Java Card News

items from APSCA Smart Cards Business Intelligence

- I probably wont continue to select these ... get your own email sub.

ps new blogger editor sucks.. links my editor did w macros are now broken..  dont upgrade from classic

>
________________________________________________________________________
"This badass looking weapon won't hurt a fly - but it will kill any RFID tag you point it at. The Rfiddler gun can be aimed at unsuspecting RFID tags and destroy their data by simply overloading the tags with a very strong electromagnetic field." 
technabob
________________________________________
New Oyster cards will use MiFare DesFire chips by NXP semiconductors. The previous chipset, MiFare Classic, is in the process of being phased out. The MiFare Classic chipset has suffered a number of cryptographic cracks by security researchers. [2007 keys were 48 bits only, attackers shaved the chips?]

"TfL began the phased replacement of MiFare [Classic] Oyster cards last year and London Underground ticket offices continue to gradually swap existing cards.. 
zdnet
.zdnet court-rules-university-can-publish-oyster-crack
________________________________________
Will you be able to swipe your iPhone 5 like an Oyster card?
Apple has hired a chap called Benjamin Vigier who works in near-field communication (NFC),.. wireless data from chips within devices such as the Tube's Oyster cards to payment terminals ..

Apple has already built NFC-enabled prototype iPhones.. Nokia has already trialled NFC in the UK with the Nokia 6215.
__________________________________________
Octopus was way off track, says sorry MTRC boss
Tony Liaw  Friday, August 13, 2010
MTR Corp has apologized again for the privacy scandal involving Octopus Cards, which made HK$44 million from the sale of private data.
MTRC chief executive Chow Chung-kong vowed the smart card operator will never again sell any personal information.....the CEO resigned .. who would have thought Communist Hong Kong would be so sensitive about privacy?
.thestandard.com.hk
_____________________________________________
: ATMs with touch-points.:
KUALA LUMPUR, August 19 (Bernama) -- CIMB Bank, the commercial banking arm of CIMB Group, announced the waiver of Touch 'n Go reload charge at its automated teller machines (ATMs) nationwide effective Friday. expand »

The service is available 24 hours, seven days a week and at all the bank's ATMs with Touch 'n Go touch-points.

bernama

Retail MAC aka C_MAC

 tamed the C_MAC
Authenticated  Host <-> Card
Secure Session established

(only 1 card Terminated due to 10 bad tries)

This is the output:


 PC/SC terminal OMNIKEY CardMan 5x21-CL 0... wait 5  PC/SC card in OMNIKEY CardMan 5x21-CL 0, protocol T=1, state OK assigned to Card
 UID  CBE7DED8
 Card Manager  6F658...
 -> init_update 80500000085B74845D1FFCCE89
 <- card response  00009235001489950936FF020023470BDAF18E9C76C016B156A0D544
 Key_info    FF02
 Card_seq  0023
 Card_challenge  470BDAF18E9C
 Card_cryptogram  76C016B156A0D544
Sess_enc  5B49746D3E3E88290E51AC62AC2E46A3
Sess_C_MAC  473B7DCDE0E3E8EC24DFDC900D3BE93B
Sess_DEK    2BEF4B5837C13BE7B69CF5EF584D9CB5
 Card Cryptogram matched true at 32
 Host cryptogram before ENC 0023470BDAF18E9C5B74845D1FFCCE898000000000000000
 C_MAC 3126F78398CCB68D
-> external_authenticate 84820300106531817D2E170FAD3126F78398CCB68D
 Secure Session Established 


Using  javax.smartcardio    with ERACOM/Cryptoki




Eracom emerged from QUT (Queensland University of Technology), late 80's
Prof Bill Caelli and Prof Jennifer Seberry (Wollongong) ran a couple of good AusCrypts 88 & 92
I Spoke denigrating Montgomery Multiplication, which obviously kicks in somewhere past a few thousand bits.

