0

I am trying to work with Gemalto sim card (JavaCard 3.0, GlobalPlatform 2.2.1). I want to read applets list and card life state. Then set OP_SECURED state and communicate with custom applet on card.

I'm tried to run simple script in GPShell-1.4.4

`

establish_context
enable_trace
enable_timer
card_connect
select -AID A000000151000000
open_sc -scp 1 -scpimpl 0x15 -security 3 -keyind 0 -keyver 0 -key 404142434445464748494a4b4c4d4e4f
get_status -element e0
card_disconnect
release_context

`

but received "6985: Command not allowed - Conditions of use not satisfied"

`

select -AID A000000151000000
Command --> 00A4040008A000000151000000
Wrapped command --> 00A4040008A000000151000000
Response <-- 6F7E8408A000000151000000A572736306072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B048000640B06092A864886FC6B040255650E060C2A864886FC6B0506010000016616060A2B060104012A026E0103060847544F303034011C9F6E0600773136011C9F6501FF9000
command time: 47 ms
open_sc -scp 1 -scpimpl 0x15 -security 3 -keyind 0 -keyver 0 -key 404142434445464748494a4b4c4d4e4f
Command --> 805000000808FC675C589A284D00
Wrapped command --> 805000000808FC675C589A284D00
Response <-- 6985
mutual_authentication() returns 0x80206985 (6985: Command not allowed - Conditions of use not satisfied.)

`

Also, I'm tried to use GlobalPlatformPro, but received same result. Info about card from GPP:

`

[WARN] GPData - Invalid CPLC date: 2A23
[WARN] GPData - Invalid CPLC date: FFFF
[WARN] GPData - Invalid CPLC date: FFFF
[WARN] GPData - Invalid CPLC date: FFFF
[WARN] GPData - Invalid CPLC date: FFFF
CPLC: ICFabricator=1290
      ICType=00D2
      OperatingSystemID=0077
      OperatingSystemReleaseDate=3136 (2013-05-16)
      OperatingSystemReleaseLevel=011C
      ICFabricationDate=2A23 (invalid date format)
      ICSerialNumber=FF300050
      ICBatchIdentifier=0002
      ICModuleFabricator=FFFF
      ICModulePackagingDate=FFFF (invalid date format)
      ICCManufacturer=FFFF
      ICEmbeddingDate=FFFF (invalid date format)
      ICPrePersonalizer=FFFF
      ICPrePersonalizationEquipmentDate=FFFF (invalid date format)
      ICPrePersonalizationEquipmentID=FFFFFFFF
      ICPersonalizer=FFFF
      ICPersonalizationDate=FFFF (invalid date format)
      ICPersonalizationEquipmentID=FFFFFFFF

IIN: 42048938003F
CIN: 450A8938003990338914650F
Card Data:
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.2
-> GP Version: 2.2
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.0
-> GP SCP80 i=00
Tag 64: 1.2.840.114283.4.2.85
-> GP SCP02 i=55
Tag 65: 1.2.840.114283.5.6.1.0.0.1
Tag 66: 1.3.6.1.4.1.42.2.110.1.3
-> JavaCard v3
Card Capabilities:
Supports: SCP02 i=05 i=15 i=55
Supports: SCP03 i=00 i=10 i=20 i=30 i=60 i=70 with AES-128 AES-196 AES-256
Supports: SCP80 i=00
Supported DOM privileges: SecurityDomain, DelegatedManagement, CardLock, CardTer
minate, CardReset, CVMManagement, MandatedDAPVerification, TrustedPath, Authoriz
edManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, Final
Application, GlobalService, ReceiptGeneration, CipheredLoadFileDataBlock, Contac
tlessActivation, ContactlessSelfActivation
Supported APP privileges: CardLock, CardTerminate, CardReset, CVMManagement, Tru
stedPath, GlobalRegistry, FinalApplication, GlobalService, ContactlessActivation
, ContactlessSelfActivation
Supported LFDB hash: 01020304
Supported Token Verification ciphers: FF03
Supported Receipt Generation ciphers: FF03
Supported DAP Verification ciphers: FF03
Version:   2 (0x02) ID:   1 (0x01) type: DES3 length:  24
Version:   2 (0x02) ID:   2 (0x02) type: DES3 length:  24
Version:   2 (0x02) ID:   3 (0x03) type: DES3 length:  24
Version:  32 (0x20) ID:   1 (0x01) type: DES3 length:  16
Version:  32 (0x20) ID:   2 (0x02) type: DES3 length:  16
Version:  32 (0x20) ID:   3 (0x03) type: DES3 length:  16

`

I don’t understand how to solve this problem.

OneUser
  • 3
  • 3
  • 1
    try SCP02 because SCP01 deprecated on GP 2.2 – Charles Lee Aug 13 '19 at 07:00
  • 1
    I realized what was the mistake. The correct command is: open_sc -scp 2 -scpimpl 0x55 -security 3 -keyind 0 -keyver 32 -key 404142434445464748494a4b4c4d4e4f – OneUser Aug 13 '19 at 09:31
  • @CharlesLee I think you could make that an answer, it could be useful to more people that don't know this and it seems to be the big mistake in the command given. I've voted to close, but if you answer then I'm happy to remove that close vote - then please comment below. – Maarten Bodewes Aug 18 '19 at 17:21
  • I posted the answer. thanks. – Charles Lee Aug 19 '19 at 01:51

2 Answers2

1

Better to shift on SCP03 as SCP02 has been marked unsafe and deprecated as well. As per second thread this card supports SCP03 as well

Abhishek
  • 145
  • 9
0

try SCP02 because SCP01 deprecated on GP 2.2

Refer to http://www.unsads.com/specs/GlobalPlatform/2.2/GPCardSpec_22_ReleaseNotes_20060325.pdf

Section 6 Secure Channel Protocols.

Charles Lee
  • 361
  • 1
  • 5