2. INIT UpdateYou can use key version 0 which will use the first available key of the security domain. The key version will be returned in the response.
In each security domain have one or many key-set(3 keys MAC,ENC,DEC)
So, Every KeySet have a version. And when you send INIT-Update you say to Security Domain which KeySet you have and security Domain must use that key Set if it have. in your case i think there isn't keys with version 01/ You must contact Card Issuer to have information about KeySets.
@Safarmer: Card response: Unknow instruction codeThe GET-DATA command should always be available regardless of the card content state. There may be an issue where the JCRE has detected a security intrusion and has terminated the JCVM but I don't think this is the case if SELECT still works. Was this against the card manager or the default selected applet? If you did not before, you can try explicitly selecting the card manager before sending GET DATA.
P.S. how to check that card is blocked when i cant send even getStatus apdu?If the card is blocked because of numbver of failed attempts, INIT-UPDATE will return security condition not satisfied.
The only APDU request that card accepted re: select SD and select AID(only 1 applet)Are you selecting an SSD or the ISD? Does sending 00a40400 work and what is the response?
Sevar wrote:What do you mean by response in terminal?
i have 2 cards now. First still dont work, second:
i ve get "getdata" from gpshell mean 80CA9F7F00
response in terminal: 90 00
response in gpshell:
Response <-- 9F7F2A40906685129192890200019933022B2A20861292214312932143129421430000002000000000000000009000
How is this possible?
send: 00a40400You may get more response data with an Le of 00 (00a4040000) some cards will not return a response if you do not ask for one.
response: 90 00
i didnt use this doc, just documentation from my employer but now i see there is a lot more information than in their doc.That sounds like a good plan. There is also a lot of good information in README for GPShell that explains the commands it supports.
So now i ll read this document, and ll try to write my own script to gpshell (guess it ll be quite good idea to move toward)
And then when i learn it, i ll back there with problems
P.S. i saw that another script need command calls "set manufacturing info". Ofcourse this apdu is in their document so i guess to use it i need select this applet first. Am i right?This could be for setting parts of the CPLC that refer to the personalisation of the card. Some parts of the CPLC reflect who personalised the card and what equipment was used etc. If this is outlined in the documentation though, you should have no problem creating scripts to perform these commands.