User:Wtv-411/Smart Card

From WebTV Wiki
< User:Wtv-411
Revision as of 12:13, 5 August 2023 by Wtv-411 (talk | contribs) (→‎Known TLVs: Add info on the rest of the TLVs)
Jump to navigation Jump to search
WTVP
OverviewList of WTVP ServicesWTVP-specific Content-TypesStatus Codes
Concepts
TokensTicketsCapability Flags
Headers
Header ListData TypesCommon Request Headers
Processes
First-Time RegistrationHeadwaiter (Login)Messenger ServicesFavoritesChecking for new mailRetrieving settingsObtaining new wtv-ticketsSmart CardMiscellaneous
URLs for WTVP Services
wtv-1800wtv-aroundtownwtv-authorwtv-centerwtv-chatwtv-contentwtv-cookiewtv-customscriptwtv-diskwtv-epguidewtv-favoritewtv-flashromwtv-guidewtv-head-waiterwtv-homewtv-introwtv-logwtv-mailwtv-newswtv-noticeswtv-partnerwtv-passportwtv-registerwtv-setupwtv-smartcardwtv-spotwtv-starwtv-trickswtv-tutorial

WIP


Smart Cards were used on the WebTV and first-generation MSN TV service to take the user to a site, set up ISP options, etc. They were rarely utilized, and were removed on the MSN TV 2.

WebTV/MSN TV boxes support smart cards that are compliant with the ISO-7816 standard, and can hold up to 122 bytes of data.

Format

WebTV/MSN TV smart cards use a proprietary format to store data. There are two known versions of the format WebTV Networks developed: version 1 and version 2. The only smart card known to be produced for WebTV boxes (the Sony smart card bundled with Sony INT-W200 Internet Terminals) uses the version 2 format, though.

Thanks to internal WebTV pages from a "smart card factory" service containing JavaScript that directly handled writing in both formats, these formats have been able to be reverse engineered to varying degrees of success. This page will currently only cover the version 2 smart card format though, since that is the format we have the most information on.

Version 2

Version 2 smart cards make use of a header and TLVs (type-length-value) to store data. Version 2 smart card data can have one TLV at minimum for the main card data that corresponds to the card type in the header. If the card type is not a deregistration card, the data can also contain an optional title TLV, which has to precede all other TLVs and contains text for a title that will be displayed when the smart card is inserted into the box. Multiple TLVs in general can be added if the card type isn't deregistration or if it is set to be a "multi" card.

Offset Length Description
0x00 1 byte Version identifier. Always 2 (0x32)
0x01 1 byte Card type
0x02 1 byte CRC value. This is an optional field and a value of 0xff can be specified to make WebTV/MSN TV ignore the CRC
0x03 Variable TLV data

TLVs are simple structures that store data under certain types. They can technically hold up to 256 bytes of data, and follow this format:

Field Type Description
Type uint8 Type value
Length uint8 8-bit length of value
Value Byte array Variable length value data

Known Card Types

  • A - Affinity. This feature is currently undocumented, but involves an enrollment and program code
  • F - Favorites
  • W - Deregistration. Only the deregstration TLV can be present in the smart card data if this type is set
  • O - OpenISP (Use your own ISP)
  • G - Go To (a website)
  • M - Multi-card. Stores TLVs for different card types

Known TLVs

TLVs will be listed by their type code

"t" (Title)
  • Description: Specifies a title to give the smart card. Optional, but has to precede all other TLVs. This TLV can not be present in deregistration smart cards
  • Value: The title for the smart card
"A" (Affinity data)
  • Description: Required for Affinity smart cards
  • Value: Structure. A byte for the version number (either 1 for version 1 Affinity data or 2 for version 2 Affinity data), followed by the actual data.
    • For version 2 Affinity data: The format is the program code, a tab character (0x09), and the enrollment code
    • For version 1 Affinity data: Just the enrollment code is added
"G" (Go To data)
  • Description: Data that defines a website the smart card will make the box access. Required for "Go To" smart cards
  • Value: Structure. A byte for the type of website to be accessed (i - Server-side numeric ID that will be translated by the WebTV/MSN TV service, h - HTTP URL, s - HTTPS URL), followed by a numeric ID if the type is i, or the direct URL for the site without the "http(s)://" prefix.
"O" (OpenISP)
  • Description: Data for setting up a predefined custom ISP to connect to WebTV/MSN TV with. Required for OpenISP smart cards
  • Value: "1", followed by the ISP information separated with a tab character (0x09)


ISP information structure:

  • ISP name - String
  • 0x09 separator
  • ISP login name - String
  • 0x09 separator
  • ISP password - String
  • 0x09 separator
  • Primary modem number - 10-digit phone number
  • 0x09 separator
  • Backup modem number - 10-digit phone number. Optional
"W" (Deregistration)
  • Description: Data for de-registering a client. If this TLV is used, then the card type must be set to deregistration as well and no other TLVs may be added
  • Value: Binary structure

Deregistration data structure:

Offset Length Description
0x00 4 bytes Contains a specific sequence of bytes (in hex: 31 75 fa b0). Purpose for these is unknown
0x04 4 bytes A UNIX timestamp for when the deregistration card expires. On the WebTV smart card factory pages, this is always set to 0xffffffff to set it to not expire
0x08 Variable Deregistration code

TODO


Service Side

When a smart card is inserted into the WebTV/MSN TV receiver, it will show a message on the screen with the smart card name and a progress bar. In the background, the box will contact the URL from the wtv-smartcard-inserted-url header sent from headwaiter, which is usually wtv-smartcard:/insert. The box will POST the raw data read from the card to the URL. While official clients can supposedly send the smart card data raw, it has only been documented to send the data as a Base64 encoded string with every 4 bytes swapped:

POST wtv-smartcard:/insert\r\n
User-Agent: Mozilla/4.0 WebTV/2.6 (compatible; MSIE 4.0)\r\n
wtv-show-time-record: 4 <wtv-home:/home?>\r\n
wtv-request-type: primary\r\n
wtv-incarnation: 14\r\n
Content-type: application/octet-stream\r\n
Content-length: 36\r\n
\r\n
/fkMTtAd552bhZFIlVHbHcEI5kTa5kTO==QO

The server will unswap the bytes, decode the data into its raw binary form, and then parse it as smart card data to determine what to do with it. While the specifics of the wtv-smartcard aren't well known, what is known is that the server will redirect the box to the website if the smart card data is for a "Go To" card and send an error page is the data is invalid.

In some cases, the box will send an error header (e.g: "error=-68") if something goes wrong.