Dumping the EEprom of a AT24C01A Smartcard

Topic: Dumping the EEprom of a AT24C01A Smartcard (Read 7455 times) previous topic - next topic

Dumping the EEprom of a AT24C01A Smartcard

January 08, 2011, 11:24:44 am

Hello everybody,

I just got My Buss Pirate a couple of days ago. I just upgraded it's firmware to version 5.10

From there I proceeded to try and dump the EEprom of AT24C01A Smart card.

I tried this with IC2 mode at 5 khz. Pull up resistors on and using the 5 volt power-supply of the Buss Pirate.

I entered: [0xA0 0x0 [0xA1 r:512]

I got this:

I2C START BIT
WRITE: 0xA0 ACK
WRITE: 0x00 ACK
I2C START BIT
WRITE: 0xA1 ACK
READ: 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x10 ACK 0x00 ACK 0x09 ACK 0x01 ACK 0x00
ACK 0xA3 ACK 0x01 ACK 0xA1 ACK 0xF4 ACK 0x48 ACK 0xD9 ACK 0xB2 ACK 0xF4
ACK 0x2C ACK 0x1A ACK 0x52 ACK 0xE1 ACK 0x3C ACK 0x87 ACK 0x75 ACK 0xDD
ACK 0x65 ACK 0x5D ACK 0xB9 ACK 0x32 ACK 0x6A ACK 0x64 ACK 0xE3 ACK 0x2C
ACK 0x0A ACK 0xB3 ACK 0x60 ACK 0x8B ACK 0x90 ACK 0x61 ACK 0x94 ACK 0x37
ACK 0x28 ACK 0x0E ACK 0xBA ACK 0x3E ACK 0xE8 ACK 0x0A ACK 0xD3 ACK 0x1B
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x04 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x04
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x10 ACK 0x00 ACK 0x09 ACK 0x01 ACK 0x00
ACK 0xA3 ACK 0x01 ACK 0xA1 ACK 0xF4 ACK 0x48 ACK 0xD9 ACK 0xB2 ACK 0xF4
ACK 0x2C ACK 0x1A ACK 0x52 ACK 0xE1 ACK 0x3C ACK 0x87 ACK 0x75 ACK 0xDD
ACK 0x65 ACK 0x5D ACK 0xB9 ACK 0x32 ACK 0x6A ACK 0x64 ACK 0xE3 ACK 0x2C
ACK 0x0A ACK 0xB3 ACK 0x60 ACK 0x8B ACK 0x90 ACK 0x61 ACK 0x94 ACK 0x37
ACK 0x28 ACK 0x0E ACK 0xBA ACK 0x3E ACK 0xE8 ACK 0x0A ACK 0xD3 ACK 0x1B
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x04 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x04
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF

NACK

I'm guessing this is correct here, but when I convert the hex to decimal values, the EEprom still makes no sense. almost like it is encrypted. I read the data sheet for this smart card and it says it does not use encryption.

That was a dump of the card while it has 200 RMB on it.

