smartcard,apdu,smartcard-reader , Smart Card Reader T0 T1 communication on APDU level


Smart Card Reader T0 T1 communication on APDU level

Question:

Tag: smartcard,apdu,smartcard-reader

I am struggle to understand what protocol I have to use to communicate with the card T0 or T1? So, correct me if I am wrong, but the reader actually decides by itself what protocol to use to communicate with the card if the card supports both.

So my logic right now is:

// if ATR(T1) -> set_params(T1 structure) -> T1 APDU communication
// if ATR(T0) -> set_params(T0 structure) -> T0 APDU communication

But it turned out that the logic is wrong and it accidentally worked for majority of readers. I have just discovered the reader that expects T0 communication even if the card ATR returns T1.

Q: What is the logic must be to determine what protocol to use? And if there is a spec behind it, can you please point me out to it.

Edited: I forgot to mention that my code is at pre-boot environment (UEFI) before the OS. So I don't have (use) any APIs whatsoever. My code is at byte-stream APDU level and talks directly to hardware using UEFI UsbIo communication.

Thanks to all!

All the best,

Alex


Answer:

Ok, I re-read the spec (7816-3) again and again, maybe 5 times or more. These are my findings:

According to the Spec there are no such things as "automatic" and "default" protocols whatsoever.

8.2.3 Interface bytes TA TB TC TD

The “first offered transmission protocol” is defined as follows. If TD1 is present, then it encodes the first offered protocol T. If TD1 is absent, then the only offer is T=0.

Ok going further...

6.3.1 Selection of transmission parameters and protocol

... until completion of a successful PPS exchange (see 9.3), after what the interface device shall start the negotiated transmission protocol using the negotiated values of the transmission parameters.

Next one is more interesting in this case:

Otherwise, the interface device shall have started the “first offered transmission protocol” (see TD1 in 8.2.3). The interface device shall do so when the card offers only one transmission protocol and only the default values of the transmission parameters. Such a card need not support PPS exchange.

With Card A it is not entirely true because it does support PPS exchange! It is simply doesn't work with Cherry reader.

Ok, the next key point is in 6.3.1:

NOTE 3 An interface device facing a card in negotiable mode and supporting neither PPS exchange nor the “first offered transmission protocol” can perform either a warm reset or a deactivation.

Thus in case of Cherry reader it doesn't follow the standard! it shell support communication in first offered protocol, which is T1.

I found a really interesting stuff in SmartCard Handbook, 4th Edition 8.2 PROTOCOL PARAMETER SELECTION (PPS) chapter:

The PPS process described above is not suitable for changing protocols with a terminal that has its own specific protocol but cannot execute a PPS.

Figure 8.11 A possible sequence for switching between two transmission protocols supported by a smart card without using a PPS. With the sequence outlined here, the terminal does not have to perform an explicit PPS, but can nevertheless switch between the two protocols by initiating a reset...

...This solution is not ideal from a technical perspective, since a device should always behave the same after each reset, but it is certainly a pragmatic solution for a heterogeneous terminal world.

It doesn't apply to my card though because card doesn't switch the protocol by performing warm reset. But it might be an answer to the weird behavior of the reader.


Related:


Unable to construct VERIFY_PIN_DIRECT control command


smartcard,apdu,smartcard-reader,openpgp,pcsc
I'm writing a JAVA-app to access my OpenPGP-Card V2.0. The card terminal im using is a "REINER SCT cyberJack RFID standard" which only supports PC/SC under OSX, and now I want to implement the PC/SC 2.0-command "VERIFY_PIN_DIRECT". I tried the following control sequence, the bytes after the | are the...

Smart Card Reader T0 T1 communication on APDU level


smartcard,apdu,smartcard-reader
I am struggle to understand what protocol I have to use to communicate with the card T0 or T1? So, correct me if I am wrong, but the reader actually decides by itself what protocol to use to communicate with the card if the card supports both. So my logic...

Performance measures : Java vs JavaCard [closed]


java,performance,time,smartcard,javacard
I implemented two algorithms in Java. To compare their effectiveness, I call each function 1000 times and compare the execution time (using System.currentTimeMillis()). It needs 2500 ms to execute the first one and 1300 ms for the second one. With these results, I thought have a significative difference (in term...

how changing master key or other keys can provide security ?how used session key to keep the further communication between DESFire and reader?


security,session,authentication,nfc,smartcard
I am working on the ticket electronik that tickets are DESFire cards. I want communications be safe . i now trying change PICC key . Before changing DESFire master key Authenticate with master key is necessary. In desfire sheet about Authenticate at page 31 was described: "This procedure not only...

