So, I was looking at this again. The ADPU that was failing looks wrong toThe APDU you are listing is INITIALIZE UPDATE, first step for creating a secure channel.
me:
> 80 50 00 00 08 95 B9 7C 79 CE 59 38 0C 1C
The command passes a 8-byte challenge to the card and receives back the corresponding cryptogram. So, P3 =0x08 is correct but what I can see from your output listed at http://www.contrib.andrew.cmu.edu/~cg2v/unreleased/cflexloader.output-2 :
80 50 00 00 08 F1 E0 64 37 E8 92 F4 6D 1C
is that you are passing a wrong length for the APDU - please note both commands end with 0x1C and the probability to generate, two times, pseudo-random 8-byte challenges that end up being 9-bytes and also end with 0x1C is too low for this to be a true outcome.
The response seems to be OK :
00 00 22 75 00 00 0C 64 FF 02 01 01 97 C6 E9 34 BB D4 43 EA 33 9D 42 1E B4 1A 50 2D 90 00
10 bytes Key diversification data + 2 bytes key info data + 8 bytes cryptogram + 8 bytes card's challenge+SW1+SW2
there are 9 data bytes, but the P3/Lc value is only 8.
If I convince the IFD to ignore that problem, the process gets much farther
but does not complete.
CFlexAccess32Loader appears to successfully authenticate, tries deleting an
old instance of the applet (which fails), succeeds in sending an 0x80 0xE2
command (Appears to be "create record") and sends 40 255 byte blocks of
data.
80 E2 ... APDU is STORE DATA...
When it tries sending the last (partial) data block to the card, the card
returns 0x69 0x85, which may or may not mean 'conditions of use not
satisfied'
Do you modify the P1 parameter to indicate this is the last block? Sorry I do not have too much time to follow all the commands from your output.
Reference control parameter P1 must have bit8 =0 for "more blocks" and bit8=1 for the last block.
Do you adjust accordingly the length of the last submitted block?
Complete output at
http://www.contrib.andrew.cmu.edu/~cg2v/unreleased/cflexloader.output-2
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.musclecard.com/mailman/listinfo/muscle
Good luck!
NIST - Computer Security Division
301-975-8431
