User:Wtv-411/Smart Card: Difference between revisions
Line 9: | Line 9: | ||
WebTV/MSN TV boxes support smart cards that are compliant with the ISO-7816 standard, and can hold up to 122 bytes of data. | WebTV/MSN TV boxes support smart cards that are compliant with the ISO-7816 standard, and can hold up to 122 bytes of data. | ||
== | == Format == | ||
<!-- TODO: Redo this entire section to be less sucky - add proper technical info on smart card format and discuss more types --> | <!-- TODO: Redo this entire section to be less sucky - add proper technical info on smart card format and discuss more types --> | ||
WebTV/MSN TV smart cards use a proprietary format to store data. There are two known versions of the format WebTV Networks developed: version 1 and version 2. The only smart card known to be produced for WebTV boxes (the Sony smart card bundled with Sony INT-W200 Internet Terminals) uses the version 2 format, though. | WebTV/MSN TV smart cards use a proprietary format to store data. There are two known versions of the format WebTV Networks developed: version 1 and version 2. The only smart card known to be produced for WebTV boxes (the Sony smart card bundled with Sony INT-W200 Internet Terminals) uses the version 2 format, though. | ||
Thanks to internal WebTV pages | Thanks to internal WebTV pages from a "smart card factory" service containing JavaScript that directly handled writing in both formats, these formats have been able to be reverse engineered to varying degrees of success. This page will currently only cover the version 2 smart card format though, since that is the format we have the most information on. | ||
=== Version 2 === | === Version 2 === | ||
Version 2 smart cards make use of a header and TLVs (type-length-value) to store data. Version 2 smart | Version 2 smart cards make use of a header and TLVs (type-length-value) to store data. Version 2 smart card data can have one TLV at minimum for the main card data that corresponds to the card type in the header. If the card type is not a deregistration card, the data can also contain an optional title TLV, which has to precede all other TLVs and contains text for a title that will be displayed when the smart card is inserted into the box. Multiple TLVs in general can be added if the card type isn't deregistration or if it is set to be a "multi" card. | ||
{| class="wikitable" | |||
|- | |||
! Offset | |||
! Length | |||
! Description | |||
|- | |||
| 0x00 | |||
| 1 byte | |||
| Version identifier. Always <code>2</code> (0x32) | |||
|- | |||
| 0x01 | |||
| 1 byte | |||
| Card type | |||
|- | |||
| 0x02 | |||
| 1 byte | |||
| CRC value. This is an optional field and a value of 0xff can be specified to make WebTV/MSN TV ignore the CRC | |||
|- | |||
| 0x03 | |||
| Variable | |||
| TLV data | |||
|} | |||
==== TLVs ==== | |||
'''TODO''' | |||
For now, we'll be focusing on Go To cards, as that's what we have info on. | For now, we'll be focusing on Go To cards, as that's what we have info on. |
Revision as of 21:50, 4 August 2023
WTVP |
---|
Overview • List of WTVP Services • WTVP-specific Content-Types • Status Codes |
Concepts |
Tokens • Tickets • Capability Flags |
Headers |
Header List • Data Types • Common Request Headers |
Processes |
First-Time Registration • Headwaiter (Login) • Messenger Services • Favorites • Checking for new mail • Retrieving settings • Obtaining new wtv-tickets • Smart Card • Miscellaneous |
URLs for WTVP Services |
wtv-1800 • wtv-aroundtown • wtv-author • wtv-center • wtv-chat • wtv-content • wtv-cookie • wtv-customscript • wtv-disk • wtv-epguide • wtv-favorite • wtv-flashrom • wtv-guide • wtv-head-waiter • wtv-home • wtv-intro • wtv-log • wtv-mail • wtv-news • wtv-notices • wtv-partner • wtv-passport • wtv-register • wtv-setup • wtv-smartcard • wtv-spot • wtv-star • wtv-tricks • wtv-tutorial |
WIP
Smart Cards were used on the WebTV and first-generation MSN TV service to take the user to a site, set up ISP options, etc. They were rarely utilized, and were removed on the MSN TV 2.
