I have HID Class Reader USB Device 5427 CK . I have successfully read ATR and UID of the card . The problem is there is a number printed on card .
i.e 2x01966 21093771-1
The Output i am getting while reading the card with java API .
PC/SC card in HID OMNIKEY 5427 CK 0, protocol T=1, state OK
ATR = 0x3B 8F 80 01 80 4F 0C A0 00 00 03 06 0A 00 1C 00 00 00 00 7E
Card UID = 0xB6 A9 0E FB FF 12 E0
Card type: PicoPass 16KS (8x2)
How can get the same number from UID
See the OMNIKEY Contactless Smart Card Readers Developer Guide available here. It tells how to communicate with iClass cards in chapters 9 and 10.
The command Select Page with P2=0x04 (request for 8-byte card serial number) might work (page 38).
EDIT>
Read the above-mentioned manual first.
Download the "Synchronous API for OMNIKEY Contactless Smart Card readers" available here (as written in the chapter 6).
Install the downloaded package and study the provided example iClassExplorer under "C:\Program Files\HID Global\Sync-API".
If you insist on calling it from java, you might find JNA useful.
The javax.smartcardio way probably won't work as you need to use the SCardCLICCTransmit function from the scardsyn.dll (chapter 9.1).
SCardCLICCTransmit() is a propriatary API call residing in OMNIKEY synchronous API DLL.
Use native CCID drivers with this reader instead and access UID via FFCA0000. This should work perfectly fine without additional wrappers. This APDU is availav=ble for all PC/SC part 3 compatible contactless smart card readers.
Related
Background
I have recently just started to learn networking and google's protocol buffers to build a communication between my java client to a python server. Sending message from my python server to java client works perfect, but the reverse way (from java to python) was always failed.
Problem
After checking the length of message from both sides, I have found the receiver(python) missing some of the bytes transferred by the java code,
java side:
12 28 08 0b 12 24 15 00 00 80 3f 1a 1b 09 00 00 00 00 00 00 f0 3f 11 00 00 00 00 00 00 f0 3f 19 00 00 00 00 00 00 f0 3f 22 00
python side:
12 28 08 0b 12 24 15 00 00 80 3f 1a 1b 09 00 00 00 00 00 00 f0 3f 11 00 00 00 00 00 00 f0 3f
As you can see, the last 10 bytes is missing. I could not figure out the problem.
Codes
The following is my java code,
// Both Message and UPDATEs are message types I defined in my .proto file
Message message = Message.newBuilder()
.setUpdate(UPDATEs.newBuilder()
.setTimeStamp(11)
.addUpdates(state))
.build();
//System.out.println(message.toString());
System.out.println(message.toByteArray().length); // result -> 42
//System.out.println(byteArrayToHex(message.toByteArray()));
try {
OutputStream outputStream = socket.getOutputStream();
message.writeDelimitedTo(outputStream);
System.out.println("Sending finished.");
} catch (IOException e) {
System.err.println("SteerCommunicator_sendCarData(OutputStream output): " + e.toString());
System.exit(0);
}
and my python code,
def server_loop():
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "Listening at port {}".format(PORT)
try:
server.bind(("localhost", PORT))
except:
print "Unable to listen on the Port" + PORT
sys.exit()
server.listen(10)
while True:
client_socket, addr = server.accept()
print "Received Message from Client {}:{}".format(addr[0],str(addr[1]))
msg = client_socket.recv(1024)
print len(msg) # result -> 32
Any ideas?
If the diagnosis that the stream is not being flushed is correct, then here is the solution:
try (OutputStream outputStream = socket.getOutputStream()) {
message.writeDelimitedTo(outputStream);
System.out.println("Sending finished.");
} catch (IOException e) {
// SEE NOTES!!
System.err.println("blah blah" + e.toString());
System.exit(0);
}
Explanation: by using try-with-resources, we ensure that the resource is always closed as the block exits, no matter how it exits. This has two benefits:
It ensures that the stream is flushed
It ensures that you don't leak the resource (i.e. the associated FileDescriptor). Resource leaks can cause various unrelated I/O activity to fail ... later on ... if the GC doesn't get a chance to clean up the mess first.
NOTES:
Calling System.exit(...) in the depths of your code is a bad idea. It preempts other possible approaches to recovery, and makes your code harder to extend and/or reuse.
