Search code examples
javacardglobalplatform

Why do I need to delete the applet's package to delete my applet?

I have an empty Javacard as below:

user@system$ java -jar gp.jar --list
ISD: A000000003000000 (OP_READY)
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement

And I have installed a weird applet on it:

user@system$ java -jar gp.jar --install applet.cap
CAP loaded
user@system$

Well, the applet is installed successfully:

user@system$ java -jar gp.jar --list
ISD: A000000003000000 (OP_READY)
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement

APP: 01020304050601(SELECTABLE)

PKG: 010203040506(LOADED)

user@system$

But when I am try to delete the applet I fail:

user@system$ java -jar gp.jar --delete 01020304050601 --debug --verbose

# Successful Mutual Authentication with Security Level = 01 (CMAC)

A>> 84F28002 0A 4F00<CMAC> 00
A<< E3114F08A0000000030000009F700101C5019E 9000

A>> 84F24002 0A 4F00<CMAC> 00
A<< E3104F07010203040506019F700107C50100 9000

A>> 84F21002 0A 4F00<CMAC> 00
A<< E30F4F060102030405069F700101C50100 9000

A>> 84F22002 0A 4F00<CMAC> 00
A<< E30C4F060102030405069F700101 9000

A>> 84E40000 11 4F0701020304050601<CMAC>
A<< 6985

Could not delete D3646467329901. Some app still active?

I have tried the following forms of delete command too:

user@system$ java -jar gp.jar --delete 01020304050601 --force  ==> Same result
user@system$ java -jar gp.jar --delete 010203040506  ==> Same result

The only successful form which I can use to delete the applet, is as below:

user@system$ java -jar gp.jar --delete 010203040506 --force

# Successful Mutual Authentication with Security Level = 01 (CMAC)

A>> 84F28002 0A 4F00<CMAC> 00
A<< E3114F08A0000000030000009F700101C5019E 9000

A>> 84F24002 0A 4F00<CMAC> 00
A<< E3104F07010203040506019F700107C50100 9000

A>> 84F21002 0A 4F00<CMAC> 00
A<< E30F4F060102030405069F700101C50100 9000

A>> 84F22002 0A 4F00<CMAC> 00
A<< E30C4F060102030405069F700101 9000

A>> 84E40080 10 4F06010203040506<CMAC>
A<< 9000

The applet and its packages is gone now:

user@system$ java -jar gp.jar --list
ISD: A000000003000000 (OP_READY)
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement

Question: Why do I need to delete the package to delete the applet itself?

Note that this situation appears for a specific cap file only.

FYI: I have tried different tools (Including gpshell, pyapdu, etc.) and I got same results.

Solution

  • The uninstallation process of the applet does not run successfully, therfore the applet instance cannot be deleted alone, most probably you have static content like private static transient byte array declared in the applet code. In this case you must deinitialize any static objects to null by overriding Applet's uninstall method. Check object ownership in the JCRE to understand the problem