The Hacker's Encyclopedia 1998

home *** CD-ROM | disk | FTP | other *** search

/ The Hacker's Encyclopedia 1998 / hackers_encyclopedia.iso / zines / phrack2 / p48_10.txt < prev next >

Wrap

Text File | 2003-06-11 | 38.5 KB | 1,041 lines

==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 10 of 18 Electronic Telephone Cards: How to make your own! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I guess that Sweden is not the only country that employs the electronic phone card systems from Schlumberger Technologies. This article will explain a bit about the cards they use, and how they work. In the end of this article you will also find an UUEncoded file which contains source code for a PIC16C84 micro-controller program that completely emulates a Schlumberger Telephone card and of course printed circuit board layouts + a component list... But before we begin talking seriously of this matter I must first make it completely clear that whatever you use this information for, is entirely YOUR responsibility, and I cannot be held liable for any problems that the use of this information can cause for you or for anybody else. In other words: I give this away FOR FREE, and I don't expect to get ANYTHING back in return! The Original Telephone Card: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since I probably would have had a hard time writing a better article than the one Stephane Bausson from France wrote a while ago, I will not attempt to give a better explanation than that one; I will instead incorporate it in this phile, but I do want to make it clear that the following part about the cards technical specification was not written by me: Merely the parts in quotes are things added by me... Instead I will concentrate on explaining how to build your own telephone card emulator and how the security measures in the payphone system created by Schlumberger Technologies work, and how to trick it... But first, let's have a look at the technical specifications of the various "smart memory card" systems used for the payphones. <Start of text quoted from Stephane Bausson (sbausson@ensem.u-nancy.fr)> ------------------------------------------------------------------------------ =============================================================================== What you need to know about electronics telecards =============================================================================== (C) 10-07-1993 / 03-1994 Version 1.06 Stephane BAUSSON Email: sbausson@ensem.u-nancy.fr Smail: 4, Rue de Grand; F-88630 CHERMISEY; France Phone: (33)-29-06-09-89 ------------------------------------------------------------------------------- Any suggestions or comments about phonecards and smart-cards are welcome ------------------------------------------------------------------------------- Content --------- I ) The cards from Gemplus, Solaic, Schlumberger, Oberthur: I-1) Introduction: I-2) SCHEMATICS of the chip: I-3) PINOUT of the connector: I-4) Main features: I-5) TIME DIAGRAMS: I-6) Memory MAP of cards from France and Monaco: I-5) Memory MAP of cards from other countries: II ) The cards from ODS: (German cards) II-1) Introduction: II-2) Pinout: II-3) Main features: II-4) Time Diagrams: II-5) Memory Map: II-6) Electrical features: III) The Reader Schematic: IV) The program: ------------------------------------------------------------------------------- I ) The cards from Gemplus, Solaic, Schlumberger, Oberthur: (French cards) ====================================================================== I-1) Introduction: ------------ You must not think that the electronics phone-cards are completely secret things, and that you can not read the information that is inside. It is quite false, since in fact an electronic phonecard does not contain any secret information like credit cards, and an electronic phonecard is nothing else than a 256 bit EPROM with serial output. Besides do not think that you are going to refill them when you understand how they work, since for that you should reset the 256 bits of the cards by erasing the whole card. But the chip is coated in UV opaqued resin even if