Smart Card: Difference between revisions
No edit summary |
(Completely overhaul smart card page - write more proper documentation on version 2 format and WTVP side, and add client command for writing to smart cards) |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{WTVPNav}} | |||
Smart cards were used on the WebTV and first-generation MSN TV service to take the user to a site, set up ISP options, etc. They were rarely utilized, and were removed on the MSN TV 2. | |||
WebTV/MSN TV boxes support smart cards that are compliant with the [https://en.wikipedia.org/wiki/ISO/IEC_7816 ISO 7816 standard]. Smart cards can hold up to 122 bytes of data. | |||
== Inserting a smart card == | |||
<code> | When a smart card is inserted into the WebTV/MSN TV receiver, it will show a message on the screen with the smart card name and a progress bar. In the background, the box will contact the URL from the <code>wtv-smartcard-inserted-url</code> header sent from headwaiter, which is usually <code>wtv-smartcard:/insert</code>. The box will <code>POST</code> the raw data read from the card to the URL. While official clients can supposedly send the smart card data raw, it has only been documented to send the data as a Base64 encoded string that has every 4-byte block of data byte swapped: | ||
<pre> | |||
POST wtv-smartcard:/insert\r\n | |||
User-Agent: Mozilla/4.0 WebTV/2.6 (compatible; MSIE 4.0)\r\n | |||
wtv-show-time-record: 4 <wtv-home:/home?>\r\n | |||
wtv-request-type: primary\r\n | |||
wtv-incarnation: 14\r\n | |||
Content-type: application/octet-stream\r\n | |||
Content-length: 36\r\n | |||
\r\n | |||
/fkMTtAd552bhZFIlVHbHcEI5kTa5kTO==QO | |||
</pre> | |||
<code>/fkMTtAd552bhZFIlVHbHcEI5kTa5kTO==QO -> Mkf/dAtTb255IFZhbHVlIEcHaTk5OTk5OQ==</code> | |||
The | The server will unswap the bytes, decode the data into its raw binary form, and then parse it as smart card data to determine what to do with it. While the specifics of the <code>wtv-smartcard</code> service aren't well known, what is known is that the server will redirect the box to a website specified by the smart card if it is a "Go To" card, and send an error page if the data is invalid. | ||
In some cases, the box will send an error header (e.g: "error=-68") if something goes wrong. | |||
== Format == | |||
<!-- TODO: Redo this entire section to be less sucky - add proper technical info on smart card format and discuss more types --> | |||
WebTV/MSN TV smart cards use a proprietary format to store data. There are two known versions of the format that WebTV Networks developed: version 1 and version 2. The only smart card known to be produced for WebTV boxes (the Sony smart card bundled with Sony WebTV Plus units) uses the version 2 format, though. | |||
Thanks to internal WebTV pages from a "smart card factory" service containing JavaScript that directly handled writing in both formats, these formats have been able to be reverse engineered to varying degrees of success. This page will only cover the version 2 smart card format for the time being, since that is the format we have the most information on. | |||
=== Version 2 === | |||
Version 2 smart cards make use of a header and TLVs (type-length-value) to store data. A TLV performs one specific function based on the type specified and stores data in a specific way. Version 2 smart cards can have one TLV at minimum for the main card data that corresponds to the card type in the header. If the card type is not a deregistration card, the smart card can also contain an optional title TLV, which has to precede all other TLVs and contains text that will be displayed as a title in a dialog box when the smart card is inserted into the WebTV/MSN TV box. Multiple TLVs in general can be added if the card type isn't set to deregistration or if it is set as a "multi" card, which can perform several functions at once. | |||
The general format for version 2 smart cards goes like this: | |||
{| class="wikitable" | |||
|- | |||
! Offset | |||
! Length | |||
! Description | |||
|- | |||
| 0x00 | |||
| 1 byte | |||
| Version identifier. Always <code>2</code> (0x32) | |||
|- | |||
| 0x01 | |||
| 1 byte | |||
| Card type | |||
|- | |||
| 0x02 | |||
| 1 byte | |||
| CRC value. This is an optional field and a value of 0xff can be specified to make WebTV/MSN TV ignore the CRC. The actual algorithm used for this CRC is currently unknown | |||
|- | |||
| 0x03 | |||
| Variable | |||
| TLV data | |||
|} | |||
TLVs are simple structures that store data under a specified type. While constrained by the 122-byte limit for smart cards, they can theoretically hold up to 256 bytes of data. TLVs follow this format: | |||
