|
The 2 variants are used in France & Monaco and Spain, Andorra,Sweden,Norway,Ire- land, Gabon, Tsech- Repub- lic, Portugal & Finnland. |
Chip-layout of the first types made by Gemplus,Solaic,Ober- thur & Schlumberger. |
|
! n y a or BiT in t da dust when slap & tickle aint da same no more... s read-outs of German type cards, snooper, laptop-aid for phone cards, phetish testa's recipe fo iced tea from Naples: -eat kettle o wata fo real stron brew outta yunan tea leaves, -add em leaves, concentrate. -let it cool! -make ice cubes outta da tea. pour inta trays & place em inta freeza, wait. -ave you |
|
ever watched wata turnin into ice? -no luck,this time eitha when doora freeza closes da light goes off- drop ice cubes in a glassa wata -ready to serve? -add ONEY! -stir gently! -how abouta slica lemon fo freshness! -drink uP! |
: & $
: *
$ . .& %
* .%:
%
: & $
: *
$ ..& %
* .%:
%
d' * .. %
fol- & :
low- !$
in's $
are % .
data from HackTick crew, d'dutchnet people now at XS4ALL.
Including readouts, timediagramms, emulation software for
Dutch (i.e. German) type phonechip & other phoneygoods.
Though psstill "under construction" enjoy & float~~
>>> for more try XS4ALL sites & mORE at
http://www.hacktic.nl
http://members.tripod.com/no1_noname/info/phreaken.htm
Stayin' playin'? Eyein' K's, on boards
dreamin' of turnin' phine gamekeeper
|
Build your own phonecard reader-writer Use your PC, Mac, Newton &/or laptop as a phonebooth & pHREAK oUT!! For hardware, designed to work on a notebook as well, see blueprints displayed under...
|
|
|
Timediagramm of the so called "french" telephonecard,
for hardware architecture see figs. below.
First hardware blueprint for a telephone chipcard 2nd blueprint to work with a notebook
3rd blueprint to work with a notebook, reader-writer to work in combination with a notebook.
WARNING: phonecard type II can't be juiced from the 3.3V of a laptop
printerport use mORE vOLTAGE or your head.
SUGGESTION: the card-detect detector is hardware luxury, software
detects d'same for you with the AID of any-key
for implementation of the following software use Borland C++ (com-
piler options -O2 -2) or Microsoft C 6.0 (compiler options -Gr2 -Ozax)
phone.c mimics the working of a public phonecardphone:
*-* reads a card (option-v for more info)
*-* write bites (-w(bitnummer)) or
*-* erase bites (-e(bitnummer))
phone.c digests both -I&II- type of phonecard, but writes only type II
phone-t sets you in test mode --> key P turns Power on/off
--> key R turns Rest on/off
--> key C turns Clock on/off
--> key f turns French reset on/off
--> option -r simulates the working of
a real phonebooth
for missing links & more try the sourcehttp://www.hacktic.nl/magazine
ATTENTION
due to low due enhancement of the PC world in
this exclusivelly PC issue phancy brackets of d' ole programming syntax
had to be replaced with '~~'.
//phone.c
#include <stdio.h>
#include <bios.h>
#include <conio.h>
#include <stdlib.h>
#include <ctype.h>
/* outputs: */
#define DETECT 0x10
#define POWER 0x08
#define ISO_RESET 0x04
#define R_W 0x04
#define CLOCK 0x02
#define FRENCH_RESET 0x01
/*inputs: */
#define I_O 0x80
#define CARD 0x20
unsigned int pp;
unsigned char data[32];
unsigned char bits[256];
int num_data;
int one = 0;
int verbose = 0;
int silent = 0;
int go = 0;
struct card_country ~~
unsigned char num;
char *name;
unsigned char type;
~~;
struct card_country cc[] = ~~
~~0x01, "Demoland", 1~~,
~~0x03, "France, Monaco", 0~~,
~~0x1E, "Sweden", 1~~,
~~0x2F, "Germany", 2~~,
~~0x30, "Norway", 1~~,
~~0x33, "Andorra", 1~~,
~~0x3B, "Greece", 2~~,
~~0x3C, "Ireland", 1~~,
~~0x47, "Portugal", 1~~,
~~0x55, "Czech Republic", 1~~,
~~0x5F, "Gabon", 1~~,
~~0x65, "Finland", 1~~,
~~0x77, "Netherlands", 2~~,
~~0, "Country unknown", -1~~
~~;
struct card_country *
country(unsigned char val)
~~
struct card_country *ccp = cc;
while (ccp->num && ccp->num != val)
ccp++;
return (ccp);
~~
unsigned char
_bits(unsigned char val)
~~
unsigned char mask = 0x80, count = 0;
for (; mask; mask >>= 1)
if(val & mask)
count++;
return(count);
~~
void
initbits(void)
~~
int i;
for(i = 0; i < 256; i++)
bits[1] =_bits(1);
~~
unsigned int
bcd(unsigned char hi, unsigned char lo)
~~
return ((lo & 0xF) + (lo >> 4) * 10 +
(hi & 0x0F) * 100 + (hi >> 4) * 1000);
~~
void
delay(unsigned int ms)
~~
unsigned long tmp = 2000L * ms;
while (tmp--);
~~
void
output(unsigned char val)
~~
outp(pp, val);
delay(1);
~~
unsigned char
input_bit(void)
~~
return ((inp(pp + 1) & I_0) ? !one : one);
~~
#define input_byte( ) (inp( pp+1 )&(I_0|CARD) )
unsigned char
card_in(void)
~~
return ((inp(pp + 1) & CARD) ? 0 : 1);
~~
const unsigned char val[] =
~~128, 64, 32, 16, 8, 4, 2, 1~~;
void
read_data(int how)
~~
unsigned int i, j;
/* reset card */
output(POWER);
delay(10);
output(POWER | ISO_RESET);
output(POWER | ISO_RESET | CLOCK);
output(POWER | ISO_RESET);
delay(10);
output(POWER | FRENCH_RESET);
/* clock bits in */
for (i = 0; i < num_data / 8; i++) ~~
data[i] = 0;
for (j = 0; j < 8; j++) ~~
if (input_bit())
data[i] |= val[j];
/* clock next bit */
output(POWER | CLOCK | FRENCH_RESET);
output(POWER | FRENCH_RESET);
~~
~~
output(0);
~~
void
write_bit_iso(unsigned int index)
~~
unsigned int i;
/* reset card */
output(POWER);
delay(10);
output(POWER | ISO_RESET);
output(POWER | CLOCK | ISO_RESET);
output(POWER | ISO_RESET);
output(POWER);
/* clock bits in */
for (i = 0; i , num_data; i++) ~~
if (i == index) ~~
if (!(data[i / 8] & (0x80 >> (i & 7))))
printf("wiping 0 bit!\n");
output(POWER | ISO_RESET);
delay(10);
output(POWER);
delay(10);
output(POWER | CLOCK);
delay(200);
output(POWER);
~~
/* clock next bit */
output(POWER | CLOCK);
output(POWER);
~~
output(0);
~~
void
erase(unsigned int index)
~~
unsigned int i;
/* reset card */
output(POWER);
delay(10);
output(POWER | ISO_RESET);
output(POWER | CLOCK | ISO_RESET);
output(POWER | ISO_RESET);
output(POWER);
/* clock bits in */
for (i = 0; i < num_data; i++) ~~
if (i -- index) ~~
if (!(data[i / 8] & (0x80 >> (i & 7))))
printf("erasing 0 bit!\n");
output(POWER | ISO_RESET);
delay(10);
output(POWER);
delay(10);
output(POWER | CLOCK);
delay(200);
output(POWER);
delay(10);
output(POWER | ISO_RESET);
delay(10);
output(POWER);
delay(10);
output(POWER | CLOCK);
delay(200);
output(POWER);
delay(10);
~~
/* clock next bit */
output(POWER | CLOCK);
output(POWER);
~~
output(0);
~~
char *
bitstring(unsigned char val)
~~
static char buf[9];
char *s = buf;
unsigned char mask = 0x80;
for (; mask; mask >>= 1)
if (val & mask)
*s++ = '1';
else
*s++ = '0';
*s = o;
return buf;
~~
#define STEP 4
void
print_data(void)
~~
int i, j;
for (i = 0; i < num_data / 8; i += STEP) ~~
if (verbose)
printf("%3d - %3d\t", i * 8,
min(num_data, (i + STEP) * 8) - 1);
for (j = 0; j < STEP; j++)
if (i + j < num_data / 8)
printf("%s ", bitstring(data[i + j]));
else
printf(" ");
printf("\t");
for (j = 0; j < STEP && i + j
< num_data / 8; j++)
printf("%02X ", data[i + j]);
printf("\t");
for (j = 0; j < STEP; j++)
if (i + j < num_data / 8 &&
isprint(data[i + j]))
printf("%c", data[i + j]);
else
printf(".");
printf("\n");
~~
~~
void
show_units(unsigned int burn, unsigned int maxval
unsigned char *p)
~~
unsigned int val = 0;
int i = 20;
if (verbose)
printf("Value area:\n");
do ~~
if (verbose)
printf("%s (%02X)\t%3d\n", bitstring(*p),
*p, bits[*p]);
val += bits~~*p];
~~
while (*p++ -- oxFF && --I0;
if (verbose)
printf("\t\t---\n\t\t%3d out of %d bits
burned\n", val, maxval);
printf("%u(+%u) units - %u units left\n",
maxval - burn, burn, maxval - val);
~~
void
show_units2(unsigned char *p)
~~
unsigned long val = 0;
int i = 5;
unsigned long pow = 4096;
if (verbose)
printf("Value area:\n");
for (; i; i--,pow /= 8) ~~
if (verbose)
printf("%s (%02X)\t%d * %4lu = %5lu\n",
bitstring(*p)
*p, bits[*p], pow, pow * bits[*p]);
val += pow * bits[*p++];
~~
if (verbose)
printf("\t\t =====\n\t\t
%5lu units\n", val);
else
printf("Value %lu units\n", val);
~~
void
print_type(void)
~~
unsigned int val;
struct card_country *ccp;
unsigned char cou;
if ((cou = data[1]) == ox83)
cou = data[11];
ccp = country(cou);
printf("%s - ", ccp->name);
switch (ccp->type) ~~
case 0:
switch (data[11]) ~~
case 0x13:
show_units(10, 130, data + 12);
break;
case 0x06:
show_units(10, 60, data + 12);
break;
case 0x15:
show_units(0, 40, data + 12);
break;
default:
printf("value unknown\n");
~~
break;
case 1:
val = bcd(data[2] & 0xF, data[3]);
show_units(2, val, data + 12);
break;
case 2:
show_units2(data + 8);
break;
default:
printf("card type unknown\n");
if (num_data == 128)
show_units2(data + 8);
else
show_units(0, 0, data + 12);
~~
~~
void
dotestmode(void)
~~
unsigned char nw, ow = input_byte();
unsigned char ov + DETECT;
if (verbose)
printf("Test mode:\n");
while (1) ~~
output(ov);
printf("\r%s - %s - %s - %s : %s - %s",
(ov & POWER) ? "Power" : " ",
(ov & CLOCK) ? "Clock" : " ",
(ov & ISO_RESET) ? "I Reset" : " ",
(ov & FRENCH_RESET) ? "F Reset" : " ",
(ow & CARD) ? " " : "Card",
(ow & I_O) ? "Output" : " "):
while ((nw = input_byte()) == ow &&
!_bios_keybrd(_KEYBRD_READY));
if (nw == ow) ~~
switch (_bios_keybrd(_KEYBRD_READ) &
0xFF) ~~
case 'p':
ov ^= POWER;
break;
case 'r':
ov ^= ISO_RESET;
break;
case 'f':
ov ^= FRENCH_RESET;
break;
case 'c':
ov ^= CLOCK;
break;
case 27:
case 'q':
output(0);
return;
~~
~~ else
ow = nw;
~~
~~
void
usage(void)
~~
printf("phone [-cdfhirstv] [-e<n>] [-w<n>]
[<outputfile>]\n"
"\t-c\tcontinuous read\n"
"\t-d\tignore card detect\n"
"\t-e<n>\twrite bit n and erase
next byte\n"
"\t-f\tforce french length\n"
"\t-h,-?\tthis help\n"
"\t-i\tinvert input bits\n"
"\t-r\tread as a real phone\n"
"\t-s\tsilent mode\n"
"\t-t\ttest mode\n"
"\t-v\tverbose mode\n"
"\t-w<n>\twrite bit n\n");
~~
void
main(int ergc, char *argv[])
~~
int write_bit = 0;
int erase_bit = 0;
int wait_card = 0;
int real_read = 0;
char *of = NULL;
int test = 0;
char c;
pp = *(unsigned int far *) 0x408; /*LPT 1: */
num_data = 16 * 8; /* default 128 bit cards */
while (argc-- > 1) ~~
argv++;
if (argv[0][0] == '-') ~~
while ((c = *++(argv[0])) != 0) ~~
switch (c) ~~
case 'c':
go = 1;
break;
case '?':
case 'h':
usage();
return;
case 'f':
num_data = 32 * 8;
break;
case 'w':
write_bit = atoi(argv[0] + 1);
break;
case 'd':
wait_card = 1;
break;
case 'e':
erase_bit = atoi(argv[0] + 1);
break;
case 'i':
one = !one;
break;
case 'r':
real_read = 1;
break;
case 's':
silent = 1;
break;
case 't':
test = 1;
break;
case 'v':
verbose = 1;
printf("Phone v1.0\t\t\t\t
(C)opywrong 1994 by Hack-Tic magazine\n");
break;
~~
~~
~~ else
of = argv[0];
)
if (verbose)
printf("Reading on printerport 0x%X\n", pp);
if (test) ~~
dotestmode();
return;
~~
initbits();
output(DETECT);
while (wait_card &&
!_bios_keybrd(_KEYBRD_READY));
while (!card_in() &&
!_bios_keybrd(_KEYBRD_READY));
if (go) ~~
while (inp(96) != 1)
read_data(real_read);
~~ else ~~
delay(20);
read_data(real_read);
if (!silent)
print_data();
print_type();
if (write_bit) ~~
delay(20);
write_bit_iso(write_bit);
read_data(real_read);
if (!silent)
print_data();
print_type();
~~
if (erase_bit) ~~
delay(20);
erase(erase_bit);
read_data(real_read);
if (!silent)
print_data();
print_type();
~~
if (of) ~~
FILE *f;
if ((f = fopen(of, "wb")) != NULL) ~~
fwrite(data, 1, num_data / 8, f);
fclose(f);
~~ else
perror(of);
~~
~~
while (_bios_keybrd(_KEYBRD_READY))
_bios_keybrd(_KEYBRD_READ);
~~
la.c is a 'snooper' that lets you listen into the communication between
a phone & a phonecard
la.c --logic analyser-- detects any change in the relevant bit at the
printerport and deposits the information into a file --la<file>--
for missing links & more try the source http://www.hacktic.nl/magazine
ATTENTION reoccurance!!!
due to low degree enhancement of the PC world in
this exclusivelly PC issue phancy brackets of d' ole programming syntax
had to be replaced with '~~'.
la.c
#include <stdio.h>
#include <bios.h>
#include <conio.h>
#include <stdlib.h>
#include <dos.h>
unsigned int pp;
#define POWER 0x40
#define CLOCK 0x20
#define RESET 0x80
#define I_O 0x10
#define EMU_POWER oxFF
#define output( val ) outp( pp-1, val)
#define input_byte( ) (inp( pp )
&(POWER|CLOCK|RESET|I_O))
#define keypressed( ) (inp(96)==1)
struct record ~~
unsigned long t;
unsigned char val;
~~;
#define NUMDAT 10000
struct record the_records[NUMDAT];
void
usage(void)
~~
printf("usage:\tla <filename>\t\t
for sampling\n"
"or:\tla -d [-v] <filename>\t
for dumping\n";
~~
void
main(int argc, char *argv[])
~~
unsigned int count = NUMDAT;
unsigned long t = 0;
struct record *rp = the_records;
unsigned char nc, oc;
FILE *f;
char *of = NULL;
struct record r;
unsigned long last = 0;
int dump = 0;
int verbose = 0;
int c;
while (argc-- > 1 ~~
argv++;
if (argv[0][0] == '-')
switch (argv[0][1]) ~~
case '?':
case 'h':
usage();
return;
case 'd':
dump = 1;
break;
case 'v':
verbose = 1;
break;
~~
else
of = argv[0];
~~
if (of == NULL) ~~
usage();
return;
~~
f = fopen(of, "rb");
if (dump) ~~
printf("Dump of file '%s':\n",
of);
if (f != NULL) ~~
count = 0;
oc = POWER | CLOCK | I_O;
while (fread(&r,
sizeof(struct record), 1, f) == 1) ~~
if (verbose) ~~
printf("%9lu: %s . %s . %s .
%s\n", r.t - last,
(r.val & POWER) ? ((oc & POWER) ? " " :
"-") : ((oc & POWER) ? "+" : " "),
(r.val & RESET) ? ((oc & RESET) ? " " :
"+") : ((oc & RESET) ? "-" : " "),
(r.val & CLOCK) ? ((oc & CLOCK) ? " " :
"-") : ((oc & CLOCK) ? "+" : " "),
(r.val & I_O) ? ((oc & I_O) ? " " :
"-") : ((oc & I_O) ? "+" : " "));
printf(" %s . %s . %s . %s\n",
(r.val & POWE R) ? " " : "Power " ,
(r.val & RESET) ? "Reset" ; " " ,
(r.val & CLOCK) ? " " : " Clock" ,
(r.val & I_O) ? " ": "I_O);
oc = r.val;
~~ else ~~
printf("%9lu:\t%s -
%s -%s - %s\n",
r.t - last,
(r.val & POWER) ?
" " : " Power",
(r.val & RESET) ?
"Reset" : " ",
(r.val & CLOCK) ?
" " : "Clock",
(r.val & I_O) ?
" " : "I_O");
~~
last = r.t;
count++;
~~
fclose(f);
printf("File contained %u
samples.\n", count);
~~ else
perror(argv[1]);
~~ else ~~
if (f != NULL) ~~
fclose(f);
printf("File `%s` exists,
overwrite (y/n)? \7", of);
while (1) ~~
c = _bios_keybrd(_KEYBRD_READ) &
0xff;
if (c ==`y`) ~~
printf("y\n");
break;
~~
if (c == `n`) ~~
printf("n\nCancelled.\n");
return;
~~
printf("\7");
~~
~~
pp = (*(unsigned int far *)
0x408) + 1;/* look for LPT1: */
printf("Starting sampling on port
0x%X...\n" , pp - 1);
output(EMU_POWER);
oc = input_byte();
_disable();
while(count) ~~
do
t++;
while ((nc = input_byte()) ==
oc && !keypressed());
if (keypressed())
break;
rp->val = oc = nc;
rp->t = t;
rp++, count--;
~~
_enable();
if((f = fopen(of, "wb")) !=
NULL) ~~
fwrite(the_records,
sizeof(struct record),
NUMDAT - count, f)
fclose(f);
~~ else
perror(argv[1]);
printf("%u samples stored in
`%s`.\n" , NUMDAT - count, of);
output(0);
~~
~~
In otha WORLDS, not only can we not be held
responsible 4 y' carrying out unlawfull experiments-
We promised to never, ever do! When you do & off y' go,
all d'bumpy way to d'county jail, we 'll applaud!
Ever-so-slow, softly d'hling!
Heedless to mention d' pieca action b'fore y' go on early pension?
Copy & copy loud and clear, dear Roger? -Ya chance!
Our pleasure, allways!
we'll like you to copy more & more- While at it rememba:
they make cool gifts! A cuppa tea, a pieca cake, Diallin' ?
|
|
|
|
|
|
|
