Comments (19)
Thanks - looks like I'm not ha doing that as well as I thought. I'll get a fix for that hopefully tomorrow.
from nfcpassportreader.
Its very unlikely that you'll be able to read DG3 as that contains biometric info (fingerprints) and you need an additional private certificate/key to be able to read it.
However it should be skipped over and the rest of the passport read OK - is this not happening?
The last version made some changes so that if we got a security status failed then it ignored that DG and moved on to the next one. If this isn't happening please let me know!
from nfcpassportreader.
Its very unlikely that you'll be able to read DG3 as that contains biometric info (fingerprints) and you need an additional private certificate/key to be able to read it.
Thanks! Good to know!
However it should be skipped over and the rest of the passport read OK - is this not happening?
The last version made some changes so that if we got a security status failed then it ignored that DG and moved on to the next one. If this isn't happening please let me know!
looks like it doesn't.
only if I add skipping DG3
explicitly
for dg in foundDGs {
let id = DataGroupId.getIDFromName(name:dg)
if dg != "DG3" {
self.dataGroupsToRead.append(id)
}
}
then it is skiped and finishes the reading successfully.
from nfcpassportreader.
What Datagroups are contained in your passport? (there is a debug lin just after Reading tag - COM that should say:
DG Found - ["DG1, .....]
Could you post that line?
from nfcpassportreader.
What Datagroups are contained in your passport? (there is a debug lin just after Reading tag - COM that should say:
DG Found - ["DG1, .....]Could you post that line?
DG Found - ["DG1", "DG3", "DG14", "DG2"]
from nfcpassportreader.
I think I've found the problem. If DG3 is read last for some reason, then the passport read fails.
Could you please check 1.0.1 and let me know if this fixes your issue?
from nfcpassportreader.
Thanks, 1.0.1
fixes the issue. But know it doesn't display the photo from the id (It did with 1.0.0
).
guard let dg2 = dataGroupsRead[.DG2] as? DataGroup2 else { return nil }
return dg2.getImage()
returns nil
because dataGroupsRead
doesn't contain DG2
(contains only [DG1, COM, SOD]
).
should I create a new issue for that?
from nfcpassportreader.
Ahhh - GAH! I see what I've done! Did a quick version update and 1.0.2 should REALLY fix this!
from nfcpassportreader.
Looks like 1.0.2
reverts the initial issue again (Reading tag - DG3
)
#22 (comment)
#22 (comment)
from nfcpassportreader.
Hmm this is tricky! Could you send your whole log? I really can't replicate this at all!
No matter what order I read the DGs in, I'm getting everything I can read read in.
from nfcpassportreader.
Reading tag - DG3
Mask class byte and pad command header
CmdHeader: <value>
Pad data
Data: <value>
Encrypt data with KSenc
EncryptedData: <value>
Build DO'87
DO87: <value>
Concatenate CmdHeader and DO87
M: <value>
SSC: <value>
Compute MAC of M
Increment SSC with 1
SSC: <value>
Concatenate SSC and M and add padding
N: <value>
x0: <value>
y0: <value>
x1: <value>
y1: <value>
x2: <value>
y2: <value>
x3: <value>
y3: <value>
y: <value>
bkey: <value>
akey: <value>
b: <value>
a: <value>
Compute MAC over N with KSmac
CC: <value>
Build DO'8E
DO8E: <value>
Construct and send protected APDU
ProtectedAPDU: <value>
[SM] <NFCISO7816APDU: <value>>
Error reading tag: sw1 - 69, sw2 - 82 - reason: Security status not satisfied
ERROR - Security status not satisfied
Starting Basic Access Control (BAC)
Calculate the SHA-1 hash of MRZ_information
Hsha1(MRZ_information): <value>
Take the most significant 16 bytes to form the Kseed
Kseed: <value>
Calculate the Basic Acces Keys (Kenc and Kmac) using Appendix 5.1
Compute Encryption key (c: 00000001
Concatenate Kseed and c
D: <value>
Calculate the SHA-1 hash of D
Hsha1(D): <value>
Form keys Ka and Kb
Ka: <value>
Kb: <value>
Adjust parity bits
Ka: <value>
Kb: <value>
Compute MAC Computation key (c: 00000002
Concatenate Kseed and c
D: <value>
Calculate the SHA-1 hash of D
Hsha1(D): <value>
Form keys Ka and Kb
Ka: <value>
Kb: <value>
Adjust parity bits
Ka: <value>
Kb: <value>
DATA - [119, 34, 117, 73, 106, 167, 154, 249]
Request an 8 byte random number from the MRTD's chip
RND.ICC: <value>
Generate an 8 byte random and a 16 byte random
RND.IFD: <value>
RND.Kifd: <value>
Concatenate RND.IFD, RND.ICC and Kifd
S: <value>
Encrypt S with TDES key Kenc as calculated in Appendix 5.2
Eifd: <value>
x0: <value>
y0: <value>
x1: <value>
y1: <value>
x2: <value>
y2: <value>
x3: <value>
y3: <value>
x4: <value>
y4: <value>
y: <value>
bkey: <value>
akey: <value>
b: <value>
a: <value>
Compute MAC over eifd with TDES key Kmac as calculated in-Appendix 5.2
Mifd: <value>
Construct command data for MUTUAL AUTHENTICATE
cmd_data: <value>
Error reading tag: sw1 - 6A, sw2 - 88 - reason: Referenced data not found
ERROR - The operation couldn’t be completed. (NFCPassportReader.TagError error 0.)
