NOTICE: The Processors Wiki will End-of-Life on January 15, 2021. It is recommended to download any files or other content you may need that are hosted on processors.wiki.ti.com. The site is now set to read only.
SmartCard Implementation on OMAPL PRU - Software Users Guide
Contents
- 1 Introduction
- 2 Current Status
- 3 Features Supported
- 4 Features Not Supported
- 5 Hardware Requirements
- 6 Soft UART Requirement
- 7 Location of the Source Code
- 8 Build Procedure
- 9 Components on Target File System
- 10 Running the SmartCard Application
Introduction[edit]
This article serves as the User's Guide for the SmartCard implementation on the Programmable Real-Time Unit (PRU) of the AM1808 device from Texas Instruments. This user's guide will detail the features supported, source locations, build procedure, and test procedure.
The software described below emulates a SmartCard reader by implementing the ISO 7816 protocol stack on the PRU. The following high level components create the SmartCard solution:
- PRU Firmware - This firmware is responsible for controlling the physical transmission/reception of data as well as detecting and handling errors.
- Linux Driver - The driver is implemented using the serial subsystem of the Linux kernel as in interface to send and receive data to the SmartCard. The driver also controls the power, reset, and card detect lines.
- IFDHandler - The IFDHandler is a user space Linux library used by other software stacks to abstract communication with the SmartCard to a simple and common interface. In this implementation the IFDHandler is also responsible for handling the procedure byte from the SmartCard which details how to send the data section of an APDU command.
- pcsc-lite - This is an open source software stack for communicating with a SmartCard. This software stack has not been modified and is used as a library for applications to request access to the SmartCard.
- OpenEmbedded Recipes - The building of the entire system including bootloaders, kernel, and file system is accomplished using an overlay to the OpenEmbedded project. The OpenEmbedded project is a community effort for building custom embedded distributions. It solves the often complex cross-compilation and linking issues as well and handling generation of file system images. More details for using this overlay can be found in the Build Procedure section below.
Note: The Linux Driver is implemented on the 2.6.32 kernel. Currently there are no plans to port this driver to a newer kernel version. The code is provided as-is.
The general flow of data in this system is to have the application use the pcsc-lite library and daemon to request/send data to the card. The pcsc-lite library will in turn use the IFDHandler library to communicate with the TI specific implementation using the Linux driver and a serial protocol. The driver will in turn communicate with the firmware running on the PRU to actually transmit or receive the data and the firmware will handle any errors that occur during transmission. The following diagram is a graphical representation of this software stack.
Current Status[edit]
This project is currently in a Beta phase of development. This means that while most features work there could be bugs or limitations. The next sections lists the known issues but is not necessarily a comprehensive list.
Known Issues[edit]
- During some cases when signaling a parity error a repeating pulse pattern has been observed on the data line. The cause for this pattern is under investigation but when this issue occurs the data line used to communicate with the card is no longer in a good state.
- This issue has not been observed with the latest code but the likely reason is because the latest code is not causing the accidental detection of a parity error like the previous version was.
Test Devices[edit]
This software was tested with ESAM (DIP) and CPU card packages from M&W. The part numbers are:
- M&W CPU card 3B6C00024561863836F7D5687654D06C
- M&W ESAM 3B6C0002436186380754410033036828
Features Supported[edit]
- ISO 7816-3 and ISO 7816-4 compliant
- Asynchronous half-duplex character transmission protocol (T=0) supported
- Byte reception and transmission with parity check
- Retransmission on error detection
- Card detection support
- Class A (5V) support
- LSB-first transmission mode support
- Software programmable input clock support
- Single SmartCard Reader implementation
- Multiple programmable baud rate support
- NOTE: This feature is not yet implemented and is under development
Features Not Supported[edit]
- Class B (3V) and Class C (1.8V) operating conditions
- Negotiation of class operating condition (only class A is supported)
- SPU (C6) contact on card
- Negotiation of fmax, D, & F for clock frequency
- NOTE: Default clock frequency is fixed at 3.57 MHz but can be modified using the pru-smartcard-clock script
- Clock stop
- PPS negotiation
- MSB-first transmission mode
- Transmission protocols T=1 and higher are not supported
- Synchronous transmission protocols
- Security and cryptography
- ISO 7816, sections 5-15
Hardware Requirements[edit]
This code depends on additional hardware not found in the EVM box. For information about this hardware please send an e-mail to sc_hw@list.ti.com.
