Pre-personalization step on JCOP cards
Hi guys!
I have problem with pre-personalization step on JCOP cards. Using JCOP documentation I set global pin, 3 DES keys and keyset, card-state as OP_READY. Card not in fuse state and not protected, all needed info I write to card using /send WRITE comand from JCOP Shell in root applet. But when I /send PROTECT card not responce, I wait about 2 hours, but nothing happend. Can anybody face with with this problem and can help me?
Hi,
I write script for JCOP shell, and use it for prepersonalization step, you need to change all addresses, because they are incorrect:
#----Pre-personalization script----
#Script folder can be set using /set-var shell command (e.g. /set-var path c:/JCShellScripts).
#The JCShell always searches the current directory for script files.
#To execute a script, just type the name of the file (without extension) in the JCShell command line.
#-------VARIABLES-----------
/set-var Kt __INSERT_YOUR_TRANSPORT_KEY__
/set-var chanel 0
/set-var OK_resp 9000
#Card manager lifecycle
/set-var CM_LIFECYCLE_size 02
/set-var CM_OP_READY FE01
/set-var CM_INITILIZED F807
/set-var CM_SECURED F00F
/set-var CM_CARD_LOCKED 807F
/set-var CM_TERMINATED 00FF
/set-var CM_LIFECYCLE ${CM_OP_READY}
#Card manager default keys:
/set-var DES_key_size 10
/set-var DES_key_keyset FF
/set-var DES_keyset_size 01
/set-var DES_K1 0123456789ABCDEF0123456789ABCDEF
/set-var DES_K2 0123456789ABCDEF0123456789ABCDEF
/set-var DES_K3 0123456789ABCDEF0123456789ABCDEF
#size of GPIN_size is 01, size of GPIN_format is 01 and sizes used in functions without pre-defined constants
/set-var GPIN 3132333435
/set-var GPIN_size 05
/set-var GPIN_format 01
#-------COMANDS-------------
/set-var BOOT __INSERT_YOUR_COMMAND__(like 00100000)
/set-var PROTECT __INSERT_YOUR_COMMAND__
/set-var FUSE __INSERT_YOUR_COMMAND__
/set-var AUTH __INSERT_YOUR_COMMAND__
/set-var ADMINEXEC __INSERT_YOUR_COMMAND__
/set-var READ __INSERT_YOUR_COMMAND__
/set-var WRITE __INSERT_YOUR_COMMAND__
#-------ADRESSES------------
# From: 188730_JCOPV2_4_1R3_admi.pdf
/set-var A2_addr __INSERT_YOUR_ADRESS__ (1 byte)
/set-var CM_Lifecycle_addr __INSERT_YOUR_ADRESS__(2 bytes)
/set-var DES_K1_addr __INSERT_YOUR_ADRESS__
/set-var DES_K2_addr __INSERT_YOUR_ADRESS__
/set-var DES_K3_addr __INSERT_YOUR_ADRESS__
/set-var DES_K1_type_addr __INSERT_YOUR_ADRESS__
/set-var DES_K2_type_addr __INSERT_YOUR_ADRESS__
/set-var DES_K3_type_addr __INSERT_YOUR_ADRESS__
/set-var GPIN_addr __INSERT_YOUR_ADRESS__
/set-var GPIN_size_addr __INSERT_YOUR_ADRESS__
/set-var GPIN_format_addr __INSERT_YOUR_ADRESS__
#==============================
#connect to card
#===============
/terminal
/atr
#select root applet with Transport key (Kt), and chanel 0
/select ${Kt} ${chanel}
#boot applet
#===========
/echo BOOT ROOT APPLET:
/send ${BOOT}
#setup CM lifecycle
/echo setup CM lifecycle
/send "${A2_addr}${WRITE}${CM_Lifecycle_addr} ${CM_LIFECYCLE_size} ${CM_LIFECYCLE}"
#check it
