gp.exe, GPShell.exe J2A040 from Ali(e^x)press 0x80302000

Other Tools
jcmagicpl
Posts: 1
Joined: Sat Nov 12, 2016 4:28 pm
Points :54
Contact:

gp.exe, GPShell.exe J2A040 from Ali(e^x)press 0x80302000

Post by jcmagicpl » Thu Dec 22, 2016 3:32 pm

Hi,
Few weeks ago I bought 5 J2A040 cards from Piswords Store.
All card was unfused so I fuse(pre-personalize) it by send sequence of commands:
1. 00 A4 04 00 10 C2 38 E4 49 F7 25 B1 51 0E AA 69 95 50 CA BA 16
2. 00 F0 00 00
3. 00 10 00 00
4. 00 00 00 00

After that I check that card was personalize correctly. I use JCOP Manager and I make few screenshots with card information







In this stage all seems to be OK. But when I try to get installed applet list (it should be empty list) I got errors :o
I clicked on Applet tab


next went to "Enter Keys" dialog and past default keys 40..4F



I suppose that keys are OK, but app showed me annoying error:




Next I try to get more info from GP.exe (0.3.9 version), so I do:

GlobalPlatformPro-0.3.9\gp -d -v -i

And I got result:

Code: Select all

[DEBUG] PlaintextKeys - static keys:
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F KCV: 8BAF47
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F KCV: 8BAF47
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F KCV: 8BAF47
# Detected readers from JNA2PCSC
[*] SCM Microsystems Inc. SCR3340 - ExpressCard54 Smart C 0
SCardConnect("SCM Microsystems Inc. SCR3340 - ExpressCard54 Smart C 0", T=*) -> T=1, 3BF81300008131FE454A434F5076323431B7
SCardBeginTransaction("SCM Microsystems Inc. SCR3340 - ExpressCard54 Smart C 0")
Reader: SCM Microsystems Inc. SCR3340 - ExpressCard54 Smart C 0
ATR: 3BF81300008131FE454A434F5076323431B7
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3BF81300008131FE454A434F5076323431B7

A>> T=1 (4+0000) 00A40400 00
A<< (0103+2) (47ms) 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
[DEBUG] GlobalPlatform - Auto-detected ISD AID: A000000003000000
[DEBUG] GlobalPlatform - Auto-detected block size: 255
[WARN] GlobalPlatform - Unknown/unhandled tag in FCI proprietary data: 9F6E06479100783300
[DEBUG] GlobalPlatform - Auto-detected GP version: GP211
***** Card info:
A>> T=1 (4+0000) 80CA9F7F 00
A<< (0045+2) (31ms) 9F7F2A47905035479100783300504902710297774848125056000000000A254A32373130320000000000000000 9000
Card CPLC:
ICFabricator: 4790
ICType: 5035
OperatingSystemID: 4791
OperatingSystemReleaseDate: 0078
OperatingSystemReleaseLevel: 3300
ICFabricationDate: 5049
ICSerialNumber: 02710297
ICBatchIdentifier: 7748
ICModuleFabricator: 4812
ICModulePackagingDate: 5056
ICCManufacturer: 0000
ICEmbeddingDate: 0000
ICPrePersonalizer: 0A25
ICPrePersonalizationEquipmentDate: 4A32
ICPrePersonalizationEquipmentID: 37313032
ICPersonalizer: 0000
ICPersonalizationDate: 0000
ICPersonalizationEquipmentID: 00000000
***** CARD DATA
A>> T=1 (4+0000) 80CA0066 00
A<< (0078+2) (31ms) 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
Unknown tag: 4c
***** KEY INFO
A>> T=1 (4+0000) 80CA00E0 00
A<< (0020+2) (16ms) E012C00401FF8010C00402FF8010C00403FF8010 9000
VER:255 ID:1 TYPE:DES3 LEN:16
VER:255 ID:2 TYPE:DES3 LEN:16
VER:255 ID:3 TYPE:DES3 LEN:16
Key version suggests factory keys
SCardEndTransaction()



Next I use GShell (ver. 1.4.4) to get access to the card applet list with script:

Code: Select all

mode_211
]enable_trace
enable_timer
establish_context
command time: 15 ms
card_connect -readerNumber 3
command time: 235 ms
select -AID A000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E01029000
command time: 78 ms
open_sc -scp 2 -security 3 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E01029000
Command --> 8050000008B371F1354FAEA11000
Wrapped command --> 8050000008B371F1354FAEA11000
Response <-- 00005049027102977748FF020000876E603B9A3F54372DC6ABBEB9BA9000
mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)


But I always get error response
mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)


My question is: Is the card something wrong or I make something wrong to get applet list?

