAULT_T55XX_KEYS_MAX); - } - - Flash_CheckBusy(BUSY_TIMEOUT); - isok = Flash_ReadDataCont(DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages64k), keysum, 2); - if (isok == 2) { - num = ((keysum[1] << 8) | keysum[0]); - if (num != 0xFFFF && num != 0x0) - Dbprintf(" iClass.................. "_YELLOW_("%u")" / "_GREEN_("%u")" keys", num, DEFAULT_ICLASS_KEYS_MAX); - } - - FlashStop(); -} - bool FlashDetect(void) { flash_device_type_t flash_data = {0}; bool ret = false; @@ -442,21 +404,13 @@ bool FlashDetect(void) { } else { if (g_dbglevel > 3) Dbprintf("Flash_ReadID failed reading Mfr/Dev (0x90)"); } - // default device is 'unknown' - spi_flash_data.device = SpiFlashTable[0].device; - + // Check JEDEC data is valid, compare the reported device types and then calculate the number of pages + // It is covering the most (known) cases of devices but probably there are vendors with different data + // They will be handled when there is such cases if (ret) { - for (int i = 0; i < ARRAYLEN(SpiFlashTable); i++) { - if (SpiFlashTable[i].manufacturer_id == spi_flash_data.manufacturer_id) { - if (SpiFlashTable[i].jedec_id == spi_flash_data.jedec_id) { - spi_flash_pages64k = SpiFlashTable[i].pages64k; - spi_flash_data.device = SpiFlashTable[i].device; - break; - } - if (SpiFlashTable[i].device_id == spi_flash_data.device_id) { - spi_flash_data.device = SpiFlashTable[i].device; - break; - } + if (spi_flash_data.jedec_id > 0 && spi_flash_data.jedec_id < 0xFFFF) { + if (((spi_flash_data.device_id + 1) & 0x0F) == (spi_flash_data.jedec_id & 0x000F)) { + spi_flash_pages64k = 1 << (spi_flash_data.jedec_id & 0x000F); } } } diff --git a/common_arm/flashmem.h b/common_arm/flashmem.h index b28989646..45b8e67c2 100644 --- a/common_arm/flashmem.h +++ b/common_arm/flashmem.h @@ -134,42 +134,13 @@ uint16_t Flash_Write(uint32_t address, uint8_t *in, uint16_t len); uint16_t Flash_WriteData(uint32_t address, uint8_t *in, uint16_t len); uint16_t Flash_WriteDataCont(uint32_t address, uint8_t *in, uint16_t len); void Flashmem_print_status(void); -void Flashmem_print_info(void); typedef struct { uint8_t manufacturer_id; uint8_t device_id; uint16_t jedec_id; - uint8_t pages64k; - char *device; } spi_flash_t; -static const spi_flash_t SpiFlashTable[] = { - // first element is the default of 4 * 64kB pages (256kB) - { 0x00, 0x00, 0x0000, 4, "unknown" }, // 256k - // Manufacturer: Puya - { 0x85, 0x00, 0x6015, 32, "P25Q16H" }, // 2048k - /// Manufacturer: Renesas - { 0x1F, 0x46, 0x0000, 32, "AT25XE161D" }, // 2048k - { 0x1F, 0x47, 0x0000, 64, "AT25XE321D" }, // 4096k - // Manufacturer: Winbond - { 0xEF, 0x00, 0x3012, 4, "W25X20BV" }, // 256k - { 0xEF, 0x00, 0x3013, 8, "W25X40BV" }, // 512k - - { 0xEF, 0x00, 0x4013, 8, "W25Q40BV" }, // 512k - { 0xEF, 0x00, 0x4014, 16, "W25Q80BV" }, // 1024k - { 0xEF, 0x14, 0x4015, 32, "W25Q16BV" }, // 2048k - { 0xEF, 0x15, 0x4016, 64, "W25Q32BV" }, // 4096k - - { 0xEF, 0x21, 0x7022, 4, "W25Q02JV" }, - // identified by Manufacturer /Device ID -// { 0xEF, 0x05, 0x0000, 1, "Winbond!!!" }, - { 0xEF, 0x10, 0x0000, 2, "W25*10BV!!!" }, // 128k - { 0xEF, 0x11, 0x0000, 4, "W25*20BV" }, // 256k - { 0xEF, 0x12, 0x0000, 8, "W25*40BV" }, // 512k - { 0xEF, 0x13, 0x0000, 16, "W25*80BV" } // 1024k -}; - extern uint8_t spi_flash_pages64k; bool FlashDetect(void); diff --git a/common_arm/ticks.c b/common_arm/ticks.c index 10c3dcb72..4abda2689 100644 --- a/common_arm/ticks.c +++ b/common_arm/ticks.c @@ -336,4 +336,5 @@ void WaitUS(uint32_t us) { void StopTicks(void) { AT91C_BASE_TC0->TC_CCR = AT91C_TC_CLKDIS; AT91C_BASE_TC1->TC_CCR = AT91C_TC_CLKDIS; + AT91C_BASE_TC2->TC_CCR = AT91C_TC_CLKDIS; } diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index 0dd86c2a0..d9e7efcbb 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -294,6 +294,7 @@ Options: -a Input key A (def) -b Input key B -f, --file filename of dictionary +-o filename suffix for dump and key files -s, --slow Slower acquisition (required by some non standard cards) -l, --legacy legacy mode (use the slow `hf mf chk`) -v, --verbose verbose output (statistics) diff --git a/doc/commands.json b/doc/commands.json index ef3c4489d..157451109 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -2081,7 +2081,7 @@ "command": "hf 15 view", "description": "Print a ISO-15693 tag dump file (bin/eml/json)", "notes": [ - "hf 15 view -f hf-iclass-AA162D30F8FF12F1-dump.bin" + "hf 15 view -f hf-15-1122334455667788-dump.bin" ], "offline": true, "options": [ @@ -3500,9 +3500,10 @@ "--loop The number of key retrieval cycles to perform, max 10000, default 100", "--debug Re-enables tracing for debugging. Limits cycles to 1.", "--notest Perform real writes on the card!", - "--allnight Loops the loop for 10 times, recommended loop value of 5000." + "--allnight Loops the loop for 10 times, recommended loop value of 5000.", + "--est Estimates the key updates based on the card's CSN assuming standard key." ], - "usage": "hf iclass legrec [-h] --macs [--index ] [--loop ] [--debug] [--notest] [--allnight]" + "usage": "hf iclass legrec [-h] --macs [--index ] [--loop ] [--debug] [--notest] [--allnight] [--est]" }, "hf iclass loclass": { "command": "hf iclass loclass", @@ -3683,6 +3684,32 @@ ], "usage": "hf iclass sniff [-hj]" }, + "hf iclass trbl": { + "command": "hf iclass trbl", + "description": "Tear off an iCLASS tag block", + "notes": [ + "hf iclass trbl --blk 10 -d AAAAAAAAAAAAAAAA -k 001122334455667B --tdb 100 --tde 150", + "hf iclass trbl --blk 10 -d AAAAAAAAAAAAAAAA --ki 0 --tdb 100 --tde 150" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-k, --key Access key as 8 hex bytes", + "--ki Key index to select key from memory 'hf iclass managekeys'", + "--blk block number", + "-d, --data data to write as 8 hex bytes", + "-m, --mac replay mac data (4 hex bytes)", + "--credit key is assumed to be the credit key", + "--elite elite computations applied to key", + "--raw no computations applied to key", + "--nr replay of NR/MAC", + "-v, --verbose verbose output", + "--shallow use shallow (ASK) reader modulation instead of OOK", + "--tdb tearoff delay start in ms", + "--tde tearoff delay end in ms" + ], + "usage": "hf iclass trbl [-hv] [-k ] [--ki ] --blk -d [-m ] [--credit] [--elite] [--raw] [--nr] [--shallow] --tdb --tde " + }, "hf iclass unhash": { "command": "hf iclass unhash", "description": "Reverses the hash0 function used generate iclass diversified keys after DES encryption, Function returns the DES crypted CSN. Next step bruteforcing.", @@ -4313,7 +4340,7 @@ }, "hf mf autopwn": { "command": "hf mf autopwn", - "description": "This command automates the key recovery process on MIFARE Classic cards. It uses the fchk, chk, darkside, nested, hardnested and staticnested to recover keys. If all keys are found, it try dumping card content both to file and emulator memory.", + "description": "This command automates the key recovery process on MIFARE Classic cards. It uses the fchk, chk, darkside, nested, hardnested and staticnested to recover keys. If all keys are found, it try dumping card content both to file and emulator memory. default file name template is `hf-mf--.` using suffix the template becomes `hf-mf---.`", "notes": [ "hf mf autopwn", "hf mf autopwn -s 0 -a -k FFFFFFFFFFFF -> target MFC 1K card, Sector 0 with known key A 'FFFFFFFFFFFF'", @@ -4329,6 +4356,7 @@ "-a Input key A (def)", "-b Input key B", "-f, --file filename of dictionary", + "--suffix Add this suffix to generated files", "--slow Slower acquisition (required by some non standard cards)", "-l, --legacy legacy mode (use the slow `hf mf chk`)", "-v, --verbose verbose output", @@ -4344,7 +4372,7 @@ "--i2 AVX2", "--i5 AVX512" ], - "usage": "hf mf autopwn [-hablv] [-k ]... [-s ] [-f ] [--slow] [--ns] [--mini] [--1k] [--2k] [--4k] [--in] [--im] [--is] [--ia] [--i2] [--i5]" + "usage": "hf mf autopwn [-hablv] [-k ]... [-s ] [-f ] [--suffix ] [--slow] [--ns] [--mini] [--1k] [--2k] [--4k] [--in] [--im] [--is] [--ia] [--i2] [--i5]" }, "hf mf brute": { "command": "hf mf brute", @@ -4881,7 +4909,7 @@ }, "hf mf gen3blk": { "command": "hf mf gen3blk", - "description": "Overwrite full manufacturer block for magic Gen3 card - You can specify part of manufacturer block as 4/7-bytes for UID change only NOTE: BCC, SAK, ATQA will be calculated automatically", + "description": "Overwrite full manufacturer block for magic Gen3 card - You can specify part of manufacturer block as 4/7-bytes for UID change only NOTE: BCC and ATQA will be calculated automatically SAK will be automatically set to default values if not specified", "notes": [ "hf mf gen3blk -> print current data", "hf mf gen3blk -d 01020304 -> set 4 byte uid", @@ -5151,9 +5179,10 @@ "FM11RF08S specific options: Incompatible with above options, except -k; output in JSON", "--collect_fm11rf08s collect all nT/{nT}/par_err.", "--collect_fm11rf08s_with_data collect all nT/{nT}/par_err and data blocks.", + "--collect_fm11rf08s_without_backdoor collect all nT/{nT}/par_err without backdoor. Requires first auth keytype and block", "-f, --file Specify a filename for collected data" ], - "usage": "hf mf isen [-hab] [--blk ] [-c ] [-k ] [--blk2 ] [--a2] [--b2] [--c2 ] [--key2 ] [-n ] [--reset] [--hardreset] [--addread] [--addauth] [--incblk2] [--corruptnrar] [--corruptnrarparity] FM11RF08S specific options: [--collect_fm11rf08s] [--collect_fm11rf08s_with_data] [-f ]" + "usage": "hf mf isen [-hab] [--blk ] [-c ] [-k ] [--blk2 ] [--a2] [--b2] [--c2 ] [--key2 ] [-n ] [--reset] [--hardreset] [--addread] [--addauth] [--incblk2] [--corruptnrar] [--corruptnrarparity] FM11RF08S specific options: [--collect_fm11rf08s] [--collect_fm11rf08s_with_data] [--collect_fm11rf08s_without_backdoor] [-f ]" }, "hf mf mad": { "command": "hf mf mad", @@ -7116,6 +7145,22 @@ ], "usage": "hf 14a list [-h1crux] [--frame] [-f ]" }, + "hf mfu incr": { + "command": "hf mfu incr", + "description": "Increment a MIFARE Ultralight Ev1 counter Will read but not increment counter if NTAG is detected", + "notes": [ + "hf mfu incr -c 0 -v 1337", + "hf mfu incr -c 2 -v 0 -p FFFFFFFF" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-c, --cnt Counter index from 0", + "-v, --val Value to increment by (0-16777215)", + "-p, --pwd PWD to authenticate with" + ], + "usage": "hf mfu incr [-h] -c -v [-p ]" + }, "hf mfu info": { "command": "hf mfu info", "description": "Get info about MIFARE Ultralight Family styled tag. Sometimes the tags are locked down, and you may need a key to be able to read the information", @@ -8691,18 +8736,18 @@ }, "lf em 410x sim": { "command": "lf em 410x sim", - "description": "Enables simulation of EM 410x card. Simulation runs until the button is pressed or another USB command is issued.", + "description": "Enables simulation of EM 410x card. Simulation runs until the button is pressed or another USB command is issued. Most common readers expects the code to be sent in loop without a break (i.e. --gap 0). For other, more advanced readers there might be a need to set a non-zero gap value.", "notes": [ "lf em 410x sim --id 0F0368568B", "lf em 410x sim --id 0F0368568B --clk 32", - "lf em 410x sim --id 0F0368568B --gap 0" + "lf em 410x sim --id 0F0368568B --gap 20" ], "offline": false, "options": [ "-h, --help This help", "--clk <32|64> clock (default 64)", "--id EM Tag ID number (5 hex bytes)", - "--gap gap (0's) between ID repeats (default 20)" + "--gap gap (0's) between ID repeats (default 0)" ], "usage": "lf em 410x sim [-h] [--clk ] --id [--gap ]" }, @@ -9798,6 +9843,29 @@ ], "usage": "lf hitag list [-h1crux] [--frame] [-f ]" }, + "lf hitag hts dump": { + "command": "lf hitag hts dump", + "description": "Read all Hitag S memory and save to file Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", + "notes": [ + "lf hitag hts dump --82xx -> use def pwd", + "lf hitag hts dump --82xx -k BBDD3399 -> pwd mode", + "lf hitag hts dump --crypto -> use def crypto", + "lf hitag hts dump -k 4F4E4D494B52 -> crypto mode", + "lf hitag hts dump --nrar 0102030411223344" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-8, --82xx 8268/8310 mode", + "--nrar nonce / answer writer, 8 hex bytes", + "--crypto crypto mode", + "-k, --key pwd or key, 4 or 6 hex bytes", + "-m, --mode response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)", + "-f, --file specify file name", + "--ns no save to file" + ], + "usage": "lf hitag hts dump [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-f ] [--ns]" + }, "lf hitag hts help": { "command": "lf hitag hts help", "description": "help This help list List Hitag S trace history --------------------------------------------------------------------------------------- lf hitag hts list available offline: yes Alias of `trace list -t hitags` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", @@ -9856,6 +9924,28 @@ ], "usage": "lf hitag hts reader [-h@]" }, + "lf hitag hts restore": { + "command": "lf hitag hts restore", + "description": "Restore a dump file onto Hitag S tag Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", + "notes": [ + "lf hitag hts restore -f myfile --82xx -> use def pwd", + "lf hitag hts restore -f myfile --82xx -k BBDD3399 -> pwd mode", + "lf hitag hts restore -f myfile --crypto -> use def crypto", + "lf hitag hts restore -f myfile -k 4F4E4D494B52 -> crypto mode", + "lf hitag hts restore -f myfile --nrar 0102030411223344" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-8, --82xx 8268/8310 mode", + "--nrar nonce / answer writer, 8 hex bytes", + "--crypto crypto mode", + "-k, --key pwd or key, 4 or 6 hex bytes", + "-m, --mode response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)", + "-f, --file specify file name" + ], + "usage": "lf hitag hts restore [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-f ]" + }, "lf hitag hts sim": { "command": "lf hitag hts sim", "description": "Simulate Hitag S transponder You need to `lf hitag hts eload` first", @@ -9875,6 +9965,7 @@ "description": "Write a page in Hitag S memory. Crypto mode: - key format ISK high + ISK low - default key 4F4E4D494B52 (ONMIKR) 8268/8310 password mode: - default password BBDD3399", "notes": [ "lf hitag hts wrbl -p 6 -d 01020304 -> Hitag S/8211, plain mode", + "lf hitag hts wrbl -p 6 -d 01020304 --82xx -> use def pwd", "lf hitag hts wrbl -p 6 -d 01020304 --82xx -k BBDD3399 -> 8268/8310, password mode", "lf hitag hts wrbl -p 6 -d 01020304 --nrar 0102030411223344 -> Hitag S, challenge mode", "lf hitag hts wrbl -p 6 -d 01020304 --crypto -> Hitag S, crypto mode, default key", @@ -11758,7 +11849,7 @@ }, "mem load": { "command": "mem load", - "description": "Loads binary file into flash memory on device Warning: mem area to be written must have been wiped first ( this is already taken care when loading dictionaries )", + "description": "Loads binary file into flash memory on device Warning: mem area to be written must have been wiped first ( dictionaries are serviced as files in spiffs so no wipe is needed )", "notes": [ "mem load -f myfile -> upload file myfile values at default offset 0", "mem load -f myfile -o 1024 -> upload file myfile values at offset 1024", @@ -12797,6 +12888,7 @@ "trace list -t thinfilm -> interpret as Thinfilm", "trace list -t topaz -> interpret as Topaz", "trace list -t mfp -> interpret as MIFARE Plus", + "trace list -t fmcos20 -> interpret as FMCOS 2.0", "", "trace list -t mf -f mfc_default_keys.dic -> use default dictionary file", "trace list -t 14a --frame -> show frame delay times", @@ -13001,8 +13093,8 @@ } }, "metadata": { - "commands_extracted": 749, + "commands_extracted": 753, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2024-11-20T23:37:32" + "extracted_on": "2025-01-05T12:10:45" } } diff --git a/doc/commands.md b/doc/commands.md index bf9b82edc..fbee31f49 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -402,6 +402,7 @@ Check column "offline" for their availability. |`hf iclass view `|Y |`Display content from tag dump file` |`hf iclass wrbl `|N |`Write Picopass / iCLASS block` |`hf iclass creditepurse `|N |`Credit epurse value` +|`hf iclass trbl `|N |`Performs tearoff attack on iClass block` |`hf iclass chk `|N |`Check keys` |`hf iclass loclass `|Y |`Use loclass to perform bruteforce reader attack` |`hf iclass lookup `|Y |`Uses authentication trace to check for key in dictionary file` @@ -615,6 +616,7 @@ Check column "offline" for their availability. |`hf mfu cauth `|N |`Ultralight-C - Authentication` |`hf mfu setpwd `|N |`Ultralight-C - Set 3DES key` |`hf mfu dump `|N |`Dump MIFARE Ultralight family tag to binary file` +|`hf mfu incr `|N |`Increments Ev1/NTAG counter` |`hf mfu info `|N |`Tag information` |`hf mfu ndefread `|N |`Prints NDEF records from card` |`hf mfu rdbl `|N |`Read block` @@ -1081,6 +1083,8 @@ Check column "offline" for their availability. |`lf hitag hts list `|Y |`List Hitag S trace history` |`lf hitag hts reader `|N |`Act like a Hitag S reader` |`lf hitag hts rdbl `|N |`Read Hitag S page` +|`lf hitag hts dump `|N |`Dump Hitag S pages to a file` +|`lf hitag hts restore `|N |`Restore Hitag S memory from dump file` |`lf hitag hts wrbl `|N |`Write Hitag S page` |`lf hitag hts sim `|N |`Simulate Hitag S transponder` diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md index 96b968bc7..25ba2be14 100644 --- a/doc/ext_flash_notes.md +++ b/doc/ext_flash_notes.md @@ -19,7 +19,7 @@ External 256kbytes flash is a unique feature of the RDV4 edition. Flash memory is -* 256KB (0x40000= 262144) +* 256KB (0x40000 = 262144) * divided into 4 pages of 64KB (0x10000 = 65536) * 4 pages divided into 16 sectors of 4KB (0x1000 = 4096), so last sector is at 0x3F000 @@ -31,27 +31,29 @@ Therefore a flash address can be interpreted as such: ^^^ offset ^^^ offset 0xF7F ``` +Please note that for other flash memory sizes than 256KB a "Page 3" will be the last page of the memory, and address offsets would be dependant on the memory size. + ## Layout ^[Top](#top) Page 0: * available for user data -* to dump it: `mem dump f page0_dump o 0 l 65536` -* to erase it: `mem wipe p 0` +* to dump it: `mem dump -f page0_dump -o 0 -l 65536` +* to erase it: `mem wipe -p 0` Page 1: * available for user data -* to dump it: `mem dump f page1_dump o 65536 l 65536` -* to erase it: `mem wipe p 1` +* to dump it: `mem dump -f page1_dump -o 65536 -l 65536` +* to erase it: `mem wipe -p 1` Page 2: * available for user data -* to dump it: `mem dump f page2_dump o 131072 l 65536` -* to erase it: `mem wipe p 2` +* to dump it: `mem dump -f page2_dump -o 131072 -l 65536` +* to erase it: `mem wipe -p 2` -Page 3: -* used by Proxmark3 RDV4 specific functions: flash signature and keys dictionaries, see below for details -* to dump it: `mem dump f page3_dump o 196608 l 65536` +Page 3 (or the last page for memories other than 256KB): +* used by Proxmark3 RDV4 specific functions: flash signature, see below for details +* to dump it: `mem dump -f page3_dump -o 196608 -l 65536` * to erase it: * **Beware** it will erase your flash signature so better to back it up first as you won't be able to regenerate it by yourself! * edit the source code to enable Page 3 as a valid input in the `mem wipe` command. @@ -60,29 +62,19 @@ Page 3: ## Page3 Layout ^[Top](#top) -Page3 is used as follows by the Proxmark3 RDV4 firmware: - -* **MF_KEYS** - * offset: page 3 sector 9 (0x9) @ 3*0x10000+9*0x1000=0x39000 - * length: 2 sectors - -* **ICLASS_KEYS** - * offset: page 3 sector 11 (0xB) @ 3*0x10000+11*0x1000=0x3B000 - * length: 1 sector - -* **T55XX_KEYS** - * offset: page 3 sector 12 (0xC) @ 3*0x10000+12*0x1000=0x3C000 - * length: 1 sector - -* **T55XX_CONFIG** - * offset: page 3 sector 13 (0xD) @ 3*0x10000+13*0x1000=0x3D000 - * length: 1 sector (actually only a few bytes are used to store `t55xx_config` structure) +Page3 (or the last page for memories other than 256KB) is used as follows by the Proxmark3 RDV4 firmware: * **RSA SIGNATURE**, see below for details * offset: page 3 sector 15 (0xF) offset 0xF7F @ 3*0x10000+15*0x1000+0xF7F=0x3FF7F (decimal 262015) * length: 128 bytes * offset should have been 0x3FF80 but historically it's one byte off and therefore the last byte of the flash is unused +* **Reserved for future use** + * offset: page 3 sector 14 (0xE) + +* **SPIFFS sectors** + * offset: page 3 sectors 13..0 (0xD..0x0) + ## RSA signature ^[Top](#top) diff --git a/doc/md/Installation_Instructions/macOS-Homebrew-Installation-Instructions.md b/doc/md/Installation_Instructions/macOS-Homebrew-Installation-Instructions.md index 6c1ac3eca..68fe1e899 100644 --- a/doc/md/Installation_Instructions/macOS-Homebrew-Installation-Instructions.md +++ b/doc/md/Installation_Instructions/macOS-Homebrew-Installation-Instructions.md @@ -41,7 +41,7 @@ Alternatively, and only if the issue still persists after following the steps ab ## Apple Silicon (M1) Notes ^[Top](#top) -Ensure Rosetta 2 is installed as it's currently needed to run `arm-none-eabi-gcc` as it's delivered as a precombiled x86_64 binary. +Ensure Rosetta 2 is installed as it's currently needed to run `arm-none-eabi-gcc` as it's delivered as a precombiled x86_64 binary. **Note: Starting from v4.19552, it is no longer necessary to install Rosetta 2, Apple Silicons are already supported** If you see an error like: diff --git a/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md b/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md index 63076e720..1a291e9cd 100644 --- a/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md +++ b/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md @@ -117,6 +117,17 @@ or proxmark3 /dev/ttyACM0 --flash --unlock-bootloader --image /tmp/my-bootrom.elf --image /tmp/my-fullimage.elf ``` +## Updating SPI flash structure and contents (RDV4.x, some PM3 Easy variants) +^[Top](#top) + +For the devices equipped with external SPI flash memory chip in some cases it might be essential to update the memory structure as well as to upload new keys from the dictionaries. To do so execute following command inside the client: + +``` +[usb] pm3 --> script run init_rdv4 +``` + +For more details prease refer to [this doc](./2_Configuration-and-Verification.md). + ### The button trick ^[Top](#top) diff --git a/doc/ndef_type4a.md b/doc/ndef_type4a.md index 5a5c2c1a1..3a76a3150 100644 --- a/doc/ndef_type4a.md +++ b/doc/ndef_type4a.md @@ -50,7 +50,7 @@ Result ### Step 2 Create the Compatibility Container file (CC File) The CC File is a standard file to store the needed NDEF information to find your NDEF records. This example will contrain the setup for a single NDEF record. -Note: You can define more then one NDEF data file if needed (not covered in this example) +Note: You can define more than one NDEF data file if needed (not covered in this example) Type : Standard data file FID : 01 <- File ID can be any uniqure File ID for this AID diff --git a/docker/archlinux/Dockerfile b/docker/archlinux/Dockerfile index d020b7052..900b9d04c 100644 --- a/docker/archlinux/Dockerfile +++ b/docker/archlinux/Dockerfile @@ -15,6 +15,12 @@ RUN pacman -S --noconfirm ocl-icd # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/archlinux/docker_build.sh b/docker/archlinux/docker_build.sh deleted file mode 100755 index be92402d6..000000000 --- a/docker/archlinux/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-arch:1.0" . diff --git a/docker/archlinux/docker_rm.sh b/docker/archlinux/docker_rm.sh deleted file mode 100644 index 0c2d24f4e..000000000 --- a/docker/archlinux/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-arch:1.0) -docker image rm pm3-arch:1.0 diff --git a/docker/archlinux/docker_run.sh b/docker/archlinux/docker_run.sh deleted file mode 100755 index f379c5307..000000000 --- a/docker/archlinux/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-arch:1.0 diff --git a/docker/build-all.sh b/docker/build-all.sh index ed56a0972..a71727ee6 100755 --- a/docker/build-all.sh +++ b/docker/build-all.sh @@ -1,5 +1,5 @@ #!/bin/bash -for os in archlinux debian-12-bookworm fedora-36 fedora-37 homebrew kali opensuse-leap opensuse-tumbleweed parrot-core-latest ubuntu-20.04 ubuntu-22.04; do - ( cd $os && ./docker_build.sh ) +for os in archlinux debian-12-bookworm debian-12-bookworm-arm64 debian-12-bookworm-armhf debian-13-trixie fedora-36 fedora-37 homebrew kali opensuse-leap opensuse-tumbleweed parrot-core-latest ubuntu-20.04 ubuntu-22.04; do + ( cd $os && ../build.sh ) done diff --git a/docker/build.sh b/docker/build.sh new file mode 100755 index 000000000..499100942 --- /dev/null +++ b/docker/build.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +if [ ! -e docker_conf.inc ]; then + echo "This script must be run from within one of the subfolders" + exit 1 +fi +. docker_conf.inc +# Make sure to connect a Proxmark3 when building if you want to be able to access it from within the Docker instance +UART_PORT="$(../../pm3 --list|grep /dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + UART_GID="$(stat -c '%g' $UART_PORT)" + BUILDARG="--build-arg UART_GID=$UART_GID" +else + BUILDARG="" +fi + +# For cross-platform support: +# cf https://github.com/multiarch/qemu-user-static +#sudo apt install qemu-user-static +# credential=yes needed to get proper sudo support in cross-platform Docker instances +#docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes +#docker buildx create --use +#docker buildx inspect --bootstrap +#docker buildx build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" --load . +# Seems to work without buildx: +docker build $DOCKER_PLATFORM $BUILDARG -t "$DOCKER_IMAGE" . diff --git a/docker/debian-11-bullseye/Dockerfile b/docker/debian-11-bullseye/Dockerfile index 41c8b448e..c32710dda 100644 --- a/docker/debian-11-bullseye/Dockerfile +++ b/docker/debian-11-bullseye/Dockerfile @@ -20,6 +20,12 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-11-bullseye/docker_build.sh b/docker/debian-11-bullseye/docker_build.sh deleted file mode 100755 index 3b44dd72c..000000000 --- a/docker/debian-11-bullseye/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-debian-bullseye:1.0" . diff --git a/docker/debian-11-bullseye/docker_rm.sh b/docker/debian-11-bullseye/docker_rm.sh deleted file mode 100644 index b8ce5b834..000000000 --- a/docker/debian-11-bullseye/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-debian-bullseye:1.0) -docker image rm pm3-debian-bullseye:1.0 diff --git a/docker/debian-11-bullseye/docker_run.sh b/docker/debian-11-bullseye/docker_run.sh deleted file mode 100755 index 1216f54cd..000000000 --- a/docker/debian-11-bullseye/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-debian-bullseye:1.0 diff --git a/docker/debian-12-bookworm-arm64/Dockerfile b/docker/debian-12-bookworm-arm64/Dockerfile new file mode 100644 index 000000000..792014812 --- /dev/null +++ b/docker/debian-12-bookworm-arm64/Dockerfile @@ -0,0 +1,25 @@ +FROM arm64v8/debian:bookworm-slim + +ENV LANG=C +ENV DEBIAN_FRONTEND=noninteractive +# qtbase5-dev skipped +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends git ca-certificates build-essential cmake pkg-config libreadline-dev gcc-arm-none-eabi libnewlib-dev libbz2-dev liblz4-dev libbluetooth-dev libpython3-dev libssl-dev libgd-dev sudo && \ + apt-get clean + +# Create rrg user +RUN useradd -ms /bin/bash rrg +RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi +RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +USER rrg +WORKDIR "/home/rrg" + +CMD ["/bin/bash"] diff --git a/docker/debian-12-bookworm-arm64/README.md b/docker/debian-12-bookworm-arm64/README.md new file mode 100644 index 000000000..2ffa42d1a --- /dev/null +++ b/docker/debian-12-bookworm-arm64/README.md @@ -0,0 +1,17 @@ +# Notes to run tests + +``` +sudo apt update +sudo apt install -y python3-minimal +sudo apt install -y python3-pip +sudo apt install python3.11-venv +python3 -m venv /tmp/venv +source /tmp/venv/bin/activate +python3 -m pip install --use-pep517 pyaes +python3 -m pip install ansicolors sslcrypto +git config --global --add safe.directory /home/rrg/proxmark3 +cd proxmark3 +make clean +make -j +tools/pm3_tests.sh --long +``` diff --git a/docker/debian-12-bookworm-armhf/Dockerfile b/docker/debian-12-bookworm-armhf/Dockerfile new file mode 100644 index 000000000..e5d5acf2b --- /dev/null +++ b/docker/debian-12-bookworm-armhf/Dockerfile @@ -0,0 +1,25 @@ +FROM arm32v7/debian:bookworm-slim + +ENV LANG=C +ENV DEBIAN_FRONTEND=noninteractive +# qtbase5-dev skipped +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends git ca-certificates build-essential cmake pkg-config libreadline-dev gcc-arm-none-eabi libnewlib-dev libbz2-dev liblz4-dev libbluetooth-dev libpython3-dev libssl-dev libgd-dev sudo && \ + apt-get clean + +# Create rrg user +RUN useradd -ms /bin/bash rrg +RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi +RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers + +USER rrg +WORKDIR "/home/rrg" + +CMD ["/bin/bash"] diff --git a/docker/debian-12-bookworm-armhf/README.md b/docker/debian-12-bookworm-armhf/README.md new file mode 100644 index 000000000..2ffa42d1a --- /dev/null +++ b/docker/debian-12-bookworm-armhf/README.md @@ -0,0 +1,17 @@ +# Notes to run tests + +``` +sudo apt update +sudo apt install -y python3-minimal +sudo apt install -y python3-pip +sudo apt install python3.11-venv +python3 -m venv /tmp/venv +source /tmp/venv/bin/activate +python3 -m pip install --use-pep517 pyaes +python3 -m pip install ansicolors sslcrypto +git config --global --add safe.directory /home/rrg/proxmark3 +cd proxmark3 +make clean +make -j +tools/pm3_tests.sh --long +``` diff --git a/docker/debian-12-bookworm/Dockerfile b/docker/debian-12-bookworm/Dockerfile index f2878701e..6c883746d 100644 --- a/docker/debian-12-bookworm/Dockerfile +++ b/docker/debian-12-bookworm/Dockerfile @@ -18,6 +18,12 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-12-bookworm/docker_build.sh b/docker/debian-12-bookworm/docker_build.sh deleted file mode 100755 index 0059348cf..000000000 --- a/docker/debian-12-bookworm/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-debian-bookworm:1.0" . diff --git a/docker/debian-12-bookworm/docker_rm.sh b/docker/debian-12-bookworm/docker_rm.sh deleted file mode 100644 index 5818564e0..000000000 --- a/docker/debian-12-bookworm/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-debian-bookworm:1.0) -docker image rm pm3-debian-bookworm:1.0 diff --git a/docker/debian-12-bookworm/docker_run.sh b/docker/debian-12-bookworm/docker_run.sh deleted file mode 100755 index ae264581a..000000000 --- a/docker/debian-12-bookworm/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-debian-bookworm:1.0 diff --git a/docker/debian-13-trixie/Dockerfile b/docker/debian-13-trixie/Dockerfile index 120c0c706..607c5bba5 100644 --- a/docker/debian-13-trixie/Dockerfile +++ b/docker/debian-13-trixie/Dockerfile @@ -18,6 +18,12 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/debian-13-trixie/docker_build.sh b/docker/debian-13-trixie/docker_build.sh deleted file mode 100755 index 22a5bdbc3..000000000 --- a/docker/debian-13-trixie/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-debian-trixie:1.0" . diff --git a/docker/debian-13-trixie/docker_rm.sh b/docker/debian-13-trixie/docker_rm.sh deleted file mode 100644 index 0afb68014..000000000 --- a/docker/debian-13-trixie/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-debian-trixie:1.0) -docker image rm pm3-debian-trixie:1.0 diff --git a/docker/debian-13-trixie/docker_run.sh b/docker/debian-13-trixie/docker_run.sh deleted file mode 100755 index bc81286fc..000000000 --- a/docker/debian-13-trixie/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-debian-trixie:1.0 diff --git a/docker/fedora-36/Dockerfile b/docker/fedora-36/Dockerfile index 610738207..1041b799a 100644 --- a/docker/fedora-36/Dockerfile +++ b/docker/fedora-36/Dockerfile @@ -13,6 +13,12 @@ RUN yum -y install mesa-libOpenCL ocl-icd-devel # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/fedora-36/docker_build.sh b/docker/fedora-36/docker_build.sh deleted file mode 100755 index 1a2e2d392..000000000 --- a/docker/fedora-36/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-fedora-36:1.0" . diff --git a/docker/fedora-36/docker_rm.sh b/docker/fedora-36/docker_rm.sh deleted file mode 100644 index a14c31e80..000000000 --- a/docker/fedora-36/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-fedora-36:1.0) -docker image rm pm3-fedora-36:1.0 diff --git a/docker/fedora-36/docker_run.sh b/docker/fedora-36/docker_run.sh deleted file mode 100755 index 0e6e69925..000000000 --- a/docker/fedora-36/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-fedora-36:1.0 diff --git a/docker/fedora-37/Dockerfile b/docker/fedora-37/Dockerfile index 06462c721..bb3118fd2 100644 --- a/docker/fedora-37/Dockerfile +++ b/docker/fedora-37/Dockerfile @@ -13,6 +13,12 @@ RUN yum -y install mesa-libOpenCL ocl-icd-devel # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/fedora-37/docker_build.sh b/docker/fedora-37/docker_build.sh deleted file mode 100755 index 5e3049b68..000000000 --- a/docker/fedora-37/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-fedora-37:1.0" . diff --git a/docker/fedora-37/docker_rm.sh b/docker/fedora-37/docker_rm.sh deleted file mode 100644 index 6f0bd7e56..000000000 --- a/docker/fedora-37/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-fedora-37:1.0) -docker image rm pm3-fedora-37:1.0 diff --git a/docker/fedora-37/docker_run.sh b/docker/fedora-37/docker_run.sh deleted file mode 100755 index eb51525b7..000000000 --- a/docker/fedora-37/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-fedora-37:1.0 diff --git a/docker/homebrew/Dockerfile b/docker/homebrew/Dockerfile index 0a432fc18..d4893d154 100644 --- a/docker/homebrew/Dockerfile +++ b/docker/homebrew/Dockerfile @@ -2,6 +2,13 @@ FROM homebrew/brew ENV LANG=C +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + sudo groupadd -g ${UART_GID} mydialout || true; \ + sudo usermod -aG ${UART_GID} linuxbrew; \ + fi + USER linuxbrew WORKDIR "/home/linuxbrew" RUN brew install cmake pkg-config bzip2 lz4 && rm -rf ~/.cache/Homebrew diff --git a/docker/homebrew/README.md b/docker/homebrew/README.md index 549896b33..664db5de3 100644 --- a/docker/homebrew/README.md +++ b/docker/homebrew/README.md @@ -1,5 +1,7 @@ # Notes on linux homebrew +If needed to install sth, run brew as user linuxbrew + Do not `brew install arm-none-eabi-gcc`, it's a Mach-O executable. So only host bins can be built (except tools/hitag2crack/crack5opencl which needs OpenCL) @@ -8,9 +10,10 @@ So only host bins can be built (except tools/hitag2crack/crack5opencl which need ```sh make -j client USE_BREW=1 SKIPREADLINE=1 -make -j mfkey -make -j nonce2key -make -j mf_nonce_brute +make -j cryptorf +make -j mfc_card_only +make -j mfc_card_reader +make -j mfd_aes_brute make -j hitag2crack SKIPOPENCL=1 make -j fpga_compress ``` diff --git a/docker/homebrew/docker_build.sh b/docker/homebrew/docker_build.sh deleted file mode 100755 index 466106d36..000000000 --- a/docker/homebrew/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-brew:1.0" . diff --git a/docker/homebrew/docker_rm.sh b/docker/homebrew/docker_rm.sh deleted file mode 100644 index aa782d4a3..000000000 --- a/docker/homebrew/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-brew:1.0) -docker image rm pm3-brew:1.0 diff --git a/docker/homebrew/docker_run.sh b/docker/homebrew/docker_run.sh deleted file mode 100755 index efde1649b..000000000 --- a/docker/homebrew/docker_run.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/linuxbrew/proxmark3 -w /home/linuxbrew/proxmark3 -it pm3-brew:1.0 -# if needed, run brew as user linuxbrew diff --git a/docker/kali/Dockerfile b/docker/kali/Dockerfile index 3f1946e29..90349c69d 100644 --- a/docker/kali/Dockerfile +++ b/docker/kali/Dockerfile @@ -9,10 +9,8 @@ RUN apt-get update && \ apt-get install -y --no-install-recommends git ca-certificates build-essential cmake pkg-config libreadline-dev gcc-arm-none-eabi libnewlib-dev libbz2-dev liblz4-dev libbluetooth-dev libpython3-dev libssl-dev libgd-dev sudo && \ apt-get clean -RUN apt-get install -y python3-minimal && \ - apt-get install -y python3-pip && \ - apt-get clean && \ - python3 -m pip install ansicolors sslcrypto +RUN apt-get install -y --no-install-recommends python3-minimal python3-pip python3-venv && \ + apt-get clean RUN apt-get install -y opencl-dev && \ apt-get clean @@ -20,6 +18,12 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/kali/docker_build.sh b/docker/kali/docker_build.sh deleted file mode 100755 index 59a8a207b..000000000 --- a/docker/kali/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-kali:1.0" . diff --git a/docker/kali/docker_rm.sh b/docker/kali/docker_rm.sh deleted file mode 100644 index fee4f07cf..000000000 --- a/docker/kali/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-kali:1.0) -docker image rm pm3-kali:1.0 diff --git a/docker/kali/docker_run.sh b/docker/kali/docker_run.sh deleted file mode 100755 index 7124fe5b5..000000000 --- a/docker/kali/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-kali:1.0 diff --git a/docker/kali/run_tests.sh b/docker/kali/run_tests.sh index dec20763b..3fc747191 100755 --- a/docker/kali/run_tests.sh +++ b/docker/kali/run_tests.sh @@ -5,4 +5,9 @@ # docker/kali/run_tests.sh; sudo apt update && sudo apt upgrade -y +python3 -m venv /tmp/venv +source /tmp/venv/bin/activate +python3 -m pip install --use-pep517 pyaes +python3 -m pip install ansicolors sslcrypto tools/release_tests.sh +deactivate diff --git a/docker/opensuse-leap/Dockerfile b/docker/opensuse-leap/Dockerfile index 99d608b76..f381bfd9e 100644 --- a/docker/opensuse-leap/Dockerfile +++ b/docker/opensuse-leap/Dockerfile @@ -16,6 +16,12 @@ RUN zypper --non-interactive install ocl-icd-devel # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) NOPASSWD: ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/opensuse-leap/docker_build.sh b/docker/opensuse-leap/docker_build.sh deleted file mode 100755 index d7e8a8873..000000000 --- a/docker/opensuse-leap/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-suse-leap:1.0" . diff --git a/docker/opensuse-leap/docker_rm.sh b/docker/opensuse-leap/docker_rm.sh deleted file mode 100644 index 12302b6f7..000000000 --- a/docker/opensuse-leap/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-suse-leap:1.0) -docker image rm pm3-suse-leap:1.0 diff --git a/docker/opensuse-leap/docker_run.sh b/docker/opensuse-leap/docker_run.sh deleted file mode 100755 index f3c830626..000000000 --- a/docker/opensuse-leap/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-suse-leap:1.0 diff --git a/docker/opensuse-tumbleweed/Dockerfile b/docker/opensuse-tumbleweed/Dockerfile index 81dcf331c..a0faf50c2 100644 --- a/docker/opensuse-tumbleweed/Dockerfile +++ b/docker/opensuse-tumbleweed/Dockerfile @@ -15,6 +15,12 @@ RUN zypper --non-interactive install ocl-icd-devel # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) NOPASSWD: ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/opensuse-tumbleweed/docker_build.sh b/docker/opensuse-tumbleweed/docker_build.sh deleted file mode 100755 index b93549831..000000000 --- a/docker/opensuse-tumbleweed/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-suse-tumbleweed:1.0" . diff --git a/docker/opensuse-tumbleweed/docker_rm.sh b/docker/opensuse-tumbleweed/docker_rm.sh deleted file mode 100644 index c4b1b1d53..000000000 --- a/docker/opensuse-tumbleweed/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-suse-tumbleweed:1.0) -docker image rm pm3-suse-tumbleweed:1.0 diff --git a/docker/opensuse-tumbleweed/docker_run.sh b/docker/opensuse-tumbleweed/docker_run.sh deleted file mode 100755 index 79ef74d5c..000000000 --- a/docker/opensuse-tumbleweed/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-suse-tumbleweed:1.0 diff --git a/docker/parrot-core-latest/Dockerfile b/docker/parrot-core-latest/Dockerfile index df3952d9d..044acdff4 100644 --- a/docker/parrot-core-latest/Dockerfile +++ b/docker/parrot-core-latest/Dockerfile @@ -18,6 +18,12 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/parrot-core-latest/docker_build.sh b/docker/parrot-core-latest/docker_build.sh deleted file mode 100755 index 3e052143d..000000000 --- a/docker/parrot-core-latest/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-parrotsec-core-latest:1.0" . diff --git a/docker/parrot-core-latest/docker_rm.sh b/docker/parrot-core-latest/docker_rm.sh deleted file mode 100644 index 9bf1605e5..000000000 --- a/docker/parrot-core-latest/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-parrotsec-core-latest:1.0) -docker image rm pm3-parrotsec-core-latest:1.0 diff --git a/docker/parrot-core-latest/docker_run.sh b/docker/parrot-core-latest/docker_run.sh deleted file mode 100755 index 509df4461..000000000 --- a/docker/parrot-core-latest/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-parrotsec-core-latest:1.0 diff --git a/docker/rm.sh b/docker/rm.sh new file mode 100755 index 000000000..72aab077b --- /dev/null +++ b/docker/rm.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +if [ ! -e docker_conf.inc ]; then + echo "This script must be run from within one of the subfolders" + exit 1 +fi +. docker_conf.inc +CONTAINER=$(docker ps -aq --filter ancestor="$DOCKER_IMAGE") +if [ -n "$CONTAINER" ]; then + docker rm $CONTAINER +fi +docker image rm "$DOCKER_IMAGE" diff --git a/docker/run.sh b/docker/run.sh new file mode 100755 index 000000000..df178fb6c --- /dev/null +++ b/docker/run.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +if [ ! -e docker_conf.inc ]; then + echo "This script must be run from within one of the subfolders" + exit 1 +fi +. docker_conf.inc +UART_PORT="$(../../pm3 --list|grep dev|head -n1|cut -d' ' -f2)" +if [ -n "$UART_PORT" ]; then + DEV="--device=/dev/tty0 --device=$UART_PORT" +else + DEV="" +fi +docker run $DEV $DOCKER_PLATFORM --volume="$(pwd)/../..:/home/rrg/proxmark3" -w /home/rrg/proxmark3 --net=host --rm -it "$DOCKER_IMAGE" diff --git a/docker/ubuntu-18.04/Dockerfile b/docker/ubuntu-18.04/Dockerfile index ecf8c60a3..f287c344e 100644 --- a/docker/ubuntu-18.04/Dockerfile +++ b/docker/ubuntu-18.04/Dockerfile @@ -21,6 +21,12 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-18.04/docker_build.sh b/docker/ubuntu-18.04/docker_build.sh deleted file mode 100755 index 252b8792f..000000000 --- a/docker/ubuntu-18.04/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-ubuntu-18.04:1.0" . diff --git a/docker/ubuntu-18.04/docker_rm.sh b/docker/ubuntu-18.04/docker_rm.sh deleted file mode 100644 index 20dcb80b2..000000000 --- a/docker/ubuntu-18.04/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-ubuntu-18.04:1.0) -docker image rm pm3-ubuntu-18.04:1.0 diff --git a/docker/ubuntu-18.04/docker_run.sh b/docker/ubuntu-18.04/docker_run.sh deleted file mode 100755 index 01d133712..000000000 --- a/docker/ubuntu-18.04/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-ubuntu-18.04:1.0 diff --git a/docker/ubuntu-20.04/Dockerfile b/docker/ubuntu-20.04/Dockerfile index 4b9bed06f..c02544234 100644 --- a/docker/ubuntu-20.04/Dockerfile +++ b/docker/ubuntu-20.04/Dockerfile @@ -20,6 +20,12 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-20.04/docker_build.sh b/docker/ubuntu-20.04/docker_build.sh deleted file mode 100755 index 58dfa2906..000000000 --- a/docker/ubuntu-20.04/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-ubuntu-20.04:1.0" . diff --git a/docker/ubuntu-20.04/docker_rm.sh b/docker/ubuntu-20.04/docker_rm.sh deleted file mode 100644 index d71954339..000000000 --- a/docker/ubuntu-20.04/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-ubuntu-20.04:1.0) -docker image rm pm3-ubuntu-20.04:1.0 diff --git a/docker/ubuntu-20.04/docker_run.sh b/docker/ubuntu-20.04/docker_run.sh deleted file mode 100755 index dd05c9f79..000000000 --- a/docker/ubuntu-20.04/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-ubuntu-20.04:1.0 diff --git a/docker/ubuntu-22.04/Dockerfile b/docker/ubuntu-22.04/Dockerfile index 44dd0919e..d182d893e 100644 --- a/docker/ubuntu-22.04/Dockerfile +++ b/docker/ubuntu-22.04/Dockerfile @@ -20,6 +20,12 @@ RUN apt-get install -y opencl-dev && \ # Create rrg user RUN useradd -ms /bin/bash rrg RUN passwd -d rrg +ARG UART_GID +# dialout group may already exist on another numeric ID than on host +RUN if [ -n "${UART_GID}" ]; then \ + groupadd -g ${UART_GID} mydialout || true; \ + usermod -aG ${UART_GID} rrg; \ + fi RUN printf 'rrg ALL=(ALL) ALL\n' | tee -a /etc/sudoers USER rrg diff --git a/docker/ubuntu-22.04/docker_build.sh b/docker/ubuntu-22.04/docker_build.sh deleted file mode 100755 index 1cfd6c10a..000000000 --- a/docker/ubuntu-22.04/docker_build.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker build -t "pm3-ubuntu-22.04:1.0" . diff --git a/docker/ubuntu-22.04/docker_rm.sh b/docker/ubuntu-22.04/docker_rm.sh deleted file mode 100644 index d1b82948b..000000000 --- a/docker/ubuntu-22.04/docker_rm.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker rm $(docker ps -aq --filter ancestor=pm3-ubuntu-22.04:1.0) -docker image rm pm3-ubuntu-22.04:1.0 diff --git a/docker/ubuntu-22.04/docker_run.sh b/docker/ubuntu-22.04/docker_run.sh deleted file mode 100755 index 04f8d99a0..000000000 --- a/docker/ubuntu-22.04/docker_run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker run --volume=$(pwd)/../..:/home/rrg/proxmark3 -w /home/rrg/proxmark3 -it pm3-ubuntu-22.04:1.0 diff --git a/fpga/xc2s50-5-tq144.ucf b/fpga/xc2s50-5-tq144.ucf new file mode 100644 index 000000000..0964e1acf --- /dev/null +++ b/fpga/xc2s50-5-tq144.ucf @@ -0,0 +1,45 @@ +# See the schematic for the pin assignment. + +NET "adc_d<0>" LOC = "P54" ; +NET "adc_d<1>" LOC = "P57" ; +NET "adc_d<2>" LOC = "P59" ; +NET "adc_d<3>" LOC = "P60" ; +NET "adc_d<4>" LOC = "P62" ; +NET "adc_d<5>" LOC = "P63" ; +NET "adc_d<6>" LOC = "P65" ; +NET "adc_d<7>" LOC = "P67" ; +#NET "cross_hi" LOC = "P88" ; +#NET "miso" LOC = "P40" ; +NET "adc_clk" LOC = "P75" ; +NET "adc_noe" LOC = "P74" ; +NET "ck_1356meg" LOC = "P15" ; +NET "ck_1356megb" LOC = "P12" ; +NET "cross_lo" LOC = "P19" ; +NET "dbg" LOC = "P112" ; +NET "mosi" LOC = "P80" ; +NET "ncs" LOC = "P79" ; +NET "pck0" LOC = "P91" ; +NET "pwr_hi" LOC = "P31" ; +NET "pwr_lo" LOC = "P30" ; +NET "pwr_oe1" LOC = "P28" ; +NET "pwr_oe2" LOC = "P27" ; +NET "pwr_oe3" LOC = "P26" ; +NET "pwr_oe4" LOC = "P21" ; +NET "spck" LOC = "P88" ; +NET "ssp_clk" LOC = "P43" ; +NET "ssp_din" LOC = "P99" ; +NET "ssp_dout" LOC = "P94" ; +NET "ssp_frame" LOC = "P100" ; + +# definition of Clock nets: +NET "ck_1356meg" TNM_NET = "clk_net_1356" ; +NET "ck_1356megb" TNM_NET = "clk_net_1356b"; +NET "pck0" TNM_NET = "clk_net_pck0" ; +NET "spck" TNM_NET = "clk_net_spck" ; + +# Timing specs of clock nets: +TIMEGRP "clk_net_1356_all" = "clk_net_1356" "clk_net_1356b" ; +TIMESPEC "TS_1356MHz" = PERIOD "clk_net_1356_all" 74 ns HIGH 37 ns ; +TIMESPEC "TS_24MHz" = PERIOD "clk_net_pck0" 42 ns HIGH 21 ns ; +TIMESPEC "TS_4MHz" = PERIOD "clk_net_spck" 250 ns HIGH 125 ns ; + diff --git a/include/hitag.h b/include/hitag.h index 451952ce4..e63b8c448 100644 --- a/include/hitag.h +++ b/include/hitag.h @@ -161,7 +161,7 @@ typedef struct { uint8_t logdata_1[4]; uint8_t nonce[4]; - //Hitag s section + // Hitag S section uint8_t mode; } PACKED lf_hitag_data_t; diff --git a/include/pmflash.h b/include/pmflash.h index bbed4b12e..7820ad4e2 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -22,32 +22,32 @@ #include "common.h" // RDV40 Section -// 256kb divided into 4k sectors. -// -// 0x3F000 - 1 4kb sector = signature -// 0x3E000 - 1 4kb sector = settings -// 0x3D000 - 1 4kb sector = default T55XX keys dictionary -// 0x3B000 - 1 4kb sector = default ICLASS keys dictionary -// 0x38000 - 3 4kb sectors = default MFC keys dictionary +// 256KB divided into 4K sectors. +// +--------+-------------+---------+--------------------------+ +// | Sector | 256KB addr* | Size | Description | +// +--------+-------------+---------+--------------------------+ +// | N | 0x3F000 | 1 * 4KB | signature | +// | N-1 | 0x3E000 | 1 * 4KB | reserved for future use | +// +--------+-------------+---------+--------------------------+ // +// * For different memory size than 256KB the address is not valid. +// Please instead refer to Sector number, where N is the last +// 4KB secotr of the memory in question. + #ifndef FLASH_MEM_BLOCK_SIZE # define FLASH_MEM_BLOCK_SIZE 256 #endif -#ifndef FLASH_MEM_MAX_SIZE -# define FLASH_MEM_MAX_SIZE 0x40000 // (262144) -#endif #ifndef FLASH_MEM_MAX_SIZE_P # define FLASH_MEM_MAX_SIZE_P(p64k) (1024 * 64 * (p64k)) #endif -#ifndef FLASH_MEM_MAX_4K_SECTOR -# define FLASH_MEM_MAX_4K_SECTOR 0x3F000 -#endif #ifndef FLASH_MEM_MAX_4K_SECTOR_P # define FLASH_MEM_MAX_4K_SECTOR_P(p64k) (FLASH_MEM_MAX_SIZE_P(p64k) - 4096) #endif +#define FLASH_RESERVED_TRAILING_4K_SECTORS 2 + #ifndef FLASH_MEM_ID_LEN # define FLASH_MEM_ID_LEN 8 #endif @@ -56,10 +56,7 @@ # define FLASH_MEM_SIGNATURE_LEN 128 #endif -#ifndef FLASH_MEM_SIGNATURE_OFFSET // -1 for historical compatibility with already released Proxmark3 RDV4.0 devices -# define FLASH_MEM_SIGNATURE_OFFSET (FLASH_MEM_MAX_SIZE - FLASH_MEM_SIGNATURE_LEN - 1) -#endif #ifndef FLASH_MEM_SIGNATURE_OFFSET_P # define FLASH_MEM_SIGNATURE_OFFSET_P(p64k) (FLASH_MEM_MAX_SIZE_P(p64k) - FLASH_MEM_SIGNATURE_LEN - 1) #endif @@ -68,42 +65,19 @@ # define T55XX_CONFIG_LEN sizeof( t55xx_configurations_t ) #endif -#ifndef T55XX_CONFIG_OFFSET -# define T55XX_CONFIG_OFFSET (FLASH_MEM_MAX_4K_SECTOR - 0x2000) -#endif -#ifndef T55XX_CONFIG_OFFSET_P -# define T55XX_CONFIG_OFFSET_P(p64k) (FLASH_MEM_MAX_4K_SECTOR_P(p64k) - 0x2000) -#endif +#define T55XX_CONFIG_FILE "cfg_t55xx.bin" -// Reserved space for T55XX PWD = 4 kb -#ifndef DEFAULT_T55XX_KEYS_OFFSET -# define DEFAULT_T55XX_KEYS_LEN (0x1000) -# define DEFAULT_T55XX_KEYS_OFFSET (T55XX_CONFIG_OFFSET - DEFAULT_T55XX_KEYS_LEN) -# define DEFAULT_T55XX_KEYS_MAX ((DEFAULT_T55XX_KEYS_LEN - 2) / 4) -#endif -#ifndef DEFAULT_T55XX_KEYS_OFFSET_P -# define DEFAULT_T55XX_KEYS_OFFSET_P(p64k) (T55XX_CONFIG_OFFSET_P(p64k) - DEFAULT_T55XX_KEYS_LEN) -#endif +// T55XX PWD stored in spiffs +#define T55XX_KEYS_FILE "dict_t55xx.bin" +#define T55XX_KEY_LENGTH 4 -// Reserved space for iClass keys = 4 kb -#ifndef DEFAULT_ICLASS_KEYS_OFFSET -# define DEFAULT_ICLASS_KEYS_LEN (0x1000) -# define DEFAULT_ICLASS_KEYS_OFFSET (DEFAULT_T55XX_KEYS_OFFSET - DEFAULT_ICLASS_KEYS_LEN) -# define DEFAULT_ICLASS_KEYS_MAX ((DEFAULT_ICLASS_KEYS_LEN - 2) / 8) -#endif -#ifndef DEFAULT_ICLASS_KEYS_OFFSET_P -# define DEFAULT_ICLASS_KEYS_OFFSET_P(p64k) (DEFAULT_T55XX_KEYS_OFFSET_P(p64k) - DEFAULT_ICLASS_KEYS_LEN) -#endif +// iClass keys stored in spiffs +#define ICLASS_KEYS_FILE "dict_iclass.bin" +#define ICLASS_KEY_LENGTH 8 -// Reserved space for MIFARE Keys = 12 kb -#ifndef DEFAULT_MF_KEYS_OFFSET -# define DEFAULT_MF_KEYS_LEN (0x3000) -# define DEFAULT_MF_KEYS_OFFSET (DEFAULT_ICLASS_KEYS_OFFSET - DEFAULT_MF_KEYS_LEN) -# define DEFAULT_MF_KEYS_MAX ((DEFAULT_MF_KEYS_LEN - 2) / 6) -#endif -#ifndef DEFAULT_MF_KEYS_OFFSET_P -# define DEFAULT_MF_KEYS_OFFSET_P(p64k) (DEFAULT_ICLASS_KEYS_OFFSET_P(p64k) - DEFAULT_MF_KEYS_LEN) -#endif +// Mifare keys stored in spiffs +#define MF_KEYS_FILE "dict_mf.bin" +#define MF_KEY_LENGTH 6 // RDV40, validation structure to help identifying that client/firmware is talking with RDV40 typedef struct { diff --git a/include/protocols.h b/include/protocols.h index 3aa40ea79..dbb60aa5e 100644 --- a/include/protocols.h +++ b/include/protocols.h @@ -263,20 +263,21 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define MAGIC_SINGLE (MAGIC_HALT | MAGIC_INIT | MAGIC_OFF) //0x1E // by CMD_HF_MIFARE_CIDENT / Flags -#define MAGIC_FLAG_NONE 0x0000 -#define MAGIC_FLAG_GEN_1A 0x0001 -#define