Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

> MyKad Application, Need to capture data, how?

views
     
xenon
post Oct 19 2006, 07:48 PM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

That MyKad thread in Codemasters long ago is lost.
And now I've figured out what the commands are to read the surface information. When I've time, I might write an article about it.
xenon
post Oct 24 2006, 10:25 PM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

Ok. I don't have time to complete my original MyKad reader program. Having difficulties with the dreaded user interface hell. So tonight I work on a quick-and-dirty console application in C. You need to use a hex editor to look at the output dump file. But, the basic information like name, IC no., are printed in the console too.

Not responsible if got damage blush.gif
Fail? Success? report here.

Two files in attachment unpack into the same files.
save the ".txt" as .zip.

This post has been edited by xenon: Jun 30 2007, 03:47 PM


Attached File(s)
Attached File  scdump.tar.gz ( 42k ) Number of downloads: 2962
Attached File  scdump.txt ( 17.66k ) Number of downloads: 2687
xenon
post Apr 13 2007, 10:15 AM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

A few forumers asked me questions regarding reading of MyKad surface information. The answer is there is no encryption; it is just about knowing what (APDU) command to send.

There will be 5 APDU commands that I'll introduce. I name them as
1) Select Application
2) Get Response
3) Set Length
4) Select Info
5) Read Info

Instead of viewing a particular command to read "Name", another command to read "IC no.", it is better to interpret a sequence of 3 commands (Set Length, Select Info, Read Info) as "reading a section (or the whole) file". The fact is "Name", "IC no." etc are stored in fixed-length fields (padded on the right), and concatenated together (without separator) to form files.
For example,
"Name" stored in file jpn-1-1, offset 0x00E9, length 0x28
"IC no." stored in file jpn-1-1, offset 0x0111, length 0x0D
When you want to read "Name", you read jpn-1-1, offset 0x00E9, length 0x28.
When you want to read "IC no.", you read jpn-1-1, offset 0x0111, length 0x0D.
When you want to read both "Name" and "IC no.", you read jpn-1-1, offset 0x00E9, length 0x35.
Conversely, you can read only part of the field; if you want only first 6 digits of "IC no.", read jpn-1-1, offset 0x111, length 6.

Now, the first 2 commands, "Select Application" and "Get Response", are used to select either one of JPN, JPJ, IMM appplication. (Actually you can have 2 active at the same time by using logical channels, but that's a little bit advanced at this stage.) You must select an application after reset, and you'll do it only once except you want to change application.

Reader: 00 A4 04 00 0A A0 00 00 00 74 4A 50 4E 00 10 (Send 10 bytes data, expect receive 0 bytes)
Card : 61 05
Reader: 00 C0 00 00 05 (Send 0 bytes data, expect receive 5 bytes)
Card : 6F 03 82 01 38 90 00

"00 A4 04 00 0A" is the "CLA INS P1 P2 P3" for "Select Application". The data part of the APDU consists of 10 bytes: "A0 00 00 00 74 4A 50 4E 00 10". The "A0 00 00 00 74" and "00 10" parts are constant. "4A 50 4E" represents "JPN". Change to "JPJ" or "IMM" for those applications.
"00 C0 00 00 05" is the "CLA INS P1 P2 P3" for "Get Response". The 5 data bytes received is not significant, but you can verify whether it is successful.

That's the end of description of "Select Application" and "Get Response". Now move on to the 3 commands to read a section of file.

Example: read jpn-1-1, offset 0x00E9, length 0x28.
Reader: C8 32 00 00 05 08 00 00 28 00
Card : 91 08
Reader: CC 00 00 00 08 01 00 01 00 E9 00 28 00
Card : 94 28
Reader: CC 06 00 00 28
Card : 4D 59 20 4E 41 4D 45 20 20 20 20... 90 00

The 3 commands "Set Length", "Select Info", and "Read Info" are shown above. The colored parts are those which varies.
It seems from above that the maximum length will be 0xFF, so you'll have to break long file section (particularly when reading JPEG) into multiple reads (repeat the 3 commands with different length and offset). But actually, for advanced users, you can specify a length >= 0x0100, (provided you don't read past the end of file which results in no bytes returned,) in the "Set Length" and "Select Info". You only need multiple "Read Info", with the single byte length set to big a number (eg. 0xFF or 0xFC), except the last read. "Read Info" is just like retrieving out from a FIFO buffer, you can read however you want, but don't over-read it.

To read jpn-1-4, replace 01 00 01 00 to 04 00 01 00.

Those double byte "Offset" and "Length" are in little endian.

Tables
» Click to show Spoiler - click again to hide... «


» Click to show Spoiler - click again to hide... «


» Click to show Spoiler - click again to hide... «


Data types
» Click to show Spoiler - click again to hide... «

xenon
post Apr 17 2007, 12:22 PM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

I don't know. We can just guess. It is not required to know exactly what it means. Just know that what bytes should appear under no-error condition.

If you read ISO7816-3, you should know a little about SW1-SW2. A "90 00" generally means success.

Card : 61 05
This is the SW1-SW2. Probably means there are 5 bytes to be read using Get Response.

Card : 6F 03 82 01 38 90 00
"6F 03 82 01 38" is the 5 byte data. No idea what it means, seems to be constant for several cards I tested. "90 00" is SW1-SW2.

Card : 91 08
SW1-SW2. You can guess that it is expecting you to send 8 bytes data using the "CC 00 00 00 08" command.

Card : 94 28
SW1-SW2. Perhaps it means 28 bytes is ready in buffer. Proceed to use "CC 06 00 00 28"

Card : 4D 59 20 4E 41 4D 45 20 20 20 20... 90 00
Except the last 2 bytes which are the SW1-SW2, the 28 (hex) bytes are the data you just read. It is ISO8859/Windows charset/UTF8 text in this case. This is the data (the section of a file) that you wish to read. In this example, you read the name, "MY NAME".

This post has been edited by xenon: Apr 17 2007, 12:32 PM
xenon
post Oct 2 2007, 07:38 PM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

All readers that are PC/SC compliant and get listed by Windows API SCardListReaders() will work.
xenon
post Oct 25 2008, 06:01 AM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

I don't have idea, because my family don't have have MyKid.
xenon
post Feb 26 2009, 05:47 PM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

-2146435068 = 0x80100004 = SCARD_E_INVALID_PARAMETER

winSCard.SCardTransmit(hCard, SendRequest, TxBuf(0), 15, RecvRequest, RxBuf(0), RxBufLen)
I'm not sure how winSCard is implemented here. I suspect buffer pointers are not passed correctly. Be sure that they are addresses, not values. I can't comment much because I do not know Visual Basic syntax.

Do you have something that looks like this?
CODE
   Declare Function SCardTransmit Lib "winscard.dll" _
      (ByVal hCard As Int32, ByRef pioSendPci As SCARD_IO_REQUEST, _
      ByVal pbSendBuffer As Byte(), ByVal cbSendLength As Int32, _
      ByRef pioRecvPci As SCARD_IO_REQUEST, ByVal pbRecvBuffer As Byte(), _
      ByRef pcbRecvLength As Int32) As Int32


Another thing you can check is the value of hCard, make sure it is some valid value.

 

Switch to:
| Lo-Fi Version
0.0423sec    2.04    7 queries    GZIP Disabled
Time is now: 7th December 2019 - 12:15 AM