Calypso Explorer now available for download

SpringCard contactless readers are often used together with Calypso cards, that are used worldwide by some major transport operators (‘Navigo’ in Paris for instance). We are now offering for free two software utilities we’ve developed to retrieve and explain the content of those cards :

  • Calypso XML Dump is a CLI written in C that reads the files of a Calypso card (‘1TIC.ICA’ card application), applies Intercode rules to decode the records, and export the result as XML files. This is convenient to make dumps of cards for later processing.
  • Calypso Explorer is a .NET based software with an ‘explorer-like’ GUI. It also reads the files and applies the Intercode rules, then directly show the result in its window.

Both software work with PC/SC readers. They make use of SpringCard library for Calypso (provided as a DLL in the package).

Download SpringCard Calypso Explorer software

Complete source code is provided, showing how you can embedd this DLL into your own sofware. It allows fast and easy development of PC-based applications using Calypso cards. Our LICENSE allows you to use the software freely (binary and/or source) provided that you use it together with one of our hardware products (to name a few : Prox’N’Roll PC/SC, CSB6 PC/SC, CrazyWriter PC/SC).

Screenshots :

Calypso Explorer : select the PC/SC reader
Calypso Explorer : choosing the PC/SC reader

Calypso Explorer : card's details
Calypso Explorer : dump of the card.
It reads Card.EnvHolder.Record #1.Environment.Network = 250901. This is a ‘Navigo’ card, from Paris network (subway and suburbian trains).

Calypso XML Dump
Calypso XMP Dump : the same card, shown as XML.
Call calypso_xml_dump -o xml_file.xml to redirect the output to a file.

References :

  • Calypso is a standard initially developed and promoted by Innovatron, SNCF and RATP in Paris. It is now promoted by a non-for-profit-organisation, the Calypso Network Association. Note that access to the specification of the cards is limited, and that some features of the cards have been patented by Innovatron (secure session and ratification). Our customers shall buy readers including the patent licence-fee (‘-C’ suffix in the part number) if they want to perform a complete Calypso transaction.
  • The Intercode specification describes how the record shall be structured (the final aim is to achieve interoperability between transport networks). It is based on the data types described by EN1515 standard. The specification is available at

Calypso Explorer has been developed with SharpDevelop IDE, a really good alternative to Microsoft Visual Studio (fast, easy, and on top of that, free and open). Calypso XML Dump has been developed with Microsoft Visual C++ 6.

Why one shouldn’t trust card’s serial number

Both ISO 14443 and ISO 15693 mandates that the contactless/proximity cards or tags all have a ‘more-or-less unique’ physical identifier, that is required to identify the card or tag during the initial discovery process (and during the anti-collision loop when there’s more than one card in the field).

This identifier is called UID in 14443-A and in 15693, PUPI in 14443-B. But whatever the name, we write ‘more-or-less unique’, because nothing mandates this identifier to be actually unique (PUPI stands for Pseudo-Unique PICC identifier). Sometimes it is a random number, sometimes a fixed number shared by a large set of cards. More than that, nothing makes it technically impossible to have two cards with the same physical identifier.

Anyway, in the early years of 13.56MHz technologies, a lot of systems have been designed that use this physical identifier as the only ‘key’ to recognize either a human (the card holder) or an object (RFID-tagged). Nowadays, a lot of systems still rely on this ‘key to access services or to claim credentials. This could be loyalty coupons, stadium or gymnasium entry, physical access control, whatever service where the physical identifier is the pointer to some database records.

SpringCard has always adviced its customers not to rely on the physical identifier for any ‘serious’ application, where someone could steal money or enter a place he shouldn’t simply by cloning a physical identifier, because  it has been known for years that ‘forging’ a physical identifier is not difficult for the man of the art :

  • Tools used in the laboratories or for production (Micropross or SmartWare to name a few) are able to emulate any card, and require no specific skills (just some money anyway),
  • Tools used by RFID-enthouastics (or RFID-hackers) such as ProxMark iii or OpenPICC are able to do the same just by writing a few lines of code – and they cost almost nothing,
  • NFC chipsets are now widely available. As a ‘good-practice’, their manufacturer don’t let the user define freely all the bytes of the identifier when running in card emulation mode, but I wouldn’t bet that no backdoor exists to overcome this.

Anyway, it is generally admitted that the risk was ‘acceptable’ in most situations, mostly because the tools that may emulate a card don’t look like a card, so any visual inspection of the card (or just a human presence or a camera nearby) is likely to prevent the fraud. But this is not true, as we’ll see now.

Atmel has a family of contactless memory cards called CryptoRF. The biggest one is a 8-kB card called AT88SC6416CRF. Note that the very-first page of its datasheet clearly says ‘User-defined Anticollision Polling Response‘. It looks like Atmel has opened Pandora’s box, making it possible to put any physical identifier in their cards – in other words, making it possible to clone very easily any physical identifier (and of course, as they are real cards, they can be printed to look just like the genuine one).

Here’s a step by step demo (it has been done using ‘console’ access to SpringCard Prox’N’Roll running in legacy mode, but this is transposable to any product supporting ISO 14443-B). We use two cards to demonstrate how we clone the identifier :

  • The ‘source’ card is a ‘Mobib’ card (Calypso-compliant, STIB network),
  • The ‘target’ card is an Atmel AT88SC6416CRF. It is totally blank (out of factory), and one may get free samples rather easily at Atmel’s.

Mobib card

1. We retrieve launch the card discovery process (‘poll’ command) and retrieve the PUPI of an ISO 14443-B card. This is our Mobib.

CryptoRF card

2. Let’s do the same with our Atmel memory card. Out of factory, they all have the same PUPI : FFFFFFFF.

3. We send three  commands to the cards :

– a. we select the card (this is an ATTRIB, but we do not use the ‘attrib’ command as the card is not T=CL compliant),

– b. we select the first user zone (seems to be required before trying to access system zone),

– c. the system zone is write-protected, we gain access by sending the password (default password specified in datasheet).

4. Et voila ! The Atmel card has exactly the same identifier as the genuine Mobib.

Note that we should have also changed the protocol bytes that follow the PUPI in card’s ATQB. This would have only required one more command.

So, the moral is, never trust the identifier returned by the card. Even the database-centric architectures shall implement a decent dynamic authentication between the card and the ‘system’ (application, server, SAM, whatever) to ensure a decent security level.