/send "${A2_addr}${READ}${CM_Lifecycle_addr}${CM_LIFECYCLE_size}"
/set-var chk ${CM_LIFECYCLE}${OK_resp}
if ${response} != ${chk}
throw "ERROR: CM_LIFECYCLE not set"
end
#setup DES keys SET UP DES KEYS: 10.4.2
#======================================
/echo SETUP DES KEY:
/send "${A2_addr}${WRITE}${DES_K1_addr} ${DES_key_size} ${DES_K1}"
/send "${A2_addr}${WRITE}${DES_K2_addr} ${DES_key_size} ${DES_K2}"
/send "${A2_addr}${WRITE}${DES_K3_addr} ${DES_key_size} ${DES_K3}"
#check it:
/echo CHECK DES KEYS:
/send ${A2_addr}${READ}${DES_K1_addr}${DES_key_size}
/set-var chk ${DES_K1}${OK_resp}
if ${response} != ${chk}
throw "ERROR: DES_K1 not equal"
end
/send ${A2_addr}${READ}${DES_K2_addr}${DES_key_size}
/set-var chk ${DES_K2}${OK_resp}
if ${response} != ${chk}
throw "ERROR: DES_K2 not equal"
end
/send ${A2_addr}${READ}${DES_K3_addr}${DES_key_size}
/set-var chk ${DES_K3}${OK_resp}
if ${response} != ${chk}
throw "ERROR: DES_K3 not equal"
end
#set key type
#============
/echo SET KEY TYPE = ${DES_key_keyset}:
/send "${A2_addr}${WRITE}${DES_K1_type_addr}${DES_keyset_size}${DES_key_keyset}"
/send "${A2_addr}${WRITE}${DES_K2_type_addr}${DES_keyset_size}${DES_key_keyset}"
/send "${A2_addr}${WRITE}${DES_K3_type_addr}${DES_keyset_size}${DES_key_keyset}"
#check it:
#=========
/echo CHECK KEY TYPE:
/send ${A2_addr}${READ}${DES_K1_type_addr}${DES_keyset_size}
/set-var chk ${DES_key_keyset}${OK_resp}
if ${response} != ${chk}
throw "ERROR: DES_K1_keyset not equal"
end
/send ${A2_addr}${READ}${DES_K2_type_addr}${DES_keyset_size}
if ${response} != ${chk}
throw "ERROR: DES_K2_keyset not equal"
end
/send ${A2_addr}${READ}${DES_K3_type_addr}${DES_keyset_size}
if ${response} != ${chk}
throw "ERROR: DES_K3_keyset not equal"
end
#set pin 12345 -(hex)->31 32 33 34 35
#====================================
/echo SETUP GLOBAL PIN (12345:5:ASCII):
/send "${A2_addr}${WRITE}${GPIN_addr} ${GPIN_size} ${GPIN}"
#set pin size 5 byte
/send "${A2_addr}${WRITE}${GPIN_size_addr} 01 ${GPIN_size}"
#set pin format ASCII
/send "${A2_addr}${WRITE}${GPIN_format_addr} 01 ${GPIN_format}"
#check set pin:
/send "${A2_addr}${READ}${GPIN_addr} ${GPIN_size}"
/set-var chk ${GPIN}${OK_resp}
if ${response} != ${chk}
throw "ERROR: GPIN not equal"
end
#pin size:
/send "${A2_addr}${READ}${GPIN_size_addr} 01"
/set-var chk ${GPIN_size}${OK_resp}
if ${response} != ${chk}
throw "ERROR: GPIN_size not equal"
end
#pin format:
/send "${A2_addr}${READ}${GPIN_format_addr} 01"
/set-var chk ${GPIN_format}${OK_resp}
if ${response} != ${chk}
throw "ERROR: GPIN_format not equal"
end
#need to send protect
/echo PROTECT
/send ${PROTECT}
if ${response} != '9000'
throw "ERROR IN PROTECT:" ${last.error} "Card can`t be fuse..."
end
#fuse:
/echo FUSE STEP:
/send ${FUSE}
if ${response} != '9000'
throw "ERROR in FUSE" ${last.error}
#end
/close
Similar Messages
-
Supplementary logical channels and R-MAC on JCOP cards
Hi,
please, do current models of JCOP cards support supplementary logical channels ? I have found on forums infos saying both yes and no.
