Resetting an OpenPGP smart card "bricks" it
Chris Boot
bootc at bootc.net
Wed Mar 12 17:15:57 CET 2014
On 12/03/14 15:21, Peter Lebbing wrote:
> On 2014-03-12 14:54, Werner Koch wrote:
>> pcsclite should have tool to send APDUs to a card. My old gscutils card
>> tools have been replaced by scdaemon's APDU command. You may find them
>> somewhere but using the tools from pcsc should be easier.
>
> Back in January, in a similar situation, I found[1] someone had written
> a little python script[2] to send the APDU's. If the smartcard isn't
> pleased by the order of the two APDU's, try them in reverse order (the
> code is easy to read).
>
> HTH,
>
> Peter.
>
> [1] http://lists.gnupg.org/pipermail/gnupg-users/2014-January/048836.html
> [2] http://lists.gnupg.org/pipermail/gnupg-devel/2013-March/027518.html
Peter,
THANK YOU! Your pointers helped me recover both cards.
I didn't use the Python script at [2], but I sent the two APDUs that it
sends to the cards using 'scriptor', which recovered them. Unfortunately
I closed the window shortly after celebrating so I don't have the exact
transcript of the session, but it looked something like:
$ scriptor
No reader given: using Gemalto USB Shell Token V2 (D4182110) 00 00
Using T=1 protocol
Reading commands from STDIN
00 a4 04 00 06 d2 76 00 01 24 01
> 00 a4 04 00 06 d2 76 00 01 24 01
< XX YY : {{ NVRAM not changed }}
00 44 00 00
> 00 44 00 00
< 90 00 : Normal processing.
Note the line that says XX YY and NVRAM not changed is from memory; I
remember it saying about the NVRAM having _not_ being changed, but it
worked anyway. I really wish I hadn't fat-fingered my terminal and
closed it.
For others following this thread, 'scriptor' is in the pcsc-tools
package in Debian, and seems to be a pretty neat if scary tool for
sending raw ADPUs to smart cards.
Thanks again Peter for pointing me at that Python script.
Cheers,
Chris
--
Chris Boot
bootc at bootc.net
More information about the Gnupg-users
mailing list