04-21-2004
|
 |
Registered User
|
|
Join Date: Jul 2003
Posts: 45
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Great stuff thanks heaps keep me up to date with your findings.....I'm basicly at the same stage your at......
so of I go to crack to red..
Quote:
|
Originally Posted by Moses
I have complied some command strings which can be used in FMCard.
Just copy and paste them and FMCard will reply with a result.
Many of you will know these commands, however others who want to play will find it much more useful and will assist them in understanding the basic fundamentals.
There are some commands here that seem to return some interesting results from the card, just not sure what to do with the data as yet. You can try all the commands and compare notes with each other.
How to use.
-----------
(e.g.)
// Get Cards Country Code. Final 3 bytes, in ASCII.
r0
01 02 02 03 00 00
--------------------------------------------------
// = Tells you what it does.
r0 = Resetting the Card, you can ignore this.
01 02 02 03 00 00 = Command String.
Copy and Paste this command in FMCard or other program of your choice.
|
FMCard will respond with the following;
================= Sending Command (Class = GET) =================
Tx-> 01 02 02 03 00 00 3D
Rx<- 01 02 00 00 02 03 00 10 05 05 12 06 23 06 24 06 01 06 02 00 00 58 46 56 73
The 58 46 56 is ASCII for XFN
Here is the list of commands.
----------------------------
// Dump 32 byte contents of buffer.
//If AllowDumpBuff.crd has not been run this is always 00000...
r0
01 02 08 00 00 00
//Allow the dumping of and then dump 32 bytes of buffer.
r0
01 02 07 00 00 00
01 02 08 00 00 00
// Dump 32 byte contents of buffer.
//If AllowDumpBuff.crd has not been run this is always 00000...
r0
01 02 08 00 00 00
//Dumps all the ChanIds, activation dates and timer info for Provider 00 and Provider 10.
//Data is in groups of six bytes.
//Provider 00
r0
01 02 04 00 00 01 00
01 02 04 00 00 01 01
01 02 04 00 00 01 02
01 02 04 00 00 01 03
01 02 04 00 00 01 04
01 02 04 00 00 01 05
01 02 04 00 00 01 06
01 02 04 00 00 01 07
01 02 04 00 00 01 08
01 02 04 00 00 01 09
// Provider 10
01 02 04 00 01 01 00
01 02 04 00 01 01 01
//Get Ascii serial no. First ten bytes only.
r0
01 02 00 00 00 00
// Get Cards Country Code. Final 3 bytes, in ASCII.
r0
01 02 02 03 00 00
//Read Card File 1 and File 2
r0
01 02 0e 02 00 00
01 02 0e 03 00 00
//Get Hex serial no. Last three bytes before the final byte.
r0
01 02 01 03 00 00
//Get Provider ID for Provider 00. Bytes 2,3 and 4. Bytes 5 to 10 are normally 00 00.
//Then comes the date stamp and two bytes following the date stamp.
r0
01 02 03 03 00 00
//Get Provider ID for Provider 10. Bytes 2,3 and 4. Bytes 5 to 10 are normally 00 00.
//Then comes the date stamp and two bytes following the date stamp.
r0
01 02 03 03 01 00
//Asks if card is write protected? This has nothing to do with blocking ECMs.
//Answer 01 04 41 = protected. Answer 01 04 40 = not protected.
r0
01 04 00 00 00 00
//Get Ascii serial no., Provider identifier, ProvId, two bytes and then thirteen bytes (normally the first eight are the same for each provider even on different cards. Provider 00 and 10.
r0
01 02 0f 00 00 00
01 02 0f 00 01 00
Thats it for now, more later, enjoy.
Moses..
|
|
Linear Mode