So maybe in earlier years, there was no support, now there is some.
I have found this post, which may clarify it a little bit:
All JCOP products have by default only the basic logical channel enabled. The reason is that it shall be GP compliant, and GP spec says that the CardManager must be multiple selectable if multiple logical channels are supported. The CM in JCOP is not multi selectable. If you don't care about GP compliancy (at least on this issue), you can set up to 4 logical channels during pre-perso (JCRE_MODE, two lowest bits).
However I don't know how to set the JCRE_MODE flags and what they are. I couldn't find any info on them.
Where are they located and described ? Which APDU command should I use to set them, and with which parameters ?
And a short second question - are there any JCOP cards, which support R-MAC, when communicating with the card manager ?
Thanks a lot,
PeterPeterCZ wrote:
please, do current models of JCOP cards support supplementary logical channels ? I have found on forums infos saying both yes and no.
So maybe in earlier years, there was no support, now there is some.
I have found this post, which may clarify it a little bit:
All JCOP products have by default only the basic logical channel enabled. The reason is that it shall be GP compliant, and GP spec says that the CardManager must be multiple selectable if multiple logical channels are supported. The CM in JCOP is not multi selectable. If you don't care about GP compliancy (at least on this issue), you can set up to 4 logical channels during pre-perso (JCRE_MODE, two lowest bits).
However I don't know how to set the JCRE_MODE flags and what they are. I couldn't find any info on them.
Where are they located and described ? Which APDU command should I use to set them, and with which parameters ?JCOP supports supplementary logical channels, but it is switched off by NXP during production and can be re-enabled during pre-personalization (JCOP proprietary process). In order to do that, you need unfused cards and the corresponding transport key from NXP.
And a short second question - are there any JCOP cards, which support R-MAC, when communicating with the card manager ?No, JCOP does not support RMAC. Tell me a good reason why it should. I cannot think of any GP commands which would be worth protecting the response. -
Is it possible to LOAD and INSTALL applet during pre-personalization?
Hi Friends..
Currently, i use JCOP card
I want to know the other way to LOAD and INSTALL applet not through CardManager..
I mean, is it possible to LOAD and INSTALL applet during pre-personalization time?.
Thanks in advanceHi,
i want to LOAD and INSTALL Applets while pre-personalization phase..
No, i don't want to defer the LOAD and INSTALL..In the past, we have used the pre-personalisation phase to load KDC keys onto a card and remove the ISK and set issuer specific identifiers (IIN and CIN) etc. You could also load your applet at this time if you wish. You can also load the applets at personalisation.
How do you plan on doing the personalisation phase? If you were to use a GP scripting environment for example, the CAP files are embedded as a part of the install scripts and only loaded onto a card when you begin executing your personalisation scripts. Since I assume you will be using the small desktop printers mentioned in a different thread, you may be better off integrating the applet loading into your personalisation code (printer integration) so you do not need to double handle cards.
Actually, is it possible to LOAD and INSTALL applet if we don't authenticate to the CardManager?..There are ways to load and install an applet without explicitly calling INIT UPDATE and EXTERNAL AUTH, but you still need to be authenticated to the card manager, otherwise anyone could manage card content. You can use install tokens and delegated management (which are all outlined in the GO Card Spec).
Cheers,
Shane -
I get a JCOP41 V232 which is not fused, i do not know how to pre-personalization.I use the eclipse +JCOP TOOL Plugin,i know pre-personalization procedure :
1 ATR
2 SELECT command to select the ROOT applet
3 ROOT command
4 READ,WRITE command
5 PROTECT command
6 FUSE command
when i send the SELECT command ,JCOP Shell show"<= 6A 81 Status: Function not supported", what error is this?
please help me! i am newbieYou need the transport key. It's used as the AID in the SELECT command. The transport key is only available from NXP under NDA. Try working with the company or sales person that provided you the cards and see if you can get it from there. If not, you're out of luck.
-
The keyboard and trackpad on MacBook Air (13-inch, Mid 2013) computers may stop functioning at the Personalize step when installing Windows 7 64bit.
