💾 Archived View for spam.works › mirrors › textfiles › phreak › carte_fr.txt captured on 2023-06-16 at 19:41:11.

View Raw

More Information

-=-=-=-=-=-=-

===============================================================================
       What you need to know about smart-cards and electronics phonecards
===============================================================================

INTRODUCTION:

You must not  think that  the electronics  phone-cards are  completly secret
things, and that  you can not read  the information that are  inside.  It is
quite false, since in  fact an  electronic phone-card  does not  contain any
secret  information like credit cards and an electronic phonecard is nothing
else that an 256 bits EPROM, with serial output.

Besides do not think that you are going to refilled them, when you will know
how  these cards works, since for that you  should reset the 256 bits of the
cards by erasing the whole card.  But the chip is coated in UV opaqued resin
even if sometime  you can  see it  as tranparent!   Even  if you  were smart
enough  to erase the 256 bits of the  card you should program the maer area,
but  these first 96 bits are writing protected by the fusang of a fuse after
the card programing in factory.

Neithertheless  it can be very interesting to  stdy how these cards work, to
see  how the data are maped inside or to see if there are units left inside,
besides  there are a great number of  applications of these cards when there
are  used, since you can use them as key to open a door, or you can also use
them as key to secure a progpam, etc.


SCHEMATICS of the chip
======================

                    .-------------------.
                    |                   |
                  --|> Clk              |
                    | _                 |
                  --| R/W               |
                    |                   |
                  --| Reset             |
                    |                   |
                  --| Fuse              |
                    |                   |
                  --| Vpp               |
                    |                   |
                    |                   |
                    '-.               .-'
                      |               |
                    .-------------------.
                    |               Out |-- serial output
                    '-------------------'


PINOUT of the connector
=======================


          AFNOR CHIP                                   ISO CHIP
          ----------                                   --------

 -------------+-------------                 -------------+-------------
|   8         |         4   |               |   1         |         5   |
|             |             |               |             |             |
+-------\     |     /-------+               +-------\     |     /-------+
|   7    +----+----+    3   |               |   2    +----+    +    6   |
|        |         |        |               |        |         |        |
+--------|         |--------+               +--------|         |--------+
|   6    |         |    2   |               |   3    |         |    7   |
|        +    +----+        |               |        +----+----+        |
+-------/     |     \-------+               +-------/     |     \-------+
|   5         |         1   |               |   4         |         8   |
|             |             |               |             |             |
 -------------+-------------                 -------------+-------------


PINOUT:    1 : Vcc = 5V        5 : Gnd
------     2 : R/W             6 : Vpp = 21V
           3 : Clk             7 : I/O
           4 : Reset           8 : Fuse


TAME DIAGRAMS
=============

+21V                                     _____________
+5V ____________________________________|             |_________________ Vpp
                                        :             :
+5V                  ___________________:_____________:_________________
Reset
0V  ________________|                   :             :
                    :                   :             :
+5V     ____        :      ____         :       ______:______
0V  ___|    |_______:_____|    |________:______|      :      |__________
Clock
       :    :       :     :    :        :      :      :      :
+5V    :    :       :     :    :        :______:______:      :           _
0V  ___:____:_______:_____:____:________|      :      |______:__________ R/W
       :    :       :     :    :        :      :      :      :
+5V    :    :       :_____:    :________:      :      :      :__________
0V  XXXXXXXXXXXXXXXXX_____XXXXXX________XXXXXXXXXXXXXXXXXXXXXX__________ Out
       :    :       :     :    :        :<-----><---->:      :
       :    :       :     :    :        :10 to   10 to       :
       :    :       :     :    :        :50 ms   50ms        :
        Reset        Bit 1        Bit2                           Bit 3
        card        reading      reading  Bit2 writing to 1     reading


MEMORY MAP of the french CARDS
==============================

Bytes       Bits      Binary     Hexa

                    +-----------+-----+
  1        1 --> 8  |           |     |
                    +-----------+-----+
  2       9 --> 16  | 0000 0011 | $03 | ---> a french telecard
                    +-----------+-----+
  3      17 --> 24  |           |     |
                    +-----------+-----+
  4      25 --> 32  |           |     |
                    +-----------+-----+
  5      33 --> 40  |           |     |
                    +-----------+-----+
  6      41 --> 48  |           |     |
                    +-----------+-----+
  7      49 --> 56  |           |     |
                    +-----------+-----+
  8      57 --> 64  |           |     |
                    +-----------+-----+
  9      65 --> 72  |           |     |
                    +-----------+-----+
 10      73 --> 80  |           |     |
                    +-----------+-----+
 11      81 --> 88  |           |     |
                    +-----------+-----+
 12      33 --> 40  | 0001 0011 | $13 | ---> 120 units card
                    | 0000 0110 | $06 | --->  50 units card
                    | 0000 0101 | $05 | --->  40 units card
                    +-----------+-----+
 13-31  97 --> 248  |           |     | ---> The units area: each time a unit
                    |           |     |      is used, then a bit is set to
"1";
                    |           |     |      Generaly the first ten units are
                    |           |     |      fused in factory as test.
                    |           |     |
                    |           |     |
                    |           |     |
                    +-----------+-----+
 32    249 --> 256  | 1111 1111 | $FF | ---> the card is empty
                    +-----------+-----+


MEMORY MAP of the other cards
=============================

Bytes       Bits      Binary     Hexa

                    +-----------+-----+
  1        1 --> 8  |           |     |
                    +-----------+-----+
  2       9 --> 16  | 1000 0011 | $83 | ---> a telecard
                    +-----------+-----+-----------+-----+
3-4      17 --> 32  | 1000 0000 | $80 | 0001 0010 | $12 | ---> 10 units card
                    |           |     | 0010 0100 | $24 | ---> 22 units card
                    |           |     | 0010 0111 | $27 | ---> 25 units card
                    |           |     | 0011 0010 | $32 | ---> 30 units card
                    |           |     | 0101 0010 | $52 | ---> 50 units card
                    |           |     | 1000 0010 | $82 | ---> 80 units card
                    | 1000 0001 | $81 | 0000 0010 | $02 | ---> 100 units card
                    |           |     | 0101 0010 | $52 | ---> 150 units card
                    +-----------+-----+-----------+-----+
  5      33 --> 40  |           |     |
                    +-----------+-----+
  6      41 --> 48  |           |     |
                    +-----------+-----+
  7      49 --> 56  |           |     |
                    +-----------+-----+
  8      57 --> 64  |           |     |
                    +-----------+-----+
  9      65 --> 72  |           |     |
                    +-----------+-----+
 10      73 --> 80  |           |     |
                    +-----------+-----+
 11      81 --> 88  |           |     |
                    +-----------+-----+
 12      89 --> 96  | 0011 0000 | $30 | ---> Norway
                    | 0011 1100 | $3C | ---> Ireland
                    | 0100 0111 | $47 | ---> Portugal
                    | 0101 0101 | $55 | ---> Czech Republic
                    | 0101 1111 | $5F | ---> Gabon
                    | 0110 0101 | $65 | ---> Finland
                    +-----------+-----+
 13-31  97 --> 248  |           |     | ---> The units area: each time a unit
                    |           |     |      is used, then a bit is set to
"1";
                    |           |     |      Generaly the first two units are
                    |           |     |      fused in factory as test.
                    |           |     |
                    |           |     |
                    +-----------+-----+
 32    249 --> 256  |           |     |
                    +-----------+-----+

Schematic of the reader
=======================

   External 5V (Optional)

