Hi Martin, I got error when I wanted to list the applications using

6D00 on Initialize Update on Contact Reader about globalplatformpro HOT 9 CLOSED

martinpaljak commented on June 11, 2024

6D00 on Initialize Update on Contact Reader

from globalplatformpro.

Comments (9)

stdavidk commented on June 11, 2024

I managed to get one card that is working

The card info is as follow:

C:\Users\Lenovo\Downloads\GlobalPlatformPro>gp -info -d
# Detected readers from SunPCSC
[*] ACS ACR128U ICC Interface 0
[ ] ACS ACR128U PICC Interface 0
[ ] ACS ACR128U SAM Interface 0
SCardConnect("ACS ACR128U ICC Interface 0", T=*) -> T=0, 3B9F96801FC38031E073FE2
113630F104C830790009F
SCardBeginTransaction("ACS ACR128U ICC Interface 0")
Reader: ACS ACR128U ICC Interface 0
ATR: 3B9F96801FC38031E073FE2113630F104C830790009F
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B9F96801FC38031E073FE2113630F104
C830790009F

A>> T=0 (4+0000) 00A40400 00
A<< (0018+2) (40ms) 6F108408A000000003000000A5049F6501FE 9000
***** Card info:
A>> T=0 (4+0000) 80CA9F7F 00
A<< (0045+2) (19ms) 9F7F2A42500F104A557287010040550003C95D05AD425240554250406400
000000000000000000000000000000 9000
Card CPLC:
ICFabricator: 4250
ICType: 0F10
OperatingSystemID: 4A55
OperatingSystemReleaseDate: 7287
OperatingSystemReleaseLevel: 0100
ICFabricationDate: 4055
ICSerialNumber: 0003C95D
ICBatchIdentifier: 05AD
ICModuleFabricator: 4252
ICModulePackagingDate: 4055
ICCManufacturer: 4250
ICEmbeddingDate: 4064
ICPrePersonalizer: 0000
ICPrePersonalizationEquipmentDate: 0000
ICPrePersonalizationEquipmentID: 00000000
ICPersonalizer: 0000
ICPersonalizationDate: 0000
ICPersonalizationEquipmentID: 00000000
***** CARD DATA
A>> T=0 (4+0000) 80CA0066 00
A<< (0078+2) (25ms) 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906
072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B06
0104012A026E0102 9000
GlobalPlatform card
Version: 2.1.1
TAG3: 1.2.840.114283.3
SCP version: SCP_02_15
TAG5: 1.3.656.840.100.2.1.3
TAG6: 1.3.6.1.4.1.42.2.110.1.2
***** KEY INFO
A>> T=0 (4+0000) 80CA00E0 00
A<< (0020+2) (19ms) E012C00401FF8010C00402FF8010C00403FF8010 9000
VER:255 ID:1 TYPE:DES3 LEN:16
VER:255 ID:2 TYPE:DES3 LEN:16
VER:255 ID:3 TYPE:DES3 LEN:16
Key version suggests factory keys
SCardEndTransaction()
SCardDisconnect("ACS ACR128U ICC Interface 0", false)

Any clue what is wrong? Is it related to Dual Interface Card?

from globalplatformpro.

martinpaljak commented on June 11, 2024

The output doesn't help because in one case you are opening the secure channel (with -l) and in the other case not.

Please re-run your failing command with -d -v (-l -d -v) and send the output. Which card is it? Not listes in smartcard-atr.blogspot.com. I'm not entirely enthusiastic about ACS readers either but apparently this is not the culprit at the moment.

from globalplatformpro.

stdavidk commented on June 11, 2024

Sorry, for the other case it was success and hence I only show the card information.

The card is SP44 from SPTek. I re-run the with -l -d -v. For contact interface, it produced the same error as seen in following log:

C:\Users\Lenovo\Downloads\GlobalPlatformPro>gp -l -d -v
# Detected readers from SunPCSC
[*] ACS ACR128U ICC Interface 0
[ ] ACS ACR128U PICC Interface 0
[ ] ACS ACR128U SAM Interface 0
SCardConnect("ACS ACR128U ICC Interface 0", T=*) -> T=0, 3B6800000073C8400000900
0
SCardBeginTransaction("ACS ACR128U ICC Interface 0")
Reader: ACS ACR128U ICC Interface 0
ATR: 3B6800000073C84000009000
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B6800000073C84000009000

A>> T=0 (4+0000) 00A40400 00
A<< (0018+2) (52ms) 6F108408A000000003000000A5049F6501FF 9000
Auto-detected ISD AID: A000000003000000
A>> T=0 (4+0008) 80500000 08 253DBDA7C0B1461D
A<< (0000+2) (44ms) 6D00
pro.javacard.gp.GPException: INITIALIZE UPDATE failed SW: 6D00
        at pro.javacard.gp.GlobalPlatform.check(GlobalPlatform.java:1096)
        at pro.javacard.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:
396)
        at pro.javacard.gp.GPTool.main(GPTool.java:373)

Log from other card (from JRSC) which was success using Contact interface:

C:\Users\Lenovo\Downloads\GlobalPlatformPro>gp -l -d -v
# Detected readers from SunPCSC
[*] ACS ACR128U ICC Interface 0
[ ] ACS ACR128U PICC Interface 0
[ ] ACS ACR128U SAM Interface 0
SCardConnect("ACS ACR128U ICC Interface 0", T=*) -> T=0, 3B9B96801FC34A54434A554
33130309000F1
SCardBeginTransaction("ACS ACR128U ICC Interface 0")
Reader: ACS ACR128U ICC Interface 0
ATR: 3B9B96801FC34A54434A55433130309000F1
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B9B96801FC34A54434A5543313030900
0F1

A>> T=0 (4+0000) 00A40400 00
A<< (0018+2) (29ms) 6F108408A000000003000000A5049F6501FE 9000
Auto-detected ISD AID: A000000003000000
A>> T=0 (4+0008) 80500000 08 E8078E929DD8524B
A<< (0028+2) (25ms) 000040640001AE2D0F57FF0200451BE634FA9E544A14D8D7A540FF16 900
0
Host challenge: E8078E929DD8524B
Card challenge: 00451BE634FA9E54
Card reports SCP02 with version 255 keys
Master keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
Sequnce counter: 0045
Derived session keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:22907556EE7F83C36B3E6EF91EC5D947
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:CB0DF0AA2DDE0DB192240F8CC204FD6C
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:71312358D5BDA847E47BCCCCF0899402
Verified card cryptogram: 4A14D8D7A540FF16
Calculated host cryptogram: 7F3B168834865A15
A>> T=0 (4+0016) 84820100 10 7F3B168834865A15A1DE469B28E4BE39
A<< (0000+2) (17ms) 9000
A>> T=0 (4+0010) 84F28000 0A 4F0073A62DBDE8AE44F9
A<< (0011+2) (19ms) 08A000000003000000019E 9000
A>> T=0 (4+0010) 84F24000 0A 4F007459D3087C22E4F4
A<< (0000+2) (10ms) 6A88
A>> T=0 (4+0010) 84F22000 0A 4F0094019A399A43BE2E
A<< (0000+2) (11ms) 6A88
A>> T=0 (4+0010) 84F21000 0A 4F0062CA191301407511
A<< (0000+2) (10ms) 6A81
AID: A000000003000000 (|........|)
     ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
 CVM (PIN) management

SCardEndTransaction()
SCardDisconnect("ACS ACR128U ICC Interface 0", false)

When using Contactless Interface, no error in SP44 card:

C:\Users\Lenovo\Downloads\GlobalPlatformPro>gp -l -d -v
# Detected readers from SunPCSC
[ ] ACS ACR128U ICC Interface 0
[*] ACS ACR128U PICC Interface 0
[ ] ACS ACR128U SAM Interface 0
SCardConnect("ACS ACR128U PICC Interface 0", T=*) -> T=1, 3B8880010073C840000090
0062
SCardBeginTransaction("ACS ACR128U PICC Interface 0")
Reader: ACS ACR128U PICC Interface 0
ATR: 3B8880010073C8400000900062
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B8880010073C8400000900062

A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (9ms) 6F108408A000000003000000A5049F6501FF 9000
Auto-detected ISD AID: A000000003000000
A>> T=1 (4+0008) 80500000 08 0B1C6107C4FED45D
A<< (0028+2) (13ms) 0000416804170A325DC801020002598DD3961BFD8CB51FF4DA0A4D37 900
0
Host challenge: 0B1C6107C4FED45D
Card challenge: 0002598DD3961BFD
Card reports SCP02 with version 1 keys
Master keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
Sequnce counter: 0002
Derived session keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:ADC1163BA2A147FBB84BF44C8676FB7D
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:3E06B1C8FCFD788A573B9A9889D0CA50
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:FC01096B6DB13ADEE0D4CB61D03FD3AA
Verified card cryptogram: 8CB51FF4DA0A4D37
Calculated host cryptogram: 22169AA06BE1FE3F
A>> T=1 (4+0016) 84820100 10 22169AA06BE1FE3FE949EAD690080583
A<< (0000+2) (20ms) 9000
A>> T=1 (4+0010) 84F28000 0A 4F00425CB5CA2D8408A9
A<< (0011+2) (9ms) 08A000000003000000019E 9000
A>> T=1 (4+0010) 84F24000 0A 4F004C9B179F948DF70E
A<< (0000+2) (8ms) 6A88
A>> T=1 (4+0010) 84F22000 0A 4F0066C00BB5D13B4292
A<< (0027+2) (11ms) 07A0000000035350010006A00000000310010005315041592E0100 9000
A>> T=1 (4+0010) 84F21000 0A 4F00EF84AD2E45D59BA4
A<< (0078+2) (19ms) 07A000000003535001000108A00000000353504106A00000000310010003
07A000000003105607A000000003104D07A000000003105005315041592E0100010E315041592E53
59532E4444463031 9000
AID: A000000003000000 (|........|)
     ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
 CVM (PIN) management

