DECiBiT WiFi CRYPTO PHONE



CRYPTO PHONE COMPARISON





















Decibit WIFI Crypto Phone GSMK CP 500 Secusmart Blackphone





(Samsung Galaxy S3) (BlackBerry 10)


Key Length (bits): 112 256 560 512 128 256










Price: $99 (*) $199 $499 $3,500 €2,400 $629

Length: 125 mm 136.6 mm 130 mm 141 mm

Width: 50 mm 70.6 mm 65.6 mm 69 mm

Height: 10.4 mm 8.6 mm 9 mm 9 mm

Volume: 65 cm³ 83 cm³ 76 cm³ 87 cm³

Weight: 69 g 133 g 138 g 119 g

Confidential: Yes Yes Yes Yes

Network: Wi-Fi GSM GSM GSM

Registration: No Yes Yes Yes

Anonymity: Yes No No No

Usage costs: (**) No Yes Yes Yes

RF radiation exposure: (***) 0.063 Watt 2 Watt 2 Watt 2 Watt


















(*) Suggested retail price.
Dealers invest only in the hardware manufacturing cost: 100pcs @ 50 USD/pc, 1000pcs @ 40 USD/pc
Direct shipping from assembly line in China with invoice of hardware manufacturing cost. Shipping courier of your choice.
(**) Mobile plans, calling costs and long term mobile contracts.
(***) The World Health Organization states that the electromagnetic fields produced by mobile phones are classified by the International Agency for Research on Cancer as possibly carcinogenic to humans.

MODE OF OPERATION

CBC (Cipher Block Chaining)

CBC operates the cipher to encrypt data into a stream. The data itself is processed through the cipher architecture. Decibit WiFi Crypto Phone models 112 and 256 apply CBC in short lengths of just 4 blocks per 8 ms cycles. A counter is used at the key input to the cipher. For every cycle the counter is incremented.

CTR (Counter)

CTR mode makes use of the ability of a cipher to function as a pseudo random number generator. CTR operates a single cipher to generate a pseudo random byte sequence and then SCRAMBLE the data with it. The cipher does not work to cryptographically transform the data itself. The resulting ciphertext stream is obtained by obscuring the data with the pseudo random byte sequence. Thus using CTR, the data is randomized in the truest sense of the word.

Decibit WiFi Crypto Phone 560 adopts Vernam cipher using advanced CTR mode with key length of 560 bits where 10 DES cipher operations are performed to generate one 8 byte random block.

This advanced CTR mode operates a multi-core cipher arrangement organized as a parallel cipher array with multiplied key length as a random number generator. The aim is to produce the best possible pseudo random output to hide the data with, depending on combined key length. Cipher architecture has no effect on the strength of the ciphertext, as it only contributes to form the random output.

Key Exchange

Past internet traffic is worthless data and can not be played back a second time, even if one or both of the phones are in possession with the attacker. A two stage RSA encapsulated session key creation, exchange and assembly method assures this:


CRITICIZING IT ALL

crit•i•cize
verb


1. indicate the faults of (someone or something) in a disapproving way
2. to evaluate or analyse (something)

Centralized Phone Systems

GSM mobile phones, landline phones or VoIP type call solutions, can not go together with cryptography and private communications, because all your identity is laid open. Your name, your credit card, your location, your phone number, your call destination etc. is all known.

There may be, now or in future, a backdoor in the very chipset of a smartphone or PC and in operating systems. It's ignorance to trust consumer phones or computers. A government official or a business person ought to question all options and make a well informed decision.

Smartphones And Tablet PC's

A smartphone is the mindless pushing of an originally clever mobile phone idea and transforming it towards a miniature PC with an embedded monitor that is touching your face(!), squeezed into a flat small form factor. And calling it transgression of technology, by adding more features like higher resolution cameras, finger print sensor, GPS etc. All the way ignoring that it's supposed to be a phone!

A tablet PC is the result of a similar transformation, yet this time the reverse way, by transforming a bulky personal computer, that can run Skype, a centralized VoIP voice/video application, into a small form factor, to a smartphone alike mobile device.

The race of the manufacturers, trying to beat the competition, creates more advanced and weird devices, which end up costing very expensive. Phones should not change gender to turn into computers and computers not morph into phones. Such devices are heavy in weight, bulky in size, expensive in price.

The Price

If something costs too much, that's a sign that something is not right. A crypto GSM phone costing several thousand dollars, a smartphone or a tablet PC for a thousand dollar, a VoIP phone adapter with it's hidden recurring costs, calling costs for each call depending on it's duration and destination.

Why shouldn't there be a low priced crypto phone that costs less than 100 USD? With no calling costs for duration and location. Not requiring you to lay open your identity. When you buy a harddisk or a monitor or a network adapter, do you register with your name? Of course not.

A phone that does what it's supposed to do. Crypto included, no calling costs, no registration, lightweight, non centralized. Just acquire it like a computer network accessory and start using it.

Portable Power Chargers

How ridiculous the smartphone concept is getting can be seen from the popping up of portable power chargers like mushrooms. Because a smartphone with 4G runs out of battery very fast.

The band aid solution is a portable power charger that is several times the weight and size of the smartphone itself to be carried in a purse! Carrying half of a kilogram of dead weight. Purely ridiculous. What comes next, carry a car battery with 5G?

Much of the energy stored in the phone battery, which is quiet a lot, is radiated into your brain and body with risk of getting cancer.

VoIP Phone Adapters

These devices (as example magicJack) reduce land line phone bills by transferring the voice data through the internet instead the usual phone line. The adapter itself can't be used for calls, it needs a land line phone. It's the equivalent to smartphone applications, referred to as "WiFi calling", that send your voice data through WiFi instead the usual GSM network. Both try to reduce calling costs by avoiding your phone's main network. Why own a land line or mobile phone if it's original network is being avoided anyways?

GSMK CryptoPhone 500

This is a normal smartphone with modified software. Be aware before putting 3500 USD of your money to this phone. Paying more expensive price don't make you more safe, more so while having 2 units for 7000 USD, with no guarantees in case of theft, damage or loss (there is insurance option upon more of your cash). 512 bit combined key length respresents exceptional strength from mathematical point of view. This CryptoPhone is in correct terms a scrambling phone using CTR mode. Voice data itself was never processed through an encryption algorithm to get encrypted.

Secusmart

A smartphone with modified software plus a security chip P5CC072 from NXP at a price of 2400 EUR. Needs two of them @ 4800 EUR. German government including chancellor Merkel is using it. Don't get fooled, this means nothing regarding security.

Suspicious is that there can't be found any description of how exactly they encrypt voice using AES-128. That is a red flag.

Nothing can be found about how they transfer the voice data to the microSD containing the secure chip. Does it occur in real time? Is the plain voice data transferred to the secure chip and returned is an encrypted byte stream, while in same time the encrypted voice data of caller at the other end is also fed to the same secure chip and returned is the plain voice data to playback? Should we assume it's a scrambling phone?

It's 7816 UART supporting 1 Mbit/s would be sufficient fast enough to exchange 4 voice data streams in realtime. Up TX1 plain, down RX1 encrypted, up TX2 encrypted, down RX2 plain. But did they do so? Or did they also implement CTR mode that uses XOR to scramble? Why would they not reveal any detailed info?

Blackphone

A smartphone with specialty firmware at 629 USD. Needs two of them for 1258 USD.

No secure chip used.

Complexity of smartphone HW and it's pimped up android operating system with 'optimized for security' applications add uncertainty and risks.

Decibit Crypto Phone

An ISM band true voice encrypting private telecom system and mobile phone. Needs 4 of them, a pair of phone and modem for each side. Also requires a PC as the call central. Miniature replica of GSM network including heavy duty RF amplifiers. Embeds security chip AT90SC1818CT from Atmel.

This concept was abandoned in favor of the Decibit WiFi Crypto Phone as the successor.

It was not practical to have a PC running for the internet connection and the call central application that waits for incoming calls etc. Further, using proprietary ISM band wireless RF connection, required a modem, the translator between the phone RF and PC USB protocols. The solution was to eliminate both modem and PC, thus connect the phone direct to internet through Wi-Fi.

Decibit WiFi Crypto Phone

A true crypto phone. This device was engineered in hardware and software completely from scratch to earn to be called a crypto phone.

It does not depend on any 3rd party, except it's electronic components:


Campaign

Wireless GSM telephony is expensive with high smartphone prices, long term mobile plans and accruing calling costs. Calls are prone to be recorded and monitored. Voice quality is poor due high compression ratios. Not to forget the contract that is signed containing personal info.

Introducing the WiFi Crypto Phone

Now there is a choice. A low cost GSM alternative phone. The answer to privacy deficient smartphones. A new method of wireless telephony that is innovative.

Confidentiality through voice encryption is a standard feature.

It has the stylish looks of a smartphone, the mic/speaker marks of a good old land line phone and is the lightest of mobile phones. Assembled are only essential components. Glass screen and keyboard were not needed. Elegant operation with two buttons on the left for navigating the phone book and another one on the right to call.

8000 Hz 8-bit PCM 64 kbps sampled raw voice data is reduced to 32 kbps via 4-bit ADPCM compression, which accounts for good voice quality. Finally triple DES encryption is applied to have a stream of P2P encrypted voice data packets that are sent through the internet.

Contacts and WiFi network credentials are managed with the PC application through USB. Up to 8 networks and 16 contacts can be added.


WiFi to coexist with GSM

Mobile phones are tending towards WiFi and encryption. Yet these attempts don't really feel right. It's like trying to blend oil with water.

Crypto GSM phones for several thousand dollars, smartphones at up to a thousand dollar, VOIP phone adapters with hidden recurring costs...

Not so with the Decibit WiFi Crypto Phone. Dealers invest only in the hardware manufacturing cost. It can't go lower than that. Hence customers get to own this crypto phone at lowest price in the market. [Note: Dealer inquiries are welcome. Direct shipping from assembly line in China.]

This phone contains a U.S. manufactured Wi-Fi module from Inventek Systems, which utilizes a Broadcom MAC / baseband / radio chipset with FCC, IC and CE compliance certification.




Integrated is a secure chip AT90SC1818CT (obtainable only by signing a NDA) that is the core component for key generation and real time voice encryption. Session key is exchanged using 2048 bit RSA asymmetric key encryption. Voice data is encrypted with triple DES and transmitted as CBC stream between WiFi phones.



The secure chip is input with both internal raw voice data of 64 kbps and the encrypted data of 32 kbps received from other phone. It compresses and encrypts the raw data and decrypts and decompresses the encrypted data. It then outputs decoded raw 64 kbps data for listening and encrypted 32 kbps data to be sent to other phone. This cycle repeats every 8ms. Overall data rate to/from secure chip is about 100 Mbyte/h. 1000 triple DES operations are performed every second. Cipher Block Chaining is utilized where a cycle counter is being used as IV and also XOR'ed onto the session key. UDP packets carry a bunch of data of 13 cycles for 104ms length to ensure low latency.

2048-bit RSA key generation and storage happens within secure chip. The phone number is derived from this RSA key. Both RSA key and triple DES session key are managed inside the secure chip. All voice encryption and ADPCM compression are performed within the secure chip. No other cryptophone on the market does this. They use the CPU of the mobile phone for cryptographic tasks. A sophisticated lab can easily extract the keys from such unprotected chips. This phone was therefore designed in hardware and software from scratch for it's main function to provide absolute confidential phone conversations by using a specialty secure chip that is built to prevent and withstand any such extraction attempts.

Any logged past internet traffic is worthless data and can not be played back a second time, even if one or both of the phones are in possession with the attacker. A two stage RSA encapsulated session key creation, exchange and assembly method assures this:

Furthermore, the RSA modulus is not in plain; not due security reasons, but to assure good randomness while deriving the phone number and the UDP socket port number from the RSA key.
Active and user friendly support is provided with AES-128 encrypted automatic firmware updates.

About WiFi and 3G, 4G

WiFi operates on local short range with fastest connection speeds and emitting at low output power thus causing minimal radiation exposure. GSM is exposing the user with increased radiation levels to penetrate walls while connecting with a far located cell tower.

It is reported that the World Health Organization considers cell phone radiation as "possibly carcinogenic". 3G connections are already bad for health, where 4G is worse, causing more exposure to radiation due higher data rates.

This WiFi phone with 63 mWatt has 97% less output power than a GSM phone with 2000 mWatt output power. 63mW/2000mW = 3%.

What does WiFi Telecom mean?

Every WiFi Phone, after switching on and connecting to a Wi-Fi network, registers itself with the server at www.WiFi-Tele.com. The server stores the RSA public key and current IP address and thus functions as a dynamic DNS service provider.

After initiating a call, a direct UDP link is established between phones to exchange encrypted voice data.

Outgoing calls can be initiated from anywhere in the world just by knowing the other phone's number. To receive calls however, the internet modem/router NAT has to be setup for port forwarding, to allow a caller to reach the phone behind the firewall on the local area network.

Only calls between WiFi Phones of this brand are possible. Regular phones can not be called. This WiFi Crypto Phone establishes confidential P2P calls.

WiFi range extenders can be used to amplify any weak spots.

How does it operate?

A phonebook entry is selected by two buttons on the left, navigating through up to 16 phone numbers. Each location is sound encoded in Roman numerals. Empty and unchecked entries are skipped.

Roman numerals from 1 to 16 are:
I, II, III, IV, V, VI, VII, VIII, IX, X, XI, XII, XIII, XIV, XV, XVI

Once a contact is chosen, the call can be initiated by the right side single button, which is also used to end the call. Those left side buttons adjust the volume of the speaker during a call.

Incoming call is signaled by playing a melody or by vibration, which is configured using the PC application.

Coverage is no issue. Plugging in a cheap WiFi repeater to a wall plug ensures good connectivity at all times in a house or office.

Ringing time while a melody is playing is 30s. If one phone ends the call, the other phone will almost immediately mute and end, too. If there is connection loss for longer than 20s, the phone will abort the call.

LED Indicators

Upper red light:  No network.
Green light: Connected to network. The phone is ready to make or receive a call.
Yellow light: Call is in progress.
Lower red light:  Battery charging status.

Specification

Battery: 1200mAh Li-Po for 5 days standby and up to 8 hrs talk time
Size: 125mm long, 50mm wide, 10.4mm high
Volume: 65 cm³
Weight: 69 g (incl. battery)
Confidential:  Yes
Network: Wi-Fi, IEEE 802.11b/g/n, 72 Mbps

Conclusion

In almost all categories, a Decibit WiFi Crypto Phone is an outstanding choice. Be it health related or initial and running costs or legally binding contracts or privacy related issues or the huge value that stands behind the whole project.

Donations will help to recover back the expenses made for secure chip purchase, casing mold and production of the product. Expenses are currently at the 50K$ mark, not including any form of salary or equipment cost.

It is a great feeling to have an encrypted conversation. It must feel weak to be unable to shake off the parasite on your back breathing down your neck that is violating your privacy. For less than 50$/year it is now possible to own and use a crypto phone of great value and exterminate the term "phone bill" at once.


Source code of AES-128 encryption and decryption in AVR Assember


  ;Author: Tayfun Guemues
  ;Date:   July 2001
  
  ;> MAMP-OS V1.2 for 3232C
  ;> ======================
  ;> (July 2001)
  ;>
  ;> New features:
  ;> - AES-128 encryption corrected (2.9 ms @ 3.579 MHz)
  ;> - AES-128 decryption added (4.3 ms @ 3.579 MHz)
  
  ;==============================================================================
  ;=                               AES encryption                               =
  ;==============================================================================
  
  aes_e:  rcall   xkey                    ;initial XOR
  
          ldi     r17,$01
          rcall   round_e
          ldi     r17,$02
          rcall   round_e
          ldi     r17,$04
          rcall   round_e
          ldi     r17,$08
          rcall   round_e
          ldi     r17,$10
          rcall   round_e
          ldi     r17,$20
          rcall   round_e
          ldi     r17,$40
          rcall   round_e
          ldi     r17,$80
          rcall   round_e
          ldi     r17,$1B
          rcall   round_e
          ldi     r17,$36
          rcall   rkey_e                  ;last round
          ldi     zh,high(t_sbox*2)
          rcall   sbox
          rcall   srow_e
          rcall   xkey
          ret
  
  round_e:rcall   rkey_e                  ;generate round key
          ldi     zh,high(t_sbox*2)
          rcall   sbox
          rcall   srow_e
          rcall   mixc_e
          rcall   xkey
          ret
  
  rkey_e: ldi     yl,low(keybuf)          ;$400-$40F
          ldi     yh,high(keybuf)
  
          mov     r16,r0
          ldi     zh,high(t_sbox*2)
  
          ldd     zl,y+13
          lpm
          eor     r0,r17                  ;rcon, round constant
          ld      r17,y
          eor     r0,r17
          st      y,r0
  
          ldd     zl,y+14
          lpm
          ldd     r17,y+1
          eor     r0,r17
          std     y+1,r0
  
          ldd     zl,y+15
          lpm
          ldd     r17,y+2
          eor     r0,r17
          std     y+2,r0
  
          ldd     zl,y+12
          lpm
          ldd     r17,y+3
          eor     r0,r17
          std     y+3,r0
  
          mov     r0,r16
  
  _rky0:  ld      r16,y+
          ldd     r17,y+3
          eor     r16,r17
          std     y+3,r16
          cpi     yl,low(keybuf + 12)     ;$0C
          brne    _rky0
          ret
  
  srow_e: mov     r16,r1                  ;shift row for encryption
          mov     r1,r5
          mov     r5,r9
          mov     r9,r13
          mov     r13,r16
          mov     r16,r2
          mov     r2,r10
          mov     r10,r16
          mov     r16,r6
          mov     r6,r14
          mov     r14,r16
          mov     r16,r15
          mov     r15,r11
          mov     r11,r7
          mov     r7,r3
          mov     r3,r16
          ret
  
  mixc_e: clr     yh                      ;e: 25,1,0,0        d: $DF,$68,$EE,$C7
  
          movw    r21:r20,r1:r0
          movw    r23:r22,r3:r2
  
          ldi     yl,20                   ;r0-r3
          rcall   _mxc0
          ldi     yl,4                    ;r4-r7
          rcall   _mxc0
          ldi     yl,8                    ;r8-r11
          rcall   _mxc0
          ldi     yl,12                   ;r12-r15
          rcall   _mxc0
  
          movw    r1:r0,r21:r20
          movw    r3:r2,r23:r22
  
          ret
  
  _mxc0:  clr     r16
          ld      zl,y
          tst     zl
          breq    _p__0
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,25
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          mov     r16,r0
  _p__0:  ldd     zl,y+1
          tst     zl
          breq    _p__1
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,1
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r16,r0
  _p__1:  ldd     zl,y+2
          tst     zl
          breq    _q__0
          eor     r16,zl
  _q__0:  ldd     zl,y+3
          tst     zl
          breq    _q__1
          eor     r16,zl
  
  _q__1:  clr     r17
          ldd     zl,y+1
          tst     zl
          breq    _p__2
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,25
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          mov     r17,r0
  _p__2:  ldd     zl,y+2
          tst     zl
          breq    _p__3
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,1
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r17,r0
  _p__3:  ldd     zl,y+3
          tst     zl
          breq    _q__2
          eor     r17,zl
  _q__2:  ld      zl,y
          tst     zl
          breq    _q__3
          eor     r17,zl
  
  _q__3:  clr     r18
          ldd     zl,y+2
          tst     zl
          breq    _p__4
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,25
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          mov     r18,r0
  _p__4:  ldd     zl,y+3
          tst     zl
          breq    _p__5
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,1
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r18,r0
  _p__5:  ld      zl,y
          tst     zl
          breq    _q__4
          eor     r18,zl
  _q__4:  ldd     zl,y+1
          tst     zl
          breq    _q__5
          eor     r18,zl
  
