Issuance
Modes
Modes are confirmed in several references, however it is unknown if DES issuance uses different commands to AES issuance, or if an implementation also takes into account the current mode it is in.
Register Area1234
Unconfirmed
The field format for this command is unknown, and is just a guess.
| Current Mode | 2 | 3 |
|---|---|---|
| Mode Transition | 3 | 3 |
| Field | Size | Note |
|---|---|---|
| Code | 1 | 0x?? |
| IDtc | 8 | |
| Area code | 2 | Required outside of encrypted package to select decryption key |
| Area registration package | 2 |
| Field | Size | Note |
|---|---|---|
| Code | 1 | 0x?? |
| IDtc | 8 | |
| Status Flag 1? | 1 | |
| Status Flag 2? | 1 |
Area registration package5
This bytearray is encrypted (with what padding? with CBC?) with its parent area's key.
| Field | Size | Note |
|---|---|---|
| Start service code (Area code) | 2 | |
| End service code | 2 | |
| Number of allocated blocks | 1? | |
| Area key | 8/16? | See below |
| Area key version? | 2 | |
| MAC | 8/16? | See below |
The length of the area key may depend on the encryption type that the created area would use. It is unknown how both an DES and AES key would be provisioned for one area.
The MAC may be a CBC-MAC on DES/AES as it is used in other areas of implementation; hence, the card would only need to validate by comparing the area codes outside and within the encrypted package, then the MAC.
Register Service1234
Unconfirmed
The field format for this command is unknown, and is just a guess.
| Current Mode | 2 | 3 |
|---|---|---|
| Mode Transition | 3 | 3 |
| Field | Size | Note |
|---|---|---|
| Code | 1 | 0x?? |
| IDtc | 8 | |
| Service code | 2 | Required outside of encrypted package to select decryption key |
| Service registration package | 2 |
| Field | Size | Note |
|---|---|---|
| Code | 1 | 0x?? |
| IDtc | 8 | |
| Status Flag 1? | 1 | |
| Status Flag 2? | 1 |
Service registration package
This bytearray is encrypted (with what padding? with CBC?) with its parent area's key.
| Field | Size | Note |
|---|---|---|
| Service code | 2 | |
| Number of allocated blocks | 1? | |
| Service key | 8/16? | See below |
| Service key version? | 2 | |
| MAC | 8/16? | See below |
The length of the service key may depend on the encryption type that the created area would use. It is unknown how both an DES and AES key would be provisioned for one service.
The MAC may be a CBC-MAC on DES/AES as it is used in other areas of implementation; hence, the card would only need to validate by comparing the service codes outside and within the encrypted package, then the MAC.
Set Relational Service3
Register Issue ID1234
Sets:
- Issue ID (IDi)
- Issue parameters (PMi)
- System code
- Area 0000 key
Resets services (and areas?) and initialises memory allocation.
| Current Mode | 2 | 3 |
|---|---|---|
| Mode Transition | 3 | 3 |
Register Issue ID Extended3
Sets:
- Issue ID (IDi)
- Issue parameters (PMi)
- System code
- System key
- Area 0000 key
Resets services (and areas?) and initialises memory allocation.
Note: the below is inferred from the Register Issue ID command.
| Current Mode | 2 | 3 |
|---|---|---|
| Mode Transition | 3 | 3 |
Separate System67
Performs system separation on a PICC, effectively providing multiple logical PICCs that can be selected by a reader on the one physical IC.
Change System Block4
| Current Mode | 3 |
|---|---|
| Mode Transition | 3 |
Register Manufacture ID124
For manufacturing purposes, accessible on unfused cards where IDm is all 00. Sets:
- Manufacture ID (IDm)
- Manufacture parameters (PMm)
- System code
- System key
- Area 0000 key
Clears Issue ID (IDi) and Issue parameters (PMi).
| Current Mode | 2 | 3 |
|---|---|---|
| Mode Transition | 3 | 3 |
-
Sony Corporation. Operational Description - Model RC-S430C. URL: https://fccid.io/AK8S430C/Operational-Description/Operational-Manual-83065.pdf (visited on 2024-07-14). ↩↩↩↩
-
Sony Corporation. FeliCa Reader/Writer RC-S441C and RC-S445C - Users Manual. November 1999. URL: https://fccid.io/AK8S441C/User-Manual/Users-Manual-82979.pdf (visited on 2024-07-14). ↩↩↩↩
-
Sony Corporation. RC-S493B Product Specifications (Preliminary). Technical Report M440-E0.9-10, Federal Communications Commission, May 2008. URL: https://fccid.io/AK8RCS493B/User-Manual/User-Manual-950071.pdf. ↩↩↩↩↩
-
哲郎 後藤, 伸一 福田, 憲人 三保田, and 正俊 上野. 通信装置及び通信方法、コンピューター・プログラム、並びに通信システム. March 2011. URL: https://patents.google.com/patent/JP4661952B2/ja (visited on 2024-06-18). ↩↩↩↩↩
-
進 日下部, 昌幸 高田, and 将央 佐々木. 情報処理装置および情報処理方法. January 2008. URL: https://patents.google.com/patent/JP4029234B2/ja (visited on 2024-06-22). ↩
-
Manabu Mitsuyu and 学 三露. 情報処理装置、icチップ、情報処理方法、プログラム、及び情報処理システム. August 2013. URL: https://patents.google.com/patent/JP2013168117A/ja?q=(%22Separate+Command%22)&assignee=Sony+Corp&oq=%22Separate+Command%22+Sony+Corp&sort=old&page=2 (visited on 2024-07-14). ↩
-
Taro Kurita and 太郎 栗田. データ通信装置及びデータ通信装置のメモリ管理方法. July 2005. URL: https://patents.google.com/patent/JP2005196412A/ja (visited on 2024-06-18). ↩