SIM CARD APDU解析工具
[英]SIM CARD APDU parsing tool
問題描述
我正在嗅探 SIM 卡和 LTE 模塊之間的 IO 線。 我記錄了很多數據,但由於只有一行用於命令和響應,因此我得到了大量的十六進制數據,中間沒有邊界。 是否有任何工具可以獲取該十六進制轉儲並將其解析為命令和響應,並告訴它是哪種類型的命令以及它在做什么?
2 個解決方案
解決方案1
4 已采納 2017-11-01 10:16:33
我為 15 多年前編寫的程序挖掘了我的檔案,並在github上分享了它。
它分析在線捕獲的 T=0 通信,並具有某種基本的 APDU 識別功能(僅 SIM,無 USIM)。
可能對你有用。
祝你好運!
PS:有一個simtrace 項目,它可能提供類似的功能。
示例輸入:
FF FF 3F 2F 00 80 69 AF 02 04 02 31 00 00 00 0E
83 3E 9F 16 A0 A4 00 00 02 A4 3F 00 9F 16 A0 A4
00 00 02 A4 2F E2 9F 0F A0 B0 00 00 0A B0 FF FF
FF FF FF FF FF FF FF FF 90 00 A0 A4 00 00 02 A4
7F 20 9F 16 A0 A4 00 00 02 A4 6F AE 9F 0F A0 B0
00 00 01 B0 02 90 00 A0 A4 00 00 02 A4 6F 05 9F
0F A0 C0 00 00 0F C0 85 0D 00 07 6F 05 04 00 01
FF FF 03 02 00 00 90 00 A0 B0 00 00 05 B0 01 00
03 02 04 90 00 A0 A4 00 00 02 A4 7F 20 9F 16 A0
C0 00 00 16 C0 85 14 00 04 7F 20 02 00 00 FB FF
03 09 99 00 12 04 00 83 8A 80 8A 90 00 A0 A4 00
00 02 A4 6F 07 9F 0F A0 C0 00 00 0F C0 85 0D 00
09 6F 07 04 00 1B FF 1B 03 02 00 00 90 00 A0 A4
00 00 02 A4 3F 00 9F 16 A0 A4 00 00 02 A4 2F E2
9F 0F A0 A4 00 00 02 A4 7F 20 9F 16 A0 A4 00 00
02 A4 6F 31 9F 0F A0 B0 00 00 01 B0 FF 90 00 A0
A4 00 00 02 A4 6F 16 94 04 A0 A4 00 00 02 A4 6F
AD 9F 0F A0 C0 00 00 0F C0 85 0D 00 03 6F AD 04
00 0B FF FF 03 02 00 00 90 00 A0 B0 00 00 03 B0
00 FF FF 90 00 A0 A4 00 00 02 A4 6F 38 9F 0F A0
C0 00 00 0F C0 85 0D 00 04 6F 38 04 00 1B FF FF
03 02 00 00 90 00 A0 B0 00 00 04 B0 FF 3F FF 0F
90 00 A0 A4 00 00 02 A4 6F 07 9F 0F
示例輸出:
---============-----------------------------------------------------------------
Garbage: FF FF
---============-----------------------------------------------------------------
ATR: 3F 2F 00 80 69 AF 02 04 02 31 00 00 00 0E 83 3E 9F 16
(*) ATR analyze
Initial character TS=3F
Inverse convention
Format character T0=2F
TB1 global interface character(s) defined
15 historical characters present
Global interface character TB1=00
Historical characters: 80 69 AF 02 04 02 31 00 00 00 0E 83 3E 9F 16
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 3F 00 - (File 3F00)
SIM: 9F 16 - (SIM has response data with length 16)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 2F E2 - (File 2FE2)
SIM: 9F 0F - (SIM has response data with length 0F)
---============-----------------------------------------------------------------
ME: A0 B0 00 00 0A - (READ BINARY command)
SIM: B0 - (Ins echo)
(Processing command READ BINARY)
SIM: FF FF FF FF FF FF FF FF FF FF - (Data of file 2FE2 at offset 0000)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 7F 20 - (File 7F20)
SIM: 9F 16 - (SIM has response data with length 16)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 6F AE - (File 6FAE)
SIM: 9F 0F - (SIM has response data with length 0F)
---============-----------------------------------------------------------------
ME: A0 B0 00 00 01 - (READ BINARY command)
SIM: B0 - (Ins echo)
(Processing command READ BINARY)
SIM: 02 - (Data of file 6FAE at offset 0000)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 6F 05 - (File 6F05)
SIM: 9F 0F - (SIM has response data with length 0F)
---============-----------------------------------------------------------------
ME: A0 C0 00 00 0F - (GET RESPONSE command)
SIM: C0 - (Ins echo)
(Processing command GET RESPONSE)
SIM: 85 0D 00 07 6F 05 04 00 01 FF FF 03 02 00 00 - (SELECT response data)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 B0 00 00 05 - (READ BINARY command)
SIM: B0 - (Ins echo)
(Processing command READ BINARY)
SIM: 01 00 03 02 04 - (Data of file 6F05 at offset 0000)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 7F 20 - (File 7F20)
SIM: 9F 16 - (SIM has response data with length 16)
---============-----------------------------------------------------------------
ME: A0 C0 00 00 16 - (GET RESPONSE command)
SIM: C0 - (Ins echo)
(Processing command GET RESPONSE)
SIM: 85 14 00 04 7F 20 02 00 00 FB FF 03 09 99 00 12 04 00 83 8A 80 8A - (SELECT response data)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 6F 07 - (File 6F07)
SIM: 9F 0F - (SIM has response data with length 0F)
---============-----------------------------------------------------------------
