Re: [Globalplatform-users] FW: JCOP 41 V 2.3.2

[Michael S. <mst...@co...>]

Unfortunately, the JCOP manual is under NDA.  Some of this is discernable by looking at the JCOP Eclipse tools.  

Mike


At 03:38 PM 7/5/2011, Karsten Ohme wrote:
>Hi,
>
>I have added these information to the GPShell page:
>
>https://sourceforge.net/apps/mediawiki/globalplatform/index.php?title=GPShell
>
>A wiki with the manuals of all cards would be nice.
>
>Karsten
>Am 05.07.2011 18:31, schrieb Michael StJohns:
>> 
>> 
>> Send "00h A4h 04h 00h 09h A0h 00h 00h 01h 67h 41h 30h 00h FFh 00h" to
>> the card - this is the JCOP IDENTIFY command.   You can do this with the
>> GPShell select command - "select -aid A000000167413000FF"
>> 
>> Offset 14 (decimal) of the response has the pre-personalized state.  00h
>> is not fused (not personalized), 01h is fused.  If the former, you're
>> pretty much out of luck unless you have the transport key as the global
>> platform keys are set randomly.
>> 
>> JCOP41 2.3.2 cards are mostly the same as the previous version of the
>> card.  They do (or are supposed to) use the aid "A000000003000000".  You
>> can try instead using the "select next" version of the select
>> command.    CLA=0, ins=A4, P1=04, P2=02, data = "A0 00" to select any
>> applet whose AID begins with "A0 00".  The response might be useful.
>> 
>> Lastly, JCOP41 cards are GP2.01 - AKA Open Platform.  You should  grab a
>> copy of the standard from  the global platform web site.  It should help
>> when you're poking around.  In particular, it should describe the format
>> of the response from the select command.
>> 
>> Enjoy - Mike
>> 
>> 
>> 
>> 
>> At 10:30 AM 7/5/2011, Marcel Mauricio Mancini Tavara wrote:
>>> Content-class: urn:content-classes:message
>>> Content-Type: multipart/alternative;
>>>          boundary="----_=_NextPart_001_01CC3B20.1591579A"
>>>
>>>
>>> Thank you so much for your help. I tried the alternatives offered by
>>> you and all the different cmds always return the same:
>>>
>>> 6A81: Function not supported
>>>
>>> Also, this is the first model of card that has given me so much
>>> trouble. Could it be that they are not even pre-personalized? I will
>>> try to get a response from the vendor and I will let you know if I
>>> make any progresses.
>>>
>>> Marcel
>>>
>>> -----Original Message-----
>>> From: Karsten Ohme [mailto:wid...@t-... ]
>>> Sent: Mon 7/4/2011 7:34 PM
>>> To: Marcel Mauricio Mancini Tavara
>>> Cc: glo...@li...
>>> Subject: Re: [Globalplatform-users] FW: JCOP 41 V 2.3.2
>>>
>>> Hi,
>>>
>>> So I guess the AID is different for this card, although this is actually
>>> the correct AID. If nothing helps ask the people were you bought it.
>>> Actually there should be a manual.
>>>
>>> One way to find it out:
>>>
>>> establish_context
>>> enable_trace
>>> enable_timer
>>> card_connect
>>> get_data -identifier 004F
>>> // or if not working: get_data -identifier 4F
>>> card_disconnect
>>> release_context
>>>
>>> Problem with this: Nobody seems to support it.
>>>
>>> -----------------------
>>>
>>> Another way to find it out:
>>>
>>> I assume the Card Issuer Security Domain is the default selected
>>> application on new cards. So the select command is not necessary.
>>>
>>> mode_211
>>> enable_trace
>>> establish_context
>>> // only necessary if you have multiple readers: card_connect
>>> -readerNumber 1
>>> // not necessary if this is default selected: select -AID a000000003000000
>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>> get_status -element 10
>>> get_status -element 20
>>> get_status -element 40
>>> card_disconnect
>>> release_context
>>>
>>> The command are also described here:
>>>
>>> http://sourceforge.net/apps/mediawiki/globalplatform/index.php?title=GPShell
>>>
>>>
>>> get_status -element e0
>>>     List applets and packages and security domains
>>>
>>> get_status -element 20
>>>     List packages
>>>