Howto list files on a smartcard with pyscard


python,smartcard,apdu,smartcard-reader,pyscard
I have to read out a file from a smartcard. The card is written by a digital tachograph that monitors vehicle movements. I could connect to the smartcard reader with psycard (http://pyscard.sourceforge.net/user-guide.html) but then I don't know how to list files on the card and how to download them. I...

JavaCard - pure software implementation of ECC over GF(2^n)


security,cryptography,smartcard,javacard
I have smartcards by NXP that support ECC over GF(p) and that do not support ECC over GF(2^n). In my project I need to use this particular type of smartcard (thousands of instances are used already). However, I need to add verification of EC signature over sect193r1, which is a...

Two OwnerPIN object in Java Card


security,smartcard,javacard,apdu,pin-code
I am working on a Java Card application where our requirement is to keep some static data and balance in the card. For security I was thinking to make 2 object of OwnerPIN. One object is for terminal authentication (i.e. the terminal needs to send 8 bytes of data to...

How to change master key of DESfire cards?What is deciphered key?


smartcard,mifare
I want to change the master key of a DESfire card. I read mifare DESFire datasheet already, but as I am new in this field, I couldn't understand it. It is explained how to Change the Key at page 37 of above document. Can anybody give me an example or...

Change PIN of a Gemalto Smartcard through a script


smartcard,gemalto
We have to use the Gemalto IDPrime .Net card Smartcard. We get these USB Dongles and have to change the PIN. Gemalto says via windows: From the Start menu, choose Run and type PINTool. Insert a IDPrime .Net card in the reader as prompted, and click OK. The change PIN...

Send APDU commands to USIM/SIM card in android


android,smartcard,at-command,javacard,sim-card
I was already worked with smart cards and I am familiar with APDU commands (that are defined in ISO/IEC 7816 and Global Platform specifications). Now I want to know if is there any way to send an APDU command to my USIM/SIM card that is inserted to my mobile phone?...

I got 0x9E parameter error while Credit value file on DESFire card


android,nfc,mifare,apdu,contactless-smartcard
I now work with value files on DESFire cards. I created a value file in my DESFire card with the following command: byte[] cmdCreateValueFile = new byte[]{ //cmd (byte)0xCC, //file no (byte)0x01, //com.sett. (byte)0x00 , //access rights (byte)0x44 , (byte)0x44, //lower limit (byte)0x00 ,(byte)0x00 ,(byte)0x00 ,(byte)0x00 , //upper limit (byte)0x00...

Sending signature data in response APDU - Java Card


digital-signature,smartcard,javacard,apdu,ecdsa
I would like to sign some data (the MESSAGE byte array) on my Java Card and then return the signature in a response APDU. My code works fine (or at least I think it does and it returns 9000) without the line apdu.sendBytes(BAS, sSignLen), but when I uncomment it I...

ADPU Service in iOS


ios,nfc,smartcard,apdu,contactless-smartcard
I'm looking for an NFC solution for iOS similar to HostApduService for Android. Can someone tell me how can I exchange APDU commands in iOS. Thank you....

Promag Card Reader PHP Accessing


php,smartcard,pcsc
I have promag 310 card reader. It is connect to PC with com port. I want to access card ID with PHP xampp in windows platform. I add php_pcsc.dll to extension folder. And I update php.ini with it. then I wrote this code: $context = scard_establish_context(); $readers = scard_list_readers($context); print_r($readers);...

Secure Box in JCOP card


smartcard,javacard,globalplatform,jcop,nxp-microcontroller
JCOP V2.4.2 Revision 3 Security Target: Page 11-12 A Secure Box concept is implemented within JCOP 2.4.2 R3. The Secure Box is a construct which allows to run non certified third party native code and ensures that this code cannot harm, influence or manipulate the JCOP 2.4.2 R3 operating system...

JavaCard applet emulating DESFireEV1


smartcard,javacard,mifare,emulation
My question is simple: is there any existing opensource JavaCard applet emulating the functionality of Mifare DESFireEV1? (the API would have to be a little modified, of course, Select Application 112233 would be for example 80 5A 00 00 03 33 22 11 00 instead of native DESFire command 5A...

APDU MIFARE Classic 4K read value at specific sector/block


nfc,smartcard,mifare,apdu,smartcard-reader
I'm trying to read some data from my MiFare Classic 4K smartcard. I already know the exact sector/block location of the data (because of a dump via Android), but I don't know how to show it in SpringCard Prox'N'Roll. I know how to access my card and I did a...

