Page 1 of 1

Command " -emv " in gp.exe

Posted: Mon Jan 30, 2017 4:20 am
by JavaCardVE
I've tested a javacard using "GP.exe".
I've sent a command "-l" to a card and use "-emv" before that.If the card responses security error, Can I say that the card do not support EMV at all??


this is my command and the errors:


Code: Select all

c:\>gp.exe -emv  -l -d -r  "ACS ACR1281 1S Dual Reader ICC 0"
# Detected readers from SunPCSC
[*] ACS ACR1281 1S Dual Reader ICC 0
[ ] ACS ACR1281 1S Dual Reader PICC 0
[ ] ACS ACR1281 1S Dual Reader SAM 0
SCardConnect("ACS ACR1281 1S Dual Reader ICC 0", T=*) -> T=0, 3B7818000100000000
D3C8CD19
SCardBeginTransaction("ACS ACR1281 1S Dual Reader ICC 0")
A>> T=0 (4+0000) 00A40400 00
A<< (0094+2) (31ms) 6F5C8408A000000003000000A550734A06072A864886FC6B01600C060A2A
864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510
864864020103660C060A2B060104012A026E01029F6501FF 9000
A>> T=0 (4+0008) 80500000 08 C2850EE1D6F4F8B7 00
A<< (0028+2) (63ms) 00000000000000000000FF020178D8153371D17ABC5187257DE96A0C 900
0
pro.javacard.gp.GPException: STRICT WARNING: Card cryptogram invalid!
Card: BC5187257DE96A0C
Host: B6C75C454A816266
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
        at pro.javacard.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java
:184)
        at pro.javacard.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:
515)
        at pro.javacard.gp.GPTool.main(GPTool.java:371)

Re: Command " -emv " in gp.exe

Posted: Mon Jan 30, 2017 6:05 am
by tay00000
What EMV means is the card keys are not derived using EMV methods of deriving the MAC, ENC and KEK keys. It does not immediately mean the card has no EMV applications. I can lock the EMV applets using my own randomly generation MAC, ENC and KEK keys but that does not immediately mean I did not install some EMV applets at all.

You need to use the correct keys to access the card's ISD domain and then list the applications' applets to get a better picture of what applets are installed to have a better conclusion.

Re: Command " -emv " in gp.exe

Posted: Mon Jan 30, 2017 7:17 am
by JavaCardVE
tay00000 wrote:What EMV means is the card keys are not derived using EMV methods of deriving the MAC, ENC and KEK keys. It does not immediately mean the card has no EMV applications. I can lock the EMV applets using my own randomly generation MAC, ENC and KEK keys but that does not immediately mean I did not install some EMV applets at all.

You need to use the correct keys to access the card's ISD domain and then list the applications' applets to get a better picture of what applets are installed to have a better conclusion.


Thanks a lot for guidance.
This card has default key and without "-emv" I can see list and this card do not have any applet yet. But how can i check that this card has EMV or not as it do not response to "-emv" command?
This is list command without "-emv".

Code: Select all

c:\>gp.exe   -l -v -r  "ACS ACR1281 1S Dual Reader PICC 0"
Reader: ACS ACR1281 1S Dual Reader PICC 0
ATR: 3B8B800120900000000000D3C8CD1975
More information about your card:
    http://smartcard-atr.appspot.com/parse?ATR=3B8B800120900000000000D3C8CD1975

Auto-detected ISD AID: A000000003000000
Host challenge: 6A6B8C5462B9B7A3
Card challenge: 01797C3951BC2560
Card reports SCP02 with version 255 keys
Master keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
Sequnce counter: 0179
Derived session keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:0A87698D7B43913FB405F3C39FF334DC
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:C09691A787E75584D32FD2A2F044A979
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:33E0FF86BBC4406FC0EDACAB55189E1B
Verified card cryptogram: F5A19AECC572F1BF
Calculated host cryptogram: 53563DFCD48B0A38
AID: A000000003000000 (|........|)
     ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
 CVM (PIN) management

AID: A0000001515350 (|....QSP|)
     ExM LOADED: (none)
     A000000151535041 (|....QSPA|)

Re: Command " -emv " in gp.exe

Posted: Mon Jan 30, 2017 11:00 pm
by tay00000
EMV or not is simply whether a card is loaded with payment and loyalty applets that conform to EMV standards. You mentioned that the card is blank, thus it has not a single applet in it. If you want an EMV compliant payment or loyalty applet, you will have to look for one or make one yourself. EMV is simply a bunch of payment standards.

Re: Command " -emv " in gp.exe

Posted: Tue Jan 31, 2017 12:43 am
by JavaCardVE
tay00000 wrote:EMV or not is simply whether a card is loaded with payment and loyalty applets that conform to EMV standards. You mentioned that the card is blank, thus it has not a single applet in it. If you want an EMV compliant payment or loyalty applet, you will have to look for one or make one yourself. EMV is simply a bunch of payment standards.


Thank you for your reply.
I think I have misunderstood of EMV applets and EMV card suport. I have a card that I should use "-emv" command before loading any applet or other commands in gp.exe, the other side I have another card (explained in above posts ) than I should not use "-emv" for load applets or any other commands in gp.exe. these cards are from different providers and they do not have any applets.

Re: Command " -emv " in gp.exe

Posted: Fri Feb 03, 2017 2:18 am
by tay00000
The card that uses -emv option uses the EMV key diversification method to derive the MAC, ENC and KEK keys while those without -emv don't use that technique.