
THC-SMARTBRUTE
==============

[0x00] What is ... ?

This tools finds undocumented and secret commands implemented in a smartcard.
An instruction is divided into Class (CLA), Instruction-Number (INS) and the
parameters or arguments P1, P2, P3. ... iterates through all the possible 
values of CLA and INS to find a valid combination.

Furthermore it tries to find out what parameters are valid for a given 
class and instruction number.

[0x01] Compiling

You need the pcsc-lite library installed which u can get from 
http://pcsclite.alioth.debian.org
Edit Makefile to your needs and run make.

[0x02] Command line arguments

--verbose
	prints a lot of debugging messages to stderr *FIXME*
--undoconly
	only prints found instruction if its not element of the standard
	instruction list
--fastresults
	before iterating through all possible combinates of class and 
	instruction-number typical class/instruction-values are verified for
	availability.
	After that the classes 0x00, 0x80 and 0xA0 (GSM) are tried first.
--help
	prints out the usage
--chv1 pin1
	a VERIFY CHV1 instruction with pin1 as argument is executed
--chv2 pin2
	a VERIFY CHV2 instruction with pin2 as argument is executed

--brutep1p2
	finds valid parameter p1 and p2 combinations for the instruction
	the user defined with --cla and --ins .
	For parameter p1 the value 0x00 is assumed.

--brutep3
	find valid p3 values for given --cla, --ins, --p1 and --p2


--cla <class>
	sets the class to <class>
--ins <ins>
	sets the instruction-number to <ins>
--p1 <p1>
	sets parameter p1 to <p1>
--p2 <p2>
	sets parameter p2 to <p2>
--p3 <p3>
	sets parameter p3 to <p3>


[0x03] Examples

1. ~$ ./thc-smartbrute
	run thcsmartbrute without any arguments to brute force for valid instructions
2. ~$ ./thc-smartbrute --undoconly
	find valid instructions but only print out non-standard instructions

3. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --brutep1p2
	find the first two arguments for the GSM instruction SELECT FILE

4. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --p1 0x00 --p2 0x00 --brutep3
	find the 3rd argument for the already found first two arguments 
	for the GSM instruction SELECT FILE
	

[0x04] Some interesting smartcard links

1. ISO 7816 - the standard for general purpose smartcards

