Introduction

ISO14443 is a series of standards describing the interface between a contactless smartcard (PICC == Proximity Integrated Circuit Card) and a card reader (PCD == Proximity Coupling Device). Contactless smartcards are used e.g. for payment, ticketing and entrance control.

This page defines a format to store captured ISO14443 data in a pcap or a pcapng file.

264 (DLT_ISO_14443) was assigned for ISO14443.

For pcap files, this value shall be set in the global header’s network field. Pcapng defines an Interface Description Block, its LinkType must be set to this value.

Time stamps

Time stamps must be set as required by the pcap or pcapng specifications.

Not all ISO14443 capturing hardware may be capable of delivering time stamps. In this case, the software that writes the pcap(ng) files has to fill in reasonable values.

Packet Data

The packet data consists of an ISO14443 pseudo header plus the captured ISO1443 data.

pseudo header

data

pseudo-header

The pseudo-header has information about the type of the captured data.

struct iso1443_header {
    u_int8_t    version;
    u_int8_t    event;
    u_int16_t   len;
} __attribute__((__packed__));
  • version is set to 0 for now

  • event describes the captured event, the possible values are listed below

event name value description

DATA_PICC_TO_PCD

0xFF

data transfer from the card to the reader

DATA_PCD_TO_PICC

0xFE

data transfer from the reader to the card

FIELD_OFF

0xFD

the reader switches the electrical field off

FIELD_ON

0xFC

the reader switches the electrical field on

DATA_PICC_TO_PCD_CRC_DROPPED

0xFB

data transfer from the card to the reader, the hardware did not capture the CRC bytes

DATA_PCD_TO_PICC_CRC_DROPPED

0xFA

data transfer from the reader to the card, the hardware did not capture the CRC bytes

  • len is the length of the bytes following the pseudo header. It’s stored in network byte order (big endian).

data

The data following the iso1443_header depend on iso1443_header.event

FIELD_OFF or FIELD_ON

For these events, the data part is empty. iso14443_header.len must be set to 0.

DATA_PICC_TO_PCD or DATA_PCD_TO_PICC

The data part contains one of the following elements

  • a short frame as defined in ISO14443-3, section 6.2.3.1

  • a standard frame as defined in ISO14443-3, section 6.2.3.2

  • a bit-oriented anticollision frame (ISO14443-3, section 6.2.3.3)

  • a frame used by type B cards (ISO14443-3, section 7.1.3)

  • an activation command (ISO14443-4, section 5.1 and 5.2)

  • an I-, R- or S-block as defined in section 7.1 of the ISO14443-4 standard

Short frames, standard frames and bit-oriented anticollision frames are stored as a sequence of bytes without start, end and parity bits. A short frame is only 7bits, it’s encoded as one byte with bit 8 set to 0.

The frame for type B cards is also stored as a sequence of bytes, the SOF and EOF bits are not included.

If the frame contains two trailing CRC bytes, they must be included in the captured data.

DATA_PICC_TO_PCD_CRC_DROPPED or DATA_PCD_TO_PICC_CRC_DROPPED

Those two events are defined for capturing hardware that is not able to capture the trailing CRC bytes that are part of most ISO14443 messages.

The data part is the same as for DATA_PICC_TO_PCD or DATA_PCD_TO_PICC with the exception that the two trailing CRC bytes are missing.

Examples

A WUPA command sent by the reader to check if a card is present. A WUPA is sent in a short frame.

0x00 0xFE 0x00 0x01 0x52

The card sends an I-block to the reader. (The I-block contains an APDU fragment.)

0x00 0xFF 0x00 0x10 0x12 0x00 0xA4 0x04
0x00 0x50 0x31 0xE5 0x03 0x04 0x05 0x06
0x07 0x08 0xE8 0xBF

Questions, comments

Please send any questions or comments to www(at)kaiser(dot)cx