hi
there is no such thing as a valid atr for muscle because the atr is related to
the CARD and not to the applet inside. the atr gives technical parameters about
the communication interface, see ISO7816-3 for that:
3b: direct convention
77: Y1=7={TA,TB,TC}, K=7 number of historical bytes
94: TA1
hello,
I have an idea, but to help me confirm it, can you post the response to the
SELECT APPLICATION command you send to the ISD?
Try 00A4 0400 00
BR
Sébastien Lorquet
Le 20/09/2013 09:46, landyman70 a écrit :
Here is the 2 APDUs that get sent under linux:
80500300080102030405060708
If the NSA played with your card, they did it before you bought it :)
I cannot see any answer to select in your previous messages.
You should still be able to issue this command even if you sent too many INIT
update and locked the card.
BR
Sébastien Lorquet
Le 20/09/2013 09:55, landyman70 a
You're obviously using a contact coupler in T=0 when I work daily with
contactless cards where Le does not matter :)
SELECT is a case 4 APDU so you have to send:
00A4 0400 00 67
or 00A4 0400 00 00
and the card will reply 6167
BR
Sébastien Lorquet
Le 20/09/2013 10:01, landyman70 a écrit :
With the nsa you never know ;)
But this is not important.
Can you, please, send me the answer to select from the ISD?
And also, if possible, the external authenticate command and response.
No security issue, commands cannot be replayed because of sequence counters.
BR
Sébastien Lorquet
Le
( Ludovic, can you please ban this freescale bot? )
I'm surprised of this behaviour.
If the card is locked I know that init update will fail. But select shall work.
If the card is locked select will return 6283, the mute card condition is
unusual. Maybe there is a default selected application
One more important question for my understanding of the situation.
is it correct that
-on windows, you get a random in init update, you send external authenticate,
and the next random is different
-BUT on linux, you send repeated init update WITHOUT any external authenticate?
Is this true or
OK, now we know the card manager AID.
Is your card response so confidential that you still don't send me the answer to
this select command after 3 requests?
The answer to select may explain why you get the same random.
Best regards
Sébastien Lorquet
Le 20/09/2013 16:16, landyman70 a écrit :
One more thing, if you send init update, get a valid response, and you are able
to compute the cryptograms, you shall send it to the card in ext auth to avoid
incrementing the security counter, even if the client side authentication fails
for additional reasons.
Sébastien Lorquet
Le 20/09/2013
OK, I will go on with my hypothesis.
What I think is that your card is using SCP02 option 55.
In this mode the card random is still generated internally, so the GP spec still
holds, but the random does not come from a random generator.
Instead, with option 55, the card random is a hash value
hi
I think there is no universal pin standard.
Packing and Padding options can be very wide :
use ascii
use binary
use nibble-packed bcd
pad high nibble of each byte with 0xF
etc.
pad with zeros
pad with ones
pad with complemented pin
prepend with length
etc.
the card/applet may not even
Can someone do something about this repeated out-of-office notification?
Best regards
Sebastien
Le 25/07/2013 13:22, fdimitr...@tmm-software.com a écrit :
Bonjour,
je suis actuellement absent pour la période du 15 juillet au 12 août.
Pour toute demande veillez vous adresser à Serge Massot:
Hello,
the privileges bits are specified in the GP specs .
GP 2.1.1 Card Spec v2.1.1 v0303.pdf page 107 table 9-7
GP 2.2 GP Card Spec 2.2.pdf page 114 (PDF page 134) table 11-7 (the privilege
is now named Card Reset)
GP 2.2.1 GPC_Specification_2.2.1.pdf page 121 (PDF page 141) (same remark)
The
Hi
This is a problem with GP tools that try to be generic but in
the end don't even know what they're doing. They try to be simple, but
GP is not simple, nor generic.
NO single tool can work with ALL cards.
First of all, make sure you have the correct keys. The card may have
different SDs,
Hello,
PCSC compliance is an API thing, you can achieve that with many methods:
-develop a pcsclite driver that handles your reader. In that case, you can
implement and support anything on the reader side.
This means developing a linux shared library that implements a specific API (IFD
API IIRC,
Hi,
Le 11/01/2013 09:42, Diego Delgado a écrit :
El 09/01/2013 17:34, helpcrypto helpcrypto escribió:
Hi Diego.
Usually smartcards have some marks to help identify manufacturer, like
Saetic, microelectrónica, FNMT and so.
With this marks and ATR you could go to manufacturer and ask.
If you
there is something with SPF DNS records.
This message should be marked as untrusted because the domain part of my email
does not match an authorized sending domain in any spf record of my domain.
This was a problem with only one person, also with a specific email server.
Sebastien
Le 10/12/2012
Hi,
1) No. This is the compile once load anywhere part of javacard applets, modulo
availability of particular APIs.
Newer card shall accept old cap files, but not the reverse.
2) Not sure what jtop means, but i would say no. Only some very particular old
gemalto javacard required a specific
also, thank to note that over-the-air can be present in the equation - for
some kind os applications that require confidentiality (but can't rely on the
systematic availability of a SAM or HSM) some exchanges can be managed in
plain with contact reader but require encryption when managed
this situation is unlikely.
and class zero apdus are required to follow ISO7816
if you send a select apdu (00A4) there is little chance to destroy anything with
real cards
the idea that ludovic suggested also interesting:
- check which readers are full
- request the user to insert a card
-
Le 07/06/2012 11:47, Martin Paljak a écrit :
For card detection: ATR is supposed to be a technical interface
descriptor.
Yes. And only for contact cards, not contactless. In practice this is a very bad
solution:
-contactless cards have no atr, what is returned by the reader is a fake byte
Hi,
are there still serious reasons to use OCF when every jdk contains
javax.smartcardio?
Regards
Sebastien
Le 20/12/2011 16:14, Douglas E. Engert a écrit :
On 12/20/2011 7:24 AM, Tarun Khandelwal wrote:
Hi,
I am trying to use OCF framework to access smart card. I have
deployed OCF
Hi again,
The crystal clock embedded in the reader also has an influence on transfer speed
(and on card processing speed if the card is old).
Regards
Sebastien
Le 08/09/2011 13:56, Ludovic Rousseau a écrit :
2011/9/8 Umberto Rustichelli aka Ubi ope...@secure-edge.com:
Humm... the next
23 matches
Mail list logo