Error: External authenticate failed: 0x6982 (Security status not satisfied)

[BorjanEch0]

When i try to enter the kic kid kik on the card i get the following error:

gp --key-enc DFF145A895A08A9836FCBAEBB2BEF4F0 --key-mac 5C60A8BF7FEBEDCA2754526B87760A54 --key-dek 2A69D3EE732E6D252359D43F066B66B3 -lvi --debug Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true SCardConnect("Gemalto USB Shell Token V2 00 00", T=*) -> T=0, 3B9F96801F878031E073FE211B674A4C753034054BA9 GlobalPlatformPro v20.04.14-0-geaee04c Running on Linux 5.7.0-kali1-amd64 amd64, Java 1.8.0_212 by Oracle Corporation A>> T=0 (4+0000) 00A40400 00 A<< (0018+2) (14ms) 6F108408A000000003000000A5049F6501FF 9000 A>> T=0 (4+0000) 80CA9F7F 00 A<< (0000+2) (3ms) 6A88 A>> T=0 (4+0000) 00CA9F7F 00 A<< (0000+2) (2ms) 6E00 [main] WARN pro.javacard.gp.GPData - GET DATA(CPLC) not supported A>> T=0 (4+0000) 80CA0042 00 A<< (0005+2) (8ms) 4203000000 9000 IIN: 4203000000 A>> T=0 (4+0000) 80CA0045 00 A<< (0004+2) (7ms) 45020000 9000 CIN: 45020000 Card Data: A>> T=0 (4+0000) 80CA0066 00 A<< (0051+2) (10ms) 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215 9000 Tag 6: 1.2.840.114283.1 -> Global Platform card Tag 60: 1.2.840.114283.2.2.1.1 -> GP Version: 2.1.1 Tag 63: 1.2.840.114283.3 Tag 64: 1.2.840.114283.4.2.21 -> GP SCP02 i=15 Card Capabilities: A>> T=0 (4+0000) 80CA0067 00 A<< (0000+2) (3ms) 6A88 A>> T=0 (4+0000) 80CA00E0 00 A<< (0074+2) (12ms) E048C00401708010C00402708010C00403708010C00401018010C00402018010C00403018010C00401028010C00402028010C00403028010C00401038010C00402038010C00403038010 9000 Version: 112 (0x70) ID: 1 (0x01) type: DES3 length: 16 Version: 112 (0x70) ID: 2 (0x02) type: DES3 length: 16 Version: 112 (0x70) ID: 3 (0x03) type: DES3 length: 16 Version: 1 (0x01) ID: 1 (0x01) type: DES3 length: 16 Version: 1 (0x01) ID: 2 (0x02) type: DES3 length: 16 Version: 1 (0x01) ID: 3 (0x03) type: DES3 length: 16 Version: 2 (0x02) ID: 1 (0x01) type: DES3 length: 16 Version: 2 (0x02) ID: 2 (0x02) type: DES3 length: 16 Version: 2 (0x02) ID: 3 (0x03) type: DES3 length: 16 Version: 3 (0x03) ID: 1 (0x01) type: DES3 length: 16 Version: 3 (0x03) ID: 2 (0x02) type: DES3 length: 16 Version: 3 (0x03) ID: 3 (0x03) type: DES3 length: 16 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] INFO pro.javacard.gp.GPSession - Using card master keys: ENC=DFF145A895A08A9836FCBAEBB2BEF4F0 (KCV: E0B747) MAC=5C60A8BF7FEBEDCA2754526B87760A54 (KCV: 5B97FA) DEK=2A69D3EE732E6D252359D43F066B66B3 (KCV: 9EFAE1) for null A>> T=0 (4+0008) 80500000 08 D57C79D40C254684 00 A<< (0028+2) (40ms) 00000000000000000000700200008E43019EFACC0023E120C56AB68A 9000 [main] INFO pro.javacard.gp.GPSession - Diversified card keys: ENC=DFF145A895A08A9836FCBAEBB2BEF4F0 (KCV: E0B747) MAC=5C60A8BF7FEBEDCA2754526B87760A54 (KCV: 5B97FA) DEK=2A69D3EE732E6D252359D43F066B66B3 (KCV: 9EFAE1) for SCP02 [main] INFO pro.javacard.gp.GPSession - Session keys: ENC=4023A18CE9021BAC3FC128570E6A2EC0 MAC=F365B15115B515FBB4A881FE0B2ED91B RMAC=DFE14B80057CA67D50AF539A1FCB9CE0, card keys=ENC=DFF145A895A08A9836FCBAEBB2BEF4F0 (KCV: E0B747) MAC=5C60A8BF7FEBEDCA2754526B87760A54 (KCV: 5B97FA) DEK=2A69D3EE732E6D252359D43F066B66B3 (KCV: 9EFAE1) for SCP02 A>> T=0 (4+0016) 84820100 10 05CC76E9699F0266085FB9CB613E3E52 A<< (0000+2) (16ms) 6982 Error: External authenticate failed: 0x6982 (Security status not satisfied)

