Cannot list or install CAP files in JavaCard after unlocking. Why? and how to solve it?

Question

I have a SmartCafe JavaCard. I was able to unlock it, but I cannot run any more command on it. What else can I try?

Maybe it is because the protocol? But I didn't found a way to change the protocol. Do you have any other idea

gp -dvl
#
# gp -dvl
[DEBUG] TerminalManager - Selected the only reader with a card
SCardConnect("Identiv uTrust 4701 F Contact Reader 0", T=*) -> T=1, 3BF71800008031FE45736674652D6E66C4
# GlobalPlatformPro 325fe84
# Running on Windows 10 10.0 amd64, Java 11.0.11 by Oracle Corporation
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (54ms) 6F108408A000000003000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000003000000
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
[INFO] GPSession - Using card master keys with version 0 for setting up session [MAC]
A>> T=1 (4+0008) 80500000 08 9ECABDC6C1A59FEB 00
A<< (0028+2) (120ms) 0000216196005964450501020003ED298A383ECE2F1E4CA8EB811E95 9000
[DEBUG] GPSession - SSC: 0003
[DEBUG] GPSession - Host challenge: 9ECABDC6C1A59FEB
[DEBUG] GPSession - Card challenge: 0003ED298A383ECE
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=C39AC2D18F94A22B14C04DBB8CF69B7F MAC=D527FB5519C316C9C876E016D80BAEBA RMAC=598ECF7C266BA87DEA24D380AFAFE069
[DEBUG] GPSession - Verified card cryptogram: 2F1E4CA8EB811E95
[DEBUG] GPSession - Calculated host cryptogram: BA9CC3E1E77BF363
A>> T=1 (4+0016) 84820100 10 BA9CC3E1E77BF3634913ED6DF33F8FEA
A<< (0000+2) (46ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F0056F974428777BDCE 00
A<< (0000+2) (49ms) 6A86
A>> T=1 (4+0010) 84F28000 0A 4F006C54999C15CDD096 00
A<< (0011+2) (52ms) 08A000000003000000079E 9000
Error: At position 1 the len is more then 3 [32]
java.lang.IllegalStateException: At position 1 the len is more then 3 [32]
        at com.payneteasy.tlv.BerTlvParser.getDataLength(BerTlvParser.java:205)
        at com.payneteasy.tlv.BerTlvParser.parseWithResult(BerTlvParser.java:85)
        at com.payneteasy.tlv.BerTlvParser.parse(BerTlvParser.java:53)
        at com.payneteasy.tlv.BerTlvParser.parse(BerTlvParser.java:44)
        at pro.javacard.gp.GPRegistry.populate_tags(GPRegistry.java:151)
        at pro.javacard.gp.GPRegistry.parse_and_populate(GPRegistry.java:211)
        at pro.javacard.gp.GPSession.getStatus(GPSession.java:1022)
        at pro.javacard.gp.GPSession.getRegistry(GPSession.java:963)
        at pro.javacard.gp.GPTool.run(GPTool.java:665)
        at pro.javacard.gp.GPTool.main(GPTool.java:107)
SCardDisconnect("Identiv uTrust 4701 F Contact Reader 0", true) tx:72/rx:67

Answer 1

The mutual authentication succeeds:

A>> T=1 (4+0016) 84820100 10 BA9CC3E1E77BF3634913ED6DF33F8FEA A<< (0000+2) (46ms) 9000 ~~

But the GET STATUS command fails:

84F28002 0A 4F0056F974428777BDCE 00 A<< (0000+2) (49ms) 6A86 A>> T=1 (4+0010) 84F28000 0A 4F006C54999C15CDD096 00 A<< (0011+2) (52ms) 08A000000003000000079E 9000

The first GET STATUS command searches for the Issuer Security Domain in the new format, but receives "Incorrect parameters P1,P2" as response.

The second command tries to read the same, but in the old format. Here a response is received but gp seems to have parsing errors for the result 08A000000003000000079E.

The parsed result should be :

08 - length A000000003000000 - AID 07 - life cycle state = card is initialized 9E - application privileges

Please raise an issue for the gp tool. It should be easy to fix it.

Can you try to use an alternative tool for your task while this issue is not fixed? I'm the author of GPShell and based on the code base I would assume at least this error should not occur.