“Lets pretend to be developers” 🙂

Devilclarke · November 24, 2021, 11:08pm

Here’s as good a place as any. Im trying to authenticate using a spark2 and im trying to get a picc challenge but havent figured out how yet.

I found a PDF amal created / uploaded that had a tiny snip saying you need to authenticateFirst so run the APDU command for that but now what!

EDIT:
Ok so now i am issuing the authFirst command but i get 91 7E back (Length of command string invalid)

EDIT1:
So now im digging into the IOS app code yay and see that it issues 1APDU command then another later. The first is:

instructionClass: 0x90, instructionCode: 0x71, p1Parameter: 0x00, p2Parameter: 0x00, data: Data([0x02, 0x00]), expectedResponseLength: 256

in my case

byte[] data = { 0x02, 0x00 };

                    var apdu = new CommandApdu(IsoCase.Case4Extended, isoReader.ActiveProtocol)
                    {
                        CLA = 0x90, // Class
                        INS = 0x71,
                        P1 = 0x00, // Parameter 1
                        P2 = 0x00, // Parameter 2
                        Data = data,
                        Le = 0xFF
                    };

Problem is im still getting a 90 7E response

Pilgrimsmaster · November 24, 2021, 11:28pm

Indeed it is, but if you think it is better suited and thread worthy

ImmediateMiserlyCub-max-1mb

If you give me a title, I will create one, move this post and attribute ownership to you

Devilclarke · November 24, 2021, 11:37pm

“Lets pretend to be developers”

enginerd · November 24, 2021, 11:54pm

It’s funny because it still happens:

20211011_173316

Pilgrimsmaster · November 25, 2021, 12:03am

princess-bride

Devilclarke · November 25, 2021, 12:03am

Thanks @Pilgrimsmaster

amal · November 25, 2021, 12:13am

sorry i will make one for spark 2 soon

platform-blockout-Spark 1 Scan API Flow

Also check docs…

https://developer.vivokey.com/docs/scanAPI.php

You will need to sign up to developer.vivokey.com to get an API key before you can do anything. We had to decouple the APIs from actually having a VivoKey because… well, some developers aren’t necessarily excited about implants or having to keep a developer “demo card” in their wallet just to access developer stuff.

Devilclarke · November 25, 2021, 12:17am

Aye no worries i found this

like i said im kind of stuck, in the iphone chipscan demo you issue an APDU command 90, 71, 00, 00, {02,00},256 but when i do that get an error “Length of command string invalid”

amal · November 25, 2021, 12:18am

iPhone… curses. @RyuuzakiJulio

Devilclarke · November 25, 2021, 12:20am

Well the android one is closed source so cant peek

banteen · November 25, 2021, 1:31am

But it can be decompiled and looked at

yeka · November 25, 2021, 3:24am

Yeah @Devilclarke I’d also suggest you take a look at the decompiled source. The APDU you named happens down the chain, like pretty much the last step. Before that there’s some APDU called NDEF_SEL you need to transceive.
(And maybe VKID_AID to get the type but like does Spark even have an applet?!)
This stuff is confusing even with the source.

Devilclarke · November 25, 2021, 7:28am

Right I got it working around 2am but had to sleep as got work at 8:30 it’s now 7:30 so will update later.

Devilclarke · November 25, 2021, 11:08pm

Right so i’ve not finished but when i have ill share the c# code for what im doing as an example implementation (currently only for the spark2).

Now im getting a PCD Challenge yay, basically you issue the command and you don’t expect data back hence the le = 0x0x but the chip responds its really weird but i did find a few posts talking about commands functioning like that.

Code for PCDChallenge

using (var isoReader = new IsoReader(ctx, comboBox1.Text, SCardShareMode.Shared, SCardProtocol.Any, false))
                {
                    var data = new byte[] { 0x02, 0x00};

                    var apdu = new CommandApdu(IsoCase.Case4Short, isoReader.ActiveProtocol)
                    {
                        CLA = 0x90, // Class
                        INS = 0x71,
                        P1 = 0x00, // Parameter 1
                        P2 = 0x00, // Parameter 2
                        Data = data,
                        Le = 0x00
                    };

                    var response = isoReader.Transmit(apdu);

                    return BitConverter.ToString(response.GetData()).Replace("-", string.Empty);
                }
            }

Now i have a different problem, no matter what i do i can’t get a response on the pcd-challenge my code structures the JSON and send it but all i ever get back is an ERROR 500.

The JSON im sending is structured exactly like this example from the dev docs.

{
"picc-uid": "04F2DA739E2BA0",
"picc-challenge": "17695fd27eaf8c65833d50cbff12a501",
"pcd-challenge": "55ecc39e823fd6c7c244f0d14a127f28"
}

Code if anyone's interested

string response;
            var httpWebRequest = (HttpWebRequest)WebRequest.Create(baseURL + pcdChallengeEndpoint);
            httpWebRequest.ContentType = "application/json";
            httpWebRequest.Method = "POST";

            using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
            {
                Dictionary<string, string> post = new Dictionary<string, string>
                {
                    {"picc-uid", auth.PICCUID },
                    {"picc-challenge", auth.PICCchallenge },
                    {"pcd-challenge", auth.PCDchallenge }
                };

                string json = JsonConvert.SerializeObject(post, Formatting.Indented);

                streamWriter.Write(json);
            }

            var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();
            using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
            {
                response = streamReader.ReadToEnd();
            }

            var data = (JObject)JsonConvert.DeserializeObject(response);

yeka · November 25, 2021, 11:44pm

Sounds a lot like you and @AbbottSmith have the same problem. It’s probably the API? But why does the chipscanlib tester work for some people?

Devilclarke · November 26, 2021, 7:35am

It does dosnt it, and I’m not even using a library

Any ideas @amal or @fraggersparks maybe there’s some logging server side that would shed some ligh

Devilclarke · November 26, 2021, 7:55pm

Ok so ive tried UID, PICC challenge and, PCD challenge all in LSB and MSB and a ton of combinations of both non seem to work. i send the POST and it hangs for about 30s to 1 minute (not always but most of the time) then i get an ERROR 500.

I think the ERROR 500 is actually a time out in the http library im using as its waiting for a response it never gets.

Can anyone else get this endpoint to work?
Is there an official vivokey developer forum / support system?

Devilclarke · November 27, 2021, 8:28am

Well I give up. Tried a bunch if other things and it just doesn’t work.

Either the documentation is wrong or there’s something funky with the endpoint. Without input from vivokey this is going no further.

amal · November 27, 2021, 11:58am

@fraggersparks any ideas here?

fraggersparks · November 28, 2021, 1:23am

Ok sorry for the absence.

Can you try lowercase on the uid?

I will fish the details out of the API test cases for you on how to use these endpoints.