OpenSC fork, with some Italian healthcare smart card utils
5a369a8f31
The previous erase sequence did not always work. For example: % pkcs15-init -C Using reader with a card: Feitian ePass2003 00 00 New User PIN. Please enter User PIN: 1234 Please type again to verify: 1234 Unblock Code for New User PIN (Optional - press return for no PIN). Please enter User unblocking PIN (PUK): Failed to create PKCS #15 meta structure: Security status not satisfied % pkcs15-init -E Using reader with a card: Feitian ePass2003 00 00 Failed to erase card: Security status not satisfied This apparently bricked many people's ePass2003 devices: https://github.com/OpenSC/OpenSC/issues/767 https://sourceforge.net/p/opensc/mailman/message/33621883/ https://github.com/OpenSC/OpenSC/wiki/Feitian-ePass2003 Feitian provided a proprietary binary blob called `FIX_TOOL' to recover devices from this state, but declined to offer source code when asked: https://download.ftsafe.com/files/ePass/Fix_Tool.tar.gz https://download.ftsafe.com/files/reader/SDK/Fix_Tool_20200604.zip With reverse-engineering help by Saleem Rashid (@saleemrashid on Github), I was able to find the sequence of three APDUs that the tool submits to the device to erase it. The mechanism seems to be: 1. Install a magic PIN. This is like install_secret_key, as used by internal_install_pin, but with a few different magic constants. 2. Verify the magic PIN. 3. Delete the MF file, without selecting anything first. With this patch, `pkcs15-init -E' successfully erases my ePass2003, and I am able to initialize it with `pkcs15-init -C -p pkcs15+onepin' if I set both a user pin and a PUK. (This patch does not prevent the ePass2003 from getting into the state which could not be erased by the old erase sequence.) |
||
---|---|---|
.github | ||
doc | ||
etc | ||
m4 | ||
MacOSX | ||
packaging/debian.templates | ||
src | ||
tests | ||
win32 | ||
.gitignore | ||
.gitlab-ci.yml | ||
.travis.yml | ||
appveyor.yml | ||
bootstrap | ||
bootstrap.ci | ||
configure.ac | ||
COPYING | ||
Makefile.am | ||
Makefile.mak | ||
NEWS | ||
README | ||
README.md | ||
SECURITY.md | ||
version.m4 |
OpenSC documentation
Wiki is available online
Please take a look at the documentation before trying to use OpenSC.
Build and test status of specific cards:
Cards | Status |
---|---|
CAC | |
virt_CACard | |
Coolkey | |
PivApplet | |
OpenPGP Applet | |
GidsApplet | |
IsoApplet | |
OsEID (MyEID) |