Failed to connect to card: Card is invalid or cannot be handled

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Failed to connect to card: Card is invalid or cannot be handled

Tomáš Lavický
Hi,
I'm very new in smart cards so excuse my trivial questions, please.

Our company started to use HID Crescendo iCLASS Px G8H cards and HID Global’s ActivID® CMS Appliance for user logons. Since ActivClient middleware has x86 Linux version only I'm trying to use OpenSC on my KUbuntu 12.04 box to access certificates stored on the card. Following FAQ I've put "provider_library = /lib/x86_64-linux-gnu/libpcsclite.so.1" to /etc/opensc/opensc.conf and create a symlink "sudo ln -s /lib/x86_64-linux-gnu/libpcsclite.so.1 /usr/lib/libpcsclite.so". I can see ATR via pcsc_scan but not via opensc-tool:

$ pcsc_scan 
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau <[hidden email]>
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: Broadcom 5880 [Contacted SmartCard] (0123456789ABCD) 00 00

Thu Jul 25 11:49:51 2013
Reader 0: Broadcom 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
  Card state: Card removed, 

Thu Jul 25 11:50:12 2013
Reader 0: Broadcom 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
  Card state: Card inserted, 
  ATR: 3B DF 96 FF 81 31 FE 45 5A 01 80 48 49 44 43 31 31 58 58 73 00 01 1B 09

ATR: 3B DF 96 FF 81 31 FE 45 5A 01 80 48 49 44 43 31 31 58 58 73 00 01 1B 09
+ TS = 3B --> Direct Convention
+ T0 = DF, Y(1): 1101, K: 15 (historical bytes)
  TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
    250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
  TC(1) = FF --> Extra guard time: 255 (special value)
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1 
-----
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
+ Historical bytes: 5A 01 80 48 49 44 43 31 31 58 58 73 00 01 1B
  Category indicator byte: 5A (proprietary format)
+ TCK = 09 (correct checksum)

Possibly identified card (using /home/lavicky/.smartcard_list.txt):
        NONE

Your card is not present in the database.
You can get the latest version of the database from
or use: wget http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt --output-document=/home/lavicky/.smartcard_list.txt

If your ATR is still not in the latest version then please send a mail
to <[hidden email]> containing:
- your ATR
- a card description (in english)

$ opensc-tool -v -a
Using reader with a card: Broadcom 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
Connecting to card in reader Broadcom 5880 [Contacted SmartCard] (0123456789ABCD) 00 00...
Failed to connect to card: Card is invalid or cannot be handled


Output of "opensc-tool -a -vvvvvvv" command is attached. I can see "0x7fa250720700 12:09:03.317 [opensc-tool] muscle.c:269:msc_select_applet: returning with: -1200 (Card command failed)". I suppose it means that some unsupported applet is used on card. Is any way I can to try? I'm not familiar with Java I'm sorry.

Thanks for help.
---
Tomas Lavicky


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

opensc-tool-a-vvvvvvv.log (73K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Failed to connect to card: Card is invalid or cannot be handled

Ondrej Mikle
On 07/25/2013 01:48 PM, Tomáš Lavický wrote:
> Our company started to use HID Crescendo iCLASS Px G8H cards and HID Global’s
> ActivID® CMS Appliance for user logons. Since ActivClient middleware has x86
> Linux version only I'm trying to use OpenSC on my KUbuntu 12.04 box to access
> certificates stored on the card.

It's very probable that the HID iCLASS card with ActivID application won't have
PKCS#15 structure, but some other proprietary one. Thus you probably won't be
able to easily dump certificates. If they provided you with a pkcs11 library for
the card, you could try "pkcs11-tool" (see --module option).

> I can see ATR via pcsc_scan but not via opensc-tool:

I have a card that behaves in a similar way when accessed through NFC interface
- ACS ACOS5 card. The reason for this is that "opensc-tool -a" also tries to
send an APDU which fails:

00000012 APDU: 00 C0 00 00 00
00000294 SW:
00000037 ifdwrapper.c:520:IFDTransmit() Card not transacted: 612
00000032 winscard.c:1564:SCardTransmit() Card not transacted: 0x80100016

My guess would be that both your Crescendo iCLASS and the ACOS5 NFC interface
don't support ISO-7816 APDUs (ACOS5 card can be still dumped via libnfc).

Ondrej

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel