Connecting to PIV applet on br301
tperfitt opened this issue · 22 comments
I am trying to send APDU commands to a PIV card on iOS and i keep getting back the same error:
0x80100016: An attempt was made to end a non-existent transaction
I have tried different cards, all the ios demo apps, and the app in the iOS app store. The reader connects fine over bluetooth and shows the ATR value. I then send the select applet command APDU:
00a404000ba0000003974349445f0100
but the error comes back the same. Everything works fine if I connect the reader directly to my Mac over USB. Is there a way to get direct access to the Bluetooth characteristics or does everything have to go through the SDK?
The version of iOS is iOS14. I have also tried other cards (credit cards--mainly mastercard) just to see if I could get any APDU commands to work. Only 1 of my credit cards returned anything beside the "non-existent transaction" error.
Please provide any guidance on how to send APDU commands over bluetooth to a PIV card.
@tperfitt did you try our latest release app on Appstore?
https://itunes.apple.com/us/app/smartcard-reader/id525954151?mt=8
Please use this App to do operation, and in the main view, it has log button, use that button can export the log, we will take a look the log and back to you.
The reader based on CCID protocol, if you don't want use our SDK, then you may need do envelope the APDU by yourself, the reader firmware based on CCID standard, which you can find from below:
https://usb.org/sites/default/files/DWG_Smart-Card_CCID_Rev110.pdf
The below 3 commands can complete the APDU transfer, Power ON/OFF and XfrBlock, to get the event of card slot, you can use read pipe and check the 0x50 x02 and 0x50 0x03, which are the status of card slot.
Any questions, contact us anytime, thanks
With Bluetooth UUID:
We released two products, and UUIDs are below:
#define UUIDSTR_bR301C4_PROPRIETARY_SERVICE @"46540001-0002-00C4-0000-465453414645"
#define UUIDSTR_bR301C4_TRANS_RX @"46540002-0002-00C4-0000-465453414645"
#define UUIDSTR_bR301C4_TRANS_TX @"46540003-0002-00C4-0000-465453414645"
#define UUIDSTR_bR301C6_PROPRIETARY_SERVICE @"46540001-0002-00C6-0000-465453414645"
#define UUIDSTR_bR301C6_TRANS_RX @"46540002-0002-00C6-0000-465453414645"
#define UUIDSTR_bR301C6_TRANS_TX @"46540003-0002-00C6-0000-465453414645"
Thank you. I'll export the log, though all it says is "card inserted" then:
0x80100016: An attempt was made to end a non-existent transaction
I'll get the exact log later today and post.
I would like to send APDU command directly the reader without the SDK. Thank you for the UUIDs for the device. Do I just write the APDU commands to the TX and monitor the RX for notifications? Any sample code and information on setting up the connection in preparation for sending APDU commands would be helpful.
Here is the log:
2020-10-20 15:55:21.277 iReader[11068:2974228] IAPDHasLaunched: kIAPAvailableNotification iapdAvailableState 0 -> 0
2020-10-20 15:55:21.278 iReader[11068:2974228] IAP2DHasLaunched: kIAP2AvailableNotification iap2dAvailableState 0 -> 0
2020-10-20 15:55:21.278 iReader[11068:2974228] -[EAAccessoryManager _initFromSingletonCreationMethod] isRunningOnMac
2020-10-20 15:55:21.289 iReader[11068:2974228] On: 956 RegisteredForLocalNotifications Count: 1
2020-10-20 15:55:21.290 iReader[11068:2974254] -----readerStatusThread
2020-10-20 15:55:21.290 iReader[11068:2974247] CBPeripheralManagerStatePoweredOn,sdkversion----3.5.61
2020-10-20 15:55:21.561 iReader[11068:2974228] 0--------->>>>>enter foreground,sdkversion----3.5.61
2020-10-20 15:55:24.213 iReader[11068:2974228] -------------->>>>enter background,sdkversion----3.5.61
2020-10-20 15:55:25.862 iReader[11068:2974228] 0--------->>>>>enter foreground,sdkversion----3.5.61
2020-10-20 15:55:58.848 iReader[11068:2974228] -------------->>>>enter background,sdkversion----3.5.61
2020-10-20 16:00:36.901 iReader[11068:2974228] 0--------->>>>>enter foreground,sdkversion----3.5.61
2020-10-20 16:00:38.013 iReader[11068:2974228] -------------->>>>enter background,sdkversion----3.5.61
2020-10-20 16:00:40.306 iReader[11068:2974228] -------------->>>>enter background,sdkversion----3.5.61
2020-10-20 19:58:04.101 iReader[11068:2974228] 0--------->>>>>enter foreground,sdkversion----3.5.61
2020-10-20 19:58:06.848 iReader[11068:2974660]
Peripheral Info:NAME: FT_00A050150E30
UUID: 8C7CB08A-2454-40AC-1A34-EADDF02B406C
RSSI: -52
didDiscoverPeripheral
,sdkversion----3.5.61
2020-10-20 19:58:06.854 iReader[11068:3083917] peripheralList1:(
"<CBPeripheral: 0x281094320, identifier = 8C7CB08A-2454-40AC-1A34-EADDF02B406C, name = FT_00A050150E30, state = disconnected>"
),sdkversion----3.5.61
2020-10-20 19:58:06.854 iReader[11068:3083917] peripheralList:(
