+=======================================+

| TuiUS disassembly v1.0 |

+---------------------------------------+
| Tarjeta Universitaria US |
+---------------------------------------+
| Jesus F. Trujillo 2010 @yeyus |
| elyeyus@gmail.com |
+---------------------------------------+
- Algunos datos estan protegidos y han sido marcados como XX
- La sintaxis es la siguiente:
Comando usb (00 00) Comando raw a tarjeta
P-> Peticion
R-> Respuesta
ADD -> Peticiones añadidas no realizadas por el protocolo de conexion de l
a US
y realizadas para profundizar en los comandos
- La tarjeta es una Cripto-Tarjeta CERES-FNMT con el COS (Card Operating System)
WG10
- Cumple el estandar ISO 7816-4
http://www.ttfn.net/techno/smartcards/iso7816_4.html#6_11
- Referencia rápida y códigos de error
http://www.wrankl.de/SCTables/SCTables.html
Petición ->6F 05 00 00 00 00 0e 01 (00 00) [00 a4 00 00 00]
Respuest ->80 02 00 00 00 00 0e 00 (00 00) [6a 86]
Petición ->6F 07 00 00 00 00 05 01 (00 00) [a0 a4 00 00 02 7f]
Respuest ->80 02 00 00 00 00 05 00 (00 00) [6e 00]
<--- Pulso Loguear --->
P-> 65 00 00 00 00 00 17 00 (00 00)
R-> 81 00 00 00 00 00 17 01 (00 00)
R-> 50 03
P-> 65 00 00 00 00 00 18 00 (00 00)
R-> 81 00 00 00 00 00 18 01 (00 00)
P-> 62 00 00 00 00 00 16 01 (00 00)
R-> 80 13 00 00 00 00 16 00 (00 00) 3b 6f 00 00 80 66 b0 07 01 01 77 07 53 02 31
10 82 90 00 (ATR?)
P-> 61 05 00 00 00 00 19 00 (00 00) 00 11 00 02 0a 00
R-> 82 05 00 00 00 00 19 00 (00 00) 00 11 00 02 0a 00
P-> 6F 07 00 00 00 00 1a 01 (00 00) a0 a4 00 00 02 7f
R-> 80 02 00 00 00 00 1a 00 (00 00) 6e 00
P-> 6F 09 00 00 00 00 1b 01 (00 00) 00 a4 04 00 04 52 4f 4f 54 (A4->Select File
04->Select DF by name 00->First Record 04->Length 524f4f54->'ROOT')
R-> 80 02 00 00 00 00 1b 00 (00 00) 61 14 ( Command succesfully -> 0x14 bytes us
ing GET RESPONSE)
ADD P-> 00 C0 00 00 14 (GET RESPONSE 0x14 bytes)
ADD R-> 6F 12 84 04 52 5F 5F 54 A5 0A 85 08 3F 00 38 00 00 04 02 02 00 90 00
// LE R O O T [ ¿?]
