Here is some memory map of the card: 128 bits = 16 bytes

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

E8 39 13 41 38 XX XX XX YY YY YY YY YY ZZ ZZ ZZ -Lit. telekomas, 200 units.

D8 2F FC AA ... -some german card

E8 2B 0B 5C ... -such cards are used in Kaunas for parking. Reported by some programs as Romania telephone cards.

Bytes:0,1,2,3 are called country ID Bytes:4,5,6,7 maybe are serial number. Everybody who produce such card can use this information as it wants. Lithuanian telecom uses it in such way: Byte4: card value: $38=200 ticks/units; $28=100; $7,$8,$9=50; $17=75. I think it is simple serial number: they decided that cards from number $00000000-$16FFFFFF will be 50 ticks and etc. (It is a guess, made after exploring ~20 cards) Bytes 6,7 and sometimes 5 are printed on the card: it is real serial number. It is encoded in DECIMAL-HEX format for Lithuanian card. It means that if the card's serial number is 12345 DEC it will be inside the card as $012345 HEX. It not a rule for all the countries. For example Latvian cards use real HEX-DEX conversion. Bytes 7-C are units/ticks counters (used tele units, etc.) It is very mystical OCTAL counter format. The main idea is to create full range counter when it is possible only to clear bits. I don't understand fully how it works... Bytes D,E,F: test area. Some bits are write protected and some not.

ISO TOOLS

ISO extender	PIC programmer	LPT port snooper/ Universal Amiga hardware
Card reader hardware made from old Motorola GSM phone	GSM phone connected to snooping hardware

Is it possible to clone card? Yes and at the same time No. Yes, you can make a device which emulate the card with all its memory protection and etc. Even you can make some card which will "recharge" itself after cold reset. OK! TELL ME HOW TO DO IT! I WANT TO SCREW F***ING TELECOM! GIM'ME THE SOURCE ,SCHEMATICS AND OTHER DATA! Calm down. All Telecom companies are smart enough to prevent you from using cloned cards. Unlike satellite TV program decoder, you can not open telephone. And inside every pay phone there are few tricks: metal detectors, current measurers and noise generators.
Simple experiment: take good card and smart card extender (or card without chip) and connect them with thin wires. Insert such twin card to pay phone. You'll receive message: CARD NOT VALID or INVALID CARD or something similar to this. If you'll not receive such message and you can make a call, you telephone company is stupid. You can cheat them...
If you manage to place microchip PIC controller and oscillator inside the telecard on the contact plate- you have gold fingers :) and you can cheat the pay phone. (if power drain is not big enough). All you need is card emulation program.
It is possible to get the card with microchip or other microcontroller already on the card, but there is small (and untested) problem. The microcontroller must run on much higher frequency than smart card. All data sheets, I downloaded about this special card, say that microcontrollers clock pin is connected to cards clock pin. It is not good. The other way is to issue your own telephone cards. (I would like to see how you explain card producer why you want to use some other companyes id...)

In the internet is only 2 (two) programs for smart card emulation. And both of them have errors (maybe errors made for some reason). You can't compile them directly. After few tricks you can compile them, but they are for ISO7816-1 protocol. This thing is not used for nowadays cards. I've made 1/2 of ISO7816-2 emulation, but I am not PIC guru and I am lazy enough to leave this project alone unfinished. I even think, I've lost the listings in the mess I have at home.

Here is a small tool for Amiga computer: KillTelekomas program. This program is based on work of Piotr Gapinsky and Espen Skog (ATC) [check Aminet]. It uses same hardware (direct connection to LPT port). Main difference is that it DIDN'T REQUIRE high version of the OS and any other library and you can clear the card and see RAW image of it. (it works with plain A500). Sorry, no MS WINDOWS/DOS version. I don't know how to talk to the PC hardware in such low level. You can try lots of PC programs... but 90% of them didn't work with new computers. Better find some old 286 or 386 computer with ISA LPT card.

Another small, but usefull program for Amiga is Snooper. It simply reads 8 bits of data from computer's LPT port and saves it to file. Usefull for reverse engineering. Download snooper.lha, extract and use all 3 programs. Two of them for recording data, 3rd- for some sort of graphical analize. It is not TOP quality programs, it is only tools. (What can you expect from 4K program?). Recording programs are for slow and fast events. With faster program I can see GSM SIM card clock on pin #1, but you must have lots of memory. On my Amiga 2..3 seconds of recording produce 2MB files. You can't achieve faster recording because of slow CIA chip.

What we can do with all this information and telephone card? Few interesting and useful things. The most interesting thing is electronic key. You can use the card as key to you computer, room and etc. Every card is unique- so you can use it as key. Unit area (and sometimes test area) can be used to store some user information.
For stand alone locks you can disable key by clearing bits. Or use counter for letting key to work only for few times. Use your imagination!