{| class="wikitable" | |||
|- | |||
! Field | |||
! Length | |||
! Description | |||
|- | |||
| Type | |||
| 1 byte | |||
| Type code | |||
|- | |||
| Length | |||
| 1 byte | |||
| 8-bit length of value | |||
|- | |||
| Value | |||
| Variable | |||
| Variable length value data | |||
|} | |||
==== Known Card Types ==== | |||
* A - '''A'''ffinity. This feature is currently undocumented, but involves an enrollment and program code | |||
* F - '''F'''avorites | |||
* W - Deregistration. Only the deregstration TLV can be present in the smart card data if this type is set | |||
* O - '''O'''penISP (Use your own ISP) | |||
* G - '''G'''o To (a website) | |||
* M - Multi-card. Stores multiple TLVs to run several card functions at one time | |||
==== Known TLVs ==== | |||
Below is a list of TLVs known to be used by the version 2 smart card format. TLVs will be listed by their type code. | |||
===== "t" (Title) ===== | |||
* Description: Specifies a title to set for the smart card. Optional, but has to precede all other TLVs. This TLV can '''not''' be present in deregistration smart cards | |||
* Value: The title for the smart card | |||
===== "A" (Affinity data) ===== | |||
* Description: Required for Affinity smart cards | |||
* Value: A byte for the version number (either <code>1</code> for version 1 Affinity data or <code>2</code> for version 2 Affinity data), followed by the actual data. | |||
** For version 2 Affinity data: The format is the program code, a tab character (0x09), and the enrollment code | |||
** For version 1 Affinity data: Just the enrollment code | |||
===== "G" (Go To data) ===== | |||
* Description: Data that defines a website the smart card will make the box access. The wtv-smartcard service would have taken care of redirecting the client to the specified site if it existed. Required for "Go To" smart cards | |||
* Value: A byte for the type of website to be accessed (<code>i</code> - Server-side numeric ID that will be translated by the WebTV/MSN TV service, <code>h</code> - HTTP URL, <code>s</code> - HTTPS URL), followed by a numeric ID if the type is <code>i</code>, or the direct URL for the site without the "http(s)://" prefix otherwise | |||
===== "O" (OpenISP) ===== | |||
* Description: Data for setting up a predefined custom ISP to connect to WebTV/MSN TV with. Required for OpenISP smart cards | |||
* Value: The character "1", followed by the ISP data separated with a tab character (0x09) | |||
ISP information structure: | |||
* ISP name - String | |||
* 0x09 separator | |||
* ISP login name - String | |||
* 0x09 separator | |||
* ISP password - String | |||
* 0x09 separator | |||
* Primary modem number - 10-digit phone number | |||
* 0x09 separator | |||
* Backup modem number - 10-digit phone number. Optional | |||
===== "W" (Deregistration) ===== | |||
* Description: Data for de-registering a client. If this TLV is used, then the card type '''must''' be set to deregistration as well and no other TLVs may be added | |||
* Value: Binary structure | |||
Deregistration data structure: | |||
{| class="wikitable" | |||
|- | |||
! Offset | |||
! Length | |||
! Description | |||
|- | |||
| 0x00 | |||
| 4 bytes | |||
| Contains a specific sequence of bytes (in hex: <code>31 75 fa b0</code>). Purpose for these is unknown | |||
|- | |||
| 0x04 | |||
| 4 bytes | |||
| A UNIX timestamp for when the deregistration card expires. On the WebTV smart card factory pages, this is always set to 0xffffffff to set it to not expire | |||
|- | |||
| 0x08 | |||
| Variable | |||
| Deregistration code | |||
|} | |||
==== Format Example ==== | |||
The following example shows a break down of the data from an official Sony WebTV Plus smart card, which uses the version 2 smart card format and is a "Go to" card. The card would have originally sent to the service a site ID of 999999, which would redirect the user to the Sony-operated site <nowiki>http://www.svalue.com</nowiki> (no longer run by Sony). | |||
{| class="wikitable" | |||
|- | |||
! Field | |||
! Value | |||
|- | |||
| Version | |||
| <code>2</code> (0x32) | |||
|- | |||
| Type | |||
| <code>G</code> (Go to) | |||
|- | |||
| CRC | |||
| 0xFF (Ignore) | |||
|- | |||
| TLV #1 Type | |||
| <code>t</code> (Title) | |||
|- | |||
| TLV #1 Length | |||
| 0x0B | |||
|- | |||
| TLV #1 Value | |||
| "Sony Value " | |||
|- | |||
| TLV #2 Type | |||
| <code>G</code> (Go to) | |||
|- | |||
| TLV #2 Length | |||
| 0x07 | |||
|- | |||
| TLV #2 Value | |||
| "i999999" (Server-side numeric ID 999999 - pointed to <nowiki>http://www.svalue.com</nowiki> on the original server) | |||
|} | |||