can you please help me about this situation?

Thank you kindly.

[herlesupreeth]

Can you provide me more details about the card you are using and the card reader as well?

Can you also give it a try using the below method? https://github.com/herlesupreeth/CoIMS_Wiki#ota-ram-remote-applet-management--rfm-remote-file-management-of-installing-the-applet-and-installing-certificates

Sadly, I haven't faced this issue before, I would suggest to open an issue here - https://github.com/martinpaljak/GlobalPlatformPro as I believe it has more to do with GP tool.

[herlesupreeth]

I am suspecting the following:

• Either the kic, kid, kik used are not the correct ones
• Or the card does not support SCP02 method

[BorjanEch0]

Hi, thank you very much for your kind and prompt reply. Much appreciated. I am using sysmoISIM-SJA2 and using a omnikey smartcard reader and a gemalto usb token. The omnikey says:

[INFO] GPSession - Using card master keys with version 112 for setting up session [MAC] A>> T=0 (4+0008) 80507000 08 909C5CB451159FA6 00 << (1s407ms) SCARD_E_NOT_TRANSACTED Error: SCARD_E_NOT_TRANSACTED apdu4j.TagRemovedException: SCARD_E_NOT_TRANSACTED at apdu4j.CardBIBO.transceive(CardBIBO.java:118) at apdu4j.APDUBIBO.transmit(APDUBIBO.java:34) at pro.javacard.gp.GPSession.openSecureChannel(GPSession.java:367) at pro.javacard.gp.GPTool.run(GPTool.java:293) at pro.javacard.gp.GPTool.main(GPTool.java:107) Caused by: jnasmartcardio.Smartcardio$JnaPCSCException: SCardTransmit got response 0x80100016 (SCARD_E_NOT_TRANSACTED: An attempt was made to end a non-existent transaction.) at jnasmartcardio.Smartcardio.check(Smartcardio.java:961) at jnasmartcardio.Smartcardio.check(Smartcardio.java:952) at jnasmartcardio.Smartcardio.access$000(Smartcardio.java:34) at jnasmartcardio.Smartcardio$JnaCardChannel.transmitRaw(Smartcardio.java:877) at jnasmartcardio.Smartcardio$JnaCardChannel.transmitImpl(Smartcardio.java:804) at jnasmartcardio.Smartcardio$JnaCardChannel.transmit(Smartcardio.java:688) at apdu4j.terminals.LoggingCardTerminal$LoggingCard$LoggingCardChannel.transmit(LoggingCardTerminal.java:256) at apdu4j.CardBIBO.transceive(CardBIBO.java:114) ... 4 more SCardDisconnect("OMNIKEY CardMan 1021 00 00", true) tx:40/rx:168

and fails immediately and the gemalto token method keeps returning the error above. the keys are correct if i give it wrong keys it says wrong keys and error may brick card etc i tried on purpose to see if the keys are ok but they are i also double checked they are the same as the ones sysmocom sent me.

P.S i have also opened an issue at GP tool repo

[herlesupreeth]

Can you also give it a try using the below method? https://github.com/herlesupreeth/CoIMS_Wiki#ota-ram-remote-applet-management--rfm-remote-file-management-of-installing-the-applet-and-installing-certificates

Can you share here the output you get via this method?

[BorjanEch0]

root@DFK-EVA-FOP:/gitsne/sim-tools/bin# ./shadysim --pcsc -l applet.cap -i applet.cap --kic 8B51206FD44FFA22F78D5667EACA8F82 --kid F5773D2E3D95E2EA17066B2CAEA23BAB --module-aid A00000015141434C00 --instance-aid A00000015141434C00 ICCID: 8988211000000446206f Traceback (most recent call last): File "./../shadysim/shadysim.py", line 441, in ac.load_app(args.load_app) File "./../shadysim/shadysim.py", line 341, in load_app self.load_aid_raw(aid, data, len(data) / 2) File "./../shadysim/shadysim.py", line 259, in load_aid_raw self.send_wrapped_apdu_checksw('80e60200' + ('%02x' % (len(data) / 2)) + data + '00c0000000') File "./../shadysim/shadysim.py", line 236, in send_wrapped_apdu_checksw raise RuntimeError("SW match failed! Expected %s and got %s." % (sw.lower(), response[1])) RuntimeError: SW match failed! Expected 9000 and got .

[BorjanEch0]

both methods should work for this card but i see that both fail on all new 10 cards with both windows and linux 2 diferent pcs and 2 different readers. i dont get the problem..

[BorjanEch0]

i managed to fix the not transacted error now i get this:

gp --key-enc DFF145A895A08A9836FCBAEBB2BEF4F0 --key-mac 5C60A8BF7FEBEDCA2754526B87760A54 --key-dek 2A69D3EE732E6D252359D43F066B66B3 -lvi --debug --unlock

SCardConnect("OMNIKEY CardMan 1021 0", T=*) -> T=0, 3B9F96801F878031E073FE211B674A4C753034054BA9

GlobalPlatformPro 325fe84

Running on Windows 10 10.0 amd64, Java 1.8.0_241 by Oracle Corporation

A>> T=0 (4+0000) 00A40400 00 A<< (0018+2) (11ms) 6F108408A000000003000000A5049F6501FF 9000 [DEBUG] GPSession - Auto-detected ISD: A000000003000000 A>> T=0 (4+0000) 80CA9F7F 00 A<< (0000+2) (2ms) 6A88 A>> T=0 (4+0000) 00CA9F7F 00 A<< (0000+2) (2ms) 6E00 [WARN] GPData - GET DATA(CPLC) not supported A>> T=0 (4+0000) 80CA0042 00 A<< (0005+2) (4ms) 4203000000 9000 IIN: 4203000000 A>> T=0 (4+0000) 80CA0045 00 A<< (0004+2) (4ms) 45020000 9000 CIN: 45020000 Card Data: A>> T=0 (4+0000) 80CA0066 00 A<< (0051+2) (7ms) 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215 9000 Tag 6: 1.2.840.114283.1 -> Global Platform card Tag 60: 1.2.840.114283.2.2.1.1 -> GP Version: 2.1.1 Tag 63: 1.2.840.114283.3 Tag 64: 1.2.840.114283.4.2.21 -> GP SCP02 i=15 Card Capabilities: A>> T=0 (4+0000) 80CA0067 00 A<< (0000+2) (2ms) 6A88 [DEBUG] GPData - GET DATA(Card Capabilities): N/A A>> T=0 (4+0000) 80CA00E0 00 A<< (0074+2) (10ms) E048C00401708010C00402708010C00403708010C00401018010C00402018010C00403018010C00401028010C00402028010C00403028010C00401038010C00402038010C00403038010 9000 Version: 112 (0x70) ID: 1 (0x01) type: DES3 length: 16 (Token Verification) Version: 112 (0x70) ID: 2 (0x02) type: DES3 length: 16 (Token Verification) Version: 112 (0x70) ID: 3 (0x03) type: DES3 length: 16 (Token Verification) Version: 1 (0x01) ID: 1 (0x01) type: DES3 length: 16 Version: 1 (0x01) ID: 2 (0x02) type: DES3 length: 16 Version: 1 (0x01) ID: 3 (0x03) type: DES3 length: 16 Version: 2 (0x02) ID: 1 (0x01) type: DES3 length: 16 Version: 2 (0x02) ID: 2 (0x02) type: DES3 length: 16 Version: 2 (0x02) ID: 3 (0x03) type: DES3 length: 16 Version: 3 (0x03) ID: 1 (0x01) type: DES3 length: 16 Version: 3 (0x03) ID: 2 (0x02) type: DES3 length: 16 Version: 3 (0x03) ID: 3 (0x03) type: DES3 length: 16

