Reputation: 1752
Authentication Method Blocked. Can it be unblocked?
I am working with a smart card and am using a custom C# library used for issuing APDU commands to the smart card.
I am attempting to perform an EXTERNAL AUTHENTICATE which requires a call to "GET CHALLENGE" followed by the EXTERNAL AUTHENTICATE using the response from the challenge.
I am getting a response S1=69 S2=83 "Authentication Method Blocked".
I think I caused this by unsuccessfully calling authenticate too many times, as previously I was getting S1=63 S2= C7 to C1, which I think means 7 more attempts counting down 1 more attempt, and then the card enters the Blocked state.
The Question
Once a smart card reaches the state "Authentication Method Blocked" is there an APDU command to "Unblock" the card?
I have searched the internet for the correct APDU command that may do this, and find there are some related to resetting PINs but this I feel is not a PIN but something different.
Here is the only list of APDU commands and responses that I can find.
UPDATE - 6-Oct-2023
As suggested by nvf and guidot, the answer to my question will depend on the card specifics and if it has this feature.
In this instance, I have reached out to the manufacturer and am seeking support to clarify if these cards are "bricked" or if there is someway to reset them so I can continue to attempt to test and create the correct authentication logic for our software to successfully work with this smart card.
The short answer so far seems to be NO! So these smart cards are now candidates for plastics recycling :-).
Reading through the list of standard ISO APDU commands that are available there are commands related to setting and resetting PINs, but this seems different to the EXTERNAL Authentication that I have attempted and blocked.
I have one more hope; the list of APDU commands has a series of commands for CHV, which I think stands for CardHolder Verification, and the commands are:
- 0x24 - Change CHV
- 0x26 - Disable CHV1
- 0x28 - Enable CHV1
- 0x2C - Unblock CHV
That last one looks promising I will update if I have any luck, but I suspect the cards go in the rubbish and I have to get some more working cards and then be more careful when attempting to debug and get this authentication working.
Upvotes: 1
Views: 355
Answers (1)
Reputation: 5333
Deleting the key (if necessary) and recreating it may be an available option, but as nvf correctly commented, it is proprietary (as all key-creation-related stuff) and surely depends on some administrative access right.
Note that you are considering a scenario, which smart cards are designed to prevent by default.
Without knowledge concerning administrative processes and keys available on your specific card and no access to a OS_specific manual, the chances seem VERY slim.
Upvotes: 0
Related Questions
- How to create secret session keys (S-ENC, S-MAC and S-DEK) using card-challenge and card-cryptogram?
- smart card: State of non-volatile memory has changed - 0x6581
- Sign file using smartcardio
- Difference between verification and authentication?
- What is the exact procedure to perform external authentication?
- Smart Card Authentication with ASP.NET
- Get access to specific ADPU functions from cryptoApi or CAPICOM using 3rd party CSP