Reputation: 27
download applet failed after changing key on PyApduTool
Download applet does not work anymore since i changed all 3 default key.
i can authenticate with this script GPShell
mode_211
enable_trace
establish_context
card_connect
select -AID A000000003000000
open_sc -scp 2 -scpimpl 0x15 -security 1 -keyind 0 -keyver 0 -key a068cd198555af5acc823dfae8a7827a -mac_key a068cd198555af5acc823dfae8a7827a -enc_key a068cd198555af5acc823dfae8a7827a -kek_key a068cd198555af5acc823dfae8a7827a // Open secure channel
card_disconnect
release_context
If i use pyApdutool for download script, i have this error:
Download Cap error: Check Card Cryptogram failed.
if i change the key GlobalPlatform/Auth and i click to button GP Verify, i have this error:
GP Verify error: Check Card Cryptogram failed.
Using pyResMan v2.1, if i put my new key on Key Manager and i click to button Mutual Authentication, it work:
doMutualAuth(): Start...
doMutualAuth(): Succeeded.
I also noticed that since I changed the keys, the version number of the keys has become 2,before, the version was 1.
gp.exe -i -d -v:
#
# gp -i -d -v
SCardConnect("Athena ASEDrive IIIe USB 0", T=*) -> T=1, 3BF81300008131FE454A434F5076323431B7
# GlobalPlatformPro 325fe84
# Running on Windows 10 10.0 amd64, Java 1.8.0_261 by Oracle Corporation
A>> T=1 (4+0000) 00A40400 00
A<< (0103+2) (54ms) 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
[DEBUG] GPSession - Auto-detected ISD: A000000003000000
A>> T=1 (4+0000) 80CA9F7F 00
A<< (0045+2) (27ms) 9F7F2A479050354791007833009005024992991894481290120000000006072432343939320000000000000000 9000
[WARN] GPData - Invalid CPLC date: 2432
CPLC: ICFabricator=4790
ICType=5035
OperatingSystemID=4791
OperatingSystemReleaseDate=0078 (2010-03-19)
OperatingSystemReleaseLevel=3300
ICFabricationDate=9005 (2019-01-05)
ICSerialNumber=02499299
ICBatchIdentifier=1894
ICModuleFabricator=4812
ICModulePackagingDate=9012 (2019-01-12)
ICCManufacturer=0000
ICEmbeddingDate=0000 (2010-01-01)
ICPrePersonalizer=0607
ICPrePersonalizationEquipmentDate=2432 (invalid date format)
ICPrePersonalizationEquipmentID=34393932
ICPersonalizer=0000
ICPersonalizationDate=0000 (2010-01-01)
ICPersonalizationEquipmentID=00000000
A>> T=1 (4+0000) 80CA0042 00
A<< (0000+2) (15ms) 6A88
[DEBUG] GPData - GET DATA(IIN): N/A
A>> T=1 (4+0000) 80CA0045 00
A<< (0000+2) (17ms) 6A88
[DEBUG] GPData - GET DATA(CIN): N/A
Card Data:
A>> T=1 (4+0000) 80CA0066 00
A<< (0078+2) (38ms) 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.1.1
-> GP Version: 2.1.1
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.3.656.840.100.2.1.3
Tag 66: 1.3.6.1.4.1.42.2.110.1.2
-> JavaCard v2
Card Capabilities:
A>> T=1 (4+0000) 80CA0067 00
A<< (0000+2) (16ms) 6A88
[DEBUG] GPData - GET DATA(Card Capabilities): N/A
A>> T=1 (4+0000) 80CA00E0 00
A<< (0020+2) (21ms) E012C00401028010C00402028010C00403028010 9000
Version: 2 (0x02) ID: 1 (0x01) type: DES3 length: 16
Version: 2 (0x02) ID: 2 (0x02) type: DES3 length: 16
Version: 2 (0x02) ID: 3 (0x03) type: DES3 length: 16
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
SCardDisconnect("Athena ASEDrive IIIe USB 0", true) tx:35/rx:260
(My card is not FUSED and not PROTECTED)
I can load, install, select applet, authenticate, on pyResMan, the applet work fine.
But the command gp.exe -l not work.
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Failed to open secure channel: Card cryptogram invalid!