The hardware to support the SmartCard implementation requires the following signals and AM1808 pins:
SIGNAL | DIRECTION | EXPECTED PIN |
---|---|---|
SmartCard Vcc Enable | Output | GPIO |
SmartCard Vpp Enable | Output | GPIO |
SmartCard Detect | Input | GPIO |
SmartCard Reset | Output | GPIO |
SmartCard Timer | Output | ECAP Auxillary PWM (ECAP<n>_APWM<n>) |
SmartCard TX (IO line) | Output | McASP Serializer (AXR<m>) |
SmartCard RX (IO line) | Input | McASP Serializer (AXR<n>) |
SmartCard Parity Error (IO line) | Output | PWM (EPWM<n>A or EPWM<n>B) |
Soft UART Requirement[edit]
The current implementation of SmartCard is intended to be run on PRU1 of the AM1808 in conjunction with a Soft UART implementing firmware running on PRU0 which provides an additional 4 UART ports. Details of the Soft UART (SUART) implementation can be found here.
The SmartCard Linux driver requires that both firmware images for SmartCard and SUART be loaded into the PRUs and the same driver is used to provide the SmartCard (using serial interface) and SUART functionality. This is why the device nodes used to access the different functionalities are:
- /dev/ttySU0 - SUART Port 1
- /dev/ttySU1 - SUART Port 2
- /dev/ttySU2 - SUART Port 3
- /dev/ttySU3 - SUART Port 4
- /dev/ttySU4 - SmartCard
Location of the Source Code[edit]
Source code for all the SmartCard Reader software components are maintained in a series of git repositories hosted at gitorious.org. At the gitorious site there is a PRU project which contains all of the repositories. The following table is the list of software components with their repositories and the branch details.
NOTE: In order for the SmartCard firmware to operate it also requires a version of the SUART firmware to be loaded onto PRU0. This SUART firmware is located on a special branch of the generic SUART firmware repository. For this reason the pru-uart-fw repository is listed below as well.
COMPONENT | GITORIOUS REPOSITORY | GIT CLONE URL | LATEST BRANCH |
---|---|---|---|
SmartCard Firmware | pru/pru-sc-fw | git://gitorious.org/pru/pru-sc-fw.git | pru1-migration |
SUART+SmartCard Firmware | pru/pru-uart-fw | git://gitorious.org/pru/pru-uart-fw.git | mei |
Linux Kernel and Driver Source | pru/pru-linux-drivers | git://gitorious.org/pru/pru-linux-drivers.git | master |
IFDHandler Library | pru/pru-sc-ifdhandler | git://gitorious.org/pru/pru-sc-ifdhandler.git | pru1-migration |
SmartCard Test Application | pru/pru-sc-testapp | git://gitorious.org/pru/pru-sc-testapp.git | master |
OpenEmbedded Recipes | pru/pru-recipes | git://gitorious.org/pru/pru-recipes.git | master |
The source code from the git repository can be pulled into local host using the git commands below replacing the values in <> marks with the value from the table above. Note: Install git if not available on the local host
git clone <GIT CLONE URL> # Command to pull the repository git checkout <LATEST BRANCH> # Command to checkout to the required branch
Following are the example commands to pull the IFDHandler source code
git clone git://gitorious.org/pru/pru-sc-ifdhandler.git git checkout pru1-migration
It is also work noting that many of these repositories also have git tags corresponding to particular releases. These tags can be viewed online, or in the checked out repository by using the git tag command.
Build Procedure[edit]
This section will detail both how to build an entire distribution using OpenEmbedded and the overlay contained in the pru-recipes repository as well as building the Linux kernel and PRU firmware stand-alone.
Building using OpenEmbedded[edit]
This sections covers using OpenEmbedded and the pru-recipes overlay to build the entire distribution. This is required when building applications that will link with the pcsc-lite library to provide the proper cross-compilation environment and libraries. The pru-recipes overlay was based on the Arago project overlay from arago-project.org and so you will see the use of the arago name throughout.
Prerequisites[edit]
Install Required Packages[edit]
For an Ubuntu 10.04 host you should install the following packages:
- build-essential
- subversion
- ccache
- sed
- wget
- cvs
- git-core
- coreutils
- unzip
- texinfo
- docbook-utils
- gawk
- help2man
- diffstat
- file
- g++
- texi2html
- bison
- flex
- htmldoc
- chrpath
- libxext-dev
- xserver-xorg-dev
- doxygen
- corkscrew
You can use the following command to install all of these package:
sudo apt-get install build-essential subversion ccache sed wget cvs git-core coreutils unzip texinfo docbook-utils gawk help2man diffstat file g++ texi2html bison flex htmldoc chrpath libxext-dev xserver-xorg-dev doxygen corkscrew
Install the Toolchain[edit]
You will also need to install the codesourcery toolchain. The normal toolchain location to install to is in /opt/arm-2009q1. You can find information on installing the toolchain at this link
NOTE: you may need to install the toolchain using sudo or change permissions of /opt/arm-2009q1 to allow you to write to that directory.
Change Default Shell[edit]
OpenEmbedded contains packages that may have shell script that is not Dash shell compliant. To avoid possible issues it is best to change your /bin/sh shell to bash using the following command:
sudo dpkg-reconfigure dash
Select No when prompted
Disk Space Requirements[edit]
Building an entire distribution can require a sizeable amount of disk space (Minimum of 19GB).
Obtain the Sources[edit]
In order to build with OpenEmbedded you will need to clone three repositories that contain the metadata (recipes) used to build all the packages. NOTE: OpenEmbedded contains recipes for more packages than are required for SmartCard. These packages can be used to add additional functionality to your system but are not built by default.
git clone git://gitorious.org/pru/pru-recipes.git arago git clone git://arago-project.org/git/arago-oe-dev.git git clone git://arago-project.org/git/arago-bitbake.git
For the arago-oe-dev and arago-bitbake repositories the last validated revisions are:
- arago-oe-dev: 1428ddd69c31eb7f9874c8e7941ea614b423904b
- arago-bitbake: 789382350344a40a3d7c094b5a96bee2a69d01fa
To use these revisions you must do:
- cd <repo name>
- git checkout <revision>
For example to use the correct revision for arago-oe-dev you would do:
cd arago-oe-dev git checkout 1428ddd69c31eb7f9874c8e7941ea614b423904b
Setup the Environment File[edit]
cd arago cp setenv.sample setenv
Edit setenv and set OEBASE to the location where you cloned the arago repositories above. For example if you made a directory in /home/user/build and cloned the repositories in this directory then OEBASE should be set to:
export OEBASE=/home/user/build
Setup the Configuration File[edit]
cd arago/conf cp local.conf.sample local.conf
Change MACHINE ?= “arago” to MACHINE ?= “am180x-evm”
If you have more than 1 CPU Uncomment the PARALLEL_MAKE and BB_NUMBER_THREADS lines and set the value to the number of CPUs you have
NOTE: If you want to preserve disk space you can also uncomment the line INHERIT += "rm_work". However, if you do this then using the method described below to do custom one-off builds without updating recipes will no longer work since your work directories will be cleaned after each package is built.
Source Environment Script[edit]
In the terminal you are going to use for building you will need to source the environment script to set the required variables. This can be done using:
source arago/setenv
Build the Distribution[edit]
Using the following command will build the kernel, bootloader, and file system with all required packages for SmartCard support.
bitbake arago-pcsc-lite-image
NOTE: It can take a long time to do the initial build of the file system depending on your system resources. During this time the build system is downloading the package sources and compiling the packages that make up the system. As long as you do not delete your arago-tmp and downloads directories which are created during the build process, subsequent builds will be done much faster because they will only have to build the delta changes.
SmartCard Recipes[edit]
The following recipes (paths given from the OEBASE directory) were created to build the SmartCard software components:
- arago/recipes/pcsc-lite/pcsc-lite_1.6.7.bb: PC/SC lite library package. This is the last version that still used "hal" instead of requiring later versions of udev
- arago/recipes/pru/handlertest_0.3.1.bb: Builds a simple test application that tests if IFDHandler
- arago/recipes/pru/pasm.bb: Stages the pasm executable required to build PRU firmware
- arago/recipes/pru/pru-smartcard-examples_1.0.bb: Builds the pcsc_test application which using the PC/SC lite library to test communication with the board.
- arago/recipes/pru/pru-smartcard-firmware_1.0.bb: Builds the SmartCard firmware to be loaded on the PRU
- arago/recipes/pru/pru-smartcard-ifdhandler_1.0.bb: Builds the IFDHandler library used by PC/SC lite
- arago/recipes/pru/pru-suart-sc-firmware_1.0.bb: Builds the Soft UART firmware that is used in conjunction with the SmartCard firmware. This is required for the driver to load.
- arago/recipes/linux/linux-pru: Build the Linux kernel will support for eCAP input clock, SUART driver, and SmartCard Driver.
Building Tips/Tricks[edit]
Often times you may want to make a simple modification to the test application to try sending an additional command. You could create a new repository with your version of the test application and modify the pru-smartcard-examples recipe to pull from your repository. You could then keep bumping the SRCREV value for each small change you make to the test application and rebuilding, but this is often more work than is required. One of the simplest ways to make a change to any of the software (including firmware, drivers, ifdhandler, etc) is to use the files in the work directory (NOTE: This assumes you did not uncomment the rm_work line in your local.conf file).
In OpenEmbedded each package that is build gets its own unique work directory. This directory can be found in the:
arago-tmp/work/<arch>/<recipe-name> directory, where <arch> is the architecture of the package. For generic packages this is usually armv5te-none-linux-gnueabi, whereas for machine specific packages like the Linux kernel this is the am180x-evm-none-linux-gnueabi directory. <recipe-name> corresponds to the name of the recipe in Arago. As an example if I want to go to the work directory of the pru-smartcard-examples directory it would be:
arago-tmp/work/armv5te-none-linux-gnueabi/pru-smartcard-examples-1.0-r4/
In that directory you will find the sources in the git directory (This may be different for other packages). You can then go ahead and modify these sources for the change you want.
Once the sources have been modified the next step is to build them. Since most applications also require linking against additional libraries and headers this is where things would normally get complicated. Fortunately OpenEmbedded has saved the command that was used to build the application the first time. Inside of the temp directory you will find a script named something like:
run.do_compile.xxxxx
where xxxxx is some number. By executing this script you will get a properly configured cross compile environment and be able to recompile the application properly.
Building Firmware[edit]
In case you wish to modify the SmartCard firmware or the required SUART firmware and rebuild outside of the OpenEmbedded flow you can use the following command to build the firmware.
NOTE: As mentioned above it is required that the SUART firmware be loaded to run in conjunction with the SmartCard firmware. This version of the SUART firmware shares resources with the SmartCard firmware and routes interrupts from the serializers to the SmartCard firmware.
Prerequisites[edit]
- You will need to have cloned the firmware repositories listed above in order to have access to the SmartCard and SUART firmwares.
- You will need to have the pasm tool. You can download the tool from this link
Building SmartCard Firmware[edit]
- cd pru-sc-fw
- git checkout pru1-migration
- mkdir -p bin
- pasm -b -DMCASP0 PRU_SCARD_Emulation.p bin/PRU_SCARD_Emulation
Building SUART Firmware[edit]
- cd pru-uart-fw
- git checkout mei
- mkdir -p bin
- pasm -b -DMCASP0 PRU_SUART_Emulation.p bin/PRU_SUART_SC_Emulation
Building Linux Kernel and Device Driver[edit]
Pull the Linux kernel source from the pru-linux-drivers Gitorious repository specified above and go to the latest branch. Execute the following commands in sequence
cd pru-linux-drivers make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabi- distclean make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabi- da850_am18x_pru_defconfig make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabi- xconfig
NOTE: In order to use xconfig you may need to install Qt support using sudo apt-get install libqt3-mt-dev. If you do not want to use xconfig you may also use menuconfig to configure the kernel
- Enable Device Drivers -> Character devices -> Serial drivers -> PRU based SmartCard interface for OMAPL as a module
- NOTE: It is OK to also have the PRU based SUART emulation for OMAPL driver enabled as a module as well, but it cannot be built statically into the kernel. These two drivers are mutually exclusive and cannot both be loaded at the same time.
- Enable Device Drivers -> PWM Support and Device Drivers -> eCAP PWM support as statically linked modules
- NOTE: These modules should be enables statically to allow for proper configuration of the SmartCard clock on system startup.
- Save the configuration and execute the following commands to compile the kernel and the modules.
- make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabi- uImage
- make ARCH=arm CROSS_COMPILE=arm-none-linux-gnueabi- modules
Components on Target File System
[edit]
All the software components of the SmartCard Reader has to be placed at specific directories in the target file sytem. Following table has the list of software components and their location on the target file system.
