PCAP format for ISO14443
Introduction
ISO14443 is a series of standards describing the interface between a contactless smartcard (PICC == Proximity Integrated Circuit Card) and a card reader (PCD == Proximity Coupling Device). Contactless smartcards are used e.g. for payment, ticketing and entrance control.
This page defines a format to store captured ISO14443 data in a pcap or a pcapng file.
Data Link Type
264 (DLT_ISO_14443) was assigned for ISO14443.
For pcap files, this value shall be set in the global header’s network field. Pcapng defines an Interface Description Block, its LinkType must be set to this value.
Time stamps
Time stamps must be set as required by the pcap or pcapng specifications.
Not all ISO14443 capturing hardware may be capable of delivering time stamps. In this case, the software that writes the pcap(ng) files has to fill in reasonable values.
Packet Data
The packet data consists of an ISO14443 pseudo header plus the captured ISO1443 data.
pseudo header |
data |
pseudo-header
The pseudo-header has information about the type of the captured data.
struct iso1443_header {
u_int8_t version;
u_int8_t event;
u_int16_t len;
} __attribute__((__packed__));
-
version is set to 0 for now
-
event describes the captured event, the possible values are listed below
| event name | value | description |
|---|---|---|
DATA_PICC_TO_PCD |
0xFF |
data transfer from the card to the reader |
DATA_PCD_TO_PICC |
0xFE |
data transfer from the reader to the card |
FIELD_OFF |
0xFD |
the reader switches the electrical field off |
FIELD_ON |
0xFC |
the reader switches the electrical field on |
DATA_PICC_TO_PCD_CRC_DROPPED |
0xFB |
data transfer from the card to the reader, the hardware did not capture the CRC bytes |
DATA_PCD_TO_PICC_CRC_DROPPED |
0xFA |
data transfer from the reader to the card, the hardware did not capture the CRC bytes |
-
len is the length of the bytes following the pseudo header. It’s stored in network byte order (big endian).
data
The data following the iso1443_header depend on iso1443_header.event
FIELD_OFF or FIELD_ON
For these events, the data part is empty. iso14443_header.len must be set to 0.
DATA_PICC_TO_PCD or DATA_PCD_TO_PICC
The data part contains one of the following elements
-
a short frame as defined in ISO14443-3, section 6.2.3.1
-
a standard frame as defined in ISO14443-3, section 6.2.3.2
-
a bit-oriented anticollision frame (ISO14443-3, section 6.2.3.3)
-
a frame used by type B cards (ISO14443-3, section 7.1.3)
-
an activation command (ISO14443-4, section 5.1 and 5.2)
-
an I-, R- or S-block as defined in section 7.1 of the ISO14443-4 standard
Short frames, standard frames and bit-oriented anticollision frames are stored as a sequence of bytes without start, end and parity bits. A short frame is only 7bits, it’s encoded as one byte with bit 8 set to 0.
The frame for type B cards is also stored as a sequence of bytes, the SOF and EOF bits are not included.
If the frame contains two trailing CRC bytes, they must be included in the captured data.
DATA_PICC_TO_PCD_CRC_DROPPED or DATA_PCD_TO_PICC_CRC_DROPPED
Those two events are defined for capturing hardware that is not able to capture the trailing CRC bytes that are part of most ISO14443 messages.
The data part is the same as for DATA_PICC_TO_PCD or DATA_PCD_TO_PICC with the exception that the two trailing CRC bytes are missing.
Examples
A WUPA command sent by the reader to check if a card is present. A WUPA is sent in a short frame.
0x00 0xFE 0x00 0x01 0x52
The card sends an I-block to the reader. (The I-block contains an APDU fragment.)
0x00 0xFF 0x00 0x10 0x12 0x00 0xA4 0x04 0x00 0x50 0x31 0xE5 0x03 0x04 0x05 0x06 0x07 0x08 0xE8 0xBF
Links
Questions, comments
Please send any questions or comments to 'www(at)kaiser(dot)cx'