Troll is a brute-forcing tool for finding and extracting as much data from smartcards as possible. It achieves this by trying out all possible file paths, and extracting the information from files it finds.
As troll is a rust program, the intended method for installing is to run
cargo install, using rust’s build system, cargo. Note that troll links again
pcsc-lite, and this must be installed as a system library.
Troll operates in two stages: scanning and extraction. To scan a smart card,
insert it into a PCSC-compatible reader, and run
troll scan <outfile>. Then
take the afternoon off and go for a stroll or something, because this will take
a while. For a list of options, run
troll help scan. In particular, the
--pin option for logging in (this is more important during the extraction
phase however), and
--af for supplying the AF names on the card. Troll can
also attempt to extract available AFs from EF.DIR, however many proprietary
cards do not supply this. If not
--af flag is supplied, troll will scan the
default af only.
It may happen that troll encounters some recursive directory structures. Use
--filter flag to apply basic filtering rules to attempt to catch these.
Be warned, however, that this may filter out legitimate files.
The extraction phase is run with the command
troll extract <infile> <outdir>.
This phase is typically very fast, and will create a directory structure under
<outdir> mirroring that on the smart card. Each file in this structure will
have a short header, detailing the type of EF this file was, and the
hex-encoded content of the file, as far as it could be extracted. If an error
occurred during extraction (e.g. security status not satisfied), this will be
noted. For a list of options, run
troll help extract. Of particular
importance is the
--pin option, which allows elevation of the cards security
A convenience method used to both scan and extract in one.