Dear Readers,
In this blog, we will learn about APDU (Application Protocol Data Unit) & Some of its Key Points.
In the context of smart cards, an Application Protocol Data Unit (APDU) is the unit of communication between a smart card reader and a smart card. The structure of the APDU is defined by ISO/IEC 7816-4, which specifies organization, security, and commands for interchange.
An APDU consists of either a command message or a response message, which are sent from the interface device to the card or vice versa. A command-response pair is formed by sending a command, processing it in the receiving entity, and sending back a response. A specific response corresponds to a specific command.
The structure of a Command APDU (C-APDU) includes a required header (CLA INS P1 P2) and an optional body ([Lc field] [Data field] [Le field]). The CLA byte defines an application-specific class of instructions, and the INS byte defines a specific instruction within that class. The P1 and P2 fields can further qualify the instruction and provide input data. The Lc field defines the number of data bytes in the Data field, which can contain up to 255 bytes of data. The Le field defines the maximum number of bytes in the data field of the Response APDU (R-APDU).
The structure of a Response APDU (R-APDU) includes an optional body and a mandatory trailer. The Data field contains the response data, which can be up to 255 bytes and is returned by the applet. The fields SW1 and SW2 provide feedback about the execution of the C-APDU, with the status word 0x9000 representing successful execution of the command.
APDU message structure
A step in an application protocol consists of sending a command, processing it in the receiving entity and sending back the response. Therefore a specific response corresponds to a specific command, referred to as a command-response pair.
An application protocol data unit (APDU) contains either a command message or a response message, sent from the interface device to the card or conversely. In a command-response pair, the command message and the response message may contain data, thus inducing four cases which are summarized in the table below.
Command APDU
A C-APDU consists of a required header (CLA INS P1 P2) and an optional body ([Lc field] [Data field] [Le field]). The CLA byte defines an application-specific class of instructions. According to the ISO7816 standard, byte values between 0xB0 and CF can be used. The INS byte defines a specific instruction within the class of instructions defined by the CLA byte. For valid CLA values, the application developer can define his own application specific instructions. The P1 and P2 fields can be used to further qualify the instruction and to provide input data respectively. The other fields are optional: the Lc field defines the number of data bytes in the data field; the Data field can contain up to 255 bytes of data; and the Le field defines the maximum number of bytes in the data field of the R-APDU.
Response APDU
An R-APDU consists of an optional body and mandatory trailer. The Data field contains the response data, maximum 255 bytes, returned by the applet. The fields SW1 and SW2 provide feedback about the execution of the C-APDU. Several status words are predefined in the ISO7816 standard. The status word 0x9000 represents successful execution of the command.
APDU list
