Search code examples
securityappletjavacardapduglobalplatform

Javacard security for viewving applet with gp

I developed an applet that I installed on a J2A040 card, then a client program, it works fine, but I wanted to know, in case someone takes this card and uses the command gp -l , he can see the applets AID, is it possible to prohibit this? the person can also type the command 00 A4 04 00 00? can have forbidden this command?

public void process(APDU apdu) {
                
        byte[] buffer = apdu.getBuffer();
        // check SELECT APDU command
       
        buffer[ISO7816.OFFSET_CLA]=(byte)(buffer[ISO7816.OFFSET_CLA]&(byte)0xFC); 
        
          if((buffer[ISO7816.OFFSET_CLA]==0)&& 
            (buffer[ISO7816.OFFSET_INS]==(byte)(0xA4))) return; 
        
       /* if (apdu.isISOInterindustryCLA()) {
            if (buffer[ISO7816.OFFSET_INS] == (byte)(0xA4)) {
                return;
            } else {
                ISOException.throwIt (ISO7816.SW_CLA_NOT_SUPPORTED);
            }
        }*/
      
        if (buffer[ISO7816.OFFSET_CLA] != Wallet_CLA)
            ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
       
        switch (buffer[ISO7816.OFFSET_INS]) {
            case GET_BALANCE:
                getBalance(apdu);
                return;
            case RESET_BALANCE:
                resetBalance(apdu);
                return;
                
            case DEBIT:
                debit(apdu);
                return;
            case CREDIT:
                credit(apdu);
                return;
            case VERIFY:
                verify(apdu);
                return;
            case CHANGE:
                change(apdu);
                return;
            case VIEW_DATA:
                viewdata(apdu);
            case GET_CARD_STATUS:
                processGetCardStatus(apdu);
                return;
            case SET_ATR_HISTORY:
                processSetHistoryBytes(apdu);               
                return;
            default:
            ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
        }
         
    }   // end of process method

Thanks for your help

Solution

  • There is no official way in the GlobalPlatform specification to hide applets I'm aware of. But only persons in the possession of the keys of the key set of the security domain can execute this command because the GET STATUS command is not accessible outside of a secure channel.

    But a general SELECT by AID cannot be protected this way anyway, because this is handled by the card runtime environment and not the applet. I.e. someone can just select this applet by AID and if this succeeds he knows that this applet is installed.

    If you want to disallow access to 00 A4 04 00 00 a SELECT you have to enforce some authentication, although I don't know a reason to hide the SELECT command.

    What is the use case of hiding the applet?