2 Replies Latest reply: Nov 12, 2012 6:53 PM by safarmer RSS

    make SSD change from SELECTABLE to PERSONALIZED

    970435
      Hello everyone,

      Now I am working on one JCOP card (J3A040 v2.4.1) using GPShell.

      I have installed a SSD on the card using the preinstalled package with the privilege 0x98, now the cycle state is 7 which means SELECTABLE, I would like to extradite an applet to this security domain, So I need to turn it to PERSONALIZED. My question is ... How could I do it ?

      I read from the thread below that The SSD does automatically change from the SELECTABLE to PERSONALIZED state when it has all the keys it needs to operate.
      https://kr.forums.oracle.com/forums/thread.jspa?threadID=1750488

      So far I have done is

      select the SSD
      open secure channel with default keys
      put secure channel keys

      Then I was expecting that the SSD will turn to PERSONNALIZED automatically, however, no it didn't change, the state is still 7
      Here is the commands I used:


      mode_211
      mode_211
      enable_trace
      enable_trace
      enable_timer
      enable_timer

      establish_context
      establish_context
      command time: 31 ms
      card_connect
      card_connect
      command time: 0 ms
      select -sdAID A000000003535041
      select -sdAID A000000003535041
      Command --> 00A4040000
      Wrapped command --> 00A4040000
      Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104
      command time: 78 ms
      open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
      open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
      Command --> 80CA006600
      Wrapped command --> 80CA006600
      Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E01029000
      Command --> 805000000892307E0954D65B2200
      Wrapped command --> 805000000892307E0954D65B2200
      Response <-- 0000109000248695546101020014C343BDBA9544AB1C5DF273D9E82A9000
      Command --> 84820100101A431B62EF77F1D7389C9852B1EF31EA
      Wrapped command --> 84820100101A431B62EF77F1D7389C9852B1EF31EA
      Response <-- 9000
      command time: 344 ms
      put_sc_key -keyver 0 -newkeyver 3 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f -current_kek 404142434445464748494a4b4c4d4e4f
      put_sc_key -keyver 0 -newkeyver 3 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f -current_kek 404142434445464748494a4b4c4d4e4f
      Command --> 80D8008143038010D9AD2D3781847C698E55474D141B7B3903A4B7D68010D9AD2D3781847C698E55474D141B7B3903A4B7D68010D9AD2D3781847C698E55474D141B7B3903A4B7D600
      Wrapped command --> 84D800814B038010D9AD2D3781847C698E55474D141B7B3903A4B7D68010D9AD2D3781847C698E55474D141B7B3903A4B7D68010D9AD2D3781847C698E55474D141B7B3903A4B7D6E07393F12DA1B7FB00
      Response <-- 03A4B7D6A4B7D6A4B7D69000
      command time: 250 ms
      get_status -element 40
      get_status -element 40
      Command --> 80F24000024F0000
      Wrapped command --> 84F240000A4F009DB0F0965ADAA90600
      Response <-- 08A00000000353504107989000

      List of elements (AID state privileges)
      a000000003535041        7       98
      command time: 63 ms
      card_disconnect
      card_disconnect
      command time: 0 ms
      release_context

      Thank you in advance
      yuyu
        • 1. Re: make SSD change from SELECTABLE to PERSONALIZED
          970435
          I looked through the above commands again, and I realized that actually the keys were put to the Issier Security Domain instead of the SSD, because the selecte command chosed the ISD.

          Then I selected the SSD and tried to open a secure channel but I failed ..

          mode_211
          mode_211
          enable_trace
          enable_trace
          establish_context
          establish_context
          card_connect
          card_connect
          select -AID A000000003535041
          select -AID A000000003535041
          Command --> 00A4040008A000000003535041
          Wrapped command --> 00A4040008A000000003535041
          Response <-- 6F658408A000000003535041A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0402156
          open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
          open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
          Command --> 80CA006600
          Wrapped command --> 80CA006600
          Response <-- 6A88
          GP211_get_secure_channel_protocol_details() returns 0x80206A88 (6A88: Referenced data not found.)

          How could turn the SSD to personalized state and finally install an applet on it ??

          I got blocked on this for days, please help me out . Thank you in advance.
          • 2. Re: make SSD change from SELECTABLE to PERSONALIZED
            safarmer
            The process is:

            * Install SSD with correct privileges
            * select SSD
            * authenticate with ISD keys
            * Use PUT-KEY to inject new keyset

            Once you have done this it will be personalised.

            - Shane