Search code examples
smartcardjavacardapduglobalplatform

Could not delete applet

I create a .cap file of the code that is here. It is a simple one-time-passwort generator.

finally I set 010203040506070809 as package ID and 0102030405060708090000 as applet AID, and upload it to my card.

This is output of GPJ when I list applets :

C:\Users\ghasemi\Desktop\gpj-20120310>gpj -list

C:\Users\ghasemi\Desktop\gpj-20120310>java -jar gpj.jar -list
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0
ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00
DEBUG: Command  APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00 , SW:
6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 0
0
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command  APDU: 80 50 00 00 08 B5 16 68 A9 92 84 7D 58
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 5B 6B 9E 48 44 A2 D
B 8A 52 C1 87 99 FC 26 72 90 00
DEBUG: Command  APDU: 84 82 00 00 10 EE 5D DB 8D 26 DA C6 B9 51 85 E1 33 A2 CE 2
4 AD
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 EE 5D DB 8D 26 DA C6 B9
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 0B 01 02 03 04 05 06 07 08 09 00 00 07 00 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 0B 01 02 03 04 05 06 07 08 09 00 00 07 00 90 00
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 0A 01 02 03 04 05 06 07 08 09 00 01 00 90 00
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 0A 01 02 03 04 05 06 07 08 09 00 01 00 90 00
AID: A0 00 00 00 03 00 00 00                       |........|        ISD LC: 1 P
R: 0x9E

AID: 01 02 03 04 05 06 07 08 09 00 00              |...........|     App LC: 7 P
R: 0x00

AID: 01 02 03 04 05 06 07 08 09 00                 |..........|      Exe LC: 1 P
R: 0x00

C:\Users\ghasemi\Desktop\gpj-20120310>

As you see, my applets uploaded successfully.

After uploading I send some APDU to my applet :

< 00 A4 04 00 0B 00
< 01 02 03 04 05 06 07 08 09 00 00
> 9000

< 00 20 00 02 03 00
< 22 22 22
> 9000

< 00 20 00 02 03 00
< 11 11 23
> 6C02

< 00 20 00 02 03 00
< 11 11 23
> 6C01

< 00 20 00 02 03 00
< 11 11 23
> 6C00

< 00 20 00 02 03 00
< 11 11 23
> 6D00

As you see above, I select my applet, send verify command to it (one time with correct PIN and three time with wrong pin). and make it lock.

Now I want to delete the applet :

C:\Users\ghasemi\Desktop\gpj-20120310>java -jar gpj.jar -delete 0102030405060708
090000 -deletedeps
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0
ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00
DEBUG: Command  APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00 , SW:
6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 0
0
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command  APDU: 80 50 00 00 08 5E 64 FF F5 A9 52 96 4D
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 5A 29 D0 38 18 61 9
9 BA 72 91 2D 89 12 55 0E 90 00
DEBUG: Command  APDU: 84 82 00 00 10 20 3E 1D 85 1C 36 2B B8 EA DC 25 E9 9F 78 8
D 2D
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 20 3E 1D 85 1C 36 2B B8
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 80 E4 00 80 0D 4F 0B 01 02 03 04 05 06 07 08 09 00 00
DEBUG: Response APDU: 6A 86
DEBUG: Command  APDU: 80 E4 00 80 0D 4F 0B 01 02 03 04 05 06 07 08 09 00 00
DEBUG: Response APDU: 6A 86
Could not delete AID: 01 02 03 04 05 06 07 08 09 00 00

C:\Users\ghasemi\Desktop\gpj-20120310>

Q1 : Did I blocked the card or just blocked my applet?

Q2 : Why I can't delete it and what shall I do?

Solution

  • You need to delete the whole executable load file (application package) and all its related objects (application instances) instead:

    gpj -deletedeps -delete 01020304050607080900

    The reason is that your applet class (TANGen) contains several static fields that reference objects created by your applet:

    static byte[]        scid;
static byte[]        workarray;
static byte[]        seed;
static DESKey        tangenkey;
static Signature     mac;
static OwnerPIN      adminpin;
static OwnerPIN      userpin;

    These objects are created within the context of the applet instance (application) but are accessible from within your whole application package (and therefore associated with the application package rather than the applet instance). As a consequence, deleting only the application would break these references. Therefore, they prevent your application instance from being deleted and you can only delete it by deleting the whole application package (executable load file) and all its associated objects.