Question about Smartcard Acquisition

EbieJungle · March 27, 2015, 2:44pm

Quick update. I modified the JcardTest protocol. I am now able to select the app on the smartcard. However, when I send an apdu to tell the app to do something I get txdatlength error. Here is the log:

OpenADC Found, ConnectingATR: 3b eb 00 00 81 31 20 45 4a 43 4f 50 33 31 33 36 47 44 54 78 ATR: 3b eb 00 00 81 31 20 45 4a 43 4f 50 33 31 33 36 47 44 54 78 ACK Error: a4 != 0 Correct App Selected Traceback (most recent call last): File "ChipWhispererCapture.py", line 786, in capture1 ac.doSingleReading() File "c:\chipwhisperer-0.10rc1\software\chipwhisperer\capture\AcquisitionController.py", line 141, in doSingleReading self.textout = self.TargetDoTrace(self.textin, key=None) File "c:\chipwhisperer-0.10rc1\software\chipwhisperer\capture\AcquisitionController.py", line 91, in TargetDoTrace self.target.go() File "c:\chipwhisperer-0.10rc1\software\chipwhisperer\capture\targets\SmartCard.py", line 829, in go self.protocol.go() File "c:\chipwhisperer-0.10rc1\software\chipwhisperer\capture\targets\SmartCard.py", line 716, in go x = self.hw.sendAPDU(0x80,0x14,0x03,0x04,0x00,rxdatalen=0) File "c:\chipwhisperer-0.10rc1\software\chipwhisperer\capture\targets\SmartCard.py", line 144, in sendAPDU txdatalen = len(txdata) TypeError: object of type 'int' has no len()

The code that I’m using:

[code]def go(self):
status = self.hw.sendAPDU(0x00, 0xA4, 0x04, 0x00, [0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x00,0x00])
if status != 0x900:
raise IOError(“Invalid Status: %x” % status)

    print "Correct App Selected"
    x = self.hw.sendAPDU(0x80,0x14,0x03,0x04,0x00,rxdatalen=0)
    print x[/code]

alvincai · March 27, 2015, 3:22pm

you need to adhere to the formats expected by ReaderChipWhispererSER.sendAPDU(cla,ins,p1,p2,txdata=None,rxdatalen=0)
txdata should be input as a python list, whereas in your code, you are feeding 0x00 to txdata, which is if type int.

I am not sure what you want to achieve.

Do you want to send a payload of 0x00 ? then use
x = self.hw.sendAPDU(0x80,0x14,0x03,0x04,[0x00])

Or do you want to send an empty payload? then just send
x = self.hw.sendAPDU(0x80,0x14,0x03,0x04)

EbieJungle · March 30, 2015, 1:09pm

I’m using a different smart card now. This one interacts better with the victim board. However, I’m getting this ACK error Status too small. No matter what I change the value of ins, I still get the error. What am I doing wrong does code only except 6C as a value for ins?

[code]
x = self.hw.sendAPDU(0x80,0x02,0x03,0x04)

ATR: 3b 68 00 00 00 73 c8 40 11 00 90 00
Correct App Selected
ACK Error: 2 != 6c
Exception caught: Status too small: 1, 07
File “c:\chipwhisperer-0.10rc1\software\chipwhisperer\capture\targets\SmartCard.py”, line 195, in sendAPDU
raise IOError(“Status too small: %d, %s” % (len(stat), " “.join([”%02x"%ord(t) for t in stat])))
IOError: Status too small: 1, 07[/code]

[code]
x = self.hw.sendAPDU(0x80,0x10,0x03,0x04)

ATR: 3b 68 00 00 00 73 c8 40 11 00 90 00
Correct App Selected
ACK Error: 10 != 6c
Exception caught: Status too small: 1, 07
File “c:\chipwhisperer-0.10rc1\software\chipwhisperer\capture\targets\SmartCard.py”, line 195, in sendAPDU
raise IOError(“Status too small: %d, %s” % (len(stat), " “.join([”%02x"%ord(t) for t in stat])))
IOError: Status too small: 1, 07[/code]

[code]
x = self.hw.sendAPDU(0x80,0x6C,0x03,0x04)

ATR: 3b 68 00 00 00 73 c8 40 11 00 90 00
Correct App Selected
Exception caught: Invalid Status: 90[/code]

alvincai · March 30, 2015, 1:44pm

Hi EbieJungle,

I suggest reading the ISO7816 standards for a better protocol understanding, then observing a “known to be correct” communication run between smartcard and reader e.g. using a scope on a PCSC reader (there are probably better methods, but that’s what I did). Knowing the expected layer1/2 comms is invaluable for further debugging.
You would also need to be familiar with debugging Python scripts (shouldn’t be helping you in this)

I’ll elaborate about the expected communication. Lets say a SC reader wants to send to the SC the following APDU (CLA INS P1 P2 Ld data Le) where Ld is length of the data, Le is length of expected response. What really happens at Layer1/2 is the following:
Reader to Card: CLA INS P1 P2 Ld
Card to Reader: INS (echoes the INS byte as an acknowledgement)
Reader to Card: data Le
Card to Reader: Status Word

Colin’s code also alludes to this sequence.

Regarding the ‘strange’ responses you are getting, this is my guess:
You are not getting an INS acknowledge because you have sent the wrong datalength for that particular instruction. Instead you receive the status word 0x6c07. You can look up what the status word means here

G’luck!

EbieJungle · March 31, 2015, 10:14am

Hi Alvin,

I just wrote my own method calling the hardware directly and everything is working now. I am able to use the smart card with the victim board and get correct power measurements. Just wanted to say thank you for the support!