ROOT_DIR = 0x0000 7816_ROOT_DIR = 0x3f00 INDEX_FILE = 0xffff TOKEN_NAME = 0xfffe PKI = 0x00c1 DIRECTORY uint32_t dir_id; /* unique per dir */ int max_files; int total_space; APPLICATION_DIR uint8_t name[16]; uint8_t guid[16]; uint32_t dir_id; /* Limited to 0xffff */ int max_files; int total_space; FILE - 8 byte per file overhead uint16_t file_id; uint16_t size; uint8_t type; /* data/key/counter (counter is 2 bytes) */ uint8_t read, write, crypto; /* guest/user/SO/never */ to open change to correct directory then open by file_id Read with pread/pwrite Counters are pwrite() to initialize, and use a special decrement function Crypto functions work on the files too GET_SERIAL: o Serial Number (0121-0000-0000-0f93) transfer type=control requesttype=0x41 request=0x02 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 8/8 00000 : ......!. 93 0f 00 00 00 00 21 01 GET_KEY_DESCRIPTOR: o Firmware Version 0.7 o Total Memory 8168 (0x0ff4 * 2) o product code? configuration? transfer type=control requesttype=0xc1 request=0x00 value=0x00 index=0x00 ep=0 dir=IN payload with length 64/64 00000 : .T.............. 08 54 00 07 f4 0f 11 00 00 00 00 00 00 00 00 00 00010 : ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00020 : ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00030 : ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Open manager: Gets: o Token name (len=0x08) o Memory used by PKI (312 0x009c) o Memory used for PKI (7000 0x0dac) o Memory used by others (568 0x001c) o Free Memory (600 0x012c) transfer type=control requesttype=0x41 request=0x05 value=0x00 index=0x00 ep=0 dir=OUT payload with length 4/4 00000 : .... fe ff 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 4/4 00000 : ..E. 08 00 45 00 transfer type=control requesttype=0x41 request=0x07 value=0x00 index=0x08 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 16/16 00000 : Revenge is Sweet 52 65 76 65 6e 67 65 20 69 73 20 53 77 65 65 74 transfer type=control requesttype=0x41 request=0x06 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 1/2 00000 : . 00 transfer type=control requesttype=0x41 request=0x03 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 4/4 00000 : .U.. 00 55 00 00 transfer type=control requesttype=0x41 request=0x05 value=0x00 index=0x00 ep=0 dir=OUT payload with length 4/4 00000 : .... ff ff 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 4/4 00000 : ..G. 00 01 47 00 transfer type=control requesttype=0x41 request=0x07 value=0x00 index=0x01 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 2/2 00000 : a. 61 18 transfer type=control requesttype=0x41 request=0x07 value=0x01 index=0x0c ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 24/24 00000 : O.............K. 4f 10 0f 96 fa c0 ca 1b 11 d3 a7 c6 00 10 4b 05 00010 : %4Q.?... 25 34 51 04 3f 00 f0 00 transfer type=control requesttype=0x41 request=0x06 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 1/2 00000 : . 00 transfer type=control requesttype=0x41 request=0x04 value=0xf000 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 f0 00 00 ff ff 00 40 ac 0d c1 00 00 00 transfer type=control requesttype=0x41 request=0x04 value=0xf000 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 f0 00 00 ff ff 00 40 ac 0d c1 00 00 00 transfer type=control requesttype=0x41 request=0x05 value=0x00 index=0x00 ep=0 dir=OUT payload with length 4/4 00000 : .... fe ff 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 4/4 00000 : ..E. 08 00 45 00 transfer type=control requesttype=0x41 request=0x07 value=0x00 index=0x08 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 16/16 00000 : Revenge is Sweet 52 65 76 65 6e 67 65 20 69 73 20 53 77 65 65 74 transfer type=control requesttype=0x41 request=0x06 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 1/2 00000 : . 00 transfer type=control requesttype=0x41 request=0x03 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 4/4 00000 : .U.. 00 55 00 00 transfer type=control requesttype=0x41 request=0x04 value=0x00 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 00 00 00 ff ff 00 40 00 01 ff ff 00 00 transfer type=control requesttype=0x41 request=0x04 value=0x00 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 00 00 00 ff ff 00 40 00 01 ff ff 00 00 transfer type=control requesttype=0x41 request=0x04 value=0x00 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 01 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : ....... ...... 00 00 00 00 ff ff 00 20 b0 0d 00 f0 00 00 transfer type=control requesttype=0x41 request=0x04 value=0x00 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 02 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 00 00 00 ff ff 07 40 08 00 fe ff 00 00 transfer type=control requesttype=0x41 request=0x04 value=0x00 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 03 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : ....../....... 00 00 00 00 ff ff 2f 1f 01 00 fe ff 00 00 transfer type=control requesttype=0x41 request=0x05 value=0x00 index=0x00 ep=0 dir=OUT payload with length 4/4 00000 : .... ff ff 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 4/4 00000 : ..G. 00 01 47 00 transfer type=control requesttype=0x41 request=0x07 value=0x00 index=0x01 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 2/2 00000 : a. 61 18 transfer type=control requesttype=0x41 request=0x07 value=0x01 index=0x0c ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 24/24 00000 : O.............K. 4f 10 0f 96 fa c0 ca 1b 11 d3 a7 c6 00 10 4b 05 00010 : %4Q.?... 25 34 51 04 3f 00 f0 00 transfer type=control requesttype=0x41 request=0x06 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 1/2 00000 : . 00 transfer type=control requesttype=0x41 request=0x04 value=0xf000 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 f0 00 00 ff ff 00 40 ac 0d c1 00 00 00 transfer type=control requesttype=0x41 request=0x04 value=0xf000 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 f0 00 00 ff ff 00 40 ac 0d c1 00 00 00 transfer type=control requesttype=0x41 request=0x04 value=0xf000 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 f0 00 00 ff ff 00 40 ac 0d c1 00 00 00 transfer type=control requesttype=0x41 request=0x05 value=0x00 index=0x00 ep=0 dir=OUT payload with length 4/4 00000 : .... ff ff 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 4/4 00000 : ..G. 00 01 47 00 transfer type=control requesttype=0x41 request=0x07 value=0x00 index=0x01 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 2/2 00000 : a. 61 18 transfer type=control requesttype=0x41 request=0x07 value=0x01 index=0x0c ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 24/24 00000 : O.............K. 4f 10 0f 96 fa c0 ca 1b 11 d3 a7 c6 00 10 4b 05 00010 : %4Q.?... 25 34 51 04 3f 00 f0 00 transfer type=control requesttype=0x41 request=0x06 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 1/2 00000 : . 00 transfer type=control requesttype=0x41 request=0x04 value=0xf000 index=0x00 ep=0 dir=OUT payload with length 2/2 00000 : .. 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 14/14 00000 : .......@...... 00 f0 00 00 ff ff 00 40 ac 0d c1 00 00 00 transfer type=control requesttype=0x41 request=0x05 value=0xf000 index=0x00 ep=0 dir=OUT payload with length 4/4 00000 : .... c1 00 00 00 transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 4/4 00000 : ..G. ac 0d 47 00 transfer type=control requesttype=0x41 request=0x07 value=0x00 index=0x08 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 16/16 00000 : 4...........O=FW 34 01 00 00 00 00 00 00 00 00 00 00 4f 3d 46 57 transfer type=control requesttype=0x41 request=0x06 value=0x00 index=0x00 ep=0 dir=OUT transfer type=control requesttype=0xc1 request=0x01 value=0x00 index=0x00 ep=0 dir=IN payload with length 1/2 00000 : . 00