Some Linux experiments with the ACR38 smartcards reader

Trying to read smartcards using only libusb. For fun and learning.

Nom :

01 mars 2007

The belgian Id card

The trouble with smart cards is that they are all different. There exist a standard ISO7816-4 for the protocol to use with smartcards but there are so many options that it is illusory to expect dumping a card content without previous knowlege of the application running on the smartcard.

The belgian Id card is well documented...

The protocol is described in eik_bestek_bijlage5.doc and the data content, in belgian_electronic_identity_card_content_v2.8.a.pdf. These documents are available, but not specially easy to read... Fortunately we just need a couple of commands to read the content of the card (file_select and read_binary).

Sources of programs interacting with the card are available too. It helps. But, it should be more easy to find the information. In fact, (aside pks#15 cryptography) there are just a couple of files of interest on the card : the card holder identity file (names, birth place/date,...), his address is in another file and a (jpeg) picture in a third file.

You could not find the file #id just by scanning all files (from 0000 to ffff) in the root directory because these files are 'hidden' in a #df01 directory. So, to select the files, you have to select 'df01/<some-file-id>'. Of course, it is not 1-2-3 (it would be to simple?), it is '0x4031' (identity), '0x4033' (address) and '0x4035' for the picture...

To select those files, you have to use the APDU :

00 A4 08 0c 04 df 01 40 xx Lc
00 : ISO CLAss (~standard ISO APDU)
A4 : ISO file_select INStruction
08 0c : P1 P2 for this operation (otherwise you get an error...)
04 : length of the 'path'
df 01 : directory for Id data
40 xx : the files id
31 : owner's identity (names, birth,...)
33 : owner's address
35 : owner's picture
Lc is the expected answer length (?)

Once the file is successfully selected (SW1:SW2 == 90:00), one can 'binary_read' the content with the APDU

00 b0 xx yy zz
00 : ISO CLAss (~standard ISO APDU)
b0 : ISO read_binary INStruction
xx yy : offset in the file (256*xx)+yy
zz : number of bytes to read

Once you know these very simple facts, it is very easy to get (and dump) the card content. I don't know why this simple information is so hard to find in the documentation or in the code...

The first two files contains a couple of fields, the last one, just a standard JPEG file of about 4 kilobytes. The fields are coded :

<tag> <length> <data> <tag>...
tag is one byte 00..ff
length is one byte if < 255,
ff followed by length-255
or ff ff followed by length-510 (to be confirmed)
data can be ASCII/UTF-8/binary depending of the tag
(not necessarily null terminated strings)

4 Comments:

Blogger A. A. said...

Hi, I know all this is so old but... did you learn how to connect and send commands to ACR38 from Java apps???

Thank you

8/26/2011 02:40:00 PM  
Blogger xofc said...

No, sorry, I don't know how to use the ACR38 in Java.

8/26/2011 02:50:00 PM  
Blogger xofc said...

I would search 'java acr38' or 'java libusb' and write it myself.

8/27/2011 06:18:00 AM  
Blogger A. A. said...

Thank you! I will try!

8/31/2011 10:55:00 AM  

Enregistrer un commentaire

<< Home