search

martinpaljak / GlobalPlatformPro

šŸŒ šŸ” Manage applets and keys on JavaCard-s like a pro (via command line or from your Java project)
https://javacard.pro/globalplatform
GNU Lesser General Public License v3.0
679 stars 210 forks source link

--applet doesn't seem to work with -s #247

Open kategray opened 3 years ago

kategray commented 3 years ago

Describe the bug

When attempting to pass APDUs to an applet (the security domain), it does not appear to select the applet before executing the APDUs.

Information about your card

J2A040 Card

Expected behavior

I'm trying to write a new IID to the J2A040, and keep getting 0x6D00. It doesn't appear to select the security domain despite the --applet parameter, so I'm wondering if that might be the issue.

It's entirely possible my APDUs are wrong, I just want to make sure I'm actually sending them to the ISD.

Full log

C:\Kate\JavaCard>gp -r "Feitian SCR301 0" --applet "A000000003000000" -s "80 DB 00 42 05 5C 01 42 53 00 00" -d -v -i
GlobalPlatformPro v20.01.23-0-g5ad373b
Running on Windows 10 10.0 amd64, Java 1.8.0_265 by Amazon.com Inc.
# Detected readers from JNA2PCSC
[ ] Dell Smart Card Reader Keyboard 0
[*] Feitian SCR301 0
[*] Windows Hello for Business 1
SCardConnect("Feitian SCR301 0", T=*) -> T=1, 3BFD1300008131FE4500125553554D49444153000000F6
SCardBeginTransaction("Feitian SCR301 0")
Reader: Feitian SCR301 0
ATR: 3BFD1300008131FE4500125553554D49444153000000F6
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3BFD1300008131FE4500125553554D49444153000000F6

A>> T=1 (4+0000) 00A40400 00
A<< (0103+2) (47ms) 6F658408A000000003000000A5599F6501FF9F6E06FFFF0365FFFF734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
[TRACE] GPSession -  [6F]
[TRACE] GPSession -      [84] A000000003000000
[TRACE] GPSession -      [A5]
[TRACE] GPSession -          [9F65] FF
[TRACE] GPSession -          [9F6E] FFFF0365FFFF
[TRACE] GPSession -          [73]
[TRACE] GPSession -              [06] 2A864886FC6B01
[TRACE] GPSession -              [60]
[TRACE] GPSession -                  [06] 2A864886FC6B02020101
[TRACE] GPSession -              [63]
[TRACE] GPSession -                  [06] 2A864886FC6B03
[TRACE] GPSession -              [64]
[TRACE] GPSession -                  [06] 2A864886FC6B040215
[TRACE] GPSession -              [65]
[TRACE] GPSession -                  [06] 2B8510864864020103
[TRACE] GPSession -              [66]
[TRACE] GPSession -                  [06] 2B060104012A026E0102
[DEBUG] GPSession - Auto-detected ISD: A000000003000000
[TRACE] GPData - GET DATA(CPLC)
A>> T=1 (4+0000) 80CA9F7F 00
A<< (0045+2) (23ms) 9F7F2AFFFFFFFFFFFF0365FFFF0365FFFFFFFFFFFFFFFF0365FFFF0365FFFF0365FFFFFFFFFFFF0365FFFFFFFF 9000
CPLC: ICFabricator=FFFF
      ICType=FFFF
      OperatingSystemID=FFFF
      OperatingSystemReleaseDate=0365 (2010-12-30)
      OperatingSystemReleaseLevel=FFFF
      ICFabricationDate=0365 (2010-12-30)
      ICSerialNumber=FFFFFFFF
      ICBatchIdentifier=FFFF
      ICModuleFabricator=FFFF
      ICModulePackagingDate=0365 (2010-12-30)
      ICCManufacturer=FFFF
      ICEmbeddingDate=0365 (2010-12-30)
      ICPrePersonalizer=FFFF
      ICPrePersonalizationEquipmentDate=0365 (2010-12-30)
      ICPrePersonalizationEquipmentID=FFFFFFFF
      ICPersonalizer=FFFF
      ICPersonalizationDate=0365 (2010-12-30)
      ICPersonalizationEquipmentID=FFFFFFFF

