Re: [Globalplatform-users] FW: JCOP 41 V 2.3.2

[Karsten O. <wid...@t-...>]

It's a pity that most smart card vendors still try to enforce security
by obscurity. Well, at least these information are somehow connected to
the understanding of the card behavior and because the main purpose of
smart cards is security there shouldn't be such restrictions.

Karsten

Am 06.07.2011 02:17, schrieb Michael StJohns:
> Unfortunately, the JCOP manual is under NDA.  Some of this is discernable by looking at the JCOP Eclipse tools.  
> 
> Mike
> 
> 
> At 03:38 PM 7/5/2011, Karsten Ohme wrote:
>> Hi,
>>
>> I have added these information to the GPShell page:
>>
>> https://sourceforge.net/apps/mediawiki/globalplatform/index.php?title=GPShell
>>
>> A wiki with the manuals of all cards would be nice.
>>
>> Karsten
>> Am 05.07.2011 18:31, schrieb Michael StJohns:
>>>
>>>
>>> Send "00h A4h 04h 00h 09h A0h 00h 00h 01h 67h 41h 30h 00h FFh 00h" to
>>> the card - this is the JCOP IDENTIFY command.   You can do this with the
>>> GPShell select command - "select -aid A000000167413000FF"
>>>
>>> Offset 14 (decimal) of the response has the pre-personalized state.  00h
>>> is not fused (not personalized), 01h is fused.  If the former, you're
>>> pretty much out of luck unless you have the transport key as the global
>>> platform keys are set randomly.
>>>
>>> JCOP41 2.3.2 cards are mostly the same as the previous version of the
>>> card.  They do (or are supposed to) use the aid "A000000003000000".  You
>>> can try instead using the "select next" version of the select
>>> command.    CLA=0, ins=A4, P1=04, P2=02, data = "A0 00" to select any
>>> applet whose AID begins with "A0 00".  The response might be useful.
>>>
>>> Lastly, JCOP41 cards are GP2.01 - AKA Open Platform.  You should  grab a
>>> copy of the standard from  the global platform web site.  It should help
>>> when you're poking around.  In particular, it should describe the format
>>> of the response from the select command.
>>>
>>> Enjoy - Mike
>>>
>>>
>>>
>>>
>>> At 10:30 AM 7/5/2011, Marcel Mauricio Mancini Tavara wrote:
>>>> Content-class: urn:content-classes:message
>>>> Content-Type: multipart/alternative;
>>>>          boundary="----_=_NextPart_001_01CC3B20.1591579A"
>>>>
>>>>
>>>> Thank you so much for your help. I tried the alternatives offered by
>>>> you and all the different cmds always return the same:
>>>>
>>>> 6A81: Function not supported
>>>>
>>>> Also, this is the first model of card that has given me so much
>>>> trouble. Could it be that they are not even pre-personalized? I will
>>>> try to get a response from the vendor and I will let you know if I
>>>> make any progresses.
>>>>
>>>> Marcel
>>>>
>>>> -----Original Message-----
>>>> From: Karsten Ohme [mailto:wid...@t-... ]
>>>> Sent: Mon 7/4/2011 7:34 PM
>>>> To: Marcel Mauricio Mancini Tavara
>>>> Cc: glo...@li...
>>>> Subject: Re: [Globalplatform-users] FW: JCOP 41 V 2.3.2
>>>>
>>>> Hi,
>>>>
>>>> So I guess the AID is different for this card, although this is actually
>>>> the correct AID. If nothing helps ask the people were you bought it.
>>>> Actually there should be a manual.
>>>>
>>>> One way to find it out:
>>>>
>>>> establish_context
>>>> enable_trace
>>>> enable_timer
>>>> card_connect
>>>> get_data -identifier 004F
>>>> // or if not working: get_data -identifier 4F
>>>> card_disconnect
>>>> release_context
>>>>
>>>> Problem with this: Nobody seems to support it.
>>>>
>>>> -----------------------
>>>>
>>>> Another way to find it out:
>>>>
>>>> I assume the Card Issuer Security Domain is the default selected
>>>> application on new cards. So the select command is not necessary.
>>>>
>>>> mode_211
>>>> enable_trace
>>>> establish_context
>>>> // only necessary if you have multiple readers: card_connect
>>>> -readerNumber 1
>>>> // not necessary if this is default selected: select -AID a000000003000000
>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>> get_status -element 10
>>>> get_status -element 20
>>>> get_status -element 40
>>>> card_disconnect
>>>> release_context
>>>>
>>>> The command are also described here:
>>>>
>>>> http://sourceforge.net/apps/mediawiki/globalplatform/index.php?title=GPShell
>>>>
>>>>
>>>> get_status -element e0
>>>>     List applets and packages and security domains
>>>>
>>>> get_status -element 20
>>>>     List packages
>>>>
>>>> get_status -element 40
>>>>     List applets or security domains
>>>>
>>>> get_status -element 80
>>>>     List Card Manager / Security Issuer Domain
>>>>
>>>>
>>>> (-element 40 or 80 should help). If you have found out the correct AID
>>>> you can use it in later scripts, when the Issuer Security Domain is no
>>>> longer the default application of the card.
>>>>
>>>> I have just added some information about default Security Issuer Domain
>>>> AIDs.
>>>>
>>>> But be careful. Too many unsuccessful attempts to authenticate will lock
>>>> the card. So if the keys are not correct, do try it more than a few
>>>> times (less than 3) and use for further testing a different card.
>>>> Remember the number of unsuccesful authentication attempts on the card.
>>>> To reset it you must successfully authenticate.
>>>> All commands before calling open_sc are safe. No attempt limit can lock
>>>> the card.
>>>>
>>>> BR,
>>>> Karsten
>>>>
>>>> Am 04.07.2011 21:59, schrieb Marcel Mauricio Mancini Tavara:
>>>>>
>>>>> Good Day,
>>>>>
>>>>> I'm trying to load the test applet in a JCOP 41 v 2.3.2 card using
>>>>> GPShell (1.4.4) and the script helloInstalGP211.txt:
>>>>>
>>>>> mode_211
>>>>> enable_trace
>>>>> enable_timer
>>>>>
>>>>> establish_context
>>>>> card_connect
>>>>> select -AID a000000003000000
>>>>>
>>>>
>>>>
>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>> delete -AID D0D1D2D3D4D50101
>>>>> delete -AID D0D1D2D3D4D501
>>>>> install -file helloworld.cap -nvDataLimit 2000 -instParam 00 -priv 2
>>>>> # getdata
>>>>> # close_sc // Close secure channel
>>>>> # putkey // Put key
>>>>>   // options:
>>>>>   //          -keyind Key index
>>>>>   //          -keyver Key version
>>>>>   //          -key Key value in hex
>>>>> card_disconnect
>>>>> release_context
>>>>>
>>>>> However, it always fails when selecting the master file (select -AID
>>>>> a000000003000000) without mattering which AID I put.
>>>>>
>>>>> The response for the select is always 6A82 (file not found).
>>>>>
>>>>> I have already tested it with 3 JCOP 41 v 2.3.2
>>>>>
>>>>> Any ideas why could this be happening?
>>>>>
>>>>> Thanks for your help,
>>>>>
>>>>> Marcel
>>>>>
>>>>>
>>>>>
>>>> ------------------------------------------------------------------------------
>>>>> All of the data generated in your IT infrastructure is seriously
>>>> valuable.
>>>>> Why? It contains a definitive record of application performance,
>>>> security
>>>>> threats, fraudulent activity, and more. Splunk takes this data and makes
>>>>> sense of it. IT sense. And common sense.
>>>>> http://p.sf.net/sfu/splunk-d2d-c2
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Globalplatform-users mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> All of the data generated in your IT infrastructure is seriously valuable.
>>>> Why? It contains a definitive record of application performance, security
>>>> threats, fraudulent activity, and more. Splunk takes this data and makes
>>>> sense of it. IT sense. And common sense.
>>>> http://p.sf.net/sfu/splunk-d2d-c2
>>>> _______________________________________________
>>>> Globalplatform-users mailing list
>>>> Glo...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users 
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> All of the data generated in your IT infrastructure is seriously valuable.
>>> Why? It contains a definitive record of application performance, security 
>>> threats, fraudulent activity, and more. Splunk takes this data and makes 
>>> sense of it. IT sense. And common sense.
>>> http://p.sf.net/sfu/splunk-d2d-c2
>>>
>>>
>>>
>>> _______________________________________________
>>> Globalplatform-users mailing list
>>> Glo...@li...
>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
> 
> 
> 
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security 
> threats, fraudulent activity, and more. Splunk takes this data and makes 
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>