HelloCard How to Read Java Cards

/**
 *  HelloCard
 * @author ctskinner
 * JavaCard read  ......   not tear-proof.... you can tearaway and halt the program   ..if you're fast
 *
 *  version of  zigosoft    forums.sun
 *
 */

package here.there.and.everywhere;
import java.awt.Toolkit;
import java.util.Arrays;
import java.util.List;
import java.util.ListIterator;

import javax.smartcardio.ATR;
import javax.smartcardio.Card;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CardTerminal;
import javax.smartcardio.CardTerminals;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
import javax.smartcardio.TerminalFactory;

public class HelloCard {
    private static final String sSelect    =
            "00A4 04 00  0b 0102030405060708090000  00";

    // Java byte arrays are so ugly... use Strings ...

    private static final String sread_uid  =
            "FFCA 00 00 00";
    private CommandAPDU SELECT_APDU = new CommandAPDU(String2Hex(sSelect));
    private CommandAPDU UID_APDU    = new CommandAPDU(String2Hex(sread_uid));

    private CardTerminal terminal = null;
    private Card card = null;
    private String terminalName;
    private String terminalType;
    private String terminalProtocol;

  
    public static void main(String[] args) {
        try {
            HelloCard hcApp = new HelloCard();
            hcApp.go();
        } catch(Exception e) {
            print(" Error: " + e.getMessage());
        }
    }

    private HelloCard() throws Exception {
        terminalProtocol = "T=0";
        init();
    }

    private static void print (String s) {
        System.out.print(s);
    }
    private void init() throws Exception {
        System.setProperty("sun.security.smartcardio.t0GetResponse", "false");  // ensures 61xx   if T=0 you must handle data returns yourself
        TerminalFactory tf = TerminalFactory.getDefault();
        CardTerminals ct = tf.terminals();
        List<CardTerminal> l = null;
        Card card = null;

        try {
            l = ct.list();
        } catch (Exception e) {
            print (" Error listing Terminals: " + e.toString());
            throw e;
        }

        print (" List of PC/SC Readers connected:\n");
        ListIterator i = l.listIterator();
        while (i.hasNext()) {
            String tn = ((CardTerminal) i.next()).getName();
            print("Reader: " + tn + "\n");
//          pick the first NFRadio contactless
            if (    (tn.contains("-CL"))    && (terminal == null)    )
                terminal = ct.getTerminal(tn);
        }
//      terminalName = l.get(1).getName();
        print ("Terminal fetched: " + terminal.getName() + "\n");
    }

    byte[] UIDstore = {0x00,0x00,0x00,0x00};
    byte[] UID = {0x00,0x00,0x00,0x01};
    public void go() {
        try {
            while (terminal.waitForCardPresent(0)) {

                try {
                    card = terminal.connect("*");
//                    card = terminal.connect(terminalProtocol);
                    print("\nCard on protocol "   + card.getProtocol());
                } catch (Exception e) {
                    print("\nTerminal NOT connected: " + e.toString());
                }
                CardChannel ch = card.getBasicChannel();
                ResponseAPDU ra = ch.transmit(UID_APDU);
                // some cards randomise UID between sessions
                if (check9000(         ra       )) {
                    print("    UID " + Hex2String(ra.getData()));
                    System.arraycopy(ra.getData(),0,UID,0,4);
      
                } else {
                    print("UID NOT OKAY");
                    return;
                }
                if (! (Arrays.equals(UID,UIDstore)) ) {
                     print("    New Card   ATR ");
                    ATR atr = card.getATR();   // dont do this too often!
                    System.arraycopy(UID,0,UIDstore,0,4);
                    print(  Hex2String(  atr.getBytes()  )   );
                }

                // Put here code for sending/receiving APDUs
                // DO SOMETHING WITH Card HERE
               
