Closed bezik46 closed 2 years ago
vletoux
commented
4 years ago You have to be sure that you can install an applet on it. Indeed maybe the transport key has been changed.
Can you confirm you can install any other applet ? In addition to that some cards do not support rsa and failed at install when they try to resolve its use by the application. Be sure also to use the release from this website and not from another source - you did not even specify the version you used.
bezik46
commented
4 years ago I can install the applet downloaded from here. But according to this it must be SELECTABLE
#
# gp -V
# GlobalPlatformPro v20.07.04-0-gc48cdec
# Running on Windows 10 10.0 x86, Java 1.8.0_181 by Oracle Corporation
C:\Program Files\OpenSC Project\GPShell>gp -i
# GlobalPlatformPro v20.07.04-0-gc48cdec
# Running on Windows 10 10.0 x86, Java 1.8.0_181 by Oracle Corporation
CPLC: ICFabricator=4790
ICType=5035
OperatingSystemID=4791
OperatingSystemReleaseDate=0078 (2010-03-19)
OperatingSystemReleaseLevel=3300
ICFabricationDate=9005 (2019-01-05)
ICSerialNumber=02165099
ICBatchIdentifier=1894
ICModuleFabricator=4812
ICModulePackagingDate=9012 (2019-01-12)
ICCManufacturer=0000
ICEmbeddingDate=0000 (2010-01-01)
ICPrePersonalizer=0638
ICPrePersonalizationEquipmentDate=2232 (2012-08-19)
ICPrePersonalizationEquipmentID=31363530
ICPersonalizer=0000
ICPersonalizationDate=0000 (2010-01-01)
ICPersonalizationEquipmentID=00000000
Card Data:
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.1.1
-> GP Version: 2.1.1
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.3.656.840.100.2.1.3
Tag 66: 1.3.6.1.4.1.42.2.110.1.2
-> JavaCard v2
Card Capabilities:
Version: 1 (0x01) ID: 1 (0x01) type: DES3 length: 16
Version: 1 (0x01) ID: 2 (0x02) type: DES3 length: 16
Version: 1 (0x01) ID: 3 (0x03) type: DES3 length: 16
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
C:\Program Files\OpenSC Project\GPShell>gp -f -install GidsApplet.cap
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
CAP loaded
Error: INSTALL [for install and make selectable] failed: 0x6A80 (Wrong data/incorrect values in data)
C:\Program Files\OpenSC Project\GPShell>gp -l
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000003000000 (INITIALIZED)
Privs: [SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement]
PKG: A0000000035350 (LOADED)
Applet: A000000003535041
PKG: A00000039742544659 (LOADED)
Applet: A000000397425446590201That is the set of valuse for this card initialization: (which I done, apart from fuse, as not to lock myself out)
//pre-personalize command
mode_211
enable_trace
establish_context
card_connect
send_apdu -sc 0 -APDU 00A4040010C238E449F725B1510EAA699550CABA16
send_apdu -sc 0 -APDU 00F00000
send_apdu -sc 0 -APDU C0D6029A02F807
send_apdu -sc 0 -APDU C0D60124010B
send_apdu -sc 0 -APDU C0D60147010B
send_apdu -sc 0 -APDU C0D6012201FE
send_apdu -sc 0 -APDU C0D601260908F01300008131FE45
send_apdu -sc 0 -APDU C0D601490908F01300008131FE45
send_apdu -sc 0 -APDU C0D6013609084a434f5076323431
send_apdu -sc 0 -APDU C0D6015909084a434f5076323431
send_apdu -sc 0 -APDU C0D603010101
send_apdu -sc 0 -APDU C0D6030510404142434445464748494A4B4C4D4E4F
send_apdu -sc 0 -APDU C0D6031d0101
send_apdu -sc 0 -APDU C0D6032110404142434445464748494A4B4C4D4E4F
send_apdu -sc 0 -APDU C0D603390101
send_apdu -sc 0 -APDU C0D6033D10404142434445464748494A4B4C4D4E4F
send_apdu -sc 0 -APDU 00100000
//fuse command
//00000000I just wanted to be sure you are using one of the version listed here : https://github.com/vletoux/GidsApplet/releases
If I is the case, the only process is to comment parts of the applet, be sure it's compiling, then checks if the applet can be imported or not. It's tedious and it can only be done by you.
I remind that cards are known to have a problem because they do t support rsa operations. I can only forward you to your card vendor to check if the card is fully supporting rsa and other crypto (3des, ..)
vletoux
commented
4 years ago By the way the command you send to the card before sending the applet has nothing to do with the Gids applet. To initialize the GIDS applet, we only support the program on mysmartlogon.com and the latest version of OpenSC.
martinpaljak
commented
4 years ago jcop 2.4.x is a very broad range of very different cards, try to be more specific.
