3

I'm trying to install an applet on a SIM card wich supports java card V3.0.4. When I try to establish a secure channel to load the applet, the card returns an error:

mode_211
enable_trace
establish_context
card_connect
select -AID A000000151000000
Command --> 00A4040008A000000151000000
Wrapped command --> 00A4040008A000000151000000
Response <-- 6F108408A000000151000000A5049F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 79AA24D80FF0056101F1D9AB6DCAF0E6
 -enc_key 79AA24D80FF0056101F1D9AB6DCAF0E6
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664A734806072A864886FC6B01600B06092A864886FC6B020202630906072A86488
6FC6B03640B06092A864886FC6B048000640B06092A864886FC6B040255640B06092A864886FC6B0
481079000
Command --> 8050000008F05E65BF5254BC9F00
Wrapped command --> 8050000008F05E65BF5254BC9F00
Response <-- 00005147A5190C5352322002001C1F47B6C76BABFD305EBBC2CD1BB39000
mutual_authentication() returns 0x8030F00A (The Secure Channel Protocol passed and reported do not match.)

I'm using GPShell-1.4.4. I guess the problem is using wrong key set! Am I true or there is something else I cannot guess what?!

Thanks for your response,

MJay
  • 987
  • 1
  • 13
  • 36
  • Can you try `-keyDerivation` set to `visa2`? Almost all Gemalto SIMCards use this key derivation. – Ebrahim Ghasemi May 01 '17 at 11:02
  • @Abraham tested, same result! is there any problem with the secure channel protocol? because I'm quite sure that the key is correct!!! – MJay May 01 '17 at 11:41

1 Answers1

3

(I am partly reusing an answer I wrote for your previous question which you suddenly deleted)

Error code GP211_ERROR_INCONSISTENT_SCP means that GPShell's intended SCP version mismatches with the real SCP version given by the card (see here).

Check the 12th byte of card response to INITIALIZE UPDATE -- Secure Channel Protocol identifier (see e.g. GP Card Specification 2.3, section E5.1.6) and use parameter -scp.

Alternatively you might want to use GlobalPlatformPro as GPShell is quite outdated...

Beware that you can block your card by issuing multiple INITIALIZE UPDATE commands without successful authentication!

As your current question contains the complete log it is possible to parse the Card Data tag giving (according to GP 2.2.1):

66 Card Data
    73 Card Recognition Data / Discretionary Data Objects
        06 OID
            2A864886FC6B01 {globalPlatform 1} // Card Recognition Data
        60 Application Tag 0
            06 OID
                2A864886FC6B020202 {globalPlatform 2 2 2} // GP 2.2 Card
        63 Application Tag 3
            06 OID
                2A864886FC6B03 {globalPlatform 3} // Card Identification Scheme
        64 Application Tag 4
            06 OID
                2A864886FC6B048000 {globalPlatform 4 128 0x00} // SCP80 i=0x00
        64 Application Tag 4
            06 OID
                2A864886FC6B040255 {globalPlatform 4 2 0x55} // SCP02 i=0x55
        64 Application Tag 4
            06 OID
                2A864886FC6B048107 {globalPlatform 4 129 0x07} // SCP81 i=0x07

So you might want to use -scp 2 -scpimpl 0x55 or -scp 2 -scpimpl 85 (which happens to be the same).

Or use GlobalPlatformPro.

Alternatively -scpimpl 0x15 should work as well as the Well-known pseudo-random algorithm (card challenge) bit in 'i' should not matter...

Good luck!

vlp
  • 7,811
  • 2
  • 23
  • 51
  • dear vlp, Thank you for you exact and detailed response. I don't remember what was the question I deleted but I know there was a mistake by myself which made that question wrong to ask. Thanks for your help. – MJay May 02 '17 at 05:30
  • It was [this one](http://stackoverflow.com/questions/43630628/how-install-java-card-applet-on-sim-card)..I am glad the authentication works for you! – vlp May 02 '17 at 13:12
  • I undeleted and edited that question. Thank you vlp for your help. could you please put the answer in that question? – MJay May 03 '17 at 05:24
  • @MJay It makes no sense to answer the same question twice -- I think you should keep it deleted...Good luck with your project! – vlp May 03 '17 at 06:57