Received: 40FCC922B688B08C
Expected: 327AEEAC380376EC
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalP ... /wiki/Keys
What is wrong, if i can authenticate with gpshell script ?
Any idea ?
Thanks in advance.
Upvotes: 0
Views: 901
Answers (1)
Reputation: 8116
(Given you already resolved your problem with PyApduTool in this question by editing the configuration file)
You must specify key value which GlobalPlatformPro should use (otherwise it uses the well-known default key with value 404142434445464748494A4B4C4D4E4F):
java -jar /opt/gp.jar -v -l --key a068cd198555af5acc823dfae8a7827a
or alternatively:
java -jar /opt/gp.jar -v -l --key-dek a068cd198555af5acc823dfae8a7827a --key-enc a068cd198555af5acc823dfae8a7827a --key-mac a068cd198555af5acc823dfae8a7827a
Command trace with actual card (gpshell):
mode_211
enable_trace
establish_context
card_connect
* reader name Gemalto PC Twin Reader 00 00
select -AID A000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F108408A000000003000000A5049F6501099000
open_sc -scp 2 -scpimpl 0x15 -security 1 -keyind 0 -keyver 0 -key a068cd198555af5acc823dfae8a7827a -mac_key a068cd198555af5acc823dfae8a7827a -enc_key a068cd198555af5acc823dfae8a7827a -kek_key a068cd198555af5acc823dfae8a7827a
Command --> 8050000008EABF19238386F99C00
Wrapped command --> 8050000008EABF19238386F99C00
Response <-- FFFFFFFFFFF71062DA69010200098315C89B44BFA1ED8320EED926819000
Command --> 8482010010C9F1E010B369F4C0018D22DAC134F1DB
Wrapped command --> 8482010010C9F1E010B369F4C0018D22DAC134F1DB
Response <-- 9000
card_disconnect
release_context
Command trace with actual card (GlobalPlatformPro):
[DEBUG] GlobalPlatform - Auto-detected ISD: A000000003000000
[TRACE] GlobalPlatform - Generated host challenge: 292B93656D145F9C
A>> T=0 (4+0008) 80500000 08 292B93656D145F9C 00
A<< (0028+2) (35ms) FFFFFFFFFFF71062DA690102000CAF7BB18519650456126907678D0F 9000
[DEBUG] GlobalPlatform - Host challenge: 292B93656D145F9C
[DEBUG] GlobalPlatform - Card challenge: 000CAF7BB1851965
[DEBUG] GlobalPlatform - Card reports SCP02 with key version 1 (0x01)
[DEBUG] GlobalPlatform - Will do SCP02 (8)
[DEBUG] PlaintextKeys - Card keys: {ENC=type=RAW bytes=A068CD198555AF5ACC823DFAE8A7827A, MAC=type=RAW bytes=A068CD198555AF5ACC823DFAE8A7827A, DEK=type=RAW bytes=A068CD198555AF5ACC823DFAE8A7827A}
[TRACE] PlaintextKeys - Session keys: {ENC=type=DES3 bytes=FB03954624ADB9A3EC89AE5D2B324D8B kcv=799E36, MAC=type=DES3 bytes=321E2B911ACDCF923C58E93AA44DD7B2 kcv=D7E17A, DEK=type=DES3 bytes=B05E11FF73ECBFB45384446C2E8D5B9F kcv=8DF462}
[DEBUG] GlobalPlatform - Verified card cryptogram: 0456126907678D0F
[DEBUG] GlobalPlatform - Calculated host cryptogram: D4F2E6ABD58F2532
A>> T=0 (4+0016) 84820100 10 D4F2E6ABD58F253245169D0334285F91
A<< (0000+2) (18ms) 9000
Upvotes: 0
Related Questions
- java.io.IOException: Invalid Keystore format
- Java Applet Windows-MY keystore PrivateKey getEncoded is null
- Authentication failed to java card Manager after changing Global Platform default key in gpshell
- Replace Applet in downloading and executing a file
- Installing a java card applet fails due to RSA keypair generation
- applet with SunMSCapi not working in linux
- Issues with Java 7u65
- Caused by: java.security.KeyException: Bad Data
- How can i give the key value as the parameter of the install() method?
- SecurityException in my Applet