New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
epass 2003 - Failed to erase card #767
Comments
Please contact @FeitianSmartcardReader, they can provide you a tool to fix that problem. |
@jursonovicst Please send mail to Leon@ftsafe.com, he will give you a tool, thanks |
Thank you... |
@FeitianSmartcardReader it would be convenient if you could post the tool here. I also have the same problem, and I request you to send me the tool. I've sent you a mail already (from mail at aurabindo dot in). kindly respond to that. |
Also having this issue with two different devices. @FeitianSmartcardReader dropped the address above an email. |
did you send mail to us? We didn't receive your mail, please send mail to us, thanks |
@FeitianSmartcardReader Have sent again to both addresses. Should be coming from --removed-- |
@alistairmackenzie We finish linux tool, check and download from below: |
Source code for Fix_tool is needed, otherwise we cannot know whether the Fix_tool do something other than fixing the token. |
Hey ;)
but it gives me the following output...
Dont know where the error failed to store certificate: not supported come from Greetings |
I'm trying to overcome this problem:
When running the fix-tool posted above it pretends to be working:
However the problem remains even after replugging the epass2003 usb key. I am able to do a |
1 similar comment
I'm trying to overcome this problem:
When running the fix-tool posted above it pretends to be working:
However the problem remains even after replugging the epass2003 usb key. I am able to do a |
I am working with R&D check, we may back to you next Monday or Tuesday, thanks
|
@RichieB2B can please share your pcsc log for our engineer to check? or is possible to have a remote session to have a look? thanks and looking forward to your reply, my mail hongbin@ftsafe.com |
@FeitianSmartcardReader I was all set to record the pcscd logs, but I can't seem to reproduce the issue. |
The previous erase sequence did not always work. For example: % pkcs15-init -C Using reader with a card: Feitian ePass2003 00 00 New User PIN. Please enter User PIN: 1234 Please type again to verify: 1234 Unblock Code for New User PIN (Optional - press return for no PIN). Please enter User unblocking PIN (PUK): Failed to create PKCS OpenSC#15 meta structure: Security status not satisfied % pkcs15-init -E Using reader with a card: Feitian ePass2003 00 00 Failed to erase card: Security status not satisfied This apparently bricked many people's ePass2003 devices: OpenSC#767 https://sourceforge.net/p/opensc/mailman/message/33621883/ https://github.com/OpenSC/OpenSC/wiki/Feitian-ePass2003 Feitian provided a proprietary binary blob called `FIX_TOOL' to recover devices from this state, but declined to offer source code when asked: https://download.ftsafe.com/files/ePass/Fix_Tool.tar.gz https://download.ftsafe.com/files/reader/SDK/Fix_Tool_20200604.zip With reverse-engineering help by Saleem Rashid (@saleemrashid on Github), I was able to find the sequence of three APDUs that the tool submits to the device to erase it. The mechanism seems to be: 1. Install a magic PIN. This is like install_secret_key, as used by internal_install_pin, but with a few different magic constants. 2. Verify the magic PIN. 3. Delete the MF file, without selecting anything first. With this patch, `pkcs15-init -E' successfully erases my ePass2003, and I am able to initialize it with `pkcs15-init -C -p pkcs15+onepin' if I set both a user pin and a PUK. (This patch does not prevent the ePass2003 from getting into the state which could not be erased by the old erase sequence.)
The previous erase sequence did not always work. For example: % pkcs15-init -C Using reader with a card: Feitian ePass2003 00 00 New User PIN. Please enter User PIN: 1234 Please type again to verify: 1234 Unblock Code for New User PIN (Optional - press return for no PIN). Please enter User unblocking PIN (PUK): Failed to create PKCS #15 meta structure: Security status not satisfied % pkcs15-init -E Using reader with a card: Feitian ePass2003 00 00 Failed to erase card: Security status not satisfied This apparently bricked many people's ePass2003 devices: #767 https://sourceforge.net/p/opensc/mailman/message/33621883/ https://github.com/OpenSC/OpenSC/wiki/Feitian-ePass2003 Feitian provided a proprietary binary blob called `FIX_TOOL' to recover devices from this state, but declined to offer source code when asked: https://download.ftsafe.com/files/ePass/Fix_Tool.tar.gz https://download.ftsafe.com/files/reader/SDK/Fix_Tool_20200604.zip With reverse-engineering help by Saleem Rashid (@saleemrashid on Github), I was able to find the sequence of three APDUs that the tool submits to the device to erase it. The mechanism seems to be: 1. Install a magic PIN. This is like install_secret_key, as used by internal_install_pin, but with a few different magic constants. 2. Verify the magic PIN. 3. Delete the MF file, without selecting anything first. With this patch, `pkcs15-init -E' successfully erases my ePass2003, and I am able to initialize it with `pkcs15-init -C -p pkcs15+onepin' if I set both a user pin and a PUK. (This patch does not prevent the ePass2003 from getting into the state which could not be erased by the old erase sequence.)
Expected behaviour
What should happen?
epass 2003 should be erased
Actual behaviour
What happens instead?
pkcs15-init -E
gives the following error:Steps to reproduce
Logs
pkcs15-init -E -vvv logs
The text was updated successfully, but these errors were encountered: