card is permanently locked!

[Pete Stephenson]

On Mon, Nov 17, 2014 at 5:08 PM, Damien Goutte-Gattat
<dgouttegattat at incenp.org> wrote:
[snip]
> With gpg-agent and scdaemon running, you should be able to do that with
> the following commands:
>
> $ gpg-connect-agent
>> SCD APDU 00 e6 00 00
>> SCD APDU 00 44 00 00
>> /bye
>
> Disclaimer: I’ve never actually tried that, but that’s what I would do
> in such a case after reading the specs. I guess that with a “permanently
> blocked” card, one does not have much to lose…

I have, and it works fine (if "fine" is defined as "completely erasing
the card and starting from factory-fresh settings") on version 2
cards. Version 1 cards will be bricked according to [1].

I use the strategy outlined at [1]:
1. Add the following lines to a text file called "reset.txt", omitting
the equals signs:

======
/hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00
/echo card has been reset to factory defaults
=====

2. Insert the smartcard to be reset.

3. Run "gpg-connect-agent < reset.txt"

4. Remove the smartcard.

5. Wait a few seconds, then reinsert the smartcard.

6. Run "gpg --card-status": the card should show as factory fresh[2].

Cheers!
-Pete

[1] http://lists.gnupg.org/pipermail/gnupg-users/2009-September/037414.html
[2] Fresh scent of pine is optional.

-- 
Pete Stephenson