MAGIC_FLAG_GEN_1B 0x0002 -#define MAGIC_FLAG_GEN_2 0x0004 -#define MAGIC_FLAG_GEN_UNFUSED 0x0008 -#define MAGIC_FLAG_SUPER_GEN1 0x0010 -#define MAGIC_FLAG_SUPER_GEN2 0x0020 -#define MAGIC_FLAG_NTAG21X 0x0040 -#define MAGIC_FLAG_GEN_3 0x0080 -#define MAGIC_FLAG_GEN_4GTU 0x0100 -#define MAGIC_FLAG_GDM_AUTH 0x0200 -#define MAGIC_FLAG_QL88 0x0400 -#define MAGIC_FLAG_GDM_WUP_20 0x0800 -#define MAGIC_FLAG_GDM_WUP_40 0x1000 +#define MAGIC_FLAG_NONE 0x0000 +#define MAGIC_FLAG_GEN_1A 0x0001 +#define MAGIC_FLAG_GEN_1B 0x0002 +#define MAGIC_FLAG_GEN_2 0x0004 +#define MAGIC_FLAG_GEN_UNFUSED 0x0008 +#define MAGIC_FLAG_SUPER_GEN1 0x0010 +#define MAGIC_FLAG_SUPER_GEN2 0x0020 +#define MAGIC_FLAG_NTAG21X 0x0040 +#define MAGIC_FLAG_GEN_3 0x0080 +#define MAGIC_FLAG_GEN_4GTU 0x0100 +#define MAGIC_FLAG_GDM_AUTH 0x0200 +#define MAGIC_FLAG_QL88 0x0400 +#define MAGIC_FLAG_GDM_WUP_20 0x0800 +#define MAGIC_FLAG_GDM_WUP_40 0x1000 +#define MAGIC_FLAG_GDM_WUP_40_ZUID 0x2000 // Commands for configuration of Gen4 GTU cards. @@ -453,6 +454,7 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. #define PROTO_MFPLUS 17 #define PROTO_TEXKOM 18 #define PROTO_XEROX 19 +#define PROTO_FMCOS20 20 // Picopass fuses #define FUSE_FPERS 0x80 @@ -950,5 +952,43 @@ ISO 7816-4 Basic interindustry commands. For command APDU's. // 0x0A = ACK // 0x05 = NACK +//FMCOS2.0 +#define FMCOS20_CMD_VERIFY_PIN 0x20 +#define FMCOS20_CMD_EXTERNAL_AUTHENTICATION 0x82 +#define FMCOS20_CMD_GET_CHALLENGE 0x84 +#define FMCOS20_CMD_INTERNAL_AUTHENTICATION 0x88 +#define FMCOS20_CMD_SELECT 0xA4 +#define FMCOS20_CMD_READ_BINARY 0xB0 +#define FMCOS20_CMD_READ_RECORD 0xB2 +#define FMCOS20_CMD_GET_RESPONSE 0xC0 +#define FMCOS20_CMD_UPDATE_BINARY 0xD6 +#define FMCOS20_CMD_UPDATE_RECORD 0xDC +#define FMCOS20_CMD_APPEND_RECORD 0xE2 +#define FMCOS20_CMD_CARD_BLOCK 0x16 +#define FMCOS20_CMD_APP_UNBLOCK 0x18 +#define FMCOS20_CMD_APP_BLOCK 0x1E +#define FMCOS20_CMD_PIN_UNBLOCK 0x24 +#define FMCOS20_CMD_UNBLOCK 0x2C +#define FMCOS20_CMD_INITIALIZE_TRANSACTION 0x50 +#define FMCOS20_CMD_CREDIT_LOAD 0x52 +#define FMCOS20_CMD_PURCHASE 0x54 +#define FMCOS20_CMD_UPDATE_OVERDRAW_LIMIT 0x58 +#define FMCOS20_CMD_GET_TRANSACTION_PROOF 0x5A +#define FMCOS20_CMD_GET_BALANCE 0x5C +#define FMCOS20_CMD_CHANGE_PIN 0x5E +#define FMCOS20_CMD_ERASE_DF 0x0E +#define FMCOS20_CMD_PULL 0x30 +#define FMCOS20_CMD_CHARGE 0x32 +#define FMCOS20_CMD_WRITE_KEY 0xD4 +#define FMCOS20_CMD_CREATE_FILE 0xE0 +#define FMCOS20_CMD_WRITE_EEPROM 0x00 +#define FMCOS20_CMD_READ_EEPROM 0x04 +#define FMCOS20_CMD_INITIALIZE_EEPROM 0x02 +#define FMCOS20_CMD_READ_ROM 0x0C +#define FMCOS20_CMD_INITIALIZE_GREY_LOCK_UNLOCK 0x7A +#define FMCOS20_CMD_GREY_LOCK_UNLOCK 0x7C +#define FMCOS20_CMD_DEBIT_UNLOCK 0x7E +#define FMCOS20_CMD_CALCULATE_ROM_CRC 0x0A + #endif // PROTOCOLS_H diff --git a/tools/mfc/card_only/staticnested_1nt.c b/tools/mfc/card_only/staticnested_1nt.c index 80a8dd5a6..e8876287f 100644 --- a/tools/mfc/card_only/staticnested_1nt.c +++ b/tools/mfc/card_only/staticnested_1nt.c @@ -148,10 +148,10 @@ int main(int argc, char *const argv[]) { , nt_par_err_arr[1] , nt_par_err_arr[2] , nt_par_err_arr[3] - , (nt_par_enc >> 3) & 1 - , (nt_par_enc >> 2) & 1 - , (nt_par_enc >> 1) & 1 - , nt_par_enc & 1 + , (uint8_t)((nt_par_enc >> 3) & 1) + , (uint8_t)((nt_par_enc >> 2) & 1) + , (uint8_t)((nt_par_enc >> 1) & 1) + , (uint8_t)(nt_par_enc & 1) , nt ^ nt_enc ); diff --git a/tools/recover_pk.py b/tools/recover_pk.py index 9d9c816fd..1e6bc33f7 100755 --- a/tools/recover_pk.py +++ b/tools/recover_pk.py @@ -12,12 +12,13 @@ from colors import color debug = False + def guess_curvename(signature): siglen = (len(signature) // 2) & 0xfe if siglen == 32: curves = ["secp128r1", "secp128r2"] elif siglen == 48: - curves = ["secp192k1", "secp192r1"] + curves = ["secp192k1", "prime192v1"] elif siglen == 56: curves = ["secp224k1", "secp224r1"] elif siglen == 64: @@ -31,6 +32,7 @@ def guess_curvename(signature): raise ValueError("Unsupported signature size %s" % lenstr) return curves + def recover(data, signature, curvename, alghash=None): recovered = set() try: @@ -60,6 +62,7 @@ def recover(data, signature, curvename, alghash=None): pass return recovered + def recover_multiple(uids, sigs, curvename, alghash=None): recovered = set() assert len(uids) == len(sigs) @@ -82,6 +85,7 @@ def recover_multiple(uids, sigs, curvename, alghash=None): recovered &= recovered_tmp return recovered + def selftests(): tests = [ {'name': "Mifare Ultralight EV1", @@ -102,42 +106,42 @@ def selftests(): 'pk': "044F6D3F294DEA5737F0F46FFEE88A356EED95695DD7E0C27A591E6F6F65962BAF"}, {'name': "DESFire Light", - 'samples': ["0439556ACB6480", "D5BD0978106E1E38B513642335966AB21E9F950DCFCFAB45FF13D0DC3CA4C2AE7E0D671DF1240937D040DAC4601C5F66ED62C546EE03ED08", - "043B156ACB6480", "76B46932BF2FCF4931A24C755F5CB1686B914F1856177686B864BDAD58EFA6A7493E5C2232F3ADDAA434EA4647BFD1D385BDA6115E77D74C"], - 'pk': "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, + 'samples': ["0439556ACB6480", "D5BD0978106E1E38B513642335966AB21E9F950DCFCFAB45FF13D0DC3CA4C2AE7E0D671DF1240937D040DAC4601C5F66ED62C546EE03ED08", # noqa: E501 + "043B156ACB6480", "76B46932BF2FCF4931A24C755F5CB1686B914F1856177686B864BDAD58EFA6A7493E5C2232F3ADDAA434EA4647BFD1D385BDA6115E77D74C"], # noqa: E501 + 'pk': "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, # noqa: E501 {'name': "DESFire EV2", - 'samples': ["042A41CAE45380", "B2769F8DDB575AEA2A680ADCA8FFED4FAB81A1E9908E2B82FE0FABB697BBD9B23835C416970E75768F12902ACA491349E94E6589EAF4F508", - "045640CAE45380", "D34B53A8C2C100D700DEA1C4C0D0DE4409F3A418CD8D57C4F41F146E42AD9A55F014199ABBF5CA259C7799DB0AE20D5E77D4950AC7E95D33", - "040D259A965B80","B158073A7100C88C3726F4299FA58311FC3CB18744686DE3F234928AD74578F5CAD7FCEC1DCB962ECC7CC000B8557B37F45B76DC6573A58F"], - 'pk': "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, + 'samples': ["042A41CAE45380", "B2769F8DDB575AEA2A680ADCA8FFED4FAB81A1E9908E2B82FE0FABB697BBD9B23835C416970E75768F12902ACA491349E94E6589EAF4F508", # noqa: E501 + "045640CAE45380", "D34B53A8C2C100D700DEA1C4C0D0DE4409F3A418CD8D57C4F41F146E42AD9A55F014199ABBF5CA259C7799DB0AE20D5E77D4950AC7E95D33", # noqa: E501 + "040D259A965B80", "B158073A7100C88C3726F4299FA58311FC3CB18744686DE3F234928AD74578F5CAD7FCEC1DCB962ECC7CC000B8557B37F45B76DC6573A58F"], # noqa: E501 + 'pk': "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3A"}, # noqa: E501 {'name': "DESFire EV2 XL", - 'samples': ["044ca092806480","9d86dacd3866058b1cf122ff5fc80e997251d99179bc1f996acf6ed7d495da5c39dde699e2760c08d747ef08487b9897d48957e5afd755e2", - "045793d28a6380","e509576a484b4f93b5b97ffa04cb297cae97cff1071bdefd23d5054513e3036203fdd1cdd2cdead0aead88df24ffe7cdaafee1e58a55a745", - "044ba492806480","517b2931355bd9b9f35d72ed90bdab6212d05853abcf9dd45a79d5ceb91d8939c2c90d3a630a4d18a33903a3e23950a7580cf4ca34d03a90"], - 'pk': "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, + 'samples': ["044ca092806480", "9d86dacd3866058b1cf122ff5fc80e997251d99179bc1f996acf6ed7d495da5c39dde699e2760c08d747ef08487b9897d48957e5afd755e2", # noqa: E501 + "045793d28a6380", "e509576a484b4f93b5b97ffa04cb297cae97cff1071bdefd23d5054513e3036203fdd1cdd2cdead0aead88df24ffe7cdaafee1e58a55a745", # noqa: E501 + "044ba492806480", "517b2931355bd9b9f35d72ed90bdab6212d05853abcf9dd45a79d5ceb91d8939c2c90d3a630a4d18a33903a3e23950a7580cf4ca34d03a90"], # noqa: E501 + 'pk': "04CD5D45E50B1502F0BA4656FF37669597E7E183251150F9574CC8DA56BF01C7ABE019E29FEA48F9CE22C3EA4029A765E1BC95A89543BAD1BC"}, # noqa: E501 {'name': "DESFire EV3", - 'samples': ["04448BD2DB6B80", "5CBB5632795C8F15263FEFB095B51C7B541AFD914A1AE44EF6FB8AF605EDF13DBFEE6C3A2DB372245E671DFE0D42CB1F0D0B8FE67A89D2F6", - "04445DD2DB6B80", "166BFD9F9BFAA451172566101580DF9894F582C4A4E258C15037AD2F35A475CF1D7FB817618623A6569F991931AFB2766984E21A18512A6D"], - 'pk': "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, + 'samples': ["04448BD2DB6B80", "5CBB5632795C8F15263FEFB095B51C7B541AFD914A1AE44EF6FB8AF605EDF13DBFEE6C3A2DB372245E671DFE0D42CB1F0D0B8FE67A89D2F6", # noqa: E501 + "04445DD2DB6B80", "166BFD9F9BFAA451172566101580DF9894F582C4A4E258C15037AD2F35A475CF1D7FB817618623A6569F991931AFB2766984E21A18512A6D"], # noqa: E501 + 'pk': "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, # noqa: E501 {'name': "Mifare Plus EV1", - 'samples': ["042A2B221C5080", "BAC40CD88E9193C58ADA5055350C4F648EB5A7AEC4FCF9BD4CDD7B1C558DE5F59C6636F26286ED48622AAA2331D4DF1CEE23B57B94BDA631", - "04505082346B80", "78B2FCF6769F60B165F5BDEB3A6D0C26967BB165E65A3B400A01C711356FF0A0807AB1A2706FCA419702AC67211287E31D71927BA25AB235", - "12817C48", "3351979A3449CACD9EE113A75B862917F03EFAE68DA399C06342BF8583C88DFE769DF49754A96F7C28B57189FB05B9C10E2305D41423A6EB"], - 'pk': "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, + 'samples': ["042A2B221C5080", "BAC40CD88E9193C58ADA5055350C4F648EB5A7AEC4FCF9BD4CDD7B1C558DE5F59C6636F26286ED48622AAA2331D4DF1CEE23B57B94BDA631", # noqa: E501 + "04505082346B80", "78B2FCF6769F60B165F5BDEB3A6D0C26967BB165E65A3B400A01C711356FF0A0807AB1A2706FCA419702AC67211287E31D71927BA25AB235", # noqa: E501 + "12817C48", "3351979A3449CACD9EE113A75B862917F03EFAE68DA399C06342BF8583C88DFE769DF49754A96F7C28B57189FB05B9C10E2305D41423A6EB"], # noqa: E501 + 'pk': "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"}, # noqa: E501 - {'name': "NTAG413DNA", - 'samples': ["042468222F5C80", "B9211E320F321BD1D0E158E10FF15109B389638BAE15D9909D7725BF1250ED236D66F1AF75C94D60330E4E92535F5E6997675281A5687173", - "042938222F5C80", "18B642797D1FD71806146A7A6EC778D3FDD04F39C4A3B36A592BD1A114DC44E5528380FA766C0B7EA32B284AFBE84300B620369F0686D8CC"], - 'pk': "04bb5d514f7050025c7d0f397310360eec91eaf792e96fc7e0f496cb4e669d414f877b7b27901fe67c2e3b33cd39d1c797715189ac951c2add"}, + {'name': "NTAG413DNA, DESFire EV1", + 'samples': ["042468222F5C80", "B9211E320F321BD1D0E158E10FF15109B389638BAE15D9909D7725BF1250ED236D66F1AF75C94D60330E4E92535F5E6997675281A5687173", # noqa: E501 + "042938222F5C80", "18B642797D1FD71806146A7A6EC778D3FDD04F39C4A3B36A592BD1A114DC44E5528380FA766C0B7EA32B284AFBE84300B620369F0686D8CC"], # noqa: E501 + 'pk': "04BB5D514F7050025C7D0F397310360EEC91EAF792E96FC7E0F496CB4E669D414F877B7B27901FE67C2E3B33CD39D1C797715189AC951C2ADD"}, # noqa: E501 {'name': "NTAG424DNA", - 'samples': ["0463474AA26A80", "27E9A50E6CA4BA9037C02F7D20A80D0284D0C1D83C67F5A5AC1D8A4EF86C9508417E4E9C6F85AA7920F0ABDED984CAF20467D66EA54BBF08", - "04C46C222A6380", "344A806EBF704C05C19215D2F840529CE365AAD2D08A469A95896D75D477D9FAB02A0C827E9F215BD8EB0E56A3A9A008FB75D706AABBD4DA"], - 'pk': "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, + 'samples': ["0463474AA26A80", "27E9A50E6CA4BA9037C02F7D20A80D0284D0C1D83C67F5A5AC1D8A4EF86C9508417E4E9C6F85AA7920F0ABDED984CAF20467D66EA54BBF08", # noqa: E501 + "04C46C222A6380", "344A806EBF704C05C19215D2F840529CE365AAD2D08A469A95896D75D477D9FAB02A0C827E9F215BD8EB0E56A3A9A008FB75D706AABBD4DA"], # noqa: E501 + 'pk': "048A9B380AF2EE1B98DC417FECC263F8449C7625CECE82D9B916C992DA209D68422B81EC20B65A66B5102A61596AF3379200599316A00A1410"}, # noqa: E501 {'name': "Vivokey Spark1", # ! tag signature bytes output by pm3 must be read right to left: @@ -149,26 +153,31 @@ def selftests(): {'name': "ICODE DNA, ICODE SLIX2", # ! tag UID is considered inverted: E0040118009B5FEE => EE5F9B00180104E0 - # TODO one more ICODE-DNA... + # uses secp128r1, None, 'samples': ["EE5F9B00180104E0", "32D9E7579CD77E6F1FA11419231E874826984C5F189FDE1421684563A9663377", - "838ED22A080104E0", "CAE8183CB4823C765AFDEB78C9D66C959990FD52A5820E76E1D6E025D76EAD79"], + "838ED22A080104E0", "CAE8183CB4823C765AFDEB78C9D66C959990FD52A5820E76E1D6E025D76EAD79", + "1F62C26F080104E0", "9F47BF33D9ED62A62AFEF5685BC4006CFB290C344EAD5C5B49BF976804A9EE62"], 'pk': "048878A2A2D3EEC336B4F261A082BD71F9BE11C4E2E896648B32EFA59CEA6E59F0"}, # {'name': "Minecraft Earth", # # uses secp256r1?, SHA-256, - # 'samples': ["aa", "DF0E506DFF8FCFC4B7B979D917644445F1230D2C7CDC342AFA842CA240C210BE7275F62073A9670F2DCEFC602CBEE771C2B4CD4A04F3D1EA11F49ABDF7E8B721"], + # 'samples': ["aa", "DF0E506DFF8FCFC4B7B979D917644445F1230D2C7CDC342AFA842CA240C210BE7275F62073A9670F2DCEFC602CBEE771C2B4CD4A04F3D1EA11F49ABDF7E8B721"], # noqa: E501 # 'pk': ""}, {'name': "MIFARE Plus Trojka", - # uses secp224r1, None, - 'samples': ["04B59F6A226F82", "6F577EB7F570D74DB6250477427F68A0088762BD318767537122919A7916597149F9D16D8B135E9BF826FB28AE293F3168661CD4A049FAED", - "04B44A82D80F92", "A0868ECF26733D3C3C838D055968B4559F77693CC3E346E3A4741BC826801F8360FD88857BEC440AAD3A21153D64302DEB6F5ED40B15C3F7"], - 'pk': "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, - -# {'name': "MIFARE Ultralight AES", - # uses NID_secp192r1, OpenSSL doesn't support it. This is commented out until that day. -# 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", -# "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], -# 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, + # uses secp224r1, None, + 'samples': ["04B59F6A226F82", "6F577EB7F570D74DB6250477427F68A0088762BD318767537122919A7916597149F9D16D8B135E9BF826FB28AE293F3168661CD4A049FAED", # noqa: E501 + "04B44A82D80F92", "A0868ECF26733D3C3C838D055968B4559F77693CC3E346E3A4741BC826801F8360FD88857BEC440AAD3A21153D64302DEB6F5ED40B15C3F7"], # noqa: E501 + 'pk': "040F732E0EA7DF2B38F791BF89425BF7DCDF3EE4D976669E3831F324FF15751BD52AFF1782F72FF2731EEAD5F63ABE7D126E03C856FFB942AF"}, # noqa: E501 + {'name': "MIFARE Ultralight AES", + # uses prime192v1, None, + 'samples': ["045E4CC2451390", "C9BBDA1B99EB6634CDFD8E3251AC5C4742EA5FA507B8A8A8B39B19AB7340D173331589C54C56C49F0CCA6DDBAC1E492A", # noqa: E501 + "043F88C2451390", "5C2055A7373F119C3FDD9843020B06AA0E6DE18C16496C425C4AD971A50F05FA1A67B9E39CA60C355EEEEBF8214A84A5"], # noqa: E501 + 'pk': "0453BF8C49B7BD9FE3207A91513B9C1D238ECAB07186B772104AB535F7D3AE63CF7C7F3DD0D169DA3E99E43C6399621A86"}, # noqa: E501 + {'name': "MIFARE Ultralight AES (alt key)", + # uses prime192v1, None, + # TODO more samples + 'samples': ["04A31232241C90", "057595DCC601CA7E21341F1F978FA134F0204D87A33749C56DDB4ABD6F1F26194341DB10093B34C42F524A30DCC5CE54"], # noqa: E501 + 'pk': "04DC34DAA903F2726A6225B11C692AF6AB4396575CA12810CBBCE3F781A097B3833B50AB364A70D9C2B641A728A599AE74"}, # noqa: E501 {'name': "MIFARE Classic / QL88", 'samples': ["30933C61", "AEA4DD0B800FAC63D4DE08EE91F4650ED825FD6B4D7DEEE98DBC9BAE10BE003E", "20593261", "F762CDD59EEDC075F4DDBA7ECD529FEEE5135C65A84D12EF0A250A321B2012F5"], @@ -200,47 +209,54 @@ def selftests(): succeeded = True for t in tests: - print("Testing %-38s" % (t['name']+":"), end="") + print("Testing %-40s" % (t['name']+":"), end="") curvenames = guess_curvename(t['samples'][1]) recovered = set() for c in curvenames: for h in [None, "md5", "sha1", "sha256", "sha512"]: - recovered |= recover_multiple(t['samples'][::2], t['samples'][1::2], c, alghash=h) + recovered |= set([(c, h, pk) for pk in + recover_multiple(t['samples'][::2], t['samples'][1::2], c, alghash=h)]) if (len(recovered) == 1): - pk = recovered.pop() + c, h, pk = recovered.pop() pk = binascii.hexlify(pk).decode('utf8') if pk.lower() == t['pk'].lower(): - print("( %s )" % color('ok', fg='green')) + print("%15s/%-8s ( %s )" % (c, h, color('ok', fg='green'))) else: succeeded = False - print("( FAIL ) got %s" % pk.lower()) + print("%15s/%-8s ( %s ) got %s" % (c, h, color('fail', fg='red'), pk.lower())) elif len(t['samples'])//2 == 1: - pks = [binascii.hexlify(pk).decode('utf8').lower() for pk in list(recovered)] - if t['pk'].lower() in pks: - print("( %s ) partial" % color('ok', fg='green')) + recovereds = [(c, h) for c, h, pk in list(recovered) + if t['pk'].lower() == binascii.hexlify(pk).decode('utf8').lower()] + if len(recovereds) == 1: + c, h = recovereds[0] + print("%15s/%-8s ( %s ) partial" % (c, h, color('ok', fg='green'))) else: succeeded = False - print("( %s ), got %s" % color('fail', fg='red'), pks) + print(" ( %s ), got" % color('fail', fg='red')) + for c, h, pk in list(recovered): + print(c, h, binascii.hexlify(pk).decode('utf8').lower()) else: - print("( %s )" % color('fail', fg='red')) + print(" ( %s )" % color('fail', fg='red')) succeeded = False - print("=====================================================") + print("===============================================================================") fail = color('fail', fg='red') ok = color('ok', fg='green') - print("Tests: ( %s )" % [fail, ok][succeeded]) + print("Tests: ( %s )" % [fail, ok][succeeded]) print("") + if __name__ == "__main__": if len(sys.argv) == 2 and sys.argv[1] == "selftests": selftests() exit(0) if len(sys.argv) < 3 or len(sys.argv) % 2 == 0: print("Usage: \n%s UID SIGN [UID SIGN] [...]" % sys.argv[0]) - print("Example: \n%s 04ee45daa34084 ebb6102bff74b087d18a57a54bc375159a04ea9bc61080b7f4a85afe1587d73b" % sys.argv[0]) + print("Example: \n%s 04ee45daa34084 ebb6102bff74b087d18a57a54bc375159a04ea9bc61080b7f4a85afe1587d73b" + % sys.argv[0]) exit(1) uids, sigs = sys.argv[1:][::2], sys.argv[1:][1::2] once = True diff --git a/traces/hf_seos_sniff_fc60_cn640001.trace b/traces/hf_seos_sniff_fc54_cn64001.trace similarity index 100% rename from traces/hf_seos_sniff_fc60_cn640001.trace rename to traces/hf_seos_sniff_fc54_cn64001.trace