I'm working on Polish e-identity card which is protected by CAN code. It is required to provide this code to unlock the card and be able to list the tokens.
I'm not able to find any information about it.
When using official app https://www.gov.pl/web/e-dowod you are prompted for this number after inserting the card.
According to logs, mysterious function C_SetCAN from e-dowod-pkcs11-64.so is invoked. It is not documented in http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html and also not present in https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/pkcs11-global.c#L320 where it should be according to the logs
0x7f9bca95c700 23:18:32.251 [opensc-pkcs11] pkcs11-global.c:320:C_SetCAN: C_SetCAN(0x5)
0x7f9bca95c700 23:18:32.251 [opensc-pkcs11] pkcs11-global.c:329:C_SetCAN: C_SetCAN() get slot rv 0
It make me thing that it might be some custom extension, but as opensc is on LGPL, sources of it should also be provided, right?
When I've tried to break on it with gdb, but I've landed in:
#0 0x00007fffeadd5b70 in C_SetCAN () from /opt/e-dowod/e-dowod-pkcs11-64.so
#1 0x000000000041d49c in ?? ()
#2 0x0000000000418907 in ?? ()
#3 0x00000000004199bc in ?? ()
#4 0x000000000041ed58 in ?? ()
#5 0x00007ffff686e0e1 in QObject::event(QEvent*) () from /opt/e-dowod/./libQt5Core.so.5
#6 0x00007ffff7691e2c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /opt/e-dowod/./libQt5Widgets.so.5
Why there is no caller and arguments information?
I've also tried to use https://github.com/OpenSC/OpenSC/blob/master/src/tools/npa-tool.c which seems to have desired functionality, but quite probably without success.
P:91478; T:0x140627504822080 17:59:48.916 [npa-tool] sm-eac.c:643:eac_gen_auth_1_encrypted_nonce:
General authenticate (Encrypted Nonce) response data (20 bytes):
00 02 7C 12 80 10 D1 0A 98 E5 3B DC 7C F5 DC FA ..|.......;.|...
58 60 24 BA X`$.
P:91478; T:0x140627504822080 17:59:48.917 [npa-tool] sm-eac.c:647:eac_gen_auth_1_encrypted_nonce: Could not parse general authenticate response data.
P:91478; T:0x140627504822080 17:59:48.917 [npa-tool] sm-eac.c:648:eac_gen_auth_1_encrypted_nonce: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
P:91478; T:0x140627504822080 17:59:48.917 [npa-tool] sm-eac.c:648:eac_gen_auth_1_encrypted_nonce: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
P:91478; T:0x140627504822080 17:59:48.917 [npa-tool] sm-eac.c:648:eac_gen_auth_1_encrypted_nonce: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
P:91478; T:0x140627504822080 17:59:48.917 [npa-tool] sm-eac.c:1176:perform_pace: Could not get encrypted nonce from card (General Authenticate step 1 failed).
P:91478; T:0x140627504822080 17:59:48.917 [npa-tool] sm-eac.c:1364:perform_pace: returning with: -1400 (Internal error)
It make me thing that it might be some custom extension, but as opensc is on LGPL, sources of it should also be provided, right?
Yes, you are right that C_SetCAN seems to be vendor defined extension method. If PKCS#11 library distributed by your government is based on LGPL 2.1 licensed OpenSC code, then they have to provide source code with all the changes. IMO all you have to do is to ask for it. Did you?
The can number is printed on the e-identity card. When I receive the card I had to enter the code on the pinpad.
Related
Consider a device in the system, something under /dev/hdd[sg][nvme]xx
Open the device, get the file descriptor and start working with it (read(v)/write(v)/lseek, etc), at some point you may get EIO. How do you retrieve the underlying error reported by the device driver?
EDIT001: in case it is impossible using unistd functions, maybe there is other ways to work with block devices which can provide more low-level information like sg_scsi_sense_hdr?
You can't get any more error detail out of the POSIX functions. You're onto the right track with the SCSI generic stuff though. But, boy, it's loaded with hair. Check out the example in sg3_utils of how to do a SCSI READ(16). This will let you look at the sense data when it comes back:
https://github.com/hreinecke/sg3_utils/blob/master/examples/sg_simple16.c
Of course, this technique doesn't work with NVMe drives. (At least, not to my knowledge).
One concept I've played with in the past is to use normal POSIX/libc block I/O functions like pread and pwrite until I get an EIO out. At that point, you can bring in the SCSI-generic versions to try to figure out what happened. In the ideal case, a pread or lseek/read fails with EIO. You then turn around and re-issue it using a SG READ (10) or (16). If it's not just a transient failure, this may return sense data that your application can use.
Here's an example, using the command-line sg_read program. I have an iSCSI attached disk that I'm reading and writing. On the target, I remove its LUN mapping. dd reports EIO:
# dd if=/dev/sdb of=/tmp/output bs=512 count=1 iflag=direct
dd: error reading ‘/dev/sdb’: Input/output error
but sg_read reports some more useful information:
[root#localhost src]# sg_read blk_sgio=1 bs=512 cdbsz=10 count=512 if=/dev/sdb odir=1 verbose=10
Opened /dev/sdb for SG_IO with flags=0x4002
read cdb: 28 00 00 00 00 00 00 00 80 00
duration=9 ms
reading: SCSI status: Check Condition
Fixed format, current; Sense key: Illegal Request
Additional sense: Logical unit not supported
Raw sense data (in hex):
70 00 05 00 00 00 00 0a 00 00 00 00 25 00 00 00
00 00
sg_read: SCSI READ failed
Some error occurred, remaining block count=512
0+0 records in
You can see the Logical unit not supported additional sense code in the above output, indicating that there's no such LU at the target.
Possible? Yes. But as you can see from the code in sg_simple16.c, it's not easy!
I have a C++ application deployed on a Windows server VM in Azure.
It's been running fine for a few days, and then WER took a crash dump. The faulting thread had this stack trace:
00 0000004a`7fb7ac00 00007ffa`9505e15f ucrtbase!abort+0x4e
01 0000004a`7fb7ac30 00007ffa`911239ba ucrtbase!terminate+0x1f
02 0000004a`7fb7ac60 00007ffa`9112c710 VCRUNTIME140!__std_terminate+0xa
03 0000004a`7fb7ac90 00007ffa`9112282a VCRUNTIME140!_CallSettingFrame+0x20
04 0000004a`7fb7acc0 00007ffa`91121b82 VCRUNTIME140!__FrameUnwindToState+0x136
05 (Inline Function) --------`-------- VCRUNTIME140!__FrameUnwindToEmptyState+0x7e
06 0000004a`7fb7ad30 00007ffa`9112be80 VCRUNTIME140!__InternalCxxFrameHandler+0x19a
07 0000004a`7fb7ad90 00007ffa`9897a5cd VCRUNTIME140!__CxxFrameHandler+0x90
08 0000004a`7fb7ade0 00007ffa`9891068a ntdll!RtlpExecuteHandlerForUnwind+0xd
09 0000004a`7fb7ae10 00007ffa`9112c249 ntdll!RtlUnwindEx+0x38a
0a 0000004a`7fb7b4f0 00007ffa`91122979 VCRUNTIME140!_UnwindNestedFrames+0x109
0b 0000004a`7fb7bab0 00007ffa`91122090 VCRUNTIME140!CatchIt+0xb5
0c 0000004a`7fb7bb30 00007ffa`91121c7e VCRUNTIME140!FindHandler+0x3f0
0d 0000004a`7fb7bc00 00007ffa`9112be80 VCRUNTIME140!__InternalCxxFrameHandler+0x296
0e 0000004a`7fb7bc60 00007ffa`9897a54d VCRUNTIME140!__CxxFrameHandler+0x90
0f 0000004a`7fb7bcb0 00007ffa`9890fcf3 ntdll!RtlpExecuteHandlerForException+0xd
10 0000004a`7fb7bce0 00007ffa`98911a09 ntdll!RtlDispatchException+0x373
11 0000004a`7fb7c3e0 00007ffa`95c53c58 ntdll!RtlRaiseException+0x2d9
12 0000004a`7fb7cbc0 00007ffa`91124572 KERNELBASE!RaiseException+0x68
13 0000004a`7fb7cca0 00007ffa`784bd3ce VCRUNTIME140!_CxxThrowException+0xc2
14 0000004a`7fb7cd20 00007ffa`78350000 MyModule!operator new[]+0x2e
15 0000004a`7fb7cd28 0000004a`7fb7cf88 MyModule!__imp_?id#?$codecvt#DDU_Mbstatet###std##2V0locale#2#A
16 0000004a`7fb7cd30 00000000`00000000 0x0000004a`7fb7cf88
(I replaced the real module name with MyModule!)
