search

martinpaljak / GlobalPlatformPro

🌐 🔐 Manage applets and keys on JavaCard-s like a pro (via command line or from your Java project)
https://javacard.pro/globalplatform
GNU Lesser General Public License v3.0
673 stars 210 forks source link

[Thales MAV5.0-5.1 Java Card OS] Failed to Open Secure Channel, Card Cryptogram Invalid! #335

Closed traxformania closed 10 months ago

traxformania commented 10 months ago

I'm testing these cards :

1) Thales MAV5.0 Java Card Operating system ported on Infineon SLC37 chip. 2) Thales MAV5.1 Java Card Operating system ported on Thales developed chip called “Aquarius”.

I'm having the same problem with both cards.

Both cards have 'Global Platform Key' installed "BD8986CBC74F74CAB750CB0E57AACB8BDE579F529F137114716A07EBE667392D" which is AES-256 bit key. Both cards uses SCP03 with key version 1 (0x01)

I built GlobalPlatformPro from latest source code without any problem.

When I try this command :

gp.exe -list -debug -verbose -key KDF3:BD8986CBC74F74CAB750CB0E57AACB8BDE579F529F137114716A07EBE667392D

This is the output : 

# gp -list -debug -verbose -key KDF3:BD8986CBC74F74CAB750CB0E57AACB8BDE579F529F137114716A07EBE667392D
# GlobalPlatformPro v21.12.31-55-g52c3581
# Running on Windows 11 10.0 amd64, Java 11.0.20 by Oracle Corporation
[DEBUG] TerminalManager - Processing 3 readers with null as preferred and null as ignored
[DEBUG] TerminalManager - Preferred reader: Optional.empty
# SCardConnect("ACS ACR1281 1S Dual Reader PICC 0", T=*) -> T=1, 3B8F800180318065B085051024120FFF829000AE
A>> T=1 (4+0000) 00A40400 00
A<< (0104+2) (17ms) 6F668408A000000151000000A55A734B06072A864886FC6B01600B06092A864886FC6B020203630906072A864886FC6B03640B06092A864886FC6B040300650D060B2A864886FC6B0507020000660C060A2B060104012A026E01039F6E061981305505109F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC
A>> T=1 (4+0008) 80500000 08 800E67CBA12D403C 00
A<< (0029+2) (76ms) 0000326100015324043C01030090BDEE7D2E5EAE6BE9C2F8E6024D7C81 9000
[DEBUG] GPSession - KDD: 0000326100015324043C
[DEBUG] GPSession - Host challenge: 800E67CBA12D403C
[DEBUG] GPSession - Card challenge: 90BDEE7D2E5EAE6B
[DEBUG] GPSession - Card reports SCP03 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=11567BE4597E3987CD23F5996CE8329C902EE56D8B24200B9332A3022CF0FB05 (KCV: 3F64F4) MAC=160787A2049382737422C00BBCE9C7ABF9E09700899A03AA44ECEEBF5F6AE58F (KCV: 5C1334) DEK=BC195FF8C3B012D30C1656DE2A26A5F18F561B73BFF5AAC980E7B88898721177 (KCV: 4670DA) for SCP03 with KDF3
[INFO] GPSession - Session keys: ENC=CC73FA66E6516F5E7669B737A3625705EA25971CEAB2348B564FB85F3E18F758 MAC=C5DC06F22D3CE48B1FE3FA70D4C51FA53B4A82EAAB291FB419EB9E3230C5349D RMAC=08FDFA3B0F4B5CC2B9925D927CC4E53016858CF49B1892593C96A526117B1A1A
Failed to open secure channel: Card cryptogram invalid!
Received: E9C2F8E6024D7C81
Expected: 1E871E1AB594A23F
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys
# SCardDisconnect("ACS ACR1281 1S Dual Reader PICC 0", false) tx:19/rx:137 in 443ms

When I try this command : gp.exe -list -debug -verbose -key BD8986CBC74F74CAB750CB0E57AACB8BDE579F529F137114716A07EBE667392D

Output is this : 

# gp -list -debug -verbose -key BD8986CBC74F74CAB750CB0E57AACB8BDE579F529F137114716A07EBE667392D
# GlobalPlatformPro v21.12.31-55-g52c3581
# Running on Windows 11 10.0 amd64, Java 11.0.20 by Oracle Corporation
[DEBUG] TerminalManager - Processing 3 readers with null as preferred and null as ignored
[DEBUG] TerminalManager - Preferred reader: Optional.empty
# SCardConnect("ACS ACR1281 1S Dual Reader PICC 0", T=*) -> T=1, 3B8F800180318065B085051024120FFF829000AE
A>> T=1 (4+0000) 00A40400 00
A<< (0104+2) (36ms) 6F668408A000000151000000A55A734B06072A864886FC6B01600B06092A864886FC6B020203630906072A864886FC6B03640B06092A864886FC6B040300650D060B2A864886FC6B0507020000660C060A2B060104012A026E01039F6E061981305505109F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC
A>> T=1 (4+0008) 80500000 08 0EE30BAE17590851 00
A<< (0029+2) (76ms) 0000326100015324043C010300486485065B3A1B09450143ED62E179AE 9000
[DEBUG] GPSession - KDD: 0000326100015324043C
[DEBUG] GPSession - Host challenge: 0EE30BAE17590851
[DEBUG] GPSession - Card challenge: 486485065B3A1B09
[DEBUG] GPSession - Card reports SCP03 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=BD8986CBC74F74CAB750CB0E57AACB8BDE579F529F137114716A07EBE667392D (KCV: 23F396) MAC=BD8986CBC74F74CAB750CB0E57AACB8BDE579F529F137114716A07EBE667392D (KCV: 23F396) DEK=BD8986CBC74F74CAB750CB0E57AACB8BDE579F529F137114716A07EBE667392D (KCV: 23F396) for SCP03
[INFO] GPSession - Session keys: ENC=D2A2610DE34A65D2A83B31E26A036BA74FEB108B84BD63E9BD92E1C9DFB0718F MAC=5821C4084351663B51577FA60EDEA867ADE16A8D0E62056910BE0E19FDCF1227 RMAC=CCCB2C5AB06C2C3B7686EA8EB943C134F95AF97A4E095ED00FFD455E0AA1E5DD
Failed to open secure channel: Card cryptogram invalid!
Received: 450143ED62E179AE
Expected: 59E757A3900C1090
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys
# SCardDisconnect("ACS ACR1281 1S Dual Reader PICC 0", false) tx:19/rx:137 in 459ms

What is the problem?