[INFO] GPSession - Using card master keys with version 0 for setting up session [MAC] A>> T=0 (4+0008) 80500000 08 13D28C8BD2256F2F 00 A<< (0028+2) (37ms) 00000000000000000000700200001A9496E579F4055FD4B52644DC1B 9000 [DEBUG] GPSession - SSC: 0000 [DEBUG] GPSession - Host challenge: 13D28C8BD2256F2F [DEBUG] GPSession - Card challenge: 00001A9496E579F4 [DEBUG] GPSession - Card reports SCP02 with key version 112 (0x70) [INFO] GPSession - Diversified card keys: ENC=DFF145A895A08A9836FCBAEBB2BEF4F0 (KCV: E0B747) MAC=5C60A8BF7FEBEDCA2754526B87760A54 (KCV: 5B97FA) DEK=2A69D3EE732E6D252359D43F066B66B3 (KCV: 9EFAE1) for SCP02 [INFO] GPSession - Session keys: ENC=4023A18CE9021BAC3FC128570E6A2EC0 MAC=F365B15115B515FBB4A881FE0B2ED91B RMAC=DFE14B80057CA67D50AF539A1FCB9CE0 [DEBUG] GPSession - Verified card cryptogram: 055FD4B52644DC1B [DEBUG] GPSession - Calculated host cryptogram: 498C18F5F21C8EFA A>> T=0 (4+0016) 84820100 10 498C18F5F21C8EFA89F3540E48A783EF A<< (0000+2) (15ms) 6982 Failed to open secure channel: External authenticate failed: 0x6982 (Security status not satisfied) Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys SCardDisconnect("OMNIKEY CardMan 1021 0", true) tx:75/rx:200

[herlesupreeth]

I have now updated the instructions for sysmoISIM-SJA2 in this section https://github.com/herlesupreeth/CoIMS_Wiki#ota-ram-remote-applet-management--rfm-remote-file-management-of-installing-the-applet-and-installing-certificates , please try with shadysim_isim.py and not shadysim.py

[BorjanEch0]

Excellent thank you i honestly think this will solve the issue, only one problem. I cant get ahold of shadysim_isim.py anywhere ? a google search returned 0 results

[herlesupreeth]

git clone https://github.com/herlesupreeth/sim-tools

when you clone it, you will find it inside shadysim folder

[BorjanEch0]

sorry i already checked its not there these is just shadysim and toorsimtool

[BorjanEch0]

master branch was updated 3 months ago

[BorjanEch0]

it is also not present in the osmocom git repo.

[herlesupreeth]

oops...sorry I didn't notice. I am not allowed to share it in public (its still under development). Please ignore the shadysim_isim.py method.

@Laf0rge: Can please let me know whether there are any plans to add shadsim_isim for sysmoISIM-SJA2?

Btw, did you use Kic1, Kid1 and Kik1 with the GP tool? If so, can you please try the same with Kic3, Kid3 and Kik3?

[BorjanEch0]

if you get approval you can send it to me so i can test is i have access to large scale commercial equipment i can test is in large scale networks and i will not share it publicly. also i did not receive kic3 kid3 and kik3 from osmocom.

[BorjanEch0]

if any info or news about the tool, please let me know via email.

jovanovskiborjan@gmail.com

[BorjanEch0]

I have managed to use a 3rd party tool to push an aram-apdu directly to the sim's built in ARA-M applet and install the certificate that way. I later tested that just running shadysim aram-apdu works on this card aswell. But still i can not install other applets and change other stuff regarding javacard and globalplatform. At least i granted CarrierPrivs to COIMS.

[herlesupreeth]

Glad you were able to solve it. Unfortunately i hear back about sharing the shadysim_isim.py

[BorjanEch0]

please do not worry, for now it is ok. I have however encountered a new problem, my plmn is not in the Carrier db of android and i get sim carrier id -1 or not found so i see there is a way to use ara-m and a signed app to provide mcc mnc to the phone using carrier privileges the same way ims is configured. do you know of such an app available or shoudl i give a shot at making one i see a tutorial on android.com about it.

