This is a simple javacard program (It do nothing!) :
package testAID;
import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISOException;
public class TestAID extends Applet {
private TestAID() {
}
public static void install(byte bArray[], short bOffset, byte bLength)
throws ISOException {
new TestAID().register();
}
public void process(APDU arg0) throws ISOException {
// TODO Auto-generated method stub
}
}
I convert it to three .cap file with different AIDs as follows:
0000000000 & AppAID=0000000000110000000000 & AppAID=000000000022000000000011 & AppAID=00000000001111As you see above, File A and File B are different only in AppAID. And PkgAID of File C is equal to AppAID of File A.
Now I want to upload this files on my NXP JCOP v2.4.2 r3 smart card. First of all, let see the contents:
GP: gp -list
AID: A000000151000000 (|....Q...|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
CVM (PIN) management
AID: A0000001515350 (|....QSP|)
ExM LOADED: (none)
A000000151535041 (|....QSPA|)
GP:
OK, There is only the SD.
Step1: Installing File A :
GP: gp -install e:\TestAID\FileA.cap
GP: gp -list
AID: A000000151000000 (|....Q...|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
CVM (PIN) management
AID: 000000000011 (|......|)
App SELECTABLE: (none)
AID: A0000001515350 (|....QSP|)
ExM LOADED: (none)
A000000151535041 (|....QSPA|)
AID: 0000000000 (|.....|)
ExM LOADED: (none)
000000000011 (|......|)
Successfully Completed.
Step 2: Installing File B :
GP: gp -install e:\TestAID\FileB.cap
openkms.gp.GPException: STRICT WARNING: Package with AID 0000000000 is already p
resent on card
at openkms.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java:159)
at openkms.gp.GlobalPlatform.loadCapFile(GlobalPlatform.java:572)
at openkms.gp.GlobalPlatform.loadCapFile(GlobalPlatform.java:565)
at openkms.gp.GPTool.main(GPTool.java:330)
GP: gp -list
AID: A000000151000000 (|....Q...|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
CVM (PIN) management
AID: 000000000011 (|......|)
App SELECTABLE: (none)
AID: A0000001515350 (|....QSP|)
ExM LOADED: (none)
A000000151535041 (|....QSPA|)
AID: 0000000000 (|.....|)
ExM LOADED: (none)
000000000011 (|......|)
Failed in installing. gp -list command returns the same previous results.
Step 3: Installing File C:
GP: gp -install e:\TestAID\FileC.cap
openkms.gp.GPException: STRICT WARNING: Package with AID 000000000011 is already
present on card
at openkms.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java:159)
at openkms.gp.GlobalPlatform.loadCapFile(GlobalPlatform.java:572)
at openkms.gp.GlobalPlatform.loadCapFile(GlobalPlatform.java:565)
at openkms.gp.GPTool.main(GPTool.java:330)
GP: gp -list
AID: A000000151000000 (|....Q...|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
CVM (PIN) management
AID: 000000000011 (|......|)
App SELECTABLE: (none)
AID: A0000001515350 (|....QSP|)
ExM LOADED: (none)
A000000151535041 (|....QSPA|)
AID: 0000000000 (|.....|)
ExM LOADED: (none)
000000000011 (|......|)
Failed in installing again and gp -list command returns the same previous results.
Questions:
1-What is the origin of first error? Is it illegal to upload two .cap file that are different in AID and have an equal PkgAID in two step?
2-What is the origin of second error? It returns that
Package with AID 000000000011 is already present on card
But there is not! It is an applet AID, not Package AID.
3-Are the gp prevented to install this applets or the origin of error is JCRE?
As I was thought it the GP tool that limited me in installing, I tried JCManager also. The result are different!
First of all I delete everything except SD:
GP: gp -list
AID: A000000151000000 (|....Q...|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
CVM (PIN) management
AID: A0000001515350 (|....QSP|)
ExM LOADED: (none)
A000000151535041 (|....QSPA|)
GP:
The I repeat the same steps using JCManager :
Step 1: Installing File A:
....[Authenitication Procedure]...
