[Globalplatform-users] Issues Authenticating to a Card

[Jeff F. <sf...@fc...>]

Hi All,

I have been working with a Nokia 6131 NFC phone (java programming), part
of the phone has a secure element which is an integrated Java Card (G&D
Implementation) and it is this which I am trying to write applets for -
however I am stuck at the authentication stage.

I am aware of the 10 incorrect authentication issue (I have already locked
1 phone and am 4 attempts down on the last) which is why I am posting
here.

The secure element has been 'unlocked' which has given me the following
information:

Keyset 42 contains the ENC, MAC & KEY keys with the hex values 4041...4F.
Access to the device requires ENC+MAC level authentication as specified in
the GlobalPlatform spec 2.1.1 secure chanel protocol 02 (SCP02).

I also have a list of 4 Application IDs which I have been told NOT to
delete, and 2 Application IDs which may be deleted if more space is
required.

The last set of commands I tried were:
mode_211
enable_trace
establish_context
card_connect -readerNumber 0
open_sc -security 3 -scp 2 -keyver 42 -mac_key
404142434445464748494A4B4C4D4E4F -enc_key 404142434445464748494A4B4C4D4E4F
-kek_key 404142434445464748494A4B4C4D4E4F

Which gave the output:
--> 00CA006600
<--
734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029000

--> 80502A0008979FE2303D49553200
<-- 000063428007F6A801092A0200016C7FFC113FB9FEBAFC314EA2F27A9000
mutual_authentication() returns 0x8030F006 (The Secure Channel Protocol
Implementation is invalid.)

I have seen some references to having to issue a select command before the
open_sc however do not know if this is necessary (I am a java programmer,
completely new to these cards). After reading another post on this mailing
list and which AID to select, one of the ones I shouldn't delete is
"A0000000035350" which is the closest in looks to the suggestions (the
others all being D276000...) however I don't know if not selecting this is
causing the error, or even related.

Only having 6 attempts left before rending the phone (worth about £230!)
useless I don't want to risk trying things in hope - this is how I locked
the first one as I wasn't aware of the limit to 10 attempts.

Any advise or suggestions would be much appreciated.

Regards,
-Jeff Fern


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.