smartcard,gemalto , Change PIN of a Gemalto Smartcard through a script

Change PIN of a Gemalto Smartcard through a script


Tag: smartcard,gemalto

We have to use the Gemalto IDPrime .Net card Smartcard. We get these USB Dongles and have to change the PIN.

Gemalto says via windows:

From the Start menu, choose Run and type PINTool.
Insert a IDPrime .Net card in the reader as prompted, and click OK. The change PIN interface appears
Enter the old PIN (the default PIN value is 0000), the new PIN and confirm the new PIN.
Click on Change Pin

This works, but I want to set a new PIN/password via powershell or c#, i. e. under control of a program. How to do that or is impossible?


You should be able to change PIN via unmanaged PKCS#11 API that can be easily accessed from C# with a managed .NET wrapper called Pkcs11Interop which I am the author of.

Here is the code sample that may help you get started:

using Net.Pkcs11Interop.Common;
using Net.Pkcs11Interop.HighLevelAPI;

namespace ConsoleApplication
    class Program
        static void Main(string[] args)
            // Load PKCS#11 library provided by Gemalto
            using (Pkcs11 pkcs11 = new Pkcs11("gtop11dotnet.dll", true))
                // Find first slot/reader with token/card present
                Slot slot = pkcs11.GetSlotList(true)[0];

                // Open RW session
                using (Session session = slot.OpenSession(false))
                    // Login as normal user with current PIN
                    session.Login(CKU.CKU_USER, "0000");

                    // Set the new pin for the logged in user
                    session.SetPin("0000", "1111");



UID of a NFC/SWP-accessed SIM card

SIM card is used as a secure element in my project. It is accessed through NFC-SWP contactless interface from a terminal device. I need to identify the SIM card somehow with a unique and permanent identifier and I need to be able to read the identifier through NFC. ICCID seems...

Secure Box in JCOP card

JCOP V2.4.2 Revision 3 Security Target: Page 11-12 A Secure Box concept is implemented within JCOP 2.4.2 R3. The Secure Box is a construct which allows to run non certified third party native code and ensures that this code cannot harm, influence or manipulate the JCOP 2.4.2 R3 operating system...

NFC SWP applet selection returns 6999

I have a simple JavaCard applet installed on my SIM card. I try to communicate with my applet using Omnikey 5121 CL reader and NFC-enabled Sony Xperia L through NFC/SWP (single wire protocol). The problem is I cannot select the applet - as a status word I get 6999. The...

How can I extract an X509 certificate from a smart card using Java?

I use the OmniKey 3121 reader and can use the javax.smartcardio API to send APDU commands to the card reader. I'm not sure if there is a standard way to access the certificate stored on the card. Pointers to example code to read the certificate data would greatly help. Also,...

Extended APDUs and T=0/1 communication protocols

I have a JCOP V2.4.2 R3 java card that it is mentioned in its datasheet "The card support both T=1 and T=0 communication protocols" I have also an ACR38 smart card reader that it support both T=0 and T=1 protocols. (I have T=0 communication with one card successfully and T=1...

Javacard - power loss during garbage collection

I noticed some very strange behaviour on my smartcards (NXP J2E145, J3A081, J3C145 with an Omnikey 5121 reader): A power loss right after calling JavaCard method JCSystem.requestObjectDeletion() can damage the card: after about 10% of such power cuts the ATR command is very slow (1000ms) and I get no response...

Memory Access Performance in Java Card

Supposing that I instanced a persisant byte array in Java Card with a length of 30 000 (byte[] array = new byte[(short) 0x7530];) that I run through everytime I use my applet. I also instanced an index i that I set everytime I run through my array to 'remember' at...

Smart Card Reader T0 T1 communication on APDU level

I am struggle to understand what protocol I have to use to communicate with the card T0 or T1? So, correct me if I am wrong, but the reader actually decides by itself what protocol to use to communicate with the card if the card supports both. So my logic...

APDU MIFARE Classic 4K read value at specific sector/block

I'm trying to read some data from my MiFare Classic 4K smartcard. I already know the exact sector/block location of the data (because of a dump via Android), but I don't know how to show it in SpringCard Prox'N'Roll. I know how to access my card and I did a...

what is diference between Security Domain with Delegated Management privilege and Authorized management?

I want to know difference between Security Domain with Authorized Management privilege and Security Domain with delegated Management privilege. And what we do operation in two state(like loading, installing,...). I read Global platform 2.2.1 about this subject, But I understand meaning and different yet, And I want know for which...

Select root folder in SANKYO ICT3K5-3R6940 card reader

I have a project with this type of card reader. There is a testing tool (RS8Test.exe). I can connect to card reader, retrieve card, reject and manipulate with leds. Bu cannot read any data. Smart card is chip based. I found that there are some commands called IC CARD CONTROL....

Why my smart card accepts two different keys as its MAC key?

As you see below, I tried to list installed applets on my card using gp -list. I specify some different key: GP: gp -mac 404142434445464748494A4B4C4D4E4F -list AID: A000000151000000 (|....Q...|) ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected, CVM (PIN) management AID: A0000001515350 (|....QSP|) ExM LOADED: (none) A000000151535041 (|....QSPA|)...

Unable to construct VERIFY_PIN_DIRECT control command

I'm writing a JAVA-app to access my OpenPGP-Card V2.0. The card terminal im using is a "REINER SCT cyberJack RFID standard" which only supports PC/SC under OSX, and now I want to implement the PC/SC 2.0-command "VERIFY_PIN_DIRECT". I tried the following control sequence, the bytes after the | are the...

Two OwnerPIN object in Java Card

I am working on a Java Card application where our requirement is to keep some static data and balance in the card. For security I was thinking to make 2 object of OwnerPIN. One object is for terminal authentication (i.e. the terminal needs to send 8 bytes of data to...

JavaCard - pure software implementation of ECC over GF(2^n)

I have smartcards by NXP that support ECC over GF(p) and that do not support ECC over GF(2^n). In my project I need to use this particular type of smartcard (thousands of instances are used already). However, I need to add verification of EC signature over sect193r1, which is a...

Is it possible to program a “Java Card” - enabled smart card in any other language than Java?

I have a Java Card enabled smart card and a card reader that was given by my Lab-instructor. I am supposed to do a project using Java Card 2.1.1 API. I don't like the Java Card API. Is it possible to program my given smart card using any other language...

JavaCard applet emulating DESFireEV1

My question is simple: is there any existing opensource JavaCard applet emulating the functionality of Mifare DESFireEV1? (the API would have to be a little modified, of course, Select Application 112233 would be for example 80 5A 00 00 03 33 22 11 00 instead of native DESFire command 5A...

What is the meaning of out put of GP -I command?

Below, you see the output of gp -i command : gp :gp -i Reader: ACS ACR122 0 ATR: 3B8980014A434F5032343252334B More information about your card: ***** Card info: ***** Card CPLC: IC Fabricator: 4790 IC Type: 5075 Operating System ID: 4791 Operating System release date: 2347 Operating System release level:...

How to change master key of DESfire cards?What is deciphered key?

I want to change the master key of a DESfire card. I read mifare DESFire datasheet already, but as I am new in this field, I couldn't understand it. It is explained how to Change the Key at page 37 of above document. Can anybody give me an example or...

Is this a bug in Transaction mechanism in javacards?

I wrote the below program and upload it on my card : package transactionMechanismBugCheck; import javacard.framework.APDU; import javacard.framework.Applet; import javacard.framework.ISOException; import javacard.framework.JCSystem; public class TransactionMechanismBugCheck extends Applet { short[] arrayS; byte[] arrayB; private TransactionMechanismBugCheck() { } public static void install(byte bArray[], short bOffset, byte bLength) throws ISOException { new TransactionMechanismBugCheck().register();...

