T-Money

Here's what I see when I run Metroflip^[1] with the ufbt cli attached, running the command log debug:

…
518343 [D][Iso14443_4aPoller] Read ATS success
…
518432 [D][Type4TagPoller] Select application
518437 [E][Type4TagPoller] APDU failed: 6A82
518465 [D][Iso14443_4aPoller] Read ATS success
518467 [D][EMVPoller] Send select PPSE
518473 [E][EMVPoller] Failed to parse application
518487 [I][NfcScanner] Detected 1 protocols
518489 [I][Metroflip:Scene:Auto] test
518594 [I][Metroflip:Scene:Auto] proto: 2
518596 [I][Metroflip:Scene:Parse] Parse scene entered - card_type: atr, data_loaded: false
518601 [I][Metroflip:Scene:Parse] Tag is either T-Mobilitat or T-Money
518605 [I][Metroflip:Scene:Parse] Card is valid, loading plugin for: atr
…
518680 [D][Iso14443_4aPoller] Read ATS success
518695 [I][Metroflip:Scene:Parse] Wrong card event received - switching to unknown scene
…

Meanwhile on the Flipper Zero screen, Metroflip prints the following:

atr

This card is currently
unsupported / fully locked

In scenes/metroflip_scene_parse.c the following conditional determines if a card is T-money:

void metroflip_scene_parse_on_enter(void* context) {
// ...
} else if (app->hist_bytes[0] == 0x04 && app->hist_bytes[1] == 0x09) {
// This branch is not hit.
// the program then assumes that the card is "locked"
// ...

The program skips this conditional because the hist_bytes don't line up with the T-Money card from 2018 that I've used in Seoul.

In my original pull request^[2] I’ve reported the following information as dumped by the Flipper Zero's NFC app:

Filetype: Flipper NFC device
Version: 4
# Device type can be ISO14443-3A, ISO14443-3B, ISO14443-4A, ISO14443-4B, ISO15693-3, FeliCa, NTAG/Ultralight, Mifare Classic, Mifare Plus, Mifare DESFire, SLIX, ST25TB, NTAG4xx, Type 4 Tag, EMV
Device type: ISO14443-4A
# UID is common for all formats
UID: XX XX XX XX
# ISO14443-3A specific data
ATQA: 00 04
SAK: 20
# ISO14443-4A specific data
T0: 78
TA(1): 80
TB(1): B0
TC(1): 02
T1...Tk: 04 09 22 02

Maintainer luu176 meanwhile said that they found the following ATR:

3B 88 80 01 04 02 00 20 00 71 C1 40 DF

Meanwhile, a friend gave me a newer T-Money card. Flipper Zero prints the following dump for this card:

Filetype: Flipper NFC device
Version: 4
# Device type can be ISO14443-3A, ISO14443-3B, ISO14443-4A, ISO14443-4B, ISO15693-3, FeliCa, NTAG/Ultralight, Mifare Classic, Mifare Plus, Mifare DESFire, SLIX, ST25TB, NTAG4xx, Type 4 Tag, EMV
Device type: ISO14443-4A
# UID is common for all formats
UID: XX XX XX XX
# ISO14443-3A specific data
ATQA: 00 04
SAK: 20
# ISO14443-4A specific data
T0: 78
TA(1): 77
TB(1): C1
TC(1): 02
T1...Tk: 0E 51 31 01

Notice the difference in the T1...Tk bytes. The older card has 04 09 22 02 and the newer card has 0E 51 31 01.

I refer to the Smart card ATR parsing^[3] tool and enter luu176's ATR. The tool gives the following response^[4]:

TS = 0x3B - Direct Convention
T0 = 0x88 Y(1): b1000, K: 8 (historical bytes)
TD(1) = 0x80 Y(i+1) = b1000, Protocol T=0
----
TD(2) = 0x01 Y(i+1) = b0000, Protocol T=1
----
Historical bytes 04 02 00 20 00 71 C1 40
Category indicator byte: 0x04 (proprietary format) ".. .q.@"
TCK = 0xDF correct checksum

↑ Metroflip github.com
↑ https://github.com/luu176/Metroflip/pull/77 “Implement T-Money balance parsing”
↑ Smart card ATR parsing smartcard-atr.apdu.fr
↑ "Parsing ATR: 3B 88 … result" smartcard-atr.apu.fr

[1] Metroflip github.com

[2] ttps://github.com/luu176/Metroflip/pull/77 “Implement T-Money balance parsing”

[3] Smart card ATR parsing smartcard-atr.apdu.fr

[4] "Parsing ATR: 3B 88 … result" smartcard-atr.apu.fr

[1]

[2]

[3]

[4]