问题描述
我可以使用此脚本GPShell进行身份验证
mode_211
enable_trace
establish_context
card_connect
select -AID A000000003000000
open_sc -scp 2 -scpimpl 0x15 -security 1 -keyind 0 -keyver 0 -key a068cd198555af5acc823dfae8a7827a -mac_key a068cd198555af5acc823dfae8a7827a -enc_key a068cd198555af5acc823dfae8a7827a -kek_key a068cd198555af5acc823dfae8a7827a // Open secure channel
card_disconnect
release_context
如果我使用pyApdutool下载脚本,则出现此错误:
Download Cap error: Check Card Cryptogram Failed.
如果我更改密钥GlobalPlatform / Auth并单击按钮GP Verify,则出现此错误:
GP Verify error: Check Card Cryptogram Failed.
使用pyResMan v2.1,如果我将新密钥放在密钥管理器上,然后单击“相互身份验证”按钮,它将起作用:
doMutualAuth(): Start...
doMutualAuth(): Succeeded.
我还注意到,由于我更改了按键,因此按键的版本号已变为2,之前的版本为1。
gp.exe -i -d -v:
#
# gp -i -d -v
SCardConnect("Athena ASEDrive IIIe USB 0",T=*) -> T=1,3BF81300008131FE454A434F5076323431B7
# GlobalPlatformPro 325fe84
# Running on Windows 10 10.0 amd64,Java 1.8.0_261 by Oracle Corporation
A>> T=1 (4+0000) 00A40400 00
A<< (0103+2) (54ms) 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
[DEBUG] GPSession - Auto-detected ISD: A000000003000000
A>> T=1 (4+0000) 80CA9F7F 00
A<< (0045+2) (27ms) 9F7F2A479050354791007833009005024992991894481290120000000006072432343939320000000000000000 9000
[WARN] GPData - Invalid CPLC date: 2432
CPLC: ICFabricator=4790
ICType=5035
OperatingSystemID=4791
OperatingSystemReleaseDate=0078 (2010-03-19)
OperatingSystemReleaseLevel=3300
ICFabricationDate=9005 (2019-01-05)
ICSerialNumber=02499299
ICBatchIdentifier=1894
ICModuleFabricator=4812
ICModulePackagingDate=9012 (2019-01-12)
ICCManufacturer=0000
ICEmbeddingDate=0000 (2010-01-01)
ICPrePersonalizer=0607
ICPrePersonalizationEquipmentDate=2432 (invalid date format)
ICPrePersonalizationEquipmentID=34393932
ICPersonalizer=0000
ICPersonalizationDate=0000 (2010-01-01)
ICPersonalizationEquipmentID=00000000
A>> T=1 (4+0000) 80CA0042 00
A<< (0000+2) (15ms) 6A88
[DEBUG] GPData - GET DATA(IIN): N/A
A>> T=1 (4+0000) 80CA0045 00
A<< (0000+2) (17ms) 6A88
[DEBUG] GPData - GET DATA(CIN): N/A
Card Data:
A>> T=1 (4+0000) 80CA0066 00
A<< (0078+2) (38ms) 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.1.1
-> GP Version: 2.1.1
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.3.656.840.100.2.1.3
Tag 66: 1.3.6.1.4.1.42.2.110.1.2
-> JavaCard v2
Card Capabilities:
A>> T=1 (4+0000) 80CA0067 00
A<< (0000+2) (16ms) 6A88
[DEBUG] GPData - GET DATA(Card Capabilities): N/A
A>> T=1 (4+0000) 80CA00E0 00
A<< (0020+2) (21ms) E012C00401028010C00402028010C00403028010 9000
Version: 2 (0x02) ID: 1 (0x01) type: DES3 length: 16
Version: 2 (0x02) ID: 2 (0x02) type: DES3 length: 16
Version: 2 (0x02) ID: 3 (0x03) type: DES3 length: 16
Warning: no keys given,defaulting to 404142434445464748494A4B4C4D4E4F
SCarddisconnect("Athena ASEDrive IIIe USB 0",true) tx:35/rx:260
(我的卡未融合且未被保护)
我可以在pyResMan上加载,安装,选择applet,进行身份验证,applet可以正常工作。
但是命令gp.exe -l不起作用。
Warning: no keys given,defaulting to 404142434445464748494A4B4C4D4E4F
Failed to open secure channel: Card cryptogram invalid!
