What APDU command gets card ID
Solution 1
The answer given before is wrong. This is because we are not talking about a ISO 7816 command here but a internal command of the PC/SC API.
The APDU "0xFF 0xCA 0x00 0x00 0x00" is in fact correct and I have cards for which I get a 7 byte answer. Please note that this will only work with contactless (RFID) cards because this UID is part of the radio protocol. Please note further that some chips will return a new random UID after each power up. This is for example true for my passport chip as well as my german national identity card and a countermeasure to prevent tracking of card holders. In theory such random UIDs shall begin with 0x08 but this is not always the case.
As the UID is a "internal" value of the protocol, the APDU in question is NOT sent to the card but is only a internal command (of the PC/SC Interface) to get the UID from the card reader driver. CLA 0xFF is generally not in normal use as it is only used for reserved for "Protocol Parameter Selection" (PPS). PC/SC abuses this CLA for internal commands.
The command here is the PC/SC internal "Get Data" Command, specified in Part 3, Section 3.2.2.1.3 of the PC/SC specification. Here P1 and P2 have special predefined meanings, so there is no point in trying different values. The standard only defineds P1=0,P2=0 for getting the UID and P1=1,P2=0 for "all historical bytes from the ATS of a ISO 14443 A card without CRC". Other values are not supported.
Interestingly the answer 0x6A 0x88 is not defined in the standard. 0x6a 0x81 would mean "Function not supported" which would be the case which cards which don't have a UID (standard mentions 7816-10 contact card). The two other defined answers (0x62 0x82 and 0x6C 0xXX) define a mismatch between the requested answer length and the actual amount of data and won't occur here, because we simply request any length data by specifying 0 in the last byte of the request.
So why it isn't working for the submitter I don't know. For me it works, some cards return 4 bytes, other return 7 bytes.
See the PC/SC standard, part 3 in particular, here: http://www.pcscworkgroup.com/specifications/specdownload.php
Solution 2
0xCA is the GET DATA command. You must supply a TLV Tag in P1-P2.
ISO 7816 part 6 "Interindustry data elements for interchange" has a list of these tags, but none of them corresponds unambiguously to "card ID". I suggest that you try all values of P2, with P1 equal to 0x00, 0x5F, or 0x7F, to find out which data elements are supported by your card.
Related videos on Youtube
dr_begemot
Updated on May 29, 2021Comments
-
dr_begemot over 1 year
Which APDU command gets 7 bytes of the card ID? I use T=CL (ISO7816) protocol with ISO14443 layer. On detect card I can see only 4 bytes of the card ID. I found that this should be the APDU command to get a card ID. For example its:
0xFF, 0xCA, 0x00, 0x00, 0x00
but result of this command is:6E 00, that on specifications of APDU answers tell that "Class not supported"Then I found that its APDU command may be as:
0x00, 0xCA, 0x00, 0x00, 0x00
this command return6A 88
where6A XX- "Wrong parameter(s) P1-P2" and88- "Referenced data not found"What you think about it?
Thank you!
P.S. All command as:
CLA, INS, P1, P2, LenData, Data
Other my command work normaly (such as sellect aplet and work with it), problem only at getting card ID -
dr_begemot over 10 yearsThe command {0x00, 0xCA, 0x00, 0x5F, 0x00} or {0x00, 0xCA, 0x00, 0x7F, 0x00} returned error 6A 88
-
TonyK over 10 yearsYes, of course. You must try all values of P2, from 0x00 to 0xFF, together with the three values 0x00, 0x5F, and 0x7F for P1. That's 768 combinations in total. -
Michael almost 10 yearsThis document gives some more insight into the UID of RFID cards, including the random UIDs and also how to determine other non-unique UIDs: nxp.com/documents/application_note/AN10927.pdf