[TRACE] GPData - GET DATA(IIN)
A>> T=1 (4+0000) 80CA0042 00
A<< (0000+2) (22ms) 6A88
[DEBUG] GPData - GET DATA(IIN): N/A
[TRACE] GPData - GET DATA(CIN)
A>> T=1 (4+0000) 80CA0045 00
A<< (0000+2) (16ms) 6A88
[DEBUG] GPData - GET DATA(CIN): N/A
Card Data:
[TRACE] GPData - GET DATA(Card Data)
A>> T=1 (4+0000) 80CA0066 00
A<< (0078+2) (41ms) 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
[TRACE] GPData -  [66]
[TRACE] GPData -      [73]
[TRACE] GPData -          [06] 2A864886FC6B01
[TRACE] GPData -          [60]
[TRACE] GPData -              [06] 2A864886FC6B02020101
[TRACE] GPData -          [63]
[TRACE] GPData -              [06] 2A864886FC6B03
[TRACE] GPData -          [64]
[TRACE] GPData -              [06] 2A864886FC6B040215
[TRACE] GPData -          [65]
[TRACE] GPData -              [06] 2B8510864864020103
[TRACE] GPData -          [66]
[TRACE] GPData -              [06] 2B060104012A026E0102
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.1.1
-> GP Version: 2.1.1
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.3.656.840.100.2.1.3
Tag 66: 1.3.6.1.4.1.42.2.110.1.2
-> JavaCard v2
Card Capabilities:
[TRACE] GPData - GET DATA(Card Capabilities)
A>> T=1 (4+0000) 80CA0067 00
A<< (0000+2) (16ms) 6A88
[DEBUG] GPData - GET DATA(Card Capabilities): N/A
[TRACE] GPData - GET DATA(Key Info Template)
A>> T=1 (4+0000) 80CA00E0 00
A<< (0020+2) (31ms) E012C00401FF8010C00402FF8010C00403FF8010 9000
[TRACE] GPKeyInfo -  [E0]
[TRACE] GPKeyInfo -      [C0] 01FF8010
[TRACE] GPKeyInfo -      [C0] 02FF8010
[TRACE] GPKeyInfo -      [C0] 03FF8010
Version: 255 (0xFF) ID:   1 (0x01) type: DES3 length:  16
Version: 255 (0xFF) ID:   2 (0x02) type: DES3 length:  16
Version: 255 (0xFF) ID:   3 (0x03) type: DES3 length:  16
Key version suggests factory keys
Warning: no keys given, using default test key 404142434445464748494A4B4C4D4E4F
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[INFO] GPSession - Using card master keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for null
[TRACE] GPSession - Generated host challenge: 086C945CB88E9688
A>> T=1 (4+0008) 80500000 08 086C945CB88E9688 00
A<< (0028+2) (66ms) 00010203040506070809FF0200003D029C31C7894B6F4151EAD83AFD 9000
[DEBUG] GPSession - Host challenge: 086C945CB88E9688
[DEBUG] GPSession - Card challenge: 00003D029C31C789
[DEBUG] GPSession - Card reports SCP02 with key version 255 (0xFF)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=010B0371D78377B801F2D62AFC671D95 MAC=D1C28C601652A4770D67AD82D2D2E1C4 RMAC=FFAEC7EC7FAD69F9FBFF093BF2F79C45, card keys=ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[DEBUG] GPSession - Verified card cryptogram: 4B6F4151EAD83AFD
[DEBUG] GPSession - Calculated host cryptogram: 60FBEB08894F9AA2
[TRACE] SCP02Wrapper - MAC input: 848201001060FBEB08894F9AA2
A>> T=1 (4+0016) 84820100 10 60FBEB08894F9AA2178265B6DCC43FEA
A<< (0000+2) (69ms) 9000
[TRACE] SCP02Wrapper - MAC input: 84DB00420D5C01425300
A>> T=1 (4+0013) 84DB0042 0D 5C01425300BE24BA66EEF3DE72 00
A<< (0000+2) (31ms) 6D00
SCardEndTransaction("Feitian SCR301 0")
SCardDisconnect("Feitian SCR301 0", true) tx:89/rx:294
martinpaljak commented 3 years ago

If you want to send APDU-s in secure channel to an applet, specify the target applet with "--sdaid" (or "--connect" in latest master). This controls with which AID the secure channel is established with.

kategray commented 3 years ago

As a note for anyone needing to do this in the future, sdaid works correctly with -s.

I was able to set the IIN with GP Pro using the ISD on a J2A0XX card.

C:\Kate\JavaCard>gp -d -v --sdaid "A0 00 00 00 03 00 00 00" --mode mac -s "80 E2 80 00 0E 00 70 0B 42 09 38 31 32 33 34 35 36 37 36 00"
GlobalPlatformPro v20.01.23-0-g5ad373b
Running on Windows 10 10.0 amd64, Java 11.0.10 by Amazon.com Inc.
SCardConnect("Dell Dell Smart Card Reader Keyboard 0", T=*) -> T=1, 3BFD1300008131FE4500125553554D49444153000000F6
SCardBeginTransaction("Dell Dell Smart Card Reader Keyboard 0")
Reader: Dell Dell Smart Card Reader Keyboard 0
ATR: 3BFD1300008131FE4500125553554D49444153000000F6
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3BFD1300008131FE4500125553554D49444153000000F6