For 2.4.1 in OP_READY state and latest GidsApplet.cap from this site releases page: gp -ldvi -install ~/Downloads/GidsApplet.cap works without issues with https://github.com/martinpaljak/GlobalPlatformPro/releases/tag/v20.08.12
bezik46
commented
4 years ago As you can see my state is:
ISD: A000000003000000 (INITIALIZED)How do I get it to OP_READY state?
I can only be as specific as this (I have nothing more, Amazon purchase, white card):
J2A040
NXP JCOP v2.4.x
T=1, ATR: 3B F8 13 00 00 81 31 FE 45 4A 43 4F 50 76 32 34 31 B7Full output from gp -ldvi -install is here
Initialize GIDS gives Unknown Card https://i.postimg.cc/wMYjJrYD/unknown-card.jpg
martinpaljak
commented
4 years ago @vletoux well, if you disable certain features during pre-personalization you can take a supported card and turn it into one that is not usable.
@scerazy you need to be very aware of what you are buying from ebay.
Here might be more information:
https://www.cardlogix.com/downloads/support/NXP-jcop-card-java-card-Z.pdf
Check the "identity" thing from rfidiot: https://github.com/AdamLaurie/RFIDIOt/blob/master/jcoptool.py#L138
Maybe your card does not have enough memory to create the instance? There is no log of GPPro either, to be able to detect issues.
bezik46
commented
4 years ago Not ebay, but Amazon (as link), description says: [J2A040 JCOP 40K JAVA CARD]The JCOP card 40K supports JCOP21-36K card. If it does not work, it will go back to seller. But if I did not have it, I could not learn... So thank you for your help!
C:\RFIDIOt-master>jcoptool.py INFO
jcoptool v0.1d (using RFIDIOt v1.0k)
Reader: PCSC Broadcom Corp Contacted SmartCard 0
No RFID card present
Could not select RFID card for APDU processing
JCOP Identity Data: 04310033000000004E5830313143000339F873
FABKEY ID: 04
PATCH ID: 31
TARGET ID: 00 (Unknown)
MASK ID: 33 (Mask 51)
CUSTOM MASK: 00000000 (....)
MASK NAME: NX011C
FUSE STATE: 00 (Not Fused)
ROM INFO: 0339F873 (Checksum)
COMBO NAME: Unknown-m33.04.31-NX011C
MANUFACTURER: NXP
PRODUCED: Year 0, Week 11, Build 3
Could not select RFID card for APDU processing
Life Cycle data: 9F7F2A479050354791007833009005021650991894481290120000000006382232313635300000000000000000
IC Fabricator 4790
IC Type 5035
OS ID 4791
OS Release Date 0078
OS Release Level 3300
IC Fabrication Date Year 9 Day 005
IC Serial Number 02165099
IC Batch Number 1894
IC Module Fabricator 4812
IC Module Packaging Date Year 9 Day 012
ICC Manufacturer 0000
IC Embedding Date Year 0 Day 000
IC Pre-Personalizer 0638
IC Pre-Personalization Date 2232
IC Pre-Personalization Equipment 31363530
IC Personalizer 0000
IC Personalization Date Year 0 Day 000
IC Personalization Equipment 00000000
Could not select RFID card for APDU processing
Could not select RFID card for APDU processing
Card Data length: 76
Card Recognition Data length: 74
OID: 1.2.840.114283.1
Application tag 0 - Card Management Type and Version:
OID: 1.2.840.114283.2.2.1.1
Application tag 3 - Card Identification Scheme:
OID: 1.2.840.114283.3
Application tag 4 - Secure Channel Protocol of the Issuer Security Domain and its implementation options:
OID: 1.2.840.114283.4.2.21
Application tag 5 - Card configuration details:
OID: 1.3.656.840.100.2.1.3
Application tag 6 - Card / chip details:
OID: 1.3.6.1.4.1.42.2.110.1.2
*** Warning
*** Repeated authentication failures may permanently disable device
Attempt to authenticate (y/n)? y
Could not select RFID card for APDU processing
Authentication succeeded
Card contents:
Issuer Security Domain:
AID: A000000003000000
Life Cycle State: 07 ( INITIALIZED )
Privileges: 9E ( CVM Management / Card Reset / Card Lock / Security Domain / Card Terminate )
Applications and Supplementary Security Domains:
None!
