This discussion is archived
8 Replies Latest reply: May 22, 2012 11:20 PM by safarmer RSS

Problem in pre-personalisation of jcop10

938137 Newbie
Currently Being Moderated
plz i need help about protecting jcop card , i writed my applet and test all isok , i want protect card fromp installing other applet as i read there is some exploit to read memory card if card not locked.. i read documention form my suplier and hall forum that talk about prepersonalisation but can't get it work in my card :
ii use eclipse with jcop plugin, i send atr then boot command + Atk then protect command this what i get
cm> /atr
resetCard with timeout: 0 (ms)
--Waiting for card...
ATR=3B FA 13 00 00 81 31 FE 45 4A 43 4F 50 32 31 56 ;.....1.EJCOP21V
32 33 32 92 232.
ATR: T=1, FI=1/DI=3 (93clk/etu), N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP21V232"
/send 00A4040010404142434445464748494a4b4c4d4e4f
=> 00 A4 04 00 10 40 41 42 43 44 45 46 47 48 49 4A .....@ABCDEFGHIJ
4B 4C 4D 4E 4F KLMNO
(18217 usec)
<= 6A 82 j.
Status: File not found
/send 00F00000
=> 00 F0 00 00 ....
(12348 usec)
<= 6E 00 n.
Status: CLA value not supported

also i want understand if i succed to protect card and fuse it , with defaults des key is this dangerous ? i mean from hacking side? or need also change des default key ? where i can found eeprom adress of key ? i asked my dealer he don't know what i talking about

thanks alot plz somone can help
  • 1. Re: Problem in pre-personalisation of jcop10
    Umer Journeyer
    Currently Being Moderated
    935134 wrote:
    /send 00A4040010404142434445464748494a4b4c4d4e4f
    This APDU means you are trying to select an installed applet with AID: 404142434445464748494a4b4c4d4e4f. That's why it is getting fail as it could not found any applet with AID of:404142434445464748494a4b4c4d4e4f.
    I think that you are tying to select your keys isn't it ? But, you can't select your keys in that way. You must know about the key version and key index for this.
    => 00 F0 00 00 ....
    (12348 usec)
    <= 6E 00 n.
    Status: CLA value not supported
    Why you are sending this APDU ?

    To get keys information, send Get Data Command APDU.

    Can you tell what happend when you click on the authenticate button on in the JCOP Shell ?
  • 2. Re: Problem in pre-personalisation of jcop10
    938137 Newbie
    Currently Being Moderated
    hi,
    thainks you for your reply, this log status :
    /card -a a000000003000000 -c com.ibm.jc.CardManager
    resetCard with timeout: 0 (ms)
    --Waiting for card...
    ATR=3B FA 13 00 00 81 31 FE 45 4A 43 4F 50 32 31 56 ;.....1.EJCOP21V
    32 33 32 92 232.
    ATR: T=1, FI=1/DI=3 (93clk/etu), N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP21V232"
    => 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
    (48284 usec)
    <= 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65 oe...........Y.e
    01 FF 9F 6E 06 47 91 73 51 2E 00 73 4A 06 07 2A ...n.G.sQ..sJ..*
    86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B .H..k.`...*.H..k
    02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 ....c...*.H..k.d
    0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09 ...*.H..k...e...
    2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 +...Hd...f...+..
    04 01 2A 02 6E 01 02 90 00 ..*.n....
    Status: No Error
    cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    cm> init-update 255
    => 80 50 00 00 08 1D 57 06 98 25 A9 38 98 00 .P....W..%.8..
    (58055 usec)
    <= 00 00 11 92 00 21 16 95 65 52 FF 02 00 04 B1 B7 .....!..eR......
    96 02 B1 CB 6F E3 2F EF B1 88 6C 95 90 00 ....o./...l...
    Status: No Error
    cm> ext-auth plain
    => 84 82 00 00 10 89 3E F1 2E CD A7 D1 06 DE 2B 95 ......>.......+.
    99 C9 AA 3A 5A ...:Z
    (72615 usec)
    <= 90 00 ..
    Status: No Error

    as you see my des key is default one i want to change to new one than protect and fuse , as i understand i must select root first with /select <KT> i make but i get this
    cm> /select CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
    => 00 A4 04 00 10 CC CC CC CC CC CC CC CC CC CC CC ................
    CC CC CC CC CC 00 ......
    (18898 usec)
    <= 6A 82 j.
    Status: File not found
    jcshell: Error code: 6a82 (File not found)
    jcshell: Wrong response APDU: 6A82

    what i make wrong? plz help
  • 3. Re: Problem in pre-personalisation of jcop10
    Umer Journeyer
    Currently Being Moderated
    Ok it means you want to use put-key command. It is mentioned in GP specs that how to use put-key command.
    Also, you can look into this thread to get how to know what is: JCOP put-key encryption key
  • 4. Re: Problem in pre-personalisation of jcop10
    safarmer Expert
    Currently Being Moderated
    A little more information for you:

    As indicated by your logs, your card has already been pre-personalised. If it had not been you would not be able to select the card manager and authenticate to it.

    It may not have been fused but if this is the case the card is still protected by the transport key. The select you mentioned failed as the value you had for the transport key was 404142...4d4e4f. Either this is the wrong transport key or the card has been fused already.

    As mentioned, once you have installed your applet, you can change the card manager key set. This is a general practice that ensures that only the card issuer knows the keys on the card. Normally, you would receive cards that have a master keycreated by the manufacturer that was used to create unique keys for each card. The manufacturer and card issuer would exchange this key and the issuer would use this key to add their own key. Then the issuer would load the card and possibly place another key set on the card before shipping the card to the card holder.

    If you want to swap the keys, you can use the JCOP shell command put-keyset. You can check the help for details on this command.

    Shane
  • 5. Re: Problem in pre-personalisation of jcop10
    Umer Journeyer
    Currently Being Moderated
    Dear Shane, Can you explain what is meant by "fuse" a card ? and protecting a card by a transport key ?
    As, I have not seen them in docs.
  • 6. Re: Problem in pre-personalisation of jcop10
    safarmer Expert
    Currently Being Moderated
    As far as I am aware, these pre-personalisation steps are proprietary to NXP. The selecting the root file is the first step of the process. Since it is a 16 byte random AID it is considered a key. It is hard to guess what the AID would be so unless you are told you wont be able to configure the card. Fusing is the process of locking the card configuration so the system is considered secure. Once fused the card cannot be pre-personalised any more.

    I have also seen similar processes from other vendors. This process is generally done in a secure environment before the cards leave the manufacturer as before the fusing takes place the card OS may be reconfigurable which may make it possible to disable certain security features or add keys to the card manager.

    Shane
  • 7. Re: Problem in pre-personalisation of jcop10
    Umer Journeyer
    Currently Being Moderated
    Thanks for the explanation.
    I am also aware with that kind of technique that is after loading the OS they destroy the Mother key of the card but this is the case with native card. Is NXP is doing this with Java Cards too ?
  • 8. Re: Problem in pre-personalisation of jcop10
    safarmer Expert
    Currently Being Moderated
    I would assume so with this thread being started about a JCOP java card sample :)

    Shane

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points