[Opensc-devel] Support for the Montenegrin eID

[dzeri96 <dz...@pr...>]

Hello everyone,

I'm trying to kickstart support for the new Montenegrin eID, or at least figure out how it works. I've sent multiple requests for technical specs to the government, but unless I take them to court, I doubt I'll get any useful information. Therefore I'll just write down what I manage to figure out on my own, and hopefully you can provide further insight. One thing about a country as small as Montenegro, is that there is a very high probability we didn't implement anything custom, as it's not financially viable.

Here's what I have so far:

-   ATR: 3b:dc:96:ff:81:91:fe:1f:c3:80:73:c8:21:13:66:05:03:63:51:00:02:de. It doesn't seem to comply with the ATR scheme in the IAS ECC specification, even though the government says the card complies with all EU ID regulations (unclear which ones).
-   EF.ATR raw data: 80004301B946040400ECC24703940180 4F0BF0496173456363526F6F74E01002 020104020200E6020200E6020200E678 0806062B8122F8780282029000
-   EF.DIR raw data: 61374F0EE828BD080FD25047656E6572 6963500743686970446F63731C300404 025031A004040250324F0EE828BD080FD2504543432D654944610F4F07A00000 0247100150044943414F61184F0A4D4F 4E54454E4547524F500A4E6174696F6E 616C4944
    

-   By deciphering the EF.DIR data, we can discover 4 applications:

-   E828BD080FD25047656E65726963 - ECC Generic PKI / ChipDocs Applet
-   E828BD080FD2504543432D654944 - ECC eID
-   A0000002471001 - ICAO
-   4D4F4E54454E4547524F - Spells out MONTENEGRO in ASCII, label is "NationalID". No idea what this could be... maybe something related to healthcare?

-   I managed to use npa-tool and read the MRZ stored on the card using CAN-based PACE, but all other functions of the tool don't work, not even PIN-based PACE. I'm just using it as an APDU debugger with PACE support.
-   The official middleware supplied by the government is Athena IDProtect.
-   The activation software is available here. It's a java program developed by Mühlbauer. I decompiled it and saw that it's accessing the ECC eID application. I managed to extract some APDUs and get the activation status of the card (PIN change is required on first use).
-   iasecc-tool and pkcs15-tool say "Card is invalid or cannot be handled" regardless of what I try.

I've skimmed over hundreds of pages of standards, including the ISO-7816 parts, the NXP ChipDoc v4 spec, the BSI TR-03110, the IAS ECC spec, but I can barely find any concrete info on these applications. Someone must know how to access them because there are vendor-provided tools to do so.

My goals are:

1.  Get general knowledge about the card and build some PoC APDU chains to read/set data.
2.  Get the birthdate of the person via PIN-based auth and verify the authenticity of the data.
3.  Get the openSC suite of tools to work with the card.
4.  Replace the closed-source middleware provided by the government.


I would really appreciate any help here. Thanks!