COMPONENT | DESCRIPTION | LOCATION ON FILE SYSTEM |
---|---|---|
SmartCard Firmware | Firmware to run on PRU1 and emulate a SmartCard reader | /lib/firmware/PRU_SCARD_Emulation.bin |
SUART+SmartCard Firmware | Firmware to run on PRU0 and provide 4 SUART ports | /lib/firmware/PRU_SUART_SC_Emulation.bin |
Linux Driver | SUART+SmartCard driver. Loads firmware and provides access to the SUART and SmartCard ports | /lib/modules/<kernel version>/kernel/drivers/serial/omapl_pru/sc/sc_rdr.ko |
IFD Handler Library | Provides access to SmartCard for PC/SC Lite library | /usr/lib/ifd-ti-pru-sc/libtiserial.so |
SmartCard Test Application | Test application to validate communication with the SmartCard using PC/SC Lite library | /usr/bin/pcsctest |
PC/SC Lite Configuration | Configuration file for PC/SC Lite library describing the TI SmartCard reader | /etc/reader.d.conf/reader.conf |
SmartCard Clock Configuration | Startup script that allows configuring the programmable input clock to the SmartCard | /etc/init.d/pru-smartcard-clock |
Running the SmartCard Application[edit]
This section shows the expected output of running the pcsc_test application and describes the testing steps:
- Boot the board and login using root
- Insert the sc_rdr.ko module to load the firmware and provide access to the SmartCard
- root@am180x-evm:~# modprobe sc_rdr
- ti_omapl_pru_suart ti_omapl_pru_suart.1: firmware: requesting PRU_SUART_SC_Emulation.bin
- ti_omapl_pru_suart ti_omapl_pru_suart.1: fw_pru0 size 3596. downloading...
- ti_omapl_pru_suart ti_omapl_pru_suart.1: firmware: requesting PRU_SCARD_Emulation.bin
- ti_omapl_pru_suart ti_omapl_pru_suart.1: fw_pru1 size 3676. downloading...
- ti_omapl_pru_suart.1: ttySU0 at MMIO 0x1d00000 (irq = 3) is a suart_tty
- ti_omapl_pru_suart.1: ttySU1 at MMIO 0x1d00000 (irq = 4) is a suart_tty
- ti_omapl_pru_suart.1: ttySU2 at MMIO 0x1d00000 (irq = 5) is a suart_tty
- ti_omapl_pru_suart.1: ttySU3 at MMIO 0x1d00000 (irq = 6) is a suart_tty
- ti_omapl_pru_suart.1: ttySU4 at MMIO 0x1d00000 (irq = 7) is a suart_tty
- ti_omapl_pru_suart.1: ttySU5 at MMIO 0x1d00000 (irq = 8) is a suart_tty
- ti_omapl_pru_suart.1: ttySU6 at MMIO 0x1d00000 (irq = 9) is a suart_tty
- ti_omapl_pru_suart.1: ttySU7 at MMIO 0x1d00000 (irq = 10) is a suart_tty
- ti_omapl_pru_suart ti_omapl_pru_suart.1: ti_omapl_pru_suart device registered(pru_clk=228000000, asp_clk=132000000)
- The pcsc_test application does not require any user input. It will look at the /etc/reader.conf.d/reader.conf file to determine how to locate and talk to the SmartCard reader. It is executed using by simple doing
- root@am180x-evm:~# pcsc_test
- The test will execute the following APDU commands to the SmartCard (NOTE: This test assumes the SmartCard is configured with the default key of FFFFFFFFFFFFFFFF)
- Erase MF
- Create MF
- Create EF
- Install External Authentication (key 11111111111111111111111111111111)
- Install Internal Authentication (key 11111111111111111111111111111111)
- Create DF File DF01
- Select DF File DF01
- Create EF file ID 0001
- Install External Authentication (key 11111111111111111111111111111111)
- Install PIN (pin 00000000)
- Create EF file ID 0015
- Create EF file ID 0016
- Create EF file ID 0018
- Create EF file ID 0019
- Create End DF file DF01
- Create End MF file
- Perform Internal Authentication of Message 1122334455667788
- Expected result with key 11111111111111111111111111111111 is 9e90de82745e6852
- Perform External Authentication
- NOTE: This command is optional and the user is prompted if they want to perform this authentication. If the user selects "y" then they will have to perform the 3DES encryption of the 8 byte random number given by the card with the key 11111111111111111111111111111111 and type the 8 byte encrypted value back into the program WITH NO SPACES
