-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
I observed something interesting when scanning the command space
(CLA+INS) of a card with a few different readers (CardMan1021 and
Gemalto EzioShieldPinPad among others)
Certain INS codes fail with "transaction failed" on CardMan1021
whereas succeed on Gemalto reader with the same card.
I also tried SPR532 (another TPDU reader) and got somewhat similar
results (count, INS code in hex for failed transactions with the same
card in different readers)
$ grep -i fail ok1021_cmd_scan.txt | cut -d' ' -f 2 | sort | uniq -c
127 68
127 69
1 6A
1 6B
1 6C
1 6D
126 6E
126 6F
126 90
126 91
1 92
1 93
1 94
1 95
127 96
127 97
$ grep -i fail spr532_cmd_scan.txt | cut -d' ' -f 2 | sort | uniq -c
127 68
1 6A
1 6D
126 6E
126 91
1 92
1 95
127 97
The file itself contains lines like the following:
F0 96 00 00 = 68 84
F0 97 00 00 = Failed to transmit with protocol T0. Transaction failed.
F0 98 00 00 = 68 84
The actual pcsc-lite error code is 0x80100016 (SCARD_E_NOT_TRANSACTED).
Also tried with CardMan3821 (APDU reader) and got failures as well
(the count of failures of INS codes does not seem consistent)
I suspect it has something to do with the following in ISO 7816-4 (5.1.2):
"""INS indicates the command to process. Due to specifications in
ISO/IEC 7816-3, the values '6X' and '9X' are invalid."""
Is there some explanation to this (I probably can't comprehend 7816-3
in meaningful time)? The trick here is that the same command works
with other cards in the same reader and with the same card in some
other readers (always with T=0)
I'll publish the python scripts after some formatting, this might be
generally useful if you have cards you don't know much about and can
afford to brick and want to scan for "interesting things". Trying the
same on Windows will be the next step. But maybe there's a documented
explanation to this.
Best,
Martin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJOVjJbAAoJEHSCZV4wfjRSXCcP/A0yhdCQtkiozY7YlH2V874Z
mrTKFmKzTfzzvllktDwYFaFs9/4KQAaGUKmlGRiEhavy9T7sJWsoF7iM9Ip0HHpT
t7IPCu+vb9/sIR6KQhXj0SWmucdEZNweOF6RbiwixpotFJBigpvaZzOU198qQ7x5
pH+Qh6geko/fEvldmHTgGsEIJl5ir7wuCu//8Ojczpdib4JsJ5CZ61WuOLg0Cj0p
lPoltDuxyDXiru4PkoWJcfz/7g/UM/J4dbMsXteB3/ygNmL6hhXLctzrliGeP3nq
bz6FkvJFHhaa4bNPHwuWPvSfrejhs9Q5lfHFNRjQdjglSaLbEIlqPq80cDW82fvL
PmZRA4EwJr5T4JgGj8nJc0cJ4vZbsgwUgGkmk9ZnZflfk4eof4/s43AlMxlE1mbj
QLDmwzzhv76aroe+Y9SmU7O2CjSqd6/n0QADiEOBo4chbxd2OiSI4+uCJzQMsQ1j
xSiOxrKKZsCPF+a/F5KR0jKOdFka3FbZAc/4Yz9alfz0YpCDyeZMchwMOaMsfX5U
BA290mpHQTbv24ueAPmU36tuiaZz5IsqoNLroET5+OAL4cX7eKyxG2wnXsYtXin8
yTif1NylEvl0mzl+RX242KbEqupzqimUFAOD8Txkx+zXCJZZHshAsxpIE6ZqU1xO
/iEmqVBRriQw674Q/7sj
=XWyE
-----END PGP SIGNATURE-----
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