sometimes you can see it as transparent! Even if you were smart enough to erase the 256 bits of the card you should program the manufacturer area, but this is quite impossible since these first 96 bits are write protected by a lock-out fuse that is fused after the card programming in factory. Nevertheless it can be very interesting to study how these cards work, to see which kind of data are inside and how the data are mapped inside or to see how many units are left inside for example. Besides there are a great number of applications of these cards when there are used (only for personal usage of course) , since you can use them as key to open a door, or you can also use them as key to secure a program, etc... These Telecards have been created in 1984 and at this time constructors decided to build these cards in NMOS technology but now, they plan to change by 1994 all readers in the public to booths and use CMOS technology. Also they plan to use EEPROM to secure the cards and to add many useful informations in, and you will perhaps use phone cards to buy you bread or any thing else. These cards are called Second Generation Telecards. I-2) SCHEMATICS of the chip: ---------------------- .-------------------. | | --|> Clk | | _ | --| R/W | | | --| Reset | | | --| Fuse | | | --| Vpp | | | | | '-. .-' | | .-------------------. | Out |-- serial output '-------------------' I-3) PINOUT of the connector: ------------------------- AFNOR CHIP ISO CHIP ---------- -------- -------------+------------- -------------+------------- | 8 | 4 | | 1 | 5 | | | | | | | +-------\ | /-------+ +-------\ | /-------+ | 7 +----+----+ 3 | | 2 +----+ + 6 | | | | | | | | | +--------| |--------+ +--------| |--------+ | 6 | | 2 | | 3 | | 7 | | + +----+ | | +----+----+ | +-------/ | \-------+ +-------/ | \-------+ | 5 | 1 | | 4 | 8 | | | | | | | -------------+------------- -------------+------------- NB: only the position of the chip is ISO standardized and not the pinout PINOUT: 1 : Vcc = 5V 5 : Gnd ------ 2 : R/W 6 : Vpp = 21V 3 : Clock 7 : I/O 4 : Reset 8 : Fuse I-4) Main features: --------------- - Synchronous protocol. - N-MOS technology. - 256x1 bit organization. - 96 written protected by a lock-out fuse. - Low power 85mW in read mode. - 21 V programming voltage. - Access time: 500ns - Operating range: -100C +700C - Ten year data retention. I-5) TIME DIAGRAMS: --------------- +21V _____________ +5V ____________________________________| |_________________ Vpp : : +5V ___________________:_____________:_________________ Reset 0V ________________| : : : : : +5V ____ : ____ : ______:______ 0V ___| |_______:_____| |________:______| : |__________ Clock : : : : : : : : : +5V : : : : : :______:______: : _ 0V ___:____:_______:_____:____:________| : |______:__________ R/W : : : : : : : : : +5V : : :_____: :________: : : :__________ 0V XXXXXXXXXXXXXXXXX_____XXXXXX________XXXXXXXXXXXXXXXXXXXXXX__________ Out : : : : : :<-----><---->: : : : : : : :10 to 10 to : : : : : : :50 ms 50ms : Reset Bit 1 Bit2 Bit 3 card reading reading Bit2 writing to 1 reading I-6) MEMORY MAP of cards from France and Monaco: -------------------------------------------- Bytes Bits Binary Hexa +-----------+-----+ 1 1 --> 8 | | | ---> Builder code. +-----------+-----+ 2 9 --> 16 | 0000 0011 | $03 | ---> a French telecard +-----------+-----+ 3 17 --> 24 | | | +-----------+-----+ 4 25 --> 32 | | | +-----------+-----+ 5 33 --> 40 | | | +-----------+-----+ 6 41 --> 48 | | | +-----------+-----+ 7 49 --> 56 | | | +-----------+-----+ 8 57 --> 64 | | | +-----------+-----+ 9 65 --> 72 | | | +-----------+-----+ 10 73 --> 80 | | | +-----------+-----+ 11 81 --> 88 | | | +-----------+-----+ 12 33 --> 40 | 0001 0011 | $13 | ---> 120 units card | 0000 0110 | $06 | ---> 50 units card | 0000 0101 | $05 | ---> 40 units card +-----------+-----+ 13-31 97 --> 248 | | | ---> The units area: each time a unit | | | is used, then a bit is set to "1"; | | | Generally the first ten units are | | | fused in factory as test. | | | | | | | | | +-----------+-----+ 32 249 --> 256 | 1111 1111 | $FF | ---> the card is empty +-----------+-----+ I-7) MEMORY MAP of the other cards: ------------------------------- Bytes Bits Binary Hexa +-----------+-----+ 1 1 --> 8 | | | +-----------+-----+ 2 9 --> 16 | 1000 0011 | $83 | ---> a telecard +-----------+-----+-----------+-----+ 3-4 17 --> 32 | 1000 0000 | $80 | 0001 0010 | $12 | ---> 10 units card | | | 0010 0100 | $24 | ---> 22 units card | | | 0010 0111 | $27 | ---> 25 units card | | | 0011 0010 | $32 | ---> 30 units card | | | 0101 0010 | $52 | ---> 50 units card | | | 1000 0010 | $82 | ---> 80 units card | 1000 0001 | $81 | 0000 0010 | $02 | ---> 100 units card | | | 0101 0010 | $52 | ---> 150 units card +-----------+-----+-----------+-----+ 5 33 --> 40 | | | +-----------+-----+ 6 41 --> 48 | | | +-----------+-----+ 7 49 --> 56 | | | +-----------+-----+ 8 57 --> 64 | | | +-----------+-----+ 9 65 --> 72 | | | +-----------+-----+ 10 73 --> 80 | | | +-----------+-----+ 11 81 --> 88 | | | +-----------+-----+ 12 89 --> 96 | 0001 1110 | $1E | ---> Sweden | 0010 0010 | $22 | ---> Spain | 0011 0000 | $30 | ---> Norway | 0011 0011 | $33 | ---> Andorra | 0011 1100 | $3C | ---> Ireland | 0100 0111 | $47 | ---> Portugal | 0101 0101 | $55 | ---> Czech Republic | 0101 1111 | $5F | ---> Gabon | 0110 0101 | $65 | ---> Finland +-----------+-----+ 13-31 97 --> 248 | | | ---> The units area: each time a unit | | | is used, then a bit is set to "1"; | | | | | | Generally the first two units are | | | fused in factory as test. | | | | | | +-----------+-----+ 32 249 --> 256 | 0000 0000 | $00 | +-----------+-----+ II ) The cards from ODS, Giesecke & Devrient, ORGA Karten systeme, ============================================================= Uniqua, Gemplus, Schlumberger and Oldenbourg Kartensysteme: =========================================================== II-1) Introduction: ------------ These cards are in fact 128 bit memory in NMOS technology, and the map of these cards are the following: 64 bit EPROM written protected (manufacturer area). 40 bit EEPROM (5x8 bits). 24 bits set to "1". II-2) Pinout: -------- ISO 7816-2 -------------+------------- | 1 | 5 | Pinout: | | | ------- +-------\ | /-------+ | 2 +----+ + 6 | 1 : Vcc = 5V 5 : Gnd | | | | 2 : Reset 6 : n.c. +--------| |--------+ 3 : Clock 7 : I/O | 3 | | 7 | 4 : n.c. 8 : n.c. | +----+----+ | +-------/ | \-------+ n.c. : not connected | 4 | 8 | | | | -------------+------------- II-3) Main features: --------------- - ISO 7816- 1/2 compatible. - use a single 5V power supply. - low power consumption. - NMOS technology. II-4) Time Diagrams: ---------------- Reset: ------ The address counter is reset to 0 when the clock line CLK is raised while the control line R is high. Note that the address counter can not be reset when it is in the range 0 to 7. __________________ _____| |_____________________________________________ Reset : : : _____ : _____ _____ _____ _____ _____:_______| |____:_| |_____| |_____| |_____| |_ Clk : : : : : : : : : : : _____:_______:__________:_:_____:_____:_____:_____:_____:_____:_____:_ _____:___n___|_____0____:_|_____1_____|_____2_____|_____3_____|___4_:_ (Address) : : : : : : _____: :_______:___________:___________:___________:_ _____XXXXXXXXXXXXXXXXXXXX_______|___________|___________|___________|_ Data Bit n Bit 0 Bit 1 Bit2 Bit3 The address counter is incremented by 1 with each rising edge of the clock signal Clk, for as long as the control line R remains low. The data held in each addressed bit is output to I/O contact each time Clk falls. It is not impossible to decrement the address counter, therefore to address an earlier bit, the address counter must be reset then incremented to require value. Write: ------ All unwritten or erased bits in the address 64-104 may be unwritten to. When a memory cell is unwritten to, it is set to 0. The addressed cell is unwritten to by the following sequence. 1- R is raised while Clk is low, to disable address counter increment for one clock pulse. 