1

I am working with a Java Card for a closed payment application. My sample card has application A0000000041010 containing TLV 9F14, not in a record. I am unable to write that TLV to a blank card. My software can make, select and authenticate the application, but it cannot write the TLV using Store Data (cryptograms are struck out with xx):

Creating application: A0000000041010 OK
A0000000041010 Select: status [00] request string [00A4040007A000000004101000] return string [0200006F009000]
ApduSend EMV3:InitializeUpdate: status [00] request string [8050000008xxxxxxxxxxxxxxxx00] return string [02000000000000000000000000Fxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9000]
ApduSend EMV3:ExternalAuthenticate: status [00] request string [8482000010xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] return string [0200009000]
APDU failed: Referenced data or reference data not found (exact meaning depending on the command)
ApduSend GPCS:StoreData: status [00] request string [80E20000059010020303] return string [0200006A88]
Perso Bad
PROXMARK view:
73476256 |   73539712 | Rdr | 02  80  e6  0c  00  2e  0f  a0  00  00  03  96  54  53  00  00  |     |
         |            |     | 00  01  00  04  04  00  10  a0  00  00  03  96  54  53  00  00  |     |
         |            |     | 00  01  00  04  04  00  00  07  a0  00  00  00  04  10  10  01  |     |
         |            |     | 00  02  c9  00  00  84  e1                                      |  ok | ?
83668948 |   83675988 | Tag | 02  00  90  00  2b  76                                          |  ok |
93062352 |   93080944 | Rdr | 02  00  a4  04  00  07  a0  00  00  00  04  10  10  00  77  68  |  ok | ?
93323028 |   93331156 | Tag | 02  6f  00  90  00  9e  24                                      |  ok |
93355200 |   93374880 | Rdr | 03  80  50  00  00  08  xxxxxxxxxxxxxxxx  f3  |     |
         |            |     | 65                                                              |  ok | ?
95096548 |   95134628 | Tag | 03  00  00  00  00  00  00  00  00  00  00  ff  02  00  5d  xx  |     |
         |            |     | xxxxxxxxxxxxxxxx  90  00  a0  |     |
         |            |     | d8                                                              |  ok |
95352592 |   95380400 | Rdr | 02  84  82  00  00  10  xxxxxxxxxxxxxxxx    |     |
         |            |     | xxxxxxxxxxxxxxxx    ab  75                                  |  ok | ?
96440244 |   96446068 | Tag | 02  90  00  f1  09                                              |     |
96478816 |   96493952 | Rdr | 03  80  e2  00  00  05  90  10  02  03  03  d1  0e              |  ok | ?
96581172 |   96587060 | Tag | 03  6a  88  15  da                                              |     |

My references are Global Platform Card Spec, EMV Books 2 and 3, and ISO7816-4 and -9. I have a sample perso script showing APDUs that should work. Here is a short one:

# Log: Writing DGI0x9010
# SendApdu: CPS.StoreData
=> 80 E2 00 0C [05] 9010|02 <0303>
<= [9000]

I tried sending 9010020303 instead of my actual TLV, with the same result.

So what am I doing wrong with these APDUs?

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Larry Martin
  • 89
  • 1
  • 10

1 Answers1

1

It turns out that my APDUs are fine by the standard, but the payment applet is not standard. It expects the TLVs to be wrapped in DGIs that address the data on the chip. Details are specific to the applet and confidential.

Larry Martin
  • 89
  • 1
  • 10
  • Probably better to remove the Q/A altogether then, before I start guessing the solution here :) Seriously, glad you got it solved, but this isn't likely to help anybody else. – Maarten Bodewes Feb 27 '20 at 13:55
  • Thanks, Maarten, but I'm not so sure. Until I proved the answer was in proprietary space, I really did think I was doing something wrong. For someone learning the technology like I was, that distinction can be important. – Larry Martin Mar 08 '20 at 12:05
  • Well, OK, voted up in the hope that somebody will find it useful and because you created a good question and answer. – Maarten Bodewes Mar 08 '20 at 12:50