1. Reset PRAM. http://support.apple.com/kb/PH4405
2. Reset SMC. http://support.apple.com/kb/HT3964
Choose the method for:
"Resetting SMC on portables with a battery you should not remove on your own".
If this does not help, contact Apple. -
Uploading applets to a JCOP card
Hi everyone,
I have a little problem. Is it possible to upload an applet to a JCOP card with JCSDK only? no JCOP framework... thanx for any help.
BR
ernosect0r1 wrote:
Thanx for you answer and sorry for confusion with terms "downloading" and "uploading". I would like to download applets using only JavaCard SDK from Sun. Is this possible. I have the JCOP framework as well but I would like to learn this process completely independent from frameworks, IDEs etc. The problem with GPShell is that, it is not the part of JCSDK as I know. Thanks.
BR
ernoUnfortunately it is not possible to use only JCSDK, because there aren't any tools to connect to card acceptance devices: you can only run your applets in the emulators provided with the SDK. So, for real JCOP cards, you have two options left:
- using JCOP Tools (if you have them, I don't because NXP does not make them available)
- using GPShell
Hope this helps
Alberto -
What's the difference between Gemplus and JCOP card?
Hi~
1. I'm using a Card that 'GEMPLUS' is written on golden contact point.
I have to choose a card type among 'GemXpresso 211,211PK,Pro , GemXplore Xpresso' in JCOP Tool.
Which I have to choose?
Is there any way that what kind of card it is?
2. What is the difference between JCOP card and Gemplus card?
Is OS different?
Anybody tell me the difference.
Any help would be greatly aprreciatedIn some cases Gem+ sells JCOP cards under different name.
Generally, JCOP is better (more security, more certificates, tools for free) -
11i Upgrade - Projects Pre-Upgrade steps
We are upgrading from 10.7SC to 11i (11.5.2) and in running several of the Category 2 pre-upgrade steps, we have found that only really old projects show up as exceptions that should be "fixed" prior to the upgrade.
These projects are now closed and the revenue/invoices etc. are for prior fiscal years. We will probably get accounting errors (from flexfield/acct combinations that have been disabled) if we try to process the old transactions. We are also not sure that we want to write revenue events or create changes for fiscal years already closed.
Has anyone else seen this? How did you handle it -- did you reopen projects, re-enable accounts and process the exceptions noted by the scripts? Will upgrade FAIL because of the presence of these exceptions?
Any input you can provide would be helpful.
Thanks in advance,
Maria
nullHi,
In your above output it will be
The Most Recent Release Patchsets on Metalink(Not Included Above) are:
=======================================================================================
ad R12.AD.A.6 7305220 08/11/05 11:14:22 Checkin Released By_Metalink
ad R12.AD.B.2 8502056 09/12/16 06:44:40 Checkin Released By_Metalink
ad R12.AD.B.3 9239089 10/07/07 14:22:15 Checkin Released By_Metalink
cdr R12.CDR.A 10161040 11/05/11 08:39:23 Checkin Released By_Metalink
cla R12.CLA.B 8506229 09/06/30 23:13:11 Checkin Released By_Metalink
Thanks -
Unable to load the cap file to the JCOP card
I develop my applet by JCOP IDE and it works well in the VM. But when I want to load it on my JCOP card, I face a problem. it can successful send the 1st 254 bytes, but always return 6A86 when send the second 254 bytes to the card.
Status: Incorrect parameters (P1,P2)
Error code: 6a86 (Incorrect parameters (P1,P2))
Offending APDU: 6A86
Wrong response APDU.
I don't know why this happen. Can anyone show some light on that. Thank you in advance.Have you written your own loader for this ?
What is the prompt "cm>" from, is that a standard Java Card tool ?
Looking at the data I can see, its looks well formed. However when I wrote my own loader I found I could only send 239 bytes of data (255 - 16) otherwise I'd get an error. Maybe part of this is todo with the option of using M-DAP to MAC each APDU. FYI its a JCOP10 I'm using.
Also my data was never concatentated, that is to say, check your 'FileSystem.cap' file with "unzip -tv FileSystem.cap" for the real CAP files. Each of these files never crossed an APDU boundary, the first one Header.cap (IIRC) is a small file, so my first APDU was less than 40 bytes of actual data (with C4 TLV data before it), certainly not 254 bytes.