"<CBPeripheral: 0x281094320, identifier = 8C7CB08A-2454-40AC-1A34-EADDF02B406C, name = FT_00A050150E30, state = disconnected>"
),sdkversion----3.5.61
2020-10-20 19:58:07.065 iReader[11068:2974660] centralManager:didConnectPeripheral:,sdkversion----3.5.61
2020-10-20 19:58:07.539 iReader[11068:3083915] peripheral:didDiscoverCharacteristicsForService:error:,sdkversion----3.5.61
2020-10-20 19:58:07.600 iReader[11068:3083915] peripheral:didDiscoverCharacteristicsForService:error:,sdkversion----3.5.61
2020-10-20 19:58:07.600 iReader[11068:3083915] Wirte Channel is open successed,sdkversion----3.5.61
2020-10-20 19:58:07.600 iReader[11068:3083915] Read Channel is open successed,sdkversion----3.5.61
2020-10-20 19:58:07.928 iReader[11068:3083915] rev:{length = 2, bytes = 0x5003},sdkversion----3.5.61
2020-10-20 19:58:07.930 iReader[11068:3083991] write:{length = 14, bytes = 0x6b040000000000000000a55a3730}
2020-10-20 19:58:07.989 iReader[11068:3083915] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:07.989 iReader[11068:3083915] rev:{length = 15, bytes = 0x83050000000000010000040f019000},sdkversion----3.5.61
2020-10-20 19:58:07.989 iReader[11068:3083917] ###########271,sdkversion----3.5.61
2020-10-20 19:58:07.989 iReader[11068:3083917] card present
2020-10-20 19:58:08.017 iReader[11068:3083993] write:{length = 14, bytes = 0x6b040000000001000000a55a3816}
2020-10-20 19:58:08.168 iReader[11068:3083917] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:08.169 iReader[11068:3083917] rev:{length = 20, bytes = 0x830e00000000010100000c036200520033003000},sdkversion----3.5.61
2020-10-20 19:58:08.169 iReader[11068:3083917] rev:{length = 4, bytes = 0x31009000},sdkversion----3.5.61
2020-10-20 19:58:08.169 iReader[11068:3083995] write:{length = 10, bytes = 0x65000000000002000000}
2020-10-20 19:58:08.227 iReader[11068:3083917] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:08.229 iReader[11068:3083917] rev:{length = 10, bytes = 0x81000000000002010000},sdkversion----3.5.61
2020-10-20 19:58:08.230 iReader[11068:3083997] write:{length = 10, bytes = 0x62000000000003000000}
2020-10-20 19:58:08.288 iReader[11068:2974249] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:08.408 iReader[11068:3083917] rev:{length = 20, bytes = 0x801600000000030000003bfc1800008131804590},sdkversion----3.5.61
2020-10-20 19:58:08.408 iReader[11068:3083917] rev:{length = 12, bytes = 0x67464a00641606f2727e00e0},sdkversion----3.5.61
2020-10-20 19:58:11.417 iReader[11068:3084011] write:{length = 14, bytes = 0x6b040000000004000000a55a3400}
2020-10-20 19:58:11.468 iReader[11068:3083917] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:11.468 iReader[11068:3083917] rev:{length = 14, bytes = 0x8304000000000400000012019000},sdkversion----3.5.61
2020-10-20 19:58:11.468 iReader[11068:3084013] write:{length = 14, bytes = 0x6b040000000005000000a55a3813}
2020-10-20 19:58:11.527 iReader[11068:2974249] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:11.527 iReader[11068:3083917] rev:{length = 20, bytes = 0x8312000000000500000010034600650069007400},sdkversion----3.5.61
2020-10-20 19:58:11.529 iReader[11068:2974249] rev:{length = 8, bytes = 0x690061006e009000},sdkversion----3.5.61
2020-10-20 19:58:11.529 iReader[11068:3084015] write:{length = 14, bytes = 0x6b040000000006000000a55a3231}
2020-10-20 19:58:11.587 iReader[11068:3083917] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:11.587 iReader[11068:2974249] rev:{length = 20, bytes = 0x830a00000000060000003cf6a2f6991a00019000},sdkversion----3.5.61
2020-10-20 19:58:11.588 iReader[11068:3084017] write:{length = 14, bytes = 0x6b040000000007000000a55a3817}
2020-10-20 19:58:11.648 iReader[11068:3083917] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:11.648 iReader[11068:2974249] rev:{length = 12, bytes = 0x830200000000070000006300},sdkversion----3.5.61
2020-10-20 19:58:11.648 iReader[11068:3084019] write:{length = 14, bytes = 0x6b040000000008000000a55a3816}
2020-10-20 19:58:11.707 iReader[11068:3083917] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:11.708 iReader[11068:2974249] rev:{length = 20, bytes = 0x830e00000000080000000c036200520033003000},sdkversion----3.5.61
2020-10-20 19:58:11.708 iReader[11068:2974249] rev:{length = 4, bytes = 0x31009000},sdkversion----3.5.61
2020-10-20 19:58:19.876 iReader[11068:3084091] write:{length = 14, bytes = 0x6b040000000009000000a55a3400}
2020-10-20 19:58:19.928 iReader[11068:2974614] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:19.928 iReader[11068:2974614] rev:{length = 14, bytes = 0x8304000000000900000012019000},sdkversion----3.5.61
2020-10-20 19:58:32.254 iReader[11068:3084292] write:{length = 15, bytes = 0x6f05000000000a0000000084000004}
2020-10-20 19:58:32.332 iReader[11068:3084242] Send Successfully,sdkversion----3.5.61
2020-10-20 19:58:32.332 iReader[11068:3084242] rev:{length = 10, bytes = 0x8000000000000a40fe00},sdkversion----3.5.61
2020-10-20 19:59:07.591 iReader[11068:2974228] -------------->>>>enter background,sdkversion----3.5.61
2020-10-20 20:01:34.839 iReader[11068:3084268] centralManager:didDisconnectPeripheral:error::FT_00A050150E30,sdkversion----3.5.61
2020-10-20 20:01:35.454 iReader[11068:2974228] 0--------->>>>>enter foreground,sdkversion----3.5.61
2020-10-20 20:01:38.340 iReader[11068:3084268]
Peripheral Info:NAME: FT_00A050150E30
UUID: 8C7CB08A-2454-40AC-1A34-EADDF02B406C
RSSI: -69
didDiscoverPeripheral
,sdkversion----3.5.61
2020-10-20 20:01:38.340 iReader[11068:3084268] peripheralList1:(
"<CBPeripheral: 0x281090780, identifier = 8C7CB08A-2454-40AC-1A34-EADDF02B406C, name = FT_00A050150E30, state = disconnected>"
),sdkversion----3.5.61
2020-10-20 20:01:38.340 iReader[11068:3084268] peripheralList:(
"<CBPeripheral: 0x281090780, identifier = 8C7CB08A-2454-40AC-1A34-EADDF02B406C, name = FT_00A050150E30, state = disconnected>"
),sdkversion----3.5.61
2020-10-20 20:01:38.946 iReader[11068:3084717] centralManager:didConnectPeripheral:,sdkversion----3.5.61
2020-10-20 20:01:39.488 iReader[11068:3084717] peripheral:didDiscoverCharacteristicsForService:error:,sdkversion----3.5.61
2020-10-20 20:01:39.488 iReader[11068:3084717] Wirte Channel is open successed,sdkversion----3.5.61
2020-10-20 20:01:39.488 iReader[11068:3084717] Read Channel is open successed,sdkversion----3.5.61
2020-10-20 20:01:39.547 iReader[11068:3084717] peripheral:didDiscoverCharacteristicsForService:error:,sdkversion----3.5.61
2020-10-20 20:01:39.845 iReader[11068:3084267] rev:{length = 2, bytes = 0x5003},sdkversion----3.5.61
2020-10-20 20:01:39.846 iReader[11068:3086108] write:{length = 14, bytes = 0x6b04000000000b000000a55a3730}
2020-10-20 20:01:39.904 iReader[11068:3083919] Send Successfully,sdkversion----3.5.61
2020-10-20 20:01:39.904 iReader[11068:3084267] rev:{length = 15, bytes = 0x8305000000000b010000040f019000},sdkversion----3.5.61
2020-10-20 20:01:39.904 iReader[11068:3084268] ###########271,sdkversion----3.5.61
2020-10-20 20:01:39.914 iReader[11068:3086110] write:{length = 14, bytes = 0x6b04000000000c000000a55a3816}
2020-10-20 20:01:40.055 iReader[11068:3084267] Send Successfully,sdkversion----3.5.61
2020-10-20 20:01:40.055 iReader[11068:3084267] rev:{length = 20, bytes = 0x830e000000000c0100000c036200520033003000},sdkversion----3.5.61
2020-10-20 20:01:40.055 iReader[11068:3084267] rev:{length = 4, bytes = 0x31009000},sdkversion----3.5.61
2020-10-20 20:01:40.056 iReader[11068:3086113] write:{length = 10, bytes = 0x6500000000000d000000}
2020-10-20 20:01:40.113 iReader[11068:3083919] Send Successfully,sdkversion----3.5.61
2020-10-20 20:01:40.113 iReader[11068:3083919] rev:{length = 10, bytes = 0x8100000000000d010000},sdkversion----3.5.61
2020-10-20 20:01:40.114 iReader[11068:3086115] write:{length = 10, bytes = 0x6200000000000e000000}
2020-10-20 20:01:40.174 iReader[11068:3084267] Send Successfully,sdkversion----3.5.61
2020-10-20 20:01:40.293 iReader[11068:3084267] rev:{length = 20, bytes = 0x8016000000000e0000003bfc1800008131804590},sdkversion----3.5.61
2020-10-20 20:01:40.293 iReader[11068:3083919] rev:{length = 12, bytes = 0x67464a00641606f2727e00e0},sdkversion----3.5.61
2020-10-20 20:01:47.435 iReader[11068:3086157] write:{length = 20, bytes = 0x6f10000000000f00000000a404000ba000000308}
2020-10-20 20:01:47.493 iReader[11068:3084268] Send Successfully,sdkversion----3.5.61
2020-10-20 20:01:47.497 iReader[11068:3086157] write:{length = 6, bytes = 0x000010000100}
2020-10-20 20:01:47.583 iReader[11068:3084267] Send Successfully,sdkversion----3.5.61
2020-10-20 20:01:47.583 iReader[11068:3084267] rev:{length = 10, bytes = 0x8000000000000f40fe00},sdkversion----3.5.61
2020-10-20 20:01:57.164 iReader[11068:3086249] write:{length = 20, bytes = 0x6f0a000000001000000000cb3fff055c035fc10b}
2020-10-20 20:01:57.214 iReader[11068:3086003] Send Successfully,sdkversion----3.5.61
2020-10-20 20:01:57.214 iReader[11068:3086003] rev:{length = 10, bytes = 0x8000000000001040fe00},sdkversion----3.5.61
The APDU commands I am sending:
Select:
00A404000BA000000308000010000100
Read Cert:
00cb3fff055c035fc10b
If I do the same commands using scriptor on linux to pass apdu commands to the same card, it works fine:
pi@raspberrypi:~/linux_sra $ scriptor
No reader given: using Gemalto PC Twin Reader (D856D1B7) 00 00
Using T=1 protocol
Reading commands from STDIN
00 A4 04 00 0B A0 00 00 03 08 00 00 10 00 01 00
00 A4 04 00 0B A0 00 00 03 08 00 00 10 00 01 00
< 61 16 4F 0B A0 00 00 03 08 00 00 10 00 01 00 79
07 4F 05 A0 00 00 03 08 90 00 : Normal processing.