[DEBUG] GPSession - (I)SD AID: A000000003000000
A>> T=1 (4+0008) 00A40400 08 A000000003000000 00
A<< (0103+2) (64ms) 6F658408A000000003000000A5599F6501FF9F6E06FFFF0366FFFF734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
[TRACE] GPSession -  [6F]
[TRACE] GPSession -      [84] A000000003000000
[TRACE] GPSession -      [A5]
[TRACE] GPSession -          [9F65] FF
[TRACE] GPSession -          [9F6E] FFFF0366FFFF
[TRACE] GPSession -          [73]
[TRACE] GPSession -              [06] 2A864886FC6B01
[TRACE] GPSession -              [60]
[TRACE] GPSession -                  [06] 2A864886FC6B02020101
[TRACE] GPSession -              [63]
[TRACE] GPSession -                  [06] 2A864886FC6B03
[TRACE] GPSession -              [64]
[TRACE] GPSession -                  [06] 2A864886FC6B040215
[TRACE] GPSession -              [65]
[TRACE] GPSession -                  [06] 2B8510864864020103
[TRACE] GPSession -              [66]
[TRACE] GPSession -                  [06] 2B060104012A026E0102
[DEBUG] GPSession - Auto-detected GP version: GP211
[DEBUG] GPSession - Lifecycle data (ignored): FFFF0366FFFF
[DEBUG] GPSession - Auto-detected block size: 255
Warning: no keys given, using default test key 404142434445464748494A4B4C4D4E4F
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[INFO] GPSession - Using card master keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for null
[TRACE] GPSession - Generated host challenge: C43B8E808EF07053
A>> T=1 (4+0008) 80500000 08 C43B8E808EF07053 00
A<< (0028+2) (73ms) 00010203040506070809FF02000D4EB131EA95DE00A16BE23648C39E 9000
[DEBUG] GPSession - Host challenge: C43B8E808EF07053
[DEBUG] GPSession - Card challenge: 000D4EB131EA95DE
[DEBUG] GPSession - Card reports SCP02 with key version 255 (0xFF)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=217ABF8CC47294B2411871F381D7534E MAC=07EFCCEB0BB0CC01A22E0CE1E1E395F8 RMAC=1AC383888CDEAF2F8EF67E16F815ACCB, card keys=ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[DEBUG] GPSession - Verified card cryptogram: 00A16BE23648C39E
[DEBUG] GPSession - Calculated host cryptogram: 36BB7684023F671A
[TRACE] SCP02Wrapper - MAC input: 848201001036BB7684023F671A
A>> T=1 (4+0016) 84820100 10 36BB7684023F671ADF8F87C3447998B4
A<< (0000+2) (73ms) 9000
[TRACE] SCP02Wrapper - MAC input: 84E280001600700B4209383132333435363736
A>> T=1 (4+0022) 84E28000 16 00700B42093831323334353637369D7F4049347BA905 00
A<< (0000+2) (67ms) 9000
SCardEndTransaction("Dell Dell Smart Card Reader Keyboard 0")
SCardDisconnect("Dell Dell Smart Card Reader Keyboard 0", true) tx:77/rx:139
C:\Kate\JavaCard>gp --info
GlobalPlatformPro v20.01.23-0-g5ad373b
Running on Windows 10 10.0 amd64, Java 11.0.10 by Amazon.com Inc.
Reader: Dell Dell Smart Card Reader Keyboard 0
ATR: 3BFD1300008131FE4500125553554D49444153000000F6
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3BFD1300008131FE4500125553554D49444153000000F6

CPLC: ICFabricator=FFFF
      ICType=FFFF
      OperatingSystemID=FFFF
      OperatingSystemReleaseDate=0366 (2011-01-01)
      OperatingSystemReleaseLevel=FFFF
      ICFabricationDate=0366 (2011-01-01)
      ICSerialNumber=FFFFFFFF
      ICBatchIdentifier=FFFF
      ICModuleFabricator=FFFF
      ICModulePackagingDate=0366 (2011-01-01)
      ICCManufacturer=FFFF
      ICEmbeddingDate=0366 (2011-01-01)
      ICPrePersonalizer=FFFF
      ICPrePersonalizationEquipmentDate=0366 (2011-01-01)
      ICPrePersonalizationEquipmentID=FFFFFFFF
      ICPersonalizer=FFFF
      ICPersonalizationDate=0366 (2011-01-01)
      ICPersonalizationEquipmentID=FFFFFFFF

IIN: 4209383132333435363736
Card Data:
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.1.1
-> GP Version: 2.1.1
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.3.656.840.100.2.1.3
Tag 66: 1.3.6.1.4.1.42.2.110.1.2
-> JavaCard v2
Card Capabilities:
Version: 255 (0xFF) ID:   1 (0x01) type: DES3 length:  16
Version: 255 (0xFF) ID:   2 (0x02) type: DES3 length:  16
Version: 255 (0xFF) ID:   3 (0x03) type: DES3 length:  16
Key version suggests factory keys