Questions:
I'm guessing (by the function names in the stack trace, e.g. RtlpExecuteHandlerForException) that this flow if for handled exceptions. Is that correct? if yes, why is the application crashing nevertheless?
The __imp_?id#?$codecvt#DDU_Mbstatet###std##2V0locale#2#A at the bottom of the stack looks mangled. I've tried to de-mangle it online and got __imp_public: static class std::locale::id std::codecvt<char,char,struct _Mbstatet>::id. Does that make sense? it looks like a reference to a field, not a function
I've tried running !analyze -v and it gives:
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun
of a stack-based buffer in this application. This overrun could
potentially allow a malicious user to gain control of this
application.
What can be the cause of such exception? Can you please provide a short snippet which triggers such an exception in Windows?)
In a Windows Application I created I am attempting to run a batch file that points to a .vbs. It runs the vbs script but it does not modify the registry as needed. However, if I run the batch file manually it functions properly. Does anyone have any insight as to what could be the issue? I thought it was permissions but why would it matter if I manually click on the batch file or if my program opens it? Regardless, I have modified the batch file to try to run as admin but nothing online seems to work.
It says nowhere that CreateProcess can run batch files. As batch files aren't programs CreateProcess can't do anything with it. CMD.exe executes batch files.
YOU WOULD HAVE KNOWN THIS BY TESTING THE RETURN VALUE and by reading the Docs
From Help
Return Value
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Also from Help
To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the name of the batch file.
This is What You are Doing Wrong
1. You have a bizzare program design.
Any program can prompt for user input and write to the registry. You are writing a program that will have at least four different ways of writing the registry (.NET, WSH, WMI, API). Then you run a batch that has two ways of writing the registry (WMI and reg.exe). Then a vbs file with two ways (WMI, WSH).
2. You do not test for errors.
You must test for errors. The only person with access to the error is YOU. Errors say what happened. You must fix the error or crash. And there is no point asking without the error number, error source, what it was trying to do, and the parameters.
Errors are to be expected. Users do delete or move files for example.
3. You must read the documentation
It has to be open while you program. It explains what you need to tell it for it to behave in certain ways. Just typing random commands (as many here do - they are invalid of course) OR typing random parameters (as you are) doesn't work. If you don't read them you don't know what they mean.
4. Playing helpless
When you get told the answer, you go and look everything up in the documentation, and then google it.
You not reply with a pathetic "it didn't work". You post the error number, error source, what it was trying to do, and the parameters.
This is how to decode errors
Decoding Errors
-2147220978 style numbers are 32 bit signed integers, convert to hex with calculator.
Windows errors (smallish numbers) and COM HResults (typically, but with exceptions, start with an 8 as in 0x80040154) are defined in WinError.h, except 8007nnnn where you look up the Window error number that it contains.
As a general rule Windows errors are less than 65,535 (0xFFFF). Errors starting 0x80000001 are Component Object Model (COM) HResults. Errors starting 0xC0000001 are NTStatus results. Errors starting 0xD0000001 are also NTStatus values returned in a HResult.
NTStatus errors (typically but not always start with an C as in 0xC0000022) are defined in NTStatus.h.
.h files are the best source because it includes the symbolic name of the error which can give clues such as the source of the error. FormatMessage doesn't give the symbolic name only the description.
You get these files by downloading the Platform SDK (it's gigabytes)
http://www.microsoft.com/en-us/download/details.aspx%3Fid%3D8279&sa=U&ei=w2IrULDDLsHFmAWbmIHoBg&ved=0CBwQFjAA&usg=AFQjCNHZn9-4f2NnuN9o3UWUsOF3wL7HBQ
If you just want the two files I have them on my skydrive so I can reference them anywhere I go.
https://skydrive.live.com/redir?resid=E2F0CE17A268A4FA!121
Note internet errors (12,000 - 12,999) are windows errors but are specified in wininet.h also available above.
There are errors defined in other .h files. But 99% are in the three above.
Structure of HResults and NTStatus Codes
The most significant bit in HResults, and the two most significant bits in NTStatus are set on error. Hence Hresults start 8 on error and NTStatus starts C on Error. The next 14 or 15 bits are reserved and some specify the facility - what area the error is in. This is the third and fourth number when reading hex. EG 0xnn07nnnn - An HResult facility code 7 is a normal Windows' error (returned from a COM program - hence it's returned as a HResult). Facility codes are defined in Winerror.h for HResults and NTStatus.h for NTStatus codes. They are different.