- The expected output from running the above commands is something like
root@am180x-evm:~# pcsc_test TI Smartcard reader test application... Reader 01: TI Reader 00 00 Waiting for card insertion : SCARD_ATTR_DEVICE_FRIENDLY_NAME: TI Reader 00 00 SCARD_ATTR_ATR_STRING length: 16 SCARD_ATTR_ATR_STRING: 3B 6C 00 02 45 61 86 38 36 F7 A5 48 16 30 26 4C Current Reader Name : TI Reader 00 00 Current Reader State : 0x0034 Current Reader Protocol : T=0 Current Reader ATR Size : 16 bytes Current Reader ATR Value : 3B 6C 00 02 45 61 86 38 36 F7 A5 48 16 30 26 4 C Sending Erase MF APDU 80 0E 00 00 08 FF FF FF FF FF FF FF FF card response: 90 00 Sending Create MF APDU 80 E0 00 00 18 FF FF FF FF FF FF FF FF 0F 00 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 card response: 90 00 Successfully created MF File Sending Create EF file APDU, FileLen = 5 0, FileID= 0 1, accesscondition= f 0, filetype = 5 80 E0 02 00 07 00 01 05 0F 00 05 00 card response: 90 00 Successfully created EF File Sending InstallExternalAuth APDU 80 D4 00 00 18 01 01 00 08 0F 05 5F FF 11 11 1 1 11 11 11 11 11 11 11 11 11 11 11 11 11 card response: 90 00 Successfully installed external authentication Sending InstallInternalAuth APDU 80 D4 00 00 18 01 01 00 09 0F 05 5F FF 11 11 1 1 11 11 11 11 11 11 11 11 11 11 11 11 11 card response: 90 00 Successfully installed internal authentication Sending Create DF APDU 80 E0 01 00 0F DF 01 0F 00 BC DC BC D3 45 2E 44 44 46 30 31 card response: 90 00 Successfully created DF Sending Select DF APDU 00 A4 00 00 02 DF 01 card response: 61 11 Successfully selected DF Sending Create EF file APDU, FileLen = 4 0, FileID= 0 1, accesscondition= 5f 0, filetype = 5 80 E0 02 00 07 00 01 05 5F 00 04 00 card response: 90 00 Successfully created EF Sending InstallExternalAuth APDU 80 D4 00 00 18 01 01 00 08 0F 05 5F FF 11 11 1 1 11 11 11 11 11 11 11 11 11 11 11 11 11 card response: 90 00 Successfully installed external authentication Sending Install PIN APDU 80 D4 00 00 0C 01 01 00 0B 0F 03 33 66 00 00 00 00 card response: 90 00 Successfully installed PIN Sending Create EF file APDU, FileLen = 028, FileID= 015, accesscondition= f2 2, filetype = 0 80 E0 02 00 07 00 15 00 0F 22 00 28 card response: 90 00 Successfully created EF Sending Create EF file APDU, FileLen = 064, FileID= 016, accesscondition= f2 2, filetype = 0 80 E0 02 00 07 00 16 00 0F 22 00 64 card response: 90 00 Successfully created EF Sending Create EF file APDU, FileLen = 077, FileID= 018, accesscondition= 22f 0, filetype = 0 80 E0 02 00 07 00 18 00 22 F0 00 77 card response: 90 00 Successfully created EF Sending Create EF file APDU, FileLen = 064, FileID= 019, accesscondition= 33f 0, filetype = 0 80 E0 02 00 07 00 19 00 33 F0 00 64 card response: 90 00 Successfully created EF Sending end DF APDU 80 E0 01 01 02 DF 01 card response: 90 00 Successfully created end of DF Sending end MF APDU 80 E0 00 01 02 3F 00 card response: 90 00 Successfully created end of MF Sending internal authentication APDU 00 88 00 01 08 11 22 33 44 55 66 77 88 card response: 61 08 Geting internal authentication response APDU 00 C0 00 00 08 card response: 68 89 09 09 52 9E EB BF 90 00 Successfully completed internal authentication test... External Authentication test NOTE: This will require the user to decrypt the challenge bytes themselves with 3EDS and provide the value to the application Perform External Authentication test? [y/n] y Sending GetChallenge APDU 00 84 00 00 08 card response: 75 C9 1F E4 FA 4C 96 16 90 00 Challenge from Card: 75 C9 1F E4 FA 4C 96 16 Please enter the decrypted value of the challenge: f077cca21359f848 Input from user: F0 77 CC A2 13 59 F8 48 Sending external authenticate APDU 00 82 00 00 08 F0 77 CC A2 13 59 F8 48 card response: 90 00 Successfully completed external authentication test... Test Completed ... !