“Lets pretend to be developers” 🙂

Here’s as good a place as any. Im trying to authenticate using a spark2 and im trying to get a picc challenge but havent figured out how yet.

I found a PDF amal created / uploaded that had a tiny snip saying you need to authenticateFirst so run the APDU command for that but now what!

EDIT:
Ok so now i am issuing the authFirst command but i get 91 7E back (Length of command string invalid)

EDIT1:
So now im digging into the IOS app code yay and see that it issues 1APDU command then another later. The first is:

instructionClass: 0x90, instructionCode: 0x71, p1Parameter: 0x00, p2Parameter: 0x00, data: Data([0x02, 0x00]), expectedResponseLength: 256

in my case

byte[] data = { 0x02, 0x00 };

                    var apdu = new CommandApdu(IsoCase.Case4Extended, isoReader.ActiveProtocol)
                    {
                        CLA = 0x90, // Class
                        INS = 0x71,
                        P1 = 0x00, // Parameter 1
                        P2 = 0x00, // Parameter 2
                        Data = data,
                        Le = 0xFF
                    };

Problem is im still getting a 90 7E response

Indeed it is, but if you think it is better suited and thread worthy

ImmediateMiserlyCub-max-1mb

If you give me a title, I will create one, move this post and attribute ownership to you

1 Like

“Lets pretend to be developers” :slight_smile:

1 Like

It’s funny because it still happens:

princess-bride

1 Like

Thanks @Pilgrimsmaster

1 Like

sorry i will make one for spark 2 soon

Also check docs…

https://developer.vivokey.com/docs/scanAPI.php

You will need to sign up to developer.vivokey.com to get an API key before you can do anything. We had to decouple the APIs from actually having a VivoKey because… well, some developers aren’t necessarily excited about implants or having to keep a developer “demo card” in their wallet just to access developer stuff.

Aye no worries i found this

like i said im kind of stuck, in the iphone chipscan demo you issue an APDU command 90, 71, 00, 00, {02,00},256 but when i do that get an error “Length of command string invalid”

iPhone… curses. @RyuuzakiJulio :slight_smile:

Well the android one is closed source so cant peek :sweat_smile:

1 Like

But it can be decompiled and looked at

1 Like

Yeah @Devilclarke I’d also suggest you take a look at the decompiled source. The APDU you named happens down the chain, like pretty much the last step. Before that there’s some APDU called NDEF_SEL you need to transceive.
(And maybe VKID_AID to get the type but like does Spark even have an applet?!)
This stuff is confusing even with the source.

Right I got it working around 2am but had to sleep as got work at 8:30 it’s now 7:30 so will update later.

2 Likes

Right so i’ve not finished but when i have ill share the c# code for what im doing as an example implementation (currently only for the spark2).

Now im getting a PCD Challenge yay, basically you issue the command and you don’t expect data back hence the le = 0x0x but the chip responds its really weird but i did find a few posts talking about commands functioning like that.

Code for PCDChallenge
using (var isoReader = new IsoReader(ctx, comboBox1.Text, SCardShareMode.Shared, SCardProtocol.Any, false))
                {
                    var data = new byte[] { 0x02, 0x00};

                    var apdu = new CommandApdu(IsoCase.Case4Short, isoReader.ActiveProtocol)
                    {
                        CLA = 0x90, // Class
                        INS = 0x71,
                        P1 = 0x00, // Parameter 1
                        P2 = 0x00, // Parameter 2
                        Data = data,
                        Le = 0x00
                    };

                    var response = isoReader.Transmit(apdu);

                    return BitConverter.ToString(response.GetData()).Replace("-", string.Empty);
                }
            }

Now i have a different problem, no matter what i do i can’t get a response on the pcd-challenge my code structures the JSON and send it but all i ever get back is an ERROR 500.

The JSON im sending is structured exactly like this example from the dev docs.

{
"picc-uid": "04F2DA739E2BA0",
"picc-challenge": "17695fd27eaf8c65833d50cbff12a501",
"pcd-challenge": "55ecc39e823fd6c7c244f0d14a127f28"
}  

Code if anyone's interested
string response;
            var httpWebRequest = (HttpWebRequest)WebRequest.Create(baseURL + pcdChallengeEndpoint);
            httpWebRequest.ContentType = "application/json";
            httpWebRequest.Method = "POST";

            using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
            {
                Dictionary<string, string> post = new Dictionary<string, string>
                {
                    {"picc-uid", auth.PICCUID },
                    {"picc-challenge", auth.PICCchallenge },
                    {"pcd-challenge", auth.PCDchallenge }
                };

                string json = JsonConvert.SerializeObject(post, Formatting.Indented);

                streamWriter.Write(json);
            }

            var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();
            using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
            {
                response = streamReader.ReadToEnd();
            }

            var data = (JObject)JsonConvert.DeserializeObject(response);
1 Like

Sounds a lot like you and @AbbottSmith have the same problem. It’s probably the API? But why does the chipscanlib tester work for some people?

1 Like

It does dosnt it, and I’m not even using a library :sweat_smile:

Any ideas @amal or @fraggersparks maybe there’s some logging server side that would shed some ligh

Ok so ive tried UID, PICC challenge and, PCD challenge all in LSB and MSB and a ton of combinations of both non seem to work. i send the POST and it hangs for about 30s to 1 minute (not always but most of the time) then i get an ERROR 500.

I think the ERROR 500 is actually a time out in the http library im using as its waiting for a response it never gets.

Can anyone else get this endpoint to work?
Is there an official vivokey developer forum / support system?

1 Like

Well I give up. Tried a bunch if other things and it just doesn’t work.

Either the documentation is wrong or there’s something funky with the endpoint. Without input from vivokey this is going no further.

@fraggersparks any ideas here?

Ok sorry for the absence.

Can you try lowercase on the uid?

I will fish the details out of the API test cases for you on how to use these endpoints.

3 Likes