Tue Jul 23 18:26:58 EDT 2013

TPDU protocol

Basic low-level comm is working with state machine in-place.

Next is trying to capture the transport protocol, i.e. difference
between push data and pull data APDU commands 

It seems there are no push/pull TPDU commands as there is only one
size byte in the TPDU header.  Push-pull APDUs get embedded in a 9FXX
response + GET_RESPONSE request.

It's not too easy to understand the boundary between APDU and TPDU,
though this helps:


Looks like for passive sniffing, the data packet size is in the same
spot for both directions, so no distinction needs to be made based on
INS.  For a pure master or slave side, this is important.