Menu
▾
▴
Re: [Globalplatform-users] GPShell and NXP JCOP 31/36K
|
From: Karsten O. <wid...@t-...> - 2007-07-18 17:47:11
|
Hallo Gina, Gina Häußge schrieb: > Hello there, > > On Wed, 2007-07-18 at 01:53 +0200, Karsten Ohme wrote: >> Gina Häußge schrieb: >>> I'm currently trying to install my first Java Applet on an NXP JCOP 31 >>> smartcard with 36K, using a GemPC Twin USB reader under Debian GNU/Linux >>> Testing, 32Bit. >> Unfortunately I do not have such a card. After a quick search in Google >> I cannot find a manual for this card. The first important information >> should be the AID of the Card Issuer Domain (Card Manager) select -AID ... >> Do you know it? There should be some manual. But it seems that this is >> OK, because you get further. > > The AID of the Card Manager is "a0000000030000", so that is ok. Mmmh, try a000000003000000 in GP211 mode. a0000000030000 was used for former OP2.01' cards. Maybe this helps. > >> Do not try to authenticate to the card to often! It gets locked if you >> need 10 tries. If you are near this limit perform a successful >> verification. > > Yeah, I already read about that, so after each unsuccessful attempt I > make a connection in 2.0.1 mode (as there at least the authentication > works). So far, it didn't lock up the card *crosses fingers* Well, I would say it is a OP 2.0.1' card if it does not work in GP 2.1.1 mode. But not sure, but I would say that I remember that there was some difference in the used cryptography so it should not work in both modes. If it is written on the card it will be true. Just a moment what my JCOP 41 card says ... no list.txt does not work for this GP 2.1.1 card. The mutual authentication step does not succeed. listGP211.txt works. > >> Use the JCOP tools (This should work perfectly with this >> card. You can develop and install applets for a card within eclipse). >> >> Maybe this is a correct version: >> >> http://download.boulder.ibm.com/ibmdl/pub/software/dw/jcop/tools.zip > > Sadly, I already tried with the JCOP Tools (after finding them on a CD > included in the card delivery, as IBM no longer maintains them and it is > a pain in the ... to get a copy of them now -- the zip above just > contains a readme telling you exactly this :/). Had a rather unpleasant > experience of my whole eclipse crashing as soon as I tried to connect to > the card via the JCShell, a stack trace revealed a segfault in the JCOP > Tools. So no-go there as well, at least I had no idea how to solve that > issue either. I wrote a bug report some time ago. Maybe it is this problem: ---- The current version of PC/SC Lite is 1.x.y. But the JCOP tools search for the library libpcsclite.so.0. It cannot be found. So a link to the libpcsclite.so.1 must be made. Then it works. ---- > > I had hoped though that maybe someone reading this mailinglist might > have had success with that type of card and therefore an idea as to what > would be the correct keys etc. I have only a JCOP 41 card and it works. > > What I found online at a couple of sites were the JCOP Tools commands to > authenticate with that type of card: > > set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f > set-key 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f > set-key 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f > set-key 1/3/DES-ECB/505152535455565758595a5b5c5d5e5f > set-key 1/1/DES-ECB/707172737475767778797a7b7c7d7e7f > set-key 1/2/DES-ECB/606162636465666768696a6b6c6d6e6f > init-update 255 > ext-auth This set a new key set. You do not want it. Because the OP 2.0.1' mode succeeds the three keys 404142434445464748494a4b4c4d4e4f should be OK. > > I have no idea though how to translate those into corresponding gpshell syntax. put_sc_key ... > >> Strange that it authenticates successfully in OP 2.0.1' mode. >> Do you have connected only one reader to the system? Or are there >> multiple readers with inserted cards? > > It's only one reader. > >> I you try to install something first try "install -file HelloWorld.cap" >> without any parameters. If this is not successful try some variants of >> parameters. > > I've tried a couple of parameter combinations, sadly all with the same > effect of a "6A88: Referenced data not found" message. If it is of any > help, I also tried a "load -f HelloWorld.cap", and that yielded a > "load_applet() returns 0x80206985 (6985: Command not allowed - > Conditions of use not satisfied.)". > > I have to admit that I have some troubles understanding what exactly > does each command and each parameter (although having read the included > README approx. 10mio times now), so I might be trying to do really > stupid things here ;) Mmmh, it is still a quite low level tool, if you have read the GP standard you will understand each command, but it is a pain that the card are so different. With some time I will get or buy such a card to test it. Tschüss, Karsten > > Kind regards, > Gina Häußge |