00 cb 3f ff 05 5c 03 5f c1 01
00 cb 3f ff 05 5c 03 5f c1 01
< 53 82 04 27 70 82 04 1E 1F 8B 08 00 00 00 00 00
00 0B 33 68 62 99 64 D0 C4 5C B5 80 99 89 91 89
89 4B 2C E2 65 27 03 23 03 83 61 A5 01 2F 1B A7
56 9B 47 DB 77 5E 46 46 6E 56 06 83 68 43 61 03
41 36 2E CE 49 6A 9D 93 3F E9 A4 30 4A 8A 31 27
E7 E7 1A 8A 19 88 A0 08 B2 15 64 96 65 A7 56 1A
EA 18 68 B1 31 87 B2 30 0B 2B 07 78 86 79 A7 56
2A B8 A4 96 65 26 A7 2A 38 A7 16 95 64 A6 65 26
27 96 A4 2A 38 96 96 64 E4 17 65 96 54 1A C8 89
F3 1A 5A 18 98 18 99 19 19 99 98 9B 98 45 89 F3
1A 1B 00 B9 C6 50 AE 81 91 A1 81 81 1E C4 3C 75
A8 79 8E 46 A6 16 8E 4E 8E 8E 96 46 16 8E AE 06
26 2E 16 86 2E 16 06 06 6E A6 A6 2E 06 E6 46 6E
66 C6 06 4D 8C 4A C8 7E 60 64 65 60 6E 62 E4 67
00 8A 73 31 35 31 32 32 EC D2 68 FB 78 D8 EE A4
6A DF 9F 67 37 73 8C BA D7 BE D2 5B DD F7 47 73
61 00 : 0x00 bytes of response still available.
00 C0 00 00 00
00 C0 00 00 00
< FF F7 13 ED E6 0C 4E 6F 17 70 44 87 94 84 BC BD
75 D7 EB 1C 63 D3 8A 43 21 92 5E 07 4A AF 1C CC
5C DD 1F FC AB 73 EA CF 99 D2 6C 2C 62 19 4C 9B
A4 27 BE 73 AB FE DC F9 24 52 C0 49 B2 43 9A C7
7B FE CD 06 D5 F4 56 0E D6 25 C1 DF FC AE FD AE
4A 64 AB B1 B7 FB 7B FD 0A 7F BB EA C5 87 67 5E
AB 6E E5 AA 8A 9F 96 16 5B 73 BD 72 6A 9B F8 53
41 BF 73 5F 2A 5D 3F 5C 7F 5E F4 C9 F4 F1 FB 99
DD 25 56 21 A2 6D A9 79 E6 F3 82 0C DF 7A 9D 6B
E9 29 3F 19 FF C5 22 FE 01 CB 0C C1 1D 3F 79 1F
E7 AC 5F E0 56 FE 7C 4E 9C C8 EC 00 7F 81 E9 E1
4B 27 DA 74 38 6E FC 7B 2F 49 E6 F1 F4 6B 9F 1F
EE 95 35 89 9F DA B8 D8 85 83 41 C0 6E C2 AD E9
E5 CB EF F2 B1 3C 39 F8 83 6D 45 58 A5 C1 39 81
DB 52 1B 0C 96 BD A8 F2 7D B7 72 C3 89 0D 2B 1C
65 24 F9 3F E7 5D 64 62 66 64 60 5C DC C4 58 0F
61 00 : 0x00 bytes of response still available.
