I wrote:
>The FAQ handwaves the details, so it could be either 1 or 3. Can someone who
>has one of these things try reading the ATR off it?
He Who has No Shame [0] reports that it's a GemClub memory card, which is
reasonably similar to the old SLE4428-style cards: 256 bytes of memory, some
of it PIN-protected. Available commands are read, write, and verify PIN.
Given the info in the FAQ, it would appear that the PIN is fixed/hardcoded
into the driver, since there's no indication that users are asked for it, and
it mentions that if someone else finds your card, they get access (or they may
just use the non-protected storage in the card). I'm guessing this was a
marketing decision, expecting x-teen-year-old kids (whatever the target market
for these things is) to remember and enter PINs, not to mention the UI issues
involved in obtaining the things, would make it unworkable, while reading off
a URL and password and poking it into a browser is something which is a lot
safer to deploy.
Access control is by an XML version of basic-auth.
In other words, it's (effectively) a dumb memory card with (effectively) HTTP
basic-auth. It does however use the T=0 serial protocol and not I2C, which is
a bit trickier to read with wires poked in the parallel port :-).
Peter.
[0] He actually bought it under his own name, without pretending it was for
his nieces or something.
