How to avoid card termination while learning about GlobalPlatform?

Question

The GlobalPlatform smart-card standard defines irreversible state changes, such as card termination after too many failed authentications or initial card initialization. How does one learn about GlobalPlatform without burning through hundreds of smart-cards (which is expensive)?

Answer 1

Use a simulator. The JCOP toolset includes a simulator that runs within Eclipse, and implements GlobalPlatform commands.

When I've implemented e.g. the Secure Channel protocols myself, I compared the messages that my code generated with the messages generated by the simulator, using the default JCOP keys, until I was certain I had it right. It's just DES/3DES, but arranging the blocks to be encrypted/verified is tricky.

When I test against cards, I have a handful ready, and if authentication fails, I rotate cards, making sure that when I solve the problem I successfully authenticate against the cards with prior authentication failures.

I implemented GP Secure Channel protocols 01 and 02, and destroyed no more than two cards.

Answer 2

In addition the answer of pb2q, some cards may have additional access points next to the card manager which you may use to reset the card. Obviously, you need info on how to do it for a particular implementation, and quite possibly a key.