P.S.
After several attempts one of the cards was blocked and after that I always get response:

mutual_authentication() returns 0x80206982 (6982: Command not allowed - Security status not satisfied.)
You do not have the required permissions to view the files attached to this post. Please login first.

User avatar
mabel
Posts: 237
Joined: Mon May 18, 2015 3:09 am
Points :1701
Contact:

Re: gp.exe, GPShell.exe J2A040 from Ali(e^x)press 0x80302000

Post by mabel » Thu Dec 22, 2016 10:09 pm

The second command >>00 F0 00 00 has made all the card configurations back to default value. And that the default setting of card manager keys are Random Values.

The last command you sent >> 00 00 00 00 is FUSE command. The FUSE command disables the access to the Root Applet permanently. Consequently, no further Root Applet commands are available.

So this card can not work any more.

Keep in mind that if you still want to modify the card parameters, DO NOT send FUSE command.

retrospect
Posts: 2
Joined: Fri Aug 18, 2017 3:49 pm
Points :22
Contact:

Re: gp.exe, GPShell.exe J2A040 from Ali(e^x)press 0x80302000

Post by retrospect » Fri Aug 18, 2017 5:28 pm

how did you solve the issue here? I got the same problem. I lock my jcop card.

vincentbrok17
Posts: 3
Joined: Fri Jun 19, 2020 11:33 am
Points :32
Contact:

Re: gp.exe, GPShell.exe J2A040 from Ali(e^x)press 0x80302000

Post by vincentbrok17 » Fri Jun 19, 2020 5:09 pm

hi,someone can help me to initialize jcop java card, please, you can send
a guide or a photo for initialize jcop...
if you want you can search me on telegram @DrDestiny1789
thank you so much

vincentbrok17
Posts: 3
Joined: Fri Jun 19, 2020 11:33 am
Points :32
Contact:

Re: gp.exe, GPShell.exe J2A040 from Ali(e^x)press 0x80302000

Post by vincentbrok17 » Fri Jun 19, 2020 5:11 pm

hi,someone can help me to initialize jcop java card, please, you can send
a guide or a photo for initialize jcop...
if you want you can search me on telegram @DrDestiny1789
thank you so much

sebus
Posts: 3
Joined: Tue Aug 11, 2020 5:50 am
Points :20
Contact:

Re: gp.exe, GPShell.exe J2A040 from Ali(e^x)press 0x80302000

Post by sebus » Wed Aug 12, 2020 4:48 am

If the card is white with chip & strip:

Code: Select all

J2A040
NXP JCOP v2.4.x
T=1, ATR: 3B F8 13 00 00 81 31 FE 45 4A 43 4F 50 76 32 34 31 B7
then this should do fine with gpshell

Code: Select all

//pre-personalize command

mode_211
enable_trace
establish_context
card_connect

send_apdu -sc 0 -APDU 00A4040010C238E449F725B1510EAA699550CABA16
send_apdu -sc 0 -APDU 00F00000
send_apdu -sc 0 -APDU C0D6029A02F807
send_apdu -sc 0 -APDU C0D60124010B
send_apdu -sc 0 -APDU C0D60147010B
send_apdu -sc 0 -APDU C0D6012201FE
send_apdu -sc 0 -APDU C0D601260908F01300008131FE45
send_apdu -sc 0 -APDU C0D601490908F01300008131FE45
send_apdu -sc 0 -APDU C0D6013609084a434f5076323431
send_apdu -sc 0 -APDU C0D6015909084a434f5076323431
send_apdu -sc 0 -APDU C0D603010101
send_apdu -sc 0 -APDU C0D6030510404142434445464748494A4B4C4D4E4F
send_apdu -sc 0 -APDU C0D6031d0101
send_apdu -sc 0 -APDU C0D6032110404142434445464748494A4B4C4D4E4F
send_apdu -sc 0 -APDU C0D603390101
send_apdu -sc 0 -APDU C0D6033D10404142434445464748494A4B4C4D4E4F
send_apdu -sc 0 -APDU 00100000
//fuse command (only fuse when ready!)
//00000000

card_disconnect
release_context

andromeda92
Posts: 35
Joined: Tue Aug 18, 2020 6:08 pm
Points :286
Contact:

Re: gp.exe, GPShell.exe J2A040 from Ali(e^x)press 0x80302000

Post by andromeda92 » Wed Aug 26, 2020 8:01 pm

Hi,
I have the same problem, has anyone tested the above GPShell script, and does it work? my card is a J2A040. Cause I'm gonna get a second card, the first one is locked.
Thans in advance.

EDIT:
This script is ok for pre-personalize card J2A040
except that I commented the line below

//send_apdu -sc 0 -APDU 00100000

i don't know if it's the right thing to do for PROTECT command

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 4 guests

JavaCard OS : Disclaimer