tananaev / passport-reader Goto Github PK

first of all, thanks for making this :)

sorry if it's a naive question, but what's the recommended way of using this in my app? Ideally I would just add a compile line to dependencies in my build.gradle

The name, gender, country, nationality and the identity photo are correctly loaded. The passive authentication passes, but the chip authentication fails.

Version 3.0 (F-Droid)

Not sure whether the following part of logcat helps:

net.sf.scuba.smartcards.CardServiceException: File not found, CAPDU = 00A4020C02011C, RAPDU = 6A82 (SW = 0x6A82: FILE NOT FOUND)
	at org.jmrtd.protocol.ReadBinaryAPDUSender.checkStatusWordAfterFileOperation(ReadBinaryAPDUSender.java:218)
	at org.jmrtd.protocol.ReadBinaryAPDUSender.sendSelectFile(ReadBinaryAPDUSender.java:79)
	at org.jmrtd.DefaultFileSystem.sendSelectFile(DefaultFileSystem.java:321)
	at org.jmrtd.DefaultFileSystem.getFileInfo(DefaultFileSystem.java:272)
	at org.jmrtd.DefaultFileSystem.getSelectedPath(DefaultFileSystem.java:129)
	at net.sf.scuba.smartcards.CardFileInputStream.<init>(CardFileInputStream.java:60)
	at org.jmrtd.PassportService.getInputStream(PassportService.java:595)
	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:235)
	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:207)
	at android.os.AsyncTask$3.call(AsyncTask.java:394)
	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
	at java.lang.Thread.run(Thread.java:1012)

and

net.sf.scuba.smartcards.CardServiceException: File not found, CAPDU = 00A4020C02010E, RAPDU = 6A82 (SW = 0x6A82: FILE NOT FOUND)
	at org.jmrtd.protocol.ReadBinaryAPDUSender.checkStatusWordAfterFileOperation(ReadBinaryAPDUSender.java:218)
	at org.jmrtd.protocol.ReadBinaryAPDUSender.sendSelectFile(ReadBinaryAPDUSender.java:79)
	at org.jmrtd.DefaultFileSystem.sendSelectFile(DefaultFileSystem.java:321)
	at org.jmrtd.DefaultFileSystem.getFileInfo(DefaultFileSystem.java:272)
	at org.jmrtd.DefaultFileSystem.getSelectedPath(DefaultFileSystem.java:129)
	at net.sf.scuba.smartcards.CardFileInputStream.<init>(CardFileInputStream.java:60)
	at org.jmrtd.PassportService.getInputStream(PassportService.java:600)
	at com.tananaev.passportreader.MainActivity$ReadTask.doChipAuth(MainActivity.kt:291)
	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:266)
	at com.tananaev.passportreader.MainActivity$ReadTask.doInBackground(MainActivity.kt:207)
	at android.os.AsyncTask$3.call(AsyncTask.java:394)
	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
	at java.lang.Thread.run(Thread.java:1012)

and

Transaction too large, intent: Intent { cmp=com.tananaev.passportreader/.ResultActivity (has extras) }, extras size: 307744, icicle size: 0

Hello, we’re testing your sample app and while reading a Lithuanian passport, a problem occurs, that the image cannot be read and an exception is thrown: java.io.FileNotFoundException: /data/user/0/com.tananaev.passportreader/cache/temp.ppm (No such file or directory). App was tested on two devices and it is same on both. Do you have any idea how to resolve this issue? Thanks in advance.

Dear Dev,
Can you explain for me why we don't use verifyAA in this project. My app need AAChallenge and AASignature and I can't take it.
Thank you

if yes, could you point me to the part of the code that does this? If no, any plans to add that functionality?

thanks!

Hi friend
i write from Chile. I have been woriking with your project to try to read the card id but when i call the app , crachit instantily. ( im using app from play store)
This is the error i read on logcat:

05-15 14:26:31.071: E/AndroidRuntime(14483): Process: com.tananaev.passportreader, PID: 14483
05-15 14:26:31.071: E/AndroidRuntime(14483): java.lang.NoClassDefFoundError: org.spongycastle.util.Arrays
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.asn1.ASN1ObjectIdentifier$OidHandle.<init>(ASN1ObjectIdentifier.java:449)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.asn1.ASN1ObjectIdentifier.intern(ASN1ObjectIdentifier.java:425)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers.<clinit>(PKCSObjectIdentifiers.java:117)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.jcajce.provider.digest.MD2$Mappings.configure(MD2.java:70)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(BouncyCastleProvider.java:220)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.jce.provider.BouncyCastleProvider.setup(BouncyCastleProvider.java:135)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.jce.provider.BouncyCastleProvider.access$000(BouncyCastleProvider.java:44)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.jce.provider.BouncyCastleProvider$1.run(BouncyCastleProvider.java:127)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at java.security.AccessController.doPrivileged(AccessController.java:45)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at org.spongycastle.jce.provider.BouncyCastleProvider.<init>(BouncyCastleProvider.java:123)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at com.tananaev.passportreader.MainActivity.<clinit>(MainActivity.java:73)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at java.lang.Class.newInstanceImpl(Native Method)
05-15 14:26:31.071: E/AndroidRuntime(14483):    at java.lang.Class.newInstance(Class.java:1208)

