问题描述

我已经认为更改历史字节"仅限于个性化步骤.但是，我今天在GlobalPlatform API中找到了一种名为 setATRHistBytes 的方法.

I already thought that changing Historical bytes is limited to Pre-Personalization step. But, I found a method named setATRHistBytes in the GlobalPlatform APIs today.

这是它的描述(GlobalPlatform 2.2第172页):

This is its description(GlobalPlatform 2.2 Page 172) :

public static boolean setATRHistBytes(byte[] baBuffer, short sOffset, bytebLength)

对于符合ISO/IEC 7816-4的接触卡和符合ISO/IEC 14443-3的Type A非接触式卡，此方法设置历史字节.字节序列将在后续加电或复位时可见.

For contact cards according to ISO/IEC 7816-4 and Type A contactless cards according to ISO/IEC 14443-3, this method sets the historical bytes. The sequence of bytes will be visible on a subsequent power-up or reset.

注释:

•OPEN在GlobalPlatform注册表中找到当前applet上下文的条目，并验证该应用程序是否具有当前卡I/O接口的卡重置"特权；

• The OPEN locates the entry of the current applet context in the GlobalPlatform Registry and verifies that the Application has the Card Reset privilege for the current card I/O interface;

•OPEN负责同步ATR格式字符T0中历史字节的长度.

• The OPEN is responsible for synchronizing the length of historical bytes in Format Character T0 of the ATR.

参数:

baBuffer-包含历史字节的源字节数组.必须是全局数组.

baBuffer - the source byte array containing the historical bytes. Must be a global array.

sOffset-源字节数组中历史字节的偏移量.

sOffset - offset of the historical bytes within the source byte array.

bLength-历史字节数.

bLength - the number of historical bytes.

返回:

如果设置了历史字节，则为true；如果应用程序没有所需的特权，则为false

true if historical bytes set, false if the Application does not have the required privilege

现在，我想更改卡的历史字节数.因此，我编写了以下程序并将其成功转换为 cap 文件:

Now I want to change the Historical Bytes of my card. So I wrote the below program and convert it to its cap file successfully :

... /imports

public class HistoricalBytesChanger extends Applet {
    public static byte[] state = { (byte) 0, (byte) 0 };
    public static byte[] HistByteArray = { (byte) 0x01, (byte) 0x02,
            (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07,
            (byte) 0x08, (byte) 0x09, (byte) 0x0a };

    public static void install(byte[] bArray, short bOffset, byte bLength) {
        new HistoricalBytesChanger().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
    }

    public void process(APDU apdu) {
        if (selectingApplet()) {
            return;
        }

        byte[] buf = apdu.getBuffer();
        switch (buf[ISO7816.OFFSET_INS]) {
        case (byte) 0x00:
            GPSystem.setATRHistBytes(HistByteArray, (short) 0, (byte) 10);
            HistByteArray[0] = (byte) (HistByteArray[0] + 1);
            break;

        default:
            ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
        }
    }

}

正如您在上面看到的那样，它是通过在接收到带有INS=0X00的任何APDU命令时将0102030405060708090A分配给历史字节的方式编写的.

As you see above it is written in way that assign 0102030405060708090A to Historical Bytes on reception of any APDU command with INS=0X00.

问题是我不知道如何为此小程序设置卡重置特权.我知道我必须在安装步骤中指定特权，但是我不知道如何！通常，我使用 GlobalPlatformPro 工具上传小程序.在它支持的参数中，我看不到任何相关参数:

The problem is I don't have any idea how to set Card Reset privilege to this applet. I know that I must specify the privilege in the installation step, but I don't know how! Normally I upload my applets using GlobalPlatformPro tool. In the parameters that it support I couldn't see any related parameter :

E:\GP> gp -h
Option                            Description
------                            -----------
-V, --version                     Show information about the program
-a, --apdu                        Send raw APDU (hex)
--all                             Work with multiple readers
--applet <AID>                    Applet AID
--cap <File>                      Use a CAP file as source
--create <AID>                    Create new instance of an applet
-d, --debug                       Show PC/SC and APDU trace
--default                         Indicate Default Selected privilege
--delete [AID]                    Delete something
--deletedeps                      Also delete dependencies
--dump <File>                     Dump APDU communication to <File>
--emv                             Use EMV diversification
--enc <GPKeySet$GPKey>            Specify ENC key
-h, --help                        Shows this help string
-i, --info                        Show information
--install [File]                  Install applet(s) from CAP
--instance <AID>                  Instance AID
--kek <GPKeySet$GPKey>            Specify KEK key
--key <GPKeySet$GPKey>            Specify master key
--keyid <Integer>                 Specify key ID
--keyver <Integer>                Specify key version
-l, --list                        List the contents of the card
--load <File>                     Load a CAP file
--lock <GPKeySet>                 Set new key
--lock-applet <AID>               Lock specified applet
--mac <GPKeySet$GPKey>            Specify MAC key
--make-default <AID>              Make AID the default
--mode <GlobalPlatform$APDUMode>  APDU mode to use (mac/enc/clr)
--new-keyver <Integer>            key version for the new key
--nofix                           Do not try to fix PCSC/Java/OS issues
--package <AID>                   Package AID
--params                          Installation parameters
-r, --reader                      Use specific reader
--reinstall                       Remove card content during installation
--relax                           Relaxed error checking
--replay <File>                   Replay APDU responses from <File>
-s, --secure-apdu                 Send raw APDU (hex) via SCP
--scp <Integer>                   Force the use of SCP0X
--sdaid <AID>                     ISD AID
--sdomain                         Indicate Security Domain privilege
--terminate                       Indicate Card Lock+Terminate privilege
--uninstall <File>                Uninstall applet/package
--unlock                          Set default key
--unlock-applet <AID>             Lock specified applet
-v, --verbose                     Be verbose about operations
--virgin                          Card has virgin keys
--visa2                           Use VISA2 diversification

E:\GP>

请注意，我已正常安装了applet，但是在接收到该命令后它会返回0x9000 ，但是它无法更改历史字节，因此我需要设置 Card Reset 我的applet的特权:

Note that I installed the applet normally, but while it return 0x9000 in reception of that command, it can't change Historical Bytes and I need to set the Card Reset privilege to my applet :

OpenSC: osc -a
Using reader with a card: ACS CCID USB Reader 0
3b:68:00:00:00:73:c8:40:12:00:90:00

OpenSC: osc -s 00A4040006010203040101 -s 00000000
Using reader with a card: ACS CCID USB Reader 0
Sending: 00 A4 04 00 06 01 02 03 04 01 01
Received (SW1=0x90, SW2=0x00)
Sending: 00 00 00 00
Received (SW1=0x90, SW2=0x00)

OpenSC: osc -a
Using reader with a card: ACS CCID USB Reader 0
3b:68:00:00:00:73:c8:40:12:00:90:00

OpenSC:

问题:

1-如何更改/设置小程序的权限?

1- How can I change/set the privilege of my applet?

2-为什么在收到0x00 0x00 x00 0x00时卡返回0x9000? (我希望它返回一个异常，因为在setATRHistBytes的描述中提到，如果applet特权不是 Card Reset 时，此方法将返回false.)

2- Why the card return 0x9000 on reception of 0x00 0x00 x00 0x00? (I expect it to return an exception, because it is mentioned in description of setATRHistBytes that this method returns false in cases that applet privilege is not Card Reset)

推荐答案

重置特权以前称为默认选择特权.这意味着您只需将--default开关用于您的卡-如果执行此操作，它将在INSTALL中翻转以获取INSTALL特权字节.

The reset privilege was known before as the default selected privilege. This means you can just use the --default switch for your card - the same bit it flipped in the INSTALL for INSTALL privilege bytes if you do that.

有时候，在传达ATR字节的更改之前，卡期望进行冷复位(即，从现场或终端上拔出卡).这也可能是读取器问题-并非所有读取器在重新连接后都会执行重置，否则它们可能会缓存ATR字节.

Sometimes a card expects a cold reset (i.e. removing the card from the field or terminal) before the change in ATR bytes is communicated. This can also be a reader problem - not all readers perform a reset when reconnected, or they may cache the ATR bytes.

这篇关于如何更改applet的特权和卡的历史字节?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！