Question

Smart Card Hex Dump

Asked by: kevindelaney

Hi there!

I'm looking to get into manipulating a smart card that I have (no, not doing anything illegal or satellite-related...just exploring). I want to get a USB reader and some software that will allow me to do a full hex dump of the card, which would then allow me to restore the original hex dump.

For example if the data on the card was "apple" and for whatever reason it changed to "pear",  I could plug it into the USB reader and restore the dump that said "apple".

Kinda hard to explain, but I'm hoping someone can help me out.

Would be much appreciated!

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-09-06 at 16:23:46ID23709378
Tags

Smart Cards

Topics

SmartCards Security

,

Encryption for Network Security

Participating Experts
2
Points
400
Comments
7

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Problem printing PDFs from Acrobat Reader to Apple Laser…
    New 900MHz AMD Machine running Windows 98 2nd edition, 256Mb RaM, has 2 printers connected: Apple LaserWriter 8500 on LPT1 and Epson 1290 on USB. Printing A3-sized PDFs from Adobe Acrobat 4.05 causes "illegal operation" when printing to Apple, but Epson prints fine...
  2. SMART CARD READER NOT FIND
    OS XP HOME and SP2 I've just installed a USB Smartcard reader from ACS the ACR38 USB reader, everythings is OK drivers installed and when I got to Control Panel -> System -> Device Manager -> under Smart card readers also everything OK. When I go to the Event Vi...
  3. Smart Card Reader does not detect card
    I have a computer running Windows XP Service Pack 2 and is completely up to date. We use Axalto/Schlumberger smart card readers and the Schlumberger CSP for our cryptographic service provider. With everything installed the computer will not detect that a smart card is inser...
  4. PEAR frontend
    I have some basic experience in php programming and need to get around developing major web applications and object oriented php. Came across PEAR, which is said to be a big support in basic classes for development, even got to the point that I could install pear by means of ...
  5. A good smart card reader
    Hi Experts, I'm looking to create a loyalty card scheme, but I'm not sure what the best kind of smart card reader to use would be, I want to be able to connect the reader to a database, MS SQL 2005 or MS Access, any real world suggestions would be appreciated, perhaps some l...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: DaveHowePosted on 2008-09-07 at 12:27:49ID: 22412463

It would depend on the smartcard, but be aware that most don't *have* a read-from-card function - by design, they are write only from the outside in. In some cases however, you can write a program into the firmware and read the rest of the firmware using that program.

if you can tell us what series of card it is, we can probably recommend a suitable usb device and/or software.

 

by: kevindelaneyPosted on 2008-09-07 at 16:22:35ID: 22413351

I'll be honest, I'm not quite sure. It doesn't say on the card what kind it is.

 

by: DaveHowePosted on 2008-09-08 at 01:16:20ID: 22415378

Well unfortunately, you are in the position of asking us "where is the headlight dip lever on my car" when you and we don't know what car you have.....

 

by: kevindelaneyPosted on 2008-09-08 at 03:56:32ID: 22416057

Haha... Well as cheap as this is, I'm trying to see if I can clone a smart card that has a stored value. Mostly just for a fun experiment. It's similar to a Coinamatic SmartCity Laundry card, and I'm reading around to try to find out what kind of card they use. Don't know if you've heard about these before?

http://www.coinamatic.com/coinamatic_group/html/apartment_laundry_services/smartcity/Products/specsc.pdf

 

by: ParanormasticPosted on 2008-09-08 at 08:07:59ID: 22418120

Generically speaking here...

Smart cards are meant to protect the private data on the card, usually a private cryptographic key.  The card will have its own OS on it that is designed to never release that anywhere - all computations that require it are performed within the card and the result is then released back to the requestor.

Public data may be able to be backed up, but anything that you could change you could probably just copy and paste with an appropriate card access software - i.e. if you changed the container name, owner label, PIN, etc. - these would still be protected by logging into the card, but would then be given write access to that data.

I am not specifically familiar with this vendor's cards, but that is how the industry works.  If you are looking for a full image, so to speak, including the private locked data you would really only have two options:
1) Hack the card - depending on the quality that the card manufacturer actually puts in depends on how easy this might be.  I will not give any suggestions on this topic and by and large do not recommend doing this, although there are reasons for attempting, such as to make sure that you can't (i.e. validating the security of the card).  Doing so usually requires very expensive hardware that is designing for tampering with cards, and if it was actually created well, which many are, still should not work.

