User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

Using the MXApduTool application I will show you how to read Track2 data from a chip card, first step is to download our free MXApduTool Application from the resources section under our tools. The MXApduTool is an executable file that can send APDU commands to a chip card.


1. Run MxApduTool.exe found in the zip file. 


mx apdu tool

A command APDU is sent by the reader to the card – it contains
a mandatory 4-byteheader (CLA, INS, P1, P2) and from 0 to 255
bytes of data.

A response APDU is sent by the card to the reader
– it contains from 0 to 65 536 bytes of data, and 2 mandatory
status bytes (SW1, SW2).

 apdu command


2. Select your card reader.
card reader

3. Once you have selected your card reader select the Payment system Environment DDF (Directory Definition File) 1PAY.SYS.DDF01
00A404000E315041592E5359532E4444463031

1pay
Click Send

Card: PC/SC card in OMNIKEY CardMan 5x21 0, protocol T=0, state OK
 Channel is: PC/SC channel
Card Connected....
Response... 6f1a840e315041592e5359532e4444463031a5088801015f2d02656e9000 

9000 = the command was successfully executed.


4. Next we need to read the ADF (Application Directory File) index to get the AID (Application Identification).
00B2010C00

read adf
Click Send

Card: PC/SC card in OMNIKEY CardMan 5x21 0, protocol T=0, state OK
Channel is: PC/SC channel
Card Connected....
Response... 701d611b4f07a00000000310105010424152434c41594341524420564953419000 

AID (Application identificatation) = a0000000031010 7 bytes long with a start tag of 4f70


5. We now need to select the AID that we got from the ADF index.
00A4040007a000000003101000

aid select
Click Send

Card: PC/SC card in OMNIKEY CardMan 5x21 0, protocol T=0, state OK
Channel is: PC/SC channel
Card Connected....
Response... 6f228407a0000000031010a5175010424152434c41594341524420564953415f2d02656e9000

6. Finally read the AID.
00B2010C00

read aid
Click Send

Card: PC/SC card in OMNIKEY CardMan 5x21 0, protocol T=0, state OK
Channel is: PC/SC channel
Card Connected....
Response... 704d5713XXXXXXXXXXXXXXXXd11022010012900000001f5f201a4fXXXXXXXXXX20202020202020202020202020202020202020209f1f183030303030303030303030303030303132393030303030309000 

 

 Tag  Name  Length Value
 70  Data Field 4d(hex), 77(dec), 154 nibbles

5713XXXXXXXXXXXXXXXXd11022010012900000001f5f201a4fXXXXXXXXXX20202020202020202
020202020202020202020209f1f18303030303030303030303030303030313239303030303030

  Tag  Name Length Value
  57  Track 2 Equivalent Data 13(hex), 19(dec), 38 nibbles XXXXXXXXXXXXXXXXd11022010012900000001f
  5f20 Card Holder Name 1a(hex), 26(dec), 52 nibbles 4fXXXXXXXXXX2020202020202020202020202
020202020202020
  9F1F Track 1 Discretionary Data 18(hex), 24(dec), 48 nibbles 303030303030303030303030303030313239303030303030

 
Decoding the hexadecimal text you can use a free online hex converter http://string-functions.com/hex-string.aspx.


Chip Map Overview

 

chip map overview

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Software I am using:

Hardware:

  • IBM JCOP31 – Javacard 2.2
  • Omnikey 3121 Smartcard Reader/Writer

1.Open a command prompt and navigate to \java_card_kit-2_2_2\samples\src

2.Prior to using the java compiler and CAP conversion tool, you will need to setup the following environmental variables.  I use a little batch script to setup mine, below;

set JAVA_HOME=C:\Progra~1\Java\jre7
set JC_HOME=C:\dev\java_card_kit-2_2_2-windows\java_card_kit-2_2_2\java_card_kit-2_2_2-rr-bin-windows-do
set JC_EXPORTS=%JC_HOME%\api_export_files
set CLASSPATH=.;%JC_HOME%\lib\javacardframework.jar;%JC_HOME%\lib\api.jar;%JC_HOME%\lib\installer.jar;
set PATH=%JAVA_HOME%\bin;%JC_HOME%\bin;%PATH%;

Avoid using spaces and quotes within paths.

3. Compile to Java Byte Code

javac -source 1.2 -target 1.2 %JC_HOME%\samples\src\com\sun\javacard\samples\HelloWorld\HelloWorld.java

Will result in the creation of HelloWorld.class and HelloWorld.opt (converter options file)

4.  Modify the options file with the full path to the JC_EXPORTS directory;

-out EXP JCA CAP
-exportpath C:\dev\java_card_kit-2_2_2-windows\java_card_kit-2_2_2\java_card_kit-2_2_2-rr-bin-windows-do\api_export_files
-applet  0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1:0x1 com.sun.javacard.samples.HelloWorld.HelloWorld
com.sun.javacard.samples.HelloWorld
0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1 1.0

Then convert the javabyte code into a javacard CAP package.

> converter -config C:\java_card_kit-2_2_2\samples\src\com\sun\javacard\samples\HelloWorld\HelloWorld.opt

5. Navigate command prompt to \GPShell-1.4.4

GPShell using
Put the following in the text file:

mode_211
enable_trace
enable_timer
establish_context
card_connect
select -AID a000000003000000
open_sc -security 0 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
delete -AID A00000006203010C0101
delete -AID A00000006203010C01
install_for_load -pkgAID A00000006203010C01
load -file C:\java_card_kit-2_2_1\samples\src\com\sun\javacard\samples\HelloWorld\javacard\HelloWorld.cap
install_for_install -priv 4 -AID A00000006203010C0101 -pkgAID A00000006203010C01 -instAID A00000006203010C0101FF
select -AID A00000006203010C0101
send_apdu -sc 0 -APDU 1122334455
card_disconnect
release_context

(N.B. Ensure that the values of ‘install_for_install’, the ‘select’ and ‘delete’ match the values in the HelloWorld.opt file in C:\java_card_kit-2_2_2\samples\src\com\sun\javacard\samples\HelloWorld\ and if not then alter the HW.txt)

6. Run GpShell HW.txt

>gpshell myinstallscript.txt

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Https Connection

URL url = new URL("https://www.google.com"); HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); BufferedReader in = new BufferedReader(new InputStreamReader(urlConnection.getInputStream())); String inputLine; while ((inputLine = in.readLine()) != null) { System.out.println(inputLine); } in.close(); 


The java code above successfully creates a https connection and spouts out the returned html in text.

A default system store of certificates is used to check that the remote server is trusted.

When we connect to a server(https://ssl.microexpert.com) which is not trusted by the system store, an exception is thrown:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To solve this, we can provide our own store of trusted certificates. In my case the CA itself signed my remote HTTPS server.

To use certificates within java, they must be converted to compatible format. You can uses java’s keytool to convert DER formatted files into JKS (Java key Store) files.

I used the following command:

https Connection used alternate trusted certificate store

URL url = new URL("https://ssl.microexpert.com"); HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); //Load Trusted Certs into a KeyStore Object KeyStore ksCACert = KeyStore.getInstance(KeyStore.getDefaultType()); ksCACert.load(new FileInputStream("C:/path/to/myCAStore.jks"), "capass".toCharArray()); //Initialise a TrustManagerFactory with the CA keyStore TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); tmf.init(ksCACert); //Create new SSLContext using our new TrustManagerFactory SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); //Get a SSLSocketFactory from our SSLContext SSLSocketFactory sslSocketFactory = context.getSocketFactory(); //Set our custom SSLSocketFactory to be used by our HttpsURLConnection instance urlConnection.setSSLSocketFactory(sslSocketFactory); BufferedReader in = new BufferedReader(new InputStreamReader(urlConnection.getInputStream())); String inputLine; while ((inputLine = in.readLine()) != null) { System.out.println(inputLine); } in.close(); 

SSLContext initialisation takes three parameters, which are:

SSLContext.init(KeyManager[] km, TrustManager[] tm, SecureRandom random)

If null is provided as a parameter a system default is resorted to.

Using a similar process as before, we can make our own KeyManager containing our client certificates and keys used when the server requires client certificate authentication.

https Connection using client certificate & key store

 URL url = new URL("https://ssl.microexpert.com"); HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); KeyStore ksClient = KeyStore.getInstance("pkcs12"); ksClient.load(new FileInputStream("C:/path/to/clientStore.p12"), "p12pass".toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ksClient, "p12pass".toCharArray()); KeyStore ksCACert = KeyStore.getInstance(KeyStore.getDefaultType()); ksCACert.load(new FileInputStream("C:/path/to/myCAStore.jks"), "capass".toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); tmf.init(ksCACert); SSLContext context = SSLContext.getInstance("TLS"); //We now provide our alternate KeyManager context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); SSLSocketFactory sslSocketFactory = context.getSocketFactory(); urlConnection.setSSLSocketFactory(sslSocketFactory); BufferedReader in = new BufferedReader(new InputStreamReader(urlConnection.getInputStream())); String inputLine; while ((inputLine = in.readLine()) != null) { System.out.println(inputLine); } in.close(); 

Https Connection on Android

To get the code above to run with a Android project you must use a BKS(Bouncy castle Key Store) file instead of a JKS(Java Key Store) files.

Also the BKS file created with the current release of the Bouncycastle Crypto API(1.47), produced a file that was incompatible with Android ICS. I found a older release (1.46) and placed this library within the same lib\ext\ directory, and was able to produce a compatible BKS file with the following command:

keytool -importcert -v -trustcacerts -file "cacert.pem" -alias ca -keystore "myCAStore.bks" -provider org.bouncycastle2.jce.provider.BouncyCastleProvider -storetype BKS -storepass capass

Other things to remember:

– The Android manifest must be set to allow the internet permission.
– Downloading a webpage should be done within a separate thread to the main.

Latest Tweets

Microexpert Limited
Smartphone makers join Apple’s battle against Qualcomm https://t.co/ciyH7tfbEd via @WSJ
Microexpert Limited
Mastercard enhances AI capability with acquisition of Brighterion Inc. https://t.co/VtWvHnUOjO
Follow Microexpert Limited on Twitter