Forum Stats

  • 3,874,263 Users
  • 2,266,716 Discussions
  • 7,911,794 Comments

Discussions

LOAD fails for Method component in USIM card via OTA SMS-DELIVER

User_D5ZWW
User_D5ZWW Member Posts: 6 Green Ribbon
edited Feb 4, 2022 10:38PM in Java Card

Hello,


I couldnt find the right spec explaining "C482XXYY" in Header.cap, how it should be calculated,

this answer below helped me navigate, but for Method.cap loading - it still fails

https://community.oracle.com/tech/developers/discussion/1753814/globalpaltform-load-command-data-field


I've written this loader:

https://pastebin.com/pSXeDYyS


Every component in CAP file is in separate APDU with LOAD instruction.

First 5 is loaded successfully with DATA=00, SW=9000, however on Method it fails.

As you can see from my script, I've fixed Descriptor size to 0000 in Directory field.

And in Header C482xxyy, where xxyy is calculated properly, which is a sum of

all size fields in Directory, e.g.


016a = 0011+001f+000c+001e+0042+0018+006d+0032+0017+0000+0000


Question: Can't figure out why Method LOAD fails? By checking GP 2.1 spec, it doesnt

help me understand the problem.

Concatenated components to < 255 block size also fails,

only separate components work for LOAD.


[+] Install for load

>> 80e602001207d07002ca449001000006ef04c60201850000c0000000

<< 009000

[+] LOAD - Header

>> 80e8000018c482016a010011decaffed010204000107d07002ca44900100c0000000

<< 009000

[+] LOAD - Directory

>> 80e800012202001f0011001f000c001e00420018006d003200170000000000040002002202010000c0000000

<< 009000

[+] LOAD - Import

>> 80e800022104001e02000107a0000000620101060210a0000000090003ffffffff891071000200c0000000

<< 009000

[+] LOAD - Applet

>> 80e800030f03000c0108d07002ca44900101002000c0000000

<< 009000

[+] LOAD - Class

>> 80e800041b06001843800301ff0007020000002f00398002008101010881000000c0000000

<< 009000

[!!!!] LOAD - Method (FAILED)

>> 80e800057007006d000911188c00048d00012c18197b0002037b00029210240303038b000388007a02318f00053d8c00062e1b8b00077a0120188b000860037a7a02228d00092d1d10076b101a8b000a321fae006b06188c000b7a06118d000c2c1903077b000d037b000d928b000e198b000f3b7a00c0000000

<< 9000 (should be 009000)


[-] LOAD - StaticField (FAILED due to last failed LOAD)

>> 80e80006350800.....

<< 6A86 (because prev. p2=05 is not loaded)

Tagged:

Answers

  • User_D5ZWW
    User_D5ZWW Member Posts: 6 Green Ribbon
    edited Feb 4, 2022 2:54PM

    Forgot to mention, that I'm compiling CAP from here

    https://github.com/simhacks/hello-stk.git


    I've also tried https://github.com/martinpaljak/ant-javacard, no luck as well. Same thing on Method component loading.


    Please assist

  • User_D5ZWW
    User_D5ZWW Member Posts: 6 Green Ribbon

    At least, If anyone can check locally this and provide APDUs, this would be helpful as well..

    Raw CAP bytes in order (Header, Directory, Import, Applet, Class, Method, StaticField, ConstantPool, RefLocation, Descriptor)

    ['01000fdecaffed010204000105d07002ca44',
    '02001f000f001f000c00280036001800aa000a001200000003000000000000030100', '04002803030107a0000000620101060210a0000000090003ffffffff8910710002000107a0000000620001',
     '03000c0108d07002ca449001010039',
     '06001843800301ff00070200000048005280020081010108810000', '0700aa000912188c00038d00012c08900b3d031048383d041065383d05106c383d06106c383d07106f382d18191a031a9210240303038b000288007a02318f00043d8c00052e1b8b00067a0120188b000760037a7a06248d00082d1d10076b4e1a8b0009321fae006b441007900b3d031057383d041065383d05106c383d061063383d07106f383d08106d383d100610653828048d000a2805150503071504031504928b000b15058b000c3b7a',
     '08000a00000000000000000000', '050036000d02000000068109000381090b0680030001000000060000010380030103800303068108000381080c06810a0003810a1303810a16',
     '0900120002372d000c05032c08040507090a330f05',
     '0b0003000000']
    


  • User_D5ZWW
    User_D5ZWW Member Posts: 6 Green Ribbon

    I dont see "sim.toolkit" here for some reason

    Got this on my USIM card. So GSM 2G sim.toolkit is available on the card. But still Method fails.

    How can I detect on the USIM card which method I can't use? This is a simple HelloWorld which extends Applet and uses ToolkitInterface


    --- Request: GET STATUS LoadFiles for A000000009 AID (GSM 2G) -- 80F22002074f05A00000000900c0000000

    Response: 

    e31a4f10

      a000000009 0003ffffffff8910710001 - ETSI sim.access

    9f700101ce020202

    e31a4f10

      a000000009 0003ffffffff8910710002 - ETSI sim.toolkit

    9f700101ce020206

    e31a4f10

      a0000000090005ffffffff8911000000 - ETSI UICC API For JavaCard

    9f700101ce020101

    e31a4f10

      a0000000090005ffffffff8912000000 - ETSI UICC API For JavaCard

    9f700101ce020101

     

    --- Request: GET STATUS LoadFiles for A000000087 AID (3GPP 3G) -- 80F22002074f05A00000008700c0000000

    Response:

    e31a4f10a0000000871005ffffffff89131000009f700101ce020100e31a4f10a0000000871005ffffffff89132000009f700101ce020102

     

    EXE AID: a0000000871005ffffffff8913100000 - 3GPP UICC API For JavaCard

    LIFE CYCLE: 0101

    VERSION NUMBER: 0100

    EXE AID: a0000000871005ffffffff8913200000 - 3GPP UICC API For JavaCard

    LIFE CYCLE: 0101

    VERSION NUMBER: 0102