Everything For A Hacker

home *** CD-ROM | disk | FTP | other *** search

/ Everything For A Hacker / 19990506-[HACK].iso / CARDING / (W.UUE next >

Wrap

Text File | 1997-05-09 | 19KB | 470 lines

------------------------------------------------------------------------------- Area: RU.PHREAKS From: Mike Hawker Date: 8 May 97 To : lex Ershov Subj: ÆÑ½ÑΣ«¡¡δÑ ¬ápΓ«τ¬¿ ------------------------------------------------------------------------------- Hi Alex! BΓop¡¿¬ Ma⌐ 06 1997, Alex Ershov »¿ßá½ ¬ All,á ∩ ñ«íáó¿½: AE> ê ó««ΘÑ ¬á¬ πº¡áΓ∞ Γ¿» ΓÑ½ÑΣ«¡á/¬ápΓ«τ¬¿, ¿σ óp«ñÑ ¬á¬ ¡Ñß¬«½∞¬« ó¿ñ«ó ? M«ªÑΓ φΓ« ΓÑíÑ »«¼«ªÑΓ... AE> é í½áú«ñáp¡«ßΓ∞ ¬¿¡π ßσÑ¼π/»p«úπ/«»¿ßá¡¿Ñ φ¼π½∩Γ«pá subj ¡á PIC16æ84. åñÑ¼ßß === Cut === =============================================================================== What you need to know about smart-cards and electronics phonecards =============================================================================== INTRODUCTION: You must not think that the electronics phone-cards are completly secret things, and that you can not read the information that are inside. It is quite false, since in fact an electronic phone-card does not contain any secret information like credit cards and an electronic phonecard is nothing else that an 256 bits EPROM, with serial output. Besides do not think that you are going to refilled them, when you will know how these cards works, since for that you should reset the 256 bits of the cards by erasing the whole card. But the chip is coated in UV opaqued resin even if sometime you can see it as tranparent! Even if you were smart enough to erase the 256 bits of the card you should program the maer area, but these first 96 bits are writing protected by the fusang of a fuse after the card programing in factory. Neithertheless it can be very interesting to stdy how these cards work, to see how the data are maped inside or to see if there are units left inside, besides there are a great number of applications of these cards when there are used, since you can use them as key to open a door, or you can also use them as key to secure a progpam, etc. SCHEMATICS of the chip ====================== .-------------------. | | --|> Clk | | _ | --| R/W | | | --| Reset | | | --| Fuse | | | --| Vpp | | | | | '-. .-' | | .-------------------. | Out |-- serial output '-------------------' PINOUT of the connector ======================= AFNOR CHIP ISO CHIP ---------- -------- -------------+------------- -------------+------------- | 8 | 4 | | 1 | 5 | | | | | | | +-------\ | /-------+ +-------\ | /-------+ | 7 +----+----+ 3 | | 2 +----+ + 6 | | | | | | | | | +--------| |--------+ +--------| |--------+ | 6 | | 2 | | 3 | | 7 | | + +----+ | | +----+----+ | +-------/ | \-------+ +-------/ | \-------+ | 5 | 1 | | 4 | 8 | | | | | | | -------------+------------- -------------+------------- PINOUT: 1 : Vcc = 5V 5 : Gnd 3 : Clk 7 : I/O 4 : Reset 8 : Fuse TAME DIAGRAMS ============= +21V _____________ +5V ____________________________________| |_________________ Vpp : : +5V ___________________:_____________:_________________ Reset 0V ________________| : : : : : +5V ____ : ____ : ______:______ 0V ___| |_______:_____| |________:______| : |__________ Clock : : : : : : : : : +5V : : : : : :______:______: : _ 0V ___:____:_______:_____:____:________| : |______:__________ R/W : : : : : : : : : +5V : : :_____: :________: : : :__________ 0V XXXXXXXXXXXXXXXXX_____XXXXXX________XXXXXXXXXXXXXXXXXXXXXX__________ Out : : : : : :<-----><---->: : : : : : : :10 to 10 to : : : : : : :50 ms 50ms : Reset Bit 1 Bit2 Bit 3 card reading reading Bit2 writing to 1 reading MEMORY MAP of the french CARDS ============================== Bytes Bits Binary Hexa +-----------+-----+ 1 1 --> 8 | | | +-----------+-----+ 2 9 --> 16 | 0000 0011 | $03 | ---> a french telecard +-----------+-----+ 3 17 --> 24 | | | +-----------+-----+ 4 25 --> 32 | | | +-----------+-----+ 5 33 --> 40 | | | +-----------+-----+ 6 41 --> 48 | | | +-----------+-----+ 7 49 --> 56 | | | +-----------+-----+ 8 