Upload CAP file to smart card using APDU

2
votes

I'm trying to install an applet (.cap file) into a smart card. I read that can be done using APDU. I created my applet using Netbeans and its aid is //aid/9AE9BE4D27/53.

Firstly build apdu that will select the installer applet:

0x00 0xA4 0x04 0x00 0X09 0xA0 0x00 0x00 0x00 0x62 0x03 0x01 0x08 0x01 0x7F;

Then build the apdu which will create my applet (following this sctructure):

header: 0x80 0xb8 0x00 0x00

lc aid:

aid:

le: 0x7F;

I developed an application which can send an apdu command to a real card using channel.transmit(new CommandAPDU(apdu). I guess that if I send the proper installation command, my .cap file should be installed in the card.

With this information can anyone help me to build the correct apdu to install my cap file into a real card?

Thank you.

3
javaeclipsenetbeanssmartcardjavacard
Could you pretty please read the site FAQ and accept some answers?Maarten Bodewes
I accepted every answer I found useful in all my posts. Dunno what you mean Owlstead.Charles
Did you actually click on the v-mark beside the answer? Because I cannot see a single accepted answer in your 5 questions.Maarten Bodewes
I clicked into Clic to set this answer as your accepted answer in the answer below. That's what you're meaning?Charles
Did not come through, did the big v mark next to the answer light up green? Did you try clicking the v mark itself?Maarten Bodewes

3 Answers

5
votes

If the card is using Global Platform, then it's not that simple, you need to authenticated against the card manager. Then you send multiple commands to load the .cap file (as APDU's may only contain 255 bytes payload - GP does not use extended length). Then you issue an INSTALL for INSTALL command to instantiate the Applet (using the instance AID).

Fortunately for you, there are open source libraries available that are build on top of javax.smartcardio. I would still recommend to read through the basics of Global Platform though, the documents can be obtained online without charge.

http://sourceforge.net/projects/gpj/

0
votes

Yes if you are sending the correct command APDUs then you will be able to install it but in case of Global-platform cards you will need to create secure channel first and then you might send InstallForLoad and subsequent load/install commands. The sequence of steps will be:

  • Select card manager
  • Authenticate your card with SCP01/SCO02 whichever is supported by your card
  • Send InstallForInstall command
  • Send load commands
  • Send InstallForInstall command

Every commands should trail with 0x9000, that will means that command is executed successfully.

But as you are beginner so you should use some tools like GPShell to load your .cap file onto card and then try to analyze the APDUs that comes out after installation.

0
votes

To install an applet and personalized it into the card you need mutual authenticate consists of INTERNAL AUTHENTICATE command and EXTERNAL AUTHENTICATE. Please read EMV CPS or GlobalPlatform for details.

You can also easily install an applet if you are using emulator. I have using JAVACos and it is very simple, and its support JC and GP libraries. Developed the applet in eclipse using library from JAVACos and emulate the applet using JAVACos emulator using scrypt for testing the applet.