00 C0 00 00 00
00 C0 00 00 00
< 0C 91 6A 03 3B 36 4E 6D 36 46 16 C6 26 73 51 76
16 43 03 7D 36 75 18 97 A3 F9 77 B3 50 EB E2 CF
21 6D 0B 7B B5 9B 5F 1E 0D 6F BF B7 37 BF 51 BD
7D 7D BF 75 F3 B4 DB 4E 4C 8C 29 4C 8C 02 06 56
C0 D8 91 55 65 31 36 30 64 E3 81 E8 BC 6F C5 C8
C9 C8 C0 C6 0D E3 31 B1 32 B0 71 41 0D 15 61 62
62 E3 00 B2 59 59 D9 99 99 0C F8 40 7A F9 19 19
FF B3 B0 30 33 B1 3E 30 F0 40 B8 85 8B C5 DA C0
12 A8 00 C5 4C 60 B4 22 9B 6A C0 83 6C AE 01 17
92 C9 B2 20 93 F9 58 C4 58 44 26 0A AB 2D FC D2
2B DF 7C 80 ED 92 6C C1 F4 47 3F 2E CF 92 9A 65
20 0F 92 56 66 91 30 10 6B 10 11 72 79 6B C8 F5
AC 38 A7 C4 54 76 93 7A F0 E3 93 EC DA 22 F1 06
C9 20 05 F2 2C 31 06 51 06 11 0B C2 16 84 B4 A9
67 94 94 14 58 E9 EB 27 27 EA 41 12 BA 1E 30 13
E8 43 98 29 E0 14 0E 94 49 2E CA 69 D3 44 28 2C
61 00 : 0x00 bytes of response still available.
00 C0 00 00 00
00 C0 00 00 00
< 49 4C CF C9 CC 2F 4E C6 A1 14 2D A3 31 83 D2 E6
A1 9B F9 66 DD AE D6 27 6A 9E 66 E5 39 1E 7A 2C
76 63 D7 CF 2D 27 B7 DD 3F AC 17 94 B5 DC AB 26
9F AF 42 65 19 BB FD 34 A1 C5 FE 9F DE 59 68 76
DB 4E 9C 2A 3D A1 51 EC 69 E1 4A EB 7A 41 FE 00
93 80 EB 8F 97 28 FC D0 7D F8 21 E2 96 F6 87 3D
2F 44 04 6B 26 3E 0F 67 8C 75 38 72 E7 45 45 A7
C1 C9 0F 97 23 12 D2 65 4F FF CF 7D 6D E8 C1 B2
C1 25 BF 75 5F 11 8F 97 53 17 2F 47 A1 3C AB 42
E6 8B 9F B6 F3 74 26 D9 59 5C 69 7A 60 72 66 FB
AF 94 FB ED 67 DA 3B 17 F4 4F B7 4C EE EC 8B CC
93 35 5F 95 E2 A5 B6 FB F1 AD 7D 2A 93 8F D7 58
38 F9 CF 5E 79 C9 B8 FF FF 3E 75 F1 E3 51 8F 84
8B F9 CB 4F 9F 78 9A 92 B2 62 85 8D 00 AB BE CC
05 B5 B8 E5 F2 AE DE E7 F7 64 5C 4A 3D 1B BB 57
86 57 E0 E6 99 6C 3E 5E ED 5B F7 A6 C7 F2 45 C8
61 2B : 0x2B bytes of response still available.
00 C0 00 00 2b
00 C0 00 00 2b
< 6F 97 97 BC B8 85 C5 62 61 52 E7 C6 99 7C 0B BA
E6 AC 38 5F F9 69 CA F1 C0 EF 2C 7E 6F 00 95 5F
A2 B3 96 04 00 00 71 01 01 FE 00 90 00 : Normal processing.
Will let our engineer to write a simple demo code tell you how to do it.
In my viewpoint, you will need handle below steps by yourself:
- Search UUID and pair with the bR301BLE
- Add notification to monitoring the data input from reader, in passive mode, the reader will return the card slot status when trigger the switch in card slot.
*5002 means the card absent, 5003 means the card inserted
other data, take a look the CCID specification of response part, the head of CCID format is 0x80 - If detect the card inserted, then follow the CCID specification send the 62(Card power ON)/6F(Data communicate)/63(Card Power OFF) commands to communicate with card. the format is 10 bytes CCID head + APDU
If you to check the card slot status in active mode, then send the 65 command to get the slot status.
After looking at the log and the spec, I was able to read and write to the bluetooth characteristics and get responses. I get notified of insert and removal events. So I now understand how to get info and write apdu commands. The select works but I am still getting the same response.
If I write :
00 cb 3f ff 05 5c 03 5f c1 01
with a physical reader, I get back:
53 82 04 27 70 82 04 1E 1F 8B 08 00 00 00 00 00
00 0B 33 68 62 99 64 D0 C4 5C B5 80 99 89 91 89
89 4B 2C E2 65 27 03 23 03 83 61 A5 01 2F 1B A7
56 9B 47 DB 77 5E 46 46 6E 56 06 83 68 43 61 03
41 36 2E CE 49 6A 9D 93 3F E9 A4 30 4A 8A 31 27
E7 E7 1A 8A 19 88 A0 08 B2 15 64 96 65 A7 56 1A
EA 18 68 B1 31 87 B2 30 0B 2B 07 78 86 79 A7 56
2A B8 A4 96 65 26 A7 2A 38 A7 16 95 64 A6 65 26
27 96 A4 2A 38 96 96 64 E4 17 65 96 54 1A C8 89
F3 1A 5A 18 98 18 99 19 19 99 98 9B 98 45 89 F3
1A 1B 00 B9 C6 50 AE 81 91 A1 81 81 1E C4 3C 75
A8 79 8E 46 A6 16 8E 4E 8E 8E 96 46 16 8E AE 06
26 2E 16 86 2E 16 06 06 6E A6 A6 2E 06 E6 46 6E
66 C6 06 4D 8C 4A C8 7E 60 64 65 60 6E 62 E4 67
00 8A 73 31 35 31 32 32 EC D2 68 FB 78 D8 EE A4
6A DF 9F 67 37 73 8C BA D7 BE D2 5B DD F7 47 73
61 00 : 0x00 bytes of response still available.
If I encode the package and send to the Feitian bluetooth reader:
0x8000000000000f40fe00
I get back:
0x8000000000001040fe00
This is the same response I got with the app. The select command works fine and I get back the same response so I suspect I am encoding it correctly. Is there any setup commands and/or modes that it need to be put into?
It should be like this:
`
//Power ON
62000000000006000000//Select file - if return with 61XX, then send
00C00000XXto get response data
6f10000000000700000000a404000ba000000308000010000100//Read cert - if return with 61XX, then send
00C00000XXto get response data
6f0a000000000800000000cb3fff055c035fc10b//Power OFF
63000000000009000000
`
We release source code of protocol part, it may helps:
https://github.com/FeitianSmartcardReader/bR301_iOS/blob/master/libs/source/src/ft_ccid_cmd.m
And below API will help you to write your driver:
CmdPowerOn
CmdPowerOff
CmdGetSlotStatus
CCID_Transmit
And BTW, in your code, you don't need care the reader protocol, the reader firmware will check the ATR and do analyses the protocol automatically. you just need encode your APDU as CCID format.
CCID head + APDU
6f100000000007000000+00a404000ba000000308000010000100
The response data - explain in CCID spec, chapter 6.2.1:
0x80000000000010 40 fe 00
0x40: check the CCID spec, chapter 6.2-3, which means the card detected and inactive
0xFE: chapter 6.2-3 CCID timed out while talking to the ICC
I just decoded that as well. The Power On gives the correct ATR response, but any other messages give the 0x40FE:
Send: 62
00000000
00
06
00
0000
Received: 0x831111AC83009000 (ATR)
PC_to_RDR_XfrBlock
Sent:
bMessageType:6f
dwLength:10000000
bSlot: 00
bSeq: 07
bBWI: 00
wLevelParameter: 0000
Data: 00a404000ba000000308000010000100 (16 bytes apdu for select)
Received:
bMessageType: 0x80
dwLength: 00000000
bSlot:00
bSeq:07
bStatus:40
bError: FE (ICC_MUTE -- CCID timed out while talking to the ICC)
bChainParameter: 00
abData:
Sorry, I forgot inform you, if the data length more than 20 bytes, you need split them, the BLE only can accept 20bytes each time
With below command, send two times:
6f10000000000700000000a404000ba000000308000010000100
First time: 6f10000000000700000000a404000ba000000308
Second time:000010000100
The timeout is between the reader and the smartcard, right? Doesn't that imply a timing issue that I don't have control over?
I found this on: https://ccid.apdu.fr/ccid/unsupported.html#0x09C30x0008
Seems very similar:
USB descriptor: readers/Feitian_SCR301.txt
The reader fails with a CASE 2 APDU with Le=0 (256 bytes)
Sent: 80 34 01 00 00
ifdhandler.c:1219:IFDHTransmitToICC() no name (lun: 0)
commands.c:1542:CmdXfrBlockTPDU_T0() T=0: 5 bytes
-> 000000 6F 05 00 00 00 00 07 00 00 00 80 34 01 00 00
<- 000000 80 00 00 00 00 00 07 40 FE 00
commands.c:1316:CCID_Receive Card absent or mute
And time extension requests are not forwarded back to the host.
A new version of the reader is available and may fix this issue.
In my viewpoint, you haven't send the complete data to the reader, the BLE reader only accept first 20 bytes data, so if your data more than 20bytes, then you need to split multi-packet.
Could you please try split to multi-packet and have a test? And I am working to write demo code on my PC, back to you later.
I didn't see you comment about splitting up the packet before I posted my last post. Sorry about that. I tried splitting the packet up into 2 packages like you suggested and I didn't get any response. I send the CmdPowerOn, get a response, then send the two packets and I am was not notified of any data returned.
can please send mail to me? I share some code to you in mail
send to hongbin@ftsafe.com
thanks
Email sent!
I received the email and before I tried the code, I thought I would pair the reader with a Windows 10 PC and make sure that the reader could see the card and read the certificates on the card. It could not and appears to have the same error. It can read the ATR but cannot get pass that. I then plugged in a USB smart card reader and inserted the same card into that reader and ran the same command and it was able to read it fine. Below is the output:
TEST 1: Installed driver, paired to Bluetooth reader BR301 and ran certutil -scinfo
C:\Users\tperf>certutil -scinfo
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 1
0: Avtor KP375-BLE 0
--- Reader: Avtor KP375-BLE 0
--- Status: SCARD_STATE_EMPTY
--- Status: No card.
--- Card:
=======================================================
Analyzing card in reader: Avtor KP375-BLE 0
--------------===========================--------------
Done.
CertUtil: -SCInfo command completed successfully.
TEST 2. Plugged in USB Smart Card reader, removed PIV card from BR301 and inserted into physical reader, then ran certutil -scinfo:
C:\Users\tperf>certutil -scinfo
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 2
0: Avtor KP375-BLE 0
1: Gemalto USB SmartCard Reader 0
--- Reader: Avtor KP375-BLE 0
--- Status: SCARD_STATE_EMPTY
--- Status: No card.
--- Card:
--- Reader: Gemalto USB SmartCard Reader 0
--- Status: SCARD_STATE_PRESENT
--- Status: The card is available for use.
--- Card: Identity Device (NIST SP 800-73 [PIV])
--- ATR:
3b fc 18 00 00 81 31 80 45 90 67 46 4a 00 64 16 ;.....1.E.gFJ.d.
06 f2 72 7e 00 e0 ..r~..
=======================================================
Analyzing card in reader: Avtor KP375-BLE 0
--------------===========================--------------
=======================================================
Analyzing card in reader: Gemalto USB SmartCard Reader 0
--------------===========================--------------
================ Certificate 0 ================
--- Reader: Gemalto USB SmartCard Reader 0
--- Card: Identity Device (NIST SP 800-73 [PIV])
Provider = Microsoft Base Smart Card Crypto Provider
Key Container = aaab58a2-8a92-4de0-81d8-00f55d5fc101
No AT_SIGNATURE key for reader: Gemalto USB SmartCard Reader 0
Serial Number: 1658e989000100003179
Issuer: CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
NotBefore: 4/26/2018 5:47 PM
NotAfter: 4/23/2030 5:47 PM
Subject: CN=PIVKey A258ABAA928AE04D81D800F55D072F63
Non-root Certificate
Template: 1.3.6.1.4.1.311.21.8.8307090.11074004.13125291.8020695.16228079.167.15452091.6663618
Cert Hash(sha1): be4f704a67496c381fd2bea76b1636d73d0d6f81
Performing AT_KEYEXCHANGE public key matching test...
Public key matching test succeeded
Key Container = aaab58a2-8a92-4de0-81d8-00f55d5fc101
Provider = Microsoft Base Smart Card Crypto Provider
ProviderType = 1
Flags = 1
0x1 (1)
KeySpec = 1 -- AT_KEYEXCHANGE
Performing cert chain verification...
CertGetCertificateChain(dwErrorStatus) = 0x1010040
Chain on smart card is invalid
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
ChainContext.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
CertContext[0][0]: dwInfoStatus=2 dwErrorStatus=1000040
Issuer: CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
NotBefore: 4/26/2018 5:47 PM
NotAfter: 4/23/2030 5:47 PM
Subject: CN=PIVKey A258ABAA928AE04D81D800F55D072F63
Serial: 1658e989000100003179
Template: 1.3.6.1.4.1.311.21.8.8307090.11074004.13125291.8020695.16228079.167.15452091.6663618
Cert: be4f704a67496c381fd2bea76b1636d73d0d6f81
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
Application[0] = 1.3.6.1.4.1.44986.1.9.1.0
Application[1] = 1.3.6.1.4.1.44986.2.5.0
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon
Application[3] = 1.3.6.1.5.5.7.3.2 Client Authentication
Exclude leaf cert:
Chain: da39a3ee5e6b4b0d3255bfef95601890afd80709
Full chain:
Chain: be4f704a67496c381fd2bea76b1636d73d0d6f81
Missing Issuer: CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
Issuer: CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
NotBefore: 4/26/2018 5:47 PM
NotAfter: 4/23/2030 5:47 PM
Subject: CN=PIVKey A258ABAA928AE04D81D800F55D072F63
Serial: 1658e989000100003179
Template: 1.3.6.1.4.1.311.21.8.8307090.11074004.13125291.8020695.16228079.167.15452091.6663618
Cert: be4f704a67496c381fd2bea76b1636d73d0d6f81
A certificate chain could not be built to a trusted root authority. 0x800b010a (-2146762486 CERT_E_CHAINING)
Incomplete certificate chain
Cannot find certificate:
CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
Displayed AT_KEYEXCHANGE cert for reader: Gemalto USB SmartCard Reader 0
--------------===========================--------------
================ Certificate 0 ================
--- Reader: Gemalto USB SmartCard Reader 0
--- Card: Identity Device (NIST SP 800-73 [PIV])
Provider = Microsoft Smart Card Key Storage Provider
Key Container = aaab58a2-8a92-4de0-81d8-00f55d5fc101
Serial Number: 1658e989000100003179
Issuer: CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
NotBefore: 4/26/2018 5:47 PM
NotAfter: 4/23/2030 5:47 PM
Subject: CN=PIVKey A258ABAA928AE04D81D800F55D072F63
Non-root Certificate
Template: 1.3.6.1.4.1.311.21.8.8307090.11074004.13125291.8020695.16228079.167.15452091.6663618
Cert Hash(sha1): be4f704a67496c381fd2bea76b1636d73d0d6f81
Performing public key matching test...
