yangyi-ioa / seek-for-android

Automatically exported from code.google.com/p/seek-for-android
0 stars 0 forks source link

Connection refused !!! #40

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What's the problem?
i am unable to open basic/logical channel using following:

Channel channel = _session.openBasicChannel(aid);
Channel channel = _session.openLogicalChannel(aid);

For basic it channel it returns null, and for logical channel it returns 
java.lang.SecurityException: Connection refused !!!

What steps will reproduce the problem?
1.
I am working on Samsung SIII(4.0.4) supporting OpenMobileAPI with a proprietary 
applet on UIIC having AID "D2760000285100101001028901" 
2.
Applet reply "019000" to command "00CA000000".

What is the expected output? What do you see instead?
Hoping i can SELECT applet and send command to it and get response back

What version of the product are you using? On what operating system?
Samsung SIII(4.0.4)

Please provide any additional information below.
However this gives me correct ATR: byte[] atr = _session.getATR(); of SIM card.

Original issue reported on code.google.com by innolab...@gmail.com on 5 Nov 2012 at 7:17

GoogleCodeExporter commented 9 years ago
Have you configured the access conditions on the UICC?

Original comment by kipo...@gmail.com on 6 Nov 2012 at 4:38

GoogleCodeExporter commented 9 years ago
Thanks for pointing me to this issue!

No. I'm not very sure how to do it. Please share any information regarding 
configuring the access conditions on the UICC.

Original comment by innolab...@gmail.com on 7 Nov 2012 at 5:38

GoogleCodeExporter commented 9 years ago
Access conditions can be either configured in the PKCS#15 applet/folder or in 
via GP Access control applet (if it is installed/supported by the device).
I haven't tested the latter on S3. Howerer, PKCS#15 works fine.
I have attached a GSMA file that describes the layout and format of the Access 
condition files in PKCS#15.

For testing, you may configure the AC to allow full access to any on device 
appliation. 

Please note that PKCS#15 AID (ADF/or applet) should also be configured in 
EF_DIR.

Original comment by kipo...@gmail.com on 7 Nov 2012 at 8:29

Attachments:

GoogleCodeExporter commented 9 years ago
Forgot to mention, if you want to use the GP AC, you may install the "AllowAll" 
applet from this site. 
But as I said I haven't tested it on S3.

Happy coding:)

Original comment by kipo...@gmail.com on 7 Nov 2012 at 8:38

GoogleCodeExporter commented 9 years ago
PKCS#15 Access Control was missing on SIM

Original comment by Daniel.A...@gi-de.com on 15 Apr 2013 at 3:17

GoogleCodeExporter commented 9 years ago
What are the install parameters for the AllowAll.cap?

Original comment by CoDMap...@gmail.com on 22 Jan 2014 at 10:12

GoogleCodeExporter commented 9 years ago
I've installed the AllowAll applet but am still seeing the Connection Refused 
issue.

Original comment by CoDMap...@gmail.com on 22 Jan 2014 at 10:52

GoogleCodeExporter commented 9 years ago
I found this comments on other forums:

ARA enforcer was introduced with V2.4.0, so allowAll will unfortunately not 
help with S3. It contains an enforcer that is not from seek.
Check the post from Helmut for more information: 

-Frank

hi,

the galaxy sIII contains an access control extension which is not created by 
SEEK. 

It seems to be an early implementation of the ARF Variant of the GP Secure 
Element Access Control Specification  which requires a PKCS15 file system. See 
http://www.globalplatform.org/specificationsdevice.asp -> Secure Element Access 
Control -> Chapter 7 and Annex C.

So, to access an applet you will need at least an "allow all" access rule coded 
in the PKCS15 files. And it's no fun to create this.

/Helmut

Original comment by CoDMap...@gmail.com on 22 Jan 2014 at 10:54

GoogleCodeExporter commented 9 years ago
NOTE: I've been working on a Samsung Galaxy S4.

Original comment by CoDMap...@gmail.com on 22 Jan 2014 at 11:13