WebTV/MSN TV boxes support smart cards that are compliant with the ISO-7816 standard, and can hold up to 122 bytes of data.
Format
WebTV/MSN TV smart cards use a proprietary format to store data. There are two known versions of the format WebTV Networks developed: version 1 and version 2. The only smart card known to be produced for WebTV boxes (the Sony smart card bundled with Sony INT-W200 Internet Terminals) uses the version 2 format, though.
Thanks to internal WebTV pages from a "smart card factory" service containing JavaScript that directly handled writing in both formats, these formats have been able to be reverse engineered to varying degrees of success. This page will currently only cover the version 2 smart card format though, since that is the format we have the most information on.
Version 2
Version 2 smart cards make use of a header and TLVs (type-length-value) to store data. Version 2 smart card data can have one TLV at minimum for the main card data that corresponds to the card type in the header. If the card type is not a deregistration card, the data can also contain an optional title TLV, which has to precede all other TLVs and contains text for a title that will be displayed when the smart card is inserted into the box. Multiple TLVs in general can be added if the card type isn't deregistration or if it is set to be a "multi" card.
Offset | Length | Description |
---|---|---|
0x00 | 1 byte | Version identifier. Always 2 (0x32)
|
0x01 | 1 byte | Card type |
0x02 | 1 byte | CRC value. This is an optional field and a value of 0xff can be specified to make WebTV/MSN TV ignore the CRC |
0x03 | Variable | TLV data |
TLVs
TODO
For now, we'll be focusing on Go To cards, as that's what we have info on.
This is the data stored on a Go To Smart Card:
2Gÿt�Sony Value G�i999999
We can break this data up into several parts to get all the data that the server decodes.
The first byte is the Smart Card generation, which appears to always be 2 except for a special type of Go To card, which uses generation 1. "Generation" is assumed to refer to the data format for the card, not a different version of Smart Cards themselves.
The second byte is the Smart Card type, which is (G)o To in this case. Other observed values include (O)penISP and (A)ffinity.
ÿ appears to be a separator, which is followed by t�, which defines the start of the Smart Card title.
G�i appears to stand for "Go To ID", which is the ID for the Go To card. The ID has a corresponding URL that is stored on the server. If the ID is unknown, then a message about the Smart Card being expired or not yet active is sent to the client. The reasoning for this approach appears to be due to the size limit of Smart Cards (around 25 bytes) and so malicious cards can't be spread around.
So, to recap:
Card Generation: 2 Card Type: G Card Title: Sony Value Card ID: 999999
Service Side
When a smart card is inserted into the WebTV/MSN TV receiver, it will show a message on the screen with the smart card name and a progress bar. In the background, the box will contact the URL from the wtv-smartcard-inserted-url
header sent from headwaiter, which is usually wtv-smartcard:/insert
. The box will POST
the raw data read from the card to the URL. While official clients can supposedly send the smart card data raw, it has only been documented to send the data as a Base64 encoded string with every 4 bytes swapped:
POST wtv-smartcard:/insert\r\n User-Agent: Mozilla/4.0 WebTV/2.6 (compatible; MSIE 4.0)\r\n wtv-show-time-record: 4 <wtv-home:/home?>\r\n wtv-request-type: primary\r\n wtv-incarnation: 14\r\n Content-type: application/octet-stream\r\n Content-length: 36\r\n \r\n /fkMTtAd552bhZFIlVHbHcEI5kTa5kTO==QO
The server will unswap the bytes, decode the data into its raw binary form, and then parse it as smart card data to determine what to do with it. While the specifics of the wtv-smartcard
aren't well known, what is known is that the server will redirect the box to the website if the smart card data is for a "Go To" card and send an error page is the data is invalid.
In some cases, the box will send an error header (e.g: "error=-68") if something goes wrong.