[Pcsclite-muscle] Using pyscard to read Hitag 2 cards

Carsten Fuchs carsten.fuchs at cafu.de
Sun Jul 17 09:29:49 PDT 2022 

Dear group,

please forgive me if this is off-topic here. In this case, any kind note to where I should instead be posting would very much be appreciated.

Using Ubuntu 20.04 LTS, Python 3.8.10, pyscard 2.0.2, I try to read Hitag 2 cards:



$ pcsc_scan 
Using reader plug'n play mechanism
Scanning present readers...
0: Elatec TWN4/B1.06/CPF3.05/S1SC1.32/P (Beta 3) 00 00
 
Sun Jul 17 10:35:59 2022
 Reader 0: Elatec TWN4/B1.06/CPF3.05/S1SC1.32/P (Beta 3) 00 00
  Event number: 0
  Card state: Card removed, 
   
Sun Jul 17 10:36:06 2022
 Reader 0: Elatec TWN4/B1.06/CPF3.05/S1SC1.32/P (Beta 3) 00 00
  Event number: 1
  Card state: Card inserted, 
  ATR: 3B 8F 80 01 80 4F 0C A0 00 00 03 06 40 00 00 00 00 00 00 28

ATR: 3B 8F 80 01 80 4F 0C A0 00 00 03 06 40 00 00 00 00 00 00 28
+ TS = 3B --> Direct Convention
+ T0 = 8F, Y(1): 1000, K: 15 (historical bytes)
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
-----
  TD(2) = 01 --> Y(i+1) = 0000, Protocol T = 1 
-----
+ Historical bytes: 80 4F 0C A0 00 00 03 06 40 00 00 00 00 00 00
  Category indicator byte: 80 (compact TLV data object)
    Tag: 4, len: F (initial access data)
      Initial access data: 0C A0 00 00 03 06 40 00 00 00 00 00 00
+ TCK = 28 (correct checksum)

Possibly identified card (using /usr/local/share/pcsc/smartcard_list.txt):
3B 8F 80 01 80 4F 0C A0 00 00 03 06 40 00 00 00 00 00 00 28
3B 8F 80 01 80 4F 0C A0 00 00 03 06 .. 00 00 00 00 00 00 ..
    Card name not given (as per PCSC std part3)
3B 8F 80 01 80 4F 0C A0 00 00 03 06 40 00 00 00 00 00 00 28
3B 8F 80 01 80 4F 0C A0 00 00 03 06 40 .. .. 00 00 00 00 ..
    RFID - Low Frequency < 135 kHz (as per PCSC std part3)
3B 8F 80 01 80 4F 0C A0 00 00 03 06 40 00 00 00 00 00 00 28
    HID Proximity. Used to access buildings. Reference on the card "HID0008P".
    http://www.hidglobal.com/product-display/cards-and-credentials/hid-proximity
   
Sun Jul 17 10:36:07 2022
 Reader 0: Elatec TWN4/B1.06/CPF3.05/S1SC1.32/P (Beta 3) 00 00
  Event number: 2
  Card state: Card removed, 



I understand how I can use pyscard to send APDU commands and receive replies, e.g. for reading the UID. However, Hitag 2 cards don't seem to use ISO APDU commands and from the data reference sheets that I can find I'm not sure how to proceed. The intention is to read the card's data blocks and to possibly use the encryption features (I know that Hitag 2 encryption is broken).

Can someone please give me a clue on how to proceed?

Best regards,
Carsten

More information about the pcsclite-muscle mailing list