C on smartcards [closed]

I have the task to write some crypto stuff in C and make it lightweight. The idea behind making it lightweight is, that it could run on a smartcard which doesn't offer much computational power and memory. It won't come to actually running it on a smartcard and it won't...

Why all applets of a package are not installed? And why I can't delete them?

This is contents of my JavaCard : GP::: gp -list AID: A000000151000000 (|....Q...|) ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected, CVM (PIN) management AID: A0000001515350 (|....QSP|) ExM LOADED: (none) A000000151535041 (|....QSPA|) In Eclipse I add 3 applets to a single package as below : Pack AID =...

Sign PDF with smartcard in web context using CAPICOM & iTextSharp

Read through the following references: iText Digital signature white paper, and C# examples. (specifically chapter 4) For those interested, another great and concise summary of the PDF signing process. CAPICOM documentation. Online examples / questions here and on iText mailing list archives, such as here and here. Hashing code: BouncyCastle.X509Certificate[]...

Determine Facility Code and Card Number from ATR in C#

I have the following card reader HID Omnikey 5325. I have a contact-less card named HIS Proximity. The number written on this card is 133593 42101044091-3. By reading the card, I get the following ATR hex: 3B050002F10673 Using the folowing applications I have managed to see the following information. I...

Javacard applet beginner

I am new to javacard applet development.How many development tools are there now? Which is the simplest for beginners? As simple as possible... Thanks in advance

How to try using Native Methods in Java card applets?

This is a simple Hello World applet for Javacards : package helloWorldPackage; import javacard.framework.APDU; import javacard.framework.Applet; import javacard.framework.ISO7816; import javacard.framework.ISOException; import javacard.framework.Util; public class HelloWorldApplet extends Applet { private static final byte[] helloWorld = {(byte)'H',(byte)'e',(byte)'l',(byte)'l',(byte)'o',(byte)' ',(byte)'W',(byte)'o',(byte)'r',(byte)'l',(byte)'d',}; private static final byte HW_CLA = (byte)0x80; private static final byte HW_INS = (byte)0x00;...

How to read binary blocks of mifare card?

I develop application which read NFC card from the reader. I know the code for read binary block like this: FF B0 00 04 10 04 for the block 4 and 10 for 16 bytes data. My card has the data "TEST009996". I run 5 code for read binary blocks...

Sending signature data in response APDU - Java Card

I would like to sign some data (the MESSAGE byte array) on my Java Card and then return the signature in a response APDU. My code works fine (or at least I think it does and it returns 9000) without the line apdu.sendBytes(BAS, sSignLen), but when I uncomment it I...

What does this default applets do?

This is output of gp tool, when I tell it to list installed applets : gp >> gp -l AID: A000000151000000 (|....Q...|) ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected, CVM (PIN) management AID: A0000001515350 (|....QSP|) ExM LOADED: (none) A000000151535041 (|....QSPA|) gp >> Q1: Which one of this...

Promag Card Reader PHP Accessing

I have promag 310 card reader. It is connect to PC with com port. I want to access card ID with PHP xampp in windows platform. I add php_pcsc.dll to extension folder. And I update php.ini with it. then I wrote this code: $context = scard_establish_context(); $readers = scard_list_readers($context); print_r($readers);...

Ways of generating a digital signature with .NET Framework

What's the other way of creating a digital signature using a private key (that's on a smart card, with certificate installed in local certificate store) in .NET Framework other than this one, for I have no clue as to how to find out the key container name (and it seems...

Make 2 cardlet Java Card communicate

I have 2 cardlets Java Card on the same smart card that I want to make communicate. I could select an applet then send the corresponding APDU and then deselect it and select the other one and etc... I am wondering if it is possible to do it more properly...

Smartcard PKCS11 AES Key Gen Failure

I am attempting to create an AES 256 key on an ACOS5-64 smartcard and OMNIKEY 3121 card reader, using PKCS11 in python (using the PyKCS11 library). So far, all the "standard" operations seem to work with regards to asymmetric crypto. I have run plenty of code samples and pkcs11-tool commands,...

ADPU Service in iOS

I'm looking for an NFC solution for iOS similar to HostApduService for Android. Can someone tell me how can I exchange APDU commands in iOS. Thank you....

Change PIN of a Gemalto Smartcard through a script

We have to use the Gemalto IDPrime .Net card Smartcard. We get these USB Dongles and have to change the PIN. Gemalto says via windows: From the Start menu, choose Run and type PINTool. Insert a IDPrime .Net card in the reader as prompted, and click OK. The change PIN...

ISO7816 - Odd INS codes?

I found these mysterious lines in ISO 7816, ( 5.4.2 Instruction byte The instruction byte INS of a command shall be coded to allow transmission with any of the protocols defined in part 3 of ISO/IEC 7816. Table 10 shows the INS codes that are consequently invalid. Table 10 -...

how changing master key or other keys can provide security ?how used session key to keep the further communication between DESFire and reader?

I am working on the ticket electronik that tickets are DESFire cards. I want communications be safe . i now trying change PICC key . Before changing DESFire master key Authenticate with master key is necessary. In desfire sheet about Authenticate at page 31 was described: "This procedure not only...

Send APDU commands to USIM/SIM card in android

I was already worked with smart cards and I am familiar with APDU commands (that are defined in ISO/IEC 7816 and Global Platform specifications). Now I want to know if is there any way to send an APDU command to my USIM/SIM card that is inserted to my mobile phone?...

Why Javacard prevent uploading different in AID .cap files of a single javacard program?

This is a simple javacard program (It do nothing!) : package testAID; import javacard.framework.APDU; import javacard.framework.Applet; import javacard.framework.ISOException; public class TestAID extends Applet { private TestAID() { } public static void install(byte bArray[], short bOffset, byte bLength) throws ISOException { new TestAID().register(); } public void process(APDU arg0) throws ISOException {...

What is the reaction of JCRE to uploading an applet with promiscuous AID?

As we know the AID of applets mus have a length between 5 and 16 bytes. And in case of applet that they have a promiscuous length (greater than 16 byte or less than 5 bytes), the Converter doesn't works. But this is the Off-Card verifier. I want to see...

Performance measures : Java vs JavaCard [closed]

I implemented two algorithms in Java. To compare their effectiveness, I call each function 1000 times and compare the execution time (using System.currentTimeMillis()). It needs 2500 ms to execute the first one and 1300 ms for the second one. With these results, I thought have a significative difference (in term...

number value to byte[6] array card reader

What's the best way to convert a number to a byte[6] in C#? I'm using MagTek Card reader and trying to display desired amount on device screen, it should be 6-byte array. The amount needs to be used and authorized, EMV Tag 9F02, format n12. Function: int requestSmartCard(int cardType, int...

An applet without any package, and a package without any applet

This is contents of my smart card : C:\Users\ghasemi.IT\Downloads>gp -list AID: A000000003000000 (|........|) ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected, CVM (PIN) management AID: 6D797061636B616731 (|mypackag1|) Exe LOADED: (none) Q1: Why the package with AID: 6D797061636B616731 doesn't have any applet? Can I conclude that it is a...

Smart cards and their files

As far as you know, we can list the applets that reside in a java card using tools such as GlobalPlafromPro as follow: GP: gp -list AID: A000000003000000 (|........|) ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected CVM (PIN) management AID: 010203040506 (|......|) App SELECTABLE: (none) AID: 0102030405...

Howto list files on a smartcard with pyscard

I have to read out a file from a smartcard. The card is written by a digital tachograph that monitors vehicle movements. I could connect to the smartcard reader with psycard ( but then I don't know how to list files on the card and how to download them. I...