SCAM Documentation

Tim TimeWaster <tim@cuba.xs4all.nl>

Glossary

APDU

Application Protocol Data Unit.
An APDU contains either a command or a response. For the command APDUs, there are four cases:

CLA INS P1 P2
CLA INS P1 P2 L_c Data
CLA INS P1 P2 L_e
CLA INS P1 P2 L_c Data L_e

CLA is the Instruction class, INS the instruction byte, P1 P2 the instruction parameters, L_c the length of the instruction's data field, Data is the instruction's data field and L_e is the maximum number of bytes we expect in the response's data field.

The response APDU is coded as follows: Data SW1 SW2
Data is the response's data field and SW1 SW2 are the status bytes.

ATR

Answer To Reset.
Gives vital information concerning timings and voltages, and also historical information for the smart card. The ATR can be used to determine the type of card, since most card types have their own unique ATR.

convention

The convention determines how the bits that the card outputs are decoded. Two conventions are used:

direct: The bytes are interpreted the "normal" way as in standard serial port communication.
inverse: The bytes are complemented and reversed.

class

Instructions can be grouped in an instruction class. This can be useful for multiple applications on one card or for testing purposes.

DF

Dedicated File. This file is similar to a directory and contains other files (EFs or other DFs). The top DF is called MF.

EF

Elementary File. This file contains data. Working EFs are used for data that is not used by the card, but the outside world. Internal EFs are used to store data that is used by the card.

The following EF structures exist:

transparent: the file is a bag-o-bytes.
linear fixed: the file contains a sequence of records of fixed size.
linear variable: the file contains a sequence of records of variable size.
cyclic: the file contains a ring of records of fixed size.

ETU

Elementary Time Unit.
For cards with an external clock, this value depends on the clocking period provided on CLK. The initial etu value is 372 / f_i s, where f_i is the clocking frequency. For a 3.5 MHz clock, the etu will be 1/9600 s.

FCI

File Control Information.
Usually contains file length, file id, file type and file permissions.

file

The memory in a smart card is organized in files, just like a floppy disk. Two types of files exist:

dedicated files (DF). These files are similar to directories. The DF at the root is called master file (MF).
elementary files (EF).

instruction

One byte that tells the smart card what to do. The instruction in interpreted by the card's operating system. The instruction set can differ per card, there are a few standards: ISO 7816-4, ETSI TE-9, CEN en726-3, GSM 11.11.

MF

Master File. This is the root DF. Its file ID is always 3f00.

P1 P2

The instruction's parameters.
For example: specifying a certain key, wether or not to return file control information.

SW1 SW2

Status Word bytes. Encode the processing state in the card. The codes below are specified in ISO 7816-4. Some cards will use slightly or entirely different codes.

Code Meaning

90 00 Ok

61 XX Ok: XX bytes remaining

62 00 Warning processing

62 81 Return data may be corrupted

62 82 End of file/record before reading was complete

62 83 Returned data may contain structural information

62 84 File invalidated

62 85 FCI format invalid

62 86 Unsuccessful writing

62 XX Unknown warning: 62XX

63 00 Warning processing

63 81 File full

63 82 Ok after retry

63 cX Warning processing: counter=X

63 XX Unknown warning: 63XX

64 XX Exection error: 64XX

65 00 Execution error

65 81 Memory failure

65 XX Exection error: 65XX

67 00 Unknown length

67 XX Unknown length, try XX

68 00 Function not supported

68 81 Logical channel not supported

68 82 Secure messaging not supported

68 XX Function not supported: 68XX

69 00 Command not allowed

69 81 Command incompatible with file structure

69 82 Security status not satisfied

69 83 Verification method blocked

69 84 Reference data invalidated

69 85 Conditions of use not satisfied

69 86 No current EF

69 XX Command not allowed: 69XX

6a 00 Wrong parameters

6a 80 Incorrect data field parameters

6a 81 Function not supported

6a 82 File not found

6a 83 Record not found parameters

6a 84 Insufficient memory in file

6a 85 Lc inconsistent with TLV structure

6a 86 P1-P2 incorrect

6a 87 Lc inconsistent with P1-P2

6a 88 Reference data not found

6a XX Wrong parameters: 6aXX

6b 00 Wrong parameters

6c XX Le should be XX

6d 00 Wrong INS

6e 00 Wrong CLA

6f 00 Unspecified error

T=0

Code	Meaning
90 00	Ok
61 XX	Ok: XX bytes remaining
62 00	Warning processing
62 81	Return data may be corrupted
62 82	End of file/record before reading was complete
62 83	Returned data may contain structural information
62 84	File invalidated
62 85	FCI format invalid
62 86	Unsuccessful writing
62 XX	Unknown warning: 62XX
63 00	Warning processing
63 81	File full
63 82	Ok after retry
63 cX	Warning processing: counter=X
63 XX	Unknown warning: 63XX
64 XX	Exection error: 64XX
65 00	Execution error
65 81	Memory failure
65 XX	Exection error: 65XX
67 00	Unknown length
67 XX	Unknown length, try XX
68 00	Function not supported
68 81	Logical channel not supported
68 82	Secure messaging not supported
68 XX	Function not supported: 68XX
69 00	Command not allowed
69 81	Command incompatible with file structure
69 82	Security status not satisfied
69 83	Verification method blocked
69 84	Reference data invalidated
69 85	Conditions of use not satisfied
69 86	No current EF
69 XX	Command not allowed: 69XX
6a 00	Wrong parameters
6a 80	Incorrect data field parameters
6a 81	Function not supported
6a 82	File not found
6a 83	Record not found parameters
6a 84	Insufficient memory in file
6a 85	Lc inconsistent with TLV structure
6a 86	P1-P2 incorrect
6a 87	Lc inconsistent with P1-P2
6a 88	Reference data not found
6a XX	Wrong parameters: 6aXX
6b 00	Wrong parameters
6c XX	Le should be XX
6d 00	Wrong INS
6e 00	Wrong CLA
6f 00	Unspecified error

An asynchronous, half duplex, character transmission protocol.

T=1

An asynchronous, half duplex, block transmission protocol.

Transmits APDUs in blocks and does error checking. It is more difficult to implement than T=0, but more convenient and more reliable.

TLV

Tag Length Value. An encoding mechanism that does not fix the size of an object. The tag denotes the type of data (e.g. FCI), the length denotes the length of the value field, i.e. the number of bytes that follow the length byte.

Example:

,-----+--------+----------------------------------------.
|  63 |  0d    | 00 1e 1f 24 da c4 03 3f ff c1 02 03 03 |
| TAG | LENGTH |        VALUE                           |
`-----+--------+----------------------------------------'