AID: A0000000035350 (|.....SP|)
     ExM LOADED: (none)
     A000000003535041 (|.....SPA|)

AID: A00000000310 (|......|)
     ExM LOADED: (none)
     A0000000031056 (|......V|)
     A000000003104D (|......M|)
     A0000000031050 (|......P|)

AID: 315041592E (|1PAY.|)
     ExM LOADED: (none)
     315041592E5359532E4444463031 (|1PAY.SYS.DDF01|)

SCardEndTransaction()
SCardDisconnect("ACS ACR128U PICC Interface 0", false)

from globalplatformpro.

martinpaljak commented on June 11, 2024

First time I hear about these cards. They are not in my tested cards list. Are they available from some webshop, in small quantities, to qualify for https://github.com/martinpaljak/GlobalPlatformPro/tree/master/docs/TestedCards ?

You say that the contact interface works with other software, please provide an APDU log if possible for the other software.

What if you specify the ISD aid on the command line:

gp -sdaid A000000003000000 -l -d -v

from globalplatformpro.

stdavidk commented on June 11, 2024

They are not top 10 card vendors, and unfortunately did not sell in small quantities.

Here is log using another software:

[ATR] 3B6800000073C84000009000
[ATR] 3B6800000073C84000009000
[SEND]: 00A4040000
[RESP]: 6F108408A000000003000000A5049F6501FF9000
52 ms
[SEND]: 8050000008D31CC4DE5E586FBC
[RESP]: 611c
29 ms
[SEND]: 00C000001C
[RESP]: 0000416804170A325DC801020004B1B79602B1CBE00CF4940C2562699000
53 ms
[SEND]: 848200001004AD1BE9E3B9A8416836287E21C90C7A
[RESP]: 9000
48 ms
[SEND]: 80F28000024F00
[RESP]: 610b
21 ms
[SEND]: 00C000000B
[RESP]: 08A000000003000000019E9000
30 ms
[SEND]: 80F24000024F00
[RESP]: 6a88
20 ms
[SEND]: 80F22000024F00
[RESP]: 611b
20 ms
[SEND]: 00C000001B
[RESP]: 07A0000000035350010006A00000000310010005315041592E01009000
51 ms

and this one is log from jcManager;

Open terminal ...
EstablishContext(): ...
Wait for card in a certain reader ...
Pick reader ...
**********************
Selecting Card Manager
***********************
-> 00 A4 04 00 08 A0 00 00 00 03 00 00 00
<- 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
************
Init Update
*************
-> 80 50 00 00 08 CC F7 84 87 AE 1A 73 A1
<- 00 00 41 68 04 17 0A 32 5D C8 01 02 00 05 BD 1A 6B E9 D3 D5 F2 4E 67 8B 7A 92 ED 0C 90 00
HostChallenge: CC F7 84 87 AE 1A 73 A1
CardChallenge: BD 1A 6B E9 D3 D5
Card Calculated Card Cryptogram: F2 4E 67 8B 7A 92 ED 0C
Derivation Data is 01 82 00 05 00 00 00 00 00 00 00 00 00 00 00 00
Host Cryptogram Data (to encrypt) 00 05 BD 1A 6B E9 D3 D5 CC F7 84 87 AE 1A 73 A1 80 00 00 00 00 00 00 00
Card Cryptogram Data (to encrypt for verification) CC F7 84 87 AE 1A 73 A1 00 05 BD 1A 6B E9 D3 D5 80 00 00 00 00 00 00 00
S_ENC: 11 4E 70 DD 9F DA B5 43 CE 3B FC FD 4C 85 31 B8 11 4E 70 DD 9F DA B5 43
The Current session MAC key is 9B C7 F1 72 01 1D 9C 5D 57 58 BB A4 97 E7 B9 E6
The Current session DEK key is 6A 69 ED 15 FB 7C 01 06 31 B1 FF 9B 02 86 8E 3B
Encrypted CardCryptoGram is 8B EB 2A E9 05 A5 B0 F9 61 2E 7F 28 B6 55 A5 C3 F2 4E 67 8B 7A 92 ED 0C
Encrypted HostCryptoGram is BD F1 67 4E 66 E4 84 A7 04 86 A2 2B 48 8D 98 14 74 0D 4D 9F 8F 8F 7D 59
-> 84 82 03 00 10 74 0D 4D 9F 8F 8F 7D 59 71 26 63 12 92 B1 78 C9
<- 90 00
Authenticated

