[Piv-test-cards] unblocking a blocked card

359 views
Skip to first unread message

Ettore Rizza

unread,
Sep 29, 2017, 4:49:58 AM9/29/17
to piv-tes...@list.nist.gov
Hello,
During my tests (Linux system connecting to Windows OS through RDP/PCoIP/Blast/HDX) I blocked a card.
Is there any way to unlock it?
I can't find information about the PUK (if any).

Thank you
Ettore

Ettore Rizza
Senior Applications Engineer

<http://www.10zig.com/><http://10zig.com/>[10ZiG Logo]<http://10zig.com/><http://www.10zig.com>

Office: 1+ 866.864.5250


________________________________

10ZiG Technology, Inc. (formerly BOSaNOVA, Inc.)
Disclaimer - This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify support at 10zig.com.<mailto:support at 10zig.com> Any views or opinions presented in this email are solely those of the author and might not represent those of 10ZiG Technology. 10ZiG Technology monitors email traffic data and also the content of email for the purposes of security. 10ZiG Technology has also taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. 10ZiG Technology 23309 N 17th Drive Suite 100, Phoenix, AZ 85027. 10ZiG Technology monitors all telephone calls to and from the company for training and quality purposes.

10zig.png

Douglas E Engert

unread,
Sep 29, 2017, 8:44:47 AM9/29/17
to piv-tes...@list.nist.gov
An email on 6/14/2013 sent to piv-test-cards might help:


> From: David A. Cooper [david.cooper at nist.gov]
> Sent: Friday, June 14, 2013 1:23 PM
> To: Obremski, Christopher D.
> Cc: piv-test-cards
> Subject: Resetting the PIV Card Application PIN on a test PIV Card
>
> A status word of '69 83' does seem to indicate that the corresponding PIN has been locked. The PIV Card Application PINs and (where applicable) Global PINs on the test PIV Cards have been configured with a reset counter of 10. After 10 consecutive incorrect attempts to authenticate to the card using one of these PINs, the ability to authenticate to the card using that PIN will be blocked.
>
> While there is no mechanism available to reset the Global PIN once it has become blocked, the PIV Card Application PIN may be reset using the RESET RETRY COUNTER card command, which is described in NIST Special Publication 800-73-3 Part 2<http://csrc.nist.gov/publications/nistpubs/800-73-3/sp800-73-3_PART2_piv-card-applic-card-common-interface.pdf>. The RESET RETRY COUNTER card command needs to be provided the PIN Unblocking Key (PUK) and the new value for the PIV Card Application PIN. The value of the PUK for test PIV Cards 1, 9, and 16, is "1234." The value of the PUK for all of the other test PIV Cards is "99999999."
>
> So, the Application Protocol Data Unit (APDU) (i.e., card command) to send to test PIV Card 1, 9, or 16, to reset the PIV Card Application PIN to its original value of "123456" is:
> 00:2C:00:80:10:31:32:33:34:FF:FF:FF:FF:31:32:33:34:35:36:FF:FF
> The APDU to send to test PIV Card 2, 4, 5, 6, 8, 10, 11, 12, 13, 14, or 15, to reset the PIV Card Application PIN to its original value of "123456" is:
> 00:2C:00:80:10:39:39:39:39:39:39:39:39:31:32:33:34:35:36:FF:FF
> The APDU to send to test PIV Card 3 or 7 to reset the PIV Card Application PIN to its original value of "90909090" is:
> 00:2C:00:80:10:39:39:39:39:39:39:39:39:39:30:39:30:39:30:39:30
>
> As Doug mentioned, OpenSC may be used to send the APDU to the card to reset the PIN.
>
> Dave

On 9/29/2017 3:49 AM, Ettore Rizza wrote:
> Hello,
> During my tests (Linux system connecting to Windows OS through RDP/PCoIP/Blast/HDX) I blocked a card.
> Is there any way to unlock it?
> I can't find information about the PUK (if any).
>
> Thank you
> Ettore
>

> /*Ettore Rizza*/
> /Senior Applications Engineer/


> <http://www.10zig.com/><http://10zig.com/>10ZiG Logo <http://10zig.com/><http://www.10zig.com>
> Office: 1+ 866.864.5250
>

> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


>
>
> 10ZiG Technology, Inc. (formerly BOSaNOVA, Inc.)
> Disclaimer - This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in
> error please notify support at 10zig.com. <mailto:support at 10zig.com> Any views or opinions presented in this email are solely those of the author and might not represent those of 10ZiG Technology. 10ZiG
> Technology monitors email traffic data and also the content of email for the purposes of security. 10ZiG Technology has also taken reasonable precautions to ensure no viruses are present in this
> email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. 10ZiG Technology 23309 N 17th Drive Suite 100, Phoenix, AZ 85027. 10ZiG
> Technology monitors all telephone calls to and from the company for training and quality purposes.
>
>
>

> _______________________________________________
> PIV-test-cards mailing list
> PIV-test-cards at nist.gov
> https://groups.google.com/a/list.nist.gov/forum/#!forum/piv-test-cards
>

--

Douglas E. Engert <DEEngert at gmail.com>

Ettore Rizza

unread,
Sep 29, 2017, 9:52:30 AM9/29/17
to piv-tes...@list.nist.gov
Thank you Douglas, I was able to unblock test card 7.
B.R.
Ettore

Please Check Out Our 10ZiG Manager

https://www.10zig.com/resources/vdi-blog/zero-client-software

________________________________________
From: piv-test-cards-bounces at nist.gov [piv-test-cards-bounces at nist.gov] on behalf of Douglas E Engert [deengert at gmail.com]
Sent: Friday, September 29, 2017 1:44 PM
To: piv-tes...@list.nist.gov
Subject: Re: [Piv-test-cards] unblocking a blocked card

Reply all
Reply to author
Forward
0 new messages