telstra_smartcard_address_map
ISO7816 ????
Telstra Smartcard MEMORY MAP.
--------------------------------------
Byte (Bit) Hexa
+-----+-----+-----+-----+
0-3 (0..31) | $E8 | $20 | $61 | $09 |
+-----+-----+-----+-----+
4 (32..39) | | --> Serial Number / Manufacturer area
5 (40..47) | |
6 (48..55) | |
7 (56..63) | |
+-----+-----+-----+-----+-----+
8..12 (64..103)|c4096|c512 | c64 | c8 | c1 | --> 5 stage octal counter
+-----+-----+-----+-----+-----+
13 (104..111) | $FF |
14 (112..119) | $F0 |
15 (120..127) | $FF |
+-----+
Note: Each unit is 0.01$ worth.
yup cards can be dumped (hex).
once dumped reverse engineer to asm code. edit, recompile to hex and run checksum.exe to generate a vaild checsum so card can work (woo hoo that their tuff security). thats all very well provided ya havent used the card. destory conter in the code.
no hard part. finding a blank smartcard. as like the sat scene they use wafers. they would cost $20. that means code has to be re-writen to suit the pic16f84 + eeprom.
shit thing is the legit card has a fuse. re write it BAM dead card. with a "clone" it would be fun.
oh as for some people saying serial #'s hahah i DOUBT the fone check it, logs it yes, but not check thats its valid.
change serial to xxxxxxxxxxxx use it for a day or to, go home and change it agian. so you cannot be tracked. ie. so they dont expect the same serial to be recorded on the same fone = very very sus.
rember. dumpin is ok. but moding the card direct aint. cuz as soon as ya tuch manafact area (ie. when it was issued , serial etc like i sed it goes bam!). the main prob is porting the code / software on the card to a pic16f84 / wafer card.
Is it a problem because the pic16f84 uses a different instruction set? So if someone either :
1) Knew how to code for the pic16f84
or
2) Could change asm to pic16f84 code
Then its happy sailing? Also ... couldn't you use a smart card of the same brand, just one that hasn't got the fuse? Why change to a different type? Does this have any kind of bearing on how it operates?
Hehe - I don't know much about this area so bear with me ;) Sounds interesting enough to spring for a smart card read/writer though :)
cheers
yeh existing cards (new ones)
a) can be writen once. we want multiple re-writes.
b) as for a reader its VERY simple to make.
we dont need complex shit. ill up schematic for a reader. has like 3-4 components. ull need a smartcard connecter they are like $5 from farnell electronics. this plugs into printer port.
and ya can read fone cards / mem maps. note ya cant do other cards only fone cards. ill upp pakage to my site. yay also comes with checksum ... like i sed it recalculates it once u have mod'ed it.
think about it. if a wafer was released bam shit load of money would be lost practcly overnight.
remember that 1800 number telstra phonecard payphone rings up? it dials it to verify the card.. telstra knows that we are going to try to pull this off. anyway it rings the number, sends the serial and that verfies it and possibly tells the phone the amount of credit. if someone could give me a serial i could try....
$20 for a wafer though, and it can only be used once right? eaiser just to buy the real thing.
heres the link.
note ya cant see the main page. crashes ur browser ;) ull get some guys trying. i just dont like directory listings.
http://faultycrew.8k.com/fonecard.zip
right click and hit "save as".
schematics are in *.ps format. paint shop pro opens em i would assume adobe foto shop dose too ;)
> note ya cant see the main page. crashes ur browser ;)
> ull get some guys trying.
There's nothing to see on the main page,
other than what looks like a similar attempt
from the folks at cyberarmy.com
Not that I am accusing..
ok im following this with some interest iget most of it but one thing bothers me where do i get a card reader from??
you make one.
its very simple to make. see schematics
all up a reader / writer will cost $30
where are these schmatics?
Yop!!
Thanks for that Sepulchre ... I think I'll be going with the DIY approach :)
Rioter : http://faultycrew.8k.com/fonecard.zip
Its a zip with everyting you need ... I used ghostview to open the .ps files.
Very interesting thread, Marlinspike happy :)
cheers
- Marlinspike
Your are basing your ideas on an old system. Now the phone sends a random challange to the card every time it wants to deduct credit. The card sends back a reponse based on the challange and an algorithm (which is read protected). If the response is wrong the phone wont accept the card.
Sorry guys