What is APDU and how does it work

chushpan

Professional
Messages
704
Reaction score
466
Points
63

What is APDU?​

APDU (Application Protocol Data Unit) is a data format used to exchange information between a smart card and a terminal. APDU is the main interaction mechanism in card-based systems such as bank cards, SIM cards, electronic passports and other microchip-based devices.

How does APDU work?​

APDU is used to transmit commands from the terminal to the card and to receive responses from the card. Each command and response has a strict structure defined by ISO/IEC 7816 standards (for smart cards).

Main types of APDU:​

  1. Command APDU:
    • Sent by the terminal to the card.
    • Contains instructions for performing an operation (e.g. reading data, writing data, authentication).
  2. Response APDU:
    • Sent by card in response to a command.
    • Contains the result of the operation or the requested data.

Command APDU structure​

The command APDU consists of several fields:
  1. CLA (Class Byte):
    • Specifies the class of command (e.g. standard command or application-specific).
  2. INS (Instruction Byte):
    • Specifies a specific operation (e.g. SELECT, READ, WRITE).
  3. P1 и P2 (Parameter Bytes):
    • Additional parameters for the command.
  4. Lc (Length of Command Data):
    • Specifies the length of the data sent in the command (if any).
  5. Data:
    • Data that is transmitted along with a command (for example, data to be written).
  6. Le (Length of Expected Response Data):
    • Specifies how much data is expected in the response (if applicable).

Example of Command APDU structure:
Code:
CLA | INS | P1 | P2 | Lc | Data | Le

Structure Response APDU​

The response APDU contains the result of the command execution:
  1. Data:
    • The requested information or result of the operation.
  2. SW1 и SW2 (Status Words):
    • Two bytes indicating the execution status of the command.
    • For example:
      • 90 00 - successful completion.
      • 6A 82 - file not found.

Example of Response APDU structure:
Code:
Data | SW1 | SW2

Example of using APDU​

Scenario: Reading data from a card​

  1. The terminal sends Command APDU:
    Code:
    CLA = 0x00
    INS = 0xB0 (READ BINARY)
    P1 = 0x00
    P2 = 0x00
    Le = 0x10 (expecting 16 bytes of data)
  2. The card processes the command:
    • Reads 16 bytes of data from the specified address.
  3. The card sends a Response APDU:
    Code:
    Data = 0x1234567890ABCDEF1234567890ABCDEF
    SW1 = 0x90
    SW2 = 0x00 (successful completion)

Why do you need APDU?​

  1. Standardization:
    • APDU provides a universal format for interaction between terminals and cards, regardless of manufacturer.
  2. Safety:
    • APDU commands can be encrypted or signed to protect data.
  3. Flexibility:
    • Supports a wide range of operations, from simple data reading to complex cryptographic calculations.

APDU Command Examples​

SELECT (application selection)​

  • Used to select an applet (application) on the card.
  • Example:
    Code:
    CLA = 0x00
    INS = 0xA4 (SELECT)
    P1 = 0x04
    P2 = 0x00
    Lc = 0x07
    Data = AID (application id)

READ BINARY (reading data)​

  • Used to read data from a file on the card.
  • Example:
    Code:
    CLA = 0x00
    INS = 0xB0 (READ BINARY)
    P1 = 0x00
    P2 = 0x00
    Le = 0x10 (read 16 bytes)

VERIFY (PIN code verification)​

  • Used to verify the card owner's PIN code.
  • Example:
    Code:
    CLA = 0x00
    INS = 0x20 (VERIFY)
    P1 = 0x00
    P2 = 0x00
    Lc = 0x04
    Data = 1234 (PIN-code)

Conclusion​

APDU is a key element of the smart card communication protocol. It provides a standardized way to send commands and receive responses, making it a universal tool for working with cards. Understanding the structure and operation of APDU is important for developers, testers, and security specialists.

If you have additional questions about how APDU works or examples of its use, ask them!
 
Last edited by a moderator:
  • Like
Reactions: Man

What is APDU?​

APDU (Application Protocol Data Unit) is a standard message format for exchanging data between a smart card (e.g. EMV bank card, SIM card) and a terminal/reader. Based on ISO 7816-4 standard.

1. APDU structure​

APDUs come in two types:

1.1. Command (from terminal to card)​

Format:
Code:
CLA | INS | P1 | P2 | Lc | Data | Le
  • CLA (Class) – command class (for example, 0x80 for payment systems).
  • INS (Instruction) – operation code (for example, 0xA4 = "SELECT").
  • P1, P2 (Parameters) – additional parameters.
  • Lc (Length of Data) – length of transmitted data.
  • Data – the data itself (if any).
  • Le (Expected Length) – expected length of the response.

Example:
Code:
00 A4 04 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 00
Transcript:
  • 00 A4 04 00 → Select application (SELECT), parameters P1=04, P2=00.
  • 0E → Data length (14 bytes).
  • 31 50 41 59... → Application AID (1PAY.SYS.DDF01).
  • 00 → Expected response length (0 = no limit).

1.2. Response (from card to terminal)​

Format:
Code:
Data | SW1 | SW2
  • Data – useful data (if any).
  • SW1 SW2 (Status Words) – command execution status.

Examples of statuses:
  • 90 00 → Success.
  • 6A 82 → Application not found.
  • 69 85 → Terms of use not met.

2. APDU Types​

2.1. Case 1​

There is no data in either the command or the response.
Example :
Code:
Command: 00 A4 04 00 00
Response: 90 00 (Success)

2.2. Case 2​

No input data, but there is a response.
Example:
Code:
Command: 80 CA 9F 7F 00
Response: <data> 90 00

2.3. Case 3​

There is input data, but no response.
Example:
Code:
Command: 80 D6 00 00 02 01 02 
Answer: 90 00

2.4. Case 4​

There are both input data and response.
Example:
Code:
Command: 80 E0 00 00 04 01 02 03 04 04 
Answer: A1 B2 C3 D4 90 00

3. Where is APDU used?​

  1. EMV cards(bank payments):
    • Select application (SELECT).
    • Generate cryptogram (GENERATE AC).
  2. SIM cards:
    • Contact management (UPDATE RECORD).
  3. Electronic passports:
    • Reading biometric data (READ BINARY).

4. How to send APDU?​

4.1. Tools​

  • Readers: ACR122u, Omnikey.
  • Programs:
    • OpenSC (opensc-tool).
    • GlobalPlatform Pro (gpj).
    • Python libraries (pyscard, pyapdutool).

4.2. Example via OpenSC​

Bash:
opensc-tool -s "00 A4 04 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 00"

Conclusion:
Code:
90 00

5. Real-life example (EMV)​

Command: Request card data.
Code:
80 CA 9F 17 00
  • 80 – class (private).
  • CA – "GET DATA" command.
  • 9F 17 – tag for PIN attempts.
  • 00 – The.

Answer:
Code:
03 90 00
  • 03 – remaining attempts to enter PIN.
  • 90 00 – success.

6. APDU Security​

  • Encryption: Some commands require a MAC/signature.
  • Filtering: The card rejects invalid APDUs.
  • Logical attacks: If the developer made a mistake in validating APDU, vulnerabilities may occur (e.g. CVE-2015-4901 in Java Card).

Conclusion​

APDU is the "language" of communication between smart cards and the outside world. Main:
Commands consist of CLA INS P1 P2 Lc Data Le.
Responses contain data and status (SW1 SW2).
✔ Used in EMV, SIM, ePassports.

OpenSC and PyAPDUTool are convenient for testing cards. Want to analyze a specific APDU command? Ready to help!
 
Top