<!-- G�i appears to stand for "Go To ID", which is the ID for the Go To card. The ID has a corresponding URL that is stored on the server. If the ID is unknown, then a message about the Smart Card being expired or not yet active is sent to the client. The reasoning for this approach appears to be due to the size limit of Smart Cards (around 25 bytes) and so malicious cards can't be spread around. --> | |||
== Client-Side == | |||
WebTV and MSN TV boxes have the ability to write to compatible smart cards inserted into their smart card slot. This is done with the client command <code>client:SaveToSmartCard?data={data}</code>, with <code>{data}</code> being the raw smart card data, which can be URL encoded if necessary. |
Latest revision as of 15:53, 5 August 2023
WTVP |
---|
Overview • List of WTVP Services • WTVP-specific Content-Types • Status Codes |
Concepts |
Tokens • Tickets • Capability Flags |
Headers |
Header List • Data Types • Common Request Headers |
Processes |
First-Time Registration • Headwaiter (Login) • Messenger Services • Favorites • Checking for new mail • Retrieving settings • Obtaining new wtv-tickets • Smart Card • Miscellaneous |
URLs for WTVP Services |
wtv-1800 • wtv-aroundtown • wtv-author • wtv-center • wtv-chat • wtv-content • wtv-cookie • wtv-customscript • wtv-disk • wtv-epguide • wtv-favorite • wtv-flashrom • wtv-guide • wtv-head-waiter • wtv-home • wtv-intro • wtv-log • wtv-mail • wtv-news • wtv-notices • wtv-partner • wtv-passport • wtv-register • wtv-setup • wtv-smartcard • wtv-spot • wtv-star • wtv-tricks • wtv-tutorial |
Smart cards were used on the WebTV and first-generation MSN TV service to take the user to a site, set up ISP options, etc. They were rarely utilized, and were removed on the MSN TV 2.
WebTV/MSN TV boxes support smart cards that are compliant with the ISO 7816 standard. Smart cards can hold up to 122 bytes of data.
Inserting a smart card
When a smart card is inserted into the WebTV/MSN TV receiver, it will show a message on the screen with the smart card name and a progress bar. In the background, the box will contact the URL from the wtv-smartcard-inserted-url
header sent from headwaiter, which is usually wtv-smartcard:/insert
. The box will POST
the raw data read from the card to the URL. While official clients can supposedly send the smart card data raw, it has only been documented to send the data as a Base64 encoded string that has every 4-byte block of data byte swapped:
POST wtv-smartcard:/insert\r\n User-Agent: Mozilla/4.0 WebTV/2.6 (compatible; MSIE 4.0)\r\n wtv-show-time-record: 4 <wtv-home:/home?>\r\n wtv-request-type: primary\r\n wtv-incarnation: 14\r\n Content-type: application/octet-stream\r\n Content-length: 36\r\n \r\n /fkMTtAd552bhZFIlVHbHcEI5kTa5kTO==QO
/fkMTtAd552bhZFIlVHbHcEI5kTa5kTO==QO -> Mkf/dAtTb255IFZhbHVlIEcHaTk5OTk5OQ==
The server will unswap the bytes, decode the data into its raw binary form, and then parse it as smart card data to determine what to do with it. While the specifics of the wtv-smartcard
service aren't well known, what is known is that the server will redirect the box to a website specified by the smart card if it is a "Go To" card, and send an error page if the data is invalid.
In some cases, the box will send an error header (e.g: "error=-68") if something goes wrong.
Format
WebTV/MSN TV smart cards use a proprietary format to store data. There are two known versions of the format that WebTV Networks developed: version 1 and version 2. The only smart card known to be produced for WebTV boxes (the Sony smart card bundled with Sony WebTV Plus units) uses the version 2 format, though.
Thanks to internal WebTV pages from a "smart card factory" service containing JavaScript that directly handled writing in both formats, these formats have been able to be reverse engineered to varying degrees of success. This page will only cover the version 2 smart card format for the time being, since that is the format we have the most information on.
Version 2
Version 2 smart cards make use of a header and TLVs (type-length-value) to store data. A TLV performs one specific function based on the type specified and stores data in a specific way. Version 2 smart cards can have one TLV at minimum for the main card data that corresponds to the card type in the header. If the card type is not a deregistration card, the smart card can also contain an optional title TLV, which has to precede all other TLVs and contains text that will be displayed as a title in a dialog box when the smart card is inserted into the WebTV/MSN TV box. Multiple TLVs in general can be added if the card type isn't set to deregistration or if it is set as a "multi" card, which can perform several functions at once.
