ICC 未激活
ICC not activated
我目前正在尝试侵入智能卡,但我现在无法从智能卡中读取任何有用的信息。我正在尝试使用 PC_to_RDR_XfrBlock 命令将 SELECT FILE 命令 (0x6F, 0xB, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0xa4, 0x04, 0x0c, 0x06, 0xd2, 0x76, 0x00, 0x00, 0x01, 0x02) 发送到我的卡(在 PC_to_RDR_IccPowerOn 之后,returns 是正确的 ATR)。
但我的回复将 bmICCStatus 标志设置为 0x40,表示“ICC 存在且处于非活动状态(未激活或因硬件错误而关闭)”但我不太确定是什么处理这些信息。我应该如何激活卡?我以为只要给它供电就够了。
很可能我只是盲人,它写在规范中,但我找不到它,我的 Google 搜索将我带到了 1 个 SO 问题,但没有找到确实符合我的问题。
我正在使用 libusb 1.0 和 C,但我认为这与问题无关。
编辑:
我已经添加了一个代码示例,但您必须 select 您的设备
对于你自己,如果你想运行它。
#include <stdio.h>
#include <stdlib.h>
#include <libusb-1.0/libusb.h>
#include <string.h>
#define TIMEOUT 1000
void print_bytes(unsigned char * arr, int len) {
for(int i = 0; i < len; ++i) {
printf("%0.2x ", arr[i]);
}
printf("\n");
}
int main() {
/* I have some logic which is not included to find the apropriate sc-reader. */
/* Please use libusb_get_device_list() or similar to select your device. */
libusb_device * egk_sc_reader = NULL;
libusb_device_handle * handle = NULL;
int k = libusb_open(egk_sc_reader, &handle);
int transferred = 0;
libusb_claim_interface(handle, 0);
unsigned char cmd_pwr_on[] = {
0x62, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
unsigned char cmd_select_file[] = {
// CMD (1), LEN (4), Slot (1), Seq (1), Block Wait Time (1), Level Parameter (2), abData (LEN)
0x6F, 0xB, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0xa4, 0x04, 0x0c, 0x06, 0xd2, 0x76, 0x00, 0x00, 0x01, 0x02
};
int buf_in_len = 128;
unsigned char buf_in[buf_in_len];
memset(buf_in, 0, buf_in_len);
// Write power on
libusb_bulk_transfer(handle, 0x05, cmd_pwr_on, sizeof(cmd_pwr_on), &transferred, TIMEOUT);
// read atr
libusb_bulk_transfer(handle, 0x86, buf_in, buf_in_len, &transferred, TIMEOUT);
print_bytes(buf_in, buf_in_len);
memset(buf_in, 0, 128);
// Write select command
libusb_bulk_transfer(handle, 0x05, cmd_select_file, sizeof(cmd_select_file), &transferred, TIMEOUT);
// read answer
libusb_bulk_transfer(handle, 0x86, buf_in, buf_in_len, &transferred, TIMEOUT);
print_bytes(buf_in, buf_in_len);
libusb_release_interface(handle, 0);
libusb_close(handle);
return 0;
}
此代码示例试图模仿我的实际代码。它不完全相同,但结果符合我的问题因为标准输出是:
80 0e 00 00 00 00 00 00 80 00 3b d3 96 ff 81 b1 fe 45 1f 07 80 81 05 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80 00 00 00 00 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
我用的Reader是WD Plus GmbH的USB SMARTCARD READER,智能卡是Bahn BKK的EGK (Elektronische Gesundheitskarte) (en: Electronic Healtcare Card)。该卡支持 T=0 和 T=1(Gematik 规范:https://fachportal.gematik.de/fileadmin/user_upload/fachportal/files/Spezifikationen/Basis-Rollout/Elektronische_Gesundheitskarte/gemLF_Impl_eGK_V160.pdf)
只是向我发送 APDU returns 一个 'Index of not supported / incorrect message parameter' 错误。当我考虑它时,这是有道理的。
提前致谢
塞迪韦利
根据 ATR,您的牌只有 T=1 https://smartcard-atr.apdu.fr/parse?ATR=3BD396FF81B1FE451F078081052D
我不知道你用的reader。如果 reader 在 TPDU 而不是 APDU 中工作,则它比仅发送 APDU 更复杂。您必须在代码中实现 T=1。
我猜缺少的 CCID 命令是 PC_to_RDR_SetParameters 以使用正确的参数配置 reader。
我真的建议使用现有的软件。就像我的 CCID 驱动程序 https://ccid.apdu.fr/ for Unix。
我目前正在尝试侵入智能卡,但我现在无法从智能卡中读取任何有用的信息。我正在尝试使用 PC_to_RDR_XfrBlock 命令将 SELECT FILE 命令 (0x6F, 0xB, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0xa4, 0x04, 0x0c, 0x06, 0xd2, 0x76, 0x00, 0x00, 0x01, 0x02) 发送到我的卡(在 PC_to_RDR_IccPowerOn 之后,returns 是正确的 ATR)。
但我的回复将 bmICCStatus 标志设置为 0x40,表示“ICC 存在且处于非活动状态(未激活或因硬件错误而关闭)”但我不太确定是什么处理这些信息。我应该如何激活卡?我以为只要给它供电就够了。
很可能我只是盲人,它写在规范中,但我找不到它,我的 Google 搜索将我带到了 1 个 SO 问题,但没有找到确实符合我的问题。
我正在使用 libusb 1.0 和 C,但我认为这与问题无关。
编辑:
我已经添加了一个代码示例,但您必须 select 您的设备 对于你自己,如果你想运行它。
#include <stdio.h>
#include <stdlib.h>
#include <libusb-1.0/libusb.h>
#include <string.h>
#define TIMEOUT 1000
void print_bytes(unsigned char * arr, int len) {
for(int i = 0; i < len; ++i) {
printf("%0.2x ", arr[i]);
}
printf("\n");
}
int main() {
/* I have some logic which is not included to find the apropriate sc-reader. */
/* Please use libusb_get_device_list() or similar to select your device. */
libusb_device * egk_sc_reader = NULL;
libusb_device_handle * handle = NULL;
int k = libusb_open(egk_sc_reader, &handle);
int transferred = 0;
libusb_claim_interface(handle, 0);
unsigned char cmd_pwr_on[] = {
0x62, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
unsigned char cmd_select_file[] = {
// CMD (1), LEN (4), Slot (1), Seq (1), Block Wait Time (1), Level Parameter (2), abData (LEN)
0x6F, 0xB, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0xa4, 0x04, 0x0c, 0x06, 0xd2, 0x76, 0x00, 0x00, 0x01, 0x02
};
int buf_in_len = 128;
unsigned char buf_in[buf_in_len];
memset(buf_in, 0, buf_in_len);
// Write power on
libusb_bulk_transfer(handle, 0x05, cmd_pwr_on, sizeof(cmd_pwr_on), &transferred, TIMEOUT);
// read atr
libusb_bulk_transfer(handle, 0x86, buf_in, buf_in_len, &transferred, TIMEOUT);
print_bytes(buf_in, buf_in_len);
memset(buf_in, 0, 128);
// Write select command
libusb_bulk_transfer(handle, 0x05, cmd_select_file, sizeof(cmd_select_file), &transferred, TIMEOUT);
// read answer
libusb_bulk_transfer(handle, 0x86, buf_in, buf_in_len, &transferred, TIMEOUT);
print_bytes(buf_in, buf_in_len);
libusb_release_interface(handle, 0);
libusb_close(handle);
return 0;
}
此代码示例试图模仿我的实际代码。它不完全相同,但结果符合我的问题因为标准输出是:
80 0e 00 00 00 00 00 00 80 00 3b d3 96 ff 81 b1 fe 45 1f 07 80 81 05 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
80 00 00 00 00 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
我用的Reader是WD Plus GmbH的USB SMARTCARD READER,智能卡是Bahn BKK的EGK (Elektronische Gesundheitskarte) (en: Electronic Healtcare Card)。该卡支持 T=0 和 T=1(Gematik 规范:https://fachportal.gematik.de/fileadmin/user_upload/fachportal/files/Spezifikationen/Basis-Rollout/Elektronische_Gesundheitskarte/gemLF_Impl_eGK_V160.pdf)
只是向我发送 APDU returns 一个 'Index of not supported / incorrect message parameter' 错误。当我考虑它时,这是有道理的。
提前致谢
塞迪韦利
根据 ATR,您的牌只有 T=1 https://smartcard-atr.apdu.fr/parse?ATR=3BD396FF81B1FE451F078081052D
我不知道你用的reader。如果 reader 在 TPDU 而不是 APDU 中工作,则它比仅发送 APDU 更复杂。您必须在代码中实现 T=1。
我猜缺少的 CCID 命令是 PC_to_RDR_SetParameters 以使用正确的参数配置 reader。
我真的建议使用现有的软件。就像我的 CCID 驱动程序 https://ccid.apdu.fr/ for Unix。