Login/Register
Installing applet in javacard
Asked Answered
Solved smartcardjavacardglobalplatform
A

3

8

I made a .cap file of the popular "Hello World" javacard code via Eclipse

And now I want to load it in a real javacard via GPShell and ACR38 smart card reader.

question: Am I need any key to load the .cap file in the card? I mean, should I authenticate before uploading my applet in the card or it's not necessory? I think it is mndatory to authenticate. it is irrational to upload .cap without authentication. but I don't know , how to authenticate. question: What's wrong in this?

C:\Users\ghasemi>java -jar e:\gpj\gpj.jar -load e:\helloWorld.cap -install
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
javax.smartcardio.CardException: connect() failed
        at sun.security.smartcardio.TerminalImpl.connect(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
Caused by: sun.security.smartcardio.PCSCException: SCARD_E_SHARING_VIOLATION
        at sun.security.smartcardio.PCSC.SCardConnect(Native Method)
        at sun.security.smartcardio.CardImpl.<init>(Unknown Source)
        ... 2 more
Found card in terminal: ACS CCID USB Reader 0
java.lang.NullPointerException
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)

C:\Users\ghasemi>java -jar e:\gpj\gpj.jar -load e:\helloWorld.cap -install

Found terminals: [PC/SC terminal ACS CCID USB Reader 0]

Found card in terminal: ACS CCID USB Reader 0

ATR: 3B 7F 94 00 00 80 31 80 65 B0 85 02 02 ED 12 0F FF 82 90 00

DEBUG: Command  APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00

DEBUG: Response APDU: 6A 82

Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00

DEBUG: Response APDU: 6F 65 84 08 A0 00 00 00 18 43 4D 00 A5 59 73 4A 06 07 2A 8
6 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48
86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 01 05 65 0B 06 09 2B 85 10 86 48 64
 02 01 03 66 0C 06 0A 2B 06 01 04 01 2A 02 6E 01 02 9F 6E 06 12 91 20 11 02 02 9
F 65 01 FF 90 00

Successfully selected Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00
DEBUG: Command  APDU: 80 50 00 00 08 17 2A 53 4F AC DF 8D 16

DEBUG: Response APDU: 69 82

javax.smartcardio.CardException: Wrong initialize update, SW: 69 82
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.openSecureChan
nel(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)

tnx

Angadresma answered 8/5, 2014 at 5:54 Comment(2)
Are you sure that the Security Domain of your card is: A0 00 00 00 18 43 4D 00. What type of card are you using?Jodhpur
@KamenGoranchev It returned 90 00 didn't it? And I guess you can check if A0 00 00 00 18 is the RID of Gemalto, but my guess is that it is.Matriarchy
M
2

You should require about the Global Platform state of the card. 6982 is a general status word that means "Security status not satisfied", so your card may be in the wrong state (e.g. the Global Platform LOCKED or TERMINATED state).

It could also be that you are using an invalid Global Platform key set, or that the keys are not available.

Please contact the supplier of the smart card about the card state and which keys you should use.

Matriarchy answered 9/5, 2014 at 12:54 Comment(3)
PS not sure, but it may have to do something with delegation or implicit authentication as well. Again, ask the provider.Matriarchy
Doesn't this look more like the card or that security domain is in LOCKED or TERMINATED state? Otherwise it should accept at least the INITIALIZE UPDATE command in SCP01...Dunbar
@Michael Roland Yes, it does, and it is in the question. It's not in front because I am not sure if that's the most likely cause. The card does not seem to use the normal card manager (or it is hiding behind the old A0000000030000 AID). (altered answer based on your remarks)Matriarchy
M
3

Response code 6A 82 is used for Security_Status_Not_Satisfied.

On selection of Security Domain, this status word may occur due to one of following two reasons :

  • Either Card Life Cycle State (CLCS) of Card is LOCKED or TERMINATED, so the selection of Security Domain is not allowed, because if the CLCS is LOCKED then only that security domain and/or application can be selected which has Card Lock privilege, and if CLCS is TERMINATED then if a Security Domain has the Final Application privilege only the GET DATA command shall be processed, all other commands shall be disabled and shall return an error.If the CLCS is LOCKED then try to select that security domain and/or application which has Card Lock privilege and try to move Card Life Cycle State (CLCS) to SECURED using SETSTATUS command with the help of SCP session,otherwise if CLCS is TERMINATED then CLCS can't switch back to SECURED, as this state is irreversible.

  • OR the Security Domain, which you try to select is itself in LOCKED state, in this case that Security Domain may be prevented from further selection by the OPEN and error status word is returned.

@CLCS - Card Life Cycle State.

Happy to Help.

Ms answered 3/12, 2014 at 18:48 Comment(0)
M
2

You should require about the Global Platform state of the card. 6982 is a general status word that means "Security status not satisfied", so your card may be in the wrong state (e.g. the Global Platform LOCKED or TERMINATED state).

It could also be that you are using an invalid Global Platform key set, or that the keys are not available.

Please contact the supplier of the smart card about the card state and which keys you should use.

Matriarchy answered 9/5, 2014 at 12:54 Comment(3)
PS not sure, but it may have to do something with delegation or implicit authentication as well. Again, ask the provider.Matriarchy
Doesn't this look more like the card or that security domain is in LOCKED or TERMINATED state? Otherwise it should accept at least the INITIALIZE UPDATE command in SCP01...Dunbar
@Michael Roland Yes, it does, and it is in the question. It's not in front because I am not sure if that's the most likely cause. The card does not seem to use the normal card manager (or it is hiding behind the old A0000000030000 AID). (altered answer based on your remarks)Matriarchy
J
1

the Card Manager AID shows that it is a Gemalto XPresso Card. the default cards for this card is 47454d5850524553534f53414d504c45 try to set those keys. in case it does not work the card has changed CM Keys or the Card might be locked beware that trying to authenticate too often with wrong keys might lock the card

Judaic answered 13/5, 2014 at 9:26 Comment(2)
Dear paul, are you sure that these key is the default key? I thing 40414243444546448494A4B4C4D4E4F is the default key! btw, I try both in "JCManager"! and neither my key nor your key didn't work!Angadresma
relooking at the debug output, i think you can try init-update with another keynumber, which is stored in P1 e.g. 01 if this does not work i suppose too that the card is lockedJudaic

© 2022 - 2024 — McMap. All rights reserved.