[herlesupreeth]

I don't think it possible to add carrier id to mnc mcc mapping as it's maintained by Google/ aosp project. Or if curiosity can you please send me the link where it says it can be added via an app?

[BorjanEch0]

https://source.android.com/devices/tech/config/carrier

getCarrierIdFromSimMccMnc Added in API level 29

public int getCarrierIdFromSimMccMnc () Returns carrier id based on sim MCCMNC (returned by getSimOperator()) only. This is used for fallback when configurations/logic for exact carrier id getSimCarrierId() are not found. Android carrier id table here can be updated out-of-band, its possible a MVNO (Mobile Virtual Network Operator) carrier was not fully recognized and assigned to its MNO (Mobile Network Operator) carrier id by default. After carrier id table update, a new carrier id was assigned. If apps don't take the update with the new id, it might be helpful to always fallback by using carrier id based on MCCMNC if there is no match.

[herlesupreeth]

thanks for the link. However as I said earlier i dont think its possible to update the carrier Id on the fly using a non-system app, please see the below screenshot from Android source

[BorjanEch0]

My apologies i misunderstood what it was trying to say, if anyone is interested, here is the method i find easiest for rooted ues

adb shell
su
DB='/data/user_de/0/com.android.providers.telephony/databases/carrierIdentification.db'
sqlite3 $DB "INSERT INTO carrier_id(mccmnc, gid1, carrier_id, carrier_name) VALUES (12345, 'test', 20000, 'test_carrier')"
reboot

[BorjanEch0]

My sincere appologies for taking so much of your time. But i have an issue again. App has carrier privileges is true, apn is setup in o5gs tun interface exists fohss is setup correctly impu impi all of it. sim is also ok setup i can see imsi imsu impi pcscf in isim info. But adding the ims apn on the ue does nothing the apn stays hidden the volte option does not appear in setting as it does when a carrier sim is in and i cant get it to try to connect dedicated eps barer and request ims. I dont know what to do now and how to approach the issue.

[herlesupreeth]

Can you tell me which UE you are using? Is it a Samsung phone?

[BorjanEch0]

Yes it's a samsung phone A71

[herlesupreeth]

If that the case, I would go to Samsung IMS settings from my app (top right hand corner menu options), there activate the required IMS settings from IMS switch and see whether you see VoLTE option in Settings->Mobile Networks

[BorjanEch0]

Yes i have already done that, i even edited one of the samsung built in profiles with the ims domain and pcscf address but still no luck and im dm settings i tried swirching ims test mode on and off. Nothing has worked so far, wasnt there a place in a file where you have to enter if thebcarrier supports volte or not? I think the used plmn has to already support volte.

[herlesupreeth]

Do you get VoLTE switch the phone's Settings --> Connections -->Mobile Networks ? Can you send me screenshot of your Samsung IMS settings and above menu I mentioned?

[BorjanEch0]

i just made that part but i got new issues now. I opened a new issue please check it and thank you for your eternal kindness.

[laf0rge]

Please note that there was some accidental swapping of keys vs. designatoin during the production of sysmoUSIM-SJA2, as explained in https://github.com/martinpaljak/GlobalPlatformPro/issues/253 - please contact the sysmocom support for assistance with getting the correct keys for SCP02.

The same accident also applies to 03.48 OTA keys, so no matter if you want to use 03.48 OTA or GP SCP02 - you will always have to reach out to @sysmocom support by e-mail to obtain the correct keys. My apologies, it was a mistake at the (third-party) factory that we didn't notice at sysmocom.

[baesangwook89]

Sorry for revoking the closed issue. @laf0rge, I've followed the recommendation in https://github.com/martinpaljak/GlobalPlatformPro/issues/253. Which was to use KIC1, KIC2, KIC3 values for the enc, mac, dek. (When I use SJA2 sysmocom isim card). However, I've seen the same error messages as follow.

