8
votes

I made a .cap file of the popular "Hello World" javacard code via Eclipse

And now I want to load it in a real javacard via GPShell and ACR38 smart card reader.

question: Am I need any key to load the .cap file in the card? I mean, should I authenticate before uploading my applet in the card or it's not necessory? I think it is mndatory to authenticate. it is irrational to upload .cap without authentication. but I don't know , how to authenticate. question: What's wrong in this?

C:\Users\ghasemi>java -jar e:\gpj\gpj.jar -load e:\helloWorld.cap -install
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
javax.smartcardio.CardException: connect() failed
        at sun.security.smartcardio.TerminalImpl.connect(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
Caused by: sun.security.smartcardio.PCSCException: SCARD_E_SHARING_VIOLATION
        at sun.security.smartcardio.PCSC.SCardConnect(Native Method)
        at sun.security.smartcardio.CardImpl.<init>(Unknown Source)
        ... 2 more
Found card in terminal: ACS CCID USB Reader 0
java.lang.NullPointerException
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)

C:\Users\ghasemi>java -jar e:\gpj\gpj.jar -load e:\helloWorld.cap -install

Found terminals: [PC/SC terminal ACS CCID USB Reader 0]

Found card in terminal: ACS CCID USB Reader 0

ATR: 3B 7F 94 00 00 80 31 80 65 B0 85 02 02 ED 12 0F FF 82 90 00

DEBUG: Command  APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00

DEBUG: Response APDU: 6A 82

Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00

DEBUG: Response APDU: 6F 65 84 08 A0 00 00 00 18 43 4D 00 A5 59 73 4A 06 07 2A 8
6 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48
86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 01 05 65 0B 06 09 2B 85 10 86 48 64
 02 01 03 66 0C 06 0A 2B 06 01 04 01 2A 02 6E 01 02 9F 6E 06 12 91 20 11 02 02 9
F 65 01 FF 90 00

Successfully selected Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00
DEBUG: Command  APDU: 80 50 00 00 08 17 2A 53 4F AC DF 8D 16

DEBUG: Response APDU: 69 82

javax.smartcardio.CardException: Wrong initialize update, SW: 69 82
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.openSecureChan
nel(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)

tnx

3
Are you sure that the Security Domain of your card is: A0 00 00 00 18 43 4D 00. What type of card are you using?Kamen Goranchev
@KamenGoranchev It returned 90 00 didn't it? And I guess you can check if A0 00 00 00 18 is the RID of Gemalto, but my guess is that it is.Maarten Bodewes

3 Answers

3
votes

Response code 6A 82 is used for Security_Status_Not_Satisfied.

On selection of Security Domain, this status word may occur due to one of following two reasons :

  • Either Card Life Cycle State (CLCS) of Card is LOCKED or TERMINATED, so the selection of Security Domain is not allowed, because if the CLCS is LOCKED then only that security domain and/or application can be selected which has Card Lock privilege, and if CLCS is TERMINATED then if a Security Domain has the Final Application privilege only the GET DATA command shall be processed, all other commands shall be disabled and shall return an error.If the CLCS is LOCKED then try to select that security domain and/or application which has Card Lock privilege and try to move Card Life Cycle State (CLCS) to SECURED using SETSTATUS command with the help of SCP session,otherwise if CLCS is TERMINATED then CLCS can't switch back to SECURED, as this state is irreversible.

  • OR the Security Domain, which you try to select is itself in LOCKED state, in this case that Security Domain may be prevented from further selection by the OPEN and error status word is returned.

@CLCS - Card Life Cycle State.

Happy to Help.

2
votes

You should require about the Global Platform state of the card. 6982 is a general status word that means "Security status not satisfied", so your card may be in the wrong state (e.g. the Global Platform LOCKED or TERMINATED state).

It could also be that you are using an invalid Global Platform key set, or that the keys are not available.

Please contact the supplier of the smart card about the card state and which keys you should use.

1
votes

the Card Manager AID shows that it is a Gemalto XPresso Card. the default cards for this card is 47454d5850524553534f53414d504c45 try to set those keys. in case it does not work the card has changed CM Keys or the Card might be locked beware that trying to authenticate too often with wrong keys might lock the card