This is a dump of the EEprom after I used it, there should be only like 10 RMB on it. :
I2C>[0xA0 0x0 [0xA1 r:512]
I2C START BIT
WRITE: 0xA0 ACK
WRITE: 0x00 ACK
I2C START BIT
WRITE: 0xA1 ACK
READ: 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x10 ACK 0x00 ACK 0x09 ACK 0x01 ACK 0x00
ACK 0xA3 ACK 0x01 ACK 0xA1 ACK 0xF4 ACK 0x48 ACK 0xD9 ACK 0xB2 ACK 0xF4
ACK 0x2C ACK 0x1A ACK 0x52 ACK 0xE1 ACK 0x3C ACK 0x87 ACK 0x75 ACK 0xDD
ACK 0x65 ACK 0x5D ACK 0xB9 ACK 0x32 ACK 0x6A ACK 0x64 ACK 0xE3 ACK 0x2C
ACK 0x0A ACK 0xB3 ACK 0x60 ACK 0x8B ACK 0x90 ACK 0x61 ACK 0x94 ACK 0x37
ACK 0x28 ACK 0x0E ACK 0xBA ACK 0x3E ACK 0xE8 ACK 0x0A ACK 0xD3 ACK 0x1B
ACK 0x65 ACK 0x70 ACK 0x43 ACK 0x00 ACK 0x13 ACK 0x84 ACK 0x37 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x52 ACK 0x86 ACK 0x05 ACK 0x16 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x04 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x04
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x10 ACK 0x00 ACK 0x09 ACK 0x01 ACK 0x00
ACK 0xA3 ACK 0x01 ACK 0xA1 ACK 0xF4 ACK 0x48 ACK 0xD9 ACK 0xB2 ACK 0xF4
ACK 0x2C ACK 0x1A ACK 0x52 ACK 0xE1 ACK 0x3C ACK 0x87 ACK 0x75 ACK 0xDD
ACK 0x65 ACK 0x5D ACK 0xB9 ACK 0x32 ACK 0x6A ACK 0x64 ACK 0xE3 ACK 0x2C
ACK 0x0A ACK 0xB3 ACK 0x60 ACK 0x8B ACK 0x90 ACK 0x61 ACK 0x94 ACK 0x37
ACK 0x28 ACK 0x0E ACK 0xBA ACK 0x3E ACK 0xE8 ACK 0x0A ACK 0xD3 ACK 0x1B
ACK 0x65 ACK 0x70 ACK 0x43 ACK 0x00 ACK 0x13 ACK 0x84 ACK 0x37 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x52 ACK 0x86 ACK 0x05 ACK 0x16 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x04 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x04
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF
ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF ACK 0xFF

NACK

I can see the changes that have been made to the card, but the numbers make no sense. Could this be encrypted?
Or is thier some other format it should be converted into to make some sense of it?

Also is there a way to have the Buss Pirate not print the ACK/Nack's to the terminal?

As you can see here, I'm trying to figure out the entire EEprom of the card, I would like to find and change the amount of money on the card.

also, if it is encrypted, could i still write the oringinal EEprom contents back to the card? In effect, giving it a kind of replay attack.

Thanks,

Robert

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #1 – January 08, 2011, 11:46:33 am

Hi Robert,
Do you have a link to the datasheet for this card?

I've only worked with the SLA4442 (?), which has a security code so it is not writable.

It is possible that the EEPROM is not encrypted, but the writer encrypts the value before putting it on the card.

There is currently no way to disable the ACK/NACKs, but it is probably a good idea because that is a lot of junk.

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #2 – January 08, 2011, 12:06:47 pm

Hello Ian,

I'm hoping you don't mind me posting an outside link here for the data sheet.

http://www.datasheetcatalog.org/datashe ... OC1610.PDF

Thanks,

Robert

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #3 – January 08, 2011, 12:27:45 pm

looks like it's just an eerpom to me.

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #4 – January 08, 2011, 12:41:00 pm

Yes, that would be correct, it looks like a smart card, but has no ATR.

So It's just an IC card, so to speak. I'm going to agree with you, that the reader and the program that wrote this code to the card, has most likely encrypted it somehow.

That being said, I would think I could still write the original encrypted values back to the card. in a sense reloading it.

But I'm not going to do it until I find more information to write information to the EEprom with the bus Pirate.

By the way, Thanks for such a wonderful product.

Robert

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #5 – January 08, 2011, 01:40:47 pm

The best way is to extract the data through a binary script and export the contents to a binary file.

Then deduct or charge the card with money and repeat the steps. THe more dump and know values the better.

After this run a binary diff over the dump and take a look at the differences between the files. There are several ways to store the value on the card:

- plain binary (i.e. 0x40 = 63 or 64 units) (could be also a checksum/hash stored somewhere)
- plain text (0x36 0x34 = '64' units)
- the above possibilites encrypted with a simple XOR stream.
- some other encryption like aes, blowfish, xtea, (3)des, etc.