I'm not sure if this is allowed or not, I've plans to try it out soon and see myself since i've not read anything that says you can not do this.
This is the only obvious difference I can see to other loader scripts and programs I have seen. -
How do you prepersonalize a JCOP Card using JCOP Shell?
How do you prepersonalize a JCOP Card using JCOP Shell?
I don't have any clue where to look for this , so I have posted it here.
Please suggest .Hi Shane,
Actually I have received some Cards which are raw, with no card manager installed in them.
I also have another set of cards on which I can deploy my applets using the APDU commands.
I was wondering if I could issue some prepersonalization commands over the JCShell, but did not find anything on this and was looking forward for some suggestions. -
Physical movement of SAP Servers ( Procedure,Odds n Cons, Pre/Post Steps )
Physical movement of SAP Server and Pre,Post steps ?
Hello Experts,
Need your help here.. Our Data Center is moving to Different Place , hence IM team proposed Physical movement of SAP Server to New Location.
In our Landscape we have SRM 4.0, XI 3.0 & BW 3.5 , ITS 620 and Requisites Servers available . As these are out of SAP support we don't have expert for ITS and Requisite Server installation and configutaiton.
Please please tell me Will this process work ? if yes then what are odds n cons in this procedure , Pre and Post Steps need to perform.
Please help me as early as possible as we need to take decision ASAP.
Thanks and Regards,
Raja.
Net-weaver Consultant.Hi Raja,
You need to take care of following
1) Ensure that IP address and hostname are retained in the new DC. If IP is changing you need to take a note of all the RFC and JCO connections where IP is used and replace them with hostname.
2) For ITS you can re-install and re-configure. It is not a big task.
Make a note which all places ITS is configured.
3) You need to have full offline backup of the system before movement.
4) You need to plan for some System integration testing post movement to ensure things are working post DC migration.
Some useful information can also be found in http://christian.bergeron.voila.net/DC_Guide/Data_Migration_Methodology_for_SAP_V01a.doc
Hope this helps.
Regards,
Deepak Kori -
I've been trying to use the SCM Micro reader scm331-di with jcop cards and recently bought some new readers.
I was testing each reader but the contactless connection doesn't seem to work very well and seems to have killed my IBM jcop31 sample card
Each time I try to access the card with cardman I just get a repsonse of
Unexpected status 6982 for "INITIALIZE UPDATE" command.
Anyone know how to fix the card or if its even possible to fix it?Hi
I am new to Javacard programming. I have learned how to encrypt/ decrypt data and data signing.
Can you please help me in building an interface to communicate with JCOP simulator.
I am really confused and have no idea..
Please tell me the relevant API and its documentation.
Thanks. -
Seeking information on JCOP cards
I have been hunting around the internet for information on JCOP cards, and I find this a disorienting experience. It seems that the team from Zurich has moved to Germany, many of the links on their site are broken, they don't answer my emails and I can not find a phone contact for their team.
Here are some things I am trying to find out. Perhaps those already familiar with these cards can point me in the right direction?
- I am looking for technical specs, documentation, manuals that describe either the JCOP cards or JCOP Tools. So far all I have found is IBM's "technical brief" which is too brief. There must be more documentation out there. Where is it?
- What readers will work with the cards? I am looking at JCOP30, the first contactless card. Their web site has no list of recommended or supported readers.
- What API calls are available on the JCOP30's ROM?
- What parameters to those API calls are supported? For instance what key lengths, cipher parameters, etc. are supported?
Any help is appreciated. In particular, if there is somewhere a large PDF which describes the card in detail I would really like to see it. Without such specifics I can not determine if the card is appropriate for our neesd.Let me clarify a few things: JCOP is a smart-card operating system developed by the IBM Zurich Research labs, and now maintained by IBM Development in Boeblingen.
This operating system is licensed to different chip manufacturers, such as NXP (ex Philips Semiconductors). IBM only makes the software, not the hardware. Thus, for exact information on actual products, you need to contact the silicon manufacturers.
