Hello everyone

am doing a research project for Uni, about security, and aim to log the data transfer and communication process between the Smartcard and the Reader on a door lock, i have done research into smartcards and found that all the data transfer and comunication is sent through the I/O pin of the smartcard, the smartcard uses Frequencey of 4.76 MHZ and operates at 5V and not forgeting the Clock signal pin and ground

my question is

can i log this data directly to my laptop using a MAX232 and Hyperterminal? while the card is communicating with the reader

am i going about this, in the right way?

any help would be appretiated

thank you
sohail786

 

http://en.wikipedia.org/wiki/Smart_card

Read that, check the ISO specifications. It has much of what you will need to know.

 

Also check ISO/IEC 14443 which ties into the suggestions of mrmeval.

Dave

 

thank you for the prompt reply


i have been reading through the Specification for the ISO 7816-4, most of the information is quite difficult to understand,

i still not sure about how to go about approching this task, as it is my first time doing this

any guidence or pointing in the right direction would be great?

i know the communication between the reader and card is done serially using T=1 Protocol

thank you
sohail786

 

Here is a link to a how-to on smart card communications - http://www.faqs.org/docs/Linux-HOWTO/Smart-Card-HOWTO.html.

There are enough articles on smart card security issues and implementation on the net, such as in this link - http://www.tyndall.ie/dte/smartcard.htm - that it would seem quite possible to research the topic without making your own hardware.

Frankly, this thread is about to be closed. Let us suggest that you establish some credibility here - what is your university, and who is your project advisor? What, precisely, do you intend to be able to demonstrate by making an apparatus that will enable you to monitor the communication between a smart card and its reader that is not already known? Will the university support your claim to be conducting a research project? Quite frankly, if I were doing similar research, the internet is the absolute last place I would go to in order to solicit assistance. The result could affect the entire university's data and physical security. I can hardly believe a legitimate researcher would ever solicit input from faceless entities who might be willing to exploit any revealed security flaws.

Please establish some form of credibility or do not expect further assistance of any sort.

 

No credibility established. Topic locked.

Please feel free to contact an AAS administrator if you feel unfairly treated by having this thread locked.