[Muscle] Aladdin eToken Java 72K / Athena OS755
Peter Williams
home_pw at msn.com
Fri Mar 28 08:30:50 PDT 2008
I would not expect a retail card to use public enc/mac keys, would you? Any phishing site could replace the security critical firmware, acting as card issuer.
> Date: Fri, 28 Mar 2008 08:44:12 +0000> From: countzero at sapo.pt> To: muscle at lists.musclecard.com; widerstand at t-online.de> Subject: Re: [Muscle] Aladdin eToken Java 72K / Athena OS755> CC: > > Hello Karsten.> > Citando Karsten Ohme <widerstand at t-online.de>:> > > So, far so good. But I'm not really sure if you card is a Global> > Paltform 2.1.1 card. Maybe it is a Open platform 2.0.1' card. (The> > previous spc version). Try this out. Use mode_201 instead of mode_211.> > But be careful, some tries, maybe 10, but sometimes less and you card is> > locked. So skipped after the second try it for this card until you have> > an real answer. If this does not help, maybe you are not talking to the> > Card Issuer Security Domain but to a Security Domain with different keys> > or you use the wrong keys.> > Assuming that the card has indeed an Athena OS755 chip, and according to [1] it> has:> "...The eToken Pro (Java) is a new smartcard, not the infineon chip anymore - no> CardOS. It is an Athena OS755 and supports 2048bit size..."> > It should be a Global Platform 2.1.1 compliant card [2]:> Specifications Supported:> "...> * Java CardTM 2.2.1 (2.2.2 optional)> * GlobalPlatform 2.1.1> * ISO 7816> * ISO 14443 Type B (optional)> ..."> > >> > I know these two keys:> >> > /** The default key value for new cards defined in a VISA specification. */> > static const BYTE OPGP_VISA_DEFAULT_KEY[16] = {0x40, 0x41, 0x42, 0x43,> > 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F};> > As you probably noticed this is the key I was already using:> (...)> open_sc -security 1 -keyind 0 -keyver 0 -mac_key> 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f> (...)> > > /** The default mother key value for new GemXpresso cards. */> > static const BYTE OPGP_GEMXPRESSO_DEFAULT_KEY[16] = {0x47, 0x45, 0x4d,> > 0x58, 0x50, 0x52, 0x45, 0x53, 0x53, 0x4f, 0x53, 0x41, 0x4d, 0x50, 0x4c,> > 0x45};> > Don't believe that it is a gemXpresse, but you can try.> > According to [1] it isn't...> > I don't have much experience with Global Platform or GPShell, could it be that> the authentication errors are due to me providing incorrect commands to the> card? Should I specify the -kek_key in addition to -mac_key and -enc_key or is> it irrelevant? Am I providing the incorrect -keyind or -keyver parameters? Etc.> Etc.> > Thank you for your help.> > Best regards,> Joao> > [1] http://www.etokenonlinux.org/et/FAQ> [2] http://www.athena-scs.com/product.asp?pid=32> _______________________________________________> Muscle mailing list> Muscle at lists.musclecard.com> http://lists.drizzle.com/mailman/listinfo/muscle
_________________________________________________________________
In a rush? Get real-time answers with Windows Live Messenger.
http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_realtime_042008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drizzle.com/pipermail/muscle/attachments/20080328/9a6c0219/attachment.html
More information about the Muscle
mailing list