Could you please give a hint for it? Thanks.

gp --key-enc A0948DF78069ECCF7EEB5F6BBD16AF28 --key-mac 4E7CC70904931158D8C409BAD4456096 --key-dek ECF2062F810611B6D750041726502EAA -lvi GlobalPlatformPro v20.04.14-0-geaee04c Running on Linux 5.4.0-42-generic amd64, Java 1.8.0_301 by Oracle Corporation [main] WARN pro.javacard.gp.GPData - GET DATA(CPLC) not supported IIN: 4203000000 CIN: 45020000 Card Data: Tag 6: 1.2.840.114283.1 -> Global Platform card Tag 60: 1.2.840.114283.2.2.1.1 -> GP Version: 2.1.1 Tag 63: 1.2.840.114283.3 Tag 64: 1.2.840.114283.4.2.21 -> GP SCP02 i=15 Card Capabilities: Version: 112 (0x70) ID: 1 (0x01) type: DES3 length: 16 Version: 112 (0x70) ID: 2 (0x02) type: DES3 length: 16 Version: 112 (0x70) ID: 3 (0x03) type: DES3 length: 16 Version: 1 (0x01) ID: 1 (0x01) type: DES3 length: 16 Version: 1 (0x01) ID: 2 (0x02) type: DES3 length: 16 Version: 1 (0x01) ID: 3 (0x03) type: DES3 length: 16 Version: 2 (0x02) ID: 1 (0x01) type: DES3 length: 16 Version: 2 (0x02) ID: 2 (0x02) type: DES3 length: 16 Version: 2 (0x02) ID: 3 (0x03) type: DES3 length: 16 Version: 3 (0x03) ID: 1 (0x01) type: DES3 length: 16 Version: 3 (0x03) ID: 2 (0x02) type: DES3 length: 16 Version: 3 (0x03) ID: 3 (0x03) type: DES3 length: 16 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] INFO pro.javacard.gp.GPSession - Using card master keys: ENC=A0948DF78069ECCF7EEB5F6BBD16AF28 (KCV: 454130) MAC=4E7CC70904931158D8C409BAD4456096 (KCV: 9D88A0) DEK=ECF2062F810611B6D750041726502EAA (KCV: B217BB) for null [main] INFO pro.javacard.gp.GPSession - Diversified card keys: ENC=A0948DF78069ECCF7EEB5F6BBD16AF28 (KCV: 454130) MAC=4E7CC70904931158D8C409BAD4456096 (KCV: 9D88A0) DEK=ECF2062F810611B6D750041726502EAA (KCV: B217BB) for SCP02 [main] INFO pro.javacard.gp.GPSession - Session keys: ENC=300686CD79A800383FE76064BE975671 MAC=063C3C86BFB0705ADBFFE55A93A4D5CD RMAC=802762EF7D5EE3B4789072312292AFDB, card keys=ENC=A0948DF78069ECCF7EEB5F6BBD16AF28 (KCV: 454130) MAC=4E7CC70904931158D8C409BAD4456096 (KCV: 9D88A0) DEK=ECF2062F810611B6D750041726502EAA (KCV: B217BB) for SCP02 Error: External authenticate failed: 0x6982 (Security status not satisfied)

[herlesupreeth]

@baesangwook89 I think this was fixed in ISIMs. Did you try with KIC1, KID1 and KIK1?

[helloTkk]

@baesangwook89 I think this was fixed in ISIMs. Did you try with KIC1, KID1 and KIK1?

Hi @herlesupreeth ,

Sorry for revoking the closed issue again. I encountered exactly the same issue as @baesangwook89 , Could you please provide some hints here?