JCOP Tools on the other hand the Eclipse-based development tools that IBM provides for Java Card development, especially geared towards JCOP-based cards.
Assuming you are talking about the JCOP30v2 on Philips P8RF5016, the card will work with any ISO14443 Type A compliant reader.
The most commonly used smart-card interface is PC/SC, a middleware layer backed by Microsoft, and part of the Windows operating system. JPCSC is a Java-wrapper around the native PC/SC API. JCOP Tools includes JPCSC and uses it on Linux and MacOS X. On Windows, JCOP Tools uses the native PC/SC API directly.
OCF is/was a failed attempt at creating smart card middleware. The consortium was dissolved many years ago (1999), and why the website still exists is a mistery. I strongly discourage the use of OCF.
JCOP Tools also includes the JCOP offcard API, which is a comprehensive smart card API with special support for Java Card and GlobalPlatform.
that sits on top of native PC/SC, JPCSC, and some other proprietary card middleware.
JCOP Tools contains everything that is needed to develop Java Card applications, including a simulation environment that supports source-level debugging. There are wizards that will create a GP-compliant skeleton applet for you.
A technical brief on JCOP Tools is available from ftp://ftp.software.ibm.com/software/pervasive/info/JCOPTools3Brief.pdf
Note that this refers to an older version of JCOP Tools; the current version has additional features, such as the real-time bytecode view and runs on the latest version of Eclipse (3.2.1).
Hope that clears some of your questions up. -
Power consumption of JCOP card
I am having JCOP card which also has the MiFare 4K in it.
And am using our own customized antenna instead of the standard one.
Am facing problem when I place the card bit far(say 6cm) from the card reader, where MiFare able to work without any problem but not JCOP. It induces more current compared to
MiFare. Does any body why JCOP require more power compared to MiFARE.
Thanks in Advance.Hi
I am student working on a smart card project
i am totally new to this field i have a lot of doughs to be cleared ..can you help me in this section
my id [email protected]
pls kindly give your mail id i will proceed in your id ...i have so many obstacle to develop a smart card application.
i have return my doughs in java card form under the title : What is Client-Side API for RMI on the Java Card Platform
: java card virtual machine -
EMV Card Personalization steps....
Hello,
I am working in EMV personalization and very new here. I received a Java Card and a Spec for its personalization. Here I have some confusion. ( Actually we take services for third party, here we just put values according to profile in boxes and it use it internally and personalize the card)
1- I want to personalize the card by my own, I know the keys and passed external authentication here. I know about there are some data that reside in files whose SFI can be get from GPO Command. But Is there any rule that I can decide about data/TAG will definitely should present in this SFI. So that I can make a list of Tags/Data which I will put in these SFI with using STORE Data Command.
2 - There are so Many Tags in EMV. Can someone tell me about list of those TAG which are mandatory in any EMV Application. so that Initially I can focus on it. Please guide me some so that I could start sending STORE Data Command....
Thanks in advance...................1- You should consider the rules about data used for offline card (payment application) authentication.
2- You can take any bank chip card. Read it and use the data read as an example.
Maybe you are looking for
-
HOW do I delete the camera roll from my iPad2.
I updated to ios7.02 I tried this Settings>General>Usage>Storage>Photos and Camera. and you can't swipe and get a delete option.. how do I delete the camera roll? I don't want to have to delete each of the 900 photos one at a time.
-
Browsers not loading web pages.
Hi there I'm hoping someone can help me with this. This evening I logged on to my mac to find that none of my browsers (Safari, Chrome and Firefox) could load web pages. My MacBook Pro connects to the Internet via wifi. All other devices (wired and w
-
Percentage calculation and zero amount entries get dvision by zero error
Hello, i am calculating the total of a field and then reporting the contributions of that line entry in percentage form but when a line has a zero amount i get an error of 'division by zero'. I'll give some explamples below incase i'm not explaining
-
How do I get the option to open up multiple tabs in one screen?
-
MacBook Pro 15 (Intel corre i7, 4GB ram) purchased 2 years ago, now running 10.6. Will is be able to run 10.8?