How I can find a list of APDUs that a applet supports?

Question

I have an AID list of applets on my fresh javacard.what is usage of each applet? and how I can gain a list of APDU commands that each one supports? Am I need to the java source code that applet's .cap file made from? my another question : What is this 'PR' parameters and 'LC' Parameters that come after each AID?

Answer 1

Michael Roland's answer contains a lot of useful information for you. Knowing what the applet is from its AID and knowing the specifications it implements will be the quickest and best way to figure out which commands are accepted.

As an exercise you could select the applet in question and send many combinations of APDUs containing different CLA/INS bytes. Analyzing the responses could potentially provide you some insight on which commands are processed and which are rejected. The typical applet will return 6E00 or 6D00 to unknown instructions and some other code for known instructions.

Answer 2

From a list of applet (instance) AIDs (note that the list you show in your post above, does only contain executable load files and security domains, but no actual applet instance AIDs), you could possibly find the registered application provider and the type of application by splitting the AIDs into their RID and PIX parts.

For instance, A0 00 00 00 04, looks like the RID of Master Card. Together with a PIX of 10 10, this would be a Master Card credit/debit application based on the EMV specifications for payment systems.

So you could do such guessing for all AIDs to find out what appications they could possibly represent. Google will help you for many AIDs. Alternatively you could also ask the registered application provider (that you found through the RID) what application hides behind a given AID.

As a next step, you would need to find out what protocol a certain application speaks (i.e. what command flow to use and what APDU commands the applets understand). For the examplary Master Card credit/debit card application, this would be defined in the EMV specifications for payment systems which you can get for free from EMVCo. For other applications you would need to find a datasheet, user manual, specification, or the source code (very unlikely) of that application. You could, for instance, get such information by asking the application provider or by searching for that specific AID on the web.

The PR parameter indicates the privileges (according to Global Platform) of the executable load file/security domain. 0x00 means no privileges, 0x9E means security domain, card lock privilege, card terminate privilege, card reset privilege, cardholder verification method management privilege.

The parameter LC indicates the life-cycle state (according to Global Platform) of the executable load file/security domain. For the issuer security domain, LC indicates the card life-cycle state (1 meaning OP_READY). For the executable load files, LC indicates the load-file life-cycle state which is always 1 (LOADED).

Note that the list (output from gpj -list) you show above indicates that there is no application (other than the ISD's OPEN) installed and selectable on that card.

Answer 3

there is no functionality for showing a list of supported APDUs.
either you have:

• the source code and look through the process method
• a documentation of the applet or
• the applet supports a certain specification like pkcs11/15 or the iso commands