Below is my terminal command and output: $ gp --key-enc F3B80FD41B4AD314183A0D41716A3F82 --key-mac 653AC73FF88730523A5D85ADC98B4787 --key-dek DC11FEF4769B2934149FFC7474972F75 -lvi GlobalPlatformPro v20.04.14-0-geaee04c Running on Linux 5.15.0-101-generic amd64, Java 1.8.0_402 by Private Build [main] WARN pro.javacard.gp.GPData - GET DATA(CPLC) not supported IIN: 4203000000 CIN: 45020000 Card Data: Tag 6: 1.2.840.114283.1 -> Global Platform card Tag 60: 1.2.840.114283.2.2.1.1 -> GP Version: 2.1.1 Tag 63: 1.2.840.114283.3 Tag 64: 1.2.840.114283.4.2.21 -> GP SCP02 i=15 Card Capabilities: Version: 112 (0x70) ID: 1 (0x01) type: DES3 length: 16 Version: 112 (0x70) ID: 2 (0x02) type: DES3 length: 16 Version: 112 (0x70) ID: 3 (0x03) type: DES3 length: 16 Version: 1 (0x01) ID: 1 (0x01) type: DES3 length: 16 Version: 1 (0x01) ID: 2 (0x02) type: DES3 length: 16 Version: 1 (0x01) ID: 3 (0x03) type: DES3 length: 16 Version: 2 (0x02) ID: 1 (0x01) type: DES3 length: 16 Version: 2 (0x02) ID: 2 (0x02) type: DES3 length: 16 Version: 2 (0x02) ID: 3 (0x03) type: DES3 length: 16 Version: 3 (0x03) ID: 1 (0x01) type: DES3 length: 16 Version: 3 (0x03) ID: 2 (0x02) type: DES3 length: 16 Version: 3 (0x03) ID: 3 (0x03) type: DES3 length: 16 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] WARN pro.javacard.gp.PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02 [main] INFO pro.javacard.gp.GPSession - Using card master keys: ENC=F3B80FD41B4AD314183A0D41716A3F82 (KCV: 5398F2) MAC=653AC73FF88730523A5D85ADC98B4787 (KCV: 6DA127) DEK=DC11FEF4769B2934149FFC7474972F75 (KCV: 41EA3C) for null [main] INFO pro.javacard.gp.GPSession - Diversified card keys: ENC=F3B80FD41B4AD314183A0D41716A3F82 (KCV: 5398F2) MAC=653AC73FF88730523A5D85ADC98B4787 (KCV: 6DA127) DEK=DC11FEF4769B2934149FFC7474972F75 (KCV: 41EA3C) for SCP02 [main] INFO pro.javacard.gp.GPSession - Session keys: ENC=B7246C7AE3F9617E5F160418E32D8C7C MAC=5599DD4D4881CC2B8BCC2F8EA75091A6 RMAC=68B588595A1AAF66A162B2F09F096257, card keys=ENC=F3B80FD41B4AD314183A0D41716A3F82 (KCV: 5398F2) MAC=653AC73FF88730523A5D85ADC98B4787 (KCV: 6DA127) DEK=DC11FEF4769B2934149FFC7474972F75 (KCV: 41EA3C) for SCP02 Error: External authenticate failed: 0x6982 (Security status not satisfied)

I have checked KIC1 KID1 and KIK1 value in the command, they are exactly matching the file I got from sysmocom.

I have also tried "OTA RAM (Remote Applet Management) + RFM (Remote File Management) of installing the applet and installing certificates", but failed again. Below is the exact command and output:

$ python shadysim_isim.py --pcsc -l applet.cap -i applet.cap --kic F3B80FD41B4AD314183A0D41716A3F82 --kid 653AC73FF88730523A5D85ADC98B4787 --module-aid A00000015141434C00 --instance-aid A00000015141434C00 Traceback (most recent call last): File "shadysim_isim.py", line 494, in ac.load_app(args.load_app) File "shadysim_isim.py", line 369, in load_app self.load_aid_raw(aid, data, len(data) / 2) File "shadysim_isim.py", line 271, in load_aid_raw self.send_wrapped_apdu_checksw('80e60200' + ('%02x' % (len(data) / 2)) + data + '00c0000000') File "shadysim_isim.py", line 246, in send_wrapped_apdu_checksw raise RuntimeError("SW match failed! Expected %s and got %s." % (sw.lower(), response[1])) RuntimeError: SW match failed! Expected 9000 and got 6200.

[helloTkk]

I have managed to use a 3rd party tool to push an aram-apdu directly to the sim's built in ARA-M applet and install the certificate that way. I later tested that just running shadysim aram-apdu works on this card aswell. But still i can not install other applets and change other stuff regarding javacard and globalplatform. At least i granted CarrierPrivs to COIMS.

Hi, could you please share which 3rd party tool you used to solve this issue? Thanks!

[herlesupreeth]

@helloTkk as mentioned here https://github.com/herlesupreeth/CoIMS_Wiki/issues/8#issuecomment-767856095, please reach out to sysmocom

[helloTkk]

@helloTkk as mentioned here #8 (comment), please reach out to sysmocom

Hi @herlesupreeth ,

Thanks for your quick reply! I contacted Sysmocom support and got the correct keys, and the issue was resolved. Thanks for your tutorial and CoIMS!