Page 1 of 2

BAC problem on reading the data.

Posted: Wed May 11, 2016 4:22 am
by t0mkaka
Hi,

I am new to working with the passport applet but here is what I have done.

1. I downloaded the passport applet from http://javacardos.com/tools/passport.html and uploaded it and installed it on the JavaCard that I have.

2. Now from the above page I went to step 2. to create a passport. I entered the information like, Name, Country, Portrait, DOB,DOE, etc. and then genreated AA keys, upload the passport with my Card Encoder and saved it. Now there is no feedback that the card is encoded. Anyways due to no feedback I assume that the card is encoded.

3. Now I closed the whole application and started the JMRTD application again for reading as told in Step 3. But only a blank screen with BAC columns appear which is the first screen of JMRTD application. I add the BAC params that I had encoded earlier.

But now when I start the application there is no output of anything wrong / right.

I tried other passport readers and when they read they show that wrong BAC entered.
How can I read the passport from the tools page of this forum. Are there any more steps.
Please, any help is gratefully received.

Re: BAC problem on reading the data.

Posted: Wed May 11, 2016 5:16 am
by UNKNwYSHSA
1 You can open the APDU trace Window. All apdus the program sent to your card are traced here. You can use it to ensure that the passport is uploaded success or not. The last APDU command shall be "00 DA DE AD" and reponse shall be "9000" when passport uploaded.
Open APDU trace window: Main Window -> menu Tools -> Preferences ... -> tab Terminals -> APDU Tracing -> Check the checkbox Trace APDUs -> OK.

2 I don't know what is the "Card Encoder"? What's its function(s)?

Waiting for your APDUs log.

Re: BAC problem on reading the data.

Posted: Wed Nov 23, 2016 5:50 pm
by k0v4csistv4n
Hi Everybody,

I Have a little problem with the epassport applet personalization.

I run the Applet on JCIDE and then I Install and select the applet from pyapdotool.

Connect successful.
Select CardManager begin...
Select CardManager successful.
Download Cap begin...
Download Cap error: Download cap file failed. Send: 80 E6 02 00 0B 06 A0 00 00 02 47 10 00 00 00 00 01, Recv: 69 85.
Install Applet begin...
Install Applet successful.
Select Applet begin...
Select Applet successful.
Disconnect successful.

(Download was fail, because the applet was downloaded by JCIDE before... - I think)

Then I try to upload the passport data from JMRTD.

But I have an error:

>> 00 A4 04 0C 07 A0 00 00 02 47 10 01
<< 90 00

>> 00 DA 00 62 1D 62 1B 04 09 31 32 33 34 35 36 37 38 39 04 06 38 30 31 31 32 33 04 06 32 36 31 31 32 33
<< 6F 00

Anybody have an idea how I can solve this problem?

I created the AA key and EAC key. I need more to do before the download? (PKI keys, or other things?)

or:

How I can save this data to bin files and upload the card with apdu commands or with gpshell or any other tools?

Summarize: How I can personalize this virtual card? It is possible?

Thanks your suggestions!

I.

Re: BAC problem on reading the data.

Posted: Wed Nov 23, 2016 11:03 pm
by mabel
k0v4csistv4n wrote:Hi Everybody,

I Have a little problem with the epassport applet personalization.

I run the Applet on JCIDE and then I Install and select the applet from pyapdotool.

Connect successful.
Select CardManager begin...
Select CardManager successful.
Download Cap begin...
Download Cap error: Download cap file failed. Send: 80 E6 02 00 0B 06 A0 00 00 02 47 10 00 00 00 00 01, Recv: 69 85.
Install Applet begin...
Install Applet successful.
Select Applet begin...
Select Applet successful.
Disconnect successful.

(Download was fail, because the applet was downloaded by JCIDE before... - I think)

Then I try to upload the passport data from JMRTD.

But I have an error:

>> 00 A4 04 0C 07 A0 00 00 02 47 10 01
<< 90 00

>> 00 DA 00 62 1D 62 1B 04 09 31 32 33 34 35 36 37 38 39 04 06 38 30 31 31 32 33 04 06 32 36 31 31 32 33
<< 6F 00

Anybody have an idea how I can solve this problem?

I created the AA key and EAC key. I need more to do before the download? (PKI keys, or other things?)

or:

How I can save this data to bin files and upload the card with apdu commands or with gpshell or any other tools?

Summarize: How I can personalize this virtual card? It is possible?

Thanks your suggestions!

I.


Have you already solved this problem?

Re: BAC problem on reading the data.

Posted: Wed Nov 23, 2016 11:03 pm
by UNKNwYSHSA
I had test this problem.
Connect your card with protocol T=1. And the command will successfully completed.
Maybe the applet is written for protocol T=1.

Re: BAC problem on reading the data.

Posted: Thu Nov 24, 2016 7:24 am
by k0v4csistv4n
UNKNwYSHSA wrote:I had test this problem.
Connect your card with protocol T=1. And the command will successfully completed.
Maybe the applet is written for protocol T=1.


Hmmmm.....

Now run the upload successfully..... (but I don't understand why...)

thenks the help...

Re: BAC problem on reading the data.