2) Have the data generated external to the card during issuance and then injected onto the card - this would allow for archiving of the private data off-card before it is actually put onto the card.  A CMS program would typically be used for doing this - it would request the cert, create a P12 file and then inject that P12 onto the token.  If you are looking at this for this kind of reason, this is how it is done if you need to issue a replacement card for a user.  The replacement card would then be issued via the CMS and it would retrieve the existing cert data and inject it again onto the new card.

As for reading public data this is not marked 'private' but merely 'secured' then I would try contacting the smartcard company and see if they have a dev kit and instructions - they probably do (or, more likely, they resell and could point you to their OEM's documentation).

 

by: kevindelaneyPosted on 2008-09-08 at 08:10:57ID: 22418159

Thank you very much for your help. I'm noticing this might be a bit over my head, but your comments have helped me learn a bit more about how this stuff works.

 

by: ParanormasticPosted on 2008-11-24 at 11:13:11ID: 23029819

Looks like this article gets a lot of attention, so I will add to it a little bit.

For CMS providers, most of the companies are resellers.  The main companies that I am aware of are Microsoft ILM / ILM2, Intercede MyID, and ActivIdentity ActivID.  You can usually request a demo version to make sure it does what you want it to. Looking through it you will likely find a lot of different options that will get your mind racing - plan to dedicate some time and test lab resources to really learn this stuff.

For recovering the 'image' - there are vendor proprietary methods for doing so.  I know that Datakey (now SafeNet) offers a few different solutions to the recovery challenge.  Make sure you understand how the vendor's product works so you don't mistakenly overwrite information prematurely.  For Datakey's method, the information that was backed up in the recovery file I believe consisted only of SSO data, not certificate data.

Method A = Updating the card.  You may be able to update specific areas of the card without affecting existing data.  For example, you can update a password for SSO application A without needing to do anything about application B.  This process may be used to renew or replace existing certificates as well, keeping in mind that the certs would be new ones, not copies of old ones (unless importing a P12 file as mentioned before).

Method B = SSO data is kept on the hard drive as an encrypted data file.  During the recovery process the data is decrypted and the card is effectively initialized (formatted/erased) and the new data written back to it.  If certificate data is not kept in this file then a new certificate will be requested as part of this process.


Make your card valuable to the user, that way they won't be as likely to lose it.  Having a user created SSO in addition to the corp SSO makes it so they can store their hotmail password, bank info, etc. on there.  If it is an ID card that they need to use to badge into the room or into/out of the building that makes it pretty tough to get anywhere without it.

Another not frequently discussed topic is that of card care.  
1) Handing out a quick flier or email or something would be of service here.  I have heard of people wanting to decorate their cards - this is fine if they put a sticker or something on it as long as they don't block their picture or a bar code,etc.  but I have heard interesting things such as taking a hole puncher to it so they can string through little bracelet charms to make it pretty - when one user did this they punched through the wire coil that goes around the border of the card (inset maybe 1/16th or 1/8 inch) rendering the card useless.   Whoever sells you the card should be able to give you physical areas to avoid damaging to include in your flier - this is a good idea anyways if you will be punching the hole in to allow for a lanyard (necklace), retractable badge reels (zippy thingies that go on your belt loop), or card clamps (attach to your pocket).
2) Card holders - the plastic things to put your card into to avoid it getting scraped and such or to make it easier to put the badge reels, etc. into.  Some of these stick well to your card and can start damaging the ink by having it adhere to the platic wrapper.  Also, there is a safety notice for the hard plastic kind for those that work in areas where things move around alot or having a foreign object get caught in a device may be a concern.  A specific example is JPL (Jet Propulsion Laboratory) in the US where the hard covers are not allowed in areas where they work on jet engines and such.
3) Cleaning chemicals - occasional cleaning with most normal cleaning chemicals should be safe, but check with your card seller if there are any specific chemicals to avoid with the type of ink that they use.  Abrasives should be avoided, obviously, but I wouldn't put it past the public at large to attempt a brillo pad or steel wool to try to clean off degradation stains (from leaving out in the sun, near heat, etc. for too long).  Along that note - don't keep it on a window ledge, car dashboard, or near the stove which will likely promote fading and/or cracking.  Also, keeping it in a men's wallet in the back pocket is not good either - it will bend and crack slowly over time there.  In a wallet that is designed to be kept in the breast pocket (i.e. not bi-fold or tri-fold but a checkbook sized flat one) or in a purse is normally fine.  (In addition to preventing damage it keeps people like my brother from sticking their hind ends up to the card reader to enter the room!)

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...