5V o------,
          |                 /             T2  PNP      d13  r7 10
0V o--,   |                /               BC 177     |\ |  _____
      |   |      ,-------o/   o--*------. E      C .--| >+-[_____]--------,
    __+__ |      |               |       \        /   |/ |                |
    \\\\\ |    __|__ Batery      |         \    /                         |
          |      -   22.5V       |       ---------                        |
.......   |      |               |   _____   |   _____                    |
       :  |    __+__             +--[_____]--*--[_____]--,                |
   D2  :  |    \\\\\                r6 150k     r5 15k   |                |
4 o-------|---------------------------*------------------|-------------,  |
       :  |                           |   r3 220k       / C            |  |
   Ack :  |                           |   _____      |/    T1 - NPN    |  |
10 o------|--------.                  '--[_____]-*---|      BC107      |  |
       :  |        |                      _____  |   |\                |  |
       : ,-,      ,-,                 +--[_____]-'      \ E            |  |
       : | |r2    | |r1               |  r4 390k         |             |  |
       : | |220   | |22k            __+__              __+__           |  |
       : |_|      |_|               \\\\\              \\\\\           |  |
       :  |  |\ |  |                                                   |  |
       :  *--| >+--|----------------*----------------------------------|--*
       :  |  |/ |  |          ,-----|-----------------------------,    |  |
       :  |  d1    |          |     |   ,----------,----------,   |    |  |
       :  |        |          |     *---|--*  Fuse | Reset *--|---'    |  |
       :  |        |          |     |   |----------|----------|        |  |
   D0  :  |        |          |   ,-|---|--*   I/O | Clk   *--|---,    |  |
2 o-------|--------|----------'   | |   |----------|----------|   |    |  |
       :  |        |              | '---|--*   Vpp | R/W   *--|---|----'  |
  Busy :  |        |              |     |----------|----------|   |       |
11 o------|--------|--------------' ,---|--*   Gnd | 5V    *  |   |       |
       :  |        |                |   '----------'-------|--'   |       |
   D1  :  |        |              __+__    Chip connector  |      |       |
3 o-------|--------|--------,     \\\\\                    |      |       |
       :  |        |        '------------------------------|------'       |
  Str  :  |  |\ |  |                                       |              |
1 o-------*--| >+--*----*----*----*----*-------------------'              |
       :   d2|/ |  |d3  |d4  |d5  |d6  |d7                                |
       :          -+-  -+-  -+-  -+-  -+-                                 |
       :          /_\  /_\  /_\  /_\  /_\                                 |
   D3  :           |    |    |    |    |   |\ | d8                        |
5 o----------------*----|----|----|----|---| >+-------*-------------------'
       :                |    |    |    |   |/ |       |
       :                |    |    |    |              |
   D4  :                |    |    |    |   |\ | d9    |
6 o---------------------*----|----|----|---| >+-------*
       :                     |    |    |   |/ |       |
       :                     |    |    |              |
   D5  :                     |    |    |   |\ | d10   |
7 o--------------------------*----|----|---| >+-------*
       :                          |    |   |/ |       |
       :                          |    |              |
   D6  :                          |    |   |\ | d11   |
8 o-------------------------------*----|---| >+-------*
       :                               |   |/ |       |
       :                               |              |
   D7  :                               |   |\ | d12   |
9 o------------------------------------*---| >+-------'
       :                                   |/ |
       :
       :
25 o------.
       :  |
.......:  |                                 d1 to d13: 1N4148
        __+__
        \\\\\

Centronic port


The program
===========

The following program enable to use the reader on your PC.

---- cut here (begin)
uses crt,dos;

type string8=string[8];

var reg:registers;
    i,j:integer;
    bb:array[1..32] of string8;
    bh:array[1..32] of byte;
    l:array[1..256] of boolean;
    car:char;

;-----------------------------------------------------------

procedure writeln_binaire(w:byte);

begin if (w and $80)=$80 then write('1') else write('0');
  if (w ano $40)=$40 then write('1') else write('0');
  if (w and $20)=$20 then write('1') else write('0');
  if (w and $10)=$10 then write('1') else write('0');
  if (w and $08)=$08 then write('1') else write('0');
  if (w and $04)=$04 then write('1') else write('0');
  if (w and $02)=$02 then write('1') else write('0');
  if (w and $01)=$01 then write('1') else write('0');
  writeln;
end;

