JCOP

I recently bought some Smart Cards from [[http://www.smartcardsource.com/contents/en-ca/d9_JCOP-NXP-cards.html and has some comments/issues getting them up and running. They were NXP JCOP Cards, J2A040.

Round 1: GP Shell and Card Personalization

I was using GPShell for my initial tests, you can download from [[http://sourceforge.net/projects/globalplatform/files/|Here. There is a good [[http://sourceforge.net/p/globalplatform/wiki/Home/|Wiki too.

The first test was attempting to list all the things already on the card. The results were less than satisfactory:

C:\>GPShell-1.4.4>GPShell.exe listgp211.txt
mode_211
enable_trace
establish_context
card_connect -readerNumber 1
select -AID a000000003000000
Command -> 00A4040008A000000003000000
Wrapped command -> 00A4040008A000000003000000
Response <- 6A82
select_application() returns 0x80216A82 (6A82: The application to be selected could not be found.)

As it turns out you need to have the cards personalized (or fused) before you can use them. With GP 2.1.1 you can check this with the following script:

mode_211
enable_trace
establish_context
card_connect
select -AID A000000167413000FF
card_disconnect
release_context

Running it gives this result:

C:\GPShell-1.4.4>GPShell.exe jcop_try_this.txt
mode_211
enable_trace
establish_context
card_connect
select -AID A000000167413000FF
Command -> 00A4040009A000000167413000FF
Wrapped command -> 00A4040009A000000167413000FF
Response <- 04310033000000004E5830313143000339F8736A82
select_application() returns 0x80216A82 (6A82: The application to be selected could not be found.)

The key thing to look for in the response is the 15th byte, highlighted below:

04310033000000004E5830313143000339F8736A82

If this is 00 (as here), the card is NOT personalized. You need some secret ‘Transport Key’ to do this personalization. If you just got the card as a 1-off from a vendor you might be SOL.

My vendor sent me a replacement card, as those were presumably incorrectly setup (e.g. SHOULD have been personalized before shipping to me). On to the next part:

Round 2: GP Shell with a Good Card

Alright, now with the good cards we redo the list attempt:

C:\>GPShell-1.4.4>GPShell.exe listgp211.txt
mode_211
enable_trace
establish_context
card_connect -readerNumber 1
select -AID a000000003000000
Command -> 00A4040008A000000003000000
Wrapped command -> 00A4040008A000000003000000
Response <- 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
Command -> 80CA006600
Wrapped command -> 80CA006600
Response <- 6985
GP211_get_secure_channel_protocol_details() returns 0x80206985 (6985: Command not allowed - Conditions of use not satisfied.)

Well damn. I don’t want to try this too many times as the card might lock I was worried.

I never figured out how to get GPShell to work, but clearly I’m improving from my initial problems.

Round 3: JCManager

Finally I found JCManager at [[http://www.brokenmill.com/2010/03/java-secure-card-manager/.

The default keys are OK in this. But you need to change the AID address to a000000003000000. With this you can hit ‘Authorize’ and should see something like this:

Open terminal ...
EstablishContext(): ...
Wait for card in a certain reader ...
Pick reader ...
**********************
Selecting Card Manager
***********************
-> 00 A4 04 00 08 A0 00 00 00 03 00 00 00
<- 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65 01 FF 9F 6E 06 47 91 00 78 33 00 73 4A 06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09 2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 04 01 2A 02 6E 01 02 90 00
************
Init Update
*************
-> 80 50 00 00 08 26 6C 8E 3C 10 69 39 05
<- 00 00 12 02 10 25 60 95 66 19 FF 02 00 02 59 8D D3 96 1B FD CC 97 F9 DF 4F 2A 6C E2 90 00
HostChallenge: 26 6C 8E 3C 10 69 39 05
CardChallenge: 59 8D D3 96 1B FD
Card Calculated Card Cryptogram: CC 97 F9 DF 4F 2A 6C E2
Derivation Data is 01 82 00 02 00 00 00 00 00 00 00 00 00 00 00 00
Host Cryptogram Data (to encrypt) 00 02 59 8D D3 96 1B FD 26 6C 8E 3C 10 69 39 05 80 00 00 00 00 00 00 00
Card Cryptogram Data (to encrypt for verification) 26 6C 8E 3C 10 69 39 05 00 02 59 8D D3 96 1B FD 80 00 00 00 00 00 00 00
S_ENC: AD C1 16 3B A2 A1 47 FB B8 4B F4 4C 86 76 FB 7D AD C1 16 3B A2 A1 47 FB
The Current session MAC key is 3E 06 B1 C8 FC FD 78 8A 57 3B 9A 98 89 D0 CA 50
The Current session DEK key is FC 01 09 6B 6D B1 3A DE E0 D4 CB 61 D0 3F D3 AA
Encrypted CardCryptoGram is 4F FC F3 9B 4A 25 56 A2 1B 69 AA 91 D8 E3 D7 44 CC 97 F9 DF 4F 2A 6C E2
Encrypted HostCryptoGram is D8 F5 B8 41 93 59 A6 45 E1 2D 3A 9A 0A 03 13 CD 5F 64 BB 10 3F 4F 87 19
-> 84 82 03 00 10 5F 64 BB 10 3F 4F 87 19 21 48 9B A9 BF 0B F8 34
<- 90 00
Authenticated