CODEWITHSUNDEEP
smartcardjcop
Ralph M
Ralph M

Reputation: 31

JCOP 0x6A82 after sending Select + Transport Key

Hello I have one JCOP card not fused

From my vendor I've got TK and command to open card

When I sending to card [00:a4:04:00:10:40:41:42:43:44:45:46:47:48:49:4a:4b:4c:4d:4e:4f]

I've got [6a:82] (File not found)

How to personalized ?

Upvotes: 3

Views: 3185

Answers (3)

v3l0c1r4pt0r
v3l0c1r4pt0r

Reputation: 142

For JCOP cards you need to perform several steps to get your card personalized and in a safe state.

Sending the command, you presented, is only the first step. Keep in mind that instead of giving 40-4f, you need to provide your transport key and this is crucial to starting the process.

Then you should do the following:

  1. Send /boot command with [00:f0:00:00]
  2. Read at least all CM_KEYs and GPIN. You need them to be able to install applets. First key in my case is at address 0xc00305, so I send [c0:b0:03:05:10], 0x10 is length of key. Rest could be read by replacing first, third and fourth byte with address bytes. Again, in my case, they are at addresses 0xc00321, 0xc0033d, 0xc00407 (gpin length, 1 byte) and 0xc00412 (gpin itself).
  3. It is wise to replace those keys with your own values (command for this is 0xd6 and you pass number of bytes in Lc and new keys), i.e. [c0:b6:03:05:10:00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f] for first key.
  4. If you feel like you are ready to finish the personalization send /PROTECT as [00:10:00:00], then send /FUSE (THIS CANNOT BE UNDONE) as [00:00:00:00]

Unfortunately addresses may vary from model to model, so if you don't have access to documentation, it may be hard to do this properly for the first time. I made full memory dump of my card some time ago. You can find it here: https://re-ws.pl/2017/09/importunderstanding-jcop-memory-dump/ This could be used to verify if your offsets matches mine, or guess valid ones. I have also written more detailed description of JCOP pre-personalization, which can be found here: https://re-ws.pl/2017/09/importunderstanding-jcop-pre-personalization/

Upvotes: 4

Santa Claus
Santa Claus

Reputation: 51

For anybody having problem with not fused card: JCOP Admin manual can be found in public. However it is not easy to find. It gives enough details to pre-personalize and fuse the card manually. You can get it here.

Upvotes: 5

mictter
mictter

Reputation: 1418

You need to get the JCOP Administrator Manual from NXP. There the right command to authenticate to a card in pre-personalized state is specified, using that transport key that you should never post in a public forum, as Maarten said before.

That manual is only shared under NDA, so I can't share any details about the authentication command. Moreover, you will need more information to personalize cards successfully.

Upvotes: 2

Related Questions