How to set and update ICC card PIN with APDU command

1
votes

I have a contact smartcard.(I dont know about what kind of applet installed on it. But I can authenticate, read, update and verify pin with standart APDU commands.) And I want to do some changes on PIN. So, my question is:

  • If card has PIN, then update the PIN with new value. If card dont have any PIN, then set PIN.

Standart update command is not working on PIN file. I am getting 6982 response message from ICC card. So, what is the approach to success above situation. I searched on internet about it, But I didnt find any useful Docs&Articles.

2
authenticationsmartcardapduiccemv
ISO 7816-4 has the dedicated command Change Reference Data. But without any documentation concerning your specific card and whats on it, (so which operations are allowed after which authentication involving which PIN/key), chances for substantial progress are small.guidot
Actually, my purpose was learning steps for any kind of card. Mostly they are same. If we consider any banking credit card, what is the approach to change PIN? I am authenticating on the card. after that I am sending 00 24 00 10 10 OLD_PIN + NEW_PIN, then I am getting 6982 error. So... Are there any tip.Mahmut EFE
For a banking card check EMV specification. And I don't agree with mostly they are the same; cards are still very different to each other and only detailed specifications as EMV achieve similarity. You give 10 as PIN id - no idea, whether this is correct.guidot

2 Answers

0
votes

Error 6982 stands for "Security condition not satisfied".

PINs are never transmitted plain as you have mentioned in your packet. They are always encrypted for the software involved between a User and the ICC can sneak peak the packet. A public key has to be obtained using GET_CHALLENGE command and used for enciphering of the PIN.

According EMV spec, the APDU for PIN change is 

CLA = 8C or 84;
INS = 24
P1 = 00
P2 = 01/ 02
Lc = Number of data bytes
Data = Enciphered PIN data component, if present, and MAC data component;
  • CLA and Data are to be coded according to the secure messaging specified in EMV Book 2
  • P2 = 01 => PIN Data Generated Using the Current PIN
  • P2 = 02 => PIN Data Generated Without Using the Current PIN
  • new PIN is encapsulated in the Data field
0
votes

Finaly I found solution, and I am putting the answer here.

Firstly, we need to select PIN FILE. For this

  • Select MF(Master File)
  • Select DF(Dedicated file)
  • Select PIN EF (Elementry file)

Select App Master File : 00 A4 00 00 02 XX XX

Select App Dedicated File : 00 A4 00 00 02 XX XX

Select App Pin File : 00 A4 00 00 02 XX XX

Change Pin coommand: 00 24 [TM] [KN] [LN] XX XX .. ..

TM: Transfer Mode (Clear Transfer) : 00 KN: Key Number: 10 LN: Total Pin Length(Every time 16 bytes): 10

For example (Old pin is “1234” and we want to change pin to “5678”:

Change Pin : 00 24 00 10 10 31 32 33 34 FF FF FF FF 35 36 37 38 FF FF FF FF (FF: padding value)