Menu
▾
▴
Re: [Opensc-devel] IDPrime MD
|
From: Pawel J. <paw...@gm...> - 2019-12-20 00:59:52
|
On Thu, Dec 19, 2019 at 2:11 PM Jakub Jelen <jj...@re...> wrote: > > On Thu, 2019-12-19 at 00:00 +0100, Pawel Jasinski wrote: > > Hi, > > > > I am trying to get IDPrime MD card to work. After compiling the PR > > from: https://github.com/OpenSC/OpenSC/pull/1772 the following errors > > are reported: > > > > rejap@zed:~/github/OpenSC-IdPrime$ opensc-tool --verbose --serial -- > > info --atr > > OpenSC 0.20.0 [gcc 7.4.0] > > Enabled features: locking zlib openssl pcsc(libpcsclite.so.1) > > Using reader with a card: Alcor Micro AU9560 00 00 > > Card ATR: > > 3B 7F 96 00 00 80 31 80 65 B0 84 56 51 10 12 0F ;.....1.e..VQ... > > FE 82 90 00 .... > > Connecting to card in reader Alcor Micro AU9560 00 00... > > Failed to connect to card: Wrong length > > > > Enabling debug reveals the following: > > ... > > P:9939; T:0x139703700438912 23:48:50.051 [opensc-tool] > > iso7816.c:576:iso7816_select_file: returning with: -1205 (Incorrect > > parameters in APDU) > > P:9939; T:0x139703700438912 23:48:50.052 [opensc-tool] > > card.c:842:sc_select_file: 'SELECT' error: -1205 (Incorrect > > parameters > > in APDU) > > P:9939; T:0x139703700438912 23:48:50.052 [opensc-tool] > > dir.c:172:sc_enum_apps: Cannot select EF.DIR file: -1205 (Incorrect > > parameters in APDU) > > ... > > P:9939; T:0x139703700438912 23:48:50.243 [opensc-tool] > > iso7816.c:162:iso7816_read_binary: Check SW error: -1211 (Security > > status not satisfied) > > P:9939; T:0x139703700438912 23:48:50.243 [opensc-tool] > > card-idprime.c:216:idprime_process_index: returning with: -1206 > > (Wrong > > length) > > P:9939; T:0x139703700438912 23:48:50.243 [opensc-tool] > > card-idprime.c:274:idprime_init: returning with: -1206 (Wrong length) > > P:9939; T:0x139703700438912 23:48:50.243 [opensc-tool] > > card.c:362:sc_connect_card: driver 'Gemalto IDPrime' init() failed: > > Wrong length > > P:9939; T:0x139703700438912 23:48:50.244 [opensc-tool] > > reader-pcsc.c:637:pcsc_disconnect: Alcor Micro AU9560 00 > > 00:SCardDisconnect returned: 0x00000000 > > P:9939; T:0x139703700438912 23:48:50.244 [opensc-tool] > > card.c:406:sc_connect_card: returning with: -1206 (Wrong length) > > Failed to connect to card: Wrong length > > > > Those are only error parts. Full log can be posted if needed. > > > > Is there a hope to support this card? I wouldn't mind spending some > > time tinkering with it, but I definitely need help. > > Not sure if it makes a difference, but I am able to capture USB > > communication when card is used from Windows. > > Hello Pawel, > > thank you for your interest. I still hope that we could support this > card, but with the lack of specification, it is hard to get all the > corner cases correctly. Especially when there are different versions of > the IDPrime and different versions of the applets. I have only one card > with only one applet version, which I based the changes on. > > The full debug log would certainly help. The context of your messages > is not completely clear. You can share it here, to the PR or directly > to my email, but that should really not contain any private information > before you start writing PINs :) > > Best regards, > -- > Jakub Jelen > Senior Software Engineer > Security Technologies > Red Hat, Inc. > I did some extra poking and I am afraid communication between card and driver is partially encrypted. My experiment involves capturing USB traffic between card reader and Windows guest. First test involves inserting a card into windows twice and comparing 2 captures. The captured communication looks almost identical in both cases until the point where payload with random content appears. After this packet, the flow of communication is still identical (commands, sizes, sequences) but payloads are different. Second test involves capturing packets during "certutil.exe -scinfo" which retrieves content of certificates from smart card. I am not able to find any strings from certificates in the captured stream. --pawel |