#------------+------------------------+------------------------+----------------------+--------------------------------+ |ClaIns P1 P2|Lc Send Data |Le Recv Data | Specification | Description | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 04 | ISO 7816-9 6.3 | DEACTIVATE FILE | | A0 04 00 00 00 | 3GPP TS 11.11 | INVALIDATE | | A0 04 00 00 00 | SAGEM SCT U34 6.15 | INVALIDATE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 0D xx xx 08 xxxx xxxx xxxx xxxx | SAGEM SCT U34 | VERIFY TRANSPORT CODE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 0C | ISO 7816-4 7.3.6 | ERASE RECORD (S) | | 80 0C 00 xx xx | SAGEM SCT U34 8.1.2 | CHECK (flash) | | 80 0C 01 xx xx | SAGEM SCT U34 8.1.2 | CHECK (EEPROM) | | 80 0C 02 xx xx | SAGEM SCT U34 8.1.2 | CHECK (checksum of file) | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 0E | ISO 7816-4 8.2.4 | ERASE BINARY | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 10 | ISO 7816-7 | PERFORM SCQL OPERATION | | 00 10 00 80 xx table name, ... | ISO 7816-7 7.1 | CREATE TABLE | | 00 10 00 81 xx view name, table name | ISO 7816-7 7.2 | CREATE VIEW | | 00 10 00 82 xx dictionary name | ISO 7816-7 7.3 | CREATE DICTIONARY | | 00 10 00 83 xx table name | ISO 7816-7 7.4 | DROP TABLE | | 00 10 00 84 xx view or dictionary | ISO 7816-7 7.5 | DROP VIEW | | 00 10 00 85 xx privileges | ISO 7816-7 7.6 | GRANT | | 00 10 00 86 xx privileges | ISO 7816-7 7.7 | REVOKE | | 00 10 00 87 xx data | ISO 7816-7 7.8 | DECLARE CURSOR | | 00 10 00 88 | ISO 7816-7 7.9 | OPEN | | 00 10 00 89 | ISO 7816-7 7.10 | NEXT | | 00 10 00 8A xx D, fixing N (columns)| ISO 7816-7 7.11 | FETCH | | 00 10 00 8B xx D, fixing N (columns)| ISO 7816-7 7.12 | FETCH NEXT | | 00 10 00 8C xx data | ISO 7816-7 7.13 | INSERT | | 00 10 00 8D xx data | ISO 7816-7 7.14 | UPDATE | | 00 10 00 8E | ISO 7816-7 7.15 | DELETE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 12 | ISO 7816-7 | PERFORM TRANSACTION OPERATION | | 00 12 00 80 | ISO 7816-7 8.2.1 | BEGIN | | 00 12 00 81 | ISO 7816-7 8.2.2 | COMMIT | | 00 12 00 82 | ISO 7816-7 8.2.3 | ROLLBACK | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 14 | ISO 7816-7 | PERFORM USER OPERATION | | 00 14 00 80 xx User ID, ... | ISO 7816-7 9.2.1 | PRESENT USER | | 00 14 00 81 xx User ID, profile, ... | ISO 7816-7 9.2.2 | CREATE USER | | 00 14 00 82 xx User ID | ISO 7816-7 9.2.3 | DELETE USER | | 80 14 xx xx 00 | GEMPLUS MPCOS-EMV | Switch Protocol | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 84 16 00 00 xx MAC | VSDC | CARD BLOCK | | 80 16 0X 00 05 xxxx xxxx xx | GEMPLUS MPCOS-EMV | Freeze Access Conditions | | 84 16 0X 00 08 xxxx xxxx xxxx xxxx | GEMPLUS MPCOS-EMV | Freeze Access Conditions | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 84 18 00 00 xx MAC | VSDC | APPLICATION UNBLOCK | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 84 1E 00 00 xx MAC | VSDC | APPLICATION BLOCK | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 20 | ISO 7816-4 8.5.5 | VERIFY | | 00 20 00 80 08 xxxx xxxx xxxx xxxx | VSDC | VERIFY (Transaction PIN data) | | A0 20 00 xx 08 CHV Value | 3GPP TS 11.11 | VERIFY | | A0 20 00 xx 08 CHV Value | SAGEM SCT U34 6.10 | VERIFY | | 80 20 00 xx 08 ADM Value | SAGEM SCT U34 8.1.4 | VERIFY ADM | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 21 00 xx 08 ADM Value | SAGEM SCT U34 8.1.4 | VERIFY ADM | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 22 | ISO 7816-4 8.5.10 | MANAGE SECURITY ENVIRONMENT | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 24 | ISO 7816-4 8.5.6 | CHANGE CHV | | 84 24 00 00 xx PIN data + MAC | VSDC | PIN CHANGE/UNBLOCK | | A0 24 00 xx 10 Old CHV, New CHV | 3GPP TS 11.11 | CHANGE CHV | | A0 24 00 xx 10 Old CHV, New CHV | SAGEM SCT U34 6.11 | CHANGE CHV | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 26 | ISO 7816-4 8.5.8 | DISABLE CHV1 | | A0 26 00 01 08 CHV1 value | 3GPP TS 11.11 | DISABLE CHV1 | | A0 26 00 01 08 CHV1 value | SAGEM SCT U32 6.12 | DISABLE CHV1 | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 28 | ISO 7816-4 8.5.7 | ENABLE CHV1 | | A0 28 00 01 08 CHV1 value | 3GPP TS 11.11 | ENABLE CHV1 | | A0 28 00 01 08 CHV1 value | SAGEM SCT U34 6.13 | ENABLE CHV1 | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 2A | ISO 7816-8 5.2 | PERFORM SECURITY OPERATION | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 2C | ISO 7816-4 8.5.9 | UNBLOCK CHV | | A0 2C 00 xx 10 Unblock CHV(PUK), New CHV | 3GPP TS 11.11 | UNBLOCK CHV | | A0 2C 00 xx 10 Unblock CHV(PUK), New CHV | SAGEM SCT U34 6.14 | UNBLOCK CHV | +------------+------------------------+------------------------+----------------------+--------------------------------+ | A0 2E 00 0# 01 Data | 3GPP TS 11.11 | WRITE CODE STATUS | +------------+------------------------+------------------------+----------------------+--------------------------------+ | A0 32 00 00 03 Value to be added. | 3GPP TS 11.11 | INCREASE | | A0 32 00 00 03 Value to be added. | SAGEM SCT U34 6.9 | INCREASE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 39 | | java Authentificate User Comman| +------------+------------------------+------------------------+----------------------+--------------------------------+ | 44 | ISO 7816-9 6.4 | ACTIVATE FILE | | A0 44 00 00 00 | 3GPP TS 11.11 | REHABILIDATE | | A0 44 00 00 00 | SAGEM SCT U34 6.16 | REHABILIDATE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 46 | ISO 7816-8 5.1 | GENERATE ASYMMETRIC KEY PAIR | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 50 xx xx 08 Host challenge 00 | GlobalPlatform | INITIALIZE UPDATE then [C0] | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 70 | ISO 7816-4 8.1.2 | MANAGE CHANNEL | | 00 70 xx xx xx | GlobalPlatform | MANAGE CHANNEL | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 78 00 03 xx | GlobalPlatform | END R-MAC SESSION | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 7A xx 01 xx Data and C-MAC, if needed | GlobalPlatform | BEGIN R-MAC SESSION | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 82 | ISO 7816-4 8.5.3 | EXTERNAL AUTHENTICATE | | 84 82 00 00 10 Host cryptogram and MAC | GlobalPlatform | EXTERNAL AUTHENTICATE | | 84 82 00 00 0A Authentication-related data | VSDC | EXTERNAL AUTHENTICATE | | 00 82 00 xx 06 Manual | GEMPLUS MPCOS-EMV | EXTERNAL AUTHENTICATE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 84 | ISO 7816-4 8.5.2 | GET CHALLENGE | | 00 84 00 00 08 Rnd Num | VSDC | GET CHALLENGE | | 00 84 xx xx 08 Rnd Num | GEMPLUS MPCOS-EMV | GET CHALLENGE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 86 | ISO 7816-4 8.5.4 | GENERAL AUTHENTICATE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 88 | ISO 7816-4 8.5.1 | INTERNAL AUTHENTICATE | | 00 88 XX xx 0A Manual | GEMPLUS MPCOS-EMV | INTERNAL AUTHENTICATE | | A0 88 00 00 10 RAND : Rnd num xx SRES( 4B) , Kc (8B) | 3GPP TS 11.11 | RUN GSM ALGORITHM | | A0 88 00 00 10 RAND : Rnd num xx SRES( 4B) , Kc (8B) | SAGEM SCT U34 6.17 | RUN GSM ALGORITHM | +------------+------------------------+------------------------+----------------------+--------------------------------+ | A0 | ISO 7816-4 8.2.5 | SEARCH BINARY | +------------+------------------------+------------------------+----------------------+--------------------------------+ | A2 | ISO 7816-4 8.3.5 | SEEK | | A0 A2 00 xx xx Pattern xx | 3GPP TS 11.11 | SEEK | | A0 A2 00 xx xx Pattern xx | SAGEM SCT U34 6.8 | SEEK | +------------+------------------------+------------------------+----------------------+--------------------------------+ | A4 | ISO 7816-4 8.1.1 | SELECT | | 00 A4 04 00 xx AID 00 | GlobalPlatform | SELECT | | 00 A4 00 xx xx File ID || Name 00 Manual | VSDC | SELECT | | A0 A4 00 00 02 File ID | 3GPP TS 11.11 | SELECT | | A0 A4 00 00 02 File ID | SAGEM SCT U34 6.1 | SELECT | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 A8 00 00 00 00 | VSDC | GET PROCESSING OPTIONS | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 AE 00 xx Transaction-related data | VSDC | | +------------+------------------------+------------------------+----------------------+--------------------------------+ | B0 | ISO 7816-4 8.2.1 | READ BINARY | | 00 B0 xx xx xx | GEMPLUS MPCOS-EMV | READ BINARY | | A0 B0 xx xx xx | 3GPP TS 11.11 | READ BINARY | | A0 B0 xx xx xx | SAGEM SCT U34 6.4 | READ BINARY | +------------+------------------------+------------------------+----------------------+--------------------------------+ | B2 | ISO 7816-4 8.3.1 | READ RECORD | | 00 B2 xx 00 | VSDC | READ RECORD | | A0 B2 xx xx xx | 3GPP TS 11.11 | READ RECORD | | A0 B2 xx xx xx | SAGEM SCT U34 6.6 | READ RECORD | +------------+------------------------+------------------------+----------------------+--------------------------------+ | B4 | | java Component Data | +------------+------------------------+------------------------+----------------------+--------------------------------+ | B8 | | java Create Applet | +------------+------------------------+------------------------+----------------------+--------------------------------+ | BA | | java CAP end | +------------+------------------------+------------------------+----------------------+--------------------------------+ | BC | | java Component end | +------------+------------------------+------------------------+----------------------+--------------------------------+ | BE 04 Data | GEMPLUS GemClub-MEMO | READ | +------------+------------------------+------------------------+----------------------+--------------------------------+ | C0 | ISO 7816-4 8.6.1 | GET RESPONSE | | 00 C0 1C Key Info | GlobalPlatform | GET RESPONSE | | 00 C0 00 00 00 | VSDC | GET RESPONSE | | 80 C0 00 00 xx | GEMPLUS MPCOS-EMV | Get Info on Get Response | | 80 C0 02 A0 08 Chip SN | GEMPLUS MPCOS-EMV | Get Info | | 80 C0 02 A1 08 Card SN | GEMPLUS MPCOS-EMV | Get Info | | 80 C0 02 A2 08 Issuer SN | GEMPLUS MPCOS-EMV | Get Info | | 80 C0 02 A3 04 Iss.Ref.N | GEMPLUS MPCOS-EMV | Get Info | | 80 C0 02 A4 0D Chip Inf | GEMPLUS MPCOS-EMV | Get Info | | 80 C0 02 A5 xx Keys | GEMPLUS MPCOS-EMV | Get Info | | 80 C0 02 A6 02 Last DF/EF | GEMPLUS MPCOS-EMV | Get Info | | A0 C0 00 00 xx | 3GPP TS 11.11 | GET RESPONSE | | A0 C0 00 00 xx | SAGEM SCT U34 6.3 | GET RESPONSE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | C2 | ISO 7816-4 8.6.2 | ENVELOPE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | C4 | | java Delete Applets | +------------+------------------------+------------------------+----------------------+--------------------------------+ | CA | ISO 7816-4 8.4.1 | GET DATA | | 00 CA 00 xx xx MAC, if present | GlobalPlatform | GET DATA | | 80 CA xx xx xx | VSDC | GET DATA | +------------+------------------------+------------------------+----------------------+--------------------------------+ | D0 | ISO 7816-4 8.2.2 | WRITE BINARY | | 80 D0 xx xx xx Data to be written in EEPROM | VSDC | LOAD STRUCTURE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | D2 | ISO 7816-4 8.3.2 | WRITE RECORD | +------------+------------------------+------------------------+----------------------+--------------------------------+ | D6 | ISO 7816-4 8.2.3 | UPDATE BINARY | | A0 D6 xx xx xx Data to be written in EEPROM | 3GPP TS 11.11 | UPDATE BINARY | | A0 D6 xx xx xx Data to be written in EEPROM | SAGEM SCT U34 6.5 | UPDATE BINARY | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 D8 xx xx xx KEY Date (and MAC) 00 | GlobalPlatform | PUT KEY | | D8 | EMV | Set Card Status(personalization| +------------+------------------------+------------------------+----------------------+--------------------------------+ | DA | ISO 7816-4 8.4.2 | PUT DATA | | 00 DA xx xx xx Data | VSDC | PUT DATA | +------------+------------------------+------------------------+----------------------+--------------------------------+ | DC | ISO 7816-4 | UPDATE RECORD | | 00 DC xx xx xx Data (and MAC) | VSDC | UPDATE RECORD | | A0 DC xx xx xx Data to be written in EEPROM | 3GPP TS 11.11 | UPDATE RECORD | | A0 DC xx xx xx Data to be written in EEPROM | SAGEM SCT U34 6.7 | UPDATE RECORD | +------------+------------------------+------------------------+----------------------+--------------------------------+ | DE 04 Data | GEMPLUS GemClub-MEMO | UPDATE | | A0 DE 00 00 03 Data | 3GPP TS 11.11 | LOAD AoC(SICAP) | +------------+------------------------+------------------------+----------------------+--------------------------------+ | E0 | ISO 7816-9 6.1 | CREATE FILE | | 80 E0 02 00 0C Manual | GEMPLUS MPCOS-EMV | CREATE FILE | | 80 E0 xx xx xx FCI length | 3GPP TS 11.11 | CREATE FILE | | 80 E0 xx xx xx FCI length | SAGEM SCT U34 | CREATE FILE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | E2 | ISO 7816-4 8.3.4 | APPEND RECORD | | 80 E2 00 00 xx Record (and MAC) | GlobalPlatform | APPEND RECORD | | 00 E2 00 00 xx Record | VSDC | APPEND RECORD | | 00 E2 00 00 xx Record | GEMPLUS MPCOS-EMV | APPEND RECORD | | 00 E2 00 00 xx Record | 3GPP TS 11.11 | APPEND RECORD | +------------+------------------------+------------------------+----------------------+--------------------------------+ | E4 | ISO 7816-9 6.2 | DELETE FILE | | 80 E4 00 00 xx TLV coded name | GlobalPlatform | DELETE FILE | | A0 E4 00 00 02 xx xx | 3GPP TS 11.11 | DELETE FILE | +------------+------------------------+------------------------+----------------------+--------------------------------+ | E6 | ISO 7816-9 6.5 | TERMINATE DF | | 80 E6 xx 00 xx Manual | GlobalPlatform | INSTALL | | A0 E6 xx xx 00 | 3GPP TS 11.11 | LOCK RECORD | +------------+------------------------+------------------------+----------------------+--------------------------------+ | E8 | ISO 7816-9 6.6 | TERMINATE EF | | 80 E8 00 00 xx Record | GlobalPlatform | LOAD | | A0 E8 00 xx 10 Data | 3GPP TS 11.11 | READ DIRECTORY | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 EA 00 00 xx Data | 3GPP TS 11.11 | CREATE BINARY | | 80 EA 00 00 xx Data | SAGEM SCT U34 | CREATE BINARY | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 EE 00 xx 00 | VSDC | WRITE LOCK | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 F0 xx xx xx AID of Application (and MAC) | GlobalPlatform | SET STATUS | +------------+------------------------+------------------------+----------------------+--------------------------------+ | A0 F2 00 00 xx | 3GPP TS 11.11 | GET STATUS | | A0 F2 00 00 xx | SAGEM SCT U34 6.2 | GET STATUS | | 80 F2 xx xx | GlobalPlatform | GET STATUS | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 F8 xx xx xx | SAGEM SCT U34 8.1.1 | DIR | +------------+------------------------+------------------------+----------------------+--------------------------------+ | A0 FA 00 00 00 | 3GPP TS 11.11 | SLEEP | | A0 FA 00 00 00 | SAGEM SCT U34 6.18 | SLEEP | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 FB xx xx xx | SAGEM SCT U34 8.1.1 | DIR | +------------+------------------------+------------------------+----------------------+--------------------------------+ | 80 FC xx xx 10 | SAGEM SCT U34 8.1.3 | READ INFO | +------------+------------------------+------------------------+----------------------+--------------------------------+ | FE | ISO 7816-9 6.7 | TERMINATE CARD USAGE | | 80 FE xx xx 00 | SAGEM SCT U34 | BLOW FUSE | +------------+------------------------+------------------------+----------------------+--------------------------------+
About Ambimat Electronics:
With design experience of close to 4 decades of excellence, world-class talent, and innovative breakthroughs, Ambimat Electronics is a single-stop solution enabler to Leading PSUs, private sector companies, and start-ups to deliver design capabilities and develop manufacturing capabilities in various industries and markets. AmbiIoT design services have helped develop Smartwatches, Smart homes, Medicals, Robotics, Retail, Pubs and brewery, Security.
Ambimat Electronics has come a long way to become one of India’s leading IoT(Internet of things) product designers and manufacturers today. We present below some of our solutions that can be implemented and parameterized according to specific business needs. AmbiPay, AmbiPower, AmbiCon, AmbiSecure, AmbiSense, AmbiAutomation.
To know more about us or what Ambimat does, we invite you to follow us on LinkedIn or visit our website.
References:-
https://neapay.com/post/read-smart-card-chip-data-with-apdu-commands-iso-7816_76.html
https://www.cardlogix.com/glossary/apdu-application-protocol-data-unit-smart-card/
