Menu
▾
▴
Re: [Globalplatform-users] Problem after loading applet - error code: 0x8010002F
|
From: Carlitos <pok...@gm...> - 2006-12-08 13:43:05
|
I have found the cause of this error. It had nothing to do with the
application or the GlobalPlatform library.
The .bin file caused the problem, it seems that it was not created properly
the first time. I have repeated the steps for .bin creation (jar + cat), and
this new file was successfully loaded on the card.
I still don't understand how could this error happen, I thought that if all
conditions for loading are fulfilled, and the process of installation
finishes successfully, the only thing that can go wrong is that applet does
not work properly.
I hope that this will help someone.
Regards,
Carlitos
On 12/6/06, Karsten Ohme <wid...@t-...> wrote:
>
> Carlitos wrote:
> >
> > I am developing a program in c++ for loading Java Card applets on the
> > card, using GlobalPlatform library.
> >
> > I am working with Axalto's Palmera swift 16k cards, compliant with ISO
> > 7816, EMV 3.1.1, Java Card 2.1, Open Platform 2.0.1.
> >
> > I have an applet, that is already tested and in use with these cards.
> >
> > I made a .bin file, like in a GPShell example, and I tried to load it on
> > the card with application that I developed.
> >
> > I have the following problem:
> > In my application, the process of loading applet finishes without any
> > error, all the methods that I call return OPGP_ERROR_SUCCESS.
> > After that, next time I try to communicate with the card, after
> > SCardTransmit I get the following error code: 0x8010002F.
> > Call to the method stingify_error returns the following text:
> > "A communications error with the smart card has been detected. Retry the
> > operation."
> >
> > During execution, program makes calls to methods in following order:
> > establish_context
> > card_connect
> > select_application (card manager)
> > OP201_mutual_authentication
> > OP201_install_for_load
> > OP201_load
> > OP201_install_for_install_and_make_selectable
> > card_disconnect
> > release_context
> >
> > All of above steps are working. I have noticed that execution of
> > card_disconnect lasts longer than usual (I tried putting pop-up
> > MessageBox before and after the call to method), but it reports that the
> > execution ended successfully.
> >
> > After loading of the applet, no SCardTransmit method can be successfully
> > executed with a card. I tried the process with several cards already and
> > the result is always the same.
> >
> > I am working with cards whose keyset is modified for SECURE CHANNEL MAC,
> > and whose state is set to SECURED.
> >
> > I have made changes to methods in GlobalPlatform library, that are
> > called after mutual_authentication method according to Palmera's
> > documentation
> > ("CLA coding is set to '84' for all commands issued within a Secure
> > Channel with MAC or MAC+ENC level ; using a CLA set to '80' will be
> > rejected by the card.").
>
> This is also done by the GlobalPlatform library. Each command within a
> secure channel is sent with 0x84. (At least it should.) But should not
> solve the problem.
>
> >
> > Mutual authentication is executed successfully, so it is not the reason
> > why the cards cannot be accessed.
> >
> >
> > I tried loading this applet to these cards with *another software*,
> > developed in Java using IBM's JCOP tool's libraries.
> >
> > I have compared ADPU messages that are exchanged between the card and
> > the offline application, in my project and using this Java application.
> >
> > APDUs for install_for_load and install_for_install_and_make_selectable
> > are identical (except the bytes representing cryptogram for SECURE
> > CHANNEL MAC), and APDUs for load method differ in byte representation of
> > the file that's loaded as well as the cryptogram.
>
> The last step is interesting. Maybe the data of the CAP file is sent in
> a different order or with additional data. The CAP file you will have is
> a ZIP file, rename it and look at the contents.
>
> Have you saved the logs of the sent communication?
>
> >
> > Applet is successfully loaded with Java application, and after that
> > those cards have been personalized and used without any problem.
> >
> > However, there is one error that the Java application reports at the end
> > of loading:
> >
> > com.ibm.jc.JCException:
> > Error: -4
> > APDU: 00C7020003C80207739000
> > Msg: Invalid response length. Expecting delegated operation response
> > at com.ibm.jc.SecurityDomain.do(Unknown Source)
> > at com.ibm.jc.SecurityDomain.handleInstall(Unknown Source)
> > at
> > com.ibm.jc.SecurityDomain.installForInstallAndMakeSelectable(Unknown
> > Source)
> > at yu.co.blue.loader.LoaderThread.run(LoaderThread.java:116)
> >
> > This could mean that the cards have some bug.
>
> Mmmmh, usually the card returns a so called receipt, for the issuer
> security domain (card manager) this is only the byte 00. Maybe it is
> missing. Should not matter. If the card wants to have something special
> it may cause the bug in the card. It is a bug, because a loading of an
> application does not effect the functionality. But, I would be
> interested when it happens and what IBM does different.
>
> Publish this problem also somewhere else, the JavaCard forum at Sun or
> a.t.smartcards newsgroup.
>
> Regards,
> Karsten
>
>
> > We tested this Java application with some other card types and it did
> > not report any error.
> >
> > In spite of that, reported error does not, in any way, effect the card,
> > or the applet that is loaded.
> > Applets that are loaded this way, are in use without any problem (for
> > over two years).
> >
> >
> > To conclude:
> >
> > * Java application reports error, but the card and the loaded applet
> > are operational
> > * my c++ application does not report any error, but cards are
> blocked
> >
> >
> > Can anyone help me with this problem?
> > Is there anything that I could do to unblock the cards that are blocked
> > (the 0x8010002F error)?
> >
> > Regards,
> > Carlitos
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > opinions on IT & business topics through brief surveys - and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Globalplatform-users mailing list
> > Glo...@li...
> > https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>
>
|