Authenticated
************
UplaodCAP
*************
Get AID from header.cap file
FOR LOAD DATA: EF 04 C6 02 F4
AID:00 00 00 00 00
Applet AID:00 00 00 00 00 11
Try to delete if existing...
-> 84 E4 00 00 18 6D C3 FF 8F 54 97 BD 96 CC 57 91 5E 9F 2A 67 B9 8E 98 BA 6B 99 27 27 FB
<- 6A 88
-> 84 E4 00 00 10 43 CC 7D DB 96 C3 29 FD 31 A1 96 7E DE D8 4F 29
<- 6A 88
Loading cap file. Please wait...
Install for Load
-> 84 E6 02 00 18 52 4F 5C 69 37 7A 85 E4 57 D8 86 C8 EC 44 28 51 06 38 6C 14 BA 52 1B 1B
<- 00 90 00
Load CAP
-> 84 E8 00 00 D8 9A 2C 89 B4 2D F8 81 15 A9 CD 27 A0 61 9B ED 5A 4C B5 77 F6 EF 3C 54 9F ED BB E0 BC 9E 2D 41 A8 7E DA DA 64 7F 72 97 BF D6 55 3B E0 7C 50 86 90 42 BC 16 06 B3 5C 89 26 BF 3E 79 75 F8 A4 2D 5E 60 39 D2 B3 9C 69 C8 E7 06 02 AA 24 09 70 F6 52 7A 9E 1E F9 A7 2E 3E AD AF A0 41 EE 39 92 0D 7A 4B AA CC 2F 69 E7 2A A5 85 45 A1 80 DA 35 C7 5B A6 D5 CC 22 B5 32 D7 D2 91 1E C6 ED 9C 67 D9 33 18 B9 DA 00 06 DE 89 DC 24 A6 6D 32 9A BC 93 E4 4D 4A 73 E5 2E D0 A5 4B EF 22 21 C3 B5 61 47 7A FC 8A 55 E0 70 39 C9 8D AD D1 A7 E1 B3 7F 7E F3 E6 3A 13 EC 7B 3B 20 85 7C 3D B1 A1 4B FA EE B9 02 7D 94 BE 7C 3D 88 E1 9A 4A 32 55 23 6E 83 2B 2E 9C A8 1E A5 6B E6 C1
<- 00 90 00
-> 84 E8 80 01 38 BE 83 33 E7 A7 7E 99 59 B7 C9 A2 05 2E A3 35 0E 92 A4 47 CB C4 C5 73 F0 AD A1 1B 23 04 EC EE D1 A6 83 B4 B5 85 91 C4 C5 9C 3F 3A D9 A8 8B 0F 32 F2 1C 48 A7 FC C0 4E 28
<- 00 90 00
-> 84 E6 0C 00 28 0B 9A 13 70 1F 55 53 72 F9 B0 C4 20 62 B3 43 6D 11 C2 7D 68 8B 68 54 51 BC 0D 31 CB 13 42 CC DD D4 02 02 D2 7A 46 56 7A
<- 00 90 00
Applet loaded & registered
Result :
GP: gp -list
AID: A000000151000000 (|....Q...|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
CVM (PIN) management
AID: 000000000011 (|......|)
App SELECTABLE: (none)
AID: A0000001515350 (|....QSP|)
ExM LOADED: (none)
A000000151535041 (|....QSPA|)
AID: 0000000000 (|.....|)
ExM LOADED: (none)
000000000011 (|......|)
GP:
As you see above, it completed successfully like the GP
Step 2: Installing File B:
....[Authenitication Procedure]...
Authenticated
************
UplaodCAP
*************
Get AID from header.cap file
FOR LOAD DATA: EF 04 C6 02 F4
AID:00 00 00 00 00
Applet AID:00 00 00 00 00 22
Try to delete if existing...
-> 84 E4 00 00 18 29 1D 33 74 43 25 B0 AE 43 BE C4 9F 57 6A 43 3F 12 9B 23 09 F2 61 D1 95
<- 6A 88
-> 84 E4 00 00 10 6F 88 E7 64 AB 0F 04 0E EA F6 D4 80 C0 40 9D 00
<- 69 85
Loading cap file. Please wait...
Install for Load
-> 84 E6 02 00 18 1C CF 09 73 5D 1F FC 06 8F 3A DA 4D 3F 9E 1E 64 72 14 56 1D 25 44 A3 10
<- 69 85
Load CAP
-> 84 E8 00 00 D8 7A 2B 5B 1B 05 C3 D4 E3 DF 4D 1A DE 47 DD FA F9 3A A4 91 28 9F 3D 8D A4 D1 89 87 24 95 65 5A 60 C4 CD ED 41 81 99 D3 71 20 C5 CC 65 7E DB 79 21 FB 56 0D 93 2B 4F 12 28 A3 26 D0 88 16 14 26 96 AA CE C3 97 0A FE 1E 81 8C 84 AE 56 9E 68 01 26 78 AE 8E 88 99 11 67 C0 E7 CA A2 44 72 7A 77 1F 08 7C 74 07 45 5B 38 E4 9B 45 58 6F 61 7A 79 BC AD 58 71 4F D6 D6 0E 15 B8 16 CA 7F 37 5F B0 5C A4 AB 1F 0D 3C 25 81 E4 E0 21 6F B7 E5 AA 17 97 C3 4E 2A 82 87 DB A8 5E 84 C7 70 20 FF C9 CB 21 BA 36 73 15 3F 48 50 D7 C4 16 A4 BA A1 D6 7A 67 3A 9A 15 8C 63 7A 3A 22 97 D4 71 05 3B 3C 2D 3D 60 61 48 1F 3F 40 0C 04 4A 25 E7 FB 2F E6 CB 6E 0E 2A 5E 9A D0 64 7E 98
<- 69 85
-> 84 E6 0C 00 28 D7 ED 13 DB 14 E1 7B 46 1E 25 77 27 BB 12 D5 B5 3A 2D 53 C3 7C 81 9D 50 6F 96 45 DD 12 B8 FB 8B 48 1C 39 5F 53 4B 1E 88
<- 6A 88
Could not load applet. See debug for more info
Result :
GP: gp -list
AID: A000000151000000 (|....Q...|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
CVM (PIN) management
AID: 000000000011 (|......|)
App SELECTABLE: (none)
AID: A0000001515350 (|....QSP|)
ExM LOADED: (none)
A000000151535041 (|....QSPA|)
AID: 0000000000 (|.....|)
ExM LOADED: (none)
000000000011 (|......|)
GP:
It is also just like the step 2 of GP.
But take a look at step 3 :
Step 3: Installing File C:
Authenticated
************
UplaodCAP
*************
Get AID from header.cap file
FOR LOAD DATA: EF 04 C6 02 F6
AID:00 00 00 00 00 11
Applet AID:00 00 00 00 00 11 11
Try to delete if existing...
-> 84 E4 00 00 18 21 3A 7F DF 3A D3 00 31 B9 42 AD 6C 9A D0 0E EF D7 7F CD 16 54 E2 B8 9E
<- 6A 88
-> 84 E4 00 00 18 F6 B6 22 BB 64 BE B7 1D CF 71 E2 15 6E 18 E3 A7 20 51 B1 6A 29 1E BF 6C
<- 00 90 00
Loading cap file. Please wait...