Cardholder name not included when reading EMV card


nfc,apdu,contactless-smartcard,emv,tlv
I've successfully been able to retrieve the card number and expiry date from a contactless debit/credit card. However, the cardholder name is not being returned in the READ RECORD command response. Am I missing a something? - Select Application # IN_DATA_EXCHANGE >> D4 40 01 00 A4 04 00 07...

ISO7816 - Odd INS codes?


smartcard,javacard,apdu
I found these mysterious lines in ISO 7816, (http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_5_basic_organizations.aspx#chap5_4): 5.4.2 Instruction byte The instruction byte INS of a command shall be coded to allow transmission with any of the protocols defined in part 3 of ISO/IEC 7816. Table 10 shows the INS codes that are consequently invalid. Table 10 -...

Memory Access Performance in Java Card


performance,memory,smartcard,javacard
Supposing that I instanced a persisant byte array in Java Card with a length of 30 000 (byte[] array = new byte[(short) 0x7530];) that I run through everytime I use my applet. I also instanced an index i that I set everytime I run through my array to 'remember' at...

Is it possible to program a “Java Card” - enabled smart card in any other language than Java?


c,embedded,smartcard,javacard
I have a Java Card enabled smart card and a card reader that was given by my Lab-instructor. I am supposed to do a project using Java Card 2.1.1 API. I don't like the Java Card API. Is it possible to program my given smart card using any other language...

I got 0x1E error (INTEGRITY_ERROR) while change DESFire master key.What are my mistakes?And How can I resolve?


java,apdu,crc16,contactless-smartcard
Whole update1: see question again. I recently am working with DESFire cards .I now decide to change defult master key of PICC. (I already could authenticate with master key all 8 byte 0x00 successfully) 1- Defult master key is 8 byte of zero.It is 00 00 00 00 00 00...

How to send a data array to my Applet and manipulation it by Applet and return new data in response apdu?


arrays,applet,javacard,apdu
I want to send a random byte array including for example 24 elements to my JavaCard applet and then my applet is supposed to change that array using a specific method. For example that method XOR each elements with 0x05 and returns the result array in APDU response. To aim...

Smart cards and their files


smartcard,javacard
As far as you know, we can list the applets that reside in a java card using tools such as GlobalPlafromPro as follow: GP: gp -list AID: A000000003000000 (|........|) ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected CVM (PIN) management AID: 010203040506 (|......|) App SELECTABLE: (none) AID: 0102030405...

C on smartcards [closed]


c,smartcard
I have the task to write some crypto stuff in C and make it lightweight. The idea behind making it lightweight is, that it could run on a smartcard which doesn't offer much computational power and memory. It won't come to actually running it on a smartcard and it won't...

Javacard applet beginner


java,applet,smartcard,javacard
I am new to javacard applet development.How many development tools are there now? Which is the simplest for beginners? As simple as possible... Thanks in advance

Ways of generating a digital signature with .NET Framework


.net,visual-c++,c++-cli,smartcard,sign
What's the other way of creating a digital signature using a private key (that's on a smart card, with certificate installed in local certificate store) in .NET Framework other than this one, for I have no clue as to how to find out the key container name (and it seems...

Recovering an ECPublicKey from JavaCard to Java


java,bouncycastle,javacard,apdu,elliptic-curve
I am trying to implement ECDH between a terminal (simulated by my computer) and a smart card (Java Card). I fixed the elliptic curve that I want to use, and on the card side I have the following code to run the first part of the protocol : ECPublicKey pubKey...

Extended APDUs and T=0/1 communication protocols


smartcard,javacard,smartcard-reader,globalplatform,pyscard
I have a JCOP V2.4.2 R3 java card that it is mentioned in its datasheet "The card support both T=1 and T=0 communication protocols" I have also an ACR38 smart card reader that it support both T=0 and T=1 protocols. (I have T=0 communication with one card successfully and T=1...

Smartcard PKCS11 AES Key Gen Failure


python,aes,smartcard,pkcs11
I am attempting to create an AES 256 key on an ACOS5-64 smartcard and OMNIKEY 3121 card reader, using PKCS11 in python (using the PyKCS11 library). So far, all the "standard" operations seem to work with regards to asymmetric crypto. I have run plenty of code samples and pkcs11-tool commands,...

