Manual V6 extraction

This page was originally written by Satgirl.
It is translated and edited by Kcplus for me, to use on this site.
Many thanks to Satgirl and Kcplus for this wonderfull contribution.
J Satgirl © Document original du 5 juin 2001 modifié le 10 août 2001.
Please Note:
This extraction method does pose a certain risc to your card. The method can destroy your card and leave it unusable. So if the V6 card is the only card you have and you are paying subscription fees for it, then please leave your card alone. However, if you carefully follow this instruction step-by-step, the risc of damage is not too big. And in case some damage is done in the process, the card will in most cases be recoverable. But don't say I didn't warn you.

Some practical hints up front:
This method requires a certain amount of basic knowledge about the Seca system. It is not meant for the layman. So do read as much about the Seca algorythm as you can find. There are several good documents in the download section of this site. Just have a look in the Documentation folder. Furthermore you will need to be experienced in using software like MKFind and SecaRL. In other words; this tutorial is not for the inexperienced user.

You can manually input commands and send them to the card (command input).
Only when the signature (8 bytes) is valid, the instructions will be accepted by the card. The signature can either be input manually, following nano 82, or it can be calculated by the software, using the Autosig function (In MKF tick the option Auto Sig). If you would like the software to do the calculation for you, you will need to enter a valid masterkey in the settings/parameters of the software. The length byte LN (f.i. C1 3C 0x 0y LN etc.) can be calculated automatically too. Just enter the value "00" for LN and the byte value will be calculated (In MKF tick the option AutoLen).

A V6 card can be identified by the ATR:
3B F7 11 00 01 40 96 60 60 06 0E 6C B6 D6
Step 1.
Before we can proceed with the manual extraction, we need to create a backdoor key on the Seca provider. Create the key for instance on key 0B (MK 0B = 00 00 00 00 00 00 00 00). It is good custom to use a simple backdoor key (like 8*00) but any other key you like will do too. You can even let the software generate one for you.
Whenever you see the letters MK in the rest of this document, the backdoor key you chose (f.i. 0B) is meant. And remember to delete the backdoor key when you have finished your extraction. Providers will sometimes use a check on the existence of a backdoor key and if they find one on your card, they will disable the card. So always remove all temporary keys from your card when you are finished.

Step 2.
Please Note:
It is absolutely necessary that a record 15 56 exists in the cardrecords!

Checking for this existance is done as follows:
Send: C1 34 00 00 03 06 15 56
Status: 90 00
Send: C1 32 00 00 12 , the answer should look something like this:
Answ: C1 32 00 00 12 32 D2 15 56 00 00 00 00 00 80 00 E0 00 0F FF F0 00 00 03
Status: 90 00
This answer proves the existance of a record 15 56. And what is great about this record is that it contains part of the startup record as it exists in the in record 00 01 of your card.

If the record does not yet consist, don't panic, we will just simply write an extra provider (ident 00 50 ) to the card. Use the backdoor MK that you created on the Seca provider as a signature.

Send: C1 40 00 MK 00 23 00 50 82 SigMK
Status: 90 19
Don't bother about a name for the provider as we will be deleting this provider, as soon as the extraction was completed, anyhow.

Now we will again execute the above mentioned instructions C1 34 / C1 32.
If the record 15 56 still doesn't show up, just keep adding providers ( 00 51 etc.) until the record 15 56 shows up. In general, the record 15 56 will show after having added 1 or 2 providers. Now in worst case scenario, if record 15 56 doesn't show up, not even after having reached the maximum number of providers, then you can have a look if a record 2A AA exists. However, as this record contains only few plain bytes, the extraction will take a very, very long time.

If record 15 56 is present on the card, we can prepare the card to extract the keys that we are interested in.

Step 3.
The next procedure will modify the content of record 00 01 of your card.
Generally this record contains the startup record.
You have just learned that part of record 00 01 is contained in record 15 56 as well. So by writing a key into record 00 01, we have the possibility to make part of that key "plain" visible.

So we need to send the following instruction to the card in order to reach this goal:
C1 3C 0x 0y 18 ZZ ZZ ZZ ZZ ZZ ZZ ZZ ZZ AA AA AA AA AA AA AA 82 Sig = Answ: C1 5A 0x 0y 08

So where do we get the variables, used in this instruction:
0x = provider number of which we want to extract a key (f.i. provider 00 or 01)
0y = the key to be extracted (the one we are going to write to record 00 01) of provider 0x (f.i. key 00, 01, 0C etc.)

