Contents | Parent Topic | Previous Topic | Next Topic
SCAM stands for "Smart Card Analyzer and Manipulator". Both the name and the abbreviation suggest something naughty. This is only just a joke to get some people scared (or interested). There is nothing naughty about SCAM, but as with any tool or program that exists, it can be used in a good way and in a bad way. So do not worry, SCAM is not more dangerous than a saw or a hammer. In fact it can make the world a better place (allthough I haven't figured out how to do that exactly).
I had never imagined a nerdy program like SCAM would be so popular, just as I had never expected that our homepage on smart cards, HIP Smart Card, would be visited so frequently. Only two weeks after I had put SCAM 3.0 beta online, SCAM was downloaded approximately 400 times already.
Smart Cards are popular. More and more companies and organizations are using them and more and more people use them, wether they like it or not. Smart cards are the current hype. Companies claim their systems are secure, hackers try to find out if that is the case. A lot of "urban legends" on both sides are told and believed. All this leads to the big popularity of smart cards.
SCAM is not a hype program, but a general, flexible and adaptable program. The program can be used to talk to a smart card interactively or via a script. Applications can be quickly prototyped, and using SCAM's code real applications can be written. SCAM is designed to be reader independent and easily portable.
This manual will tell you everything you need to know. Some of the chapters deal with extending SCAM and require knowledge of programming in Perl or C++, others are focused on using SCAM and do not require programming knowledge. This manual will not explain you how smart cards work. If you are interested you are referred to the Introduction to Smart Cards on HIP Smart Card or the "Smart Card Handbook" by Rankl and Effing (ISBN 0471967203).
When I started working on SCAM, memory chipcards were already in use for a few years (in payphones) and smart cards were just introduced for payments, loyalty cards, student ID cards, etc. A friend of mine had just designed a simple chipcard reader, that could read both memory cards and smart cards. The Dumb Mouse, as it was called, needed software. A few weeks later the first version of scam was born: no help, one letter commands and no visible prompt. It also had problems with the waiting times, but I had not fully digged through ISO 7816-3.
Because I did not have the manual for the few smart cards I had, I wrote a little program that generated all possible commands. Its output went through SCAM. But the program that sent the commands could not react on the response that the card sent back. That was when the idea for a front-end arised. The second version of SCAM was a big restyle of the first and it came with a front-end in Perl. The nice thing about this Perl front-end is, that you can dynamically load a file that defines Perl subroutines, which you can directly call from your front-end prompt.
SCAM 2 was presented on the smart card workshop on HIP to show how to talk to a Chipknip smart card (one of the Dutch smart card payment systems). A few cypherpunks got interested and used SCAM to build SIO.
But SCAM still had the waiting time problems. I could of course help developing SIO, but that was written in C instead of C++. My experience is that you can in fact make shorter and neater programs in C++ than in C, if you just know how to do it. So I spent a few months on thinking about how a program such as SCAM could best be designed. It had to support multiple readers, using different hardware on various platforms. It had to support higher level smart card protocols, but it also had to give a user full control of lower level communications.
SCAM 3 is the result. Easy to port, reader adaptable, and it can be extended easily. The front-end now consists of one small Perl module that can be used by Perl scripts. In short, SCAM is a program that can be considered a professional piece of software, just as the Dumb Mouse can be considered to be a professional piece of hardware.
So why should you use a Dumb Mouse and SCAM and not that nifty looking reader and program that some company tried to sell you? There are a few reasons:
But there are a few disadvantages:
Expect a few little changes in the beta versions of SCAM 3. I do not have a lot of spare time so development goes a little slow. If you want to know what changes can be expected, take a look at the Bugs and Changes chapter.
Installation tells you how to install SCAM on your system. Allthough the installation is straightforward, I recommend reading this section, because there can be a few important details.
The Scam Tutorial helps you to get familiar with the program.
For the more advanced use, see the chapter on Command-line Options and SCAM Commands.
If you are tired of typing every command by hand and you know how to program in Perl, you can make little programs that use the SCAM front-end. See The SCAM Perl Front-end for details. If you are a little ambitious you can even make complete libraries for a certain smart card system, such as a GSM Library.
And if you are disappointed because your favourite reader is not supported, you can always program a driver for it. Adding a New Reader tells you how to do this. It would be nice if you could send the source code to me, so that it could be included in a later distribution.
The really ambitious or very grateful readers may attempt to fix some of the bugs that SCAM still has. See the Bugs and Changes chapter. Actually, these bugs aren't all real bugs. I will explain why. As is generally known, the three virtues of any good programmer are laziness, impatience and hubris. Now, the "bugs" are caused by laziness, the release of SCAM is a result of my impatience and my belief that they will be fixed some day clearly reveals the hubris.
Finally, there is a little Glossary that contains some important smart card related terms.
As already mentioned, this manual does not describe what smart cards are and how they work. I also did not go into the gory details of SCAM's implementations. If you are interested in the latter, there are three ways to learn:
The latest information on SCAM can be found on the SCAM home page, http://cuba.xs4all.nl/~tim/scam/.
The latest and previous versions of SCAM can be downloaded from ftp://cuba.xs4all.nl/cards/software/.
The latest version of this manual can be found online as well, at http://cuba.xs4all.nl/~tim/scam/doc/.
Scripts, code for readers and other interesting things will be published on the SCAM home page.
Thanks to BillSF for designing the Dumb Mouse reader and building one for me. I'd like to thank /dev/null for his first smart card software, on which I based my serial port code.
Herman Robers from ISCIT supplied me with vital information on the Dr Chip reader and Ton Verschuren from SURFnet sent me a Dr Chip. Thanks very much!
I'd also like to thank all those people who have let me examine their smart cards.
You can send your suggestions, bug reports, comments, additions, reader and smart card information, fan mail and love letters to
Spammers can send mail to spam@cuba.xs4all.nl, and will then be hacked to death by the BOFH.
Contents | Parent Topic | Previous Topic | Next Topic