I'm trying to install an applet on a SIM card which supports java card V3.0.4. When I try to establish a secure channel to load the applet, the card returns an error:
mode_211
enable_trace
establish_context
card_connect
select -AID A000000151000000
Command --> 00A4040008A000000151000000
Wrapped command --> 00A4040008A000000151000000
Response <-- 6F108408A000000151000000A5049F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 79AA24D80FF0056101F1D9AB6DCAF0E6
-enc_key 79AA24D80FF0056101F1D9AB6DCAF0E6
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664A734806072A864886FC6B01600B06092A864886FC6B020202630906072A86488
6FC6B03640B06092A864886FC6B048000640B06092A864886FC6B040255640B06092A864886FC6B0
481079000
Command --> 8050000008F05E65BF5254BC9F00
Wrapped command --> 8050000008F05E65BF5254BC9F00
Response <-- 00005147A5190C5352322002001C1F47B6C76BABFD305EBBC2CD1BB39000
mutual_authentication() returns 0x8030F00A (The Secure Channel Protocol passed and reported do not match.)
I'm using GPShell-1.4.4. I guess the problem is using wrong key set! Am I true or there is something else I cannot guess what?!
Thanks for your response
(I am partly reusing an answer I wrote for your previous question which you suddenly deleted)
Error code GP211_ERROR_INCONSISTENT_SCP means that GPShell's intended SCP version mismatches with the real SCP version given by the card (see here).
Check the 12th byte of card response to INITIALIZE UPDATE -- Secure Channel Protocol identifier (see e.g. GP Card Specification 2.3, section E5.1.6) and use parameter -scp.
Alternatively you might want to use GlobalPlatformPro as GPShell is quite outdated...
Beware that you can block your card by issuing multiple INITIALIZE UPDATE commands without successful authentication!
As your current question contains the complete log it is possible to parse the Card Data tag giving (according to GP 2.2.1):
66 Card Data
73 Card Recognition Data / Discretionary Data Objects
06 OID
2A864886FC6B01 {globalPlatform 1} // Card Recognition Data
60 Application Tag 0
06 OID
2A864886FC6B020202 {globalPlatform 2 2 2} // GP 2.2 Card
63 Application Tag 3
06 OID
2A864886FC6B03 {globalPlatform 3} // Card Identification Scheme
64 Application Tag 4
06 OID
2A864886FC6B048000 {globalPlatform 4 128 0x00} // SCP80 i=0x00
64 Application Tag 4
06 OID
2A864886FC6B040255 {globalPlatform 4 2 0x55} // SCP02 i=0x55
64 Application Tag 4
06 OID
2A864886FC6B048107 {globalPlatform 4 129 0x07} // SCP81 i=0x07
So you might want to use -scp 2 -scpimpl 0x55 or -scp 2 -scpimpl 85 (which happens to be the same).
Or use GlobalPlatformPro.
Alternatively -scpimpl 0x15 should work as well as the Well-known pseudo-random algorithm
(card challenge) bit in 'i' should not matter...
Good luck!