Selecting DF (Dedicated File) in Smart Card, Return Error 6981

Question

I have written a program to communicate with a smart card (Gemalto Company MPCOS applet). I could successfully connect to card and transmit commands and fetch data.

However I have a problem: When I used 00 A4 01 00 02 02 00 command to select DF(Dedicated File), It returned error 69 81 (file indicator is incorrect).

This is so weird because after this command I used another command to fetch sub-file of this DF and it returned success 61 12.

command1(Select MPCOS Applet): 00 A4 04 00 10 A0 00 00 00 18 30 03 01 00 00 00 00 00 00 00 00
-> response: [97,18] (in decimal) or 6112 (in hex)

command2: 00 C0 00 00 12
-> response: [105,133,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] (in decimal) or
             69 85 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 (in hex)

command3(Select Root): 00 A4 00 00 02 3f 00
-> response: [97,18] (in decimal) or 6112 (in hex)

command4: 00 C0 00 00 12
-> response: [105,133,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] (in decimal) or
             69 85 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 (in hex)

command5(Select DF): 00 A4 01 00 02 02 00
-> response: [105,129] (in decimal) or 6981 (in hex)

command6(Select EF): 00 A4 02 00 02 02 01
-> response: [97,18] (in decimal) or 6112 (in hex)

command7: 00 C0 00 00 12
-> response: [105,133,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] (in decimal) or 
             69 85 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 (in hex)

Does using `00A4010002020000` (with _Le_ field) or `00A4010C020200` (with ISO7816-4 no response data) change anything? — vlp, Sep 29 '15 at 11:45
Just an idea, does the sub-file access work _without_ this SELECT? Sort of file selection rules might apply... — vlp, Sep 29 '15 at 12:14
Through the command of "00A40100020200" we receive error 6980, however we could access the sub-file (ES). Indeed we have found that if we omit this command we could not access to the sub-file. I mean that although we get error but this command work properly. How we could escape from this error? — Hosein Aqajani, Sep 30 '15 at 06:57
Which card are you using? Is it `T=0` or `T=1`? What are the responses to the proposed commands? What does card manual say about status `0x6980` (although reserved by ISO7816, not defined here). — vlp, Sep 30 '15 at 09:55
@vlp please see the question again, there was a mistake that I correct that. Protocol T0 or T1 is for contact-less card. — Hosein Aqajani, Sep 30 '15 at 13:07
I edited your question to be more readable for others. Please check it. If you can, please fill in the `...` parts in the responses. Good luck! — vlp, Oct 03 '15 at 19:37
Thanks @vlp for your edition, I filled the blanks and omitted the 9000 string from your edition, because 9000 is a response for a situation in which card is not waiting for the next command. Indeed when we selecting a part of data structure, card is waiting for next command to execute on the selected area. — Hosein Aqajani, Oct 05 '15 at 05:49
Could you execute the following command sequence and update the question with the trace? `00 A4 04 00 10 A0 00 00 00 18 30 03 01 00 00 00 00 00 00 00 00`, `00 C0 00 00 12`, `00 A4 00 00 02 3f 00`, `00 C0 00 00 12`, `00 A4 01 00 02 02 00`, `00 A4 02 00 02 02 01`, `00 C0 00 00 12` — vlp, Oct 05 '15 at 10:17
@vlr I tested your sequence and here is result: command1-->6112, command2-->0000, command3-->6112, command4-->0000, command5-->6981, command6-->6112, command7-->0000 — Hosein Aqajani, Oct 05 '15 at 12:12
Are you sure about the `0000` status? Was it not `9000`? If so could you please include the data part of the responses to this `00 C0 00 00 12` commands? Have you ever heard about `GET RESPONSE` command? — vlp, Oct 05 '15 at 13:01
@vlp yes you right, I have indicated only two last byte. Indeed the `Get Response` command cause to generate an array with 20 element:[105,133,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]. I think maybe my card does not support from this command. — Hosein Aqajani, Oct 06 '15 at 11:18
This response is really strange. Is your reader software stack working properly? Do you have another card to test? I am afraid I am not able to help you (except upvoting the question which I already have done). Good luck! .. And let me(us) know about the outcome — vlp, Oct 06 '15 at 12:07
@vlp I really appreciate you, I tested these sequence commands with several readers and several cards, but all of cards customized by Gemalto company for us. However I think maybe this problem is due to Fire Fox add-on. Because I am connecting the card through Fire Fox add-on. Although it use `winscard.dll`, FF use python core that it could be different from windows core. — Hosein Aqajani, Oct 06 '15 at 13:04
Have you managed to resolve the problem? It might be worth trying another tool to send the same APDUs to the card and verify this quite odd responses. — vlp, Nov 18 '15 at 09:19
Dear @vlp , I have tested this APDU by various card readers, I am confused how it is possible that there has not access to a file while there has an access to its sub-file. — Hosein Aqajani, Nov 25 '15 at 08:17
None of your SELECT commands s is actually working, since each returns an error status. The trailing zero bytes are not compliant with ISO7816-4 in that case. 6981 most likely means, that an EF is found instead of a DF; try to use P1=0 instead. 6985 (conditions of use not satisfied) is more strange - check the MPCOS manual for possible reasons. — guidot, Dec 01 '15 at 08:17