57 --> 64 | | | +-----------+-----+ 9 65 --> 72 | | | +-----------+-----+ 10 73 --> 80 | | | +-----------+-----+ 11 81 --> 88 | | | +-----------+-----+ 12 33 --> 40 | 0001 0011 | $13 | ---> 120 units card | 0000 0110 | $06 | ---> 50 units card | 0000 0101 | $05 | ---> 40 units card +-----------+-----+ 13-31 97 --> 248 | | | ---> The units area: each time a unit | | | is used, then a bit is set to "1"; | | | Generaly the first ten units are | | | fused in factory as test. | | | | | | | | | +-----------+-----+ 32 249 --> 256 | 1111 1111 | $FF | ---> the card is empty +-----------+-----+ MEMORY MAP of the other cards ============================= Bytes Bits Binary Hexa +-----------+-----+ 1 1 --> 8 | | | +-----------+-----+ 2 9 --> 16 | 1000 0011 | $83 | ---> a telecard +-----------+-----+-----------+-----+ 3-4 17 --> 32 | 1000 0000 | $80 | 0001 0010 | $12 | ---> 10 units card | | | 0010 0100 | $24 | ---> 22 units card | | | 0010 0111 | $27 | ---> 25 units card | | | 0011 0010 | $32 | ---> 30 units card | | | 0101 0010 | $52 | ---> 50 units card | | | 1000 0010 | $82 | ---> 80 units card | 1000 0001 | $81 | 0000 0010 | $02 | ---> 100 units card | | | 0101 0010 | $52 | ---> 150 units card +-----------+-----+-----------+-----+ 5 33 --> 40 | | | +-----------+-----+ 6 41 --> 48 | | | +-----------+-----+ 7 49 --> 56 | | | +-----------+-----+ 8 57 --> 64 | | | +-----------+-----+ 9 65 --> 72 | | | +-----------+-----+ 10 73 --> 80 | | | +-----------+-----+ 11 81 --> 88 | | | +-----------+-----+ 12 89 --> 96 | 0011 0000 | $30 | ---> Norway | 0011 1100 | $3C | ---> Ireland | 0100 0111 | $47 | ---> Portugal | 0101 0101 | $55 | ---> Czech Republic | 0101 1111 | $5F | ---> Gabon | 0110 0101 | $65 | ---> Finland +-----------+-----+ 13-31 97 --> 248 | | | ---> The units area: each time a unit | | | is used, then a bit is set to "1"; | | | Generaly the first two units are | | | fused in factory as test. | | | | | | +-----------+-----+ 32 249 --> 256 | | | +-----------+-----+ Schematic of the reader ======================= External 5V (Optional) 5V o------, | / T2 PNP d13 r7 10 0V o--, | / BC 177 |\ | _____ | | ,-------o/ o--*------. E C .--| >+-[_____]--------, __+__ | | | \ / |/ | | \\\\\ | __|__ Batery | \ / | | - 22.5V | --------- | ....... | | | _____ | _____ | : | __+__ +--[_____]--*--[_____]--, | D2 : | \\\\\ r6 150k r5 15k | | 4 o-------|---------------------------*------------------|-------------, | : | | r3 220k / C | | Ack : | | _____ |/ T1 - NPN | | 10 o------|--------. '--[_____]-*---| BC107 | | : | | _____ | |\ | | : ,-, ,-, +--[_____]-' \ E | | : | |r2 | |r1 | r4 390k | | | : | |220 | |22k __+__ __+__ | | : |_| |_| \\\\\ \\\\\ | | : | |\ | | | | : *--| >+--|----------------*----------------------------------|--* : | |/ | | ,-----|-----------------------------, | | : | d1 | | | ,----------,----------, | | | : | | | *---|--* Fuse | Reset *--|---' | | : | | | | |----------|----------| | | D0 : | | | ,-|---|--* I/O | Clk *--|---, | | 2 o-------|--------|----------' | | |----------|----------| | | | : | | | '---|--* Vpp | R/W *--|---|----' | Busy : | | | |----------|----------| | | 11 o------|--------|--------------' ,---|--* Gnd | 5V * | | | : | | | '----------'-------|--' | | D1 : | | __+__ Chip connector | | | 3 o-------|--------|--------, \\\\\ | | | : | | '------------------------------|------' | Str : | |\ | | | | 1 o-------*--| >+--*----*----*----*----*-------------------' | : d2|/ | |d3 |d4 |d5 |d6 |d7 | : -+- -+- -+- -+- -+- | : /_\ /_\ /_\ /_\ /_\ | D3 : | | | | | |\ | d8 | 5 o----------------*----|----|----|----|---| >+-------*-------------------' : | | | | |/ | | : | | | | | D4 : | | | | |\ | d9 | 6 o---------------------*----|----|----|---| >+-------* : | | | |/ | | : | | | | D5 : | | | |\ | d10 | 7 o--------------------------*----|----|---| >+-------* : | | |/ | | : | | | D6 : | | |\ | d11 | 8 o-------------------------------*----|---| >+-------* : | |/ | | : | | D7 : | |\ | d12 | 9 o------------------------------------*---| >+-------' : |/ | : : 25 