在PyApduTool上更改密钥后下载applet失败
下载小程序不再工作,因为我更改了所有3个默认键。
我可以使用这个脚本GPShell进行身份验证。
mode_211
enable_trace
establish_context
card_connect
select -AID A000000003000000
open_sc -scp 2 -scpimpl 0x15 -security 1 -keyind 0 -keyver 0 -key a068cd198555af5acc823dfae8a7827a -mac_key a068cd198555af5acc823dfae8a7827a -enc_key a068cd198555af5acc823dfae8a7827a -kek_key a068cd198555af5acc823dfae8a7827a // Open secure channel
card_disconnect
release_context如果我使用pyApdutool下载脚本,则会出现以下错误:
Download Cap error: Check Card Cryptogram failed.如果我更改了GlobalPlatform/Auth键,然后单击GP验证按钮,我有以下错误:
GP Verify error: Check Card Cryptogram failed.使用pyResMan v2.1,如果我将新密钥放在密钥管理器上,然后单击“到”按钮交互身份验证,它就会工作:
doMutualAuth(): Start...
doMutualAuth(): Succeeded.我还注意到,由于我更改了键,键的版本号变成了2,之前,版本是1。
gp.exe -i -d -v:
#
# gp -i -d -v
SCardConnect("Athena ASEDrive IIIe USB 0", T=*) -> T=1, 3BF81300008131FE454A434F5076323431B7
# GlobalPlatformPro 325fe84
# Running on Windows 10 10.0 amd64, Java 1.8.0_261 by Oracle Corporation
A>> T=1 (4+0000) 00A40400 00
A<< (0103+2) (54ms) 6F658408A000000003000000A5599F6501FF9F6E06479100783300734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
[DEBUG] GPSession - Auto-detected ISD: A000000003000000
A>> T=1 (4+0000) 80CA9F7F 00
A<< (0045+2) (27ms) 9F7F2A479050354791007833009005024992991894481290120000000006072432343939320000000000000000 9000
[WARN] GPData - Invalid CPLC date: 2432
CPLC: ICFabricator=4790
ICType=5035
OperatingSystemID=4791
OperatingSystemReleaseDate=0078 (2010-03-19)
OperatingSystemReleaseLevel=3300
ICFabricationDate=9005 (2019-01-05)
ICSerialNumber=02499299
ICBatchIdentifier=1894
ICModuleFabricator=4812
ICModulePackagingDate=9012 (2019-01-12)
ICCManufacturer=0000
ICEmbeddingDate=0000 (2010-01-01)
ICPrePersonalizer=0607
ICPrePersonalizationEquipmentDate=2432 (invalid date format)
ICPrePersonalizationEquipmentID=34393932
ICPersonalizer=0000
ICPersonalizationDate=0000 (2010-01-01)
ICPersonalizationEquipmentID=00000000
A>> T=1 (4+0000) 80CA0042 00
A<< (0000+2) (15ms) 6A88
[DEBUG] GPData - GET DATA(IIN): N/A
A>> T=1 (4+0000) 80CA0045 00
A<< (0000+2) (17ms) 6A88
[DEBUG] GPData - GET DATA(CIN): N/A
Card Data:
A>> T=1 (4+0000) 80CA0066 00
A<< (0078+2) (38ms) 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E0102 9000
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.1.1
-> GP Version: 2.1.1
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.21
-> GP SCP02 i=15
Tag 65: 1.3.656.840.100.2.1.3
Tag 66: 1.3.6.1.4.1.42.2.110.1.2
-> JavaCard v2
Card Capabilities:
A>> T=1 (4+0000) 80CA0067 00
A<< (0000+2) (16ms) 6A88
[DEBUG] GPData - GET DATA(Card Capabilities): N/A
A>> T=1 (4+0000) 80CA00E0 00
A<< (0020+2) (21ms) E012C00401028010C00402028010C00403028010 9000
Version: 2 (0x02) ID: 1 (0x01) type: DES3 length: 16
Version: 2 (0x02) ID: 2 (0x02) type: DES3 length: 16
Version: 2 (0x02) ID: 3 (0x03) type: DES3 length: 16
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
SCardDisconnect("Athena ASEDrive IIIe USB 0", true) tx:35/rx:260(我的卡没有融合,也没有保护)
我可以加载、安装、选择applet、身份验证,在pyResMan上,applet工作得很好。
但是命令gp.exe -l不起作用。
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Failed to open secure channel: Card cryptogram invalid!