If you catch and report an exception, you should also report the stacktrace ... somewhere.
A better strategy would be to declare IOException as thrown by the enclosing method, and catch / report / recover at a higher level.
Do you know if exists a Java library for LLMNR responder? I looked for jmDns library but it seems designed only for Bonjour services.
If not I may make a UDP responder, but exists a library for parse/write DNS records?
I don't know of a Java LLMNR responder (*), but to your second question for a library to parse/write DNS records, there's dnsjava.
Record[] records = new Lookup("stackoverflow.com", Type.A).run();
for (Record record : records) {
ARecord a = (ARecord) record;
System.out.println("Host " + a.getName() + " has address " + a.getAddress().getHostAddress());
}
byte[] ip = {(byte)192, (byte)168, (byte)0, (byte)10};
Name zone = Name.fromString("dyn.test.example.");
Name host = Name.fromString("host", zone);
InetAddress address = InetAddress.getByAddress(ip);
ARecord r = new ARecord(host, DClass.IN, 3600, address);
System.out.println(new sun.misc.HexDumpEncoder().encode(r.toWireCanonical()));
(yes I'm using a Sun-private API to print the hex dump, sue me)
Result:
Host stackoverflow.com. has address 151.101.193.69
Host stackoverflow.com. has address 151.101.129.69
Host stackoverflow.com. has address 151.101.1.69
Host stackoverflow.com. has address 151.101.65.69
0000: 04 68 6F 73 74 03 64 79 6E 04 74 65 73 74 07 65 .host.dyn.test.e
0010: 78 61 6D 70 6C 65 00 00 01 00 01 00 00 0E 10 00 xample..........
0020: 04 C0 A8 00 0A
(*) or maybe mdnsjava? (which uses dnsjava). Anyway you might want to wait for the bounty to expire before you accept this, in case someone comes up with a complete answer. Also, usually requests for library recommendations are considered off-topic, but this is a rare topic and I find this interesting, I hope this won't be shut down.
Hello we are trying to create an iOS MDM server using java.
I am stuck at the very first point where we have to sign the certificate and send an SCEP.
I have first sent the enroll plist file to the ios device. In response to which I receive a HttpServletRequest from the ios device when we click on "Install" from the device.
It the uses the URL which contains the profile request url and a request is obtained for the same in java.
After reading the request.getInputStream i got to know that the request has two parts within. One is a plist another is the certificate of the device.
printing the file i got the below plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CHALLENGE</key>
<string>challengesessionvalue1234</string>
<key>UDID</key>
<string>b3d8980d72a6c2abf4f936862e8c50a734ccc030</string>
</dict>
</plist>
It contains the "Challenge" string which was sent during enrollment. Also it gives the device UDID. This part was retrieve by reading the inputStream of the request in java using bytes.
Another part the request.getInputStream contains is the pkcs signed certificate details of Apple certificate as shown below:
PKCS7 :: signer infos:
0. Signer Info for (issuer): CN=Apple iPhone Device CA, OU=Apple iPhone, O=Apple Inc., C=US
version: 01
certificateSerialNumber: 0252f631 cadff5f3 99986
digestAlgorithmId: SHA
authenticatedAttributes: PKCS9 Attributes: [
[ContentType: 1.2.840.113549.1.7.1];
[MessageDigest: 0000: E1 BF 36 1B 11 5C CB 0E E6 1C 57 4F 09 FC 55 B4 ..6..\....WO..U.
0010: D9 C1 E0 1E ....
];
[SigningTime: Wed Jul 30 11:46:02 UTC 2014]
] (end PKCS9 Attributes)
digestEncryptionAlgorithmId: RSA
encryptedDigest:
0000: C5 11 AC 76 89 E7 43 BD A3 03 5F 14 4B 08 BD E4 ...v..C..._.K...
0010: 5E F9 55 BA A7 F5 4E 43 E0 74 FD 06 D2 E2 88 03 ^.U...NC.t......
0020: C4 9C 88 A2 01 E0 9C 63 62 C2 D9 1A BD FC 00 B3 .......cb.......
0030: 64 30 8F 00 BD F4 4A B9 4E EA D5 C6 7B 26 1C 01 d0....J.N....&..
0040: A5 E2 B7 27 B9 7A A8 2D 22 97 E3 D9 24 7B 8B 24 ...'.z.-"...$..$
0050: 84 49 7C 38 1B A7 56 80 B8 CD 1A 44 9C AF 79 D9 .I.8..V....D..y.
0060: 86 12 B5 31 D1 BD 5C 27 F6 64 BC EC DC 02 19 A5 ...1..\'.d......
0070: 25 A5 09 F2 BB 11 67 78 3E DC D4 03 F2 E4 8D C0 %.....gx>.......
I have not copied the whole file as it was a huge. To read this part i used PKCS7 available for java from sun.security.pkcs package.
I would first like to read the "Challenge" value and authenticate the certificate using challenge itself as it will be a uniquely identified session value for us. I just want to pass back a sign certificate to iOS device so that i can proceed further.
Please provide a java code which will help in parse this request.getInputStream.
The content type of the request is = "application/pkcs7-signature"
And how should i pass back the response. Do i need to create the certificate again?
Please help.
Hope i made myself clear with the doubt.
Thanks in advance.!!
Let me try to break down your question to multiple subquestion and answer the.
I am stuck at the very first point where we have to sign the certificate and send an SCEP.
Frankly, I wasn't able to understand what you are talking about.
Based on the response which you got, you are doing this:
https://developer.apple.com/library/ios/documentation/networkinginternet/conceptual/iphoneotaconfiguration/OTASecurity/OTASecurity.html
And you are on phase 2, step 1.
I would first like to read the "Challenge" value and authenticate the certificate using challenge itself as it will be a uniquely identified session value for us
Again. I am not 100% sure what you mean. Specifically "authenticate the certificate using challenge itself"
You should do two things at this steps
Authenticate this request using the challenge extract from the request
Validate the signature (make sure that it's correct signature and that it's signed by appropriate Apple certificate).
if everything is correct (the challange and the certificate) then you should send either a profile with SCEP payload or PKCS12 payload
Please provide a java code which will help in parse this request.getInputStream.
To read this part i used PKCS7 available for java from sun.security.pkcs package.
I would recommend to look at Bouncy Castle. It's excellent library which handles crypto.
And search for "Bouncy castle validate signature":
X.509 Certificate validation with Java and Bouncycastle
http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/
I am writing some code to authentificate and overwrite some data on rfid chip.
I am using javax.smartcardio and the reader is ACR122U.
Now if I try to send a APDU-command like: ff860000050100066100a0a1a2a3a4a5 (authentificate with standard key at sector 2) I get Error. But I am sure that I have the right key. I tested it in acr122utools. What is the problem? Please help.
There is a bit different way to authenticate to the card via acr122u.
At first you have to load you key to the reader memory (example: ff 82 00 00 06 a0 a1 a2 a3 a4 a5).
Then you have to tell, that you will authenticate with key from memory:(example ff 86 00 00 00 50 10 00 66 10). It should be done this way, because the authentication is a "challange response". Only the parts of the key will be crypted with a random number and transfered between card and reader. I think, that own implementation of challange response is not the way you would like to go.
I am using energy meter. How to that meter data reading and writing code in Java?
It will be power line node to send and transferring the data it will be convert the concentrator in RS232 to display in serial port. Windows using Java.
Output example in reading meter value is:
A 00 09 14 03 81 0C 03 10 03 00 30 B0 03 3A 00 :.........0°.:.
09 14 03 81 02 03 10 03 00 30 B1 2D 3A 00 09 14 ........0±-:...
03 81 02 03 10 03 00 04 B0 FA 3A 00 09 14 5C 81 .......°ú:...\
02 03 10 03 00 04 B0 FA
For reading and writing data to a serial port under windows i recomend using rxtx
http://rxtx.qbang.org/wiki/index.php/Main_Page
There are samples for reading and writing:
http://rxtx.qbang.org/wiki/index.php/Using_RXTX
There is a com api from oracle, but the actual version has only implementations for Solaris SPARC, Solaris x86, and Linux x86
http://www.oracle.com/technetwork/java/index-jsp-141752.html
I used an older version for windows, but it is hard to find and has some shortcommings (e.g. didn't found ports above com4 without 'helping', has problems with spaces in path to dll and so on)