                //             Toolkit.getDefaultToolkit().beep();  // nogo
                terminal.waitForCardAbsent(0);
                print ("    Card removed    ");
            }// while
        }// try
        catch (CardException e) {
            System.out.println("Error isCardPresent()" + e.toString());
        }
    }
    public static boolean check9000(ResponseAPDU ra) {
        byte[] response = ra.getBytes();
        return (response[response.length - 2] == (byte) 0x90 && response[response.length - 1] == (byte) 0x00);
    }


    public static String  Hex2String(byte[] b) {
        String result="";
        for (byte by:b)
            result+= String.format("%02X", by);
        return result;
}
    public static String stripGarbage(String s) {
    String good =
      "ABCDEF0123456789";
    String result = "";
    for ( int i = 0; i < s.length(); i++ ) {
        if ( good.indexOf(s.charAt(i)) >= 0 )
           result += s.charAt(i);  //stringbuilder might be better
        }
    return result;
    }//______________________________________________

    public static byte[] String2Hex(String sin){
        sin = sin.toUpperCase(); 
        sin = stripGarbage(sin);
        byte[] bout = new byte[sin.length() / 2];  // sz must be even...
        if ((sin.length() & 1) != 0)
            return bout;
        try {
            for (int j = 0; j < sin.length()-1; j+=2) {
                bout[j/2] = (byte)(Integer.parseInt(sin.substring(j,j+2),16));
            } // for
        } // try
        catch (Exception ex) {
            print(" String2Hex " + ex.getMessage() );
        }

        return bout;
    }//_______________________

 
}  //Class____________________________________________________

First Post

"God made the integers; all else is the work of man" Leonard Kronecker

This B log will be about Java Card  and Information Security

because Marisa Fagan dewzi says you gotta have a blog & a twitter
right now twitter is overloaded and cant/isnt send/ing my conformation 

referred to by lavamunky
____________________________________________________________________
About Me:
I wrote an 80386 Assembler Modular Division (from Knuth, naturally) pre 1990 which may have been the fastest PC RSA in the world for a few months.  
____________________________________________________________________
Here are some Java Card links :
jcManager
frombrokenmill
Loads and registers a CAP!
__________________________________________________________
Jaccal:


 jaccal

 comes with anubis.exe: program send commands to card..     saush shows how to use it to read your bank account number from EMV card (VISA card with a chip)
__________________________________________________________
BER/ASN decoder: asn1ve.exe
the free version is a neat decoder.    asn1ve

Card data is sometimes BER encoded, hint: cut and paste into asn1ve to see if it decodes.
The Java TLV class is typically abstruse...
...
My comment on this coment posted in    0x9000
"CPLC data is Visa proprietary. At the beginning (OP 2.0.1) they used to maintain a list for all the tags, but not anymore. " sun
[Still not published it seems]
Note CPLC is not actually "tagged" it is arranged in blocks of 4 or 8 bytes

__________________________________________

Java Card tools cont... #2  (why cant I paste WinWords silly "hyperlinks" here???)

          emvlab                 ...<<< Recommended
decodes tlv, does DESede, does kcv, derives session keys from the card master key,
as specd in  in EMV 4.1, Book 2, Part III, Annex A1.3.
__________________________________________
[EMV seem to have moved on to 4.2  
emvco   emvco.com
__________________________________________
ttfn   http://www.ttfn.net/techno/smartcards/iso7816_4.html
is a neat layout of iso7816
__________________________________________
free-books-online   http://free-books-online.net/emv-iso-7816-6-tlv-pdf-7
a good search engine for docs
__________________________________________
 seen: Several Python 'hello world' caps - ...
__________________________________________
Omnikey diagnostic tool:
get ATR and UID
hidglobal      hidglobal.com/driver                    << 1st step in examining a card
__________________________________________
All you want to know about ATR  .. and more
(you dont need to know anything about ATR except: it often has some descriptive text "historical data"
eg
   ATR 3B 8A 80 01 4A 43 4F 50 33 31 56 32 33 32 7A  
   ....                              J   C  O   P   3    1   V   2    3   2    z
satxpress     http://www.sat.su/satxpress/SmartCard/ISO7816-3.htm
also describes T=0 and T=1 differences, oddly enough, would have been usefull to know
__________________________________________

Accecss Java Card from a web page     .springcard.com
05/07/2010, 05:23 by johann.d