Date: 2026-02-21
Project: HidGlobal.UniversalEncoder.Stubs.ConfigCardProgrammer
Yes, there are several references:
- Assembly:
HidGlobal.Smartcard.GlobalPlatform.dllreferenced in the.csprojfile - Namespace:
using HidGlobal.Smartcard.GlobalPlatform;inConfigCardProgrammer.cs
Four instances in ConfigCardProgrammer.cs use CLA.GP in APDU commands:
- Line 382: DELETE command
- Line 402: INSTALL [for load] command
- Line 425: LOAD command
- Line 464: INSTALL [for install] command
The code uses GlobalPlatform for smartcard operations, specifically for managing applets on the card.
No, INIT UPDATE is not explicitly used in this code.
The code uses OpenSecureChannel() method instead, which is a higher-level abstraction that likely handles the GlobalPlatform secure channel initialization internally (possibly including INITIALIZE UPDATE and EXTERNAL AUTHENTICATE commands under the hood).
The implementation delegates to method_0() which sends commands to the SAM/interpreter rather than directly executing GP APDU commands.
OpenSecureChannel() is triggered in 5 scenarios:
- PersonalizeMedia(SNMPKeyRollerCardParameters) - Line 241
- LoadUpdaterApplet() - Line 470 (with
SecurityLevel.MacEncrypt) - After transport key injection - Line 511 (with
SecurityLevel.MacEncrypt) - PersonalizeMedia(AppLoaderCardParameters) - Line 530
- PersonalizeMedia(ConfigCardParameters) - Line 593
Probably not for most operations. Looking at the code:
-
The GP commands (Delete, Install, Load) use a
SecurityLevelparameter, and when it'sSecurityLevel.MacEncryptorSecurityLevel.Mac, secure channel is required. -
The secure channel appears mandatory for:
- Loading/deleting applets (GlobalPlatform operations require authentication)
- Personalizing cards (all 3 PersonalizeMedia methods call it)
- Injecting keys (sensitive operations)
-
The only way to potentially avoid it would be to use
SecurityLevel.Clear, but the code checkssecurityLevel_0 != SecurityLevel.Clear- suggesting clear mode might be supported for some operations, but it's never actually used in the public methods (they all hardcodeSecurityLevel.MacEncrypt).
From HidGlobal.Smartcard.GlobalPlatform.SecurityLevel.cs:
public enum SecurityLevel : byte
{
Clear = 0,
Mac = 1,
MacEncrypt = 3,
}private void method_11(CommandAPDU commandAPDU_0, bool bool_1)
{
string hexString = commandAPDU_0.ToHexString();
this.method_0(Util.HexStringToByteArray(
(bool_1 ? (byte) 28 : (byte) 23).ToString("X2") +
(hexString.Length / 2).ToString("X4") +
hexString));
}The boolean parameter determines the command code sent to the interpreter:
bool_1 = false→ Command code0x17(23) - Send APDU without secure channelbool_1 = true→ Command code0x1C(28) - Send APDU over secure channel
// Line 382:
securityLevel_0 != SecurityLevel.Clear
// Line 388:
bool_1 = securityLevel_0 != SecurityLevel.ClearSo if SecurityLevel.Clear is used, the boolean becomes false and command 0x17 is used (no secure channel).
Yes, by passing SecurityLevel.Clear to methods like DeleteInstance() or DeleteCAP(), but the public PersonalizeMedia() and LoadUpdaterApplet() methods hardcode SecurityLevel.MacEncrypt, so you'd need to modify the code or add new methods that accept SecurityLevel as a parameter.
There are 3 overloaded PersonalizeMedia methods for different card types:
Purpose: Programs SNMP Key Roller cards for key management
Process:
- Validates parameters (current/new auth & privacy keys, ICE number)
- Selects Key Roller card (command 0x13)
- Checks applet version compatibility
- Opens secure channel (line 241)
- Writes ICE number based on authentication algorithm (commands 0x0D)
- Writes current SNMP keys (commands 0x08, 0x09)
- Writes new SNMP keys (commands 0x0B, 0x0C)
- Finalizes (command 0x10)
Parameters:
- Current/New SNMP Authentication & Privacy keys (OIDs)
- ICE Number (identifier)
- NumberOfReaders
Purpose: Programs AppLoader cards with .NET assemblies
Process:
- Validates SNMP keys and assemblies
- Selects AppLoader card (command 0x15)
- Checks applet version compatibility
- Opens secure channel (line 530)
- Loads each assembly in 128-byte chunks (command 0x21)
- Writes assembly metadata (commands 0x22, 0x23, 0x24)
- Writes SNMP keys (commands 0x08, 0x09)
- Finalizes (command 0x10)
Parameters:
- SNMP Authentication & Privacy keys
- List of assembly paths
- NumberOfReaders
- SAMFirmwareId
Purpose: Programs Configuration cards with config items and key references
Process:
- Validates SNMP keys
- Selects Config card (command 0x12)
- Checks applet version compatibility
- Converts KeyConfigurationItems to KeyReferenceConfigurationItems
- Validates at least one item exists
- Calculates sizes
- Opens secure channel (line 593)
- Writes SNMP keys (commands 0x08, 0x09)
- Writes key configuration OIDs (command 0x04)
- Writes configuration values (command 0x05)
- Finalizes with metadata (command 0x07)
- Writes final OIDs (command 0x06)
- Finalizes (command 0x10)
Parameters:
- ConfigurationItems (list of config data)
- KeyConfigurationItems (list of key references)
- SNMP Authentication & Privacy keys
- NumberOfReaders
All three methods hardcode secure channel usage - they all call OpenSecureChannel() without a SecurityLevel parameter (defaults to MacEncrypt). There's no public API to bypass secure channel for personalization operations.