Posted: Thu Nov 24, 2016 8:06 am
by k0v4csistv4n
The passport is very nice now but when I try to upload then I got some error:

Code: Select all

>> 00 A4 04 0C 07 A0 00 00 02 47 10 01
<< 90 00

>> 00 A4 02 0C 02 01 1E
<< 6A 82

>> 00 A4 04 0C 07 A0 00 00 02 47 10 01
<< 90 00

>> 00 84 00 00 08
<< 69 82

>> 00 82 00 00 28 A2 3E 5E 9D 83 C4 8C 70 E0 8F 2D 3E BD 6E C1 78 E9 FC DB 7F FB 1B 78 A8 6F 82 81 B5 92 97 A0 95 15 7D 23 D3 E3 23 C5 29
<< 69 82

>> 00 82 00 00 28 A2 3E 5E 9D 83 C4 8C 70 E0 8F 2D 3E BD 6E C1 78 E9 FC DB 7F FB 1B 78 A8 6F 82 81 B5 92 97 A0 95 15 7D 23 D3 E3 23 C5 29
<< 69 82

>> 00 DA 00 62 1D 62 1B 04 09 31 32 33 34 35 36 37 38 39 04 06 31 36 31 31 32 34 04 06 31 36 31 31 32 34
<< 6F 00


after this all the command was successfull and the end I see the DEAD.

Code: Select all

>> 00 D6 00 00 16 60 14 5F 01 04 30 31 30 37 5F 36 06 30 34 30 30 30 30 5C 02 61 75
<< 90 00

>> 00 DA DE AD
<< 90 00


When I try to testing the BAC the process is stopped here (in GET CHALLENGE function)

Code: Select all

           if (!hasMutualAuthenticationKeys() || hasMutuallyAuthenticated()) {
                ISOException.throwIt(SW_SECURITY_STATUS_NOT_SATISFIED);
            }


Any idea, how can I fix this error?

I try to understand what happened here, but not clear for me what checked here.

If I remove the "!" before the hasMutualAuthenticationKeys() then the process will hang up when I try to extend authentication.

Re: BAC problem on reading the data.

Posted: Thu Nov 24, 2016 10:38 pm
by UNKNwYSHSA
k0v4csistv4n wrote:
UNKNwYSHSA wrote:I had test this problem.
Connect your card with protocol T=1. And the command will successfully completed.
Maybe the applet is written for protocol T=1.


Hmmmm.....

Now run the upload successfully..... (but I don't understand why...)

thenks the help...


When using T=0, the command header (5 bytes) are received. But data field bytes not received.
So the tlv data parse failed.
Then the exception 0x6F00 raised.
When using T=1, the IFSC normally (depend on parameters of each card) is APDU buffer size, it is greater than command size, So the receive process not needed.

If you want to use T=0, you have to code for data field bytes receive (Use api method apdu.setIncomingAndReceive() and apdu.receiveBytes()), then parse data after all data bytes received.
Use T=1 is the simplest.

To implement command data receive function, see JavaCard API specification vx.x.x -> class APDU.

Re: BAC problem on reading the data.

Posted: Fri Nov 25, 2016 1:54 am
by UNKNwYSHSA
k0v4csistv4n wrote:The passport is very nice now but when I try to upload then I got some error:

Code: Select all

>> 00 A4 04 0C 07 A0 00 00 02 47 10 01
<< 90 00

>> 00 A4 02 0C 02 01 1E
<< 6A 82

>> 00 A4 04 0C 07 A0 00 00 02 47 10 01
<< 90 00

>> 00 84 00 00 08
<< 69 82

>> 00 82 00 00 28 A2 3E 5E 9D 83 C4 8C 70 E0 8F 2D 3E BD 6E C1 78 E9 FC DB 7F FB 1B 78 A8 6F 82 81 B5 92 97 A0 95 15 7D 23 D3 E3 23 C5 29
<< 69 82

>> 00 82 00 00 28 A2 3E 5E 9D 83 C4 8C 70 E0 8F 2D 3E BD 6E C1 78 E9 FC DB 7F FB 1B 78 A8 6F 82 81 B5 92 97 A0 95 15 7D 23 D3 E3 23 C5 29
<< 69 82

>> 00 DA 00 62 1D 62 1B 04 09 31 32 33 34 35 36 37 38 39 04 06 31 36 31 31 32 34 04 06 31 36 31 31 32 34
<< 6F 00


after this all the command was successfull and the end I see the DEAD.

Code: Select all

>> 00 D6 00 00 16 60 14 5F 01 04 30 31 30 37 5F 36 06 30 34 30 30 30 30 5C 02 61 75
<< 90 00

>> 00 DA DE AD
<< 90 00


When I try to testing the BAC the process is stopped here (in GET CHALLENGE function)

Code: Select all

           if (!hasMutualAuthenticationKeys() || hasMutuallyAuthenticated()) {
                ISOException.throwIt(SW_SECURITY_STATUS_NOT_SATISFIED);
            }


Any idea, how can I fix this error?

I try to understand what happened here, but not clear for me what checked here.

If I remove the "!" before the hasMutualAuthenticationKeys() then the process will hang up when I try to extend authentication.


First log block:
1 SELECT APPLET: passed;
2 SELECT FILE: failed;
3 GET CHALLENGE: failed;
4 EXT AUTH: failed;
5 EXT AUTH: failed;
All OK, because the passport is not uploaded, that means the passport applet is not personalized.

// Upload passport begin ...
6 PUT DATA...: failed;
This command personalize the BAC data (doc number, birthday, expireday), the applet don't know the BAC data, then applet unable to execute BAC auth.

So you need take attention to this command.
And We already discusses this problem right now, Use T=1 please!
Maybe you need to set your card ATR to support T=1 only.

Re: BAC problem on reading the data.

Posted: Sat Nov 26, 2016 12:44 pm
by k0v4csistv4n
Hi UNKNwYSHSA!

Thanks man, I solved this problem. The apdu.getBuffer() was wrong. But I set the simulator to force use T=1 mode and voila, everything is works now.
I can personalised the epassport succesfully with jmrtd.

I try to verify BAC with openscdp scripts and RFiDiOT mrpkey.py but it was unsuccesfull at this time (but this is another story)

Thanks again.

Regards!