Install for Load
-> 84 E6 02 00 18 C0 68 EE 33 BE E0 34 72 2C 8A 36 51 44 39 A1 A7 AC DF E2 11 BE B6 D4 3F
<- 69 85
Load CAP
-> 84 E8 00 00 D8 5B 5F 71 2E C2 B6 9A 11 90 33 F8 58 8D 5E 88 02 98 55 55 F0 B2 42 74 BA 40 ED 61 31 35 33 1D 5A 07 37 F5 D0 AF 5C A8 45 39 EE 4B B6 FF 32 D8 68 EC 81 24 6B 91 CE 12 34 0F FF B3 B0 C2 F3 E8 24 5B 2C 3D B4 91 8F 3F 06 15 DF C8 F3 4D 04 FD 09 D4 EA 67 4C 0C E7 70 11 24 28 0F 74 46 C8 A4 85 8F 5A 36 8E 03 26 FC 60 7C AE 28 2F 28 4F 9F 58 C1 59 29 A8 CF 9D 9F B8 AA 75 9D B2 B6 65 C1 63 1E 31 80 F8 38 1B FF 82 6D B9 78 44 B9 C7 35 67 03 6D 08 67 D4 B3 B5 48 3E 6C AD 41 C0 07 E6 54 CD DF 93 BC 1E 76 52 E1 4B 60 14 55 81 63 FD CA E4 6D 4F 5E ED 02 FA 67 0E 78 F0 57 B9 51 78 8D 1B BD 7D 8D DC EF 9C E0 93 F2 77 9F 80 0D 1E FD 4F 84 72 36 8D 76 2A B1
<- 69 85
-> 84 E6 0C 00 28 4B 38 10 41 D2 77 D3 B5 25 BD EB BD 55 A9 F0 1D 18 CD 76 CD 68 19 FC E2 52 3B 5B 38 11 1D 71 6F DF 53 7C 26 24 CF 48 08
<- 6A 88
Could not load applet. See debug for more info
Result :
GP: gp -list
AID: A000000151000000 (|....Q...|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected,
CVM (PIN) management
AID: A0000001515350 (|....QSP|)
ExM LOADED: (none)
A000000151535041 (|....QSPA|)
AID: 0000000000 (|.....|)
ExM LOADED: (none)
000000000011 (|......|)
GP:
Did you see? JCManager deleted on of the Installed applets, but It can't upload File C!
In this case, I tried to install File C with GP, but I received a new error, not repetitive PkgAID or ... :
GP: gp -install e:\TestAID\FileC.cap
openkms.gp.GPException: Install for Load failed SW: 6985
at openkms.gp.GlobalPlatform.check(GlobalPlatform.java:924)
at openkms.gp.GlobalPlatform.loadCapFile(GlobalPlatform.java:600)
at openkms.gp.GlobalPlatform.loadCapFile(GlobalPlatform.java:565)
at openkms.gp.GPTool.main(GPTool.java:330)
GP:
Can anyone shed any light on this issue?
What is the meaning of Status words that JCManager returns on case of errors?
Again,I asked more than one question in a single post, But I think these questions are chained to each other, and I couldn't break them to three or four posts!
1-What is the origin of first error? Is it illegal to upload two .cap file that are different in AID and have an equal PkgAID in two step?
Yes. You have uploaded that package. Therefore, it is forbidden to upload the same package again. Here, you have two options:
2-What is the origin of second error? It returns that Package with AID 000000000011 is already present on card. But there is not! It is an applet AID, not Package AID.
Quoting from JavaCard222VMspec.pdf section 4.2. and highlighted the answer in bold
Each applet installed on a Java Card technology enabled device must also have a unique AID. This AID is constructed similarly to a package AID. It is a concatenation of the applet provider’s RID and PIX for that applet. An applet AID must not have the same value as the AID of any package or the AID of any other applet. The RID of each applet in a package must be the same as the RID of the package.
3-Are the gp prevented to install this applets or the origin of error is JCRE?
It is not error. Instead, the JCRE must be implemented that way. Please refer to JavaCard222JCREspec.pdf section 11.1.5 Installer Behavior. Quoting from it:
The Java Card RE shall guarantee that an applet will not be deemed successfully installed in the following cases:
- The applet package as identified by the package AID is already resident on the card.
- The applet package contains an applet with the same Java Card platform name as that of another applet already resident on the card. The Java Card platform name of an applet identified by the AID item is described in Section 6.5 of the Virtual Machine Specification, Java Card Platform, Version 2.2.2.
- ...etc