CODEWITHSUNDEEP
transactionssmartcardjavacard
Jean
Jean

Reputation: 697

Is this a bug in Transaction mechanism in javacards?

I wrote the below program and upload it on my card :

package transactionMechanismBugCheck;

import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;

public class TransactionMechanismBugCheck extends Applet {
    short[] arrayS;
    byte[] arrayB;

    private TransactionMechanismBugCheck() {
    }

    public static void install(byte bArray[], short bOffset, byte bLength)
            throws ISOException {
        new TransactionMechanismBugCheck().register();
    }

    public void process(APDU arg0) throws ISOException {

        short[] arraySlocal=null;

        JCSystem.beginTransaction();
            arrayS=new short[1];
            arraySlocal=arrayS;
        JCSystem.abortTransaction();

        ISOException.throwIt((short)0x9001); 
    } 
}

Installing procedure : 

gp: gp -list
AID: A000000151000000 (|....Q...|)
     ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
 CVM (PIN) management

AID: A0000001515350 (|....QSP|)
     ExM LOADED: (none)
     A000000151535041 (|....QSPA|)


gp: gp -install d:\transactionMechanismBugCheck.cap

gp: gp -list
AID: A000000151000000 (|....Q...|)
     ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
 CVM (PIN) management

AID: 010203040506 (|......|)
     App SELECTABLE: (none)

AID: A0000001515350 (|....QSP|)
     ExM LOADED: (none)
     A000000151535041 (|....QSPA|)

AID: 0102030405 (|.....|)
     ExM LOADED: (none)
     010203040506 (|......|)


gp:

The question is: Why I don't receive SW=0x9001 in respond of selection?

enter image description here

Above,The cursor blinking for about 10 second and then below line appears: 

OSC: opensc-tool -s 00A4040006010203040506
Using reader with a card: ACS CCID USB Reader 0
Sending: 00 A4 04 00 06 01 02 03 04 05 06
APDU transmit failed: Transmit failed

OSC:

Note that I read this article that is for 2009!

1- Why it doesn't respond to my select command with the exception that I put in the program?

2-Does this mean my javacard is vulnerable?

Upvotes: 0

Views: 167

Answers (2)

Chooch
Chooch

Reputation: 583

You should not call JCSystem.abortTransaction() when creating new objects as it may result to session lock or force tear/reset as what probably happened in your case.

Please see this link for more info: http://www.win.tue.nl/pinpasjc/docs/apis/jc222/javacard/framework/JCSystem.html#abortTransaction()

No, your JavaCard is not directly vulnerable. But your design is if you do not use these methods properly.

Upvotes: 1

Maarten Bodewes
Maarten Bodewes

Reputation: 94038

Although we cannot look into the card, it seems a higher chance that there is protection against this attack and that a countermeasure has been triggered. A useful countermeasure is to "mute" the card, so no information is leaked back to a possible attacker. This may mean that the card is not vulnerable.

There is of course no way to tell for sure, ask the vendor instead.

Upvotes: 1

Related Questions