I'm not confident with this code, but you asked for it. Was having difficulty with VB without pointers. I don't like .NET either, makes program slow, and need more memory.
Please comment.

---
There is one minor edit you can do. The "Get Response" command (named Cmd2 in this code) is not strictly necessary. Therefore you can comment out

in Function SelectApp

This post has been edited by xenon: Aug 10 2007, 08:15 PM


Attached File(s)
 vbSCread.zip ( 31.23k ) Number of downloads: 3196
 vbSCread__zipfile_.txt ( 31.74k ) Number of downloads: 1162

There is no encryption for surface information.
And I do not use SDK. winscard.dll is part of Windows XP.

No. I need a sample of the device in order to reverse engineer.
Reading of JPN, Driving license and passport information is all we can get from a keychain reader or from SDK that we can possibly buy.
This thread gives the info on the 3 applications mentioned above.
http://forum.lowyat.net/topic/355950/+20

PKI application is possible to discover as well, but I don't have credit card to pay for a digital certificate. www.mykey.com.my

Health info is very much unknown and rarely used.
ATM (Bankcard), I don't think people like to use MyKad as Bankcard as doing so can cause increased wear and tear, as well as being worried for privacy intrusion.
Touch 'n Go, using wireless interface. I guess it's not different from normal dedicated TnG. If you need to reverse engineer TnG, consider using plain TnG instead of MyKad.
MEPS cash, I don't even know how easy/difficult to use this application.

This post has been edited by xenon: Jun 8 2008, 07:42 PM

Logically thinking, updating of license and passport info requires security clearance. Some form of authentication is needed. I believe if the designer of MyKad do it correctly, it should be a cryptographic challenge-response authentication, or perhaps the updated data have to be digitally signed. On the other hand, if a fixed key is used to enable updating, then the fixed key will be easily leaked out. My guess is that challenge-response protocol is used and a Secure Access Module (which is installed to card reader) can prove to MyKad that it is authority now talking to MyKad. I currently do not have any info on the command used for updating. I believe that knowing the command is not a security threat because MyKad will give a different challenge each time, without the SAM, we don't know the correct response to prove to MyKad for the write access.

The card may or may not implement procedures to update JPN info. In practice, JPN info will never be updated. If you change home address, the whole card needs to be changed.

Reading JPN info, driving licence info and passport info do not need SAM.

The thumbprint is in a minutiae format (possibly proprietary and used in MyKad only), not raster image format. My findings show that it stores 4 bytes per minutiae: 1 byte for x-coordinate, 1 byte for y-coordinate, 1 byte for direction, 1 byte for type. I'm unable to find any standard format that matches this characteristic.

baby-doom, refer to http://msdn.microsoft.com/en-us/library/aa380151(VS.85).aspx SCardGetStatusChange and SCardCancel. You might know what to do next. Call SCardGetStatusChange in a separate thread because it blocks.