Imported wiki

INSTALL

@@ -1,3 +1,6 @@
+(Note: this is the standard GNU documentation for installs. For more specific
+documentation, please refer to README.md)
+
 Installation Instructions
 *************************
 

Makefile.am

@@ -76,7 +76,7 @@ OSX_EXTRA=osx/cardpeek-launcher.sh osx/cardpeek.bundle osx/generate_bundle.sh os
 
 CLEANFILES=cardpeek_resources.c dot_cardpeek.tar.gz osx/cardpeek.icns
 
-EXTRA_DIST=cardpeek_resources.gresource.xml cardpeek_resources.gresource $(DRIVERS) $(ICONS) dot_cardpeek_dir doc/cardpeek_ref.en.pdf doc/cardpeek_ref.en.odt update_dot_cardpeek_dir.sh script_version.h cardpeek.desktop cardpeek.appdata.xml $(OSX_ICONS) INSTALL.FreeBSD
+EXTRA_DIST=cardpeek_resources.gresource.xml cardpeek_resources.gresource $(DRIVERS) $(ICONS) dot_cardpeek_dir doc/cardpeek_ref.en.pdf doc/cardpeek_ref.en.odt update_dot_cardpeek_dir.sh script_version.h cardpeek.desktop cardpeek.appdata.xml $(OSX_ICONS)
 
 GLIB_COMPILE_RESOURCES=@GLIB_COMPILE_RESOURCES@
 

README.fr.md

@@ -9,15 +9,13 @@ Cardpeek est un outil qui a pour objectif de vous permettre d’accéder aux inf
 
 Dans cette version, l’application est capable de lire le contenu des cartes suivantes :
 
-* Les cartes à puce bancaires EMV, dont les cartes NFC.
-* Les cartes de transport d'île de France Navigo, ainsi que MOBIB(Belgique) et RavKav?(Israel).
+* Les cartes à puce bancaires [EMV](doc/emv.fr.md), dont les cartes NFC - _[capture d'écran](doc/sample-emv.jpg)_
+* Les cartes de transport de Paris / Île de France [Navigo](doc/navigo.fr.md), ainsi que MOBIB (Belgique) et RavKav (Israel) -  _[capture d'écran](doc/sample-navigo.jpg)_
 * Les cartes Monéo
 * Les cartes Vitales 2
 * Les passports électroniques/biométriques avec une sécurité BAC.
-* La carte d'identité belge (eID).
-* Les cartes SIM GSM (beta).
-* Les cartes Mifare (beta).
-* Les cartes conducteur tachygraphes.
-* Les cartes OpenPGP (beta);
-
-Plus de détails ici : http://pannetrat.com/Cardpeek/
+* La carte d'identité belge (eID)
+* Les cartes SIM GSM (beta)
+* Les cartes Mifare (beta)
+* Les cartes conducteur tachygraphes
+* Les cartes OpenPGP (beta)

README.md

@@ -5,34 +5,32 @@ Cardpeek
 
 _([Version française](README.fr.md))_
 
-Cardpeek is a Linux/Windows/Mac OS X tool to read the contents of ISO7816 smart cards. It features a GTK GUI to represent card data is a tree view, and is extendable with a scripting language (LUA).
+Cardpeek is a Linux/Windows/Mac OS X tool to read the contents of ISO7816 smart cards. It features a GTK GUI to represent card data in a tree view, and is extendable with a scripting language (LUA).
 
 The goal of this project is to allow smart card owners to be better informed about what type of personal information is stored in these devices.
 
 The tool currently reads the contents of :
 
-* EMV Pin and Chip cards, including NFC ones.
-* Navigo public transport cards, MOBIB and RavKav? cards.
+* [EMV](doc/emv.md) Pin and Chip cards, including NFC ones - _[screenshot](doc/sample-emv.jpg)_
+* [Navigo](doc/navigo.md) (Paris), MOBIB (Belgium), RavKav (Israel) and other public transport cards of the Calypso family - _[screenshot](doc/sample-navigo.jpg)_
 * The French health card "Vitale 2"
-* Electronic/Biometric passports in BAC security mode.
+* Electronic/Biometric passports in BAC security mode
 * GSM SIM cards (but not USIM data)
 * The Belgian eID card
-* Driver tachograph cards;
-* OpenPGP cards (beta);
+* Driver tachograph cards
+* OpenPGP cards (beta)
 
 It can also read the following cards with limited interpretation of data:
-* Some Mifare cards (such as the Thalys card);
-* Moneo, the French electronic purse;
-
-More info here: http://pannetrat.com/Cardpeek/
+* Some Mifare cards (such as the Thalys card)
+* Moneo, the French electronic purse
 
 ## Build
 
 **!!! Produced binaries do not run yet - See [issue #1](https://github.com/ipamo/cardpeek/issues/1) !!!**
 
-- [Build instructions for Debian](INSTALL.Debian.md), either for the local Debian host, or for cross-compilation to Windows using mingw-w64.
-- [Build instructions for Windows](INSTALL.Windows.md), using msys2.
-- [Specific instructions for FreeBSD](INSTALL.FreeBSD.md) in case of errors.
+- [Build instructions for Debian](doc/build-debian.md), either for the local Debian host, or for cross-compilation to Windows using mingw-w64.
+- [Build instructions for Windows](doc/build-windows.md), using msys2.
+- [Specific instructions for FreeBSD](doc/build-freebsd.md) in case of errors.
 
