CODEWITHSUNDEEP
javacardsim-cardglobalplatform
SIMApplet
SIMApplet

Reputation: 11

Why my SIMCard returns 6985 to EXTERNAL AUTHENTICATE APDU Command?

I have a Javacard-based SIM Card with the following specification:

D:\>gp -i
# GlobalPlatformPro 325fe84
# Running on Windows 8.1 6.3 amd64, Java 1.8.0_20 by Oracle Corporation
Unlimited crypto policy is NOT installed!

IIN: <Censored by OP>
CIN: <Censored by OP>

Card Data:
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.2
-> GP Version: 2.2
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.0
-> GP SCP80 i=00
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.2.840.114283.5.4
Tag 66: 1.3.6.1.4.1.42.2.110.1.2
-> JavaCard v2

Card Capabilities:
[WARN] GPKeyInfo - Access and Usage not parsed: 01180100
[WARN] GPKeyInfo - Access and Usage not parsed: 01140100
[WARN] GPKeyInfo - Access and Usage not parsed: 01480100
[WARN] GPKeyInfo - Access and Usage not parsed: 01180100
[WARN] GPKeyInfo - Access and Usage not parsed: 01140100
[WARN] GPKeyInfo - Access and Usage not parsed: 01480100
Version:  32 (0x20) ID:   1 (0x01) type: DES3         length:  16
Version:  32 (0x20) ID:   2 (0x02) type: DES3         length:  16
Version:  32 (0x20) ID:   3 (0x03) type: DES3         length:  16
Version:  33 (0x21) ID:   1 (0x01) type: DES3         length:  16
Version:  33 (0x21) ID:   2 (0x02) type: DES3         length:  16
Version:  33 (0x21) ID:   3 (0x03) type: DES3         length:  16
Version:  34 (0x22) ID:   1 (0x01) type: DES3         length:  16
Version:  34 (0x22) ID:   2 (0x02) type: DES3         length:  16
Version:  34 (0x22) ID:   3 (0x03) type: DES3         length:  16
Version:  35 (0x23) ID:   1 (0x01) type: DES3         length:  16
Version:  35 (0x23) ID:   2 (0x02) type: DES3         length:  16
Version:  35 (0x23) ID:   3 (0x03) type: DES3         length:  16
Version:   1 (0x01) ID:   1 (0x01) type: DES3         length:  16
Version:   1 (0x01) ID:   2 (0x02) type: DES3         length:  16
Version:   1 (0x01) ID:   3 (0x03) type: DES3         length:  16
Version:   2 (0x02) ID:   1 (0x01) type: DES3         length:  16
Version:   2 (0x02) ID:   2 (0x02) type: DES3         length:  16
Version:   2 (0x02) ID:   3 (0x03) type: DES3         length:  16
Version:   3 (0x03) ID:   1 (0x01) type: DES3         length:  16
Version:   3 (0x03) ID:   2 (0x02) type: DES3         length:  16
Version:   3 (0x03) ID:   3 (0x03) type: DES3         length:  16
Version:   4 (0x04) ID:   1 (0x01) type: DES3         length:  16
Version:   4 (0x04) ID:   2 (0x02) type: DES3         length:  16
Version:   4 (0x04) ID:   3 (0x03) type: DES3         length:  16
Version:   5 (0x05) ID:   1 (0x01) type: DES3         length:  16
Version:   5 (0x05) ID:   2 (0x02) type: DES3         length:  16
Version:   5 (0x05) ID:   3 (0x03) type: DES3         length:  16
Version:   6 (0x06) ID:   1 (0x01) type: DES3         length:  16
Version:   6 (0x06) ID:   2 (0x02) type: DES3         length:  16
Version:   6 (0x06) ID:   3 (0x03) type: DES3         length:  16
Version:   7 (0x07) ID:   1 (0x01) type: DES3         length:  16
Version:   7 (0x07) ID:   2 (0x02) type: DES3         length:  16
Version:   7 (0x07) ID:   3 (0x03) type: DES3         length:  16
Version:   8 (0x08) ID:   1 (0x01) type: DES3         length:  16
Version:   8 (0x08) ID:   2 (0x02) type: DES3         length:  16
Version:   8 (0x08) ID:   3 (0x03) type: DES3         length:  16

Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F

When I want to do a Mutual Authentication with it, I receive 69 85 (Condition of use not satisfied) error status words:

D:\>python mutual_auth.py

Connected to Card with ATR = 3B9F95803FC6A08031E073FE211B670110B26094101401

---> 00 A4 04 00 08 A0 00 00 00 03 00 00 00
<--- 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00

---> 80 50 00 00 08 37 CD BA 7B B4 57 B5 1B
<--- 00 00 C6 D8 6A 1C B2 02 14 13 20 02 00 00 71 90 98 C2 77 8A 07 3D 4A 4B F1 4D D4 FB 90 00

:: Calculated "Session Keys" based on host and card challenges:
    Session ENC: 43cc9d7949a13e83d22626400645c4c143cc9d7949a13e83
    Session MAC: 4abaaa3864d8fbf2ae0ac430c550ef564abaaa3864d8fbf2
    Session DEK: e1fbe0ccb299f3dcf756308f94fa4fb5e1fbe0ccb299f3dc

:: Card cryptogram verified successfully.
    
---> 84 82 00 00 10 22 66 0D BB EF 34 74 D3 11 43 98 00 F6 15 B9 ED
<--- 69 85

Error: Failed to Mutual Authenticate!

What is wrong with the external authenticate command?

Note 1: I can do successful mutual authentication with different Javacards (Which are SCP02-i15) and that means that the tool creates the session keys and MAC values correctly, but when I want to have mutual authentication with my SIM Cards, I received 6985.

Note 2: The card cryptogram is correct based on the generated session keys.

Note 3: I even tried C-MAC on unmodified APDU (i=1A), but nothing changed.

Verification of session keys:

based on the INITIALIZE UPDATE APDU command and its response we have:

Host Challenge: 37 CD BA 7B B4 57 B5 1B

key_diversification_data : 00 00 C6 D8 6A 1C B2 02 14 13
key_info : 20 02
sequence_counter : 00 00
card_challenge : 71 90 98 C2 77 8A 
card_cryptogram : 07 3D 4A 4B F1 4D D4 FB

Let's verify the correctness of generated session ENC key with above data. Based on the KeyInfo data, out SIMCard uses SCP02. In SCP02 we have:

card_auth_data = host_challenge + sequence_counter + card_challenge + 800000000000000

==> card_auth_data = 37CDBA7BB457B51B0000719098C2778A8000000000000000
card_cryptogram = 3des_cbc_enc(card_auth_data, ZERO_IV)[-8:]

enter image description here

As you see above, we generated the card cryptogram equal with the value that card returns in INITIALIZE UPDATE response. So the session ENC key have a correct value.

Let's generate host cryptogram for External Authenticate command:

host_auth_data = sequence_counter + card_challenge + host_challenge + 800000000000000

==> host_auth_data = 0000719098C2778A37CDBA7BB457B51B8000000000000000
host_cryptogram = 3des_cbc_enc(host_auth_data, ZERO_IV)[-8:]

enter image description here

As you see above, the generated host_cryptogram in above picture is equal with the value which I sent to the card too.

So the only possible problem which I may have is the MAC value in the External Authenticate command. Let assume that the Session Key is generated correctly (We can't verify its value with the provided information in the question and I don't want to expose my card's static MAC key). Is there any other possible origin for the issue?

Upvotes: 1

Views: 751

Answers (1)

k_o_
k_o_

Reputation: 6298

When reading your question carefully I see that you are using a SIM card.

  1. SIM cards usually do not expose SCP02/SCP03. The reason for this is that the cards are not meant to be used by end users in a card reader. The SCP02/SCP03 is disabled. For remote updates the MNO is just using SCP80 over SM or BIP or CAT_TP. This is a different SCP. The reported SCP02 can be a false positive, some SIM cards are not very spec compliant.

  2. Also if your card is potentially supporting SCP02, are you sure that you have the SCP02 keys? The MNOs / SIM card vendor are distributing in output files usually only the Kic/Kid for the SCP80 protocol.

Upvotes: 0

Related Questions