Tried again with specifying the SD AID and still the same error.

from globalplatformpro.

martinpaljak commented on June 11, 2024

Is it possible for you to send sample cards?
Such issue qualifies as generic weirdness which is not straightforward to debug. As a general rule I always have a few different readers available. Unfortunately there is no way in the software currently to force T0/T1, that might affect the behaviour.

Please re-run the failing command via Java and set the following parameter to Java:

-Dsun.security.smartcardio.t0GetResponse=false

from globalplatformpro.

martinpaljak commented on June 11, 2024

Is it correct assumption that the other software is not written in Java or at least not using javax.smartcardio directly ? Because the card uses T=0 on contact interface and apparently responds with 61XX to INITIALIZE UPDATE. Because the output from a working implementation sends GET RESPONSE with ISO CLA (0x00) not with 0x80 as is required by ISO 7816-4 and implemented by SunPCSC and Java. And because 0xC0 is not a valid instruction code for global platform (with CLA 0x80) the error makes sense. I have no idea why/how jcManager works (unless you use the old jpcsc implementation). It also means that the card and the other software is bogus if this theory holds. For testing, please run with apdu4j the following command:

apdu4j.exe -no-get-response -t0 -d -v -a 00A4040000 -a 8050000008D31CC4DE5E586FBC

from globalplatformpro.

stdavidk commented on June 11, 2024

Yes, unfortunately both software are not using java.smartcardio directly. One is native, while the other is jpsc.

True, for T=0, the cards are sending response via 61XX and the response are taken using CLA 0x00 INS 0xC0. Here is the log using apdu4j:

C:\Users\David\Downloads>apdu4j.exe -no-get-response -t0 -d -v -a 00A4040000 -a
8050000008D31CC4DE5E586FBC
# Using sun.security.smartcardio.SunPCSC - SunPCSC version 1.8
SCardConnect("ACS ACR128U ICC Interface 0", T=0) -> T=0, 3B6800000073C8400000900
0
A>> T=0 (4+0000) 00A40400 00
A<< (0018+2) (63ms) 6F108408A000000003000000A5049F6501FF 9000
A>> T=0 (4+0008) 80500000 08 D31CC4DE5E586FBC
A<< (0000+2) (31ms) 611C
SCardDisconnect("ACS ACR128U ICC Interface 0", true)


C:\Users\David\Downloads>apdu4j.exe -no-get-response -t0 -d -v -a 00A4040000 -a
8050000008D31CC4DE5E586FBC
# Using sun.security.smartcardio.SunPCSC - SunPCSC version 1.8
SCardConnect("ACS ACR128U ICC Interface 0", T=0) -> T=0, 3B9B96801FC34A54434A554
33130309000F1
A>> T=0 (4+0000) 00A40400 00
A<< (0018+2) (31ms) 6F108408A000000003000000A5049F6501FE 9000
A>> T=0 (4+0008) 80500000 08 D31CC4DE5E586FBC
A<< (0000+2) (0ms) 611C
SCardDisconnect("ACS ACR128U ICC Interface 0", true)

I haven't check using -Dsun.security.smartcardio.t0GetResponse=false

from globalplatformpro.

martinpaljak commented on June 11, 2024

No need to try, my hypothesis is confirmed.

You can see yourself, by doing:
apdu4j.exe -no-get-response -t0 -d -v -a 00A4040000 -a 8050000008D31CC4DE5E586FBC -a 00C000001C (works but is incorrect according to standard,notice CLA==0x00 in last GET RESPONSE command)

apdu4j.exe -no-get-response -t0 -d -v -a 00A4040000 -a 8050000008D31CC4DE5E586FBC -a 80C000001C (gives 6D00 but is according to standard, notice CLA==0x80 in last GET RESPONSE command)

There is no fix but to use the card via contactless interface or via T=1. I'm not going to introduce an option to try to fiddle with the connection protocol into GP tool, because Java gives insufficient interfaces to deal with the low layer issues of readers and protocols and powerdowns etc.

Your card does not conform to basic ISO 7816-4.

Thanks for the report though, it shows that the list of supported cards needs to be maintained and that there are plenty of cards that are bogus. Feel free to contact me via e-mail if you have test cards to send.

from globalplatformpro.

6D00 on Initialize Update on Contact Reader about globalplatformpro HOT 9 CLOSED

Comments (9)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent