HELP Ring Bricked?

[EmperorArthur]

Hello,

I just received one of these rings, and was playing with installing an applet via globalplatfrompro when something went wrong.

I had been using it via gp --install <file.cap> --key ...., when I accidentally killed the application part-way through.* Now, all I get is some variation of "6A88: Referenced data not found." I have tried figuring out gpshell, and using "open_sc" returns: "mutual_authentication() returns 0x80206A88 (6A88: Referenced data not found.)"

I also have a PivKey C980 (Same Infineon Chip) and key, and the "open_sc" command works there.

* Yes, that's on me, but still, I wasn't updating the keys.

[benbenbenbenbenben]

I've abused OMNI-Ring a lot and I have never bricked one. If something has been aborted or teared I always start by trying to reset everything.

1. If the key is not the "standard" widely circulated gp key then the first thing I do with a device is make sure that it is. This protects me from accidentally bricking it with a tool that assumes the standard key.
2. Next I run gp ls. I don't use any other tools. If gp ls doesn't work I suspect the reader and try another. Sometimes it has been the reader that wasn't working.
3. Finally I tell gp to delete everything one by one using the applet IDs first, and then the package IDs.

What is the output of gp ls on your device?

[EmperorArthur]

I've been wearing the thing daily, and should have gotten used to unlocking it when working with it, then re-locking it when done, but I, apparently mistakenly, didn't want to touch them too much so set them to a secret and just left them.

On the reader side, do you have any recommendations from Amazon US, or another vendor if that won't work? I went with an "Identiv uTrust 4701 F", as it seemed to be one of the few non "ACS ACR 122U" readers easily available, and it wasn't much extra for a dual interface reader.

gp ls doesn't seem to be a command. I was using the GlobalPlatformPro release from GitHub, but just compiled from source to see if that helps anything.

Here are a few command outputs:

# gp -i --key $RING_KEY
# GlobalPlatformPro 19.05.16-140-g52afa75
# Running on Linux 5.4.0-74-generic amd64, Java 14.0.2 by Private Build
CPLC: ICFabricator=4090
      ICType=7805
      OperatingSystemID=4091
      OperatingSystemReleaseDate=2013 (2022-01-13)
      OperatingSystemReleaseLevel=0110
      ICFabricationDate=8329 (2018-11-25)
      ICSerialNumber=28010E20
      ICBatchIdentifier=B973
      ICModuleFabricator=4092
      ICModulePackagingDate=8297 (2018-10-24)
      ICCManufacturer=4093
      ICEmbeddingDate=8297 (2018-10-24)
      ICPrePersonalizer=0000
      ICPrePersonalizationEquipmentDate=0000 (invalid date format)
      ICPrePersonalizationEquipmentID=00000000
      ICPersonalizer=0000
      ICPersonalizationDate=0000 (invalid date format)
      ICPersonalizationEquipmentID=00000000

IIN: 42074953445F49494E
CIN: 45074953445F43494E
KDD: CF0A0000832928010E20B973
SSC: C1020000
Card Data: 
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.2
-> GP Version: 2.2
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.2.840.114283.2.1.1
-> GP Version: 1.1
Tag 66: 1.3.6.1.4.1.42.2.110.1.3
-> JavaCard v3
Card Capabilities: 
Supports SCP03 i=10 i=20 i=60 with AES-128
Supports SCP02 i=15 i=55 i=1A
Supported DOM privileges: SecurityDomain, DAPVerification, DelegatedManagement, CardLock, CardTerminate, CardReset, CVMManagement, MandatedDAPVerification, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, GlobalService, ReceiptGeneration, CipheredLoadFileDataBlock
Supported APP privileges: CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, GlobalLock, GlobalRegistry, FinalApplication, GlobalService
Supported LFDB hash: SHA-1
Supported Token Verification ciphers: RSA1024_SHA1
Supported Receipt Generation ciphers: RSA1024_SHA1, DES_MAC
Supported DAP Verification ciphers: RSA1024_SHA1
Version:   1 (0x01) ID:   1 (0x01) type: DES3         length:  16
Version:   1 (0x01) ID:   2 (0x02) type: DES3         length:  16
Version:   1 (0x01) ID:   3 (0x03) type: DES3         length:  16

# gp -l --key $RING_KEY -v
# GlobalPlatformPro 19.05.16-140-g52afa75
# Running on Linux 5.4.0-74-generic amd64, Java 14.0.2 by Private Build
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC 
Failed to open secure channel: INITIALIZE UPDATE failed: 0x6A88 (Referenced data not found)
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys

Attempting to unlock the card via gp --unlock-card --key $RING_KEY fails with:

Failed to open secure channel: INITIALIZE UPDATE failed: 0x6A88 (Referenced data not found)
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys

pcsc_scan gives:

Using reader plug'n play mechanism
Scanning present readers...
0: Identiv Identiv uTrust 4701 F Dual Interface Reader [uTrust 4701 F Contact Reader] (55041930208768) 00 00
1: Identiv Identiv uTrust 4701 F Dual Interface Reader [uTrust 4701 F CL Reader] (55041930208768) 01 00