Public key matching test succeeded
Key Container = aaab58a2-8a92-4de0-81d8-00f55d5fc101
Provider = Microsoft Smart Card Key Storage Provider
ProviderType = 0
Flags = 1
0x1 (1)
KeySpec = 0 -- XCN_AT_NONE
Microsoft Smart Card Key Storage Provider: KeySpec=0
AES256+RSAES_OAEP(RSA:CNG) test FAILED: The action was cancelled by the user. 0x8010006e (-2146434962 SCARD_W_CANCELLED_BY_USER)
Performing cert chain verification...
CertGetCertificateChain(dwErrorStatus) = 0x1010040
Chain on smart card is invalid
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
ChainContext.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
CertContext[0][0]: dwInfoStatus=2 dwErrorStatus=1000040
Issuer: CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
NotBefore: 4/26/2018 5:47 PM
NotAfter: 4/23/2030 5:47 PM
Subject: CN=PIVKey A258ABAA928AE04D81D800F55D072F63
Serial: 1658e989000100003179
Template: 1.3.6.1.4.1.311.21.8.8307090.11074004.13125291.8020695.16228079.167.15452091.6663618
Cert: be4f704a67496c381fd2bea76b1636d73d0d6f81
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
Application[0] = 1.3.6.1.4.1.44986.1.9.1.0
Application[1] = 1.3.6.1.4.1.44986.2.5.0
Application[2] = 1.3.6.1.4.1.311.20.2.2 Smart Card Logon
Application[3] = 1.3.6.1.5.5.7.3.2 Client Authentication
Exclude leaf cert:
Chain: da39a3ee5e6b4b0d3255bfef95601890afd80709
Full chain:
Chain: be4f704a67496c381fd2bea76b1636d73d0d6f81
Missing Issuer: CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
Issuer: CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
NotBefore: 4/26/2018 5:47 PM
NotAfter: 4/23/2030 5:47 PM
Subject: CN=PIVKey A258ABAA928AE04D81D800F55D072F63
Serial: 1658e989000100003179
Template: 1.3.6.1.4.1.311.21.8.8307090.11074004.13125291.8020695.16228079.167.15452091.6663618
Cert: be4f704a67496c381fd2bea76b1636d73d0d6f81
A certificate chain could not be built to a trusted root authority. 0x800b010a (-2146762486 CERT_E_CHAINING)
Incomplete certificate chain
Cannot find certificate:
CN=PIVKey Device Certificate Authority, DC=pivkey, DC=com
Displayed cert for reader: Gemalto USB SmartCard Reader 0
--------------===========================--------------
Done.
CertUtil: -SCInfo command completed successfully.
C:\Users\tperf>
Noted, the code only for you to have reference, anyway, would you please share your demo code to me, I forward to R&D team and do check, it would be better solve the issue based on your code.
Thnaks,
I have been using a BLE app to write the values and get the responses before writing any code. I could write up some code to share, but I you couldn't really test it because you don't have the PIV cards that are not working. I seem to get the same response when I do this:
- Sample Apps in Feitian github
- Feitian App in App Store
- Feitian CCID driver in Windows
- BLE commands in an app
It seems to me to be an issue either with my PIV cards and the interaction with the reader. The same CCID commands seems to work fine with either the reader in USB mode or a different USB reader.
It should work with the CCID driver in Windows, correct? I can get it to pair, see the card and insertion events, but hangs on the certificates:
C:\Users\tperf>certutil -scinfo
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 1
0: Avtor KP375-BLE 0
--- Reader: Avtor KP375-BLE 0
--- Status: SCARD_STATE_PRESENT
--- Status: The card is available for use.
--- Card: Identity Device (NIST SP 800-73 [PIV])
--- ATR:
3b fc 18 00 00 81 31 80 45 90 67 46 4a 00 64 16 ;.....1.E.gFJ.d.
06 f2 72 7e 00 e0 ..r~..
=======================================================
Analyzing card in reader: Avtor KP375-BLE 0
--------------===========================--------------
================ Certificate 0 ================
--- Reader: Avtor KP375-BLE 0
--- Card: Identity Device (NIST SP 800-73 [PIV])
Provider = Microsoft Base Smart Card Crypto Provider
Key Container = (null) [Default Container]
Cannot open the AT_SIGNATURE key for reader: Avtor KP375-BLE 0
Cannot open the AT_KEYEXCHANGE key for reader: Avtor KP375-BLE 0
--------------===========================--------------
================ Certificate 0 ================
--- Reader: Avtor KP375-BLE 0
--- Card: Identity Device (NIST SP 800-73 [PIV])
Provider = Microsoft Smart Card Key Storage Provider
Key Container = (null) [Default Container]
I want to find any scenario over bluetooth where it can successfully read the card before coding up to make sure there isn't an incompatibility with the PIV cards and the reader over bluetooth. Do you have any suggestions on how I can make it work with Windows or other way to show communication with a PIV card?
I have PIV card and works on our side, and some of our customer also use PIV card. so I confirm it supports.
But cannot reproduce your issue, that's the problem.
or you can let me know which app you are using on iOS? and then we follow your steps to reproduce the issue, and help on this.
I sent my test log with iReader(download from appstore), with the commands that you provided, all works.
I received the new reader and it no longer gives the error and I am getting responses like I am expecting. Thanks for working through it with me!