Accessing PIN protected data on SmartCard (ISO 7816-4) using APDU commands

155 views
Skip to first unread message

Emanuel Pimentel

unread,
Mar 30, 2023, 12:39:54 PM3/30/23
to eID Middleware Dev

I'm a newbie on SmartCard related questions and I’m facing some issues and need some help to overcome them.

I need to read some data from a PT CitizenCard, part of this data such name, photo, etc., is public access, on other hand data like address is PIN protected. What I know about that content:

  • 3F 00 - public DF / MF
  • 5F 00 - public DF / DF
  • EF 02 (public data) | EF0F | EF08 (certificates)
  • EF 05 address (PIN protected)

For accessing this data I’m using the following APDU commands / instructions: 

sendAPDUCommand(scContext, cardContext, "00A4040007604632FF000002"); // Select card 

sendAPDUCommand(scContext, cardContext, "00A4000C023F00"); // Public DF / MF 

sendAPDUCommand(scContext, cardContext, "00A4000C025F00"); // Public DF / DF 

sendAPDUCommand(scContext, cardContext, "00A4000C02" + EF_VALUE); // Select EF

Where EF_VALUE takes the value of EF02 | EF0F | EF08 according needs

For reading EF data segments I’m using the instruction:

// some other code here … 

let segmentData; 

for (let j = 0; j < max_value + 1; j++) { 

   let segment = j.toString(16).padStart(2, "0").toUpperCase() 

   segmentData = await sendAPDUCommand(scContext, cardContext, "00B0" + segment + "0000"); 

   // some other code here ...

   if (segmentData["returnCode"] == "9000") { 

       data += segmentData["value"]; 

    } 

   // some other code here (error handle, etc) 

} // some other code here …


For reading citizen Address data on smartcard, I'm basically using the same instructions/commands, for public data, with EF -> EF05. Address data is PIN protected, so I’m trying to previously execute a 'Verify' protocol that consists on validate Address PIN before try to obtain / read that data from the card, just like I’m doing on signing data procedure by AuthenticationCertificatePIN.

Address PIN is validated OK, but reading data procedure returns: 

SW1: 69 

SW2: 82 

(Security condition not satisfied)


Can any one help with that question?

Thanks

Wouter Verhelst

unread,
Apr 3, 2023, 5:49:27 AM4/3/23
to eid-middl...@googlegroups.com
Hi Emanuel,

Where did you read that the address data is PIN protected? This is not the case...

Emanuel Pimentel schreef op ma 27-03-2023 om 07:09 [-0700]:
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and you expect to receive a link or attachment from them.
Reply all
Reply to author
Forward
0 new messages