Q: Does the PersonalizeMedia code check if the secure channel is open and use different commands based on its presence?
No, PersonalizeMedia does NOT check if the secure channel is open. Looking at all three implementations:
- All three unconditionally call
OpenSecureChannel()(lines 241, 530, 593) - All subsequent commands use
method_0()which sends interpreter commands to the SAM - None of them use
method_11()ormethod_10()which would take a boolean to indicate secure channel usage
PersonalizeMedia uses a different command pathway:
method_0()- Sends commands directly to the interpreter on the SAM (not direct APDUs to the card)method_11()- Sends APDUs with conditional secure channel (command 0x17 vs 0x1C)
After OpenSecureChannel(), the PersonalizeMedia methods send interpreter commands (0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0B, 0x0C, 0x0D, 0x10, 0x11, 0x13, 0x15, etc.) that are handled by the SAM's interpreter, which presumably manages the secure channel state internally.
The secure channel state is maintained on the SAM side, not explicitly checked in the code. Once OpenSecureChannel() (command 0x19) is called, subsequent interpreter commands automatically use the established secure channel until ResetSecureChannel() (command 0x1A) is called.
Answer: No conditional logic exists - the code assumes secure channel is required and always establishes it before sending personalization commands.
method_10 and method_11 are used exclusively for GlobalPlatform card management operations - they send raw APDUs directly to the card (not through the SAM interpreter).
Line 469: LoadUpdaterApplet() - Selects the GlobalPlatform Security Domain
this.method_10(new CommandAPDU(CLA.ISO, INS.SelectByAid, P1.SelectByAid, P2.Null,
SecurityDomain.DEFAULT_OPEN_SECURITYDOMAIN_AID));1. Lines 346, 350 - method_13() - Sends PUT DATA commands (CLA 0xA0, INS 0xDA)
- Called from
method_12()which is used by AppLoader personalization - Chunks large data into 255-byte blocks
2. Line 382 - method_14() - GP DELETE command
- Used by
DeleteInstance()andDeleteCAP() securityLevel_0 != SecurityLevel.Cleardetermines if secure channel is used
3. Line 402 - method_15() - GP INSTALL [for load] command
- Loads CAP file metadata
- Used by
LoadUpdaterApplet()
4. Line 425 - method_15() - GP LOAD command
- Loads CAP file binary data in chunks
- Used by
LoadUpdaterApplet()
5. Line 464 - method_17() - GP INSTALL [for install and make selectable] command
- Creates applet instance
- Used by
LoadUpdaterApplet()
| Method | Purpose | Secure Channel | When Used |
|---|---|---|---|
| method_10 | Send APDU without secure channel | Never (always 0x17) | SELECT AID before opening secure channel |
| method_11 | Send APDU conditionally with secure channel | Based on bool parameter | GlobalPlatform operations (DELETE, INSTALL, LOAD, PUT DATA) |
- method_10/11 = Direct card communication for GlobalPlatform operations (applet management)
- method_0 = SAM interpreter commands for personalization operations (writing config data)
The code uses GlobalPlatform APDUs when managing applet lifecycle (load/delete/install), but uses SAM interpreter commands when personalizing card content.
Called by: ConfigCardHelper.UpdateJcopCardIfRequired() in the HID.UniversalProgrammer.Core assembly
When trying to select the card applet (ConfigCard or KeyRollerCard) and it throws an exception (applet doesn't exist):
try {
if (isElitePrepCard)
configCardProgrammer.SelectKeyRollerCard();
else
configCardProgrammer.SelectConfigCard();
}
catch {
// Applet not found - load it
configCardProgrammer.LoadUpdaterApplet(
isElitePrepCard ? UpdaterInstanceType.SNMPKeyRoll : UpdaterInstanceType.Config);
}When RequiresAppletReloading() returns true (applet version < 3.3):
if (!configCardProgrammer.RequiresAppletReloading())
return JCopCardUpdateResult.NoUpdateRequired;
// Applet needs updating
configCardProgrammer.LoadUpdaterApplet(
isElitePrepCard ? UpdaterInstanceType.SNMPKeyRoll : UpdaterInstanceType.Config);- Selects GlobalPlatform Security Domain (using method_10 - no secure channel)
- Opens secure channel with
SecurityLevel.MacEncrypt - Deletes old applet instances (if they exist) using GP DELETE commands
- Loads new CAP file using GP INSTALL [for load] and LOAD commands
- Installs applet instance using GP INSTALL [for install]
- Selects the newly installed applet
- Opens secure channel again
- Injects transport/wrapping key (command 0x1B)
Purpose: This is a card provisioning/update operation that uses standard GlobalPlatform commands to manage JavaCard applets on the JCOP card. It's called when the card is blank or has an outdated applet version, before any personalization can occur.
UpdateJcopCardIfRequired() is called by:
Purpose: Creates configuration cards for programming readers
When called: During config card generation workflow
isElitePrepCard = false(regular config card)- Called after SAM authentication
- Before personalizing the card with configuration data
Workflow:
public CardProgrammingResult GenerateCard(IDataManager dataManager, int NumberOfCredits)
{
SamAuthentication.SetCurrentReader(dataManager.SamAuthManager, this._readerName);
if (!SamAuthentication.CurrentSam.Authenticate())
return CardProgrammingResult.UnknownError;
// Check/update JCOP applet first
switch (ConfigCardHelper.UpdateJcopCardIfRequired(this._readerName, false))
{
case JCopCardUpdateResult.UpdateFailed:
return CardProgrammingResult.JcopAppletUploadError;
case JCopCardUpdateResult.NoCardOnReader:
return CardProgrammingResult.CardNotOnReader;
case JCopCardUpdateResult.SecureChannelError:
return CardProgrammingResult.SecureChannelError;
default:
// Continue with programming...
configCardProgrammer.PersonalizeMedia(parameters);
}
}Purpose: Creates SNMP key roller cards (Elite Prep Cards)
When called: During Elite Prep card generation workflow
isElitePrepCard = true(SNMP key roller card)- Called after SAM authentication
- Before personalizing with SNMP key rolling parameters
Workflow:
public CardProgrammingResult GenerateCard(
IDataManager dataManager,
string currentSnmpConfig,
string newSnmpConfig,
int NumberOfCredits)
{
SamAuthentication.SetCurrentReader(dataManager.SamAuthManager, this._readerName);
if (!SamAuthentication.CurrentSam.Authenticate())
return CardProgrammingResult.UnknownError;
// Check/update JCOP applet first
switch (ConfigCardHelper.UpdateJcopCardIfRequired(this._readerName, true))
{
case JCopCardUpdateResult.UpdateFailed:
return CardProgrammingResult.JcopAppletUploadError;
case JCopCardUpdateResult.NoCardOnReader:
return CardProgrammingResult.CardNotOnReader;
default:
// Continue with programming...
configCardProgrammer.PersonalizeMedia(snmpKeyRollerParameters);
}
}UpdateJcopCardIfRequired() is called at the beginning of card generation workflows as a prerequisite check to ensure:
- The card has the correct JCOP applet loaded
- The applet is the current version (≥ 3.3)
- The card is ready for personalization
It acts as a card preparation step before any PersonalizeMedia() operations, ensuring the card firmware/applet is compatible with the programming operations that follow.
-
GlobalPlatform Operations (via method_10/method_11)
- Direct APDU communication to card
- Used for applet lifecycle management (load/install/delete)
- Supports conditional secure channel (
SecurityLevel.Clear,Mac,MacEncrypt) - Command codes: 0x17 (no secure channel), 0x1C (with secure channel)
-
SAM Interpreter Operations (via method_0)
- High-level commands to SAM interpreter
- Used for card personalization (writing config data, keys)
- Secure channel managed internally by SAM
- Requires prior
OpenSecureChannel()call (command 0x19)
Card Generation Workflow
↓
UpdateJcopCardIfRequired()
↓ (if needed)
LoadUpdaterApplet()
→ SELECT Security Domain (method_10, no SC)
→ OpenSecureChannel(MacEncrypt)
→ GP DELETE/INSTALL/LOAD (method_11, with SC)
↓
PersonalizeMedia()
→ Select card type applet
→ OpenSecureChannel() (command 0x19 via method_0)
→ Write data (commands 0x04-0x10 via method_0)
→ All subsequent commands use established SC
GlobalPlatform INITIALIZE UPDATE is abstracted away - the OpenSecureChannel() method sends command 0x19 to the SAM interpreter, which handles the actual GP secure channel establishment (INITIALIZE UPDATE + EXTERNAL AUTHENTICATE) internally. The application code never directly sends these GP commands.