BAC Failed
tagReaderSession:didInvalidateWithError - Error Domain=NFCError Code=200 "Session invalidated by user" UserInfo={NSLocalizedDescription=Session invalidated by user}
from nfcpassportreader.
Sorry, could you include the whole steps - that looks like you are only trying to read the DG3 element (which you can't read due to security).
Could you also set the LogLevel to .info (in Logging.swift) as I don't need to see all the chip details.
For info, you can read the COM (directory index), SOD (security object), DG1 (MRZ info), DG2 (image), DG7 (signature if present), DG11 (additional personal info if present), DG12 (additional issuer info if present), DG14 (chip authentication signatures if present), DG15 (active authentication key if present).
You can't read DG3 (biometric info) as those certificates are restricted to Government use
Other DGs aren't yet implemented.
If you explicitly only try to read DG3 then you won't get anything back.
from nfcpassportreader.
Yep, I read not only DG3
, sorry didn't add the logs for other tags.
The whole log with info
log level:
Starting Basic Access Control (BAC)
BAC Successful
Reading tag - COM
DG Found - ["DG1", "DG3", "DG14", "DG2"]
Reading tag - SOD
Reading tag - DG1
Reading tag - DG3
Error reading tag: sw1 - 69, sw2 - 82 - reason: Security status not satisfied
ERROR - Security status not satisfied
Starting Basic Access Control (BAC)
Error reading tag: sw1 - 6A, sw2 - 88 - reason: Referenced data not found
BAC Failed
from nfcpassportreader.
OK, that looks like the re-doing of BAC fails for some reason. (we need to do this after we fail because the original BAC gets invalidated). This could be a feature of the passport (it doesn't do it with my test passports so I've not seen this).
Could you please try adding slight delay before re-doing BAC? E.g. the below would add a 1 second delay
if you change line 256-268 in PassportReader from:
} else if errMsg == "Security status not satisfied" {
// Can't read this element as we aren't allowed - remove it and return out so we re-do BAC
self.dataGroupsToRead.removeFirst()
completed(nil)
to:
} else if errMsg == "Security status not satisfied" {
// Can't read this element as we aren't allowed - remove it and return out so we re-do BAC
self.dataGroupsToRead.removeFirst()
DispatchQueue.main.asyncAfter(deadline: .now() + 1, execute: {
completed(nil)
})
And let me know if that fixes it.
from nfcpassportreader.
Could you please try adding slight delay before re-doing BAC? E.g. the below would add a 1 second delay
if you change line 256-268 in PassportReader from:
} else if errMsg == "Security status not satisfied" {
// Can't read this element as we aren't allowed - remove it and return out so we re-do BAC
self.dataGroupsToRead.removeFirst()
completed(nil)to:
} else if errMsg == "Security status not satisfied" {
// Can't read this element as we aren't allowed - remove it and return out so we re-do BAC
self.dataGroupsToRead.removeFirst()
DispatchQueue.main.asyncAfter(deadline: .now() + 1, execute: {
completed(nil)
})And let me know if that fixes it.
It doesn't help, even with the delay more than 1 second.
from nfcpassportreader.
Hmm, I'm fairly stumped as to why re-doing BAC is failing. Not something I've come across on any of my test passports.
So for now, a workaround is to just not read DG3.
e.g.
let dataGroups : [DataGroupId] = [.COM, .SOD, .DG1, .DG2]
passportReader.readPassport(mrzKey: mrzKey, tags:dataGroups, completed: .....)
I'll look at adding an option to not even attempt to read secured elements in the next version (maybe will make that the default).
from nfcpassportreader.
Ok, thanks for your help!
I'll find some time later to investigate and share my findings if I have something.
from nfcpassportreader.
1.0.3 no longer reads the DG3 (or DG4) by default - hopefully that fixes this issue!
from nfcpassportreader.
Thanks, that fixes the issue!
from nfcpassportreader.
Related Issues (20)
- rsassaPss/SHA512 signature verification error
- Fails on chinese passport HOT 4
- extract.py: Fails for `.ml` files HOT 4
- Exclude OpenSSL HOT 1
- File not found ID Card HOT 2
- TagReader keeps failing on reading DG2 from older dutch passport. HOT 4
- How can i read to German Passport to old fw version ?
- Sample app fails to read German passport HOT 5
- iOS 17.4 nfc popup allows to cancel already failed scanning session
- Getting errors for "Log" and "LogLevel" not being in scope on example_cocoapods HOT 2
- Can not add as SPM HOT 2
- Library evolution issue HOT 5
- DG11 return nil in reading nfc Vietnam Id Card HOT 4
- Mohammad Dawood Karimy
- Mohammad Dawood Karimy
- OpenSSL 3.1.5001 HOT 1
- Some Portuguese and Spanish passports will not have image from DG2 HOT 3
- Can not select Master File to read EF.CardAccess (for PACE) with Vietnam ID card (error: 6D 00) HOT 6
- Sensitive data in logs HOT 2
- Error identifying Active Authentication Hash Algorithm - Chinese ePassport HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nfcpassportreader.