I am working on NFC enabled SIM, using ISO-7816-4. While I try to SELECT MF, DF or EF, response is always 6A 82( File not found). Following are the APDUs
00 A4 00 00 02 3F 00 -> To SELECT MF
00 A4 00 00 02 2F E2 -> To SELECT EF
00 A4 00 00 02 7F 20 -> To SELECT DF
Response is always the same, i.e., 6A 82. Am I missing something here? Kindly help.
Your P2 is incorrect. However, I'm not sure why the card is returning status 6A 82 (File not found) instead of 6A 86 (Incorrect parameters to P1 to P2).
To select by FID (File Identifier), you need to set the P2 as follow:
P2=04. In case of successful SELECT, you will get status 61XX. Send GET RESPONSE and you will have the FCP Template in the response data.
P2=0C. In case of successful SELECT, no data returned. Only status 9000.
For more details of P1 and P2, refer to ETSI 102.221 section 11.1.1. You can download the file from this ETSI link.
The problem was not with APDUs, but with the value of SAK. SAK value was set to 0x28.
Which means NFC enabled SIM supports both;
CPU level APDUs (the one I was trying to communicate to) and
Mifare 1k sector (the one I should have tried to communicate to in the first place).
However CPU level APDUs had more priority than Mifare sector because of which my NFC reader/writer was unable to communicate to Mifare 1k sector. Once the value of SAK was changed to 0x08, it disabled CPU level APDUs and my NFC reader/writer was able to communicate with the Mifare 1k sector. Hope this helps.
Related
i've an big trouble with my NTAG215 tags.
I use this PDF below for reffer:
https://www.nxp.com/docs/en/data-sheet/NTAG213_215_216.pdf
COMMANDS
I send these raw commands:
AUTH TAG ( with default password )
nfc.transceive('1B FF FF FF FF')
CHANGE DEFAULT PASSWORD
nfc.transceive('A2 85 AA BB CC DD')
SET PACK
nfc.transceive('A2 86 EE FF 00 00')
PROTECT ADDRESS 04 TO 81
nfc.transceive('A2 83 04 00 00 04')
ENABLE READ/WRITE PROTECTION
nfc.transceive('A2 84 10 00 00 00')
After send these commands, i read my NTAG215, and confirm results, but...i can read all memory blocks without PWD ( 1B command ).
I need protect these memory blocks from read without correct password.
Thanks for all help guys.
Everything looks fine except for the last command.
ENABLE READ/WRITE PROTECTION
nfc.transceive('A2 84 10 00 00 00')
In order to enable the protection the command must be as follows:
nfc.transceive('A2 84 80 00 00 00')
So once a "session" is authenticated it stays authenticated until the session ends.
So if you connect with no/default/existing password, you then have to remove the Tag from the RF field so that the session ends.
The next time the Tag enters RF fields it will need authenticating again with the new password.
I am using javax.smartcardio library to access my Felica card. I am able to get the ID of the felica card without any error. When I try to write a block to Felica card, I am getting the following status flag.
0xA5: Area or Service specified by the command cannot be accessed.
Here is the format of the command apdu I am using,
FF 00 00 00 D4 40 01 08 <8 bytes of ID> 01 < number of blocks 01> <16 bytes sof data>
The response I am getting is:
D5 41 00 <8 bytes of ID> 01 A5
The status flag2-A5 is the error specifying 'Area or Service specified by the command cannot be accessed.'
After discussing with the Felica manufacturing team, I found that the card was empty and that's the reason I can't write/read the block.
I am not getting AFL in the GPO command for Visa contactless Application
GPO Request as Below:
Request :80 A8 00 00 12 83 10 B6 60 40 00 00 00 00 01 00 00 00 00 38 39 30 31 00
Tag 9F 66: Terminal Transaction Qualifiers : B6 60 40 00
Tag 9F 02: Transaction Amount : 00 00 00 01 00 00
Tag 5F 2A: Transaction Currency Code : 03 56
Tag 9F 37: Unpredictable Number : 38 39 30 31
Getting AFL is not mandatory. If you do not get AFL you are not expected to do any READs. You need not do some functions like ODA as you wont have data associated with it. You can proceed with the available data as such.
As per VISA specification (VCPS), AFL is not mandatory.
If it is not returned in GPO the kernel shall skip the READ RECORDS and proceeds to Card Read Complete.
Your Terminal Transaction Qualifier byte 1 bit 1 is set to zero, meaning "Offline Data Authentication for Online Authorizations not supported". Try setting it to 1: B6 60 40 00 --> B7 60 40 00.
I was having the same issue and this was enough to receive an AFL.
I am experimenting now with Visa contactless, Get Processing Options, PDOL, and Read Record commands.
Here is what I found:
Visa Contactless has data accessible via Read Record in either rec 1 or 2, in file 1. You do not need to issue GPO to get this data.
A more complicated case is Visa Contactless inside Google Pay.
Contrary to simple PDOL having 4 elements, this "card" application requests PDOL over 20 elements. I was not able to guess so far the proper values of all of them, to construct proper PDOL and get AFL in GPO APDU Response, and SW=0x90.
The application returns 0 bytes for each Read Record I tried, and so far I cannot find which record file contains application data.
I've got a contactless chip card (not bank or SIM) which I can interact by NFC channel (ISO14443, ISO 7816 Part 4).
All I want to get from this card is getting of UID of the card, which can help me to differ one card from others. As I understand this is PAN value which I can get under the tag '5A'.
Firstly, I can send this command to the card
00:a4:04:00:0e:32:50:41:59:2e:53:59:53:2e:44:44:46:30:31:00
and get positive answer (SW:9000) with the AID value.
So, I have AID and I can send such command
00:a4:04:00:LеnAID:<AID>:00
to open file for reading TLV-based info under different Tag, am I right?
But when I send ('5A' - tag for PAN)
00:CA:00:5A:00
I have bad response -> 6E:00
So,
1)Should I change Class value (CLA = 00 for right now)? And for what value?
2)Maybe I have to change INS value for READ RECORD (B0 or B2 or something else) because "The kernel uses the value of the AFL (i.e. tag ‘94’) to issue one or more READ RECORD commands retrieve the Application data elements", in my case tag '5A' for PAN.
If so, what the complete workflow should be for getting PAN?
UPD.
When I sent
ff:ca:00:00:00
I receive
6e:00
For unknown for me reason I couldn't get positive answer on command
FF:CA:00:00:00
I got answer 6E:00
But I found another way how to get card info. I have to execute not one but a sequence of commands:
1) Firstly I have to find out the AID of the applet. If you know AID you can skip this step (2PAY.SYS.DDF in my case)
00:a4:04:00:0e:32:50:41:59:2e:53:59:53:2e:44:44:46:30:31:00
2) Then SELECT APPLICATION
00 A4 04 00 AID-Lenth AID
3) After that we GET PROCESSING OPTIONS
80 A8 00 00 02 83 00 00
4) And READ RECORD
00 B2 01 14 00
For decoding TLV-response I use this utility - https://www.emvlab.org/tlvutils
In response I got not only 5A tag but also others and for right now I have to parse the whole R-APDU for fetching particular tag value.
Is there any java-libs for parsing TLV-response?
i have mifare classic 4k and ACR1281U reader. I can authenticate/read/load succesfully.I have search the sites how to read the NFC tags but I am missing some; here are my questions
how to read and convert the data from MIfare blocks to human readable form
how to change the default auth key.
EDIT
Ok I just found out something strange. I tried to authenticate the random sector trailor block with the
key A
FF FF FF FF FF FF
then i tried to read that trailor block i found this
00 00 00 00 00 00 FF 07 80 69 FF FF FF FF FF FF 90 00
what i am confused is acccording to documentation, in the sector trailer
the key A comes first then access bits and then key b then response status
now what i get is
keyb? | access bits | key A | response status
Note : i tried to authenticated with Key A which is FFFFFFFFFFFF and successfully authenticated.
could anyone explain this to me?
Thanks a lot.
To write a sector you need to authenticate on that sector with keyB. Then you can overwrite the key block as:
new Key A | access bits | Key B