Received: 40FCC922B688B08C
Expected: 327AEEAC380376EC
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalP ... /wiki/Keys如果我可以使用gpshell脚本进行身份验证,那么有什么问题呢?
知道吗?
提前谢谢。
回答 1
Stack Overflow用户
发布于 2020-09-05 14:41:33
(既然您已经通过编辑配置文件来解析您的PyApduTool在这个问题上的问题 )
您必须指定GlobalPlatformPro应该使用的键值(否则它使用众所周知的404142434445464748494A4B4C4D4E4F值默认键):
java -jar /opt/gp.jar -v -l --key a068cd198555af5acc823dfae8a7827a或者另一种选择:
java -jar /opt/gp.jar -v -l --key-dek a068cd198555af5acc823dfae8a7827a --key-enc a068cd198555af5acc823dfae8a7827a --key-mac a068cd198555af5acc823dfae8a7827a使用实际卡(Gpshell)的命令跟踪:
mode_211 enable_trace establish_context card_connect *读取器名称: Gemalto PC Twin reader 00 选择-AID A000000003000000 命令-> 00A4040008A000000003000000 包装命令->00A400008A000000003000000 响应<-6F108408A0000000000A5049F6501099000 open_sc -scp 2 -scpimpl 0x15 -security 1 -keyind 0 -keyver 0 -key a068cd198555af5acc823dfae8a7827a -mac_key a068cd198555af5acc823dfae8a7827a -enc_key a068cd198555af5acc823dfae8a7827a -kek_key a068cd198555af5acc823dfae8a7827a 命令->8050000008EABF 19238386F99C00 包装命令->8050000008EABF 19238386F99C00 响应<-- FFFFFFFFFFF71062DA69010200098315C89B44BFA1ED8320EED926819000 命令-> 8482010010C9F1E010B369F4C0018D22DAC134F1DB 包装命令-> 8482010010C9F1E010B369F4C0018D22DAC134F1DB 答复<- 9000 card_disconnect release_context
使用实际卡(GlobalPlatformPro)的命令跟踪:
调试GlobalPlatform -自动检测的ISD: A000000003000000 跟踪GlobalPlatform -生成主机挑战: 292B93656D145F9C A>> T=0 (4+0008) 80500000 08 292B93656D145F9C 00 FFFFFFFFFFF71062DA690102000CAF7BB18519650456126907678D0F 9000 A<< (0028+2) (35 A<<) 调试GlobalPlatform -主机挑战: 292B93656D145F9C 调试GlobalPlatform -卡挑战:000CAF7B1851965 调试GlobalPlatform -卡用密钥版本1 (0x01)报告SCP02 调试GlobalPlatform -将执行SCP02 (8) 调试PlaintextKeys -卡键:{ENC=type=RAW bytes=A068CD198555AF5ACC823DFAE8A7827A,MAC=type=RAW bytes=A068CD198555AF5ACC823DFAE8A7827A,DEK=type=RAW bytes=A068CD198555AF5ACC823DFAE8A7827A} 跟踪PlaintextKeys -会话密钥:{ENC=type=DES3 bytes=FB03954624ADB9A3EC89AE5D2B324D8B kcv=799E36,MAC=type=DES3 bytes=321E2B911ACDCF923C58E93AA44DD7B2 kcv=D7E17A,DEK=type=DES3 bytes=B05E11FF73ECBFB45384446C2E8D5B9F kcv=8DF462} 调试GlobalPlatform -验证卡密码: 0456126907678D0F 调试GlobalPlatform -计算主机密码: D4F2E6ABD58F2532 A>> T=0 (4+0016) 84820100 10 D4F2E6ABD58F253245169D0334285F91 A<< (0000+2) (18 A<<) 9000
https://stackoverflow.com/questions/63731515
复制相似问题
腾讯云开发者