To Decode 0x8003nnnn Errors
HResults with facility code 3 means the HResult contains OLE Structured Storage errors (0x0 to 0xff). These are the same as Dos error codes. These don't seem to be in Windows' header files and the list of codes is at the end of this post.
To Decode 0x8004nnnn Errors
HResults with facility code 4 means the HResult contains OLE errors (0x0 to 0x1ff) while the rest of the range (0x200 onwards) is component specific errors so 20e from one component will have a different meaning to 20e from another component.
This is why the source of the error is extra important for errors above 0x80040200.
To Decode 0x8007nnnn Errors
HResults with facility code 7 means the HResult contains a Windows' error code. You have to look up the Windows' error code not the HResult.
To decode 0x80070002. The 0x means it's a hexadecimal number, the 8 means error, the first 7 means it a windows error, and the rest of the number, 2, is the actual Windows error.
To look up the error we need it in decimal format. Start Calculator (Start - All Programs - Accessories - Calculator) and choose View menu - Scientific, then View menu - Hex. Enter 2. Then View menu - Decimal. It will say 2.
Start a Command Prompt (Start - All Programs - Accessories - Command Prompt) and type
net helpmsg 2
and it will say
The system cannot find the file specified.
or look it up in winerror.h
//
// MessageId: ERROR_FILE_NOT_FOUND
//
// MessageText:
//
// The system cannot find the file specified.
//
#define ERROR_FILE_NOT_FOUND 2L
To Decode 0x8019nnnn Errors
HResults with facility 0x19 are HTTP errors. Codes under 16,384 (0x4000) are the same as HTTP errors, eg HTTP status 404: The requested URL does not exist on the server is 0x80190194 (0x194 = 404). Codes 16,384 and higher are BITS specific.
To Decode 0xDnnnnnnn Errors
HResults starting 0xD are an HResult with a NTStatus value in it. Just change the lead D to a C and treat as an NTStatus (Hresult = NTStatus OR 0x10000000).
Dos Error Codes (for 0x8003nnnn errors)
Code Message
01 Invalid function number
02 File not found
03 Path not found
04 Too many open files (no handles left)
05 Access denied
06 Invalid handle
07 Memory control blocks destroyed
08 Insufficient memory
09 Invalid memory block address
0A Invalid environment
0B Invalid format
0C Invalid access mode (open mode is invalid)
0D Invalid data
0E Reserved
0F Invalid drive specified
10 Attempt to remove current directory
11 Not same device
12 No more files
13 Attempt to write on a write-protected diskette
14 Unknown unit
15 Drive not ready
16 Unknown command
17 CRC error
18 Bad request structure length
19 Seek error
1A Unknown media type
1B Sector not found
1C Printer out of paper
1D Write fault
1E Read fault
1F General failure
20 Sharing violation
21 Lock violation
22 Invalid disk change
23 FCB unavailable
24 Sharing buffer overflow
25 Reserved
26 Unable to complete file operation (DOS 4.x)
27-31 Reserved
32 Network request not supported
33 Remote computer not listening
34 Duplicate name on network
35 Network name not found
36 Network busy
37 Network device no longer exists
38 NetBIOS command limit exceeded
39 Network adapter error
3A Incorrect network response
3B Unexpected network error
3C Incompatible remote adapter
3D Print queue full
3E No space for print file
3F Print file deleted
40 Network name deleted
41 Access denied
42 Network device type incorrect
43 Network name not found
44 Network name limit exceeded
45 NetBIOS session limit exceeded
46 Temporarily paused
47 Network request not accepted
48 Print or disk redirection is paused
49-4F Reserved
50 File already exists
51 Reserved
52 Cannot make directory entry
53 Fail on INT 24
54 Too many redirections
55 Duplicate redirection
56 Invalid password
57 Invalid parameter
58 Network device fault
59 Function not supported by network (DOS 4.x)
5A Required system component not installed (DOS 4.x)
Facility Codes
NTStatus Facilities HResults Facilities
Common status values 0x0 Null 0x0
Debugger 0x1 Rpc 0x1
Rpc_runtime 0x2 Dispatch 0x2
Rpc_stubs 0x3 Storage 0x3
Io_error_code 0x4 Itf 0x4
Various drivers 0x5-0xf Win32 0x7
Ntwin32 0x7 Windows 0x8
Ntsspi 0x9 Sspi 0x9
Terminal_server 0xa Security 0x9
Faciltiy_mui_error_code 0xb Control 0xa
Usb_error_code 0x10 Cert 0xb
Hid_error_code 0x11 Internet 0xc
Firewire_error_code 0x12 Mediaserver 0xd
Cluster_error_code 0x13 Msmq 0xe
Acpi_error_code 0x14 Setupapi 0xf
Sxs_error_code 0x15 Scard 0x10
Transaction 0x19 Complus 0x11
Commonlog 0x1a Aaf 0x12
Video 0x1b Urt 0x13
Filter_manager 0x1c Acs 0x14
Monitor 0x1d Dplay 0x15
Graphics_kernel 0x1e Umi 0x16
Driver_framework 0x20 Sxs 0x17
Fve_error_code 0x21 Windows_ce 0x18
Fwp_error_code 0x22 Http 0x19
Ndis_error_code 0x23 Usermode_commonlog 0x1a
Hypervisor 0x35 Usermode_filter_manager 0x1f
Ipsec 0x36 Backgroundcopy 0x20
Maximum_value 0x37 Configuration 0x21
State_management 0x22
Metadirectory 0x23
Windowsupdate 0x24
Directoryservice 0x25
Graphics 0x26
Shell 0x27
Tpm_services 0x28
Tpm_software 0x29
Pla 0x30
Fve 0x31
Fwp 0x32
Winrm 0x33
Ndis 0x34
Usermode_hypervisor 0x35
Cmi 0x36
Windows_defender 0x50
We are facing C++ application crash issue due to segmentation fault on RED hat Linux. We are using embedded python in C++.
Please find below my limitation
Don’t I have access to production machine where application crashes. Client send us core dump files when application crashes.
Problem is not reproducible on our test machine which has exactly same configuration as production machine.
Sometime application crashes after 1 hour, 4 hour ….1 day or 1 week. We haven’t get time frame or any specific pattern in which application crashes.
Application is complex and embedded python code is used from lot of places from within application. We have done extensive code reviews but couldn’t find the fix by doing code review.
As per stack trace in core dump, it is crashing around multiplication operation, reviewed code for such operation in code we haven’t get any code where such operation is performed. Might be such operations are called through python scripts executed from embedded python on which we don’t have control or we can’t review it.
We can’t use any profiling tool on production environment like Valgrind.
We are using gdb on our local machine to analyze core dump. We can’t run gdb on production machine.
Please find below the efforts we have putted in.
We have analyzed logs and continuously fired request that coming towards our application on our test environment to reproduce the problem.
We are not getting crash point in logs. Every time we get different logs. I think this is due to; Memory is smashed somewhere else and application crashes after sometime.
We have checked load at any point on our application and it is never exceeded our application limit.
Memory utilization of our application is also normal.
We have profiled our application with help of Valgrind in our test machine and removed valgrind errors but application is still crashing.
I appreciate any help to guide us to proceed further to solve the problem.
Below is the version details
Red hat linux server 5.6 (Tikanga)
Python 2.6.2 GCC 4.1
Following is the stack trace I am getting from the core dump files they have shared (on my machine). FYI, We don’t have access to production machine to run gdb on core dump files.