o------. : | .......: | d1 to d13: 1N4148 __+__ \\\\\ Centronic port The program =========== The following program enable to use the reader on your PC. uses crt,dos; type string8=string[8]; var reg:registers; i,j:integer; bb:array[1..32] of string8; bh:array[1..32] of byte; l:array[1..256] of boolean; car:char; ;----------------------------------------------------------- procedure writeln_binaire(w:byte); begin if (w and $80)=$80 then write('1') else write('0'); if (w ano $40)=$40 then write('1') else write('0'); if (w and $20)=$20 then write('1') else write('0'); if (w and $10)=$10 then write('1') else write('0'); if (w and $08)=$08 then write('1') else write('0'); if (w and $04)=$04 then write('1') else write('0'); if (w and $02)=$02 then write('1') else write('0'); if (w and $01)=$01 then write('1') else write('0'); writeln; end; ;----------------------------------------------------------- procedure send(b:byte); begin reg.AH:=$00; reg.AL:=b; reg.DX:=0; intr($17,reg); end; ;----------------------------------------------------------- function get:byte; begin reg.AH:=$02; reg.DX:=0; intr($17,reg); get:=reg.AH; end; ;----------------------------------------------------------- function unites:byte; var u,idx:integer; begin u:=0; idx:=97; while (l[idx] and (idx<257)) do begin inc(u); inc(idx); end; unites:=u; end; ;----------------------------------------------------------- procedure type_carte; begin case bh[2] of $03: begin write('Telecard - France - '); case bh[12] of $13: write('120 Units - ',unites-130,' Units left'); $06: write('50 Units - ',unites-60,' Units left'); $15: write('40 Units - ',unites-40,' Units left'); end; end; $83:begin case bh[12] of $30: write('Telecard - Norway - '); $3C: write('Telecard - Ireland - '); $55: write('Telecard - Czech Republic - '); $65: write('Telecard - Finland - '); end; if bh[12] in [$30,$3C,$55,$65] then begin case ((bh[3] and $0F)*$100+bh[4]) of $012: write ('10 Units - ',unites-12,' Units left'); $024: write ('22 Units - ',unites-24,' Units left'); $027: write ('25 Units - ',unites-27,' Units left'); $032: write ('30 Units - ',unites-32,' Units left'); $052: write ('50 Units - ',unites-52,' Units left'); $070: write ('70 Units - ',unites-70,' Units left'); $082: write ('80 Units - ',unites-82,' Units left'); $102: write ('100 Units - ',unates-102,' Units left'); $152: write ('150 Units - ',unites-152,' Units left') ; end; end; write(' - N0 ',bh[5]*$100+bh[6]); end; end; end; ;----------------------------------------------------------- procedure attente; begin send($00); [write('Entrer une carte et presser une touche ...');] repeat until keypressed; writeln; end; ;----------------------------------------------------------- function value(s:string8):byte; var b:byte; begin b:=0; if s[8]='1' then b:=b+$01; if s[7]='1' then b:=b+$02; if s[6]='1' then b:=b+$04; if s[5]='1' then b:=b+$08; if s[4]='1' then b:=b+$10; if s[3]='1' then b:=b+$20; if s[2]='1' then b:=b+$40; if s[1]='1' then b:=b+$80; value:=b; end; ;----------------------------------------------------------- procedure write_hexa(s:string); var i:integer; begin if s='0000' then write('0') else if s='0001' then write('1') else if s='0010' then write('2') else if s='0011' then write('3') else if s='0100' then write('4') else if s='0101' then write('5') else if s='0110' then write('6') else if s='0111' then write('7') else if s='1000' then write('8') else if s='1001' then write('9') else if s='1010' then write('A') else if s='1011' then write('B') else if s='1100' then write('C') else if s='1101' then write('D') else if s='1110' then write('E) else if s='1111' then write('F'); end; ;----------------------------------------------------------- procedure lecture; var i,j,k:integer; begin send($FA); send($F8); k:=1; for i:=1 to 32 do begin bb[i]:=''; for j:=1 to 8 do begin seno($F9); l[k]:=not((get and $08)=$08); if l[k] then insert('1',bb[i],j) else insert('0',bb[i],j); send($FB); inc(k); end; end; end. === Cut === ___ _____ ├ -▄┌┌──╜ BEST REGARDS █╢ -=HAWKER=-