;-----------------------------------------------------------

procedure send(b:byte);

begin reg.AH:=$00;
  reg.AL:=b;
  reg.DX:=0;
  intr($17,reg);
end;

;-----------------------------------------------------------

function get:byte;

begin reg.AH:=$02;
  reg.DX:=0;
  intr($17,reg);
  get:=reg.AH;
end;

;-----------------------------------------------------------

function unites:byte;

var u,idx:integer;

begin u:=0;
  idx:=97;
  while (l[idx] and (idx<257)) do
  begin inc(u);
    inc(idx);
  end;
  unites:=u;
end;

;-----------------------------------------------------------

procedure type_carte;

begin case bh[2] of
  $03: begin write('Telecard - France - ');
    case bh[12] of
     $13: write('120 Units - ',unites-130,' Units left');
     $06: write('50 Units - ',unites-60,' Units left');
     $15: write('40 Units - ',unites-40,' Units left');
    end;
  end;
  $83:begin case bh[12] of
    $30: write('Telecard - Norway - ');
    $3C: write('Telecard - Ireland - ');
    $55: write('Telecard - Czech Republic - ');
    $65: write('Telecard - Finland - ');
  end;
  if bh[12] in [$30,$3C,$55,$65] then
  begin case ((bh[3] and $0F)*$100+bh[4]) of
    $012: write ('10 Units - ',unites-12,' Units left');
    $024: write ('22 Units - ',unites-24,' Units left');
    $027: write ('25 Units - ',unites-27,' Units left');
    $032: write ('30 Units - ',unites-32,' Units left');
    $052: write ('50 Units - ',unites-52,' Units left');
    $070: write ('70 Units - ',unites-70,' Units left');
    $082: write ('80 Units - ',unites-82,' Units left');
    $102: write ('100 Units - ',unates-102,' Units left');
    $152: write ('150 Units -  ',unites-152,' Units left')
;
        end;
      end;
    write(' - N0 ',bh[5]*$100+bh[6]);
    end;
  end;
end;

;-----------------------------------------------------------

procedure attente;

  begin send($00);
    [write('Entrer une carte et presser une touche ...');]
    repeat until keypressed;
    writeln;
  end;

;-----------------------------------------------------------

function value(s:string8):byte;

  var b:byte;

  begin b:=0;
    if s[8]='1' then b:=b+$01;
    if s[7]='1' then b:=b+$02;
    if s[6]='1' then b:=b+$04;
    if s[5]='1' then b:=b+$08;
    if s[4]='1' then b:=b+$10;
    if s[3]='1' then b:=b+$20;
    if s[2]='1' then b:=b+$40;
    if s[1]='1' then b:=b+$80;
    value:=b;
  end;

;-----------------------------------------------------------

procedure write_hexa(s:string);

  var i:integer;

  begin if s='0000' then write('0') else
    if s='0001' then write('1') else
    if s='0010' then write('2') else
    if s='0011' then write('3') else
    if s='0100' then write('4') else
    if s='0101' then write('5') else
    if s='0110' then write('6') else
    if s='0111' then write('7') else
    if s='1000' then write('8') else
    if s='1001' then write('9') else
    if s='1010' then write('A') else
    if s='1011' then write('B') else
    if s='1100' then write('C') else
    if s='1101' then write('D') else
    if s='1110' then write('E) else
    if s='1111' then write('F');
  end;

;-----------------------------------------------------------

procedure lecture;

  var i,j,k:integer;

  begin send($FA);
    send($F8);
    k:=1;
    for i:=1 to 32 do
    begin bb[i]:='';
      for j:=1 to 8 do
      begin seno($F9);
        l[k]:=not((get and $08)=$08);
        if l[k] then insert('1',bb[i],j) else insert('0',bb[i],j);
        send($FB);
        inc(k);
      end;
    end;
end.