  _q__5:  clr     r19
          ldd     zl,y+3
          tst     zl
          breq    _p__6
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,25
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          mov     r19,r0
  _p__6:  ld      zl,y
          tst     zl
          breq    _p__7
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,1
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r19,r0
  _p__7:  ldd     zl,y+1
          tst     zl
          breq    _q__6
          eor     r19,zl
  _q__6:  ldd     zl,y+2
          tst     zl
          breq    _q__7
          eor     r19,zl
  
  _q__7:  st      y+,r16
          st      y+,r17
          st      y+,r18
          st      y,r19
          ret
  
  ;==============================================================================
  ;=                               AES decryption                               =
  ;==============================================================================
  
  aes_d:  rcall   lastrk
  
          rcall   xkey
          ldi     zh,high(t_sboxi*2)
          rcall   sbox
          rcall   srow_d
  
          ldi     r17,$36
          rcall   round_d
          ldi     r17,$1B
          rcall   round_d
          ldi     r17,$80
          rcall   round_d
          ldi     r17,$40
          rcall   round_d
          ldi     r17,$20
          rcall   round_d
          ldi     r17,$10
          rcall   round_d
          ldi     r17,$08
          rcall   round_d
          ldi     r17,$04
          rcall   round_d
          ldi     r17,$02
          rcall   round_d
          ldi     r17,$01
          rcall   rkey_d
  
          rcall   xkey
          ret
  
  round_d:rcall   rkey_d                  ;generate round key
          rcall   xkey
          rcall   mixc_d
          ldi     zh,high(t_sboxi*2)
          rcall   sbox
          rcall   srow_d
          ret
  
  rkey_d: ldi     yl,low(keybuf + 12)     ;$400-$40F, $40C
          ldi     yh,high(keybuf + 12)
  
          push    r17                     ;xor rcon with first key byte
  
  _rky1:  ld      r16,-y
          ldd     r17,y+4
          eor     r16,r17
          std     y+4,r16
          cpi     yl,low(keybuf)          ;$00
          brne    _rky1
  
          pop     r17
  
          mov     r16,r0
          ldi     zh,high(t_sbox*2)
  
          ldd     zl,y+13
          lpm
          eor     r0,r17                  ;rcon, round constant
          ld      r17,y
          eor     r0,r17
          st      y,r0
  
          ldd     zl,y+14
          lpm
          ldd     r17,y+1
          eor     r0,r17
          std     y+1,r0
  
          ldd     zl,y+15
          lpm
          ldd     r17,y+2
          eor     r0,r17
          std     y+2,r0
  
          ldd     zl,y+12
          lpm
          ldd     r17,y+3
          eor     r0,r17
          std     y+3,r0
  
          mov     r0,r16
          ret
  
  mixc_d: clr     yh                      ;e: 25,1,0,0        d: $DF,$68,$EE,$C7
  
          movw    r21:r20,r1:r0
          movw    r23:r22,r3:r2
  
          ldi     yl,20                   ;r0-r3
          rcall   _mxc1
          ldi     yl,4                    ;r4-r7
          rcall   _mxc1
          ldi     yl,8                    ;r8-r11
          rcall   _mxc1
          ldi     yl,12                   ;r12-r15
          rcall   _mxc1
  
          movw    r1:r0,r21:r20
          movw    r3:r2,r23:r22
  
          ret
  
  _mxc1:  clr     r16
          ld      zl,y
          tst     zl
          breq    _pd_0
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$DF
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          mov     r16,r0
  _pd_0:  ldd     zl,y+1
          tst     zl
          breq    _pd_1
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$68
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r16,r0
  _pd_1:  ldd     zl,y+2
          tst     zl
          breq    _qd_0
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$EE
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r16,r0
  _qd_0:  ldd     zl,y+3
          tst     zl
          breq    _qd_1
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$C7
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r16,r0
  
  _qd_1:  clr     r17
          ldd     zl,y+1
          tst     zl
          breq    _pd_2
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$DF
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          mov     r17,r0
  _pd_2:  ldd     zl,y+2
          tst     zl
          breq    _pd_3
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$68
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r17,r0
  _pd_3:  ldd     zl,y+3
          tst     zl
          breq    _qd_2
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$EE
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r17,r0
  _qd_2:  ld      zl,y
          tst     zl
          breq    _qd_3
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$C7
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r17,r0
  
  _qd_3:  clr     r18
          ldd     zl,y+2
          tst     zl
          breq    _pd_4
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$DF
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          mov     r18,r0
  _pd_4:  ldd     zl,y+3
          tst     zl
          breq    _pd_5
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$68
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r18,r0
  _pd_5:  ld      zl,y
          tst     zl
          breq    _qd_4
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$EE
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r18,r0
  _qd_4:  ldd     zl,y+1
          tst     zl
          breq    _qd_5
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$C7
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r18,r0
  
  _qd_5:  clr     r19
          ldd     zl,y+3
          tst     zl
          breq    _pd_6
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$DF
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          mov     r19,r0
  _pd_6:  ld      zl,y
          tst     zl
          breq    _pd_7
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$68
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r19,r0
  _pd_7:  ldd     zl,y+1
          tst     zl
          breq    _qd_6
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$EE
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r19,r0
  _qd_6:  ldd     zl,y+2
          tst     zl
          breq    _qd_7
          ldi     zh,high(t_mul0*2)
          lpm
          ldi     zl,$C7
          add     zl,r0
          adc     zl,yh
          ldi     zh,high(t_mul1*2)
          lpm
          eor     r19,r0
  
  _qd_7:  st      y+,r16
          st      y+,r17
          st      y+,r18
          st      y,r19
          ret
  
  srow_d: mov     r16,r13                 ;shift row for decryption
          mov     r13,r9
          mov     r9,r5
          mov     r5,r1
          mov     r1,r16
          mov     r16,r10
          mov     r10,r2
          mov     r2,r16
          mov     r16,r14
          mov     r14,r6
          mov     r6,r16
          mov     r16,r3
          mov     r3,r7
          mov     r7,r11
          mov     r11,r15
          mov     r15,r16
          ret
  
  lastrk: ldi     r17,$01                 ;calculates last round key
          rcall   rkey_e
          ldi     r17,$02
          rcall   rkey_e
          ldi     r17,$04
          rcall   rkey_e
          ldi     r17,$08
          rcall   rkey_e
          ldi     r17,$10
          rcall   rkey_e
          ldi     r17,$20
          rcall   rkey_e
          ldi     r17,$40
          rcall   rkey_e
          ldi     r17,$80
          rcall   rkey_e
          ldi     r17,$1B
          rcall   rkey_e
          ldi     r17,$36
          rcall   rkey_e
          ret
  
