Skip to content
Martin Paljak edited this page Feb 27, 2019 · 15 revisions

2018 Estonian ID-card and NFC

Highlights:

  • NO specs whatsoever in TD-ID1-Chip-App v0.8, except a slight hint:
    • id-PACE-Nist-P256 AES-CBC-CMAC-256 "To exchange APDU in Contactless with PKI application in a secure channel. No applicative privileges are granted" on page 12 in "IFD (Interface Device)" section.
    • Incorrect claim on page 14 regarding EF.CardAccess:
      • PACEDomainParameterInfo: BRAINPOOL_P384_R1 (BrainpoolP384r1)
      • actual curve used is P256

Real life:

CAN

  • 6 digit number on the lower front right corner. printed with OCR-B font
  • Not possible to change!

WARNING-WARNING-WARNING

Leaving the card on a powered NFC reader for overnight can have disastrous consequences. This is how the ATR of the card looks like on the contact interface:

[*] [   ] ACS ACR 38U-CCID 01 00
          3B0FD8D8D8D8D8D8D8D8D8D8D8D8D8D8D8

versus a working card:

[*] [   ] ACS ACR 38U-CCID 01 00
          3BDB960080B1FE451F830012233F536549440F9000F1

In other words - the card is fried/bricked/useless. If leaving in the powered RF field is to blame, is unverified (would mean trying to brick another card).

Clone this wiki locally
You can’t perform that action at this time.