Executable Load Files:
AID: A0000000035350
Life Cycle State: 01 ( LOADED )
Executable Load Files and their Executable Modules:
AID: A0000000035350
Life Cycle State: 01 ( LOADED )
First or only ExecutableModule AID: A000000003535041This should be 2.4.1 R3. I did not find a similar card based on CPLC at once, but according to documentation and quick glimpse at source code, it should work just fine. I will not comment on the pre-personalization, make sure you do it properly and communicate with your vendor.
Can you load some "smaller" applet that does RSA onto it? I guess the chips has 40k of eeprom and at pure code size of 14k and platform overhead, it might very well be that it is not sufficient...
bezik46
commented
4 years ago I have done pre-personalization of the card with vendor supplied commands, little more I can do about it. Any idea what smaller applet it could be worth trying? To prove anything
martinpaljak
commented
4 years ago This this for example: https://www.fi.muni.cz/~xsvenda/jcalgtest/
bezik46
commented
4 years ago Sadly no luck either, each command returns 6a82:
C:\Program Files\OpenSC Project\GPShell>gp -install AlgTest_v1.7.9_jc222.cap
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
CAP loaded
Error: INSTALL [for install and make selectable] failed: 0x6A80 (Wrong data/incorrect values in data)
C:\Program Files\OpenSC Project\GPShell>gp -l
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000003000000 (INITIALIZED)
Privs: [SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement]
PKG: A0000000035350 (LOADED)
Applet: A000000003535041
PKG: 4A43416C6754657374 (LOADED)
Applet: 4A43416C675465737431
Test option number: 1
1
Total 1 readers detected via SunPCSC
Following readers are available via 'SunPCSC' provider:
[*] Broadcom Corp Contacted SmartCard 0
Specify type of your card (e.g., NXP JCOP CJ2A081): NXP JCOP J2A040
NXP
card: PC/SC card in Broadcom Corp Contacted SmartCard 0, protocol T=1, state OK
Card Channel: 0
3b f8 13 00 00 81 31 fe 45 4a 43 4f 50 76 32 34 31 b7
>>>>
CommmandAPDU: 15 bytes, nc=10, ne=0
00 a4 04 00 0a 4a 43 41 6c 67 54 65 73 74 31
ResponseAPDU: 2 bytes, SW=6a82, elapsed=37 ms
6a 82
<<<<
JCAlgTest applet with new AID not found - trying legacy AID...
>>>>
CommmandAPDU: 14 bytes, nc=9, ne=0
00 a4 04 00 09 6d 79 70 61 63 30 30 30 31
ResponseAPDU: 2 bytes, SW=6a82, elapsed=22 ms
6a 82
<<<<
No JCAlgTest applet found
card: PC/SC card in Broadcom Corp Contacted SmartCard 0, protocol T=1, state OK
Card Channel: 0
3b f8 13 00 00 81 31 fe 45 4a 43 4f 50 76 32 34 31 b7
>>>>
CommmandAPDU: 15 bytes, nc=10, ne=0
00 a4 04 00 0a 4a 43 41 6c 67 54 65 73 74 31
ResponseAPDU: 2 bytes, SW=6a82, elapsed=22 ms
6a 82
<<<<
JCAlgTest applet with new AID not found - trying legacy AID...
>>>>
CommmandAPDU: 14 bytes, nc=9, ne=0
00 a4 04 00 09 6d 79 70 61 63 30 30 30 31
ResponseAPDU: 2 bytes, SW=6a82, elapsed=23 ms
6a 82
<<<<
No JCAlgTest applet found
javacardx.crypto.Cipher
Exception in thread "main" java.lang.NullPointerException
at algtestjclient.SingleModeTest.TestClassCipher(SingleModeTest.java:796)
at algtestjclient.SingleModeTest.testAllAtOnce(SingleModeTest.java:1347)
at algtestjclient.SingleModeTest.TestSingleAlg(SingleModeTest.java:577)
at algtestjclient.AlgTestJClient.main(AlgTestJClient.java:238)I was told that this card:
1. Support for Triple-DES co-processor
2. AES cryptography based on SmartMX AES cryptographic co-processor
3. RSA support for the key lengths up to 2048 bit
4. Elliptic Curve Cryptography with key lengths up to 320 bit
5. SHA1, SHA-224 and SHA-256
6. Support for SEED algorithm
7. Support for MD5But it is back to the seller, could not get anything useful out of it
According to this: https://www.javacardos.com/javacardforum/viewtopic.php?t=1974 it should work, but all I get is:
and not as expected SELECTABLE: https://confluence.certgate.com/pages/viewpage.action?pageId=70254684
(by the way, impossible to download the .cap from above link, as login required & nowhere to register for such login!)