  sbox:   mov     r16,r0
          mov     zl,r1
          lpm
          mov     r1,r0
          mov     zl,r2
          lpm
          mov     r2,r0
          mov     zl,r3
          lpm
          mov     r3,r0
          mov     zl,r4
          lpm
          mov     r4,r0
          mov     zl,r5
          lpm
          mov     r5,r0
          mov     zl,r6
          lpm
          mov     r6,r0
          mov     zl,r7
          lpm
          mov     r7,r0
          mov     zl,r8
          lpm
          mov     r8,r0
          mov     zl,r9
          lpm
          mov     r9,r0
          mov     zl,r10
          lpm
          mov     r10,r0
          mov     zl,r11
          lpm
          mov     r11,r0
          mov     zl,r12
          lpm
          mov     r12,r0
          mov     zl,r13
          lpm
          mov     r13,r0
          mov     zl,r14
          lpm
          mov     r14,r0
          mov     zl,r15
          lpm
          mov     r15,r0
          mov     zl,r16
          lpm
          ret
  
   xkey:  ldi     zl,low(keybuf)
          ldi     zh,high(keybuf)
          clr     yl                       r0-r15
          clr     yh
   _xky0: ld      r16,z+
          ld      r17,y
          eor     r16,r17
          st      y+,r16
          cpi     yl,$10
          brne    _xky0
          ret
  
  .org $1000                              ;mandatory $xx00
  
  t_sbox: .DB     $63,$7C,$77,$7B,$F2,$6B,$6F,$C5,$30,$01,$67,$2B,$FE,$D7,$AB,$76
          .DB     $CA,$82,$C9,$7D,$FA,$59,$47,$F0,$AD,$D4,$A2,$AF,$9C,$A4,$72,$C0
          .DB     $B7,$FD,$93,$26,$36,$3F,$F7,$CC,$34,$A5,$E5,$F1,$71,$D8,$31,$15
          .DB     $04,$C7,$23,$C3,$18,$96,$05,$9A,$07,$12,$80,$E2,$EB,$27,$B2,$75
          .DB     $09,$83,$2C,$1A,$1B,$6E,$5A,$A0,$52,$3B,$D6,$B3,$29,$E3,$2F,$84
          .DB     $53,$D1,$00,$ED,$20,$FC,$B1,$5B,$6A,$CB,$BE,$39,$4A,$4C,$58,$CF
          .DB     $D0,$EF,$AA,$FB,$43,$4D,$33,$85,$45,$F9,$02,$7F,$50,$3C,$9F,$A8
          .DB     $51,$A3,$40,$8F,$92,$9D,$38,$F5,$BC,$B6,$DA,$21,$10,$FF,$F3,$D2
          .DB     $CD,$0C,$13,$EC,$5F,$97,$44,$17,$C4,$A7,$7E,$3D,$64,$5D,$19,$73
          .DB     $60,$81,$4F,$DC,$22,$2A,$90,$88,$46,$EE,$B8,$14,$DE,$5E,$0B,$DB
          .DB     $E0,$32,$3A,$0A,$49,$06,$24,$5C,$C2,$D3,$AC,$62,$91,$95,$E4,$79
          .DB     $E7,$C8,$37,$6D,$8D,$D5,$4E,$A9,$6C,$56,$F4,$EA,$65,$7A,$AE,$08
          .DB     $BA,$78,$25,$2E,$1C,$A6,$B4,$C6,$E8,$DD,$74,$1F,$4B,$BD,$8B,$8A
          .DB     $70,$3E,$B5,$66,$48,$03,$F6,$0E,$61,$35,$57,$B9,$86,$C1,$1D,$9E
          .DB     $E1,$F8,$98,$11,$69,$D9,$8E,$94,$9B,$1E,$87,$E9,$CE,$55,$28,$DF
          .DB     $8C,$A1,$89,$0D,$BF,$E6,$42,$68,$41,$99,$2D,$0F,$B0,$54,$BB,$16
  
  t_sboxi:.DB      82,  9,106,213, 48, 54,165, 56,191, 64,163,158,129,243,215,251
          .DB     124,227, 57,130,155, 47,255,135, 52,142, 67, 68,196,222,233,203
          .DB      84,123,148, 50,166,194, 35, 61,238, 76,149, 11, 66,250,195, 78
          .DB       8, 46,161,102, 40,217, 36,178,118, 91,162, 73,109,139,209, 37
          .DB     114,248,246,100,134,104,152, 22,212,164, 92,204, 93,101,182,146
          .DB     108,112, 72, 80,253,237,185,218, 94, 21, 70, 87,167,141,157,132
          .DB     144,216,171,  0,140,188,211, 10,247,228, 88,  5,184,179, 69,  6
          .DB     208, 44, 30,143,202, 63, 15,  2,193,175,189,  3,  1, 19,138,107
          .DB      58,145, 17, 65, 79,103,220,234,151,242,207,206,240,180,230,115
          .DB     150,172,116, 34,231,173, 53,133,226,249, 55,232, 28,117,223,110
          .DB      71,241, 26,113, 29, 41,197,137,111,183, 98, 14,170, 24,190, 27
          .DB     252, 86, 62, 75,198,210,121, 32,154,219,192,254,120,205, 90,244
          .DB      31,221,168, 51,136,  7,199, 49,177, 18, 16, 89, 39,128,236, 95
          .DB      96, 81,127,169, 25,181, 74, 13, 45,229,122,159,147,201,156,239
          .DB     160,224, 59, 77,174, 42,245,176,200,235,187, 60,131, 83,153, 97
          .DB      23, 43,  4,126,186,119,214, 38,225,105, 20, 99, 85, 33, 12,125
  
  t_mul0: .DB     $00,$00,$19,$01,$32,$02,$1A,$C6,$4B,$C7,$1B,$68,$33,$EE,$DF,$03
          .DB     $64,$04,$E0,$0E,$34,$8D,$81,$EF,$4C,$71,$08,$C8,$F8,$69,$1C,$C1
          .DB     $7D,$C2,$1D,$B5,$F9,$B9,$27,$6A,$4D,$E4,$A6,$72,$9A,$C9,$09,$78
          .DB     $65,$2F,$8A,$05,$21,$0F,$E1,$24,$12,$F0,$82,$45,$35,$93,$DA,$8E
          .DB     $96,$8F,$DB,$BD,$36,$D0,$CE,$94,$13,$5C,$D2,$F1,$40,$46,$83,$38
          .DB     $66,$DD,$FD,$30,$BF,$06,$8B,$62,$B3,$25,$E2,$98,$22,$88,$91,$10
          .DB     $7E,$6E,$48,$C3,$A3,$B6,$1E,$42,$3A,$6B,$28,$54,$FA,$85,$3D,$BA
          .DB     $2B,$79,$0A,$15,$9B,$9F,$5E,$CA,$4E,$D4,$AC,$E5,$F3,$73,$A7,$57
          .DB     $AF,$58,$A8,$50,$F4,$EA,$D6,$74,$4F,$AE,$E9,$D5,$E7,$E6,$AD,$E8
          .DB     $2C,$D7,$75,$7A,$EB,$16,$0B,$F5,$59,$CB,$5F,$B0,$9C,$A9,$51,$A0
          .DB     $7F,$0C,$F6,$6F,$17,$C4,$49,$EC,$D8,$43,$1F,$2D,$A4,$76,$7B,$B7
          .DB     $CC,$BB,$3E,$5A,$FB,$60,$B1,$86,$3B,$52,$A1,$6C,$AA,$55,$29,$9D
          .DB     $97,$B2,$87,$90,$61,$BE,$DC,$FC,$BC,$95,$CF,$CD,$37,$3F,$5B,$D1
          .DB     $53,$39,$84,$3C,$41,$A2,$6D,$47,$14,$2A,$9E,$5D,$56,$F2,$D3,$AB
          .DB     $44,$11,$92,$D9,$23,$20,$2E,$89,$B4,$7C,$B8,$26,$77,$99,$E3,$A5
          .DB     $67,$4A,$ED,$DE,$C5,$31,$FE,$18,$0D,$63,$8C,$80,$C0,$F7,$70,$07
  