Sat Jun 19 12:50:49 2021
 Reader 0: Identiv Identiv uTrust 4701 F Dual Interface Reader [uTrust 4701 F Contact Reader] (55041930208768) 00 00
  Event number: 0
  Card state: Card removed, 
 Reader 1: Identiv Identiv uTrust 4701 F Dual Interface Reader [uTrust 4701 F CL Reader] (55041930208768) 01 00
  Event number: 0
  Card state: Card inserted, 
  ATR: 3B 88 80 01 00 00 00 11 77 81 83 00 6D

ATR: 3B 88 80 01 00 00 00 11 77 81 83 00 6D
+ TS = 3B --> Direct Convention
+ T0 = 88, Y(1): 1000, K: 8 (historical bytes)
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
-----
  TD(2) = 01 --> Y(i+1) = 0000, Protocol T = 1 
-----
+ Historical bytes: 00 00 00 11 77 81 83 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 0, len: 0 (unknown)
    Tag: 0, len: 0 (unknown)
    Tag: 1, len: 1 (country code, ISO 3166-1)
      Country code: 77
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 81 (Proprietary)
      SW: 8300 (Error not defined by ISO 7816)
+ TCK = 6D (correct checksum)

Possibly identified card (using /home/arthur/.cache/smartcard_list.txt):
3B 88 80 01 00 00 00 11 77 81 83 00 6D
        Taglio PIVKey C980 - RFID I/F (PKI)

[darconeous]

FYI: follow this thread to see a real case where the ring can be bricked: https://github.com/mclear/OMNI-Ring/issues/5#issuecomment-617478404

[EmperorArthur]

Reading through that one I actually have an SCL3711. It's just recognized by nfctools instead of pcsc on Linux, and I had not installed the Windows Driver as the other reader worked out of the box.

Using that on Windows gives:

.\gp.exe -l --key $RING_KEY -v
GlobalPlatformPro v20.01.23-0-g5ad373b
Running on Windows 10 10.0 amd64, Java 1.8.0_291 by Oracle Corporation
Reader: SCM Microsystems SCL3711 reader & NFC device 0
ATR: 3B88800100000011778183006D
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B88800100000011778183006D

[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[WARN] PlaintextKeys - Don't know how to calculate KCV, defaulting to SCP02
[INFO] GPSession - Using card master keys: ENC=$RING_KEY (KCV: 37733E) MAC=$RING_KEY (KCV: 37733E) DEK=$RING_KEY (KCV: 37733E) for null
INITIALIZE UPDATE failed: 0x6A88 (Referenced data not found)

With the secret key instead of $RING_KEY.

So, at least two different Identiv readers are giving the same error.

[benbenbenbenbenben]

gp ls

Sorry I abbreviated from memory, I meant gp --list og gp -l.

I'm not sure how to advise beyond this. Maybe I'll sacrifice one of my own OMNI-Rings to see if I can get the same kind of output...

[EmperorArthur]

I've contacted support at this point, and will reference this in #5 and close the issue when it has been resolved.

I really need to get some more cards to test against. Though one with an SLE78 would be preferred since it matches the ring, anything will work. **Do you have any recommendations for cards, and/or US suppliers?""

As I said, I did something stupid, and hit "ctrl-c" on Linux while gp was installing a Cap file. However, I did not remove the ring from the reader, so I believe it remained powered. It's the usual case of going fast and not treating application installation as a firmware flash with no recovery. To be specific, I was re-installing the IsoApplet while trying to debug why my reader was failing to send a command and failing during pkcs15-init --create-pkcs15.

I am used to embedded platforms having a fixed C based bootloader,* and the software is designed so non-volatile memory writes are a big deal. Ideally, the JavaCard platform would have a C based watchdog where if certain checks don't pass every X minutes, it zeroes the entire memory and keys are restored. An APDU which does the same would also work. It's not quite "terminate", but is basically "secure erase".

If I had to guess, as someone who has not actually read the spec or seen source code for the OS, stopping the installation partway through corrupted whatever the file system equivalent is. So, the manager application can no longer find the unlock keys. I have not tried playing with that application for fear of bricking the card, so I am seriously speculating though.

Personally, I would treat the manager application as "special" and allow it to set aside a fixed memory region for the unlock keys which is only written to during changes instead of relying on the normal data structure. Bypass the wear leveling and talk directly to hardware. Sure, it means the gp keys can't be changed too often, but they rarely are.

Examining Figure 2 (P. 10) of this PDF regarding one implementation on the SLE78, shows that this is not as easy a task as I would like. However, there must be some protection, otherwise someone could take advantage of terminating things while writing data in order to deliberately corrupt the file system in a way to gain access to things they aren't supposed to.

* Possibly even with an e-fuse set so that memory is permanently in place.

[benbenbenbenbenben]

Also: My go to reader is a Omnikey HID5422 incidentally. I've used others but they're in storage so I don't know what they are. The 5422 is on my desk because it's the only reliable one.

I use a Sony Xperia ZX sometimes too, and that works surprisingly well especially given how easy it is to disturb it while loading a cap.

Otherwise, my assumptions are much the same as your own above. Sorry you're having the trouble you're having. Best of luck with support.