Feb 21 2019, 04:52 PM
QUOTE(xenon @ Apr 13 2007, 10:15 AM)
A few forumers asked me questions regarding reading of MyKad surface information. The answer is there is no encryption; it is just about knowing what (APDU) command to send.
There will be 5 APDU commands that I'll introduce. I name them as
1) Select Application
2) Get Response
3) Set Length
4) Select Info
5) Read Info
Instead of viewing a particular command to read "Name", another command to read "IC no.", it is better to interpret a sequence of 3 commands (Set Length, Select Info, Read Info) as "reading a section (or the whole) file". The fact is "Name", "IC no." etc are stored in fixed-length fields (padded on the right), and concatenated together (without separator) to form files.
For example,
"Name" stored in file jpn-1-1, offset 0x00E9, length 0x28
"IC no." stored in file jpn-1-1, offset 0x0111, length 0x0D
When you want to read "Name", you read jpn-1-1, offset 0x00E9, length 0x28.
When you want to read "IC no.", you read jpn-1-1, offset 0x0111, length 0x0D.
When you want to read both "Name" and "IC no.", you read jpn-1-1, offset 0x00E9, length 0x35.
Conversely, you can read only part of the field; if you want only first 6 digits of "IC no.", read jpn-1-1, offset 0x111, length 6.
Now, the first 2 commands, "Select Application" and "Get Response", are used to select either one of JPN, JPJ, IMM appplication. (Actually you can have 2 active at the same time by using logical channels, but that's a little bit advanced at this stage.) You must select an application after reset, and you'll do it only once except you want to change application.
Reader: 00 A4 04 00 0A A0 00 00 00 74 4A 50 4E 00 10 (Send 10 bytes data, expect receive 0 bytes)
Card : 61 05
Reader: 00 C0 00 00 05 (Send 0 bytes data, expect receive 5 bytes)
Card : 6F 03 82 01 38 90 00
"00 A4 04 00 0A" is the "CLA INS P1 P2 P3" for "Select Application". The data part of the APDU consists of 10 bytes: "A0 00 00 00 74 4A 50 4E 00 10". The "A0 00 00 00 74" and "00 10" parts are constant. "4A 50 4E" represents "JPN". Change to "JPJ" or "IMM" for those applications.
"00 C0 00 00 05" is the "CLA INS P1 P2 P3" for "Get Response". The 5 data bytes received is not significant, but you can verify whether it is successful.
That's the end of description of "Select Application" and "Get Response". Now move on to the 3 commands to read a section of file.
Example: read jpn-1-1, offset 0x00E9, length 0x28.
Reader: C8 32 00 00 05 08 00 00 28 00
Card : 91 08
Reader: CC 00 00 00 08 01 00 01 00 E9 00 28 00
Card : 94 28
Reader: CC 06 00 00 28
Card : 4D 59 20 4E 41 4D 45 20 20 20 20... 90 00
The 3 commands "Set Length", "Select Info", and "Read Info" are shown above. The colored parts are those which varies.
It seems from above that the maximum length will be 0xFF, so you'll have to break long file section (particularly when reading JPEG) into multiple reads (repeat the 3 commands with different length and offset). But actually, for advanced users, you can specify a length >= 0x0100, (provided you don't read past the end of file which results in no bytes returned,) in the "Set Length" and "Select Info". You only need multiple "Read Info", with the single byte length set to big a number (eg. 0xFF or 0xFC), except the last read. "Read Info" is just like retrieving out from a FIFO buffer, you can read however you want, but don't over-read it.
To read jpn-1-4, replace 01 00 01 00 to 04 00 01 00.
Those double byte "Offset" and "Length" are in little endian.
Tables
Data types
Awesome post helped my with my project too. I found an APDU list but sort of incomplete: https://www.eftlab.co.uk/index.php/site-map...u-response-list.There will be 5 APDU commands that I'll introduce. I name them as
1) Select Application
2) Get Response
3) Set Length
4) Select Info
5) Read Info
Instead of viewing a particular command to read "Name", another command to read "IC no.", it is better to interpret a sequence of 3 commands (Set Length, Select Info, Read Info) as "reading a section (or the whole) file". The fact is "Name", "IC no." etc are stored in fixed-length fields (padded on the right), and concatenated together (without separator) to form files.
For example,
"Name" stored in file jpn-1-1, offset 0x00E9, length 0x28
"IC no." stored in file jpn-1-1, offset 0x0111, length 0x0D
When you want to read "Name", you read jpn-1-1, offset 0x00E9, length 0x28.
When you want to read "IC no.", you read jpn-1-1, offset 0x0111, length 0x0D.
When you want to read both "Name" and "IC no.", you read jpn-1-1, offset 0x00E9, length 0x35.
Conversely, you can read only part of the field; if you want only first 6 digits of "IC no.", read jpn-1-1, offset 0x111, length 6.
Now, the first 2 commands, "Select Application" and "Get Response", are used to select either one of JPN, JPJ, IMM appplication. (Actually you can have 2 active at the same time by using logical channels, but that's a little bit advanced at this stage.) You must select an application after reset, and you'll do it only once except you want to change application.
Reader: 00 A4 04 00 0A A0 00 00 00 74 4A 50 4E 00 10 (Send 10 bytes data, expect receive 0 bytes)
Card : 61 05
Reader: 00 C0 00 00 05 (Send 0 bytes data, expect receive 5 bytes)
Card : 6F 03 82 01 38 90 00
"00 A4 04 00 0A" is the "CLA INS P1 P2 P3" for "Select Application". The data part of the APDU consists of 10 bytes: "A0 00 00 00 74 4A 50 4E 00 10". The "A0 00 00 00 74" and "00 10" parts are constant. "4A 50 4E" represents "JPN". Change to "JPJ" or "IMM" for those applications.
"00 C0 00 00 05" is the "CLA INS P1 P2 P3" for "Get Response". The 5 data bytes received is not significant, but you can verify whether it is successful.
That's the end of description of "Select Application" and "Get Response". Now move on to the 3 commands to read a section of file.
Example: read jpn-1-1, offset 0x00E9, length 0x28.
Reader: C8 32 00 00 05 08 00 00 28 00
Card : 91 08
Reader: CC 00 00 00 08 01 00 01 00 E9 00 28 00
Card : 94 28
Reader: CC 06 00 00 28
Card : 4D 59 20 4E 41 4D 45 20 20 20 20... 90 00
The 3 commands "Set Length", "Select Info", and "Read Info" are shown above. The colored parts are those which varies.
It seems from above that the maximum length will be 0xFF, so you'll have to break long file section (particularly when reading JPEG) into multiple reads (repeat the 3 commands with different length and offset). But actually, for advanced users, you can specify a length >= 0x0100, (provided you don't read past the end of file which results in no bytes returned,) in the "Set Length" and "Select Info". You only need multiple "Read Info", with the single byte length set to big a number (eg. 0xFF or 0xFC), except the last read. "Read Info" is just like retrieving out from a FIFO buffer, you can read however you want, but don't over-read it.
To read jpn-1-4, replace 01 00 01 00 to 04 00 01 00.
Those double byte "Offset" and "Length" are in little endian.
Tables
» Click to show Spoiler - click again to hide... «
» Click to show Spoiler - click again to hide... «
» Click to show Spoiler - click again to hide... «
Data types
» Click to show Spoiler - click again to hide... «
I am using ACR38u cost around RM50 for a project simply written in Java file below. The code is quite messy
because I am just a student 
Attached File(s)
JavaCardReader.java.txt ( 6.84k )
Number of downloads: 276
Quote
0.0179sec
0.37
7 queries
GZIP Disabled