  t_mul1: .DB     $01,$03,$05,$0F,$11,$33,$55,$FF,$1A,$2E,$72,$96,$A1,$F8,$13,$35
          .DB     $5F,$E1,$38,$48,$D8,$73,$95,$A4,$F7,$02,$06,$0A,$1E,$22,$66,$AA
          .DB     $E5,$34,$5C,$E4,$37,$59,$EB,$26,$6A,$BE,$D9,$70,$90,$AB,$E6,$31
          .DB     $53,$F5,$04,$0C,$14,$3C,$44,$CC,$4F,$D1,$68,$B8,$D3,$6E,$B2,$CD
          .DB     $4C,$D4,$67,$A9,$E0,$3B,$4D,$D7,$62,$A6,$F1,$08,$18,$28,$78,$88
          .DB     $83,$9E,$B9,$D0,$6B,$BD,$DC,$7F,$81,$98,$B3,$CE,$49,$DB,$76,$9A
          .DB     $B5,$C4,$57,$F9,$10,$30,$50,$F0,$0B,$1D,$27,$69,$BB,$D6,$61,$A3
          .DB     $FE,$19,$2B,$7D,$87,$92,$AD,$EC,$2F,$71,$93,$AE,$E9,$20,$60,$A0
          .DB     $FB,$16,$3A,$4E,$D2,$6D,$B7,$C2,$5D,$E7,$32,$56,$FA,$15,$3F,$41
          .DB     $C3,$5E,$E2,$3D,$47,$C9,$40,$C0,$5B,$ED,$2C,$74,$9C,$BF,$DA,$75
          .DB     $9F,$BA,$D5,$64,$AC,$EF,$2A,$7E,$82,$9D,$BC,$DF,$7A,$8E,$89,$80
          .DB     $9B,$B6,$C1,$58,$E8,$23,$65,$AF,$EA,$25,$6F,$B1,$C8,$43,$C5,$54
          .DB     $FC,$1F,$21,$63,$A5,$F4,$07,$09,$1B,$2D,$77,$99,$B0,$CB,$46,$CA
          .DB     $45,$CF,$4A,$DE,$79,$8B,$86,$91,$A8,$E3,$3E,$42,$C6,$51,$F3,$0E
          .DB     $12,$36,$5A,$EE,$29,$7B,$8D,$8C,$8F,$8A,$85,$94,$A7,$F2,$0D,$17
          .DB     $39,$4B,$DD,$7C,$84,$97,$A2,$FD,$1C,$24,$6C,$B4,$C7,$52,$F6,$01


AT90SC3232C and Multi Application MultiProtocol Operating System (MAMP-OS)


DISCLAIMER:

THIS DOCUMENT IS PART OF MAMP-OS SOFTWARE DEVELOPMENT KIT (SDK). READ THIS DOCUMENT AND THE
PART "KNOWN ISSUES AND LIMITATIONS" AT THE END IN THIS DOCUMENT CAREFULLY AND COMPLETELY. SDK
CONTENT IS ALLOWED ONLY TO BE USED WITH MAMP-OS SMART CARDS. SDK MAY BE DISTRIBUTED ONLY WITH
ORIGINAL CONTENT AND REMARK OF ORIGIN.

SDK TOOLS AND SOURCE CODE EXAMPLES ARE PROVIDED AS IS AND USER IS RESPONSIBLE ALONE USING THEM.
USER IS RESPONSIBLE TO PROVIDE AND USE PROPER EQUIPMENT. UPLOADING OF UNTESTED OR ERRONEOUS
CODE MAY RENDER SMART CARD USELESS. SDK CONTENT IS NOT GUARANTEED TO BE ERROR FREE. UPDATES
MIGHT CORRECT OR ENCHANCE ANY DETAILS. THERE IS NO COMMITMENT OF GUARANTEE FOR UPDATES. THE
AUTHOR OF MAMP-OS HAS ABSOLUTELY NO RESPONSIBILTY AND CAN NOT BE HELD LIABLE TO USER CODE
WRITTEN BY 3RD PARTIES OR ANY DAMAGED SMART CARDS OR ANY OTHER DAMAGE CAUSED BY THIS PRODUCT
OR USING THIS PRODUCT.




[Note: With MAMP-OS V1.2 it's no more possible to destroy the smart card.]




Setting up development environment to use example source:

Copy AVRASM32.EXE V1.52 into your working directory. Assemble source file (user.asm) by double
clicking on user.bat.

Upload user eeprom (useree.hex) and user code (user.hex) using MAMP-OS Terminal (mampos.exe).
MAMP-OS upload mode requires 3.579 MHz oscillator for 9600 baud.

Reset smart card, get MAMP-OS V1.0 ATR and push 'Upload' button. First user eeprom then user
code will be uploaded automatically. Adjust baud rate setting within terminal and oscillator of
smart card reader if user code is using different settings. Select 19200 baud for the example
source. Reset again to see user code ATR.

KEEP EXAMPLE SOURCE COMMANDS AS THEY ARE WHILE STARTING UP WITH A NEW PROJECT. This will ensure
that MAMP-OS upload mode can be entered again and again without unneccessarily destroying smart
cards.

MAMP-OS Terminal can be compiled using Borland C++ Builder 3.



User Accessable Memories:

AT90SC3232C:

CODE: $0000-1FFF 16384 bytes, 8192 words (virtual word address)
EEPROM: $8000-$9FFF 8192 bytes (virtual byte address)
RAM: $0400-$04FF 256 bytes (real byte address)

System calls seperate between EEPROM and RAM using most significant bit of address high byte.
EEPROM: msb set, RAM: msb clear.
System call routines with RAM address as input will always correct address to $04xx.
Virtual addresses (EEPROM) will always be masked to the right EEPROM space.
Do not use absolute code addressing.


