CardOS M4.4

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

CardOS M4.4

Ruben Lagar
Hello!

I have just received a Siemens Card CardOS M4.4. This card is not included in the supported card models, but as every earlier CardOS card is, I would like to test the same driver for this new card.

Can this be easily done? I guess that there is some config file where it is possible to assign a card to a card driver...

Could somebody please help me on how to do that?

Thank you!

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Viktor TARASOV-2
Ruben Lagar wrote:
Hello!

I have just received a Siemens Card CardOS M4.4. This card is not included in the supported card models, but as every earlier CardOS card is, I would like to test the same driver for this new card.

Can this be easily done? I guess that there is some config file where it is possible to assign a card to a card driver...

Could somebody please help me on how to do that?

Try to add to the 'app default' section of opensc.conf the sub-section like:

card_atr <your card's ATR, look example in opensc.conf > {
    name = "My Card";
    driver = "cardos";
}


Thank you!

Kind wishes,
Viktor.


_______________________________________________ opensc-user mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-user


-- 
Viktor Tarasov	[hidden email]

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

JP Szikora-2
Viktor TARASOV a écrit :

> Ruben Lagar wrote:
>> Hello!
>>
>> I have just received a Siemens Card CardOS M4.4. This card is not
>> included in the supported card models, but as every earlier CardOS
>> card is, I would like to test the same driver for this new card.
>>
>> Can this be easily done? I guess that there is some config file where
>> it is possible to assign a card to a card driver...
>>
>> Could somebody please help me on how to do that?
>
> Try to add to the 'app default' section of opensc.conf the sub-section
> like:
>
> card_atr <your card's ATR, look example in opensc.conf > {
>     name = "My Card";
>     driver = "cardos";
> }
>
That's just one part of the story. If your card is in factory state
(cardos-info output can help you to check this), you need to change the
secret StartKey to the default one. That APDU is not public (you must
sign a NDA to get it...). And then you can create a MF using an APDU
encrypted with the default StartKey (which is not anymore 16 * 0xFF,
also only available under NDA...).

In practice, if your card is in Factory state and you have no access to
the Siemens doc, we can not help you. If your card is formatted by
Siemens tools, maybe you can try some tools (opensc-explorer...) with
Viktor's solution.

Cheers,

Jean-Pierre
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Ruben Lagar
Thank you!

Well, I have configured opensc.conf as Viktor said

    card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 {
        name = "My Card";
         driver = "cardos";
    }

I have obtained this ATR running ./pcsc_scan from pcsclite tools:

Reader 1: GemPC2 01 00
 Card state: Card inserted,
 ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51

But when I run cardos-info I am getting an error:

Running cardos-tool --info -r 1
[cardos-tool] card.c:213:sc_connect_card: unable to find driver for inserted card
[cardos-tool] card.c:228:sc_connect_card: returning with: Card is invalid or cannot be handled
Failed to connect to card: Card is invalid or cannot be handled

Am I missing something else? :S

Jean Pierre, apart from the card I have also received a CD with applications to initialize the card and explore it from Windows, so I could initialize it and then use it from opensc.



2010/3/3 JP Szikora <[hidden email]>
Viktor TARASOV a écrit :

Ruben Lagar wrote:
Hello!

I have just received a Siemens Card CardOS M4.4. This card is not included in the supported card models, but as every earlier CardOS card is, I would like to test the same driver for this new card.

Can this be easily done? I guess that there is some config file where it is possible to assign a card to a card driver...

Could somebody please help me on how to do that?

Try to add to the 'app default' section of opensc.conf the sub-section like:

card_atr <your card's ATR, look example in opensc.conf > {
   name = "My Card";
   driver = "cardos";
}

That's just one part of the story. If your card is in factory state (cardos-info output can help you to check this), you need to change the secret StartKey to the default one. That APDU is not public (you must sign a NDA to get it...). And then you can create a MF using an APDU encrypted with the default StartKey (which is not anymore 16 * 0xFF, also only available under NDA...).

In practice, if your card is in Factory state and you have no access to the Siemens doc, we can not help you. If your card is formatted by Siemens tools, maybe you can try some tools (opensc-explorer...) with Viktor's solution.

Cheers,

Jean-Pierre


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Viktor TARASOV-2
Ruben Lagar wrote:

> Thank you!
>
> Well, I have configured opensc.conf as Viktor said
>
>     card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 {
>         name = "My Card";
>          driver = "cardos";
>     }
>
> I have obtained this ATR running ./pcsc_scan from pcsclite tools:
>
> Reader 1: GemPC2 01 00
>  Card state: Card inserted,
>  ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51
>
> But when I run cardos-info I am getting an error:
>
> Running cardos-tool --info -r 1
> [cardos-tool] card.c:213:sc_connect_card: unable to find driver for
> inserted card
> [cardos-tool] card.c:228:sc_connect_card: returning with: Card is
> invalid or cannot be handled
> Failed to connect to card: Card is invalid or cannot be handled
>
> Am I missing something else? :S


to your sub-section add also:
type = "1004";
# Possibles values for CardOS are in range 1001-1006.


>
> Jean Pierre, apart from the card I have also received a CD with
> applications to initialize the card and explore it from Windows, so I
> could initialize it and then use it from opensc.
>
>
>
> 2010/3/3 JP Szikora <[hidden email]
> <mailto:[hidden email]>>
>
>     Viktor TARASOV a écrit :
>
>         Ruben Lagar wrote:
>
>             Hello!
>
>             I have just received a Siemens Card CardOS M4.4. This card
>             is not included in the supported card models, but as every
>             earlier CardOS card is, I would like to test the same
>             driver for this new card.
>
>             Can this be easily done? I guess that there is some config
>             file where it is possible to assign a card to a card driver...
>
>             Could somebody please help me on how to do that?
>
>
>         Try to add to the 'app default' section of opensc.conf the
>         sub-section like:
>
>         card_atr <your card's ATR, look example in opensc.conf > {
>            name = "My Card";
>            driver = "cardos";
>         }
>
>     That's just one part of the story. If your card is in factory
>     state (cardos-info output can help you to check this), you need to
>     change the secret StartKey to the default one. That APDU is not
>     public (you must sign a NDA to get it...). And then you can create
>     a MF using an APDU encrypted with the default StartKey (which is
>     not anymore 16 * 0xFF, also only available under NDA...).
>
>     In practice, if your card is in Factory state and you have no
>     access to the Siemens doc, we can not help you. If your card is
>     formatted by Siemens tools, maybe you can try some tools
>     (opensc-explorer...) with Viktor's solution.
>
>     Cheers,
>
>     Jean-Pierre
>
>