0 0x00000033c6678630 in ?? ()
1 0x00002b59d0e9501e in PyString_FromFormatV (format=0x2b59d0f2ab00 "can't multiply sequence by non-int of type '%.200s'", vargs=0x46421f20) at Objects/stringobject.c:291
2 0x00002b59d0ef1620 in PyErr_Format (exception=0x2b59d1170bc0, format=<value optimized out>) at Python/errors.c:548
3 0x00002b59d0e4bf1c in PyNumber_Multiply (v=0x2aaaac080600, w=0x2b59d116a550) at Objects/abstract.c:1192
4 0x00002b59d0ede326 in PyEval_EvalFrameEx (f=0x732b670, throwflag=<value optimized out>) at Python/ceval.c:1119
5 0x00002b59d0ee2493 in call_function (f=0x7269330, throwflag=<value optimized out>) at Python/ceval.c:3794
6 PyEval_EvalFrameEx (f=0x7269330, throwflag=<value optimized out>) at Python/ceval.c:2389
7 0x00002b59d0ee2493 in call_function (f=0x70983f0, throwflag=<value optimized out>) at Python/ceval.c:3794
8 PyEval_EvalFrameEx (f=0x70983f0, throwflag=<value optimized out>) at Python/ceval.c:2389
9 0x00002b59d0ee2493 in call_function (f=0x6f1b500, throwflag=<value optimized out>) at Python/ceval.c:3794
10 PyEval_EvalFrameEx (f=0x6f1b500, throwflag=<value optimized out>) at Python/ceval.c:2389
11 0x00002b59d0ee2493 in call_function (f=0x2aaab09d52e0, throwflag=<value optimized out>) at Python/ceval.c:3794
12 PyEval_EvalFrameEx (f=0x2aaab09d52e0, throwflag=<value optimized out>) at Python/ceval.c:2389
13 0x00002b59d0ee2d9f in ?? () at Python/ceval.c:2968 from /usr/local/lib/libpython2.6.so.1.0
14 0x0000000000000007 in ?? ()
15 0x00002b59d0e83042 in lookdict_string (mp=<value optimized out>, key=0x46424dc0, hash=40722104) at Objects/dictobject.c:412
16 0x00002aaab09d5458 in ?? ()
17 0x00002aaab09d5458 in ?? ()
18 0x00002aaab02a91f0 in ?? ()
19 0x00002aaab0b2c3a0 in ?? ()
20 0x0000000000000004 in ?? ()
21 0x00000000026d5eb8 in ?? ()
22 0x00002aaab0b2c3a0 in ?? ()
23 0x00002aaab071e080 in ?? ()
24 0x0000000046422bf0 in ?? ()
25 0x0000000046424dc0 in ?? ()
26 0x00000000026d5eb8 in ?? ()
27 0x00002aaab0987710 in ?? ()
28 0x00002b59d0ee2de2 in PyEval_EvalFrame (f=0x0) at Python/ceval.c:538
29 0x0000000000000000 in ?? ()
You are almost certainly doing something bad with pointers in your C++ code, which can be very tough to debug.
Do not assume that the stack trace is relevant. It might be relevant, but pointer misuse can often lead to crashes some time later
Build with full warnings on. The compiler can point out some non-obvious pointer misuse, such as returning a reference to a local.
Investigate your arrays. Try replacing arrays with std::vector (C++03) or std::array (C++11) so you can iterate using begin() and end() and you can index using at().
Investigate your pointers. Replace them with std::unique_ptr(C++11) or boost::scoped_ptr wherever you can (there should be no overhead in release builds). Replace the rest with shared_ptr or weak_ptr. Any that can't be replaced are probably the source of problematic logic.
Because of the very problems you're seeing, modern C++ allows almost all raw pointer usage to be removed entirely. Try it.
First things first, compile both your binary and libpython with debug symbols and push it out. The stack trace will be much easier to follow.
The relevant argument to g++ is -g.
Suggestions:
As already suggested, provide a complete debug build
Provide a memory test tool and a CPU torture test
Load debug symbols of python library when analyzing the core dump
The stacktrace shows something concerning eval(), so I guess you do dynamic code generation and evaluation/execution. If so, within this code, or passed arguments, there might be the actual error. Assertions at any interface to the code and code dumps may help.
I try to access a SmartCard via C++.
I got already the Connection and the CardHandle.
But when I send an APDU Command via SCardTransmit, i'll get 6E 00 as the answer from the card.
No matter which APDU Command i send.
Everytime 6E 00.
For Example:
FF CA FA 00 00 (Card's ATR - Answer To Reset) or
FF CA FF 82 00 (Product name in ASCII)
The same thing when i send the Command with an PC/SC Testtootl like "PC/SC Diag".
Has anybody an Idea what the meaning of this Error-Code and how to solve the problem?
Please help me !!!! ;-)
According to ISO 7816-4 0x6E00 means "Class not supported".
Are you using the correct CLA value in the APDU?
The class (CLA) byte is usually 0x00, 0xA0, 0xC0 or 0xF0 and sometimes masked with 0x0C that indicates Secure Messaging on some cards. AFAIK, the only invalid CLA value is 0xFF.
But this varies from one card to another, do you have the card specification from the vendor?
It means "Wrong Instruction Class". Maybe it's just the wrong type of card?
https://datatracker.ietf.org/doc/html/draft-urien-eap-smartcard-05
The BasicCard PDF manual has a list of error codes on page 152-153.
The one you got they describe as "CLA byte of command not recognized".
"6A 86" is likely the response to a card specific command and I dont see it in the BasicCard list.