Understanding APDU for Software Developers.
Smart cards are widely used in various applications such as banking, transportation, and access control systems. These cards store sensitive information and have a microcontroller that can perform cryptographic operations. To communicate with the smart card, a specific communication protocol is used, called the Application Protocol Data Unit (APDU).
APDU is a binary format used for communication between a smart card and a reader. It defines the structure of the data exchanged between the two devices, including commands sent from the reader to the card, and responses sent from the card to the reader. Understanding APDU is essential for software developers who want to build applications that interact with smart cards.
In this article, we will explain the structure of the APDU message, the different types of commands, and the possible responses that a card can send. We will also provide examples of how to implement APDU commands using different programming languages. By the end of this article, developers will have a clear understanding of APDU and be able to build secure and efficient applications that interact with smart cards.
WHAT IS APDU?
APDU stands for Application Protocol Data Unit, which is a communication protocol used between a smart card and a card reader. It is a simple and standardized format used to send and receive data between the two devices. The APDU message contains two parts: the Command APDU and the Response APDU.
The Command APDU contains a header that specifies the type of command being sent, such as read or write data, authenticate a user, or select a specific application on the card. The header also includes information about the length of the data being sent and any other parameters required for the specific command. The Command APDU is sent from the card reader to the smart card.
The Response APDU is sent from the smart card back to the card reader and contains a header that specifies the status of the command and any data that was requested by the Command APDU. The header includes information about the length of the data being returned and any other parameters required for the specific response. The Response APDU can contain any type of data, including text, binary data, or error codes.
The APDU protocol is used in a wide range of applications, including banking, identification, and security. It is a simple and efficient way to communicate with smart cards, and its standardization ensures that devices from different manufacturers can communicate with each other seamlessly. Understanding APDU is important for developers and engineers working with smart card technologies or any application that requires secure communication between two devices.
A more detailed explanation of the Select Application command and its components in the context of CLA, INS, P1, P2, and Data fields:
Command APDU: 00 A4 04 00 07 D2 76 00 00 85 01 01
- CLA (Class byte): 00. The Class byte specifies the type of command being sent to the smart card. For APDU commands, the Class byte is always set to 00.
- INS (Instruction byte): A4. The Instruction byte specifies the specific command being sent. In this case, the A4 value corresponds to the “Select File” command. Kindly note that there are other instructions. find this in here Emv Book
- P1 (Parameter 1 byte): 04. The Parameter 1 byte provides additional information about the command being sent. In this case, the value 04 indicates that the data field contains the Application Identifier (AID) of the application being selected.
- P2 (Parameter 2 byte): 00. The Parameter 2 byte is another parameter byte that can be used to provide additional information about the command being sent. In this case, it is set to 00.
- Data field: 07 D2 76 00 00 85 01 01. The Data field contains the Application Identifier (AID) of the application being selected. In this example, the AID is 7 bytes long and is represented by the hex values 07 D2 76 00 00 85 01 01.
In summary, the Select Application command uses the A4 instruction to select a specific file (i.e., application) on the smart card. The AID of the file to be selected is specified in the data field of the command, which is preceded by the P1 and P2 parameter bytes. The CLA byte is always set to 00 for APDU commands.
It’s important to note that the specific values used for the CLA, INS, P1, P2, and Data fields will depend on the specific smart card and application being used. The ISO/IEC 7816 specification provides guidelines and requirements for APDU commands, but the actual values used for each field may vary depending on the implementation.
Emv Book
here’s an example of sending an APDU command to a smart card using Kotlin without using any library:
fun selectByname(isoDep: IsoDep): SelectPPSEData {
val data = HexUtil.convertStringToHex("2PAY.SYS.DDF01")
console.log("select application data", data)
val command = "00A404000E${data}00"
console.log("select application", command)
val result = isoDep.transceive(Conversions.HexStringToByteArray(command))
console.log("select application isoResult", HexUtil.toHexString(result))
var bertlvs = Conversions.parseBERTLV(result)
val selectPPSEData = SelectPPSEData(
APPLICATION_IDENTIFIER = TAGHelper.getTagFromTlv(bertlvs, SelectApplicationData.APPLICATION_IDENTIFIER.tag),
APPLICATION_PRIORITY_INDICATOR = TAGHelper.getTagFromTlv(bertlvs, SelectApplicationData.APPLICATION_PRIORITY_INDICATOR.tag)
)
return selectPPSEData
}This example performs Select Application using PSE. this will be explained more in coming articles.
First we got the data we are sending with the command by converting the string to HEX,
We the structured the command and converted it into ByteArray then use ISODEP (NFC protocol) in send the APDU command and got a response back. This response was parsed into BERTLV (“we will discuss this in the next article”)
The neccesary tags were then gotten form the tlv.
In conclusion, APDU is a crucial communication protocol for smart cards that allows secure and efficient data transfer between the card and the reader. Understanding the structure of the APDU message, the different types of commands, and the possible responses is essential for software developers who want to build applications that interact with smart cards.
By following the guidelines provided in this article, developers can build secure and efficient applications that interact with smart cards using various programming languages such as Java, Python, C#, and Kotlin. With the increasing demand for smart card technology in various applications, it is crucial for developers to understand APDU to ensure the security and reliability of their applications.
We hope that this article has provided software developers with a solid understanding of APDU and its implementation in different programming languages. With this knowledge, developers can confidently build applications that interact with smart cards and contribute to the growth and development of this technology.
Stay tuned for more values……..✌️✌️✌️✌️
