Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development


Thank you for visiting the BlackBerry Support Community Forums.

BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)

BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.

"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."

- Kevin Michaluk, Founder, CrackBerry.com

Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.


Reply
New Contributor
Posts: 2
Registered: ‎10-03-2013
My Device: Developer
My Carrier: None

microSD APDU Response bytes printed to debug console

When sending an APDU to a microSD smart card via SmartCardSession.sendAPDU() the first 16 or so bytes of the APDU response is printed to the debug console. Is it possble to turn this off (notice that information about the APDU command, such as length, is printed, but not the actual command bytes)? Printing the response bytes to the console could expose sensitive information. See console output below, noting lines prefixed with "microSD-JNI":

 

[577.07] Calling SmartCardSession.sendAPDU()...
[577.078] microSD-JNI: exchangeApdu() - channel=0, clength=5, tag=1
[577.14] microSD-JNI: getApduResponse() - channel=0, tag=1
[577.14] microSD-JNI: getApduResponse() - insize=34
[577.14] microSD-JNI: getApduResponse() - outsize=34 bytes=[577.14] 45 [577.14] 68 [577.14] 11 [577.14] F9 [577.14] 6D [577.14] DB [577.14] 9B [577.14] E9 [577.14] 0A [577.14] 20 [577.14] 56 [577.14] 72 [577.14] 5F [577.14] 11 [577.14] F5 [577.14] BA [577.14] ...[577.14] 
[577.148] SmartCardSession.sendAPDU() has returned

 

 

 

Retired
Posts: 571
Registered: ‎06-25-2010
My Device: Z10
My Carrier: Vodafone

Re: microSD APDU Response bytes printed to debug console

[ Edited ]

Can you please tell me what model of BlackBerry you are observing this behaviour with and what OS version it is running? I assume you're running debug sessions from Eclipse with the device plugged in over USB. Is that correct?

 

Meanwhile I'll discuss this issue with our security team.

--------------------------------------------------------------------------------------------
Feel free to press the like button on the right side if you liked my attempts to help :-)
And please mark posts as solved if you think I found the solution or set you on its path. Thanks!
Follow me on Twitter: @mdwrim
New Contributor
Posts: 2
Registered: ‎10-03-2013
My Device: Developer
My Carrier: None

Re: microSD APDU Response bytes printed to debug console

Yes, this is witnessed in Debug console in Eclipse when phone is attached via USB.
I believe this can be observed on all models running BB Software 6.0, 7.0, and 7.1, however I can confirm it on the following:
BlackBerry Torch 9810 Software version 7.1 Bundle 1149
BlackBerry Torch 9810 Software version 7.0 Bundle 1355
BlackBerry Bold 9700 Software 6.0 Bundle 2949

Retired
Posts: 571
Registered: ‎06-25-2010
My Device: Z10
My Carrier: Vodafone

Re: microSD APDU Response bytes printed to debug console

The issue you reported has been assigned to a BlackBerry security response manager and we are currently investigating the behavior. There will be a further update asap.

--------------------------------------------------------------------------------------------
Feel free to press the like button on the right side if you liked my attempts to help :-)
And please mark posts as solved if you think I found the solution or set you on its path. Thanks!
Follow me on Twitter: @mdwrim