 ## Usage
 
@@ -41,3 +39,5 @@ The [Reference Manual](doc/cardpeek_ref.en.pdf) provides detailed usage instruct
 ## Authors
 
 Written initially by Alain Pannetrat under the [GNU General Public License, version 3](COPYING), with the additional exemption that compiling, linking, and/or using OpenSSL is allowed.
+
+More info here: http://pannetrat.com/Cardpeek/

configure.ac

@@ -239,7 +239,7 @@ if test "$HOST_TYPE" = "freebsd" -a ! "$ICONV_LIBS"; then
     AC_MSG_WARN([
 ********
 
-On FreeBSD, you may need to specify the environement variable ICONV_LIBS='-l iconv' before running 'configure', as detailed in INSTALL.FreeBSD. Otherwise 'make' may fail.
+On FreeBSD, you may need to specify the environement variable ICONV_LIBS='-l iconv' before running 'configure', as detailed in doc/build-freebsd.md. Otherwise 'make' may fail.
 
 ********])
 fi

deps-win32.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 # Download and extract dependencies for cross-compilation from Debian for Windows.
-# See INSTALL.Debian.md
+# See doc/build-debian.md
 #
 RED='\033[0;31m'
 YELLOW='\033[0;33m'

doc/emv.fr.md

@@ -0,0 +1,21 @@
+# How can I read the contents of my EMV bank card? #
+
+![http://cardpeek.googlecode.com/files/sample-emv.jpg](http://cardpeek.googlecode.com/files/sample-emv.jpg)
+
+The "emv" script in **cardpeek** provides an analysis of EMV banking cards used across the
+world.
+
+# Notes #
+
+This script will ask you if you want to issue a Get Processing Option (GPO)
+command for each application on the card. Since some cards have several applications
+(e.g. a national and an international application), this question may be asked twice or
+more. This command is needed to allow access to some information in the card. Issuing this command will also increase an internal counter inside the card (the ATC).
+
+# Notes on privacy #
+
+You will notice that many of these bank cards keep a \transaction log" of the last
+transactions you have made with your card. Some banks cards keep way over a hundred
+transactions that are freely readable, containing the date, the amount and the country of the transaction, which brings up some privacy issues. Why do banks need to keep so much information in the card?
+
+The security elements in the card, such as the PIN and the cryptographic keys are fully protected in the card and cannot be read.

doc/emv.md

@@ -0,0 +1,21 @@
+# How can I read the contents of my EMV bank card? #
+
+![http://cardpeek.googlecode.com/files/sample-emv.jpg](http://cardpeek.googlecode.com/files/sample-emv.jpg)
+
+The « emv » script in **cardpeek** provides an analysis of EMV banking cards used across the
+world.
+
+# Notes #
+
+This script will ask you if you want to issue a Get Processing Option (GPO)
+command for each application on the card. Since some cards have several applications
+(e.g. a national and an international application), this question may be asked twice or
+more. This command is needed to allow access to some information in the card. Issuing this command will also increase an internal counter inside the card (the ATC).
+
+# Notes on privacy #
+
+You will notice that many of these bank cards keep a \transaction log" of the last
+transactions you have made with your card. Some banks cards keep way over a hundred
+transactions that are freely readable, containing the date, the amount and the country of the transaction, which brings up some privacy issues. Why do banks need to keep so much information in the card?
+
+The security elements in the card, such as the PIN and the cryptographic keys are protected in the card and cannot be read.

doc/navigo.fr.md

@@ -0,0 +1,15 @@
+Comment lire le contenu de son Pass Navigo ?
+============================================
+
+![sample-navigo.jpg](sample-navigo.jpg)
+
+Le script "calypso" inclu dans **cardpeek** permet de lire le contenu des cartes "Navigo" utilisées en région parisienne. Cet outil offre une analyse améliorée des "journaux d'évènements" de la carte affichant notamment le nom des stations de métro/RER où la carte a été utilisée. Cet outil a été testé avec succès sur les cartes Navigo Découverte, Navigo et Navigo Intégrale.
+
+## Notes
+
+Il faut utiliser **cardpeek** avec un lecteur de carte à puce à contact pour lire le contenu d'une carte "navigo" (ou un lecteur sans contact spécialisé). En effet, les cartes "navigo" ne peuvent pas êtres lues avec des lecteurs sans contact _classiques_ (car elles utilisent un protocole de communication radio qui n'est pas totalement compatible avec l'ISO 14443 B).
+
+## Protection de la vie privée
+
+Ces cartes de transport conservent un "journal d'évènement" décrivant les 3 dernières validations effectuées par le porteur de la carte. Ce journal, qui peut poser un risque pour la protection de la vie privée, n'est pas protégé en lecture.
+Par contre le nom du porteur de la carte n'est pas, selon nos analyses, accessible en lisant la carte. En revanche, c'est le cas pour la carte MOBIB utilsée à Bruxelles.

doc/navigo.md

@@ -0,0 +1,15 @@
+How to read the content of your Navigo Pass?
+============================================
+
+![sample-navigo.jpg](sample-navigo.jpg)
+
+The "calypso" script included in **cardpeek** can read the content of Navigo cards used in Paris. It provides enhanced "event log" analysis notably with subway/train station names, as illustrated in the screenshot above. It has been successfully tested on Navigo Découverte, Navigo and Navigo Intégrale cards.
+
+## Notes
+
+You must use the contact interface to read a Navigo card (or a special contactless reader), because they cannot be read with a normal conctactless card-reader (these cards use a specific protocol that is not fully compatible with ISO 14443 B).
+
+## Privacy notes
+
+These transport cards keep an "event log" describing at least 3 of the last stations/stops you have been through. This "event log", which could pose a privacy risk, is not protected by any access control means and is freely readable.
+Note however that your name does not appear on the card (to our best knowledge), as opposed to the MOBIB card in Brussels.