0

So I'm trying to write a small applet which reads a serial number from a smart card using the javax.smartcardio library. Smartcard is connected with bit4id reader, and right now I successfully connect to the smartcard and read basic infos such as ATR and protocol (T=1).

I did some research about it (for example: http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_5_basic_organizations.aspx#table9)

But I'm not getting which specific list of command APDUs should I send to the card to get that serial. Is there an "easy way" to do that, without reading tons of papers and manuals? I guess I would need some datasheets to know how data is stored inside the card, right? or can i send some kind of command APDUs to retrieve this info from the card too?

Right now I only receive SW=6986 responses (not valid command)

Any advises, even only on the workflow, would be strongly appreciated!

sehrob
  • 1,034
  • 12
  • 24
user7345281
  • 1
  • 2
  • 3
    The APDU commands are usually specific for a given card type -- what is the type of your card? One exception might be the UID of contactless cards which could be read by `FFCA000000` quasi-APDU with many readers (this APDU is addressed to the reader asking for the UID and is defined in part 3 of PC/SC specifications)... – vlp Dec 27 '16 at 21:05
  • @vlp Thank you for your response. Sadly my card is a contact card from Incard used for digital sign. Can't figure out how to get more info about it. – user7345281 Dec 28 '16 at 08:44
  • 1
    Related [question](http://stackoverflow.com/questions/39609445/how-to-get-a-unique-smart-card-id), but does not help without knowledge, which card it is. – guidot Dec 28 '16 at 11:00
  • There are several serial numbers that may be present on smart cards. Please indicate which serial number you require. – Maarten Bodewes Dec 28 '16 at 22:11
  • So this is what i managed to understand these days: – user7345281 Dec 29 '16 at 08:38
  • So this is what i managed to understand these days, correct me if i'm wrong: there is no easy-command that leads you to know the structure of file system inside of the card, and without having access to a HW reference manual this problem is not easy to solve, simply because every manufacturer has his own way of managing data inside the card. So communicating through commandAPDUs is probably not the best approach to the problem. – user7345281 Dec 29 '16 at 08:49

1 Answers1

1

There is no one way to read a smart cards serial number. "smartcard" is an ISO/IEC standard defined in the 7816 specification. Many industries use this standard like Mobile SIM, Bank Cards and Digital Signature Cards.

The implementation of the standard is different across industry with some industries advancing this basic standard with there own additional APDUs etc. like 3GPP/GSMA standard in the Mobile SIM case or the EMV standard in banking.

Anyhow, assuming that this card is smart-card ISO/IEC 7816 compliant you could possibly assume that it uses file base storage for card data. You could use the "SELECT" command (defined in 7816-4) to try to access all available files and print there information. i.e. files are identified by two bytes like 3F00 you could select from 0000,0001,0002....FFFF then if you get a successful select (status word 90) then read the contents and print it. Doing this you may be able to identify which file has the "serial" then you would only need to read this file going forward.

The above is not "easy" but may be a nice challenge and learning experience.

QuickPrototype
  • 833
  • 7
  • 18