I've got a .pfx file I can't share (work-related), but when I load it up on Windows my public key starts with 30 82 01 0a ... (truncated, see screenshot)
Windows screenshot
And when I load it up with on macOS it begins with BF:CF:10...
macOS screenshot
Even though it is the same file, the serial number of the loaded certificate and the public key seem to differ, which is causing problems for my C# Unity project when I try to connect to it. They have the same Authority Key Identifier, Subject Key Identifier, and Thumbprint, but differ in their Serial Number (4274337a15ab78c4 for Windows, and 4788598903244265668 and public key).
Is there a reason why Windows and macOS would differ in the details when loading the same certificate file?
It looks like they are importing it the same, just displaying it differently. The difference in serial numbers is due to Windows showing it in hex, and macOS in decimal.
The public key is a bit more complicated, but look closely at the top line of the Windows display. It starts with "30 82 01 0a 02 82 01 01 00", but the bytes following that, "bf cf 10 be e7 b1 1d af ..." match with the first bytes of what macOS lists as the public key.
I don't have a Windows system to look at, but I think what's happening is that the "Public Key" it shows is actually an ASN.1 data structure containing the modulus and exponent that make up the public key. macOS, on the other hand, lists the modulus (labeled "Public Key") and exponent separately, and doesn't bother with the surrounding ASN.1 headers (the "30 82 ..." stuff).
Related
What APDU command gets the PIN from the smart card and write the Changed PIN into the card?
For writing the code on card I have found 80 D4 00 00 08 01 02 03 04 05 06 07 08 to set pin 1 2 3 4 5 6 7 8 but we got 6D 00 in response i.e Instruction code not supported or invalid.
Or are there any WIN APIs that can be used?
Thanks in advance.
Severe misunderstanding: Nothing gets the stored PIN from the card. Using the VERIFY command you can only supply a comparison value and find out, whether it is correct - if it is not, the retry counter will decrease and the PIN may block. There is the standard command CHANGE REFERENCE DATA, see ISO 7816-4, but standard commands have CLA=00 while you currently try CLA=80 (first byte of the command).
6D00 can also be found there and since it means "wrong INS code" the whole command may be wrong. (A PIN consisting of non-printable bytes is also somewhat untypical.)
Without knowing, which card you have and which specification it complies to, you will not make significant progress.
While WINSCARD may be your friend to get the command transported, it will not help in the respect of finding the correct bytes.
I am trying to read and write data on Mifare DESFire cards using ISO 7816-4 APDU commands. I followed the steps:
Select application using {00,A4,04,00,07,D2,76,00,00,85,01,00}.
I get the response as 9100.
Then I select file using {00,A4,00,00,02,3F,00} and I get the response as 9100.
Then I try to read the file using command {00,B0,00,00,03} and I get an error with code 6A86.
Now I want to know the exact commands to read and write the data on the cards. I think I still don't get the meaning of P1 and P2 in read/write commands. I already tried many other combinations but I always get errors like 6A86, 6982, etc.
I assume you receive the status word 9000 on success. If you actually receive 9100 when using ISO/IEC 7816-4 basic inter-industry command APDUs something very strange must be going on. 91xx status words should only be returned when you use the ISO/IEC 7816-4 wrapped command set (i.e. when the class byte of the command APDU is set to 0x90).
Let's look at what you currently do:
You start my selecting the MIFARE DESFire ISO AID D2760000850100:
00 A4 0400 07 D2760000850100
This makes sure that the card is in ISO/IEC 7816-4 framing mode and automatically selects the MF (master file; i.e. the PICC level application).
You then, again(!), select the MF (PICC level application):
00 A4 0000 02 3F00
So you are now at the same level as after step 4.
Finally, you try to read 3 bytes starting at offset 0 from the currently selected file using the READ BINARY APDU:
00 B0 0000 03
Since the currently selected file is the MF you can't read binary data from it. The MF does not have a data part. Consequently, the card reports the error code 6A86 ("wrong parameter P1 and/or P2") as it tries to tell you that reading at offset 0 (P1|P2 = 0x0000) from the MF (currently selected file indicated by the upper bit of P1 being zero) makes no sense.
Therefore, before you can read binary data, you need to select an elementary file (EF), probably even located in a different application (dedicated file, DF), that contains an actual data part. This can be done bei either explicitly sending SELECT commands for EF (and, if necessary, the DF) or by implicitly selecting the EF using a short file identifier in P1 of the first read binary command. In the latter case, you would set the upper bit of P1 to one to indicate that the remaining part of P1 encodes a short file ID. In both cases you would need to know the file/application identifiers of the files and applications that you want to read from.
Apple Wallet supports the Value Added Services protocol. I want to use this to read the Walgreens loyalty card (the only NFC-enabled loyalty card I have), to better understand the technology.
The APDU commands needed for this can be found on page 68 in the NFC.15 spec, where APDU command SELECT FILE is described:
http://www.gsma.com/digitalcommerce/wp-content/uploads/2014/07/NFC.15-Version-1.0-Mobile-Commerce-NFC-Coupons-and-Acceptance-Technical-Proposal.pdf
Trancieving the following APDU SELECT FILE to the Apple Watch (while having the card selected)
00 A4 04 00 07 A0 00 00 05 59 00 01 00
Returns
6A 82 (File not found)
From the documentation I expected this command to select the present loyalty card file, or a special response containing a list of more specific IDs if multiple files are available. What am I doing wrong? Does the Apple Wallet use a custom RID?
Karl, You need the Merchant ID or Application ID. Without the AID (Based on the NFC Spec) you will not be able to get the Customer ID or even get any other data from the Reward pass.
Check this blog entry for more details:
http://flomio.com/2016/07/nfc-enabled-passes-on-apple-wallet/
In case anyone is wondering if simply specifying a different 2 byte Application Code after the RID of A0 00 00 05 59, which the NFC.15 document assumes is 00 01 will yield a successful file/application selection (SW 90 00), it won't. I tried all 65,536 combinations of these two bytes with no luck. So yes, some additional information is clearly needed. The link above is now dead, so I have raised a support inquiry with Apple Pay (as other posts mention) to see if the documentation required by NFC terminal makers/integrators can be made available under NDA. So far the Apple support team is giving me a bit of a runaround but I think once they understand that I'm seeking non public documentation I'll get the information I need :) I'll keep this post updated if they respond to my inquiry.
I posted this to the net-snmp mailing list Monday and got no reply, so I am trying here.
I am confused and I hope someone can help.
I am writing an SNMP agent for a Cortex M4 application.
The SNMP books I have bought and what I have read on the net indicate that all data fields should be ASN.1 encoded. I know the OIDs are ASN.1 encoded. I am not sure if that applies to other fields like Request ID.
Looking at snmp commands sent by net-snmp, it appears that the Request ID field is a simple (4 byte) 32 bit integer.
Here is a screen shot showing an snmpget transaction monitored through Wireshark:
http://www.ko4bb.com/net-snmp/RequestID.png
It shows the RequestID to be 1750020546 (decimal) and 0x684F31C2 in hex. The data field in Wireshark also shows it to be “68 4f 31 c2”
This is not ASN.1 encoded, otherwise the first 3 bytes would have their bit 7 set to 1 and the last byte would have bit 7 set to 0, meaning the first 3 values would be >0x7F and the last value should be < 0x80
So is ASN.1 not used for the RequestID field?
I added the wireshark tag, as this is purely a Wireshark issue.
The Request ID field, is strictly in ASN.1 BER format, which is 02 04 68 4f 31 c2.
You should be careful that Wireshark is too smart to parse the data and hide some details from you.
Please check the botton panel where 68 4f 31 c2 is highlighted. Wireshark highlights them, but intentionally ignore 02 04 ahead. That's the problem.
As #GuyHarris pointed out in the comment, this Wireshark behavior is configurable. Other packet analyzers (such as Microsoft Network Monitor) might behave differently in the same scenario.
I'm trying to write an application that will interact with smart cards using an ACS ACR122U card terminal. According to all that I can find the API uses a combination of standard APDU commands and psuedo-APDUs to interact with the terminal, however psuedo-APDUs don't seem to work as claimed.
The API Reference (provided on the ACS site) indicates that APDUs of the form "FF XX XX XX ..." will be interpreted by the terminal (rather than sent to the card) but I always get a response status of "6E XX" (which I interpret as me sending an invalid class ID).
I've tried sending commands to flash the LEDs on the terminal using "FF 00 40 0F 04 00 00 00 00" and also tried to get some unique identifier from the card using "FF CA 01 00".
I can't find anything useful within the ISO 7816-4 document (the standard for smart cards) and the API reference provided by ACS. Also, ACS are not very forthcoming with information.
Does anyone have any ideas as to what I may be doing wrong or where I might look for additional information?
I can get an ATR - Answer To Reset from the terminal when a card is connected. I'm developing for interaction with Mifare 1K cards and would like to read from them and interact with the LEDs and buzzer on the terminal.
You can retrieve the API documentation here. This is ACS' proprietary APDUs so don't refer to standard ISO-7816 specification. Refer to section 6 for pseudo-APDU requirements.
To simulate LED, refer to section 6.2 for details and appendix E for example. You may try changing your APDU as follow: FF 00 40 FF 04 0A 0A 03 03. Please note that I set the LED control and also put non-zero values for LED duration.
For the second APDU, refer to section 4. Please note that you are missing P3/Le in your APDU (shall be FF CA 01 00 00) and you need the card reader connected with PICC.