Question

我使用 JCManager重置我的智能卡

:::> gpj -list

:::> java -jar gpj.jar -list

Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0

ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00

DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00

DEBUG: Command  APDU: 80 50 00 00 08 73 A2 DC F8 5D 56 48 B2
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 CB F8 CB B2 CC 73 6F A5 16 2B 6D 46 94 0F 13 90 00
DEBUG: Command  APDU: 84 82 00 00 10 36 0E 2D D6 F4 6C 65 E0 C4 EC A4 8C 96 D1 80 6A
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 36 0E 2D D6 F4 6C 65 E0
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 6A 88
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 6A 88
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 6A 88
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 6A 88
AID: A0 00 00 00 03 00 00 00                       |........|        ISD LC: 1 P
R: 0x9E


:::>

我在上传一个.cap文件：

:::> gpj -list

:::> java -jar gpj.jar -list

Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0

ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00

DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00

DEBUG: Command  APDU: 80 50 00 00 08 39 CF 9A 58 C1 02 16 88
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 D0 C7 78 48 8C D6 C9 9D B1 9F FF 45 23 89 26 90 00
DEBUG: Command  APDU: 84 82 00 00 10 EA 3A 38 56 6D 7B 9D 73 BB EF 4A 1B C5 DD 58 6C
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 EA 3A 38 56 6D 7B 9D 73
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 09 6D 79 70 61 63 30 30 30 31 07 00 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 09 6D 79 70 61 63 30 30 30 31 07 00 90 00
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 09 6D 79 70 61 63 6B 61 67 31 01 00 90 00
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 09 6D 79 70 61 63 6B 61 67 31 01 00 90 00
AID: A0 00 00 00 03 00 00 00                       |........|        ISD LC: 1 P
R: 0x9E

AID: 6D 79 70 61 63 30 30 30 31                    |mypac0001|       App LC: 7 P
R: 0x00

AID: 6D 79 70 61 63 6B 61 67 31                    |mypackag1|       Exe LC: 1 P
R: 0x00


:::

如上所示，上传了两个新的AID。

Q1：哪一个用于Applet，哪一个用于包？为什么吗

我可以成功发送SELECT命令。这是我发送SELECT命令时输出的工具：

Answer-to-Reset
3B  68  00  00  00  73  C8  40  12  00  90  00  

# CLA|INS|P1|P2|Lc|Le
# Data Field
# Status Word

< 00 A4 04 00 09 00
< 6D 79 70 61 63 30 30 30 31
> 9000

< 00 A4 04 00 09 00
< 6D 79 70 61 63 6B 61 67 31
> 9000

然后我再次使用 JCManager 重置卡片：

:::> gpj -list

:::> java -jar gpj.jar -list

Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0

ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00

DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00

DEBUG: Command  APDU: 80 50 00 00 08 73 A2 DC F8 5D 56 48 B2
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 CB F8 CB B2 CC 73 6F A5 16 2B 6D 46 94 0F 13 90 00
DEBUG: Command  APDU: 84 82 00 00 10 36 0E 2D D6 F4 6C 65 E0 C4 EC A4 8C 96 D1 80 6A
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 36 0E 2D D6 F4 6C 65 E0
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 6A 88
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 6A 88
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 6A 88
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 6A 88
AID: A0 00 00 00 03 00 00 00                       |........|        ISD LC: 1 P
R: 0x9E


:::>

然后我使用HDD Hex Editor Neo（用于Windows的二进制文件编辑软件）更改相同.cap文件的某些字节。

最后我尝试将这个新的.cap文件上传到卡片：

如上所述，我无法成功上传。我尝试了另一个gpj -list命令，这是输出：

:::gpj -list

:::java -jar gpj.jar -list

Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0

ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00

DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00

DEBUG: Command  APDU: 80 50 00 00 08 03 97 15 70 2B 1F E1 9B
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 CE AF 71 EB 5D 50 0F 81 F5 7B FB 7B 51 B4 6D 90 00

DEBUG: Command  APDU: 84 82 00 00 10 AF 86 13 9F C7 8E BC BE 8A 91 97 6A 26 CF 69 E1
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 AF 86 13 9F C7 8E BC BE
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 80 00 02 4F 00
DEBUG: Response APDU: 08 A0 00 00 00 03 00 00 00 01 9E 90 00
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 6A 88
DEBUG: Command  APDU: 80 F2 40 00 02 4F 00
DEBUG: Response APDU: 6A 88
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 10 00 02 4F 00
DEBUG: Response APDU: 6A 81
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 09 6D 79 70 61 63 6B 61 67 31 01 00 90 00
DEBUG: Command  APDU: 80 F2 20 00 02 4F 00
DEBUG: Response APDU: 09 6D 79 70 61 63 6B 61 67 31 01 00 90 00
AID: A0 00 00 00 03 00 00 00                       |........|        ISD LC: 1 P
R: 0x9E

AID: 6D 79 70 61 63 6B 61 67 31                    |mypackag1|       Exe LC: 1 P
R: 0x00

:::

现在这是主要问题：

Q2：为什么我在输出中看到两个AID？我认为出于安全原因，JCRE必须阻止小程序的不完整安装，对吗？

请注意，当我向此AID发送SELECT COMMAND时，我会收到6A82 [找不到文件或应用程序]。如果它不存在，为什么卡在list applets命令中返回其AID？

这是违反原子性的吗？它可能是安装程序中的漏洞吗？它会危及我的智能卡的安全性吗？

Answer 1

你显然无法解释工具的输出，gpj也不能让它变得容易。

Applet AID和包AID是不同的东西，只能选择可选小程序。更不用说发行人安全域了，这首先是另一回事。

另外，请不要使用gpj，这意味着您使用的是旧版本（这是sf.net帐户的锁定，因此没有相关信息）。新版本可从此处获取：https://github.com/martinpaljak/GlobalPlatformPro

除此之外，它还以更易读的方式显示卡上的对象列表。寻找可选择的东西，它们是应用程序。

不要使用 jcManager＆＃34;重置卡＆＃34;在任何一张牌上，它都会盲目地删除它所能做的一切。有些会暴露ROM中的组件，如果无意中删除，您将永远丢失。

这是我的智能卡.cap验证程序及其原子性的漏洞吗？

1 个答案: