Gemalto card contains invalid TLV in CardRecognitionData tag 0x65

[Gigithecode]

gp -i result on ;

GlobalPlatformPro 18.09.14-20-gf94d7f5 Running on Linux 4.18.0-13-generic amd64, Java 1.8.0_191 by Oracle Corporation Reader: OMNIKEY AG CardMan 6121 00 00 ATR: 3B9F97C00A1FC78031E073FE211B65D001900F3B810F62 More information about your card: http://smartcard-atr.appspot.com/parse?ATR=3B9F97C00A1FC78031E073FE211B65D001900F3B810F62

[WARN] GlobalPlatform - Could not parse SELECT response: At position 92 the len is more then 3 [74] Could not auto-detect ISD AID: 6F81898408A000000151000000A57D736E06072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B048000640B06092A864886FC6B040255640B06092A864886FC6B048107650AAACAADDEDFEDACADEEEE6618060A2B060104012A026E0103060A5354333349314D3202029F6E060077810302029F6501FF

Gemalto eSIM (GSMA SGP21 v2.2 SGP22 v2.2 "customer" eUICC); STM 33I1M2 JC 3.0.4 classical or 3.1 ? GP 2.2.1 ACDE

Expected behavior ; full decryption of card informations / to be able to load / manage applets...

GlobalPlatformPro 18.09.14-20-gf94d7f5 Running on Linux 4.18.0-13-generic amd64, Java 1.8.0_191 by Oracle Corporation

Detected readers from JNA2PCSC

[] OMNIKEY AG CardMan 6121 00 00 SCardConnect("OMNIKEY AG CardMan 6121 00 00", T=) -> T=0, 3B9F97C00A1FC78031E073FE211B65D001900F3B810F62 SCardBeginTransaction("OMNIKEY AG CardMan 6121 00 00") Reader: OMNIKEY AG CardMan 6121 00 00 ATR: 3B9F97C00A1FC78031E073FE211B65D001900F3B810F62 More information about your card: http://smartcard-atr.appspot.com/parse?ATR=3B9F97C00A1FC78031E073FE211B65D001900F3B810F62

A>> T=0 (4+0000) 00A40400 00 A<< (0140+2) (54ms) 6F81898408A000000151000000A57D736E06072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B048000640B06092A864886FC6B040255640B06092A864886FC6B048107650AAACAADDEDFEDACADEEEE6618060A2B060104012A026E0103060A5354333349314D3202029F6E060077810302029F6501FF 9000 [WARN] GlobalPlatform - Could not parse SELECT response: At position 92 the len is more then 3 [74] Could not auto-detect ISD AID: 6F81898408A000000151000000A57D736E06072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B048000640B06092A864886FC6B040255640B06092A864886FC6B048107650AAACAADDEDFEDACADEEEE6618060A2B060104012A026E0103060A5354333349314D3202029F6E060077810302029F6501FF

MNO-SD is A000000151000000 SCP02 with option i = 0x55 Keys are customized

T=0 (4+0000) 00A40400 00 A<< (0140+2) (47ms) 6F81898408A000000151000000A57D736E06072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B048000640B06092A864886FC6B040255640B06092A864886FC6B048107650AAACAADDEDFEDACADEEEE6618060A2B060104012A026E0103060A5354333349314D3202029F6E060077810302029F6501FF 9000

6F8189 8408 A000000151000000 A57D 736E 0607 2A864886FC6B01 600B 0609 2A864886FC6B020202 6309 0607 2A864886FC6B03 640B 0609 2A864886FC6B048000 640B 0609 2A864886FC6B040255 640B 0609 2A864886FC6B048107 650A AACAADDEDFEDACADEEEE 6618 060A 2B060104012A026E0103 060A 5354333349314D320202 9F6E 0600 7781030202 9F65 01 FF 9000

---

84 A000000151000000 Application / file AID 06 2A864886FC6B01 (gp) OID for Card Recognition Data, also identifies Global Platform as the Tag Allocation Authority 60 2A864886FC6B020202 (gp 2.2) OID for Card Management Type and Version - see note 2 63 2A864886FC6B03 OID for Card Identification Scheme - see note 3 64 2A864886FC6B048000 OID for Secure Channel Protocol of the Issuer Security Domain and its implementation options- see note 4 64 2A864886FC6B040255 (SCP02 i=55) OID for Secure Channel Protocol of the Issuer Security Domain and its implementation options- see note 4 64 2A864886FC6B048107 OID for Secure Channel Protocol of the Issuer Security Domain and its implementation options- see note 4 65 AACAADDEDFEDACADEEEE card configuration details - see note 5 66 2B060104012A026E0103 5354333349314D320202 javacard v3.1 et v2.2 - Card / chip details - see note 6 9F6E 007781030202 Application production Life Cycle data 9F65 FF Maximum length of data field in command message

Note 1: Card Data should not exceed 127 bytes. This recommendation is to avoid the complexity of extending the length field of the '66' and '73' data objects and also to minimize the overheads involved in transferring the data. Note 2: Tag '60': The OID {globalPlatform 2 v} identifies a card that conforms to the GlobalPlatform Card Specification version “v”. Thus a card conforming to the GlobalPlatform Card Specification 2.2 would use OID {globalPlatform 2 2 2} and a card conforming to the GlobalPlatform Card Specification 2.1.1 would use OID {globalPlatform 2 2 1 1} . Note 3: Tag '63': The OID {globalPlatform 3} indicates a GlobalPlatform card that is uniquely identified by the Issuer Identification Number (IIN) and Card Image Number (CIN), as defined in sections 7.4.1.1 - Issuer Identification Number and 7.4.1.2 - Card Image Number. The objective is that an off-card entity is able to construct a globally unique identifier for the card by concatenating this {globalPlatform 3} OID, the IIN and the CIN. Note 4: Tag '64'. The OID {globalPlatform 4 scp i} identifies the Secure Channel Protocol of the Issuer Security Domain. "scp" identifies the Secure Channel Protocol identifier as defined in section 10.7 - Secure Channel Protocol Identifier. "i" identifies the eventual implementation options as defined in appendix D.1.1 - SCP01 Secure Channel for SCP01, appendix E.1.1 - SCP02 Secure Channel for SCP02 or appendix F.1.1 - SCP10 Secure Channel for SCP10. Note 5: The data object with tag '65' may contain information about the GlobalPlatform implementation details or commonly used Card Issuer options. Such information shall be TLV encoded. The structure of this data object is under definition by GlobalPlatform. Note 6: Tag '66': this data object may contain information about the card and chip implementation, such as the operating system/runtime environment or a security kernel. Such information shall be TLV encoded and may consist of one (or more) OID(s), each OID being introduced by tag ‘06’ and indicating the organization responsible for specifying the operating system, runtime environment or security kernel, and the identification of the corresponding specification and its version number.

[martinpaljak]

The response from the card is not valid TLV:

https://lapo.it/asn1js/#MEUCIAD3uGw7A2-kkBlsslUw2VdQlpTsTdoHleEEHKR1C6MrAiFxUpmyNMphAkRmO6buWRNuwgFMpxO3AXxAtUGkEuKMikM

https://www.emvlab.org/tlvutils/?data=6F81898408A000000151000000A57D736E06072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B048000640B06092A864886FC6B040255640B06092A864886FC6B048107650AAACAADDEDFEDACADEEEE6618060A2B060104012A026E0103060A5354333349314D3202029F6E060077810302029F6501FF

From your own copypaste of the spec:

Note 5: The data object with tag '65' may contain information about the GlobalPlatform implementation details or commonly used Card Issuer options. Such information shall be TLV encoded. The structure of this data object is under definition by GlobalPlatform.

From the parsed output:

6F
  8189
    84 08 A000000151000000
    A5 7D 
       73 6E
       06 07 2A864886FC6B01
       60 0B 06 09 2A864886FC6B020202
            63 09 06 07 2A864886FC6B03
            64 0B 06 09 2A864886FC6B048000
            64 0B 06 09 2A864886FC6B040255
            64 0B 06 09 2A864886FC6B048107
            65 0A AACAADDEDFEDACADEEEE
            66 18 06 0A 2B060104012A026E0103
            06 0A 5354333349314D320202
            9F6E 06 007781030202 
            9F65 01 FF

Notice the content of tag 0x65 is NOT "TLV" encoded, but contains 10 (0x0A) bytes "V" of a TLV, with the value of "AACAADDEDFEDACADEEEE", but tag 0x65 indicates that it should be a constructed tag (that is, contain 0 or more TLV-s).

This is a Gemalto bug, you should be able to work around by indicating the ISD to use (A000000151000000). Any other possible workarounds will require a device sample to be sent for testing (for possibly other bugs)

[Gigithecode]

Yes you're right! The entry should be something like 65 0C 06 0A AACAADDEDFEDACADEEEE

Unfortunalty I cannot send a sample as I've only one but I'll tell Gemalto about this bug. Thank you for the workaround, I'll test gp --sdaid Thank you for your great tool! Regards, Guillaume

[martinpaljak]

If specifyin --sdaid does not work, re-open it so that we can add a way to overload such failures.

[Gigithecode]

Hello Martin, your workaround works like a charm! I had no problem for listing, loading and installing applet... Also I told Gemalto about the bug. I wait for their answer. Thank you again. Guillaume

[Gigithecode]

Hello Martin, I've got the answer from Gemalto. They say it's not a bug, tag 65 shouldn't be a constructed tag but rather a TLV tag. They refer to CardSpec 2.3.1 Table H-1: Structure of Card Recognition Data (Format 1) which effectively seems to state tag 65 is not a constructed one (e.g. its definition is quite different than this one for tag 64...) Regards, Guillaume

[martinpaljak]

The table is just a sample layout. BER-TLV states if bit 6 is set, it is a constructed rather than primitive tag (https://en.wikipedia.org/wiki/X.690#Encoding). And for some reason, applied as expected to all other tags in that sample, how come the encoding rules don't apply here? Also, how should one interpret that value?

[martinpaljak]

So feel free to ping them again and come up with another excuse.

[Gigithecode]

Hello Martin, thank you for the link, I was unaware of that. So am i right if i say ; 0x65 = b01 1 00101 so class = application only, P/C = constructed and #tag = 5 So it means the tag is constructed and should be something like 65 L {T L V}n ?

[martinpaljak]

yes

[Gigithecode]

Oh and for answering your interrogation the tag means nothing but a simple reference in the R&D product base... (this is a sample I've got from Gemalto)

[Gigithecode]

Thank you for your help Martin. Guillaume