163 Views 3 Replies
      Latest reply on Sep 13, 2019 10:21 AM by ph4r05.2
      ph4r05.2 Level 1 Level 1 (0 points)
      ph4r05.2 Sep 4, 2019 2:05 PM

        Hello,

         

        I have fully working application with CoreNFC, communicating over ISO7816 with my JavaCard applet, everything works fine here. I select the AID of the applet, send APDUs, receive responses.

         

        The problem is I want to be able to update my applet later in time via iPhone itself. For this I need to select special pre-installed CardManager applet with AID "a000000003000000" (hexcoded). If I add this AID to the com.apple.developer.nfc.readersession.iso7816.select-identifiers array it does not work - empty card is not picked up by the NFC session even though the CardManager applet is present (GlobalPlatformPro shows the applet with this AID as installed on the card).

         

        So I go another way - I preinstall small placeholder applet on the card, put its AID to the info.plist. This works, card is picked-up by the NFC session and I can start sending custom APDUs.

         

        If I send SELECT APDU with the card manager AID, "00a4040008a000000003000000", the system returns error "Error: Error Domain=NFCError Code=2 "Missing required entitlement" UserInfo={NSLocalizedDescription=Missing required entitlement}"

         

        Other SELECTs works, but CardManager seems to be somehow protected.

         

        The question is, can I somehow get the access to the CardManager applet to install a new applet version? Or can I somehow add this entitlement to the app?

         

        Thanks a lot!

        • Re: CoreNFC ISO7816 card manager select not allowed
          MattIPiFony Level 1 Level 1 (10 points)
          MattIPiFony Sep 11, 2019 2:08 PM (in response to ph4r05.2)

          Have you tried listing both AIDs?

           

          It has been stated that certain AIDs are protected / blocked (essentially the ones you'd need to speak with broadly deployed payment cards' EMV payment applets).

           

          In case they have for some reason protected the AID of the card manager, you might try changing the card manager instance AID.  That's often a proprietary card-type specific function, and in some cases can only be done during prepersonalization, but you may have luck that way.

            • Re: CoreNFC ISO7816 card manager select not allowed
              ph4r05.2 Level 1 Level 1 (0 points)
              ph4r05.2 Sep 12, 2019 6:04 AM (in response to MattIPiFony)

              Hi! Thanks for the response!

              I've tried to list all AIDs, but without success.

               

              But thanks with the advice on changing applet manager AID, I will give it a try!

              • Re: CoreNFC ISO7816 card manager select not allowed
                ph4r05.2 Level 1 Level 1 (0 points)
                ph4r05.2 Sep 13, 2019 10:21 AM (in response to MattIPiFony)

                Hi!

                 

                the solution you suggested works well!

                 

                We changed the Card Manager AID with the GPPro:

                gp2 -rename-isd 112233445566

                 

                Then after adding "112233445566" to the Info.plist the app was able to do the select, i.e., "00a4040006112233445566" and the card responded with 0x9000 and the select data! So we were able to initiate the secure channel with the card manager.

                 

                We still didn't test the whole procedure of the applet upload as we haven't it implemented yet but it seems this will work!

                 

                Thanks again!

                 

                Regards,

                 

                Dusan