To know if something is encrypted (or compressed) try to compress the binary file, if the fileze is nearly the same or bigger it is encrypted.

some links for 'hacking 'credit'cards' :

http://dangerousprototypes.com/docs/SLE ... _Kinko%27s)_smart_card_update
http://hackaday.com/2008/11/25/how-to-r ... d-sle4442/
http://dangerousprototypes.com/2010/07/ ... -security/

disclaimer: all of this is offcourse for educational pruposes and not for personal gain!

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #6 – January 10, 2011, 09:41:29 am

Well,

I did a binary dump of the EEprom. I saved it as a binary file. It's file size was 4.9 Kb. I then compressed this file into a zip format, the file size is now 833 bytes. I'm gathering from this, that the data contained on the EEprom is not encrypted.

Still having one heck of a time figuring out what is what, in this eeprom...

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #7 – January 10, 2011, 10:20:00 am

You read btw 512bytes, but the eeprom only holds 128 bytes (1k/8bits) so this portion is only valid of the first dump:

Code: [Select]

0x42  ACK 0x4C  ACK 0xA9  ACK 0x03  ACK 0x50  ACK 0x86  ACK 0x51  ACK 0x00
  ACK 0x10  ACK 0x00  ACK 0x00  ACK 0x88  ACK 0x50  ACK 0x03  ACK 0x00  ACK 0x15
  ACK 0x00  ACK 0x00  ACK 0x00  ACK 0x10  ACK 0x00  ACK 0x09  ACK 0x01  ACK 0x00
  ACK 0xA3  ACK 0x01  ACK 0xA1  ACK 0xF4  ACK 0x48  ACK 0xD9  ACK 0xB2  ACK 0xF4
  ACK 0x2C  ACK 0x1A  ACK 0x52  ACK 0xE1  ACK 0x3C  ACK 0x87  ACK 0x75  ACK 0xDD
  ACK 0x65  ACK 0x5D  ACK 0xB9  ACK 0x32  ACK 0x6A  ACK 0x64  ACK 0xE3  ACK 0x2C
  ACK 0x0A  ACK 0xB3  ACK 0x60  ACK 0x8B  ACK 0x90  ACK 0x61  ACK 0x94  ACK 0x37
  ACK 0x28  ACK 0x0E  ACK 0xBA  ACK 0x3E  ACK 0xE8  ACK 0x0A  ACK 0xD3  ACK 0x1B

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #8 – January 10, 2011, 12:27:32 pm

Huh ?

Did i miss something here?

I got from the data sheet the eeprom is organized as 128 words of 8 bits each.

So shouldn't that be 4 bytes is = to 1 word X 128 Words = 512 bytes ?

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #9 – January 10, 2011, 12:37:30 pm

I think 1 word = 8bits = 1 byte, you get 128 words (bytes) total.

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #10 – January 10, 2011, 12:39:12 pm

Crap, never mind... 8 bits is one byte, my bad !
Sorry bout that.

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #11 – January 10, 2011, 12:45:48 pm

A word is technically jus the system native bits to a byte, it can vary according to chips and systems. A word is 16bits on a 16bit uC, and 24 bits in PIC program space, for example. I think this is write, but if you get it wrong on the exam it's not my fault

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #12 – January 10, 2011, 01:09:55 pm

Well,

I Based my assumption on:

* bit A single binary digit, that can have either value 0 or 1.
* byte 8 bits.
* nybble 4 bits.
* word 32 bits
* halfword 16 bits
* doubleword 64 bits

So I was assuming a word was 32 bits or 4 bytes, based on my computer system.

Thus my reasoning of the 512 bytes.