--
Viktor Tarasov <[hidden email]>

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

JP Szikora-2
In reply to this post by Ruben Lagar
Ruben Lagar a écrit :

> Thank you!
>
> Well, I have configured opensc.conf as Viktor said
>
>     card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 {
>         name = "My Card";
>          driver = "cardos";
>     }
>
> I have obtained this ATR running ./pcsc_scan from pcsclite tools:
>
> Reader 1: GemPC2 01 00
>  Card state: Card inserted,
>  ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51
That's the CardOS 4.4 ATR (checked from the Siemens Doc).

>
> But when I run cardos-info I am getting an error:
>
> Running cardos-tool --info -r 1
> [cardos-tool] card.c:213:sc_connect_card: unable to find driver for
> inserted card
> [cardos-tool] card.c:228:sc_connect_card: returning with: Card is
> invalid or cannot be handled
> Failed to connect to card: Card is invalid or cannot be handled
>
> Am I missing something else? :S

The ATR of the CardOS 4.4 is one byte shorter than the other CardOS
cards like 4.3B or 4.2C (TB1 byte is not there anymore). Maybe that
breaks completely the card recognition in src/libopensc/card-cardos.c.
Sorry, I've no (not yet) card to test it.

>
> Jean Pierre, apart from the card I have also received a CD with
> applications to initialize the card and explore it from Windows, so I
> could initialize it and then use it from opensc.
It's not sure that a Siemens initialised card will work with OpenSC. If
the ACL of MF did not allow you to create DF 5015 for exemple... It may
be also difficult (or impossible) to completely erase a card after
initialisation with Siemens tools. You probably need to choose between
Siemens tool and OpenSC (after fixing the remaining problems with it...).

Cheers,

Jean-Pierre

>
>
>
> 2010/3/3 JP Szikora <[hidden email]
> <mailto:[hidden email]>>
>
>     Viktor TARASOV a écrit :
>
>         Ruben Lagar wrote:
>
>             Hello!
>
>             I have just received a Siemens Card CardOS M4.4. This card
>             is not included in the supported card models, but as every
>             earlier CardOS card is, I would like to test the same
>             driver for this new card.
>
>             Can this be easily done? I guess that there is some config
>             file where it is possible to assign a card to a card driver...
>
>             Could somebody please help me on how to do that?
>
>
>         Try to add to the 'app default' section of opensc.conf the
>         sub-section like:
>
>         card_atr <your card's ATR, look example in opensc.conf > {
>            name = "My Card";
>            driver = "cardos";
>         }
>
>     That's just one part of the story. If your card is in factory
>     state (cardos-info output can help you to check this), you need to
>     change the secret StartKey to the default one. That APDU is not
>     public (you must sign a NDA to get it...). And then you can create
>     a MF using an APDU encrypted with the default StartKey (which is
>     not anymore 16 * 0xFF, also only available under NDA...).
>
>     In practice, if your card is in Factory state and you have no
>     access to the Siemens doc, we can not help you. If your card is
>     formatted by Siemens tools, maybe you can try some tools
>     (opensc-explorer...) with Viktor's solution.
>
>     Cheers,
>
>     Jean-Pierre
>
>

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Ruben Lagar
In reply to this post by Viktor TARASOV-2
I added that line, but anyway:

./cardos-info -r 1
Running cardos-tool --info -r 1
[cardos-tool] card.c:213:sc_connect_card: unable to find driver for inserted card
[cardos-tool] card.c:228:sc_connect_card: returning with: Card is invalid or cannot be handled
Failed to connect to card: Card is invalid or cannot be handled


2010/3/3 Viktor TARASOV <[hidden email]>
Ruben Lagar wrote:
> Thank you!
>
> Well, I have configured opensc.conf as Viktor said
>
>     card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 {
>         name = "My Card";
>          driver = "cardos";
>     }
>
> I have obtained this ATR running ./pcsc_scan from pcsclite tools:
>
> Reader 1: GemPC2 01 00
>  Card state: Card inserted,
>  ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51
>
> But when I run cardos-info I am getting an error:
>
> Running cardos-tool --info -r 1
> [cardos-tool] card.c:213:sc_connect_card: unable to find driver for
> inserted card
> [cardos-tool] card.c:228:sc_connect_card: returning with: Card is
> invalid or cannot be handled
> Failed to connect to card: Card is invalid or cannot be handled
>
> Am I missing something else? :S


to your sub-section add also:
type = "1004";
# Possibles values for CardOS are in range 1001-1006.


>
> Jean Pierre, apart from the card I have also received a CD with
> applications to initialize the card and explore it from Windows, so I
> could initialize it and then use it from opensc.
>
>
>
> 2010/3/3 JP Szikora <[hidden email]
> <mailto:[hidden email]>>
>
>     Viktor TARASOV a écrit :
>
>         Ruben Lagar wrote:
>
>             Hello!
>
>             I have just received a Siemens Card CardOS M4.4. This card
>             is not included in the supported card models, but as every
>             earlier CardOS card is, I would like to test the same
>             driver for this new card.
>
>             Can this be easily done? I guess that there is some config
>             file where it is possible to assign a card to a card driver...
>
>             Could somebody please help me on how to do that?
>
>
>         Try to add to the 'app default' section of opensc.conf the
>         sub-section like:
>
>         card_atr <your card's ATR, look example in opensc.conf > {
>            name = "My Card";
>            driver = "cardos";
>         }
>
>     That's just one part of the story. If your card is in factory
>     state (cardos-info output can help you to check this), you need to
>     change the secret StartKey to the default one. That APDU is not
>     public (you must sign a NDA to get it...). And then you can create
>     a MF using an APDU encrypted with the default StartKey (which is
>     not anymore 16 * 0xFF, also only available under NDA...).
>
>     In practice, if your card is in Factory state and you have no
>     access to the Siemens doc, we can not help you. If your card is
>     formatted by Siemens tools, maybe you can try some tools
>     (opensc-explorer...) with Viktor's solution.
>
>     Cheers,
>
>     Jean-Pierre
>
>


--
Viktor Tarasov  <[hidden email]>

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Ruben Lagar
In reply to this post by JP Szikora-2


2010/3/3 JP Szikora <[hidden email]>
Ruben Lagar a écrit :

Thank you!

