On Thu, Jun 7, 2012 at 9:09 AM, Xavier Monés <xmm@c3po...> wrote:
> -----Original Message-----
> From: Martin Paljak <martin@mart...>
> Sender: muscle-bounces@list... > Date: Thu, 7 Jun 2012 12:47:13
> To: MUSCLE<muscle@list...>
> Reply-To: MUSCLE <muscle@list...>
> Subject: Re: [Muscle] Is there a way to know if a reader is contactless?
> On Thu, Jun 7, 2012 at 12:34 PM, helpcrypto helpcrypto
> <helpcrypto@gmai...> wrote:
>> Sending an apdu to the card, to check if that card is the "desired"
>> doesnt like me. Take the following example:
>> - Card A has an apdu 012345 which delete a file (no pin required to
>> delete the file :P)
>> - Card B has an apdu 012345 to select DF.
>> When looking for B DF, could I delete A files accidentaly?
> This is a purely theoretical situation.
> If you have a card that goes havoc to random commands, you should take
> *extra*care* with this card. Like not use it at all.
> Smart cards are usually created to protect the contents of the card
> from whatever is "out there". So if you have a card that acts like a
> "memory stick" you probably are using it not for the right purpose.
> And nothing can protect from the human factor:
> they sell adapters that allow to plug a 120v application into 240v
> sockets. Think of all the damage that can accidentally happen! (or
> even worse, if a kid finds the adapter and fits his fingers into it)
> Nevertheless, it would be nice to have a listing of readers and their
> properties (pinpad, contactless etc) but I also have little hope for a
> PC/SC workgroup change and wide-spread adoption in the close future...
> For card detection: ATR is supposed to be a technical interface
> descriptor. What protocols, what speeds. Yes, it is used as a card
> identifier in many cases (like MS Minidriver), but eventually the
> on-card application (and for PKI, the onboard keys) matters. How you
> identify the application is up to you, but the common thing seems to
> be AID selection.
> Do you have better suggestions for a universal method for
> (card)application detection?
I'm not sure if it was discussed or not but there is something you can
try. As far as I remember contact cards must support the minimum
baudrate of 9600 and contactless cards usually start at 106000 and go
up to 848000.
If the reader does not support auto pps a contact card should start in
9600 and so it will be a contact card, if the card starts in 106000
it's a contactless card. If the reader supports auto-pps then it can
be more tricky because contact cards can get over to 600k too. But as
far as I remember contactless cards can only use fixed baudrates of
106k, 212k, 424k and 848k (valid only for type a,b, felica, jewel).
Also some contact cards can auto change their baudrates when they
receive a warm reset so checking the T* bytes of the ATR might be
useful. If threre was an universal way to read the ATS you could
instantly know the card is contactless or not as contact cards don't
have a select answer.