Search code examples
eclipseappletsmartcardjavacardapdu

Loading applets to a real Java Card

I am trying to develop Java Card applications. I am using the newest Eclipse 4.4.2, the Java Card SDK 2.2.2, and the Eclipse Java Card Development Environment (EclipseJCDE). Previously I succeeded with the JCWDE Java Card Emulator and the APDU Tool. I was using a very basic applet that I had found in this tutorial (youtube: Tutorial 1 Java Card Master SID ENSET 20 01 14) and it was working flawlessly. What I would like to do is deploy this applet to a real Java Card (brand new Gemalto IDCore 3010), but I haven't managed so far.

I have found also this clever and straightforward tutorial (youtube:Developing on Java Card JCOP Hardware Tutorial w/ Python) about deploying applets on real cards, but it just doesn't work for me. After creating a very basic applet it uses a so called Global Platform Pro command line interface - very handy indeed - to load and manage the applets. Sadly I fail right after the first command, which would dump the ATR of the smartcard (gp -i command). This is the error message that I get after re-running the command with -d -v -i switches:

C:\JavaCard\GP>gp -d -v -i
# Detected readers from SunPCSC
[*] OMNIKEY AG Smart Card Reader USB 0
SCardConnect("OMNIKEY AG Smart Card Reader USB 0", T=*) -> T=0, 3B7D960000803180
65B0831111AC83009000
SCardBeginTransaction("OMNIKEY AG Smart Card Reader USB 0")
Reader: OMNIKEY AG Smart Card Reader USB 0
ATR: 3B7D96000080318065B0831111AC83009000
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B7D96000080318065B0831111AC83009
000

A>> T=0 (4+0000) 00A40400 00
A<< (0027+2) (646ms) 6F198408A000000018434D00A50D9F6E061291518101009F6501FF 9000

Auto-detected ISD AID: A000000018434D00
***** Card info:
A>> T=0 (4+0000) 80CA9F7F 00
A<< (0045+2) (12ms) 9F7F2A40705072129151810100927100004DCDC6C0033201190333011903
340119000000610000000000000000 9000
Card CPLC:
ICFabricator: 4070
ICType: 5072
OperatingSystemID: 1291
OperatingSystemReleaseDate: 5181
OperatingSystemReleaseLevel: 0100
ICFabricationDate: 9271
ICSerialNumber: 00004DCD
ICBatchIdentifier: C6C0
ICModuleFabricator: 0332
ICModulePackagingDate: 0119
ICCManufacturer: 0333
ICEmbeddingDate: 0119
ICPrePersonalizer: 0334
ICPrePersonalizationEquipmentDate: 0119
ICPrePersonalizationEquipmentID: 00000061
ICPersonalizer: 0000
ICPersonalizationDate: 0000
ICPersonalizationEquipmentID: 00000000
***** CARD DATA
A>> T=0 (4+0000) 80CA0066 00
A<< (0000+2) (5ms) 6A88
NO CARD DATA
***** KEY INFO
A>> T=0 (4+0000) 80CA00E0 00
A<< (0020+2) (11ms) E012C00401FF8110C00402FF8110C00403FF8110 9000
SCardEndTransaction()
SCardDisconnect("OMNIKEY AG Smart Card Reader USB 0", false)
Exception in thread "main" java.lang.RuntimeException: pro.javacard.gp.GPKeySet$
GPKey currently only support DES and AES keys
        at pro.javacard.gp.GPKeySet$GPKey.<init>(GPKeySet.java:80)
        at pro.javacard.gp.GPData.get_key_template_list(GPData.java:145)
        at pro.javacard.gp.GlobalPlatform.getKeyInfoTemplate(GlobalPlatform.java
:268)
        at pro.javacard.gp.GPData.print_card_info(GPData.java:260)
        at pro.javacard.gp.GPTool.main(GPTool.java:339)

The other command that would list what is on the card returns an even worse error message:

pro.javacard.gp.GPException: STRICT WARNING: Card cryptogram invalid!
Card: 6B7F3BA2EF7DFC99
Host: 0FCFF9EDF25027BA
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
        at pro.javacard.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java
:184)
        at pro.javacard.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:
513)
        at pro.javacard.gp.GPTool.main(GPTool.java:371)

Since this Global Platform Pro was not working, I tried working with the less manageable standard Global Platform Interface (sourceforge: GPShell), but without any luck. Even when I tried to run their sample scripts that were given originally, I got the same error message. Having run the GPShell.exe list.txt for example (that would list the applets on the card), I got the output that the application to be selected could not be found, which I don't understand.