Now the 8*ZZ is contained in the answer to this set of instructions:
Send: C1 38 0x 8y 09 AA AA AA AA AA AA AA 82 00
Status: 90 02
Send: C1 3C 0F 0F 00
Status: 90 04
Send: C1 3A 00 00 08
Answ: C1 3A 00 00 08 3A 80 91 A2 B3 C4 D5 E6 F7 00 FF FF FF FF FF FF FF (example)
Status: 90 00

As written above, the 8*ZZ was extracted, using the instructions described above:
ZZ ZZ ZZ ZZ ZZ ZZ ZZ ZZ = 80 91 A2 B3 C4 D5 E6 F7 (example)

Now we can send the instruction to the card. For signing we use the answer to this instruction:
Send: C1 5A 0x 0y 08
Answ: C1 5A 0x 0y 08 5A 08 19 2A 3B 4C 5D 6E 7F (example)
Status: 90 00

These 8 bytes 08 19 2A 3B 4C 5D 6E 7F = Sig = Answ: C1 5A 0x 0y 08 (example)
form the signature.

Please Note:
Make sure that the "Auto Sig" function in your software is switched off for this procedure!!!
Please Note:
For secundary keys, we need to change the "0x" byte in the instruction by "1x".
Don't worry if you get only 7 bytes "AA" for nano 82. It is a technical matter (called "shifting bytes"). And there is less risc involved with AA's than there is with byte "50" which will, on some cards, lead to strange and unexpected results.

OK, now that all parts of the instruction are complete, we can construct the full instruction:
C1 3C 0x 0y 18 80 91 A2 B3 C4 D5 E6 F7 AA AA AA AA AA AA AA 82 08 19 2A 3B 4C 5D 6E 7F
Send the instruction to the card, and you should get a nice " 90 00 " as a result.

Step 4.
In record 00 01 you will now find an exact copy of the key you were looking for........ J

So what's next??
Well, we need to extract the remaining content of record 15 56 by utilizing the known instructions:
Send: C1 34 00 00 03 06 15 56
Status: 90 00
Send: C1 32 00 00 12

This will offer the remainining five ( PLAIN! ) bytes of the key we were looking for. It looks something like this:
Answ: C1 32 00 00 12 32 D2 15 56 K4 K5 K6 K7 K8 A2 00 8Y 00 0F FF F0 00 00 03
Status: 90 00

Step 5.
Restoring the modified record:

a. Clearing record 00 01:
Send: C1 40 00 MK 0E 24 00 XX 10 YY 82 SigMK

00 XX represents the provider index (f.i. 00 00 or 00 19 etc.) of which the key is present in record 00 01.

YY represents the key index (the first byte of the record) of the key in record 00 01 (f.i. F0, 51 etc.)

Please note:
Check very carefully if the instruction that you use to clear record 00 01 is entered correct. It is very easy to make a typing error and your key will be deleted inevitably. So make absolutely sure that you are deleting the right key. In other words, make sure that you are deleting the key that occurs on your card twice!!!
Now first make a card dump to show the actual records on the card. It is just to ensure that record 00 01 is cleared.

b. Restore the startup record:
Send: C1 40 00 MK 15 B0 01 00 00 00 00 00 00 00 00 80 00 82 SigMK

With this instruction we write the startup record to record 00 01 again.
(in this example we use the Dutch version Startup Record)

c. Remove temporary providers:
Send: C1 40 00 MK 0C 25 00 50 82 SigMK (en C1 40 00 MK 0C 25 00 51 82 SigMK etc.)
Status: 90 19

Step 6.
Now we only need to execute the brute force method that we use for every extraction, in order to find the remaining bytes of the key we are looking for. JJ

All the instructions, used in this document, can be entered with MKFind, but there is other software too, that will do the job just as well. A good alternative for instance, is SecaRL.
Both MKFind 4.4 and SecaRL 1.85 use this exact method for their key extraction procedure.

Translated and edited freely by Kcplus & Duwgati.
J Satgirl © Document original du 5 juin 2001 modifié le 10 août 2001