通过OTA删除JavaCard小程序

Question

I have an applet installed on a JavaCard. I want to delete this applet through over the air(OTA) message by sending APDU commands. following are the APDU command I send through card reader to delete th applet:

1)  A4 04 00 00
2)  ExAuth 00 02 00 01 00 404142434445464748494A4B4C4D4E4F
3)  80 E4 00 00 0D 4F 0B A0 00 00 00 00 01 02 03 03 01 02
4)  80 E4 00 00 0D 4F 0B A0 00 00 00 00 01 02 03 03 00 00

I have followed this : https://adywicaksono.wordpress.com/2008/05/21/understanding-gsm-0348/

But I have not been able to delete the applet as there is some error everytime. Thank You.

Answer 1

Under my assumption that your JavaCard is using the Global Platform framework (which almost every JavaCard does) you need to perform the following steps:

1. Select CardManager
2. Authenticate
3. Delete the applet

You probably succeeded the first step, although selecting the Cardmanager by its AID is the better way to go. The second step looks a bit weird to me from what you posted. The third step looks good as well.

To authenticate there are diffrent protocols, eg SCP01, SCP02, etc. SCP02 is the de facto standard for modern cards. Then of course you also need the right keys to authenticate, for most cards delivired there are the default keys that you already have. The exact procedure is explained in the Global Platform specification. A sample log from my tool looks like this:

  => 00 A4 04 00 08 A0 00 00 01 51 00 00 00 00          .........Q....
 (9407 usec)
 <= 6F 64 84 08 A0 00 00 01 51 00 00 00 A5 58 9F 65    od......Q....X.e
    01 FF 9F 6E 06 47 91 23 47 41 00 73 49 06 07 2A    ...n.G.#GA.sI..*
    86 48 86 FC 6B 01 60 0B 06 09 2A 86 48 86 FC 6B    .H..k.`...*.H..k
    02 02 02 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B    ...c...*.H..k.d.
    06 09 2A 86 48 86 FC 6B 04 02 55 65 0B 06 09 2B    ..*.H..k..Ue...+
    85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 04    ...Hd...f...+...
    01 2A 02 6E 01 02 90 00                            .*.n....
Status: No Error
cm>  set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
cm>  init-update 255
 => 80 50 00 00 08 7D 62 4D F4 89 F6 07 E3 00          .P...}bM......
 (55368 usec)
 <= 00 00 42 87 00 17 97 93 24 74 FF 02 00 01 3C 2B    ..B.....$t....<+
    97 86 B8 3B 57 0A D0 9F 82 BF AD C2 90 00          ...;W.........
Status: No Error
cm>  ext-auth plain
 => 84 82 00 00 10 EA 1A 9D A0 24 E6 00 9E F8 84 96    .........$......
    1A 77 71 46 B4                                     .wqF.
 (56879 usec)
 <= 90 00                                              ..
Status: No Error
cm>  delete ff4563686f4170706c6574
 => 80 E4 00 00 0D 4F 0B FF 45 63 68 6F 41 70 70 6C    .....O..EchoAppl
    65 74 00                                           et.
 (956894 usec)
 <= 00 90 00                                           ...
Status: No Error

As you don't want to perform all the cryptographic protocol by yourself there are tools out there, that do the job for you. The best freeware tool in my opinion is GlobalPlatformPro from Martin Paljek. Beware that there are plenty other tools that might be deprecated.

Answer 2

In order to perform remote application management on SIM you need to have OTA keys of SIM card and OTA platform to construct appropriate GSM 03.48 and 03.40 APDU commands to exchange secure data packets with SIM. SIM carries out authentication of mobile user in mobile networks and neither GSM nor OTA keys of SIM cards never shared by mobile operators to 3rd parties.

MNOs have OTA platform which maintains relational database to keep MSISDN-ICCID-OTA Keys(KiK,KiD and KiC) triplet. Apart from OTA keys, SPI, TAR and CNTR values as part of each SIM card profile is kept in OTA platform to generate GSM 03.48 packet. So to perform any applet provisioning (instal, update delete) generally secure data content must be encrypted with KiC and KiD.