Ralf Schlatterbeck ha scritto: > Answering my own mail: > > On Thu, Dec 03, 2009 at 02:06:15PM +0100, Ralf Schlatterbeck wrote: > >> Just got my Gemalto TOP IM FIPS CY2 (Cyberflex Access 64k v2) >> >> But downloading the MCardApplet -- both my homegrown one and one >> downloaded from >> http://www.opensc-project.org/opensc/attachment/wiki/Cyberflex/CardEdgeII.ijc >> leads the following error after issuing the install_for_install command: >> > [...] > > I've done a little investigation into the magic numbers used by > gpshell. Looks like I can find out the argument to the first select command: > > select -AID a000000003000000 > > by doing: > enable_trace > establish_context > card_connect > open_sc -security 1 -keyind 0 -keyver 0 -mac_key > 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f > get_status -element 80 > > this gives me the following output (in addition to some debug output): > List of applets (AID state privileges) > a000000003000000 7 0 > > The other two AIDs seem to be dependent on the applet used (the applet codes > the applet ID internally). I came to this conclusion by changing the IDs > in the hello world downloader and seeing it fail. > > Then I looked into the download script for the hello world applet. > When unpacking the HelloWorld.cap.transf or HelloWorld.cap file with unzip > I'm getting several .cap files. The Applet.cap contains the following > (in hex): > > 000000 03 00 0e 01 0a a0 00 00 00 62 03 01 0c 01 01 00 > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > 000010 14 > 000011 > > Now compare this with the Applet IDs used for downloading, citing > from helloInstallCyberflexAccess64k.txt from the gpshell distribution: > > install_for_install -instParam 00 -priv 02 -AID a00000006203010c0101 -pkgAID > a00000006203010c01 -instAID a00000006203010c0101 -nvDataLimit 500 > ^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^ > > with that info I was able to find out the correct downloading script for > my homegrown applet, note the commented-out commands which use the wrong > applet ID (see below). My applet seems to use the AID a00000000101 > > Now my question: > - Is there some documentation on these magic numbers? > - Seems in all docs the MCardApplet uses the other ID I tried first > so something in my build-process probably doesn't correctly set > the applet ID. How should I change that? > > # gpshell script for loading applet into card: > enable_trace > establish_context > card_connect > select -AID a000000003000000 > open_sc -security 1 -keyind 0 -keyver 0 -mac_key > 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f > delete -AID a00000000101 > delete -AID a000000001 > delete -AID a0000003230101 > delete -AID a00000032301 > #install_for_load -pkgAID a00000032301 -nvCodeLimit 16000 -sdAID > a000000003000000 > install_for_load -pkgAID a000000001 -nvCodeLimit 16000 -sdAID a000000003000000 > load -file CardEdgeCflex.ijc > #install_for_install -instParam 00 -priv 02 -AID a0000003230101 -pkgAID > a00000032301 -instAID a0000003230101 -nvDataLimit 16000 > install_for_install -instParam 00 -priv 02 -AID a00000000101 -pkgAID > a000000001 -instAID a00000000101 -nvDataLimit 32000 > get_status -element 20 > card_disconnect > release_context > > > Thanks, Ralf > I have been able to load the my homemade applet with the following script:
mode_201 enable_trace establish_context card_connect select -AID a0000000030000 open_sc -security 0 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel install_for_load -pkgAID a000000001 -nvCodeLimit 19300 load -file CardEdgeCflex.ijc install_for_install -instParam 00 -priv 02 -AID a00000000101 -pkgAID a000000001 -instAID a00000000101 -nvDataLimit 13400 card_disconnect release_context You have to use the AID that you use in common.xml when you did compile the applet with ant. 1. nvCodeLimit is the applet size. 2. nvDataLimit is the size of memory that u want to use for ur private objctes... I guess .. cheers. PS for gpshell is better use the gpshell ML. _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
