Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chip authentication failed (Chinese passport) #54

Open
Iey4iej3 opened this issue Aug 30, 2023 · 7 comments
Open

Chip authentication failed (Chinese passport) #54

Iey4iej3 opened this issue Aug 30, 2023 · 7 comments

Comments

@Iey4iej3
Copy link

The name, gender, country, nationality and the identity photo are correctly loaded. The passive authentication passes, but the chip authentication fails.

Version 3.0 (F-Droid)

Not sure whether the following part of logcat helps:

net.sf.scuba.smartcards.CardServiceException: File not found, CAPDU = 00A4020C02011C, RAPDU = 6A82 (SW = 0x6A82: FILE NOT FOUND)
	at org.jmrtd.protocol.ReadBinaryAPDUSender.checkStatusWordAfterFileOperation(ReadBinaryAPDUSender.java:218)
	at org.jmrtd.protocol.ReadBinaryAPDUSender.sendSelectFile(ReadBinaryAPDUSender.java:79)
	at org.jmrtd.DefaultFileSystem.sendSelectFile(DefaultFileSystem.java:321)
	at org.jmrtd.DefaultFileSystem.getFileInfo(DefaultFileSystem.java:272)
	at org.jmrtd.DefaultFileSystem.getSelectedPath(DefaultFileSystem.java:129)
	at net.sf.scuba.smartcards.CardFileInputStream.<init>(CardFileInputStream.java:60)
	at org.jmrtd.PassportService.getInputStream(PassportService.java:595)
	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:235)
	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:207)
	at android.os.AsyncTask$3.call(AsyncTask.java:394)
	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
	at java.lang.Thread.run(Thread.java:1012)

and

net.sf.scuba.smartcards.CardServiceException: File not found, CAPDU = 00A4020C02010E, RAPDU = 6A82 (SW = 0x6A82: FILE NOT FOUND)
	at org.jmrtd.protocol.ReadBinaryAPDUSender.checkStatusWordAfterFileOperation(ReadBinaryAPDUSender.java:218)
	at org.jmrtd.protocol.ReadBinaryAPDUSender.sendSelectFile(ReadBinaryAPDUSender.java:79)
	at org.jmrtd.DefaultFileSystem.sendSelectFile(DefaultFileSystem.java:321)
	at org.jmrtd.DefaultFileSystem.getFileInfo(DefaultFileSystem.java:272)
	at org.jmrtd.DefaultFileSystem.getSelectedPath(DefaultFileSystem.java:129)
	at net.sf.scuba.smartcards.CardFileInputStream.<init>(CardFileInputStream.java:60)
	at org.jmrtd.PassportService.getInputStream(PassportService.java:600)
	at com.tananaev.passportreader.MainActivity$ReadTask.doChipAuth(MainActivity.kt:291)
	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:266)
	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:207)
	at android.os.AsyncTask$3.call(AsyncTask.java:394)
	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
	at java.lang.Thread.run(Thread.java:1012)

and

Transaction too large, intent: Intent { cmp=com.tananaev.passportreader/.ResultActivity (has extras) }, extras size: 307744, icicle size: 0
@olegshtch
Copy link

olegshtch commented Nov 18, 2023
edited
Loading

Same for Russian passport. Also it have in logs:

11-18 13:19:57.532  9715 10418 W org.jmrtd: Failed to send GENERAL AUTHENTICATE, falling back to command chaining
11-18 13:19:57.532  9715 10418 W org.jmrtd: net.sf.scuba.smartcards.CardServiceException: Sending general authenticate failed (SW = 0x6A80: WRONG DATA or FILEHEADER INCONSISTENT)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at org.jmrtd.protocol.EACCAAPDUSender.sendGeneralAuthenticate(EACCAAPDUSender.java:185)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at org.jmrtd.protocol.EACCAAPDUSender.sendGeneralAuthenticate(EACCAAPDUSender.java:149)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at org.jmrtd.protocol.EACCAProtocol.sendPublicKey(EACCAProtocol.java:187)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at org.jmrtd.protocol.EACCAProtocol.doCA(EACCAProtocol.java:146)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at org.jmrtd.PassportService.doEACCA(PassportService.java:428)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at com.tananaev.passportreader.MainActivity$ReadTask.doChipAuth(MainActivity.kt:298)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:266)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:207)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at android.os.AsyncTask$2.call(AsyncTask.java:333)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
11-18 13:19:57.532  9715 10418 W org.jmrtd: 	at java.lang.Thread.run(Thread.java:764)

It looks like it was fixed in recent jmrtd versions.

@amcs99
Copy link

amcs99 commented Jan 7, 2024

Hello, Did you solved this problem?

@olegshtch
Copy link

olegshtch commented Jan 8, 2024
edited
Loading

I've tried to update jmrtd but it still fails.

Edit: Update of scuba-sc-android dependency doesn't help either. But I've tried to iterate all 8 oids for Chip Authentication and it worked with ChipAuthenticationPublicKeyInfo.ID_CA_ECDH_3DES_CBC_CBC (0.4.0.127.0.7.2.2.3.2.1)

@olegshtch
Copy link

It quite strange I don't get previous stacktrace when ChipAuthenticationPublicKeyInfo.ID_CA_ECDH_AES_CBC_CMAC_256 fails but with that approach instead I get:

01-08 23:08:09.913 27753 27830 W MainActivity: org.jmrtd.CardServiceProtocolException: Exception during MSE Set AT Int Auth (SW = 0x6985: CONDITIONS NOT SATISFIED) (step: 1)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at org.jmrtd.protocol.EACCAProtocol.sendPublicKey(EACCAProtocol.java:195)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at org.jmrtd.protocol.EACCAProtocol.doCA(EACCAProtocol.java:150)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at org.jmrtd.PassportService.doEACCA(PassportService.java:461)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at com.tananaev.passportreader.MainActivity$ReadTask.doChipAuth(MainActivity.kt:308)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:266)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:207)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at android.os.AsyncTask$2.call(AsyncTask.java:333)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at java.lang.Thread.run(Thread.java:764)
01-08 23:08:09.913 27753 27830 W MainActivity: Caused by: net.sf.scuba.smartcards.CardServiceException: Sending MSE AT failed (SW = 0x6985: CONDITIONS NOT SATISFIED)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at org.jmrtd.protocol.EACCAAPDUSender.sendMSESetATIntAuth(EACCAAPDUSender.java:130)
01-08 23:08:09.913 27753 27830 W MainActivity: 	at org.jmrtd.protocol.EACCAProtocol.sendPublicKey(EACCAProtocol.java:193)
01-08 23:08:09.913 27753 27830 W MainActivity: 	... 11 more

Maybe there should be limit of queries or after succeeded chip authentication it changes answer.

@SnehaDudhat2170
Copy link

Hello @olegshtch,
Have you found a solution for the above error? I'm encountering the same issue as well.

@ahmedmolawale
Copy link

Chip Authentication is a cloning detection mechanism which is not supported by all passports. Some NFC chips dont support because its not a mandatory requirement by ICAO 9303.

@cirosantilli cirosantilli mentioned this issue Aug 25, 2024
Open
@li0ard
Copy link

li0ard commented Oct 6, 2024

Chip Authentication is a cloning detection mechanism which is not supported by all passports. Some NFC chips dont support because its not a mandatory requirement by ICAO 9303.

The Russian passport supports Chip Authentication (EF.DG14 is present), hence it is a problem of jmrtd or this application

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Iey4iej3 @olegshtch @ahmedmolawale @amcs99 @li0ard @SnehaDudhat2170