>>> get_status -element 40
>>>     List applets or security domains
>>>
>>> get_status -element 80
>>>     List Card Manager / Security Issuer Domain
>>>
>>>
>>> (-element 40 or 80 should help). If you have found out the correct AID
>>> you can use it in later scripts, when the Issuer Security Domain is no
>>> longer the default application of the card.
>>>
>>> I have just added some information about default Security Issuer Domain
>>> AIDs.
>>>
>>> But be careful. Too many unsuccessful attempts to authenticate will lock
>>> the card. So if the keys are not correct, do try it more than a few
>>> times (less than 3) and use for further testing a different card.
>>> Remember the number of unsuccesful authentication attempts on the card.
>>> To reset it you must successfully authenticate.
>>> All commands before calling open_sc are safe. No attempt limit can lock
>>> the card.
>>>
>>> BR,
>>> Karsten
>>>
>>> Am 04.07.2011 21:59, schrieb Marcel Mauricio Mancini Tavara:
>>> >
>>> > Good Day,
>>> >
>>> > I'm trying to load the test applet in a JCOP 41 v 2.3.2 card using
>>> > GPShell (1.4.4) and the script helloInstalGP211.txt:
>>> >
>>> > mode_211
>>> > enable_trace
>>> > enable_timer
>>> >
>>> > establish_context
>>> > card_connect
>>> > select -AID a000000003000000
>>> >
>>>
>>>
>>> > open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>> > 404142434445464748494a4b4c4d4e4f -enc_key
>>> > 404142434445464748494a4b4c4d4e4f // Open secure channel
>>> > delete -AID D0D1D2D3D4D50101
>>> > delete -AID D0D1D2D3D4D501
>>> > install -file helloworld.cap -nvDataLimit 2000 -instParam 00 -priv 2
>>> > # getdata
>>> > # close_sc // Close secure channel
>>> > # putkey // Put key
>>> >   // options:
>>> >   //          -keyind Key index
>>> >   //          -keyver Key version
>>> >   //          -key Key value in hex
>>> > card_disconnect
>>> > release_context
>>> >
>>> > However, it always fails when selecting the master file (select -AID
>>> > a000000003000000) without mattering which AID I put.
>>> >
>>> > The response for the select is always 6A82 (file not found).
>>> >
>>> > I have already tested it with 3 JCOP 41 v 2.3.2
>>> >
>>> > Any ideas why could this be happening?
>>> >
>>> > Thanks for your help,
>>> >
>>> > Marcel
>>> >
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > All of the data generated in your IT infrastructure is seriously
>>> valuable.
>>> > Why? It contains a definitive record of application performance,
>>> security
>>> > threats, fraudulent activity, and more. Splunk takes this data and makes
>>> > sense of it. IT sense. And common sense.
>>> > http://p.sf.net/sfu/splunk-d2d-c2
>>> >
>>> >
>>> > _______________________________________________
>>> > Globalplatform-users mailing list
>>> > Glo...@li...
>>> > https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> All of the data generated in your IT infrastructure is seriously valuable.
>>> Why? It contains a definitive record of application performance, security
>>> threats, fraudulent activity, and more. Splunk takes this data and makes
>>> sense of it. IT sense. And common sense.
>>> http://p.sf.net/sfu/splunk-d2d-c2
>>> _______________________________________________
>>> Globalplatform-users mailing list
>>> Glo...@li...
>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users 
>> 
>> 
>> 
>> ------------------------------------------------------------------------------
>> All of the data generated in your IT infrastructure is seriously valuable.
>> Why? It contains a definitive record of application performance, security 
>> threats, fraudulent activity, and more. Splunk takes this data and makes 
>> sense of it. IT sense. And common sense.
>> http://p.sf.net/sfu/splunk-d2d-c2
>> 
>> 
>> 
>> _______________________________________________
>> Globalplatform-users mailing list
>> Glo...@li...
>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users