/*6F 12-> FCI Template 0x12 bytes
/*84 04 -> DF Name 0x04 bytes -> 'ROOT'
/*85 08 -> Propietary info 0x08 bytes -> 3F 00 38 00 00 04 02 02 00
/*90 00 -> Cmd Succesfull
P-> 6F 0D 00 00 00 00 1c 01 (00 00) 00 a4 04 00 08 58 59 00 ff 00 04 46 02 (A4->
Select File 04->Select DF by name 00->First Record 08->Length 58-59-00-ff-00-04-
46-02->cadena)
R-> 80 02 00 00 00 00 1c 00 (00 00) 61 0c ( Command succesfully -> 0x0c bytes us
ing GET RESPONSE)
ADD P-> 00 C0 00 00 0c (GET RESPONSE 0x0c bytes)
ADD R-> 6F 0a 84 08 58 59 00 ff 00 04 46 02 90 00
// LE X Y F CMDSUCCESS
/*6F 0a-> FCI Template 0x0a bytes
/*84 08 -> DF Name 0x04 bytes -> 'XF....F'
/*90 00 -> Cmd Succesfull
P-> 6F 0D 00 00 00 00 1d 01 (00 00) 00 20 00 00 08 XX XX FF FF FF FF FF FF (Envi
ando PIN) (20->Verify 00->Valid 00->No info. given 08->length XXXXFFFFFFFFFFFF->
PIN) donde XXXX Pin
R-> 80 02 00 00 00 00 1d 00 (00 00) 90 00 ( COmmand succesfully executed)
P-> 6F 09 00 00 00 00 1e 01 (00 00) 00 a4 04 00 04 52 4f 4f 54 (A4->Select File
04->Select DF by name 00->First Record 04->Length 524f4f54->'ROOT')
R-> 80 02 00 00 00 00 1e 00 (00 00) 61 14 ( Command succesfully -> 0x14 bytes us
ing GET RESPONSE)
P-> 6F 0D 00 00 00 00 1f 01 (00 00) 00 a4 04 00 08 58 59 00 ff 00 04 46 01 (A4 -
> Select File 04->Select DF by name 00->First Record 08->Length 58-59-00-FF-00-0
4-46-01->cadena)
R-> 80 02 00 00 00 00 1f 00 (00 00) 61 0c ( Command succesfully -> 0x0c bytes us
ing GET RESPONSE)
P-> 6F 07 00 00 00 00 20 01 (00 00) 00 a4 02 00 02 10 05 (A4 -> Select file 02 -
> Select EF under current DF 00-> First Record 02->Length 1005-> EF identifier)
R-> 80 02 00 00 00 00 20 00 (00 00) 61 0c ( Command succesfully ...)
P-> 6F 05 00 00 00 00 21 01 (00 00) 00 b0 00 00 00 ( Read Binary Length 00 bytes
)
R-> 80 02 00 00 00 00 21 00 (00 00) 6c fa (Invalid length 0xfa is the correct le
ngth)
P-> 6F 05 00 00 00 00 22 01 (00 00) 00 b0 00 00 FA ( Read Binary Length 0xFA byt
es)
R-> 80 fc 00 00 00 00 22 00 (00 00) *Respuesta abajo*
0000: 80 fc 00 00 00 00 22 00 00 00 aa 01 18 6a 73 73
// j s s
0010: 74 64 75 72 74 64 20 20 20 32 38 38 33 38 38 32
// t d u r t d _ _ _ 2 8 8 3 8 8 2
0020: 35 41 4a 45 53 55 53 20 54 52 55 4a 49 4c 4c 4f
// 5 A J E S U S _ T R U J I L L O
0030: 20 52 4f 44 52 49 47 55 45 5a 20 20 31 31 20 20
// _ R O D R I G U E Z _ _ 1 1 _ _
0040: 20 20 30 31 32 30 XX XX 31 33 31 31 XX XX 30 31
// _ _ 0 1 2 0 x x 1 3 1 1 x x 0 1
0050: 30 44 32 38 38 33 38 38 32 35 20 20 20 20 20 20
// 0 D 2 8 8 3 8 8 2 5 _ _ _ _ _ _
0060: 20 33 20 20 20 20 20 20 20 20 20 20 20 20 20 20
// _ 3 _ _ _ _ _ _ _ _ _ _ _ _ _ _
0070: 20 56 45 53 54 55 44 49 41 4e 54 45 20 20 20 20
// _ V E S T U D I A N T E _ _ _ _
0080: 20 20 20 32 33 XX 37 XX 31 34 XX 34 31 XX 20 20
// _ _ _ 2 3 X 7 X 1 4 X 4 1 X _ _
0090: 31 41 42 XX 35 30 XX 31 30 XX 34 30 34 31 30 43
// 1 A B X 5 0 X 1 0 X 4 0 4 1 0 C
00a0: 20 20 20 20 00 00 00 00 00 00 00 00 00 00 00 00
// _ _ _ _
00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00f0: 00 00 00 00 00 00 00 00 00 00 00 00 30 30 30 XX
// 0 0 0 X
0100: 37 33 XX 32 90 00
// 7 3 X 2 (Command succesfully executed)