Well, I have configured opensc.conf as Viktor said

   card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 {
       name = "My Card";
        driver = "cardos";
   }

I have obtained this ATR running ./pcsc_scan from pcsclite tools:

Reader 1: GemPC2 01 00
 Card state: Card inserted,
 ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51
That's the CardOS 4.4 ATR (checked from the Siemens Doc).

I have been looking at card-cardos.c, and the atr table is

static struct sc_atr_table cardos_atrs[] = {
    /* 4.0 */
    { "3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
    /* Italian eID card, postecert */
    { "3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
    /* Italian eID card, infocamere */
    { "3b:fb:98:00:ff:c1:10:31:fe:55:00:64:05:20:47:03:31:80:00:90:00:f3", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
    /* Another Italian InfocamereCard */
    { "3b:fc:98:00:ff:c1:10:31:fe:55:c8:03:49:6e:66:6f:63:61:6d:65:72:65:28", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
    { "3b:f4:98:00:ff:c1:10:31:fe:55:4d:34:63:76:b4", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL},
    /* cardos m4.2 and above */
    { "3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a", "ff:ff:0f:ff:00:ff:00:ff:ff:00:00:00:00", NULL, SC_CARD_TYPE_CARDOS_M4_2, 0, NULL },
    { NULL, NULL, NULL, 0, 0, NULL }
};

The 4.4 atr is not there. So, apart from adding the atr configuration to opensc.conf, should I change the source of card-cardos.c for the driver to recognize the card? I was thinking in modifying the atr table and the function cardos_match_card for the card to be recognized as a M4.2...



But when I run cardos-info I am getting an error:

Running cardos-tool --info -r 1
[cardos-tool] card.c:213:sc_connect_card: unable to find driver for inserted card
[cardos-tool] card.c:228:sc_connect_card: returning with: Card is invalid or cannot be handled
Failed to connect to card: Card is invalid or cannot be handled

Am I missing something else? :S

The ATR of the CardOS 4.4 is one byte shorter than the other CardOS cards like 4.3B or 4.2C (TB1 byte is not there anymore). Maybe that breaks completely the card recognition in src/libopensc/card-cardos.c. Sorry, I've no (not yet) card to test it.



Jean Pierre, apart from the card I have also received a CD with applications to initialize the card and explore it from Windows, so I could initialize it and then use it from opensc.
It's not sure that a Siemens initialised card will work with OpenSC. If the ACL of MF did not allow you to create DF 5015 for exemple... It may be also difficult (or impossible) to completely erase a card after initialisation with Siemens tools. You probably need to choose between Siemens tool and OpenSC (after fixing the remaining problems with it...).

Cheers,

Well, using Siemens tool was just a possibility to initialize the cards, but the final system where I have to use the cards is a embedded Linux environment where I have installed OpenSC, so the choice is made. But I am not sure if I understand the problems. Are you saying that previous models had a known StartKey, but that StartKey has changed for this last model and it is not known anymore? In that case, OpenSC will not support any more models from CardOS.... am I right?

The only chance would be to have a Siemens initialized card with an ACL of MF that allows to create DF's under it... But as far as I know, even that was not case, it would be still possible to use the card with the objects already in it.
 

Jean-Pierre



2010/3/3 JP Szikora <[hidden email] <mailto:[hidden email]>>


   Viktor TARASOV a écrit :

       Ruben Lagar wrote:

           Hello!

           I have just received a Siemens Card CardOS M4.4. This card
           is not included in the supported card models, but as every
           earlier CardOS card is, I would like to test the same
           driver for this new card.

           Can this be easily done? I guess that there is some config
           file where it is possible to assign a card to a card driver...

           Could somebody please help me on how to do that?


       Try to add to the 'app default' section of opensc.conf the
       sub-section like:

       card_atr <your card's ATR, look example in opensc.conf > {
          name = "My Card";
          driver = "cardos";
       }

   That's just one part of the story. If your card is in factory
   state (cardos-info output can help you to check this), you need to
   change the secret StartKey to the default one. That APDU is not
   public (you must sign a NDA to get it...). And then you can create
   a MF using an APDU encrypted with the default StartKey (which is
   not anymore 16 * 0xFF, also only available under NDA...).

   In practice, if your card is in Factory state and you have no
   access to the Siemens doc, we can not help you. If your card is
   formatted by Siemens tools, maybe you can try some tools
   (opensc-explorer...) with Viktor's solution.

   Cheers,

   Jean-Pierre





_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Viktor TARASOV-2
In reply to this post by Ruben Lagar
Ruben Lagar wrote:
I added that line, but anyway:

./cardos-info -r 1
Running cardos-tool --info -r 1
[cardos-tool] card.c:213:sc_connect_card: unable to find driver for inserted card
[cardos-tool] card.c:228:sc_connect_card: returning with: Card is invalid or cannot be handled
Failed to connect to card: Card is invalid or cannot be handled

For me this mechanism works with the sub-section like this:
        card_atr 3B:F2:18:00:02:C1:0A:31:FE:58:C8:08:74   {
                driver = "cardos";
                type = "1003";
                atrmask = "ff:ff:0f:ff:00:ff:00:ff:ff:00:00:00:00";
                name = "Ma carte bien aimee";
        }
Look into the libopensc/card-cardos.c to get the values of 'type' and 'atrmask' closest to your card .


But, as Jean Pierre have explained, the main problem is not here.




