eecs 598-2:smartcards
lecture 7

peter honeyman
citi

multiflex
  o  scdk sample cards is multiflex 3k
  o  5 Mhz motorola sc21 8-bit microcontroller
  o  6,114 bytes rom, 3,008 bytes eeprom, 128 bytes ram
  o  eeprom writes 4 bytes at a time, 7 ms. per write
  o  T=0, 9.6 Kbps

mutiflex commands
  o  file commands
     o  select
     o  create file
     o  delete file
     o  create record
     o  read binary
     o  update binary
     o  read record
     o  update record
     o  seek

multiflex commands
  o  access control
     o  verify key
     o  verify pin
     o  change pin
     o  get challenge
     o  external authenticate
     o  internal authenticate
     o  invalidate
     o  rehabilitate
     o  unblock pin

multiflex commands
  o  purse
     o  increase
     o  decrease
  o  other
     o  get response

multiflex atr
  o  3B 02 14 50
  o  TS: 3B (direct convention)
  o  T0: 02 (no other T fields, 2 historical bytes)
  o  T1: 14 (historical byte: component code)
     o  specifies motorola sc21
  o   T2: 50 (historical byte: mask code)
     o  specifies multiflex M24E-G2 operating system

multiflex files
  o  3F00 root
  o  3F00/0000 pin file
  o  3F00/0001 internal authentication file
  o  3F00/0011 external authentication file
  o  authentication files can hold 16 keys

selecting files
  o  first select the root
  o  C0 A4 00 00 02 3F 00
  o  CLA INS: C0 A4
     o  select file
  o  P1 P2: 00 00
  o  P3: 02
     o  Lc = 2
  o  data: 3F 00
     o  specifies MF

selecting files
  o  response apdu: 61 14
     o  61: normal processing
     o  14: 20 byte reponse code
  o  get response: C0 C0 00 00 14
     o  CLA INS: C0 C0
     o  P1 P2: 00 00 
     o  Le: 14

select file response code
  o  00 00 0B 10 3F 00 38 FF FF 44 44 01 05 03 00 02 00 00 00 00
  o  1-2: 00 00 (unused)
  o  3-4: 0B 10 (typo in text)
     o  0B10 = 2,832 bytes available
  o  5-6: 3F 00 
     o  file id

select file response code
  o  7: 38 
     o  type is directory
  o  8: FF (unused)
  o  9-11: FF 44 44
     o  access control
     o  directory command prohibited
     o  key required for delete, create, rehabilitate, invalidate 

select file response code
  o  12: 01
     o  status: unblocked
  o  13: 05
     o  five bytes follow
  o  14: 03
     o  features; unused
  o  15: 00
     o  no subdirectories

select file response code
  o  16: 02
     o  two Efs
  o  17: 00
     o  no secret codes
  o  18: 00 (unused)
  o  19: 00
     o  no pin file

select file response code
  o  20: 00
     o  pin unblocking key status: unblocked

multiflex file types
  o  dedicated: 38
  o  transparent: 01
  o  linear fixed: 02
  o  linear variable: 04
  o  cyclic: 06
  o  linear and cyclic file limits
     o  maximum record size: 255 bytes
     o  maximum number of records: 255

access conditions
  o  TF: access conditions governed by two high-order bits of response byte 8
     o  00: update
     o  01: update, increase
     o  10: update, decrease
     o  11: increase, decrease

access conditions
  o  0: all operations permitted
  o  1: pin required
  o  3: key protected
  o  4: key authenticated
  o  6: pin and protected
  o  8: pin and authenticated
  o  F: no operations permitted

access conditions
  o  bytes 9-11 specify key-protected operations
  o  DF access conditions
     o  9H: directory
     o  10H: delete file
     o  10L: create file
     o  11H: rehabilitate
     o  11L: invalidate

access conditions
  o  EF access conditions
     o  9H: read, seek
     o  9L: update, decrease, decrease stamped
     o  10H: increase, increase stamped
     o  10L: create record
     o  11H: rehabilitate
     o  11L: invalidate

access conditions
  o  MF example: FF 44 44
     o  directory command not allowed
     o  key required for create file, delete file, rehabilitate, invalidate

multiflex files
  o  3F00/0002
     o  serial number file
  o  3F00/0011
     o  transport key file

serial number file
  o  select file: C0 A4 00 00 02 00 02
     o  Lc: 02
     o  data: 00 02
  o  response code: 61 0F
     o  15 byte response
  o  get response: C0 C0 00 00 0F
  o  response: 00 00 00 08 00 02 01 00 04 FF FF 01 01 00 00

select file response code
  o  1-2: 00 00 unused
  o  3-4: 00 08 physical size
  o  5-6: 00 02 file id
  o  7: 01 type (TF)
  o  8: 00 access condition (update only)
  o  9: 04 access condition (any read, any seek, key update, no decrease, no decrease stamped)

select file response code
  o  10: FF access condition (no increase, no increase stamped, no create record)
  o  11: FF access condition (no rehabilitate, no invalidate)
  o  12: 01 status (unblocked)
  o  13: 01 num bytes following
  o  14: 00 unused
  o  15: 00 record length

serial number file contents
  o  read binary: C0 B0 00 00 08
     o  Le = 8
  o  get response
  o  four byte serial number, four byte mfgr. code

transport key file
  o  select file: C0 A4 00 00 02 00 11
     o  Lc = 2, data = 00 11
  o  response code: 61 0F
     o  15 byte response
  o  get response: C0 C0 00 00 0F (typo in text)

select file response code
  o  response: 00 00 00 26 00 11 01 00 F4 40 F4 01 01 00 00
  o  1-2: 00 00 unused
  o  3-4: 00 26 physical size
  o  5-6: 00 11 file id
  o  7: 01 type (TF)

select file response code
  o  8-11: 00 F4 40 F4 access condition (update only, no read, no seek, key update, key decrease, key decrease stamped, key increase, key increase stamped, any create record, no rehabilitate, key invalidate)
  o  12: 01 status (unblocked)

select file response code
  o  13: 01 num. bytes following
  o  14: 00 unused
  o  15: 00 record length