What is ATR and how does it work?

chushpan

Professional
Messages
657
Reaction score
447
Points
63
ATR (Answer To Reset) is a special signal or response transmitted by a smart card (e.g. a bank card with a microchip) in response to a RESET command sent by a terminal (e.g. a POS terminal or ATM). This process is part of the smart card-terminal interaction protocol defined by EMV (Europay, MasterCard, Visa) and ISO/IEC 7816 standards.

Why do we need ATR?​

ATR contains important information about the smart card that allows the terminal to understand:
  1. What protocols and standards does the card support?
  2. What functions are available for interaction.
  3. How to properly set up the connection between the card and the terminal.

This response helps the terminal "understand" how exactly to work with the card in order to correctly perform a transaction or other operation.

What does ATR contain?​

ATR consists of several parts, each of which conveys specific information. The main components are:
  1. Initial Character (TS):
    • The first byte is the ATR, which specifies how to interpret subsequent data (e.g. big or little bit order).
  2. Format Character (T0):
    • Specifies the number of historical bytes and the presence of additional interfaces.
  3. Interface Characters (TA, TB, TC, TD):
    • These bytes contain technical information about communication parameters, such as operating frequency, voltage, data exchange protocols.
  4. Historical Bytes:
    • Contains information about the card manufacturer, application type (for example, Visa or MasterCard payment system), software version and other data.
  5. Checksum (TCK):
    • Checksum for ATR integrity verification.

How does the ATR process work?​

  1. Initialization:
    • The terminal sends a RESET command to the smart card.
    • The card is activated and starts transmitting ATR.
  2. ATR Transfer:
    • The smart card sends ATR to the terminal via contact pads (or wirelessly if NFC is used).
  3. ATR Analysis:
    • The terminal analyzes the received ATR to determine how to set up the connection and what commands can be sent to the card.
  4. Further interaction:
    • After analyzing the ATR, the terminal can begin exchanging data with the card, for example, requesting account information or performing authentication.

ATR example​

Here is an example of a real ATR (in hexadecimal):
Code:
3B 68 00 00 00 73 C8 40 12 00 90 00

Let's break it down:
  • 3B: Initial Character (TS).
  • 68: Format Character (T0).
  • 00 00 00: Interface Characters (TA, TB, TC).
  • 73 C8 40 12 00: Historical Bytes (information about the card and manufacturer).
  • 90 00: Checksum (TCK).

Where is ATR used?​

  1. Bank cards:
    • ATR helps POS terminals and ATMs determine how to interact with the card chip.
  2. SIM cards:
    • Mobile phones use ATR to identify the SIM card and set up communications.
  3. Smart cards:
    • For example, building access cards, electronic ID cards or loyalty cards.
  4. Cryptographic devices:
    • USB tokens or hardware security keys also use ATR for identification and configuration.

Why is it important to know ATR?​

  1. Debugging and diagnostics:
    • If the terminal cannot work correctly with the card, ATR analysis can help identify the problem.
  2. Software development:
    • Programmers working with card readers often use ATR for testing and integration.
  3. Safety:
    • Carders can analyze the ATR to obtain information about the card. However, the ATR itself does not contain any sensitive data.

Conclusion​

ATR is a key element of interaction between a smart card and a terminal. It provides the initial "handshake" between devices and helps to set up secure and correct communication. Although ATR does not contain secret information, it plays an important role in the operation of modern payment systems and other technologies using smart cards.

Additional information on this topic: How ATR tools work

If you need more information about specific aspects of ATR or its analysis, please specify the question!
 
Last edited:
Top