2010/3/3 Viktor TARASOV <[hidden email]>
Ruben Lagar wrote:
> Thank you!
>
> Well, I have configured opensc.conf as Viktor said
>
>     card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 {
>         name = "My Card";
>          driver = "cardos";
>     }
>
> I have obtained this ATR running ./pcsc_scan from pcsclite tools:
>
> Reader 1: GemPC2 01 00
>  Card state: Card inserted,
>  ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51
>
> But when I run cardos-info I am getting an error:
>
> Running cardos-tool --info -r 1
> [cardos-tool] card.c:213:sc_connect_card: unable to find driver for
> inserted card
> [cardos-tool] card.c:228:sc_connect_card: returning with: Card is
> invalid or cannot be handled
> Failed to connect to card: Card is invalid or cannot be handled
>
> Am I missing something else? :S


to your sub-section add also:
type = "1004";
# Possibles values for CardOS are in range 1001-1006.


>
> Jean Pierre, apart from the card I have also received a CD with
> applications to initialize the card and explore it from Windows, so I
> could initialize it and then use it from opensc.
>
>
>
> 2010/3/3 JP Szikora <[hidden email]
> <mailto:[hidden email]>>
>
>     Viktor TARASOV a écrit :
>
>         Ruben Lagar wrote:
>
>             Hello!
>
>             I have just received a Siemens Card CardOS M4.4. This card
>             is not included in the supported card models, but as every
>             earlier CardOS card is, I would like to test the same
>             driver for this new card.
>
>             Can this be easily done? I guess that there is some config
>             file where it is possible to assign a card to a card driver...
>
>             Could somebody please help me on how to do that?
>
>
>         Try to add to the 'app default' section of opensc.conf the
>         sub-section like:
>
>         card_atr <your card's ATR, look example in opensc.conf > {
>            name = "My Card";
>            driver = "cardos";
>         }
>
>     That's just one part of the story. If your card is in factory
>     state (cardos-info output can help you to check this), you need to
>     change the secret StartKey to the default one. That APDU is not
>     public (you must sign a NDA to get it...). And then you can create
>     a MF using an APDU encrypted with the default StartKey (which is
>     not anymore 16 * 0xFF, also only available under NDA...).
>
>     In practice, if your card is in Factory state and you have no
>     access to the Siemens doc, we can not help you. If your card is
>     formatted by Siemens tools, maybe you can try some tools
>     (opensc-explorer...) with Viktor's solution.
>
>     Cheers,
>
>     Jean-Pierre
>
>


--
Viktor Tarasov  <[hidden email]>

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user



-- 
Viktor Tarasov	[hidden email]

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

JP Szikora-2
In reply to this post by Ruben Lagar
Ruben Lagar a écrit :

>
>
> 2010/3/3 JP Szikora <[hidden email]
> <mailto:[hidden email]>>
>
>     Ruben Lagar a écrit :
>
>         Thank you!
>
>         Well, I have configured opensc.conf as Viktor said
>
>            card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 {
>                name = "My Card";
>                 driver = "cardos";
>            }
>
>         I have obtained this ATR running ./pcsc_scan from pcsclite tools:
>
>         Reader 1: GemPC2 01 00
>          Card state: Card inserted,
>          ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51
>
>     That's the CardOS 4.4 ATR (checked from the Siemens Doc).
>
>
> I have been looking at card-cardos.c, and the atr table is
>
> static struct sc_atr_table cardos_atrs[] = {
>     /* 4.0 */
>     { "3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c", NULL, NULL,
> SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
>     /* Italian eID card, postecert */
>     { "3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47",
> NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
>     /* Italian eID card, infocamere */
>     {
> "3b:fb:98:00:ff:c1:10:31:fe:55:00:64:05:20:47:03:31:80:00:90:00:f3",
> NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
>     /* Another Italian InfocamereCard */
>     {
> "3b:fc:98:00:ff:c1:10:31:fe:55:c8:03:49:6e:66:6f:63:61:6d:65:72:65:28",
> NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
>     { "3b:f4:98:00:ff:c1:10:31:fe:55:4d:34:63:76:b4", NULL, NULL,
> SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL},
>     /* cardos m4.2 and above */
>     { "3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a",
> "ff:ff:0f:ff:00:ff:00:ff:ff:00:00:00:00", NULL,
> SC_CARD_TYPE_CARDOS_M4_2, 0, NULL },
>     { NULL, NULL, NULL, 0, 0, NULL }
> };
>
> The 4.4 atr is not there. So, apart from adding the atr configuration
> to opensc.conf, should I change the source of card-cardos.c for the
> driver to recognize the card? I was thinking in modifying the atr
> table and the function cardos_match_card for the card to be recognized
> as a M4.2...
Yes, add the new ATR in sc_atr_table cardos_atrs and create a new
SC_CARD_TYPE_CARDOS_4_4 (in cards.h).
In cardos_match_card, just add a very trivial
if (card->type == SC_CARD_TYPE_CARDOS_4_4) return 1;
With this, you will bypass all the card type detection in
cardos_match_card that wil not work with 4.4 as the ATR is 1 byte shorter!

Check for SC_CARD_TYPE_CARDOS_M4_2C in card-cardos.c, and add
SC_CARD_TYPE_CARDOS_4_4 in that context. The CardOS 4.4 are very similar
to 4.2C.

>   §
>
>
>
>         But when I run cardos-info I am getting an error:
>
>         Running cardos-tool --info -r 1
>         [cardos-tool] card.c:213:sc_connect_card: unable to find
>         driver for inserted card
>         [cardos-tool] card.c:228:sc_connect_card: returning with: Card
>         is invalid or cannot be handled
>         Failed to connect to card: Card is invalid or cannot be handled
>
>         Am I missing something else? :S
>
>
>     The ATR of the CardOS 4.4 is one byte shorter than the other
>     CardOS cards like 4.3B or 4.2C (TB1 byte is not there anymore).
>     Maybe that breaks completely the card recognition in
>     src/libopensc/card-cardos.c. Sorry, I've no (not yet) card to test
>     it.
>
>
>
>         Jean Pierre, apart from the card I have also received a CD
>         with applications to initialize the card and explore it from
>         Windows, so I could initialize it and then use it from opensc.
>
>     It's not sure that a Siemens initialised card will work with
>     OpenSC. If the ACL of MF did not allow you to create DF 5015 for
>     exemple... It may be also difficult (or impossible) to completely
>     erase a card after initialisation with Siemens tools. You probably
>     need to choose between Siemens tool and OpenSC (after fixing the
>     remaining problems with it...).
>
>     Cheers,
>
>
> Well, using Siemens tool was just a possibility to initialize the
> cards, but the final system where I have to use the cards is a
> embedded Linux environment where I have installed OpenSC, so the
> choice is made. But I am not sure if I understand the problems. Are
> you saying that previous models had a known StartKey, but that
> StartKey has changed for this last model and it is not known anymore?
> In that case, OpenSC will not support any more models from CardOS....
> am I right?
All the CardOS cards in manufacturing state are delivered with a secret
StartKey (and different for each card release number). Siemens provides
you an APDU to replace the secret StartKey to a default StartKey. For
all the card version up to 4.3B (in chronological order, 4.2C is newer
than 4.3B...), the Default StartKey is 16 * 0xFF. For cardOS 4.2C and
4.4, the Default StartKey is random and documented in the User Manual
(under NDA).

Now, you need to know the StartKey to format the card (create MF), to
erase the card and to change the StartKey itself. The way to prepare the
encrypted APDU is available in src/tools/cardos-tool.c, but not the
Default Startkey for 4.2C or 4.4.

Some vendors (cryptoshop.com) sells CardOS 4.3B with a Default StartKey
(16*0xFF) if you request for it, so you can used it with OpenSC without
asking the User Manual from Siemens.

If you want to change this, please ask to Siemens the right to publish
all the ChangeFactoryStartKey2DefaultStartKey APDU, and the Default
StartKey for CardOS > 4.3B. We will be very, very happy to put them in
opensc code. Believe me.
>
> The only chance would be to have a Siemens initialized card with an
> ACL of MF that allows to create DF's under it...
Without the User Manual, yes.
> But as far as I know, even that was not case, it would be still
> possible to use the card with the objects already in it.
If you use the pkcs11 lib from Siemens... I don't known if the Siemens
initialized card is compatible natively with OpenSC tools if you want to
sign or to decrypt.

Cheers,

Jean-Pierre

>
>
>
>
>         2010/3/3 JP Szikora <[hidden email]
>         <mailto:[hidden email]>
>         <mailto:[hidden email]
>         <mailto:[hidden email]>>>
>
>
>            Viktor TARASOV a écrit :
>
>                Ruben Lagar wrote:
>
>                    Hello!
>
>                    I have just received a Siemens Card CardOS M4.4.
>         This card
>                    is not included in the supported card models, but
>         as every
>                    earlier CardOS card is, I would like to test the same
>                    driver for this new card.
>
>                    Can this be easily done? I guess that there is some
>         config
>                    file where it is possible to assign a card to a
>         card driver...
>
>                    Could somebody please help me on how to do that?
>
>
>                Try to add to the 'app default' section of opensc.conf the
>                sub-section like:
>
>                card_atr <your card's ATR, look example in opensc.conf > {
>                   name = "My Card";
>                   driver = "cardos";
>                }
>
>            That's just one part of the story. If your card is in factory
>            state (cardos-info output can help you to check this), you
>         need to
>            change the secret StartKey to the default one. That APDU is not
>            public (you must sign a NDA to get it...). And then you can
>         create
>            a MF using an APDU encrypted with the default StartKey
>         (which is
>            not anymore 16 * 0xFF, also only available under NDA...).
>
>            In practice, if your card is in Factory state and you have no
>            access to the Siemens doc, we can not help you. If your card is
>            formatted by Siemens tools, maybe you can try some tools
>            (opensc-explorer...) with Viktor's solution.
>
>            Cheers,
>
>            Jean-Pierre
>
>
>
>

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Ruben Lagar
Thank you for your help!

I made those changes and I have asked Siemens for the StartKey.

FYI, after doing the changes, and not knowing the StartKey I can run

./cardos-info -r 1
Running cardos-tool --info -r 1
3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51
Info : CardOS V4.4 (C) Siemens AG 1994-2009
Chip type: 145
Serial number: 29 6e 30 14 2a 45
Full prom dump:
33 66 00 26 A5 1E 00 00 91 FF 29 6E 30 14 2A 45 3f.&......)n0.*E
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
OS Version: 200.13 (unknown Version)
Current life cycle: 16 (operational)
Security Status of current DF:
Free memory : 773
ATR Status: 0x0 ROM-ATR
Packages installed:
Ram size: 6, Eeprom size: 68, cpu type: 66, chip config: 63
Free eeprom memory: 41418
System keys: PackageLoadKey (version 0x00, retries 10)
System keys: StartKey (version 0xff, retries 10)
Path to current DF:

That card was initialized with Siemens tool. I also can run

./opensc-explorer -r 1
OpenSC Explorer version 0.11.13
OpenSC [3F00]> ls
FileID  Type  Size
[5015]    DF    96      Name: \xA0\x00\x00\x00cPKCS-15
OpenSC [3F00]> cd 5015
OpenSC [3F00/5015]> ls
FileID  Type  Size
 5600    wEF    48
 5031    wEF    48
 5032    wEF   297
 4408    wEF   754
 4400    wEF  1024
[5072]    DF   128
 4401    wEF  1024
[5075]    DF   128
 4403    wEF    87
 4404    wEF  1024
[4304]    DF   128
 4407    wEF  1024
[4444]    DF   128
OpenSC [3F00/5015]> mkdir 0707
Usage: mkdir <file_id> <df_size>
OpenSC [3F00/5015]> mkdir 0707 100
[opensc-explorer] card.c:367:sc_create_file: returning with: Not supported
CREATE FILE failed: Not supported
OpenSC [3F00/5015]> quit

So I can browse the files and read them (run cat 5600 and see its
content), but if I try to mkdir or create a EF I am getting a not
supported error. Is this because not having the StartKey?



