T-Money
Here's what I see when I run Metroflip[1] with the ufbt cli attached, running the command log debug:
… 518343 [D][Iso14443_4aPoller] Read ATS success … 518432 [D][Type4TagPoller] Select application 518437 [E][Type4TagPoller] APDU failed: 6A82 518465 [D][Iso14443_4aPoller] Read ATS success 518467 [D][EMVPoller] Send select PPSE 518473 [E][EMVPoller] Failed to parse application 518487 [I][NfcScanner] Detected 1 protocols 518489 [I][Metroflip:Scene:Auto] test 518594 [I][Metroflip:Scene:Auto] proto: 2 518596 [I][Metroflip:Scene:Parse] Parse scene entered - card_type: atr, data_loaded: false 518601 [I][Metroflip:Scene:Parse] Tag is either T-Mobilitat or T-Money 518605 [I][Metroflip:Scene:Parse] Card is valid, loading plugin for: atr … 518680 [D][Iso14443_4aPoller] Read ATS success 518695 [I][Metroflip:Scene:Parse] Wrong card event received - switching to unknown scene …
Meanwhile on the Flipper Zero screen, Metroflip prints the following:
atr This card is currently unsupported / fully locked
In scenes/metroflip_scene_parse.c the following conditional determines if a card is T-money:
void metroflip_scene_parse_on_enter(void* context) {
// ...
} else if (app->hist_bytes[0] == 0x04 && app->hist_bytes[1] == 0x09) {
// This branch is not hit.
// the program then assumes that the card is "locked"
// ...
The program skips this conditional because the hist_bytes don't line up with the T-Money card from 2018 that I've used in Seoul.
In my original pull request[2] I’ve reported the following information as dumped by the Flipper Zero's NFC app:
Filetype: Flipper NFC device Version: 4 # Device type can be ISO14443-3A, ISO14443-3B, ISO14443-4A, ISO14443-4B, ISO15693-3, FeliCa, NTAG/Ultralight, Mifare Classic, Mifare Plus, Mifare DESFire, SLIX, ST25TB, NTAG4xx, Type 4 Tag, EMV Device type: ISO14443-4A # UID is common for all formats UID: XX XX XX XX # ISO14443-3A specific data ATQA: 00 04 SAK: 20 # ISO14443-4A specific data T0: 78 TA(1): 80 TB(1): B0 TC(1): 02 T1...Tk: 04 09 22 02
Meanwhile, a friend gave me a newer T-Money card. Flipper Zero prints the following dump for this card:
Filetype: Flipper NFC device Version: 4 # Device type can be ISO14443-3A, ISO14443-3B, ISO14443-4A, ISO14443-4B, ISO15693-3, FeliCa, NTAG/Ultralight, Mifare Classic, Mifare Plus, Mifare DESFire, SLIX, ST25TB, NTAG4xx, Type 4 Tag, EMV Device type: ISO14443-4A # UID is common for all formats UID: XX XX XX XX # ISO14443-3A specific data ATQA: 00 04 SAK: 20 # ISO14443-4A specific data T0: 78 TA(1): 77 TB(1): C1 TC(1): 02 T1...Tk: 0E 51 31 01
Notice the difference in the T1...Tk bytes. The older card has 04 09 22 02 and the newer card has 0E 51 31 01.
Maintainer luu176 meanwhile said that they found the following ATR:
3B 88 80 01 04 02 00 20 00 71 C1 40 DF
I refer to the Smart card ATR parsing[3] tool and enter luu176's ATR. The tool gives the following response[4]:
- TS[5] = 0x3B
- Direct Convention
- T0[6] = 0x88
- Y(1): b1000, K: 8 (historical bytes)
- TD(1) = 0x80
- Y(i+1) = b1000, Protocol T=0
- TD(2) = 0x01
- Y(i+1) = b0000, Protocol T=1
- Historical bytes
- 04 02 00 20 00 71 C1 40
- Category indicator byte: 0x04
- (proprietary format) ".. .q.@"
- TCK[7] = 0xDF
- correct checksum
- ↑ Metroflip github.com
- ↑ https://github.com/luu176/Metroflip/pull/77 “Implement T-Money balance parsing”
- ↑ Smart card ATR parsing smartcard-atr.apdu.fr
- ↑ "Parsing ATR: 3B 88 … result" smartcard-atr.apu.fr
- ↑ TS 開始キャラクタ (initial character) https://kikakurui.com/x6/X6320-3-2009-01.html#:~:text=TS,character
- ↑ T0 構成表示バイト (format byte) https://kikakurui.com/x6/X6320-3-2009-01.html#:~:text=T0,byte
- ↑ TCK 検査キャラクタ (check character) https://kikakurui.com/x6/X6320-3-2009-01.html#:~:text=TCK,character