search

crocs-muni / JCAlgTest

Automated testing tool for algorithms from JavaCard API supported by particular smart card. Performance testing of almost all available methods. The results for more than 100+ cards.
http://jcalgtest.org
MIT License
112 stars 44 forks source link

Insufficient check for the response data format #236

Open petrs opened 3 years ago

petrs commented 3 years ago

OMNI NFC Ring returns incorrect data when specific algorithm is tested, yet it is not detected as invalid but as supported algorithm instead. The status word is correct and second byte is 00 (by chance) which implies supported algorithm. Solution: check for the whole structure, including the first byte (id of algorithm) and expected length.

Example:


javacard.security.RandomData

>>>>
CommmandAPDU: 5 bytes, nc=0, ne=256
b0 e2 00 00 00
ResponseAPDU: 2 bytes, SW=9000, elapsed=8 ms
90 00
<<<<
>>>>
CommmandAPDU: 6 bytes, nc=1, ne=0
b0 75 16 00 01 01
ResponseAPDU: 29 bytes, SW=9000, elapsed=102 ms
00 00 00 00 00 7f ff 00 00 7f ff 00 00 03 c4 00 00 03 c4 00 00 03 c4 00 00 03 c4 90 00
<<<<
RESPONSE: 0
ALG_PSEUDO_RANDOM;yes;      0.104000;0;0;0```