2010/3/4 JP Szikora <[hidden email]>:

> Ruben Lagar a écrit :
>>
>>
>> 2010/3/3 JP Szikora <[hidden email]
>> <mailto:[hidden email]>>
>>
>>    Ruben Lagar a écrit :
>>
>>        Thank you!
>>
>>        Well, I have configured opensc.conf as Viktor said
>>
>>           card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 {
>>               name = "My Card";
>>                driver = "cardos";
>>           }
>>
>>        I have obtained this ATR running ./pcsc_scan from pcsclite tools:
>>
>>        Reader 1: GemPC2 01 00
>>         Card state: Card inserted,
>>         ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51
>>
>>    That's the CardOS 4.4 ATR (checked from the Siemens Doc).
>>
>>
>> I have been looking at card-cardos.c, and the atr table is
>>
>> static struct sc_atr_table cardos_atrs[] = {
>>    /* 4.0 */
>>    { "3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c", NULL, NULL,
>> SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
>>    /* Italian eID card, postecert */
>>    { "3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47", NULL,
>> NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
>>    /* Italian eID card, infocamere */
>>    { "3b:fb:98:00:ff:c1:10:31:fe:55:00:64:05:20:47:03:31:80:00:90:00:f3",
>> NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
>>    /* Another Italian InfocamereCard */
>>    {
>> "3b:fc:98:00:ff:c1:10:31:fe:55:c8:03:49:6e:66:6f:63:61:6d:65:72:65:28",
>> NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
>>    { "3b:f4:98:00:ff:c1:10:31:fe:55:4d:34:63:76:b4", NULL, NULL,
>> SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL},
>>    /* cardos m4.2 and above */
>>    { "3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a",
>> "ff:ff:0f:ff:00:ff:00:ff:ff:00:00:00:00", NULL, SC_CARD_TYPE_CARDOS_M4_2, 0,
>> NULL },
>>    { NULL, NULL, NULL, 0, 0, NULL }
>> };
>>
>> The 4.4 atr is not there. So, apart from adding the atr configuration to
>> opensc.conf, should I change the source of card-cardos.c for the driver to
>> recognize the card? I was thinking in modifying the atr table and the
>> function cardos_match_card for the card to be recognized as a M4.2...
>
> Yes, add the new ATR in sc_atr_table cardos_atrs and create a new
> SC_CARD_TYPE_CARDOS_4_4 (in cards.h).
> In cardos_match_card, just add a very trivial
> if (card->type == SC_CARD_TYPE_CARDOS_4_4) return 1;
> With this, you will bypass all the card type detection in cardos_match_card
> that wil not work with 4.4 as the ATR is 1 byte shorter!
>
> Check for SC_CARD_TYPE_CARDOS_M4_2C in card-cardos.c, and add
> SC_CARD_TYPE_CARDOS_4_4 in that context. The CardOS 4.4 are very similar to
> 4.2C.
>
>>  §
>>
>>
>>
>>        But when I run cardos-info I am getting an error:
>>
>>        Running cardos-tool --info -r 1
>>        [cardos-tool] card.c:213:sc_connect_card: unable to find
>>        driver for inserted card
>>        [cardos-tool] card.c:228:sc_connect_card: returning with: Card
>>        is invalid or cannot be handled
>>        Failed to connect to card: Card is invalid or cannot be handled
>>
>>        Am I missing something else? :S
>>
>>
>>    The ATR of the CardOS 4.4 is one byte shorter than the other
>>    CardOS cards like 4.3B or 4.2C (TB1 byte is not there anymore).
>>    Maybe that breaks completely the card recognition in
>>    src/libopensc/card-cardos.c. Sorry, I've no (not yet) card to test
>>    it.
>>
>>
>>
>>        Jean Pierre, apart from the card I have also received a CD
>>        with applications to initialize the card and explore it from
>>        Windows, so I could initialize it and then use it from opensc.
>>
>>    It's not sure that a Siemens initialised card will work with
>>    OpenSC. If the ACL of MF did not allow you to create DF 5015 for
>>    exemple... It may be also difficult (or impossible) to completely
>>    erase a card after initialisation with Siemens tools. You probably
>>    need to choose between Siemens tool and OpenSC (after fixing the
>>    remaining problems with it...).
>>
>>    Cheers,
>>
>>
>> Well, using Siemens tool was just a possibility to initialize the cards,
>> but the final system where I have to use the cards is a embedded Linux
>> environment where I have installed OpenSC, so the choice is made. But I am
>> not sure if I understand the problems. Are you saying that previous models
>> had a known StartKey, but that StartKey has changed for this last model and
>> it is not known anymore? In that case, OpenSC will not support any more
>> models from CardOS.... am I right?
>
> All the CardOS cards in manufacturing state are delivered with a secret
> StartKey (and different for each card release number). Siemens provides you
> an APDU to replace the secret StartKey to a default StartKey. For all the
> card version up to 4.3B (in chronological order, 4.2C is newer than
> 4.3B...), the Default StartKey is 16 * 0xFF. For cardOS 4.2C and 4.4, the
> Default StartKey is random and documented in the User Manual (under NDA).
>
> Now, you need to know the StartKey to format the card (create MF), to erase
> the card and to change the StartKey itself. The way to prepare the encrypted
> APDU is available in src/tools/cardos-tool.c, but not the Default Startkey
> for 4.2C or 4.4.
>
> Some vendors (cryptoshop.com) sells CardOS 4.3B with a Default StartKey
> (16*0xFF) if you request for it, so you can used it with OpenSC without
> asking the User Manual from Siemens.
>
> If you want to change this, please ask to Siemens the right to publish all
> the ChangeFactoryStartKey2DefaultStartKey APDU, and the Default StartKey for
> CardOS > 4.3B. We will be very, very happy to put them in opensc code.
> Believe me.
>>
>> The only chance would be to have a Siemens initialized card with an ACL of
>> MF that allows to create DF's under it...
>
> Without the User Manual, yes.
>>
>> But as far as I know, even that was not case, it would be still possible
>> to use the card with the objects already in it.
>
> If you use the pkcs11 lib from Siemens... I don't known if the Siemens
> initialized card is compatible natively with OpenSC tools if you want to
> sign or to decrypt.
>
> Cheers,
>
> Jean-Pierre
>>
>>
>>
>>
>>        2010/3/3 JP Szikora <[hidden email]
>>        <mailto:[hidden email]>
>>        <mailto:[hidden email]
>>        <mailto:[hidden email]>>>
>>
>>
>>           Viktor TARASOV a écrit :
>>
>>               Ruben Lagar wrote:
>>
>>                   Hello!
>>
>>                   I have just received a Siemens Card CardOS M4.4.
>>        This card
>>                   is not included in the supported card models, but
>>        as every
>>                   earlier CardOS card is, I would like to test the same
>>                   driver for this new card.
>>
>>                   Can this be easily done? I guess that there is some
>>        config
>>                   file where it is possible to assign a card to a
>>        card driver...
>>
>>                   Could somebody please help me on how to do that?
>>
>>
>>               Try to add to the 'app default' section of opensc.conf the
>>               sub-section like:
>>
>>               card_atr <your card's ATR, look example in opensc.conf > {
>>                  name = "My Card";
>>                  driver = "cardos";
>>               }
>>
>>           That's just one part of the story. If your card is in factory
>>           state (cardos-info output can help you to check this), you
>>        need to
>>           change the secret StartKey to the default one. That APDU is not
>>           public (you must sign a NDA to get it...). And then you can
>>        create
>>           a MF using an APDU encrypted with the default StartKey
>>        (which is
>>           not anymore 16 * 0xFF, also only available under NDA...).
>>
>>           In practice, if your card is in Factory state and you have no
>>           access to the Siemens doc, we can not help you. If your card is
>>           formatted by Siemens tools, maybe you can try some tools
>>           (opensc-explorer...) with Viktor's solution.
>>
>>           Cheers,
>>
>>           Jean-Pierre
>>
>>
>>
>>
>
>
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Andreas Jellinghaus-2
Am Montag 08 März 2010 11:28:31 schrieb Ruben Lagar:
> So I can browse the files and read them (run cat 5600 and see its
> content), but if I try to mkdir or create a EF I am getting a not
> supported error. Is this because not having the StartKey?

