Browse through file structure of a smart card with APDU commands

Question

I have a smart card (the Carte Vitale that is used in France), and I need to know where the date of birth is stored. But I don't seem to find any information about the file structure.

For the Belgian eID card I did the same, and I can easily read the date of birth with APDU commands. But the Belgian government provided decent info about the file structure on the card.

Is there a way to 'browse' through the file structure of a smart card with APDU to see what's on it at what address, without knowing anything about it?

EDIT: I found some more information about reading information from the Carte Vitale: here and here.

A piece from the first link, section "API or not API? That is the question...". Translated by Google...not perfect but you get the idea:

*It is well known that BC C0 00 00 08 to determine the last address of the memory card, the first being invariably 0200h command. Typically (ADMAX = 2188h), and we find, from 2128h to 2180h, a "production area" containing pointers to all areas of interest (in our case, the space free reading would extend from 0288h to 2180h). That being said, a BC 02 88 04 B0 command will return the contents of the first 32-bit word, and BC B0 21 80 04 than the last. Between the two, so many things to discover! Just before the manufacturing area, a few words are reminiscent of the "component mapping" mentioned on page 20 of the specification V1.40 loads. Imagine and a BC B0 20 18 F8 command returns the following data:

3F FF 88 C3  
3F 20 C3 50  
20 80 02 F0  
00 3F C2 B8  
2D 3F C2 A0  
2C FF 98 C2  

Among the "pointers" (?) At C388h C298h, 02F0h attracts attention. So let's BC B0 02 14 F0, and deliver us to the simple decoding of the first two words read:

3F FF F5 40  0011 1111 1111 1111 1111 0101 0100 0000  
24 08 43 FF  0010 0100 0000 1000 0100 0011 1111 1111  
3F FF FF FF  
3F FF FF FF  
3F FF FF F8  

Ignoring the first two bits of each word, and then forming groups of four bits, one can easily extract the BCD numbers 54 09 02 and specifically, the date of birth of the sole beneficiary is 09.02.1954!*

My ADMAX is different: it's 21 20. Would that mean that I could write a program that executes a BC B0 02 00 08 to read the first 8 bytes, then add 8 bytes to address 02 00 and then read that again, and so on, all the way up to ADMAX 21 20? Would I then have read all readable date on the card? Or am I seeing things too simple?

Thanks again!

Answer 1

Since you mention "on what address" I strongly assume, that the Belgian card is a simple memory card.

Carte Vitale is a processor card. Such cards do not necessarily have means comparable to a directory command; sometimes there are information files supporting this, but without specification you are quite lost. In closed systems with specific applications such information files are not very likely.

Since processor cards are also likely to have non-trivial access conditions, even knowing the file in which the information is stored, does not necessarily mean you can successfully read it.

Here is the french health insurance page, but my command of French does not suffice to find the card specification.