Im useing a sony Z8

License of this library is listed as Apache 2.0 but it's using components from JMRTD and SCUBA licensed as LGPL. Under the terms of LGPL, this library is considered a combined work and so must be licensed under a GPL compatible license. https://www.gnu.org/licenses/lgpl-3.0.en.html

Just a warning for anyone looking to integrate this.

I'm a PhD student interested in finding security vulnerabilities in open source projects.

We found a total of 48 warnings (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on e-Passport NFC Reader (or its library dependencies). We documented each one of these issues in private gists for the sake of confidentiality (non-disclosure).

Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve e-Passport NFC Reader's security, and the quality of the reports of static analysis tools.

(*) https://github.com/CROSSINGTUD/CryptoAnalysis

Q: is there a way to only use the Spongy/BouncyCastleProvider for the particular operations needed for chip reading/auth? Mutating the global list of providers breaks other crypto I'm doing. Thanks!

edit: i tried addProvider() instead, but then it doesn't scan the chip

Maybe there should be a check, to see if the person has turned on his NFC on his phone yet before it gets started typing in any details.

hello.

Thanks to you, we are implementing the electronic passport reading function.

I would like to know the source of Masterlist.

According to what I found, it is a .ml file that is updated every 3 months on the ICAO homepage. Are you converting and updating based on this file?

If so, can you explain how to convert it?

It sais "Access to file denied"

Do you know if it is possible to support identity card with nfc ?

https://f-droid.org is alternative market for FOSS Android apps

Starting with TargetSDK 33 / Android 13, devices can use an app's VectorDrawable launcher icon to render a user-themed / monochromatic version of it:

Developer Reference Documentation

Cannot find the "done" button on the bottom of the details entry page. So cannot proceed to the next step.
Yes, I tried horizontal and vertical modes.
We enter a passport number, date of expiration, and date of birth, but there is no done button to finish. I don't have my screen magnification that high that it might have shoved it off I hope. Android 12.

Can I use this library in commercial product free?

Hi. When I try to build "app", I get the following errors:

> Task :app:compileDebugJavaWithJavac FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':app:compileDebugJavaWithJavac'.
> Could not resolve all files for configuration ':app:debugCompileClasspath'.
   > Failed to transform bcprov-jdk15on-1.66.jar (org.bouncycastle:bcprov-jdk15on:1.66) to match attributes {artifactType=android-classes-jar, org.gradle.category=library, org.gradle.libraryelements=jar, org.gradle.status=release, org.gradle.usage=java-api}.
      > Execution failed for JetifyTransform: C:\Users\Dmitriy\.gradle\caches\modules-2\files-2.1\org.bouncycastle\bcprov-jdk15on\1.66\ed564ade61defca27e26fb1378a70b22831fc5c1\bcprov-jdk15on-1.66.jar.
         > Failed to transform 'C:\Users\Dmitriy\.gradle\caches\modules-2\files-2.1\org.bouncycastle\bcprov-jdk15on\1.66\ed564ade61defca27e26fb1378a70b22831fc5c1\bcprov-jdk15on-1.66.jar' using Jetifier. Reason: IllegalArgumentException, message: Unsupported class file major version 59. (Run with --stacktrace for more details.)
           Suggestions:
            - Check out existing issues at https://issuetracker.google.com/issues?q=componentid:460323&s=modified_time:desc, it's possible that this issue has already been filed there.
            - If this issue has not been filed, please report it at https://issuetracker.google.com/issues/new?component=460323 (run with --stacktrace and provide a stack trace if possible).

I tried installing different versions of Java, changing the configuration, but there is no sense. Heeelp!

Thank you sir for this project.. I test this project and works without any problems.. But after few minutes I get this error..

Hi,

We noticed that on XiaoMi devices, the app would request NFC permission right after it is launched.
Is it possible to ask for the NFC permission dialog only when the app starts to read NFC?

