Could not delete applet

Question

I create a .cap file of the code that is here. It is a simple one-time-passwort generator.

finally I set 010203040506070809 as package ID and 0102030405060708090000 as applet AID, and upload it to my card.

This is output of GPJ when I list applets :

C:\Users\ghasemi\Desktop\gpj-20120310>gpj -list

C:\Users\ghasemi\Desktop\gpj-20120310>java -jar gpj.jar -list
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0
ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00
DEBUG: Command  APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00 , SW:
6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 0
0
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command  APDU: 80 50 00 00 08 B5 16 68 A9 92 84 7D 58
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 5B 6B 9E 48 44 A2 D
B 8A 52 C1 87 99 FC 26 72 90 00
DEBUG: Command  APDU: 84 82 00 00 10 EE 5D DB 8D 26 DA C6 B9 51 85 E1 33 A2 CE 2
4 AD
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 EE 5D DB 8D 26 DA C6 B9
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 0B 01 02 03 04 05 06 07 08 09 00 00 07 00 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 0B 01 02 03 04 05 06 07 08 09 00 00 07 00 90 00
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 0A 01 02 03 04 05 06 07 08 09 00 01 00 90 00
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 0A 01 02 03 04 05 06 07 08 09 00 01 00 90 00
AID: A0 00 00 00 03 00 00 00                       |........|        ISD LC: 1 P
R: 0x9E

AID: 01 02 03 04 05 06 07 08 09 00 00              |...........|     App LC: 7 P
R: 0x00

AID: 01 02 03 04 05 06 07 08 09 00                 |..........|      Exe LC: 1 P
R: 0x00

C:\Users\ghasemi\Desktop\gpj-20120310>

As you see, my applets uploaded successfully.

---

After uploading I send some APDU to my applet :

< 00 A4 04 00 0B 00
< 01 02 03 04 05 06 07 08 09 00 00
> 9000

< 00 20 00 02 03 00
< 22 22 22
> 9000

< 00 20 00 02 03 00
< 11 11 23
> 6C02

< 00 20 00 02 03 00
< 11 11 23
> 6C01

< 00 20 00 02 03 00
< 11 11 23
> 6C00

< 00 20 00 02 03 00
< 11 11 23
> 6D00

As you see above, I select my applet, send verify command to it (one time with correct PIN and three time with wrong pin). and make it lock.

---

Now I want to delete the applet :

C:\Users\ghasemi\Desktop\gpj-20120310>java -jar gpj.jar -delete 0102030405060708
090000 -deletedeps
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0
ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00
DEBUG: Command  APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00 , SW:
6A 82
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 0
0
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command  APDU: 80 50 00 00 08 5E 64 FF F5 A9 52 96 4D
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 5A 29 D0 38 18 61 9
9 BA 72 91 2D 89 12 55 0E 90 00
DEBUG: Command  APDU: 84 82 00 00 10 20 3E 1D 85 1C 36 2B B8 EA DC 25 E9 9F 78 8
D 2D
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 20 3E 1D 85 1C 36 2B B8
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 80 E4 00 80 0D 4F 0B 01 02 03 04 05 06 07 08 09 00 00
DEBUG: Response APDU: 6A 86
DEBUG: Command  APDU: 80 E4 00 80 0D 4F 0B 01 02 03 04 05 06 07 08 09 00 00
DEBUG: Response APDU: 6A 86
Could not delete AID: 01 02 03 04 05 06 07 08 09 00 00

C:\Users\ghasemi\Desktop\gpj-20120310>

Q1 : Did I blocked the card or just blocked my applet?

Q2 : Why I can't delete it and what shall I do?

Answer 1

You need to delete the whole executable load file (application package) and all its related objects (application instances) instead:

gpj -deletedeps -delete 01020304050607080900

The reason is that your applet class (TANGen) contains several static fields that reference objects created by your applet:

static byte[]        scid;
static byte[]        workarray;
static byte[]        seed;
static DESKey        tangenkey;
static Signature     mac;
static OwnerPIN      adminpin;
static OwnerPIN      userpin;

These objects are created within the context of the applet instance (application) but are accessible from within your whole application package (and therefore associated with the application package rather than the applet instance). As a consequence, deleting only the application would break these references. Therefore, they prevent your application instance from being deleted and you can only delete it by deleting the whole application package (executable load file) and all its associated objects.

Answer 2

Regarding to your question " What is the difference between this applet and other? "

1. As per Java Card 2.2, it will not be possible to delete the instance of the application that allocates memory to a static object unless the package and all instances are deleted simultaneously.So, in this case if your applet allocates memory to a static object, then you need to delete Executable load file (i.e. the package) and all its related objects, rather deleting only applet instance.

2. If your applet do not allocate memory to any static object, then only you can delete this applet normally as other applets, otherwise you have to delete executable load files and all its related objects.

Regarding your question " How to generate MAC? "

As per Global Platform Specification GPC_Specification 2.2.1, there are two following methods defined for the C-MAC generation :

• MAC generation on Unmodified APDU
• MAC generation on modified APDU

The SCP implementation option (parameter 'i') that is used in initialUpdate command, decides whether MAC should be generated on Unmodified APDU or on modified APDU.

• MAC generation on Unmodified APDU

• MAC generation on modified APDU

For more details please refer Global Platform GPC_Specification 2.2.1

Kindly revert in case of queries. Happy to help.

Answer 3

I agree with most of Michael Roland's answer. However, there is another way to delete your applet without deleting the applet package. You can do this by implementing AppletEvent.uninstall() method. This method is called during applet deletion. You can use this to delete your static objects:

scid = null;
workarray = null;
.
.
.

Make sure that all other references to these objects are removed from your entire project. Otherwise you will still have a problem deleting the applet.

Answer 4

You are getting an error code of 6A86 for your DELETE command, which means INCORRECT P1 P2. P1=0 is OK, and P2=0x80 looks OK too; it tells the card to delete all related objects, not just the object itself.

But it might be that the card rejects this option when an an applet is being deleted, only allowing it for package deletion.

So there are two things you can try:

(i) set P2=0 (which might work); and
(ii) delete the whole package, as Michael Roland suggests (in which case you need to keep P2=0x80).