This tool finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class (CLA), Instruction-Number (INS) and the parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible values of CLA and INS to find a valid combination.





Furthermore it tries to find out what parameters are valid for a given class and instruction number.

Requirements





You need a PC/SC compatible smartcard reader that is supported by the PCSC-LITE library.

here A list of supported devices can be found

THC-SMARTBRUTE was developped with the XXX smartcard reader.

Command line arguments

--verbose prints a lot of debugging messages to stderr *FIXME* --undoconly only prints found instruction if its not element of the standard instruction list --fastresults before iterating through all possible combinates of class and instruction-number typical class/instruction-values are verified for availability. After that the classes 0x00, 0x80 and 0xA0 (GSM) are tried first. --help prints out the usage --chv1 pin1 a VERIFY CHV1 instruction with pin1 as argument is executed --chv2 pin2 a VERIFY CHV2 instruction with pin2 as argument is executed --brutep1p2 finds valid parameter p1 and p2 combinations for the instruction the user defined with --cla and --ins . For parameter p1 the value 0x00 is assumed. --brutep3 find valid p3 values for given --cla, --ins, --p1 and --p2 --cla CLASS sets the instruction class to CLASS --ins INS sets the instruction-number to INS --p1 P1 sets parameter p1 to P1 --p2 P2 sets parameter p2 to P2 --p3 P3 sets parameter p3 to P3

Examples