Authentication on website using smart card in python - McMap

About

Authentication on website using smart card in python

Asked 7/2, 2020 at 11:46 Answered 17/2, 2020 at 3:17

python python-3.x authentication apdu pyscard

H

1

10

So I have a smart card provided by the company which looks like a credit card with a chip. This card logins on a website after the card is inserted into the card reader.

Now I have to write a program in python which can read the card and login on that website using Requests module. I tried to find out how to retrieve this authentication data from the card using python script and then use this data but I am partially successful. I installed the pyscard:

from smartcard.System import readers
from smartcard.util import toHexString

r=readers()
print(r)

connection = r[0].createConnection()
connection.connect()
SELECT = [0xA0, 0x88, 0x00, 0x00] # CLA, INS, P1, P2
DF_TELECOM = [ 0x02, 0x7F, 0x10]  # Lc, Data, Le
data, sw1, sw2 = connection.transmit( SELECT + DF_TELECOM )

So far I am able to transmit data and retrieve some data from card. I sent the command 88 in INS (Source : ISO 7816) which is for some sort of internal authentication( I assume this authentication data is used to login on the website) but I get below response :

data = []
sw1 = 110
sw2 = 00

I couldn't find the meaning of this response in ISO 7816. Can somebody tell me whether I have the right approach or hint to proceed further from here? In short, i want to know how to login on the website using python script and smart card?

Handsome answered 7/2, 2020 at 11:46 Comment(6)

Your response is basically 6E00 which means "Class not supported". My question is "Do you know which card this is?". You can share here the ATR of the card. – Daradarach 12/2, 2020 at 6:47

ATR is just to know about the card. Do you have any APDU guide for communication. – Daradarach 12/2, 2020 at 11:43

No. BTW is it the right way to authenticate webiste ? – Handsome 12/2, 2020 at 11:45

Is your card using CardOS 5.x? if so, have you looked at this? github.com/OpenSC/OpenSC/issues – Imprecise 13/2, 2020 at 5:16

following this link ttfn.net/techno/smartcards/iso7816123.html it seems that 88 is invalid response (data not found).. any chance to replace INS value with 0x00? It should stream the entire card data as a response – Cage 16/2, 2020 at 12:48

For future readers looking for solutions to web site auth with a smart card, client SSL cert, or CAC, this seems to nearly always be solved at the web server level not in the app server. Auth results are then passed to the app server as part of request headers. See, e.g., nginx example at github.com/pkeech/Docker-Flask-CAC-Demo/blob/master/Server/… – Rhaetia 29/12, 2022 at 14:55

W

0

Basically, the response you're getting is essentially "6E00" which means "Class not supported", just replace the "INS" value with 0x00 and you should be fine

Wicopy answered 17/2, 2020 at 3:17 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.