APDUscanner

A crappy tool to explore ISO-7816 smart cards and read your ChipKnip (Dutch).

CAUTION: if you don't want to get your cards blocked, be careful to avoid brute forcing CHV/PIN APDUs.

APDUscanner is a small tool to explore ISO-7816 cards using a trial-and-error approach. You may use it to scan your smart card for undocumented commands, to discover the file system layout ("SELECT FILE" iteration), or just to have fun.

System requirements:

1. A Windows 2000/XP system (APDUscanner is written in Visual C++)
2. A PC/SC-compatible card reader
3. A smart card

Features:

• Scan for command APDUs (brute force/sequential)
  • It sends CLA/INS/P1/P2/P3 sequences to your card;
  • It shows the response APDUs and writes them to a file;
  • It does NOT (yet) interpret response APDUs.
• Discover the filesystem layout
  Automatic iteration of "SELECT FILE" commands (and related "interindustry" commands from ISO-7816 part 4)
• For Chipknip cards (Chipknip is a Dutch payment standard): read the public Chipknip information (account number, balance, last payments)

Warning: if you want to prevent your card from being blocked, make sure that you don't instruct APDUscanner to brute force known command APDUs for PIN-related commands (PIN verify, PIN change, et cetera). You're probably OK if you simply disable range-scanning on P2 and P3.

Download

Downloads available at the APDUscanner project page. I'd love to receive your bug reports and name-calling at this address:

APDUscanner - A crappy tool to explore ISO-7816 smart cards and read your ChipKnip (Dutch).