Applet not recognized by host app

Question

Applet not recognized by host app

Closed this issue 5 years ago · 4 comments

An installed applet is not recognized by host applications when using NXP JCOP3 J3H145 card (sdk support up to 3.0.4) via Gemalto external card USB reader.

I tried to investigate using APDU tracer and noticed the desktop app is repeatedly sending select commands for different AID than project-defined

00 A4 04 00 07 A0 00 00 05 27 20 01
00 A4 04 00 08 A0 00 00 05 27 47 11 17

Therefore, I tried to compile with both these AIDs, but apart from select command succession, the applet is still not recognized.

Full description of desktop tracing:

A0 00 00 05 27 20 01

00 A4 04 00 07 A0 00 00 05 27 20 01
79 03 01 00 02 71 08 AF 4F C6 D4 4F A4 42 61 90 00

selection succesfull, but the app did not try to send any other commands

A0 00 00 05 27 47 11 17

00 A4 04 00 08 A0 00 00 05 27 47 11 17
79 03 01 00 02 71 08 3C ED 63 0F 3E 47 D0 A8 90 00
00 1D 00 00 00
6D 00

A0 00 00 05 27 21 01 01 (the project-default)

00 A4 04 00 07 A0 00 00 05 27 20 01
6A 82 (file not found)
00 A4 04 00 08 A0 00 00 05 27 47 11 17
6A 82 (file not found)

I tried to debug the android APP, when trying those aids

00 A4 04 00 07 A0 00 00 05 27 20 01
00 A4 04 00 08 A0 00 00 05 27 47 11 17

it said "OATH not repsent or disabled", with the project id it did not say/do anything.

Android app debug log when connection first non-project, then project-defined applet AID

D/yubikit: On tag: com.yubico.yubioath.ui.main.MainActivity@38a46a0
D/yubikit: OathApplication app SEND: 00 a4 04 00 08 a000000527210101
D/yubikit: OathApplication app RECV: 6a82
E/yubioath: Error using OathClient
    com.yubico.yubikitold.application.ApduException: APDU SW=0x6A82
        at com.yubico.yubikitold.application.AbstractApplication.select(AbstractApplication.java:49)
        at com.yubico.yubikitold.application.oath.OathApplication.select(OathApplication.java:67)
        at com.yubico.yubioath.client.OathClient.<init>(OathClient.kt:24)
        at com.yubico.yubioath.ui.BaseActivity.useTransport$suspendImpl(BaseActivity.kt:144)
        at com.yubico.yubioath.ui.BaseActivity.useTransport(Unknown Source:0)
        at com.yubico.yubioath.ui.main.MainActivity.useTransport(MainActivity.kt:119)
        at com.yubico.yubioath.ui.BaseActivity$onYubiKey$$inlined$let$lambda$1.invokeSuspend(BaseActivity.kt:126)
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
        at kotlinx.coroutines.DispatchedTask.run(Dispatched.kt:233)
        at android.os.Handler.handleCallback(Handler.java:883)
        at android.os.Handler.dispatchMessage(Handler.java:100)
        at android.os.Looper.loop(Looper.java:214)
        at com.yubico.yubikitold.YubiKitManager$YkIoWorker$1.run(YubiKitManager.java:133)
        at java.lang.Thread.run(Thread.java:919)
D/yubikit: Set USB listener: null
    Set NFC listener: null
D/yubikit: Set USB listener: com.yubico.yubioath.ui.main.MainActivity@38a46a0
D/yubikit: Set NFC listener: com.yubico.yubioath.ui.main.MainActivity@38a46a0
D/yubikit: Set USB listener: com.yubico.yubioath.ui.main.MainActivity@38a46a0
D/yubikit: On tag: com.yubico.yubioath.ui.main.MainActivity@38a46a0
D/yubikit: OathApplication app SEND: 00 a4 04 00 08 a000000527210101
D/yubikit: OathApplication app RECV: 79030100027108eb15adfd0dc56b329000
D/yubioath: Got API, checking requests...
D/yubikit: OathApplication app SEND: 00 a4 00 01 0a 7408000000000324fbbf
D/yubikit: OathApplication app RECV: 9000
D/yubikit: Set USB listener: com.yubico.yubioath.ui.main.MainActivity@38a46a0

So unlike the desktop versions, android is sending select command with the aid equal to the project defined one - and the message "missing OATH" means no applet found on the card. Nice. Now just why it selects the applet and does not do anything else? The screen stays like when starting app - tap or insert your Yubikey.

Thanks

Answer 1 · 2020-03-06T23:13:16.000Z

After some investigation it seems only yubikeys are supported. Pity.

Answer 2 · 2020-03-07T01:57:45.000Z

Hello @Aiosa ,
It seems like your Android app works as actually expected. You just don't have any accounts yet, so it doesn't show you anything (UX needs to be a bit more polished). That would be the same experience as you will have if you tap new YubiKey.
But I see that you were able to select applet and it returned you empty list of accounts. You can try and add new one by clicking Add fab button.

Answer 3 · 2020-03-08T14:39:01.000Z

Thank you! I found some discussions on how yubico verifies the reader manufacturer and some other stuff to not to accept such cards, was a bit confused on how to do such things over NFC, maybe some card serial number or whatever.

Answer 4 · 2020-03-08T14:46:05.000Z

It would be nice to find out the issue in the desktop AID mismatch though...