run "opensc-tool -f" - it should print the access control
of each file (unless something changed from 4.3 to 4.4 and
it no longer works). maybe it will show you what you can
do without authenticating yourself first, and what not.

opensc-explorer is a debug tool, so be carefull not to lock
up your card with it.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Ruben Lagar
Hi,

sorry for reopening this thread, but I think it is the best place to go.

I have run opensc-tool -f on a CardOS M4.4, without modifying anything
else from the OpenSC source than what it is necessary to associate the
driver cardos to the ATR, and I am getting this

3f00 type:  DF, size: 1024
select[N/A] lock[NEVR] delete[CHV4] create[NONE] rehab[NEVR]
inval[NEVR] list[N/A] sec: 00:FF:FF:FF:FF:04:73:00:73
prop: 01:A1:CA

  3f005015 [\xA0\x00\x00\x00cPKCS-15] type:  DF, size: 96
  select[N/A] lock[CHV115] delete[CHV115] create[CHV4] rehab[NEVR]
inval[NEVR] list[N/A] sec: 00:73:73:FF:FF:73:73:04
  prop: 01:A1:CA

    3f0050155600 type: wEF, ef structure: transpnt, size: 48
    read[NONE] update[NEVR] write[NEVR] erase[NEVR] rehab[NEVR]
inval[NEVR] sec: 00:FF:FF:FF:FF:FF:73
    prop: 01
(...)

What does this exactly mean? I see the MF 3f00 with size 1024, one DF
5015 (PKCS15), and some EF and DF under 5015. But, I don't get to
understand what the persmissions mean... So, what does N/A mean? And
NEVR? And CHV4, CHV115?

Also, what is the line starting with 'prop' and the bytes 'sec'?

Thank you!!


2010/3/8 Andreas Jellinghaus <[hidden email]>:

> Am Montag 08 März 2010 11:28:31 schrieb Ruben Lagar:
>> So I can browse the files and read them (run cat 5600 and see its
>> content), but if I try to mkdir or create a EF I am getting a not
>> supported error. Is this because not having the StartKey?
>
> run "opensc-tool -f" - it should print the access control
> of each file (unless something changed from 4.3 to 4.4 and
> it no longer works). maybe it will show you what you can
> do without authenticating yourself first, and what not.
>
> opensc-explorer is a debug tool, so be carefull not to lock
> up your card with it.
>
> Regards, Andreas
>
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

JP Szikora-2
Ruben Lagar a écrit :
> Hi,
>
> sorry for reopening this thread, but I think it is the best place to go.
>
> I have run opensc-tool -f on a CardOS M4.4, without modifying anything
> else from the OpenSC source than what it is necessary to associate the
> driver cardos to the ATR,
Hi,

I you work with the last stable opensc 0.11.13, just add these lines in
opensc.conf:
       card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51    {
               name = "CardOS 4.4";
               driver = "cardos";
               type = "1006";
               }
in order to associate the ATR and the card type.

>  and I am getting this
>
> 3f00 type:  DF, size: 1024
> select[N/A] lock[NEVR] delete[CHV4] create[NONE] rehab[NEVR]
> inval[NEVR] list[N/A] sec: 00:FF:FF:FF:FF:04:73:00:73
> prop: 01:A1:CA
>
>   3f005015 [\xA0\x00\x00\x00cPKCS-15] type:  DF, size: 96
>   select[N/A] lock[CHV115] delete[CHV115] create[CHV4] rehab[NEVR]
> inval[NEVR] list[N/A] sec: 00:73:73:FF:FF:73:73:04
>   prop: 01:A1:CA
>
>     3f0050155600 type: wEF, ef structure: transpnt, size: 48
>     read[NONE] update[NEVR] write[NEVR] erase[NEVR] rehab[NEVR]
> inval[NEVR] sec: 00:FF:FF:FF:FF:FF:73
>     prop: 01
> (...)
>  
Your card is not formatted by opensc tools (pkcs15-init). So it will
probably not work [at all | well] with the rest of opensc tools.

Please recheck opensc-tool -f with the specified add-on in opensc.conf
to have a more accurate interpretation the the data returned by the card.

Cheers,

Jean-Pierre

> What does this exactly mean? I see the MF 3f00 with size 1024, one DF
> 5015 (PKCS15), and some EF and DF under 5015. But, I don't get to
> understand what the persmissions mean... So, what does N/A mean? And
> NEVR? And CHV4, CHV115?
>  
> Also, what is the line starting with 'prop' and the bytes 'sec'?
>
> Thank you!!
>
>
> 2010/3/8 Andreas Jellinghaus <[hidden email]>:
>  
>> Am Montag 08 März 2010 11:28:31 schrieb Ruben Lagar:
>>    
>>> So I can browse the files and read them (run cat 5600 and see its
>>> content), but if I try to mkdir or create a EF I am getting a not
>>> supported error. Is this because not having the StartKey?
>>>      
>> run "opensc-tool -f" - it should print the access control
>> of each file (unless something changed from 4.3 to 4.4 and
>> it no longer works). maybe it will show you what you can
>> do without authenticating yourself first, and what not.
>>
>> opensc-explorer is a debug tool, so be carefull not to lock
>> up your card with it.
>>
>> Regards, Andreas
>>
>>    


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

Ruben Lagar
Hi again,

2010/5/7 JP Szikora <[hidden email]>:

> Ruben Lagar a écrit :
>>
>> Hi,
>>
>> sorry for reopening this thread, but I think it is the best place to go.
>>
>> I have run opensc-tool -f on a CardOS M4.4, without modifying anything
>> else from the OpenSC source than what it is necessary to associate the
>> driver cardos to the ATR,
>
> Hi,
>
> I you work with the last stable opensc 0.11.13, just add these lines in
> opensc.conf:
>      card_atr 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51    {
>              name = "CardOS 4.4";
>              driver = "cardos";
>              type = "1006";
>              }
> in order to associate the ATR and the card type.

I already had that. It is configured  for the ATR of the card is
recognized as a CardOS 4.2C card.


>>
>>  and I am getting this
>>
>> 3f00 type:  DF, size: 1024
>> select[N/A] lock[NEVR] delete[CHV4] create[NONE] rehab[NEVR]
>> inval[NEVR] list[N/A] sec: 00:FF:FF:FF:FF:04:73:00:73
>> prop: 01:A1:CA
>>
>>  3f005015 [\xA0\x00\x00\x00cPKCS-15] type:  DF, size: 96
>>  select[N/A] lock[CHV115] delete[CHV115] create[CHV4] rehab[NEVR]
>> inval[NEVR] list[N/A] sec: 00:73:73:FF:FF:73:73:04
>>  prop: 01:A1:CA
>>
>>    3f0050155600 type: wEF, ef structure: transpnt, size: 48
>>    read[NONE] update[NEVR] write[NEVR] erase[NEVR] rehab[NEVR]
>> inval[NEVR] sec: 00:FF:FF:FF:FF:FF:73
>>    prop: 01
>> (...)
>>
>
> Your card is not formatted by opensc tools (pkcs15-init). So it will
> probably not work [at all | well] with the rest of opensc tools.

I know, it is the only card I have at the moment, although I hope to
be able to format it with opensc.

>
> Please recheck opensc-tool -f with the specified add-on in opensc.conf to
> have a more accurate interpretation the the data returned by the card.

As I said, I already had that configuration made, Can I do something
to have more  accurate data? What does

select[N/A] lock[NEVR] delete[CHV4] create[NONE] rehab[NEVR]
inval[NEVR] list[N/A] sec: 00:FF:FF:FF:FF:04:73:00:73
prop: 01:A1:CA

mean? First line are permissions, it is all I know, but I don't know
what NEVR, CHV4, NONE or N/A mean...

Thank you!


>
> Cheers,
>
> Jean-Pierre
>>
>> What does this exactly mean? I see the MF 3f00 with size 1024, one DF
>> 5015 (PKCS15), and some EF and DF under 5015. But, I don't get to
>> understand what the persmissions mean... So, what does N/A mean? And
>> NEVR? And CHV4, CHV115?
>>  Also, what is the line starting with 'prop' and the bytes 'sec'?
>>
>> Thank you!!
>>
>>
>> 2010/3/8 Andreas Jellinghaus <[hidden email]>:
>>
>>>
>>> Am Montag 08 März 2010 11:28:31 schrieb Ruben Lagar:
>>>
>>>>
>>>> So I can browse the files and read them (run cat 5600 and see its
>>>> content), but if I try to mkdir or create a EF I am getting a not
>>>> supported error. Is this because not having the StartKey?
>>>>
>>>
>>> run "opensc-tool -f" - it should print the access control
>>> of each file (unless something changed from 4.3 to 4.4 and
>>> it no longer works). maybe it will show you what you can
>>> do without authenticating yourself first, and what not.
>>>
>>> opensc-explorer is a debug tool, so be carefull not to lock
>>> up your card with it.
>>>
>>> Regards, Andreas
>>>
>>>
>
>
>
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: CardOS M4.4

JP Szikora-2
Ruben Lagar a écrit :
>
>> Your card is not formatted by opensc tools (pkcs15-init). So it will
>> probably not work [at all | well] with the rest of opensc tools.
>>    
>
> I know, it is the only card I have at the moment, although I hope to
> be able to format it with opensc.
>  
Hi Ruben,

Probably, you can not reformat your card without knowning the SO or the
Admin PIN and the StartKey that is used by your card provider...

>  
>> Please recheck opensc-tool -f with the specified add-on in opensc.conf to
>> have a more accurate interpretation the the data returned by the card.
>>    
>
> As I said, I already had that configuration made, Can I do something
> to have more  accurate data? What does
>
> select[N/A] lock[NEVR] delete[CHV4] create[NONE] rehab[NEVR]
> inval[NEVR] list[N/A] sec: 00:FF:FF:FF:FF:04:73:00:73
> prop: 01:A1:CA
>
> mean? First line are permissions, it is all I know, but I don't know
> what NEVR, CHV4, NONE or N/A mean...
>  
Please find ISO7816-4 and check for the information returned by a SELECT
file APDU. In a few words, the "sec" contains the AC definitions in
FCI/FCP tag 0x86. For example, the first byte codes for the AC for the
"Change Lifecycle" command. Here is 0x00 which means always. FF means
never, and the other is the PIN reference. You need to do a VERIFY on
that PIN before the access is granted. CHV is for Card Holder Verification.

The "prop" contains the file status returned after a SELECT command. The
byte 2 and 3 codes for the largest available memory block in byte. This
is probably Siemens specific.

To have the complete description of all the value returned by the card,
you need to ask the manual from Siemens ( and sign a NDA...).

Cheers,

Jean-Pierre
> Thank you!
>
>  

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user