The general format for version 2 smart cards goes like this:
Offset | Length | Description |
---|---|---|
0x00 | 1 byte | Version identifier. Always 2 (0x32)
|
0x01 | 1 byte | Card type |
0x02 | 1 byte | CRC value. This is an optional field and a value of 0xff can be specified to make WebTV/MSN TV ignore the CRC. The actual algorithm used for this CRC is currently unknown |
0x03 | Variable | TLV data |
TLVs are simple structures that store data under a specified type. While constrained by the 122-byte limit for smart cards, they can theoretically hold up to 256 bytes of data. TLVs follow this format:
Field | Length | Description |
---|---|---|
Type | 1 byte | Type code |
Length | 1 byte | 8-bit length of value |
Value | Variable | Variable length value data |
Known Card Types
- A - Affinity. This feature is currently undocumented, but involves an enrollment and program code
- F - Favorites
- W - Deregistration. Only the deregstration TLV can be present in the smart card data if this type is set
- O - OpenISP (Use your own ISP)
- G - Go To (a website)
- M - Multi-card. Stores multiple TLVs to run several card functions at one time
Known TLVs
Below is a list of TLVs known to be used by the version 2 smart card format. TLVs will be listed by their type code.
"t" (Title)
- Description: Specifies a title to set for the smart card. Optional, but has to precede all other TLVs. This TLV can not be present in deregistration smart cards
- Value: The title for the smart card
"A" (Affinity data)
- Description: Required for Affinity smart cards
- Value: A byte for the version number (either
1
for version 1 Affinity data or2
for version 2 Affinity data), followed by the actual data.- For version 2 Affinity data: The format is the program code, a tab character (0x09), and the enrollment code
- For version 1 Affinity data: Just the enrollment code
"G" (Go To data)
- Description: Data that defines a website the smart card will make the box access. The wtv-smartcard service would have taken care of redirecting the client to the specified site if it existed. Required for "Go To" smart cards
- Value: A byte for the type of website to be accessed (
i
- Server-side numeric ID that will be translated by the WebTV/MSN TV service,h
- HTTP URL,s
- HTTPS URL), followed by a numeric ID if the type isi
, or the direct URL for the site without the "http(s)://" prefix otherwise
"O" (OpenISP)
- Description: Data for setting up a predefined custom ISP to connect to WebTV/MSN TV with. Required for OpenISP smart cards
- Value: The character "1", followed by the ISP data separated with a tab character (0x09)
ISP information structure:
- ISP name - String
- 0x09 separator
- ISP login name - String
- 0x09 separator
- ISP password - String
- 0x09 separator
- Primary modem number - 10-digit phone number
- 0x09 separator
- Backup modem number - 10-digit phone number. Optional
"W" (Deregistration)
- Description: Data for de-registering a client. If this TLV is used, then the card type must be set to deregistration as well and no other TLVs may be added
- Value: Binary structure
Deregistration data structure:
Offset | Length | Description |
---|---|---|
0x00 | 4 bytes | Contains a specific sequence of bytes (in hex: 31 75 fa b0 ). Purpose for these is unknown
|
0x04 | 4 bytes | A UNIX timestamp for when the deregistration card expires. On the WebTV smart card factory pages, this is always set to 0xffffffff to set it to not expire |
0x08 | Variable | Deregistration code |
Format Example
The following example shows a break down of the data from an official Sony WebTV Plus smart card, which uses the version 2 smart card format and is a "Go to" card. The card would have originally sent to the service a site ID of 999999, which would redirect the user to the Sony-operated site http://www.svalue.com (no longer run by Sony).
Field | Value |
---|---|
Version | 2 (0x32)
|
Type | G (Go to)
|
CRC | 0xFF (Ignore) |
TLV #1 Type | t (Title)
|
TLV #1 Length | 0x0B |
TLV #1 Value | "Sony Value " |
TLV #2 Type | G (Go to)
|
TLV #2 Length | 0x07 |
TLV #2 Value | "i999999" (Server-side numeric ID 999999 - pointed to http://www.svalue.com on the original server) |
Client-Side
WebTV and MSN TV boxes have the ability to write to compatible smart cards inserted into their smart card slot. This is done with the client command client:SaveToSmartCard?data={data}
, with {data}
being the raw smart card data, which can be URL encoded if necessary.