vlp · Answer 1 · 2015-10-03T19:28:40.713

2

You can use the 00A4010002020000 command APDU (i.e. the same as before, but with a Le field) if you need to process the SELECT response (you can get it using the GET RESPONSE command as you probably already know).

Or you can use the 00A4010C020200 command APDU (i.e. the same as before, but with P2=0x0C to indicate no response data wanted) if you do not need to process the SELECT response.

Based on your comments this approach should work.

EDIT>

This is strange, I just reproduced your situation on a native MPCOS card (do not have access to the MPCOS applet right now):

00A40000023F00 -> 851080013F0038000000C100C100000000679000
00A40100020200 -> 6F15840E315041592E5359532E4444463031A5038801019000
00A40200020201 -> 85104302020105000040C000C0000000006B9000

Note: This trace does not show the GET RESPONSE APDU exchanges.

So probably I can't help you :(

edited Oct 03 '15 at 19:28

answered Sep 30 '15 at 18:54

vlp

7,811
2
23
51

Unfortunately did not work, I tried these two commands and it return 6981 error in both situation – Hosein Aqajani Oct 03 '15 at 06:51
What is your command for selecting Applet (sth like my first command)? – Hosein Aqajani Oct 04 '15 at 05:59
As I use the native MPCOS card, I do not select the applet. – vlp Oct 04 '15 at 07:39

score 1 · Accepted Answer · answered Jan 04 '16 at 12:12

I have found the problem:

The problem was due to invoking the SCardTransmit function for two times. Indeed, one time to get response length and the second time for execute the command and getting response.

This dual invoke lead to error 6981:

function SCardTransmitFunc(aCallbackName, myCommand){
    var _SCARD_IO_REQUEST = new CONST.SCARD_IO_REQUEST;
    _SCARD_IO_REQUEST.dwProtocol = AProtocol;
    _SCARD_IO_REQUEST.cbPciLength =  CONST.SCARD_IO_REQUEST.size;  
    var myArrayCommand = hex2Dec(myCommand);        
    var command = TYPES.LPBYTE.targetType.array(myArrayCommand.length)(myArrayCommand);
    var commandLength = command.length;        
    var responseLength = TYPES.DWORD();
    var rez_SCT = SCardTransmit(cardHandle, _SCARD_IO_REQUEST.address(), command, commandLength, null, null, responseLength.address());
    var response = TYPES.LPBYTE.targetType.array(parseInt(responseLength.value))();
    var rez_SCT = SCardTransmit(cardHandle, _SCARD_IO_REQUEST.address(), command, commandLength, null, response, responseLength.address());
    var myResponse = "";//new Array();
    for(i = response.length - 2; i < response.length ; i++)
    {
        myResponse += dec2Hex(response[i]);
    }
}

and the corrected code is this:

function SCardTransmitFunc(aCallbackName, myCommand){
    var _SCARD_IO_REQUEST = new CONST.SCARD_IO_REQUEST;
    _SCARD_IO_REQUEST.dwProtocol = AProtocol;
    _SCARD_IO_REQUEST.cbPciLength =  CONST.SCARD_IO_REQUEST.size;  
    var myArrayCommand = hex2Dec(myCommand);
    var command = TYPES.LPBYTE.targetType.array(myArrayCommand.length)(myArrayCommand);
    var commandLength = command.length;
    var responseLength = TYPES.DWORD(1024);
    var response = TYPES.BYTE.array(parseInt(1024))();
    var rez_SCT = SCardTransmit(cardHandle, _SCARD_IO_REQUEST.address(), command, commandLength, null, response, responseLength.address());
    var myResponse = "";//new Array();
    var myLength = parseInt(responseLength.value);
    for(i = myLength - 2; i < myLength ; i++)
    {
        myResponse += dec2Hex(response[i]);
    }
}

I really thanks @guidot for his good hint and dear @vlp for his helps

Selecting DF (Dedicated File) in Smart Card, Return Error 6981

2 Answers2

Linked