So if I issue:
[0xA0 0x0 [0xA1 r:64]

I get:

I2C START BIT
WRITE: 0xA0 ACK
WRITE: 0x00 ACK
I2C START BIT
WRITE: 0xA1 ACK
READ: 0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x10 ACK 0x00 ACK 0x09 ACK 0x01 ACK 0x00
ACK 0xA3 ACK 0x01 ACK 0xA1 ACK 0xF4 ACK 0x48 ACK 0xD9 ACK 0xB2 ACK 0xF4
ACK 0x2C ACK 0x1A ACK 0x52 ACK 0xE1 ACK 0x3C ACK 0x87 ACK 0x75 ACK 0xDD
ACK 0x65 ACK 0x5D ACK 0xB9 ACK 0x32 ACK 0x6A ACK 0x64 ACK 0xE3 ACK 0x2C
ACK 0x0A ACK 0xB3 ACK 0x60 ACK 0x8B ACK 0x90 ACK 0x61 ACK 0x94 ACK 0x37
ACK 0x28 ACK 0x0E ACK 0xBA ACK 0x3E ACK 0xE8 ACK 0x0A ACK 0xD3 ACK 0x1B

NACK

Just seems like it is missing something, Seems kinda tiny to be the whole read of the eeprom.

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #13 – January 10, 2011, 01:25:51 pm

s there a way to read the signature of the chip on the card?

I got to looking in the data sheet a bit further. I stated that if you read past a certain point, that the register rolls over and you just start reading from the beginning again.

So I looked at the EEprom dump up above if it is in fact the 1k eeprom it should have rolled over and reprinted the same thing in the terminal window.

IE.
0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x10 ACK 0x00 ACK 0x09 ACK 0x01 ACK 0x00
ACK 0xA3 ACK 0x01 ACK 0xA1 ACK 0xF4 ACK 0x48 ACK 0xD9 ACK 0xB2 ACK 0xF4
ACK 0x2C ACK 0x1A ACK 0x52 ACK 0xE1 ACK 0x3C ACK 0x87 ACK 0x75 ACK 0xDD
ACK 0x65 ACK 0x5D ACK 0xB9 ACK 0x32 ACK 0x6A ACK 0x64 ACK 0xE3 ACK 0x2C
ACK 0x0A ACK 0xB3 ACK 0x60 ACK 0x8B ACK 0x90 ACK 0x61 ACK 0x94 ACK 0x37
ACK 0x28 ACK 0x0E ACK 0xBA ACK 0x3E ACK 0xE8 ACK 0x0A ACK 0xD3 ACK 0x1B Counter roll over and then the same thing again

0x42 ACK 0x4C ACK 0xA9 ACK 0x03 ACK 0x50 ACK 0x86 ACK 0x51 ACK 0x00
ACK 0x10 ACK 0x00 ACK 0x00 ACK 0x88 ACK 0x50 ACK 0x03 ACK 0x00 ACK 0x15
ACK 0x00 ACK 0x00 ACK 0x00 ACK 0x10 ACK 0x00 ACK 0x09 ACK 0x01 ACK 0x00
ACK 0xA3 ACK 0x01 ACK 0xA1 ACK 0xF4 ACK 0x48 ACK 0xD9 ACK 0xB2 ACK 0xF4
ACK 0x2C ACK 0x1A ACK 0x52 ACK 0xE1 ACK 0x3C ACK 0x87 ACK 0x75 ACK 0xDD
ACK 0x65 ACK 0x5D ACK 0xB9 ACK 0x32 ACK 0x6A ACK 0x64 ACK 0xE3 ACK 0x2C
ACK 0x0A ACK 0xB3 ACK 0x60 ACK 0x8B ACK 0x90 ACK 0x61 ACK 0x94 ACK 0x37
ACK 0x28 ACK 0x0E ACK 0xBA ACK 0x3E ACK 0xE8 ACK 0x0A ACK 0xD3 ACK 0x1B

But if you look at the 512 reading, it did not. in fact it read quite a bit more information before it repeated the above section. Leading me to believe it is not the 1K card.

What do you think?

Re: Dumping the EEprom of a AT24C01A Smartcard

Reply #14 – January 10, 2011, 01:39:38 pm

You could certainly be correct. The datasheet only lists read and write commands as far as I can tell.