Using JCOP Tools v3.1.2, start with /atr on the single interface card:
ATR=3B F9 18 00 00 81 31 FE 45 4A 43 4F 50 32 31 56 ;.....1.EJCOP21VIBM has a load of old information including briefs about JCOP. Useful to know: IBM calls JCOP the "WebSphere Everyplace Chip Operating System" (WECOS).
32 32 A9 22.
ATR: T=1, FI=1/DI=8 (31clk/etu), N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP21V22"
It seems JCOP21 is GlobalPlatform2.1.1 compliant (and I take the "V22" in the ATR to mean JavaCard2.2.1, since I obtained this card in 2007 before GlobalPlatform v2.2 was released). [EDIT: No, it refers to v2.2 of JCOP21]. Older versions of JCOP (1.0, 2.0 and 3.0) are usually OpenPlatform 2.0.1' compliant. A way to test this is to see if the card supports SCP02 - if it does, it is GP2.1.1 or later, otherwise OP2.0.1'.
To confirm this, we try OpenPlatform command get-data 0066:
Global Platform version : 2.1.1Of course, you could also write an applet containing the JavaCard command JCSystem.getVersion()...
Global Platform Secure Channel Protocol: 02 option 15
Java Card version : 2.2
The get-cplc command (send APDU 80CA9F7F) returns a load of cryptic information, as below (card has NXP packaging serial P521G072V0/T0PB108):
IC Fabricator : 4790Apparently, Operating System ID 4051 is IBM. Since this card was obtained from NXP, I would guess that corresponds to IC Fabricator 4790. Apparently the list of ID-to-vendor mappings is proprietary info of VISA, and not readily disseminated (although it used to be included in OpenPlatform specs).
IC Type : 5016
Operating System ID : 4051
Operating System release date : 5158 (7.6.2005)
Operating System release level : 2400
IC Fabrication Date : 6165 (14.6.2006)
IC Serial Number : 00818890
IC Batch Identifier : 9886
IC Module Fabricator : 4810
IC Module Packaging Date : 6172 (21.6.2006)
ICC Manufacturer : 0000
IC Embedding Date : 0000
IC Pre-Personalizer : 0B12
IC Pre-Perso. Equipment Date : 3A30
IC Pre-Perso. Equipment ID : 38313838
IC Personalizer : 0000
IC Personalization Date : 0000
IC Perso. Equipment ID : 00000000
More obscure data about the chip type and mask can be obtained via JCOP Tools command /identify.
To personalise the card we would use the OpenPlatform command store-data (CLA 0x80, INS 0xE2, P1 0x80) with the payload data being the IC Personalizer field followed by the length and then the custom data.
As for JCOP features, lexdabear was kind enough to assemble and publish the following summary (Dec 2006) on JavaCard forum:
ProX family, JCOP v2
JCOP-10: DES, no SSD, contact interface
JCOP-20: DES, no SSD, dual interface
JCOP-30: DES and RSA, no SSD, dual interface
JCOP-31: DES and RSA, SSD, dual interface
SmartMX family, JCOP v2.2
JCOP-10: DES, no SSD, contact interface
JCOP-S-10: DES, no SSD, static, contact interface
JCOP-S-20: DES, RSA, no SSD, static, contact interface
JCOP-S-30: DES and RSA, no SSD, static, dual interface
JCOP-21: DES,AES*, RSA and ECC, SSD, contact interface
JCOP-31: DES, RSA and ECC, SSD, dual interface
JCOP-41: DES,AES*, RSA and ECC, SSD, dual interface
* According to the update thread below, JCOP v2.2.1 does not support AES.
And an update from Dec 2008:
SmartMX family, JCOP v2.3.1 (HW: CC EAL5 and OS: CC EAL4+ certified, USB compliance for JCOP 41)Much more info on JCOP features (as well as card IC detail) can be found at the NXP homepage in document 75016165.
JCOP-10: DES, no SSD, contact interface, 18kb EEPROM
JCOP-S-10: DES, no SSD, static, contact interface, 10kB EEPROM
JCOP-S-20: DES, RSA, no SSD, static, contact interface, 10kB EEPROM
JCOP-S-30: DES and RSA, no SSD, static, dual interface, 12kB EERPOM
JCOP-21: DES, AES, RSA and ECC, SSD, contact interface, 18kB, 36kB and 72kB EEPROM
JCOP-31: DES, RSA and ECC, SSD, dual interface (AES can be enabled via an encrypted APDU for 72kB version), 36kB and 72kB EEPROM
JCOP-41: DES, AES, RSA and ECC, SSD, tripple interface (T=0/1/15, power class A/B/C, T=CL up to 424kB, USB according to ISO7816-12), 72kB EEPROM
SmartMX family, JCOP v2.3.2, Visa edition (HW: CC EAL5 and OS: CC EAL4+ certified)
JCOP-10: DES, no SSD, contact interface, 18kb EEPROM
JCOP-S-10: DES, no SSD, static, contact interface, 10kB EEPROM
JCOP-S-20: DES, RSA, no SSD, static, contact interface, 10kB EEPROM
JCOP-S-30: DES and RSA, no SSD, static, dual interface, 12kB EERPOM
JCOP-21: DES, AES, RSA and ECC, SSD, contact interface, 18kB and 36kB EEPROM
JCOP-31: DES, RSA and ECC, SSD, dual interface (AES can be enabled via an encrypted APDU for 72kB version), 36kB and 72kB EEPROM
SmartMX family, JCOP v2.4, eGov edition, CMOS14 technology (CMOS18 previously)
JCOP-31: DES, AES, RSA and ECC (GFp up to 320 bit and F2M), SSD, dual interface, 80kB EEPROM
SmartMX family, JCOP v2.4.1, eGov edition, CMOS14 technology, Java Card 2.2.2, (HW: CC EAL5; OS certification ongoing targeting EAL5)
JCOP-31: DES, AES, RSA and ECC (GFp up to 320 bit), SSD, dual interface, 80kB EEPROM
new features: Java Card 2.2.2, extended length, Mifare API according to JC 2.2.2 (IBM's JZsystem previously), SHA-2, ..
Getting the info from the dual-interface card (NXP P521G072V0/T0PB108) delivers JCOP31v22, GP2.1.1, GP SCP 02 option 15, JavaCard v2.2, and same OS ID and IC fabricator as single interface card.
In closing, it must be mentioned that this is a lazy way of going about obtaining the information, but a developer in a hurry will find it useful. The right way is of course to read the GlobalPlatform card specifications, familiarising yourself with TLV encoding, and then playing around with the get-data command on all conceivable tag values.
No comments:
Post a Comment