Cheers,
S

To provide even better integration, it's handy if this app can accept values in the intent for the passport number, date of birth and expiry date, so as to pre-fill those three fields, in case the calling app already has those values (e.g. as retrieved by scanning the passport MRZ value). This avoids the end user having to manually enter those values which leads to a better user experience.

One further improvement for integration is to include the passport photo as a base64 encoded string in the resulting intent, which enables cordova-based apps to read the image successfully.

Raising this issue to see if these are changes you would accept in this repo. I have already done the code for both the above changes and can raise a PR for you to review, if so :)

Thanks!

All data incl photo was retrieved successful, though passive authentication and the chip authentication failed.

I wonder if there is no biometric data (like fingerprint) stored in the passport because it is not shown in this APP). OK, i saw #23 that this is not possible...

NB: i tested with german passport and NOT with german ID card called "Personalausweis".

Version:
Android 13, LineageOS 20
E-Passport Reader 3.1

Hello, How can I validate certificate with openssl and country cer ? Thank you

Hello, I tested with same Id card and same and correct mrz data but I get error sometimes when using nfc. What could be the problem, any idea? Thank you

CardServiceException: File not found
-OR-
CardServiceException: No valid file selected, path = null
-OR-
CardServiceException: SHA-256 implementation not found

Add support to save photo, please.

ios11 supports reading nfc tags https://developer.apple.com/documentation/corenfc

Hey, it would be cool to have this app on F-Droid. Here's how to: https://f-droid.org/contribute/

Hello, How can I use my country signing certificate file (.cer or .pem) with openssl or active authentication? thank you

Hey, I have a problem with running my app in release mode. With minifyEnabled true I get an exception:
java.lang.IllegalStateException: Unexpected security exception during initialization, with cause:
java.security.NoSuchAlgorithmException: no such algorithm: ISO9797Alg3Mac for provider BC
Do you know how to address this issue? Thanks in advance

I tried to install version 2.1 from F-Droid and a dialog appeared saying it was blocked by Play Protect. Play Protect does not recognize the developer. It offers to stop the installation or to install anyway. I stopped it.
I have installed lots of applications from F-Droid without ever seeing this problem.
In https://gitlab.com/fdroid/fdroiddata/-/blob/master/metadata/com.tananaev.passportreader.yml I see:
MaintainerNotes: masterList is a bundle of x509 certificates the scanner otherwise
blocks
Maybe the error is related.

Hi Anton,
I am having the following error when I scan the passport.

This happens in the doPACE call

01-28 09:33:47.132 8665-9619/com.pass.test W/MainActivity: org.jmrtd.PACEException: PCD side error in mapping nonce step: ECDH key agreement requires ECPrivateKey for initialisation

But when I run your app, it is working fine. Am I missing something ? is there something specific like a certificate or so which I need to invlude ?

any help would be highly appreciated
Kind regards
Densil

Hi, I just tried your app and it worked exactly as expected.

Can you also read out the fingerprint it is (presumably) stored on the RFID chip?

Hi,

Since there has been some commits since the latest tag, is it possible to create a new tag and bump the Android version code so F-Droid can build a new version of the app with all the latest changes ?

Best regards,

Romain Lebbadi-Breteau

Hi, After serval fails of read thialand passport using your app, the passport not respond anymore,
did the thialand passport have the lock strategy, could you give some help?

Hi, this project works well as expected.

I am just wondering where am I able to OFFICIALLY download the exact copy of masterList in the directory "app/src/main/assets/masterList" as it seems more to be more updated and contains more CSCA certs as compared to the one that is found on the official ICAO website (ICAO_ML_Jan2021.ml).

https://www.icao.int/Security/FAL/PKD/Pages/ICAO-Master-List.aspx

Hi! Can you tell me, how can I get RNTRC code and place of registration from passport?

I have masterList.pem, it works in iOS with the result that the passive tag is equal to true. But for some reason, when running Android, it doesn't work.

Hope to receive your reply soon

How can we do terminal authentication with the Android device? I have private key and certificate to do terminal authentication but don't know how to set parameter to doEACTA?
Anyone knows the solution please help me, thank a lot.

When I'm trying to read my passport it says "Mutual authentication failed: expected length: 40 + 2, actual length: 2 (SW = 0x6985: CONDITIONS NOT SATI...".

87df880
This is not always same algorithm. One used to sign certificate other to sign SOD file. @daferna

Is it possible to add a camera option to upload a photo of a MRZ or scan without taking a long-term photo instead of inputting the values manually for the next edition of the app?

Can ı Check Active Authentication ?
After Active Authentication, challenge and response values are returned.
Can I control later using this data?

Does not work with New Zealand passport get the following error as attached.