RAM is partitioned as follows:

$400-$4B7 184 bytes USER RAM
$4B8-$4C7 16 bytes aes key
$4C8-$4CF 8 bytes [MAMP-OS <-> user code] interface
$4D0-$4FF 48 bytes common stack


Do not use more than 24 bytes of the stack when using system calls.



Byte Format:

1 initial stop bit (while transmit)
1 start bit
8 data bits
1 optional even/odd parity bit
1 stop bit


cbr r16,_parity_enable ;8N1 - no parity
sbr r16,_parity_enable ;even/odd parity

cbr r16,_parity_even_odd ;8E1 - even parity
sbr r16,_parity_even_odd ;8O1 - odd parity

cbr r16,_convention ;direct convention
sbr r16,_convention ;inverse convention

sts RAM_byte_format,r16



Data can be transmitted in direct convention (ATR $3B) or in inverse convention (ATR $3F).

Defining ATR is completely under user control. Refer to ISO 7816 Part 3.



Baud Rate vs. Clock Frequencies:

9600 baud @ 1, 2, 3, 3.579, 4, 4.915, 6 MHz
19200 baud @ 2, 3, 3.579, 4, 4.915, 6 MHz
38400 baud @ 3.579, 4, 4.915 MHz
57600 baud @ 4.915 MHz

Please note that 6 MHz is the upper operating limit. Not all smart cards will work with this
frequency. If user code is set up with 9600 baud @ 6.000 MHz and that smart card doesn't work
with this frequency, e.g. no ATR, then it is always possible to upload new code by using 3.579
MHz oscillator in the smart card reader and selecting 5760 baud in terminal.


Example:

ldi r16,_baud_9600_3579
sts RAM_clock_baud,r16



Not Allowed Instructions:

CALL, JMP, ICALL, IJMP, EICALL, EIJMP
LPM, SPM, ELPM, ESPM
MUL, MULS, MULSU, FMUL, FMULS, FMULSU
IN, OUT
MOVW
RETI
CBI, SBI, SBIC, SBIS
CLI, SEI
SLEEP



System Call Reference:


_sc_code_upload ;user code upload mode (9600 baud @ 3.57 MHz)

_sc_read_eeprom ;read from eeprom
input: eeprom address $8000-$9FFF in z
output: eeprom value at address (z) in r16
only r16 modified

_sc_write_eeprom ;write to eeprom
input: eeprom address $8000-$9FFF in z, byte to be written to address (z) in r16
no registers modified

_sc_rx_byte ;receive one byte
output: received byte in r16
only r16 modified

_sc_tx_byte ;transmit one byte
input: byte to transmit in r16
no registers modified

_sc_RSA_modulus ;set RSA modulus
input: eeprom address $8000-$9FFF or ram address $400-$4FF in z,
RSA length in bytes in r16 ($40 / $60 / $80)
output: status in r16
only r16 modified

_sc_RSA_exponent ;set RSA exponent
input: eeprom address $8000-$9FFF or ram address $400-$4FF in z,
RSA length in bytes in r16 ($40 / $60 / $80)
output: status in r16
only r16 modified

_sc_RSA_data_in
input: eeprom address $8000-$9FFF or ram address $400-$4FF in z,
RSA length in bytes in r16 ($40 / $60 / $80)
output: status in r16 (always successful)
only r16 modified

_sc_RSA_data_out
input: eeprom address $8000-$9FFF or ram address $400-$4FF in z,
RSA length in bytes in r16 ($40 / $60 / $80)
output: status in r16 (always successful)
only r16 modified

_sc_AES_encrypt ;AES encryption
input: plain data in r0-r15, key in RAM $4B8-$4C7
output: encrypted data in r0-15
all registers and key in RAM modified

_sc_random16 ;get 16 random bytes
output: random bytes in r0-15
no other registers modidifed

_sc_header_T_0 ;receive header (T=0 protocol)
not implemented

_sc_ack_T_0 ;transmit INS (T=0 protocol)
not implemented

_sc_rx_T_0 ;receive data (T=0 protocol)
not implemented

_sc_tx_T_0 ;transmit data (T=0 protocol)
not implemented

_sc_RC_T_0 ;transmit return code (T=0 protocol)
not implemented

_sc_rx_T_E ;receive request in T=E protocol
output: RAM $400+: [LEAD_1] [HEADER_5] {[DATA]} CHK, max. data length is $80 bytes
no registers modified

_sc_tx_T_E ;transmit answer in T=E protocol
input: RAM $400+: [LEAD_1] [HEADER_5 + RC_2] {[DATA]} CHK, max. data length is $80 bytes
no registers modified


Example:

ldi r16,_sc_tx_byte ;set up to transmit one byte
sts RAM_system_call,r16

ldi r16,$80 ;byte to send in r16, as example $80

wdr ;system call

A system call is issued by executing WDR (watch dog reset) instruction.



KNOWN ISSUES AND LIMITATIONS:

Maximum data length is $80 = 128 bytes for all protocols.

T=0 protocol LEN = 0 to transmit 256 data bytes from smart card to terminal can't be realized
with one system call _sc_tx_T_0. Instead use it twice.

T=0 protocol byte transmission error control and handling, which is mandatory, is not
implemented.
The example source code is sending an appropriate return code instead, if a byte level parity
mismatch is detected. Advantage is that card is not locked up and this solution is more near to
OSI model. Disadvantage is that remaining bytes to receive are ignored and it's possible to
have collision on I/O line.
//This may be corrected in source when T=0 protocol system calls are completed.

PTS (Protocol Type Selection) and FI, DI values are not used directly but there is variety of
choice to select between terminal clock frequency and baud rate. Developer is free to implement
any solution within user code.


T=0 protocol carries some disadvantages:

- Commands must be defined in pairs. A seperate command must be used for each direction of data
flow. This is a security hole where memory can't be erased before each new command is received.
- For one action (put data / get resulting data) two requests are sent from terminal.
- INS may not be odd due to old Vpp based write access handling (historical).
- INS may not start with $6x or $9x, because the acknowledge byte would be interpreted as a
return code or delay request.
- Byte error detection / correction is in 'wrong' level of OSI model.
- 3 unsuccessful attempts to receive a correct byte locks up card and reset by terminal is
needed.
- No complete checksum protection of header or data, instead byte level 1 bit parity
protection, which provides minor protection only.


The provided T=E protocol does have none of these disadvantages.
A parity mismatch, if parity enabled, will cause an early break from receiving all bytes of a
request. Therefore it is recommended to use 8N1 with T=E protocol.


Here is the structure of implemented T=E protocol:

Terminal request: [LEAD] [CMD] [INS] [REF1] [REF2] [LEN] [DATA_IN] [CHK]
Smart card answer: [LEAD] [CMD] [INS] [REF1] [REF2] [RCH] [RCL] [LEN] [DATA_OUT] [CHK]


LEAD:

Leading byte is $80 for MAMP-OS and can be any value for user code.


