SmartCards – Part 2: Professional Kit



The last blog post was a brief introduction into smart cards, and some of the more basic hardware (Gemalto Reader) and software (SCS-3) used to read/write to cards.
Continuing with EMV as an example, I want to now touch on more specialised hardware.

I introduce… the smart card detective.

The Smart Card Detective (SCD)

The SCD is a card-size device that can communicate with a smart card and a card reader simultaneously. It can be used to emulate a card, to act as a terminal and also to monitor or modify the communication between a smart card and a reader. The software is intended for EMV, but it can be adapted for any smartcard application.


The SCD is not cheap and costs £480(GBP) before postage.  Compared to the Gemalto Reader that came in at under £20(GBP).  But then the SCD has the advantage of having the capability of Man-in-The-Middle attacking smart cards (you dont get this feature on the Gemalto Readers).  This makes researching smart card vulnerabilities a whole lot easier. Instead of guessing/brute-forcing APDUs/AIDs we can simply sniff a conversation between card and reader, and then attempt to reverse/understand the protocol/applications.

The SCD offers full control over all the communication layers, from the physical layer (clock and bit transmission) up to the terminal application layer.  The SCDs features include:

  • Create custom EMV transactions.
  • Analyse and log any smartcard transaction.
  • Create DDA/CDA signatures with existing cards.
  • Emulate a terminal or CAP reader.
  • Read/control card data from a PC like a smartcard reader (via the USB port).

Why Should Government/Commercial Entities by Interested?

Learn to:

  • Protect your cards against tampered or untrusted terminals.
  • Log information about transactions to keep your own records.
  • Use DDA/CDA cards to make electronic signatures and verify card presence.