Unable to install CAP file

[kategray]

I'm getting an error 6A 88, though it may be related to the card.

C:\Kate\JavaCard\CCU2F-master\CCU2F>java -jar tools/gp.jar -install cap/ccu2f.cap -params 000140f3fccc0d00d8031954f90864d43c247f4bf5f0665c6b50cc17749a27d1cf7664
pro.javacard.gp.GPException: LOAD failed SW: 6A88
        at pro.javacard.gp.GPException.check(GPException.java:66)
        at pro.javacard.gp.GlobalPlatform.loadCapFile(GlobalPlatform.java:593)
        at pro.javacard.gp.GlobalPlatform.loadCapFile(GlobalPlatform.java:551)
        at pro.javacard.gp.GPTool.main(GPTool.java:510)

Card is a sm@rtcafe 6.0 80k.

[kategray]

Tried with a J3H145 card - can't load, different error code.

C:\Kate\JavaCard>gp -r "ACS ACR1222 3S PICC Reader PICC 0" --install ccu2f.cap -params 000140f3fccc0d00d8031954f90864d43c247f4bf5f0665c6b50cc17749a27d1cf7664 -v
GlobalPlatformPro 18.09.14-0-gb439b52
Running on Windows 10 10.0 amd64, Java 1.8.0_201 by Oracle Corporation
Reader: ACS ACR1222 3S PICC Reader PICC 0
ATR: 3B80800101
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B80800101

[DEBUG] GlobalPlatform - Auto-detected ISD: A000000003000000
Warning: no keys given, using default test key 404142434445464748494A4B4C4D4E4F
[DEBUG] GlobalPlatform - Host challenge: F0355535AAC24915
[DEBUG] GlobalPlatform - Card challenge: 0005BD1A6BE9D3D5
[DEBUG] GlobalPlatform - Card reports SCP02 with key version 1 (0x01)
[DEBUG] GlobalPlatform - Will do SCP02 (8)
[DEBUG] PlaintextKeys - Card keys: {ENC=type=RAW bytes=404142434445464748494A4B4C4D4E4F, MAC=type=RAW bytes=404142434445464748494A4B4C4D4E4F, DEK=type=RAW bytes=404142434445464748494A4B4C4D4E4F}
[DEBUG] GlobalPlatform - Verified card cryptogram: B0796E6D014E1A3E
[DEBUG] GlobalPlatform - Calculated host cryptogram: A660E493AE37466C
CAP file (v2.1), contains: applets for JavaCard 3.0.1
Package: de.tsenger.u2f A000000647 v0.0
Import: java.lang A0000000620001 v1.0
Import: javacard.security A0000000620102 v1.4
Import: javacard.framework A0000000620101 v1.4
Import: (unknown)D276000085494A434F5058 v8.0
Import: javacardx.apdu A0000000620209 v1.0
Applet: de.tsenger.u2f.U2FApplet A0000006472F0001
Generated by Oracle Corporation converter  [v3.0.3]
On Fri Jan 18 11:13:32 CET 2019 with JDK 1.8.0_191 (Oracle Corporation)
Total code size: 4591 bytes (5622 with debug)
SHA256 (code): E8D785A451EB716F385CE08CC5E5507C61DBDFBA8AB4A023DCA8DCB39D639FE6
SHA1   (code): 3FC49814B225139DB68FFF955DE7EB2558059008
LOAD failed: 0x6438

[tsenger]

It seems that the J3H145 may use a different JCOP library then the card (JCOP v2.4.2 R3) I used. Also the cap will not work on the SmartCafe card as the library doesn't fit. I suggest you build a new cap file from source and with the matching JCOP/SmartCafe library. If you don't have the correct libraries you could change the FIDOCCImplementation.java and use some other algorithms for key generation (which would be a bigger change).

[424778940z]

Tested J3H081, J3A081, J3D081, only J3D081 able to install the applet.

[tsenger]

Thanks for that feedback.