CMD, INS, REF1, REF2, LEN:

MAMP-OS implements only CMD = $B0 and INS = $02 for code upload and INS = $03 for eeprom
upload. LEN is in range of $04-$14.

User code is free to implement any of these values, except that LEN is limited to $80 bytes.


RCH, RCL:

Return code high and low byte in the answer.


CHK:

Checksum is XOR of all bytes including LEAD until excluding CHK. Initial value can be set up
within user code. MAMP-OS uses $FF.



User code log after pushing 'Crypto' button:

<-- 3B 8D 0D 41 54 52 20 55 53 45 52 20 43 4F 44 45 1C

;RSA 768 public encryption
--> 80 B2 00 00 00 60 80 01 02 03 04 05 06 07 10 11 12 13 14 15 16 17 20 21 22 23 24 25 26 27 30 31 32 33 34 35 36 37 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 60 61 62 63 64 65 66 67 70 71 72 73 74 75 76 77 80 81 82 83 84 85 86 87 90 91 92 93 94 95 96 97 A0 A1 A2 A3 A4 A5 A6 A7 B0 B1 B2 B3 B4 B5 B6 B7 2D
<-- 80 B2 00 00 00 90 00 60 74 62 88 8A 97 B6 6F 10 1F 19 37 7B 5C 23 3E 5D C3 9D 7A 45 59 7E 5F C5 0D 96 BC EC 93 2B 4D 86 8A A0 86 4F 43 67 B9 7E 0F 74 76 A6 0E 14 F3 3C 80 40 EB F7 AB 9C E0 AF 81 B4 D5 9E AC 32 4C D6 04 1D 01 60 AE 69 F6 22 E9 93 0C F9 A9 6A 31 44 53 55 B8 59 0B AE 51 8D DB F9 83 FE 4D 29 8A F7 6F

;RSA 768 private encryption
--> 80 B2 00 00 01 60 74 62 88 8A 97 B6 6F 10 1F 19 37 7B 5C 23 3E 5D C3 9D 7A 45 59 7E 5F C5 0D 96 BC EC 93 2B 4D 86 8A A0 86 4F 43 67 B9 7E 0F 74 76 A6 0E 14 F3 3C 80 40 EB F7 AB 9C E0 AF 81 B4 D5 9E AC 32 4C D6 04 1D 01 60 AE 69 F6 22 E9 93 0C F9 A9 6A 31 44 53 55 B8 59 0B AE 51 8D DB F9 83 FE 4D 29 8A F7 FE
<-- 80 B2 00 00 01 90 00 60 80 01 02 03 04 05 06 07 10 11 12 13 14 15 16 17 20 21 22 23 24 25 26 27 30 31 32 33 34 35 36 37 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 60 61 62 63 64 65 66 67 70 71 72 73 74 75 76 77 80 81 82 83 84 85 86 87 90 91 92 93 94 95 96 97 A0 A1 A2 A3 A4 A5 A6 A7 B0 B1 B2 B3 B4 B5 B6 B7 BC

;AES encryption example
--> 80 B2 10 00 00 20 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F FD
<-- 80 B2 10 00 00 90 00 10 69 C4 E0 D8 6A 7B 04 30 D8 CD B7 80 70 B4 C5 5A 94

;Getting random numbers
--> 80 B2 20 00 00 00 ED
<-- 80 B2 20 00 00 90 00 10 0D F2 A5 2F C1 CD 40 E7 AC AE 26 03 19 BC 55 21 45
--> 80 B2 20 00 00 00 ED
<-- 80 B2 20 00 00 90 00 10 AC 16 3A A6 33 1A F7 13 0B 04 92 B0 D4 23 45 32 2B
--> 80 B2 20 00 00 00 ED
<-- 80 B2 20 00 00 90 00 10 3E 3E B7 A1 42 0B 6B 8F 14 90 E2 1A C5 BF 6E E5 5B


User code log after pushing 'PIN' button:

--> 80 B3 1E 00 00 08 12 34 56 78 11 11 11 11 D2 ;old PIN 12345678, new PIN 11111111
<-- 80 B3 1E 00 00 90 00 00 42 ;succesfully changed
--> 80 B3 AA 00 00 04 15 61 71 18 7F ;wrong PIN code 15617118 !!!
<-- 80 B3 AA 00 00 90 01 00 F7 ;upload mode is not entered !!!
unknown rc
--> 80 B3 AA 00 00 04 11 11 11 11 62 ;PIN is correct, upload mode is entered
no answer

After a reset, MAMP-OS ATR is seen again: (adjust baud rate)

width <-- 3B 8C 0E 4D 41 4D 50 2D 4F 53 20 56 31 2E 30 99

New user code may be uploaded now.



www.cashboxcard.com
contact@cashboxcard.com


Press Release:   WI-FI TELECOM CALLS OUT GSM NETWORK


>

WI-FI TELECOM CALLS OUT GSM NETWORK

Voice Encrypting Simplistic Wi-Fi Phone Questions Smartphone Concept


Ingolstadt, Germany — Oct.13, 2014 — Decibit today introduced the WiFi Phone, a new concept mobile phone allowing confidential P2P voice calls. Decibit's WiFi Phone addresses core issues to benefit users of wireless telephony. These issues include answering to health concerns by low antenna radiation exposure, assurance of privacy by encryption and riddance of mobile plans, calling costs and long term contracts.

The World Health Organization states as a fact that the electromagnetic fields produced by mobile phones are classified by the International Agency for Research on Cancer as possibly carcinogenic to humans. RF output power requirement of 2 W to reach far distance GSM cell tower antenna shrinks to mere 63 mW for a local Wi-Fi access point.

The design integrating the secure chip AT90SC1818CT for key generation and real time voice encryption, exchanges session keys using 2048 bit RSA in order to encrypt and decrypt voice data streams using triple DES.

Glass screen and keyboard are not present as the WiFi Phone combines only essential components for the given task for simple operation. The lightweight device is suited to make worldwide free of charge calls from airports, hotel rooms, as well as from home and office.

Decibit Co., Ltd. was founded in 2007 and is registered and has sales & support office in Thailand, with registered business and production in Germany and production partner in China.

# # #


Decibit Co., Ltd. Featured
Wi-Fi Telecom Calls Out GSM Network...
October, 2014 @ 1888 Press Release
Decibit Co., Ltd. Featured
Decibit Introduces The WiFi Phone...
October, 2014 @ Newswire Today
Decibit Co., Ltd. Featured
IndieGoGo Offers Pure Decibit Wi-Fi Phone...
October, 2014 @ AB Newswire

info@decibit.com
© 2015 by Decibit Co., Ltd. All rights reserved.