ME: A0 C0 00 00 0F - (GET RESPONSE command)
SIM: C0 - (Ins echo)
(Processing command GET RESPONSE)
SIM: 85 0D 00 09 6F 07 04 00 1B FF 1B 03 02 00 00 - (SELECT response data)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 3F 00 - (File 3F00)
SIM: 9F 16 - (SIM has response data with length 16)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 2F E2 - (File 2FE2)
SIM: 9F 0F - (SIM has response data with length 0F)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 7F 20 - (File 7F20)
SIM: 9F 16 - (SIM has response data with length 16)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 6F 31 - (File 6F31)
SIM: 9F 0F - (SIM has response data with length 0F)
---============-----------------------------------------------------------------
ME: A0 B0 00 00 01 - (READ BINARY command)
SIM: B0 - (Ins echo)
(Processing command READ BINARY)
SIM: FF - (Data of file 6F31 at offset 0000)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 6F 16 - (File 6F16)
SIM: 94 04 - (File ID not found / Pattern not found)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 6F AD - (File 6FAD)
SIM: 9F 0F - (SIM has response data with length 0F)
---============-----------------------------------------------------------------
ME: A0 C0 00 00 0F - (GET RESPONSE command)
SIM: C0 - (Ins echo)
(Processing command GET RESPONSE)
SIM: 85 0D 00 03 6F AD 04 00 0B FF FF 03 02 00 00 - (SELECT response data)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 B0 00 00 03 - (READ BINARY command)
SIM: B0 - (Ins echo)
(Processing command READ BINARY)
SIM: 00 FF FF - (Data of file 6FAD at offset 0000)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 6F 38 - (File 6F38)
SIM: 9F 0F - (SIM has response data with length 0F)
---============-----------------------------------------------------------------
ME: A0 C0 00 00 0F - (GET RESPONSE command)
SIM: C0 - (Ins echo)
(Processing command GET RESPONSE)
SIM: 85 0D 00 04 6F 38 04 00 1B FF FF 03 02 00 00 - (SELECT response data)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 B0 00 00 04 - (READ BINARY command)
SIM: B0 - (Ins echo)
(Processing command READ BINARY)
SIM: FF 3F FF 0F - (Data of file 6F38 at offset 0000)
SIM: 90 00 - (Normal ending of the command)
---============-----------------------------------------------------------------
ME: A0 A4 00 00 02 - (SELECT command)
SIM: A4 - (Ins echo)
(Processing command SELECT)
ME: 6F 07 - (File 6F07)
SIM: 9F 0F - (SIM has response data with length 0F)
解決方案2
3 2017-11-06 11:19:22
我們實施了在線工具來解析已知指令的卡 ATR 和 APDU 命令/響應。
樣品:
- ISO 7816 APDU 解析器https://iso8583.info/lib/ISO/7816/APDU
- EMV APDU 解析器https://iso8583.info/lib/EMV/APDU
- PC/SC APDU 解析器https://iso8583.info/lib/PC_SC/APDU
跟蹤數據條目可以采用級別 1格式,該格式是協議級別,帶有 T=0、T=1 數據包等的 INS 回聲。或者在 APDU 命令和響應的偽跟蹤日志中。
具有相關規范數據細分的解析器。 抱歉,尚未定義 SIM 工具包。
在來自 SIM 卡的 APDU 跟蹤下方(沒有回顯的 INS 字節)。
嘗試使用ISO 7816 APDU 解析器工具解析它以查看一些可用的詳細信息:
# FF FF
? 3F 2F 00 80 69 AF 02 04 02 31 00 00 00 0E 83 3E 9F 16
# Ins Echo removed from card responses
> A0 A4 00 00 02 3F 00
< 9F 16
> A0 A4 00 00 02 2F E2
< 9F 0F
> A0 B0 00 00 0A FF FF FF FF FF FF FF FF FF FF
< 90 00
> A0 A4 00 00 02 7F 20
< 9F 16
> A0 A4 00 00 02 6F AE
< 9F 0F
> A0 B0 00 00 01
< 02 90 00
> A0 A4 00 00 02 6F 05
< 9F 0F
> A0 C0 00 00 0F
< 85 0D 00 07 6F 05 04 00 01 FF FF 03 02 00 00
< 90 00
> A0 B0 00 00 05
< 01 00 03 02 04 90 00
> A0 A4 00 00 02 7F 20
< 9F 16
> A0 C0 00 00 16
> 85 14 00 04 7F 20 02 00 00 FB FF 03 09 99 00 12 04 00 83 8A 80 8A 90 00
> A0 A4 00 00 02 6F 07
< 9F 0F
> A0 C0 00 00 0F
< 85 0D 00 09 6F 07 04 00 1B FF 1B 03 02 00 00 90 00
> A0 A4 00 00 02 3F 00
< 9F 16
> A0 A4 00 00 02 2F E2
< 9F 0F
> A0 A4 00 00 02 7F 20
< 9F 16
> A0 A4 00 00 02 6F 31
< 9F 0F
> A0 B0 00 00 01
< FF 90 00
> A0 A4 00 00 02 6F 16
< 94 04
> A0 A4 00 00 02 6F AD
< 9F 0F
> A0 C0 00 00 0F
< 85 0D 00 03 6F AD 04 00 0B FF FF 03 02 00 00 90 00
> A0 B0 00 00 03
< 00 FF FF 90 00
> A0 A4 00 00 02 6F 38
< 9F 0F
> A0 C0 00 00 0F
< 85 0D 00 04 6F 38 04 00 1B FF FF 03 02 00 00 90 00
> A0 B0 00 00 04
< FF 3F FF 0F 90 00
> A0 A4 00 00 02 6F 07
< 9F 0F
覆蓋OffHostApduService以將APDU路由到SIM卡
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.