Received: 40FCC922B688B08C
Expected: 327AEEAC380376EC
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalP ... /wiki/Keys
如果我可以使用gpshell脚本进行身份验证,怎么了?
有什么主意吗?
谢谢。
解决方法
(鉴于您已经通过编辑配置文件解决了problem with PyApduTool in this question)
您必须指定GlobalPlatformPro应该使用的密钥值(否则它将使用值为404142434445464748494A4B4C4D4E4F
的知名默认密钥):
java -jar /opt/gp.jar -v -l --key a068cd198555af5acc823dfae8a7827a
或者:
java -jar /opt/gp.jar -v -l --key-dek a068cd198555af5acc823dfae8a7827a --key-enc a068cd198555af5acc823dfae8a7827a --key-mac a068cd198555af5acc823dfae8a7827a
带有实际卡(gpshell)的命令跟踪:
mode_211
enable_trace
Establishment_context
card_connect
*阅读器名称Gemalto PC Twin Reader 00 00
选择-AID A000000003000000
命令-> 00A4040008A000000003000000
包装命令-> 00A4040008A000000003000000
响应 open_sc -scp 2 -scpimpl 0x15-安全性1 -keyind 0 -keyver 0-密钥a068cd198555af5acc823dfae8a7827a -mac_key a068cd198555af5acc823dfae8a7827a -enc_key a068cd198555af5acc823dfae8a7827a -kek_key a068cd198555 8050000008EABF19238386F99C00
包装的命令-> 8050000008EABF19238386F99C00
响应 命令-> 8482010010C9F1E010B369F4C0018D22DAC134F1DB
包装命令-> 8482010010C9F1E010B369F4C0018D22DAC134F1DB
响应 card_disconnect
release_context
带有实际卡(GlobalPlatformPro)的命令跟踪:
[DEBUG] GlobalPlatform-自动检测到的ISD:A000000003000000
[TRACE] GlobalPlatform-生成的主机质询:292B93656D145F9C
A >> T = 0(4 + 0008)80500000 08 292B93656D145F9C 00
A [DEBUG] GlobalPlatform-主机质询:292B93656D145F9C
[DEBUG] GlobalPlatform-卡片挑战:000CAF7BB1851965
[DEBUG] GlobalPlatform-卡报告密钥版本为1(0x01)的SCP02
[DEBUG] GlobalPlatform-将执行SCP02(8)
[DEBUG] PlaintextKeys-卡密钥:{ENC = type = RAW字节= A068CD198555AF5ACC823DFAE8A7827A,MAC = type = RAW字节= A068CD198555AF5ACC823DFAE8A7827A,DEK = type = RAW字节= A068CD198555AF5ACC823DFAE8A7827A}
[TRACE] PlaintextKeys - 会话密钥:{ENC =键入= DES3字节= FB03954624ADB9A3EC89AE5D2B324D8B KCV = 799E36,MAC =键入= DES3字节= 321E2B911ACDCF923C58E93AA44DD7B2 KCV = D7E17A,DEK =键入= DES3字节= B05E11FF73ECBFB45384446C2E8D5B9F KCV = 8DF462}
[DEBUG] GlobalPlatform-验证卡密码:0456126907678D0F
[DEBUG] GlobalPlatform-计算出的主机密码:D4F2E6ABD58F2532
A >> T = 0(4 + 0016)84820100 10 D4F2E6ABD58F253245169D0334285F91
A