I copy the source code here just in case, but that shouldn't be the problem as it worked with the emulator:

package jctest;

import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;

public class JCTest extends Applet {

    private byte counter = 0;
    private final static byte CLS = (byte) 0xB0;
    private final static byte INC = (byte) 0x00;
    private final static byte DEC = (byte) 0x01;
    private final static byte GET = (byte) 0x02;
    private final static byte INIT = (byte) 0x03;

    private JCTest() {
    }

    public static void install(byte bArray[], short bOffset, byte bLength) throws ISOException {
        new JCTest().register();
    }

    public void process(APDU apdu) throws ISOException {
        if (this.selectingApplet())
            return;
        byte[] buffer = apdu.getBuffer();
        if (buffer[ISO7816.OFFSET_CLA] != CLS)
            ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
        switch (buffer[ISO7816.OFFSET_INS]) {
        case INC:
            ++counter;
            break;
        case DEC:
            --counter;
            break;
        case GET:
            buffer[0] = counter;
            apdu.setOutgoingAndSend((short) 0, (short) 1);
            break;
        case INIT:
            apdu.setIncomingAndReceive();
            counter = buffer[ISO7816.OFFSET_CDATA];
            break;
        }
    }
}

After many days of trying I am sort of desperate that I can't make my brand new Java Cards work. When I insert the card into the reader, the computer only recognizes that, but not the card itself since it doesn't find a driver (I also couldn't find one, but I think that it is not essential to make things work). The task is supposed to be very simple, I just want to use an already working applet on a real Java Card. What is wrong? What am I missing?

After having finally run the gp -i command successfully, this is what I get as the output for the command: gp -visa2 -key 47454D5850524553534F53414D504C45 -unlock -virgin -d -v

C:\JavaCard\GP>gp -visa2 -key 47454D5850524553534F53414D504C45 -unlock -virgin -
d -v
# Detected readers from SunPCSC
[*] OMNIKEY CardMan 3x21 0
SCardConnect("OMNIKEY CardMan 3x21 0", T=*) -> T=0, 3B7D96000080318065B0831111AC
83009000
SCardBeginTransaction("OMNIKEY CardMan 3x21 0")
Reader: OMNIKEY CardMan 3x21 0
ATR: 3B7D96000080318065B0831111AC83009000
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B7D96000080318065B0831111AC83009
000

A>> T=0 (4+0000) 00A40400 00
A<< (0027+2) (645ms) 6F198408A000000018434D00A50D9F6E061291518101009F6501FF 9000

Auto-detected ISD AID: A000000018434D00
A>> T=0 (4+0008) 80500000 08 0681B19093C4A93B 00
A<< (0028+2) (72ms) 4D00927100004DD4C6C0FF01E87D06549F536080A8D1AB091B6BBE07 900
0
Host challenge: 0681B19093C4A93B
Card challenge: E87D06549F536080
Card reports SCP01 with version 255 keys
Master keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:47454D5850524553534F53414D504C45
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:47454D5850524553534F53414D504C45
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:47454D5850524553534F53414D504C45
Diversififed master keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:5B9387DE5E618B12760EBE6037B077AC
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:5454366589B6AE522F58EE7072C101DF
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:72590E8782F97E80406E4B66199B7CB2
Derived session keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:87B5171538F81656E88F60D4818CEB8A
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:E9E45A4046E1316200E9E1787A7E9CD0
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:72590E8782F97E80406E4B66199B7CB2
Verified card cryptogram: A8D1AB091B6BBE07
Calculated host cryptogram: 8E1CE84781FA24C3
A>> T=0 (4+0016) 84820100 10 8E1CE84781FA24C34BEFC7F70A76E60F
A<< (0000+2) (36ms) 9000
A>> T=0 (4+0008) 84CA00E0 08 E59D6ECDF1B764ED 00
A<< (0020+2) (13ms) E012C00401FF8110C00402FF8110C00403FF8110 9000
Replace: false
PUT KEY:Ver:1 ID:1 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
PUT KEY:Ver:1 ID:2 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
PUT KEY:Ver:1 ID:3 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
A>> T=0 (4+0008) 84CA00E0 08 2B4AD25011601191 00
A<< (0020+2) (13ms) E012C00401FF8110C00402FF8110C00403FF8110 9000
A>> T=0 (4+0075) 84D80081 4B 0180100F8DB2F2600B53F9002C36CB377D55AF038BAF4780100
F8DB2F2600B53F9002C36CB377D55AF038BAF4780100F8DB2F2600B53F9002C36CB377D55AF038BA
F47B387704000A3A1AA
A<< (0000+2) (49ms) 6A80
pro.javacard.gp.GPException: PUT KEY failed SW: 6A80
        at pro.javacard.gp.GlobalPlatform.check(GlobalPlatform.java:1092)
        at pro.javacard.gp.GlobalPlatform.putKeys(GlobalPlatform.java:993)
        at pro.javacard.gp.GPTool.main(GPTool.java:555)

Solution: A new GlobalPlatformPro release was necessary for this specific Gemalto card.

The command that lists the applets on the card:

gp -visa2 -key 47454D5850524553534F53414D504C45 -l
Solution

  • GlobalPlatformPro README has a well-placed (well-hidden?) hint on this one:

    Set the default 40..4F keys to a card that uses VISA2 diversification with the well-known mother key on a Gemalto card:

    gp -visa2 -key 47454D5850524553534F53414D504C45 -unlock

    But keep in mind, that you need to know the keying material. The hints are only for well-known public cases.