[viktoriasee]

I have the same error when I try to load the applet on a Infineon SLE78:

$ ./gp --op201 --info
GlobalPlatformPro 19.01.22-0-gf94d7f5
Running on Windows 10 10.0 amd64, Java 1.8.0_241 by Oracle Corporation
Reader: HID Global OMNIKEY 5022 Smart Card Reader 0
ATR: 3B88800100000011778183006D
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B88800100000011778183006D

CPLC: ICFabricator=4090
      ICType=7805
      OperatingSystemID=4091
      OperatingSystemReleaseDate=2013 (2012-01-13)
      OperatingSystemReleaseLevel=0110
      ICFabricationDate=8329 (2018-11-25)
      ICSerialNumber=28010A12
      ICBatchIdentifier=B973
      ICModuleFabricator=4092
      ICModulePackagingDate=8297 (2018-10-24)
      ICCManufacturer=4093
      ICEmbeddingDate=8297 (2018-10-24)
      ICPrePersonalizer=0000
      ICPrePersonalizationEquipmentDate=0000 (2010-01-01)
      ICPrePersonalizationEquipmentID=00000000
      ICPersonalizer=0000
      ICPersonalizationDate=0000 (2010-01-01)
      ICPersonalizationEquipmentID=00000000

IIN: 42074953445F49494E
CIN: 45074953445F43494E
Card Data:
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.2
-> GP Version: 2.2
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.2.840.114283.2.1.1
-> GP Version: 1.1
Tag 66: 1.3.6.1.4.1.42.2.110.1.3
-> JavaCard v3
Card Capabilities:
Supports: SCP03 i=10 i=20 i=60 with AES-128
Supports: SCP02 i=15 i=55 i=1A
Supported DOM privileges: SecurityDomain, DelegatedManagement, CardLock, CardTerminate, CardReset, CVMManagement, MandatedDAPVerification, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, GlobalService, ReceiptGeneration, CipheredLoadFileDataBlock
Supported APP privileges: CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, GlobalLock, GlobalRegistry, FinalApplication, GlobalService
Supported LFDB hash: 01
Supported Token Verification ciphers: 01
Supported Receipt Generation ciphers: 05
Supported DAP Verification ciphers: 01
Version:   1 (0x01) ID:   1 (0x01) type: DES3 length:  16
Version:   1 (0x01) ID:   2 (0x02) type: DES3 length:  16
Version:   1 (0x01) ID:   3 (0x03) type: DES3 length:  16

$ ./gp --install cap/ccu2f.cap --default
Warning: no keys given, using default test key 404142434445464748494A4B4C4D4E4F
LOAD failed: 0x6438

[tsenger]

That's because the Infineon SLE78 card can't use the NXP libraries.

[viktoriasee]

I was naively thinking java works everywhere. What kind of library is needed?

[tsenger]

Yeah, that's what I thought at first, too. This is true for most calls which are defined in the JavaCard specification. But not all card implements all functions, because not all are mandatory. And then there are methods that are not in the JavaCard specification (may be the case because the card uses an older JavaCard version) but implemented by the manufacturer of the card. But these methods can only be called/build if you have the manufacturers library in your development environment. Actually JavaCard applets should work manufacturer independent. But this is only the case as long as the applet only calls standard methods.

[kategray]

Failing on the J3H082 as well. I don't have the libraries and am not going to sign an NDA to get them, so I'll take a look at what I can do to rewrite them.

With the support we're seeing for NFC security tokens on mobile, the applet is a lot more useful these days.

[darconeous]

I don't think J3H082 is running the traditional NXP JCOP OS. I believe it is actually running some variant of Athena SCS, rebranded as JCOP. It doesn't respond to the JCOP identify command.

So it is entirely plausible that it does not implement those APIs, or that it implements those APIs at a different AID.

So much for write once run everywhere.

You may find the parent project (from which this project was forked) to be more useful. It does not use any proprietary APIs.