2- Clk is then raised for a minimum of 10ms to write to the address bit. When to write operation ends, and Clk falls, the address counter is unlocked, and the content of the written cell, which is now 0, is output to I/O contact if the operation is correct. The next Clk pulse will increment the address by one, then the write sequence can be repeated to write the next bit. _____ _____ ____________| |______________________________| |_______________ Reset : : ___ : _____ ___ : _____ ___| |____:__________| |_________| |_____:__________| |____ Clk : : : : : : : : : ___:________:__________:_____:_________:___:_____:__________:_____:_____ n | n+1 | n+2 | : n+3 | : (Addr) ---'--------:----------'-----:---------'---:-----:----------'-----:----- : : : : : : : ________ _: : : ____________: ___: : : ________XXX_XXXXXXXXXXXXXXXXXXX____________ XX___XXXXXXXXXXXXXXXXXXXXXXX I/O n n+1 : : n+1 n+2 : : : : : : write write WriteCarry: ----------- A counter is erased by performing the WRITECARRY sequence on the stage of the next highest weighing to that to be erased. The writecarry sequence is as follows: 1 - Set the address counter to an unwritten bit in the next highest counter stage to that to be erased. 2 - Increment is disabled on the following rising edge of R where Clk remains low. 3 - Clk is then raised for a minimum of 10ms, while R is low, to write to the next address bit. 4 - R is the raised again while Clk remains low to disable increment a second time. 5 - Clk is the raised for a minimum of 1ms, while R is low, to write to the addressed bit a second time, erasing the counter level immediately below that the addressed bit. _____ _____ ______| |____________________| |_________________________________ Rst : : : _______ : _______ ___ ______:___________| |______:_____________| |______| |______ Clk : : : : : : : : : : : : : : : : <------------------------- address n ------------------------>:<--- n+1 ------ : : : : : : : : : : : : : : ______: : :______: : :__________: _____ ______XXXXXXXXXXXXXXXXXXXXX______XXXXXXXXXXXXXXXXXXXXXXX__________XX_____ I/O : : n : : n n+1 : : : : Write Erase II-5) Memory Map: ------------- Bytes Bits Binary Hexa +-----------+-----+ 1 1 --> 8 | | | +-----------+-----+ 2 9 --> 16 | 0010 1111 | $2F | ---> Germany | 0011 0111 | $37 | ---> Netherland | 0011 1011 | $3B | ---> Greece +-----------+-----+ 3 17 --> 24 | | | 4 25 --> 32 | | | ---> Issuer area (written protected) 5 33 --> 40 | | | 6 41 --> 48 | | | 7 49 --> 56 | | | 8 57 --> 64 | | | +-----------+-----+ 9 65 --> 72 | | | ---> c4096 ) 10 73 --> 80 | | | ---> c512 ) 11 81 --> 88 | | | ---> c64 ) 5 stage octal counter 12 89 --> 96 | | | ---> c8 ) 13 97 --> 104 | | | ---> c0 ) +-----------+-----+ 14 105 --> 112 | 1111 1111 | $FF | 15 113 --> 120 | 1111 1111 | $FF | ---> area of bits set to "1" 16 120 --> 128 | 1111 1111 | $FF | +-----------+-----+ The Issuer area: ---------------- This issuer consists of 40 bits. The contents of the issuer area are specified by the card issuer, and are fixed during the manufacturing process. The contents of the issuer area will include data such as serial numbers, dates, and distribution centers. This area may only be read. The Counter area: ----------------- The counter area stores the card's units. Its initial value is specified by the card issuer and set during manufacturing. The counter area is divided into a 5 stage abacus. Note that you can only decrease the counter and it is not authorized to write in the counter a value greater than the old value. I-6) Electrical features: -------------------- Maximum ratings: ---------------- +--------+------+------+------+ | Symbol | Min | Max | Unit | +----------------------+--------+------+------+------+ | Supply voltage | Vcc | -0.3 | 6 | V | +----------------------+--------+------+------+------+ | Input voltage | Vss | -0.3 | 6 | V | +----------------------+--------+------+------+------+ | Storage temperature | Tstg | -20 | +55 | 0C | +----------------------+--------+------+------+------+ | Power dissipation | Pd | - | 50 | mW | +----------------------+--------+------+------+------+ DC characteristics: ------------------ +--------+-----+-----+-----+------+ | Symbol | Min.| Typ.| Max.| Unit | +---------------------------+--------+-----+-----+-----+------+ | Supply current | Icc | - | - | 5 | mA | +---------------------------+--------+-----+-----+-----+------+ | Input Voltage (low) | Vl | 0 | - | 0.8 | V | +---------------------------+--------+-----+-----+-----+------+ | Input voltage (high) | Vh | 3.5 | - | Vcc | V | +---------------------------+--------+-----+-----+-----+------+ | Input current R | Ih | - | - | 100 | uA | +---------------------------+--------+-----+-----+-----+------+ | Input current Clk | Il | - | - | 100 | uA | +---------------------------+--------+-----+-----+-----+------+ | Output current (Vol=0.5V) | Iol | - | - | 10 | uA | +---------------------------+--------+-----+-----+-----+------+ | Output current (Voh=5V) | Ioh | - | - | 0.5 | mA | +---------------------------+--------+-----+-----+-----+------+ AC characteristics: ------------------ +--------+------+------+------+ | Symbol | Min. | Max. | Unit | +----------------------+--------+------+------+------+ | Pulse duration | tr | 50 | - | us | | R address reset | | | | | +----------------------+--------+------+------+------+ | Pulse duration | ts | 10 | - | us | | R write | | | | | +----------------------+--------+------+------+------+ | High level Clk | th | 8 | - | us | +----------------------+--------+------+------+------+ | Low level Clk | tl | 12 | - | us | +----------------------+--------+------+------+------+ | Write window | Twrite | 10 | - | ms | +----------------------+--------+------+------+------+ | Erase window | Terase | 10 | - | ms | +----------------------+--------+------+------+------+ | | tv1 | 5 | - | us | +----------------------+--------+------+------+------+ | | tv2 | 3.5 | - | us | +----------------------+--------+------+------+------+ | | tv3 | 3.5 | - | us | +----------------------+--------+------+------+------+ | | tv4 | 3.5 | - | us | +----------------------+--------+------+------+------+ | | tv5 | 3.5 | - | us | +----------------------+--------+------+------+------+ | | tv6 | 5 | - | us | +----------------------+--------+------+------+------+ | | tv7 | 5 | - | us | +----------------------+--------+------+------+------+ | | tv8 | 10 | - | us | +----------------------+--------+------+------+------+ III) The Reader Schematic: ====================== External 5V (Optional) 5V o------, | / T2 PNP d13 r7 10 0V o--, | / BC 177 |\ | _____ | | ,-------o/ o--*------. E C .--| >+-[_____]--------, __+__ | | | \ / |/ | | \\\\\ | __|__ Battery | \ / | | - 22.5V | --------- | ....... | | | _____ | _____ | : | __+__ +--[_____]--*--[_____]--, | D2 : | \\\\\ r6 150k r5 15k | | 4 o-------|---------------------------*------------------|-------------, | : | | r3 220k / C | | Ack : | | _____ |/ T1 - NPN | | 10 o------|--------. '--[_____]-*---| BC107 | | : | | _____ | |\ | | : ,-, ,-, +--[_____]-' \ E | | : | |r2 | |r1 | r4 390k | | | : | |220 | |22k __+__ __+__ | | : |_| |_| \\\\\ \\\\\ | | : | |\ | | | | : *--| >+--|----------------*----------------------------------|--* : | |/ | | ,-----|-----------------------------, | | : | d1 | | | ,----------,----------, | | | : | | | *---|--* Fuse | Reset *--|---' | | : | | | | |----------|----------| | | D0 : | | | ,-|---|--* I/O | Clk *--|---, | | 2 o-------|--------|----------' | | |----------|----------| | | | : | | | '---|--* Vpp | R/W *--|---|----' | Busy : | | | |----------|----------| | | 11 o------|--------|--------------' ,---|--* Gnd | 5V * | | | : | | | '----------'-------|--' | | D1 : | | __+__ Chip connector | | | 3 o-------|--------|--------, \\\\\ | | | : | | '------------------------------|------' | Str : | |\ | | | | 1 o-------*--| >+--*----*----*----*----*-------------------' | : d2|/ | |d3 |d4 |d5 |d6 |d7 | : -+- -+- -+- -+- -+- | : /_\ /_\ /_\ /_\ /_\ | D3 : | | | | | |\ | d8 | 5 o----------------*----|----|----|----|---| >+-------*-------------------' : | | | | |/ | | : | | | | | D4 : | | | | |\ | d9 | 6 o---------------------*----|----|----|---| >+-------* : | | | |/ | | : | | | | D5 : | | | |\ | d10 | 7 o--------------------------*----|----|---| >+-------* : | | |/ | | : | | | D6 : | | |\ | d11 | 8 o-------------------------------*----|---| >+-------* : | |/ | | : | | D7 : | |\ | d12 | 9 o------------------------------------*---| >+-------' : |/ | : : 25 o------. : | .......: | d1 to d13: 1N4148 __+__ \\\\\ Centronics port IV) The program: =========== The following program will enable you to read telecards on you PC if you build the reader. --------------- cut here (begin) {*****************************************************************************} { T E L E C A R D . PAS } {*****************************************************************************} { This program enable you to dumb the memory of electronics phonecards } { from all over the world, so that you will be able to see which country } { the card is from how many units are left and so on .... } {*****************************************************************************} { } { Written by Stephane BAUSSON (1993) } { } { Email: sbausson@ensem.u-nancy.fr } { } { Snail Mail Address: 4, Rue de Grand } { F-88630 CHERMISEY } { France } { } {*****************************************************************************} {* Thanks to: Tomi Engdahl (Tomi.Engdahl@hut.fi) *} {*****************************************************************************} USES crt,dos; CONST port_address=$378; { lpr1 chosen } TYPE string8=string[8]; string2=string[2]; VAR reg : registers; i,j : integer; Data : array[1..32] of byte; car : char; byte_number : integer; displaying : char; {-----------------------------------------------------------------------------} PROCEDURE Send(b:byte); BEGIN port[port_address]:=b; END; {-----------------------------------------------------------------------------} FUNCTION Get:byte; BEGIN get:=port[port_address+1]; END; {-----------------------------------------------------------------------------} { FUNCTION dec2hexa_one(decimal_value):hexa_character_representation; } { } { - convert a 4 bit long decimal number to hexadecimal. } {-----------------------------------------------------------------------------} FUNCTION dec2hexa_one(value:byte):char; BEGIN case value of 0..9 : dec2hexa_one:=chr(value+$30); 10..15 : dec2hexa_one:=chr(value+$37); END; END; {-----------------------------------------------------------------------------} { FUNCTION d2h(decimal_byte):string2; } { } { - convert a decimal byte to its hexadecimal representation. } {-----------------------------------------------------------------------------} FUNCTION d2h(value:byte):string2; VAR msbb,lsbb:byte; BEGIN msbb:=0; if ( value >= $80 ) then BEGIN msbb:=msbb+8; value:=value-$80; END; if ( value >= $40 ) then BEGIN msbb:=msbb+4; value:=value-$40; END; if ( value >= $20 ) then BEGIN msbb:=msbb+2; value:=value-$20; END; if ( value >= $10 ) then BEGIN msbb:=msbb+1; value:=value-$10; END; lsbb:=0; if ( value >= $08 ) then BEGIN lsbb:=lsbb+8; value:=value-$08; END; if ( value >= $04 ) then BEGIN lsbb:=lsbb+4; value:=value-$04; END; if ( value >= $02 ) then BEGIN lsbb:=lsbb+2; value:=value-$02; END; if ( value >= $01 ) then BEGIN lsbb:=lsbb+1; value:=value-$01; END; d2h := dec2hexa_one(msbb) + dec2hexa_one(lsbb); END; {-----------------------------------------------------------------------------} Function Binary( b : byte):string8; var weight : byte; s : string8; BEGIN weight:=$80; s:=''; while (weight > 0) do BEGIN if ((b and weight) = weight) then s:=s+'1' else s:=s+'0'; weight:=weight div $02; END; Binary:=s; END; {-----------------------------------------------------------------------------} FUNCTION Units:byte; VAR u, i : integer; s : string8; BEGIN u:=0; i:=13; while (Data[i] = $FF) do BEGIN u:=u+8; i:=i+1; END; s:=Binary(Data[i]); while(s[1]='1') do BEGIN inc(u); s:=copy(s,2,length(s)); END; units:=u; END; {-----------------------------------------------------------------------------} function Units_2:LongInt; BEGIN Units_2:=4096*Data[9]+512*Data[10]+64*Data[11]+8*Data[12]+Data[13]; END; {-----------------------------------------------------------------------------} PROCEDURE Card_Type; BEGIN case Data[2] of $03: BEGIN write('Telecard - France - '); case Data[12] of $13: write('120 Units - ',units-130,' Units left'); $06: write('50 Units - ',units-60,' Units left'); $15: write('40 Units - ',units-40,' Units left'); END; END; $2F:BEGIN write('Telecard - Germany - ', Units_2, ' Units left'); END; $3B:BEGIN write('Telecard - Greece - ', Units_2, ' Units left'); END; $83:BEGIN write('Telecard'); case Data[12] of $1E: write(' - Sweden'); $30: write(' - Norway'); $33: write(' - Andorra'); $3C: write(' - Ireland'); $47: write(' - Portugal'); $55: write(' - Czech Republic'); $5F: write(' - Gabon'); $65: write(' - Finland'); END; if (Data[12] in [$30,$33,$3C,$47,$55,$65]) then BEGIN case ((Data[3] and $0F)*$100+Data[4]) of $012: write (' - 10 Units - ',units-12,' Units left'); $024: write (' - 22 Units - ',units-24,' Units left'); $027: write (' - 25 Units - ',units-27,' Units left'); $032: write (' - 30 Units - ',units-32,' Units left'); $052: write (' - 50 Units - ',units-52,' Units left'); $067: write (' - 65 Units - ',units-62,' Units left'); $070: write (' - 70 Units - ',units-70,' Units left'); $102: write (' - 100 Units - ',units-102,' Units left'); $152: write (' - 150 Units - ',units-152,' Units left'); END; END; { write(' - N0 ',Data[5]*$100+Data[6]);} END; END; END; {-----------------------------------------------------------------------------} PROCEDURE waiting; BEGIN send($00); write('Enter a card in the reader and press a key ...'); repeat until key pressed; gotoxy(1, wherey); clreol; END; {-----------------------------------------------------------------------------} PROCEDURE Full_Displaying; BEGIN writeln('Memory dump:'); for i:=1 to 80 do write('-'); for i:=1 to (byte_number div 6 + 1) do BEGIN for j:=1 to 6 do BEGIN if j+6*(i-1) <= byte_number then write(binary(Data[j+6*(i-1)]):9); END; gotoxy(60,wherey); for j:=1 to 6 do if j+6*(i-1) <= byte_number then write(d2h(Data[j+6*(i-1)]),' '); writeln; END; for i:=1 to 80 do write('-'); Card_Type; writeln; END; {-----------------------------------------------------------------------------} PROCEDURE Short_Displaying; VAR j : integer; BEGIN for j:=1 to byte_number do BEGIN write(d2h(Data[j]),' '); END; writeln; END; {-----------------------------------------------------------------------------} PROCEDURE Reading; VAR i, j : integer; Value : byte; BEGIN send($FE); send($F8); for i:=1 to 32 do BEGIN Value:=0; for j:=1 to 8 do BEGIN Value:=Value*$02 + ((get and $08) div $08); send($FB); delay(1); send($F8); END; Data[i]:=Value; END; case displaying of 'F':full_displaying; 'S':short_displaying; END; END; {-----------------------------------------------------------------------------} PROCEDURE writing; VAR i,n:integer; car:char; BEGIN write('Which bit do you want to set to "1" : '); readln(n); waiting; car:=readkey; send($FA); send($F8); for i:=1 to n do BEGIN send($F9); if i=n then BEGIN send($FD); delay(20); send($FF); delay(20); END; send($FB); END; reading; END; {-----------------------------------------------------------------------------} PROCEDURE Saving; VAR filename : string; f : text; i : word; BEGIN write('Enter the filename: '); readln(filename); assign(f, filename); rewrite(f); for i:=1 to byte_number do write(f,d2h(Data[i]),' '); close(f); END; {-----------------------------------------------------------------------------} PROCEDURE initialize; VAR i : integer; BEGIN byte_number:=32; displaying:='F'; clrscr; writeln(' 1 - to dump a 256 bits card'); writeln(' 2 - to dump a 128 bits card'); writeln(' F - to display in full format'); window(41,1,80,25); writeln(' S - to display in short format'); writeln(' F2 - to save in a file'); writeln(' Q - to exit the program'); window(1,4,80,25); for i:=1 to 80 do write('='); window(1,5,80,25); END; {=============================================================================} BEGIN initialize; repeat waiting; car:=upcase(readkey); case car of 'W':writing; 'Q':; '1':byte_number:=32; '2':byte_number:=16; 'F','S':displaying:=car; #00: BEGIN car:=readkey; if car=#60 then saving; END; else reading; END; until car='Q'; END. --------------- cut here (end) _/_/_/_/_/ Stephane BAUSSON _/_/_/_/_/ Engineering student at ENSEM (Nancy - France) _/_/_/_/_/ Smail: 4, Rue de Grand, F-88630 CHERMISEY, France _/_/_/_/_/ _/_/_/_/_/ Email: sbausson@ensem.u-nancy.fr ------------------------------------------------------------------------------ <End of text quoted from Stephane Bausson's text about the telephone cards>.