This discussion is archived
2 Replies Latest reply: Nov 12, 2012 4:53 PM by safarmer RSS

make SSD change from SELECTABLE to PERSONALIZED

970435 Newbie
Currently Being Moderated
Hello everyone,

Now I am working on one JCOP card (J3A040 v2.4.1) using GPShell.

I have installed a SSD on the card using the preinstalled package with the privilege 0x98, now the cycle state is 7 which means SELECTABLE, I would like to extradite an applet to this security domain, So I need to turn it to PERSONALIZED. My question is ... How could I do it ?

I read from the thread below that The SSD does automatically change from the SELECTABLE to PERSONALIZED state when it has all the keys it needs to operate.
https://kr.forums.oracle.com/forums/thread.jspa?threadID=1750488

So far I have done is

select the SSD
open secure channel with default keys
put secure channel keys

Then I was expecting that the SSD will turn to PERSONNALIZED automatically, however, no it didn't change, the state is still 7
Here is the commands I used:


mode_211
mode_211
enable_trace
enable_trace
enable_timer
enable_timer

establish_context
establish_context
command time: 31 ms
card_connect
card_connect
command time: 0 ms
select -sdAID A000000003535041
select -sdAID A000000003535041
Command --> 00A4040000
Wrapped command --> 00A4040000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104
command time: 78 ms
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E01029000
Command --> 805000000892307E0954D65B2200
Wrapped command --> 805000000892307E0954D65B2200
Response <-- 0000109000248695546101020014C343BDBA9544AB1C5DF273D9E82A9000
Command --> 84820100101A431B62EF77F1D7389C9852B1EF31EA
Wrapped command --> 84820100101A431B62EF77F1D7389C9852B1EF31EA
Response <-- 9000
command time: 344 ms
put_sc_key -keyver 0 -newkeyver 3 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f -current_kek 404142434445464748494a4b4c4d4e4f
put_sc_key -keyver 0 -newkeyver 3 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f -current_kek 404142434445464748494a4b4c4d4e4f
Command --> 80D8008143038010D9AD2D3781847C698E55474D141B7B3903A4B7D68010D9AD2D3781847C698E55474D141B7B3903A4B7D68010D9AD2D3781847C698E55474D141B7B3903A4B7D600
Wrapped command --> 84D800814B038010D9AD2D3781847C698E55474D141B7B3903A4B7D68010D9AD2D3781847C698E55474D141B7B3903A4B7D68010D9AD2D3781847C698E55474D141B7B3903A4B7D6E07393F12DA1B7FB00
Response <-- 03A4B7D6A4B7D6A4B7D69000
command time: 250 ms
get_status -element 40
get_status -element 40
Command --> 80F24000024F0000
Wrapped command --> 84F240000A4F009DB0F0965ADAA90600
Response <-- 08A00000000353504107989000

List of elements (AID state privileges)
a000000003535041        7       98
command time: 63 ms
card_disconnect
card_disconnect
command time: 0 ms
release_context

Thank you in advance
yuyu
  • 1. Re: make SSD change from SELECTABLE to PERSONALIZED
    970435 Newbie
    Currently Being Moderated
    I looked through the above commands again, and I realized that actually the keys were put to the Issier Security Domain instead of the SSD, because the selecte command chosed the ISD.

    Then I selected the SSD and tried to open a secure channel but I failed ..

    mode_211
    mode_211
    enable_trace
    enable_trace
    establish_context
    establish_context
    card_connect
    card_connect
    select -AID A000000003535041
    select -AID A000000003535041
    Command --> 00A4040008A000000003535041
    Wrapped command --> 00A4040008A000000003535041
    Response <-- 6F658408A000000003535041A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0402156
    open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
    open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
    Command --> 80CA006600
    Wrapped command --> 80CA006600
    Response <-- 6A88
    GP211_get_secure_channel_protocol_details() returns 0x80206A88 (6A88: Referenced data not found.)

    How could turn the SSD to personalized state and finally install an applet on it ??

    I got blocked on this for days, please help me out . Thank you in advance.
  • 2. Re: make SSD change from SELECTABLE to PERSONALIZED
    safarmer Expert
    Currently Being Moderated
    The process is:

    * Install SSD with correct privileges
    * select SSD
    * authenticate with ISD keys
    * Use PUT-KEY to inject new keyset

    Once you have done this it will be personalised.

    - Shane

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points