4

I'm trying to list applets/packages on a Java Card. I use the following APDU command to get the list:

80 F2 E0 00 02 4F 00 00

That command returns the status word 0x61xx, so I send a GET RESPONSE command for xx bytes:

00 C0 00 00 xx

This gives me xx data bytes and the status word 0x6310 ("more data available"). What should I send next to receive further data as indicated by the status word?

APDU trace:

[SEND]    80 F2 E0 00 02 4F 00 00
[RECEIVE] 61 F2
[SEND]    00 C0 00 00 F2
[RECEIVE] <F2 bytes of data> 63 10
[SEND]    ???
Michael Roland
  • 39,663
  • 10
  • 99
  • 206
Микола Романюк
  • 123
  • 1
  • 9
  • 1
    Well, maybe you didn't receive all bytes? The card may return fewer bytes, Ne is the *maximum* amount of response data. If you don't succeed at once, try and try again. **Some APDU traces would be nice**. – Maarten Bodewes Jan 06 '17 at 15:44
  • [SEND] 80 F2 E0 00 02 4F 00 00 [RECEIVE] 61 F2 [SEND] 00 C0 00 00 F2 [RECEIVE] F2 Bytes of DATA and result 63 10 [SEND] ?? – Микола Романюк Jan 10 '17 at 16:22
  • Where has the F2 Instruction been defined? Class byte 80 indicates a proprietary command, so ISO 7816 is not too much help here... – Maarten Bodewes Jan 10 '17 at 16:35
  • It's a command for Applets/Packages list. To know that my Applet/Package already installed. Maybe you know better command? – Микола Романюк Jan 10 '17 at 16:58
  • Well, personally I would try and use T=1 for communication, definitely not T=0 (which you seem to use, as this is a GET RESPONSE command). Furthermore, the status words for Global Platform are in the Global Platform card specifications, and those are available for free online (after registration). Did you already take a look at the specs? – Maarten Bodewes Jan 10 '17 at 17:43
  • 63xx indicates a warning (but ok). The APDU was successful, but something (security related? ) was not valid. Have you tried to Verify PIN (ADM1 or PIN1) first? And just a guess : Try to run GetResponse with 0x10 bytes again. I don't have access to the GP specs at the moment, but I think that F2 is a GET STATUS and that should be accessible via I/O. What are you trying to do? – Bjoern Jan 14 '17 at 08:43

1 Answers1

3

Looking at the command/response sequence that you showed in your question and the fact that you are listing applets/packages, I would assume that this is about GlobalPlatform card management.

The command you are using (INS = 0xF2) is the GET STATUS command. P1 = 0xE0 indicates that you want to list the Issuer Security Domain, Applications, including Security Domains, and Executable Load Files. P2 = 0x00 indicates that you want to get the first or all occurrences (i.e. you want to start searching).

You then get 0xF2 data bytes in response to the command. The status word '6310' is defined by the GP Card specification to indicate that more data is available. Hence, you need to repeat the GET STATUS command until you receive a no error ('9000') status word. For repeating the GET STATUS command after a '6310' warning condition, you will need to change P2 to 0x01 to indicate that you want to get the next occurrences. Hence, in response to receiving the status word '6310', you would issue the following command:

80 F2 E0 01 02 4F 00 00
Michael Roland
  • 39,663
  • 10
  • 99
  • 206