MUTUAL AUTHENTICATION failed in EMV card

2
votes

I am trying to send a STORE DATA command to my EMV card to store DGI values. I've got a document that describes the APDU command to install and personalize EMV application on JCOP 2.4.1 Revision 3.

In the document, the sequence of commands is:

SELECT  
INITIALIZE UPDATE  
EXTERNAL AUTHENTICATION  
STORE DATA FOR DGI  
...  
...  
STORE DATA FOR DGI.

Line written in this Document is:

the key value of issuer security domain(encryption, MAC,and key encryption key): 404142434445464748494a4b4c4d4e4f. and the value of sequence counter is 0.

I just downloaded GPSHELL 1.4.4 and try to run following script:-

mode_211  
enable_trace  
establish_context  
card_connect  
select -AID A000000003000000  
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel  
card_disconnect  
release_context

however my output is:

D:\users\Amitp\My Documents\Downloads\GPShell-1.4.4\GPShell-1.4.4>GPShell.exe he  
lloInstalll.txt  
mode_211  
enable_trace  
establish_context  
card_connect  
select -AID A000000003000000  
Command --> 00A4040008A000000003000000  
Wrapped command --> 00A4040008A000000003000000  
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864  
886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0  
40215650B06092B8510864864020103660C060A2B060104012A026E01029000  
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4  
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel  
Command --> 80CA006600  
Wrapped command --> 80CA006600  
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864  
886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012  
A026E01029000  
Command --> 8050000008FB3EE9FE0812ABFF00  
Wrapped command --> 8050000008FB3EE9FE0812ABFF00  
Response <-- 0000322000186396921901020000CEBCF3A2D47130C736B6480E4DD59000  
mutual_authentication() returns 0x80302000 (The verification of the card cryptog  
ram failed.)

Why does the authentication fail? To send the STORE command I need to passed authentication. How can I pass authentication?

1
javacardemvglobalplatform
If the card cryptogram verification fails it is likely that you are using the wrong keys. The response of INITIALIZE UPDATE indicates keyset 1 is used. Do you know the keys or were you just guessing them?lletami

1 Answers

0
votes

Usually the 40..4F keys are used for sample cards. If you receive other cards you need to request the keys from the supplier (possibly NXP). If the default key is present it usually has index 255 (instead of 1, which is the first key found), so you could try -keyind 255 in your open_sc command.