I recently got an Atmel AtMega163-based smartcard for some side channel experiments, along with a SASEBO-W board. I owe a debt of thanks to Cryptography Research Inc. & Sakura for setting all that up!
Anyway I also got a normal smartcard reader, and wanted to experiment with programming the card & using it in a reader. I’m using SOSSE for these experiments.
It’s worth nothing these cards are pretty old now! They were used a bunch in the hayday of satellite hacking… I don’t know if that’s still going on, but you might be able to pick some up pretty easy. The AtMega163 processor itself was EOLd in 2002 (10 years ago!!), so I’m also sceptical if there are any new ones made. Note you can use any AVR & program it with the SOSSE code, the SmartCard is just a form factor.
Internally, the SmartCard has this schematic:
The pinout of the card contact is looking AT the card. The easy way to figure it out is look for the GND contact, note how it covers the middle part.
What this means is you can use any old AVR programmer. I had a JTAG2 so could use that in ISP mode, although you can find an http://www.makomk.com/2010/02/04/arduino-based-funcard-programmer/|Arduino based Funcard Programmer] too. Remember you can use any AVR programmer that supports the Mega163 (more on this later). Your normal AVR programmer probably has a 6-pin or 10-pin header, so you just map between them.
Note you also need a clock! This is besides the SCK pin – you also need to provide a fast clock into the ‘CLK’ pin. If you have another AVR around program the ‘CLKOUT’ fuse & take the clock on the output pin, that is by far the easiest. Or you can use the timer to generate an output pin (see the Arduino programmer, it does that). Alternatively if you have an AVR with a crystal, you can pick off the XTAL2 (not XTAL1) pin and feed that in. Here is a photo of my setup… I’m using the SASEBO-W board for power. I’ve fed an external clock in (it does provide a clock, but I tri-stated it because I needed the IO lines tri-stated too) from an AVR using the XTAL2 trick. Finally you can see the cable to the programmer:
So what software to program with? avrdude claims to support the Mega163, so you could use that. Although my tests showed it did not work – FLASH couldn’t be verified, and the fuses didn’t read properly (not good – if SafeMode asks you to change fuses back say NO!).
AVRStudio doesn’t support the Mega163. BUT – you can use the Mega363, which is essentially the same part. I used AVR Studio 4 for my programming & verification… worked perfect! Programmed both Fuses & FLASH.
One final problem: my SCR335 card reader didn’t recognize the smartcard. It turns out the default fuses have the clock mode as “Crystal Oscillator, Slowly Rising Power” (see Fuses tab in AVR Studio). While the SmartCard Specs say the Answer To Reset (ATR) needs to occur 400-40000 cycles after the SmartCard reader resets the card & starts the clock. At 67mS delay, that is 268000 cycles! So the SmartCard reader doesn’t even see the ATR, it’s given up already. You need to change the fuse to ‘fast rising power’. I also switched it to ‘Ext. Clock’, as it’s technically the correct option since you don’t have a crystal oscillator (e.g.: you don’t need the XTAL2 output).