Is this a bug in Transaction mechanism in javacards?


transactions,smartcard,javacard
I wrote the below program and upload it on my card : package transactionMechanismBugCheck; import javacard.framework.APDU; import javacard.framework.Applet; import javacard.framework.ISOException; import javacard.framework.JCSystem; public class TransactionMechanismBugCheck extends Applet { short[] arrayS; byte[] arrayB; private TransactionMechanismBugCheck() { } public static void install(byte bArray[], short bOffset, byte bLength) throws ISOException { new TransactionMechanismBugCheck().register();...

Recovering an ECPublicKey from Java to JavaCard


java,cryptography,javacard,apdu,elliptic-curve
This question is related to the one I asked yesterday : Recovering an ECPublicKey from JavaCard to Java I have the same problem but in the opposite way : After sending the public key from my card to my computer (the point is represented as an octet string in uncompressed...

AID for HID readers


android,nfc,apdu,hce,contactless-smartcard
If I want my android phone to emulate a physical card to the following reader: http://www.hidglobal.com/products/readers/iclass/rw100 Which AID would I have to use? I was following this example: https://developer.android.com/guide/topics/connectivity/nfc/hce.html#HceServices But when debugging, my code never reaches the public byte[] processCommandApdu(byte[] commandApdu, Bundle extras) { method. Seems the Android device still...

UID of a NFC/SWP-accessed SIM card


android,nfc,smartcard,sim-card
SIM card is used as a secure element in my project. It is accessed through NFC-SWP contactless interface from a terminal device. I need to identify the SIM card somehow with a unique and permanent identifier and I need to be able to read the identifier through NFC. ICCID seems...

Make 2 cardlet Java Card communicate


applet,smartcard,channel,javacard
I have 2 cardlets Java Card on the same smart card that I want to make communicate. I could select an applet then send the corresponding APDU and then deselect it and select the other one and etc... I am wondering if it is possible to do it more properly...

NFC SWP applet selection returns 6999


android,nfc,smartcard,javacard,sim-card
I have a simple JavaCard applet installed on my SIM card. I try to communicate with my applet using Omnikey 5121 CL reader and NFC-enabled Sony Xperia L through NFC/SWP (single wire protocol). The problem is I cannot select the applet - as a status word I get 6999. The...

Determine Facility Code and Card Number from ATR in C#


c#,.net,bytearray,smartcard,winscard
I have the following card reader HID Omnikey 5325. I have a contact-less card named HIS Proximity. The number written on this card is 133593 42101044091-3. By reading the card, I get the following ATR hex: 3B050002F10673 Using the folowing applications I have managed to see the following information. I...

NDEF vs APDU NFC Android


android,nfc,apdu,ndef,contactless-smartcard
Can you tell me please what is the difference between NDEF (NFC Data Exchange Format) and APDU (Application Protocol Data Unit). I have developed an Android application that reads NDEF messages, and I want to know if it can work for APDU data too....

Trying Java Card Application On real smart card


javacard,apdu
I will write an application for smart card with using Java Card Framework.When I finished my application I want to set up to a real smart card and try it.Which equipment I must have?How can I run my codes on a real smart card?I have to provide a connector between...

number value to byte[6] array card reader


c#,smartcard,smartcard-reader,cardreader
What's the best way to convert a number to a byte[6] in C#? I'm using MagTek Card reader and trying to display desired amount on device screen, it should be 6-byte array. The amount needs to be used and authorized, EMV Tag 9F02, format n12. Function: int requestSmartCard(int cardType, int...

Sign PDF with smartcard in web context using CAPICOM & iTextSharp


itextsharp,activex,digital-signature,smartcard,capicom
Read through the following references: iText Digital signature white paper, and C# examples. (specifically chapter 4) For those interested, another great and concise summary of the PDF signing process. CAPICOM documentation. Online examples / questions here and on iText mailing list archives, such as here and here. Hashing code: BouncyCastle.X509Certificate[]...

How can I extract an X509 certificate from a smart card using Java?


java,smartcard
I use the OmniKey 3121 reader and can use the javax.smartcardio API to send APDU commands to the card reader. I'm not sure if there is a standard way to access the certificate stored on the card. Pointers to example code to read the certificate data would greatly help. Also,...

I got '67 00' error when I create value file for DESFire


android,mifare,apdu,contactless-smartcard
I'm working with DESFire cards and I now want create a value file in my application (app has ID 00 00 01). I successfully selected my app with the given ID and then send my command for creating the value file to the isodep.transceive method. My command is here: byte[]...