Join Us!

Notifications
Clear all

ICC Chip Reader  

  RSS
DCS1094
(@dcs1094)
Active Member

A slightly unusual request has come up, which involves attempting to extract data from an Integrated Circuit Card (ICC) retailer type 'Club Card'. Essentially, I would like to attempt to retrieve any account type information, if possible.

I am limited on information on the level of security for this type of ICC compared to the likes of Credit/Bank Cards, SIM Cards etc and also what software I could use for the data extraction. I have pulled out a card reader or two and found some software (http//pannetrat.com/Cardpeek), which has support for Credit Cards & various other types (tested some and recovered data), however the 'Club Card' is not seen by Windows OS or the software that I have at my disposal.

Any other recommendations or ideas?

Cheers!

Quote
Posted : 19/08/2014 1:58 am
jaclaz
(@jaclaz)
Community Legend

The Cardpeek software (nice BTW) seems like being only for ISO7816, but there are several different standards
http//www.cardwerk.com/smartcards/smartcard_standards.aspx
and possibly (particularly if the specific card is a "Club Card" issued by a "small" association) it can use non-standard protocols/whatever, on the other hand more sophisticated organizations may use "special" software or even "special" hardware to access the card contents.
Also the card may be *anything* among tens of "models", some "specialized" to a given task, just to have an idea, check how vast is the range of posiibilities
http//www.smartcardfocus.com/shop/ilp/se~44/cards-and-tags/p/index.shtml

No way to contact the manufacturer/issuer?

jaclaz

ReplyQuote
Posted : 19/08/2014 3:12 pm
DCS1094
(@dcs1094)
Active Member

Cheers for the info, I shall have a read! Unfortunately, the card was issued by a small association, who we cannot contact as they are in fact the defendant/accused. At this stage the specific model is not known and as you have stated I suspect specialised software is needed. I'll do a bit more digging and see what I can find.

Photo of chip FYI Chip.jpg

ReplyQuote
Posted : 19/08/2014 5:49 pm
jaclaz
(@jaclaz)
Community Legend

You may want to attempt discriminate according to cost of the card vs. cost of fee for membership of the club (or whatever) and "intended use".

I mean the el-cheapo cards that are used (say) in hotels as room keys have a very low cost (and there is very little info inside them, like)
http//www.smartcardfocus.com/shop/ilp/id~211/sle5542/p/index.shtml

A "normal" club card is more like
http//www.smartcardfocus.com/shop/ilp/id~121/gemclub-memo/p/index.shtml

Something "special", let's say for both physical access and - say - ID/Secure transactions is more likely to be something *like*
http//www.smartcardfocus.com/shop/ilp/id~485/gemalto-idprime-net-card-hid-prox/p/index.shtml

JFYI, that is not a photo of the chip, it is a photo of the card contacts, but it helps as those contacts shape seem to lead to a SLE5528 or a SLE5542 (or another one of the same "family"
http//www.datasheetdir.com/SLE5528+Smart-Card-Security

If this is accurate, that card will contain very little (it is one of the el-cheapo ones mentioned)
http//www.smartcardfocus.com/shop/ilp/se~32/memory-smartcards/p/index.shtml
and you may get away with reading it's contents with a correspondingly el-cheapo dev kit, like
http//www.smartcardfocus.com/shop/ilp/id~85/acr38-sdk/p/index.shtml
(the bad news ( are that it has a 2 byte protection code and a mechanism to prevent brute-forcing it, the good news ) are that for the reading should not need it, i.e. it is seemingly not a protected form of storage)

jaclaz

ReplyQuote
Posted : 19/08/2014 6:45 pm
DCS1094
(@dcs1094)
Active Member

The software which you have mentioned looks like it could be an option, among some others I'm looking into! I have also compared the shape of the contact pad and since obtained specification sheets for the models SLE5528 and SLE5542 from the 'SLE' contact interface cards.

From the data sheet

SLE5528 - Data Memory Size 1024 bytes EEPROM - Security PSC 2 bytes
SLE5542 - Data Memory Size 256 bytes EEPROM - Security PSC 3 bytes

The card I believe was mainly utilised for when claiming points or/and financial reimbursement circumstances and I have since been advised that the matter may be sorted, but still, it would be good to get some sort of result. Seems like this could be an interesting project.

ReplyQuote
Posted : 20/08/2014 1:44 am
Share: