How do I get CPLC data from a smart card?

2019-04-12 18:37发布

问题:

I'm using GPShell on an Ubuntu VM with a smart card reader (the model is ACR122) and I'm using several different NXP SmartMX chips.

Using their Android TagInfo app, I'm able to see the "Card Production Lifecycle Data" when I scan one specific SmartMX chip.

However, I would like to use GPShell to get the CPLC data as well. I assume it's accessible because I can see it when I scan the tag on the Android device.

I have a program called connect.txt, and it has this as the contents:

mode_211
enable_trace
establish_context
card_connect
get_data -identifier 9F7F
card_disconnect
release_context

This is the output:

josh@josh-VirtualBox:~/projects/gpshell-test$ gpshell connect.txt
mode_211
enable_trace
establish_context
card_connect
* reader name ACS ACR122U PICC Interface 00 00
get_data -identifier 9F7F
Command --> 80CA9F7F00
Wrapped command --> 80CA9F7F00
Response <-- 
get_data() returns 0x80200000 (Unknown ISO7816 error: 0x0000)

I'm trying to follow the GPShell docs for the above command (get_data -identifier 9F7F) which is supposed to be the command for getting the CPLC data.

How can I get the CPLC data?

As for debugging, I've tried some of the sample scripts that come with GPShell (for example, selecting a certain AID, or listing AIDs, attempting to authenticate using the default keys, etc.). All of the commands give me the same exact output as above. I also search gpshell on StackOverflow and read most questions/answers, but none of them quite seem to cover what I'm asking here (I can provide links if requested). Thanks.

回答1:

Short answer: I had to select an application first, and then authenticate using the default key before sending the GET DATA command.

I ended up installing GlobalPlatformPro, which is another command line tool for getting data from a smart card.

I used gp -list -d to list all of the AIDs on the card (-d is debug to show the APDUs being sent). It turns out the card is using the default key 404142434445464748494a4b4c4d4e4f (found in the gpshell docs under the heading Secure Channel Keys.

It output several apps. The AID I ended up needing to use (after trying several of them) was:

ISD: A000000151000000 (OP_READY)
     Privs:   SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement

I changed my connect.txt program to this:

mode_211
enable_trace
establish_context
card_connect
select -AID A000000151000000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f 
get_data -identifier 9f7f
card_disconnect
release_context

This ended up outputting (using GPShell):

josh@josh-VirtualBox:~/projects/gpshell-test$ gpshell connect.txt
mode_211
enable_trace
establish_context
card_connect
* reader name ACS ACR122U PICC Interface 00 00
select -AID A000000151000000
Command --> 00A4040008A000000151000000
Wrapped command --> 00A4040008A000000151000000
Response <-- 6F648408A000000151000000A5589F6501FF9F6E06479120813B00734906072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f 
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664B734906072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029000
Command --> 80500000082F7E9B47AA9F32E400
Wrapped command --> 80500000082F7E9B47AA9F32E400
Response <-- 0000518900148698000501020008402AF999F42B742FD206C0ECDA169000
Command --> 8482010010DF9FA8285DE2C6747D14AD51EFF92D3C
Wrapped command --> 8482010010DF9FA8285DE2C6747D14AD51EFF92D3C
Response <-- 9000
get_data -identifier 9f7f
Command --> 80CA9F7F00
Wrapped command --> 84CA9F7F08EEAA80A1B0DB13D500
Response <-- REDACTED-CPLC-DATA
REDACTED-CPLC-DATA
card_disconnect

The response I care about is the last line of output, which is the CPLC data (redacted). You can check out globalplatform.h starting at Line 128 to see how the CPLC is parsed:

/**
 * Whole CPLC data from ROM and EEPROM.
 * 9F7F // TAG
 * 2A // Length of data
 * ////////////////Data /////////////
 * 4250 // ic fabricator
 * 3272 // ic type
 * 1291 // os id
 * 6181 // os date
 * 0700 // os level
 * 8039 // fabrication date
 * 0106D0BB // ic serial
 * 1D3C // ic batch
 * 0000 // module fabricator
 * 8148 // packing date
 * 0000// icc manufacturer
 * 8148 // ic embedding date
 * 0000 // pre - personalizer
 * 0000 // IC Pre Personalization Date
 * 00000000 //IC Pre Personalization Equipment Identifier
 * 0000// IC Personalizer
 * 0000 // IC Personalization Date
 * 00000000 // IC Personalization Equipment Identifier
 */


回答2:

Simple gp -i with GlobalPlatformPro will give you CPLC in a human-readable form.