Quick Reference Guide

This page includes useful extracts from the MULTOS Technical Library.

Select File APDU Command | File Mode Type | Access List | Application ATR Type | Command Routing | Process Events


Select File APDU Command

This command is used to select the Master File (MF), the Directory File (DIR), the ATR File or an application loaded into the MULTOS device.

APDU Command

CLA INS P1 P2 Lc Data Le
00 A4 var. var. var. var. var.

 

Status word values that can be returned are:

62 83   Selected File invalidated
62 84   FCI not formatted according to ISO 7816
67 00   Wrong length; invalid Lc or invalid command case
6B 00   Wrong Parameters
6A 81   Function not supported
6A 82   File not found
6A 86   Incorrect parameters P1,P2
6A 87   Lc inconsistent with P1,P2

 

P1 P2 LC CMD DATA SELECTS IF FILE EXISTS, RETURNS
00 00 none none Master File Success:  90 00
00 00 02 3F 00 Master File Success:  90 00
00 00 02 2F 00 Directory File* Success:  90 00
00 00 02 2F 01 ATR File Success:  90 00
00 0C 02 2F 00 Directory File* Success:  90 00
00 0C 02 2F 01 ATR File Success:  90 00
04 00 01 – 10 AID or partial AID Application (DF) – first matching AID Success and FCI
04 02 01 – 10 AID or partial AID Application (DF) – next matching AID Success and FCI
04 0C 01 – 10 AID or partial AID Application (DF) Success:  90 00
08 00 02 3F 00 Master File Success:  90 00
08 00 02 2F 00 Directory File** Success:  90 00
08 0C 02 3F 00 Master File Success:  90 00
08 0C 02 2F 00 Directory File** Success:  90 00

 

The Lc listing for all the cases where P1 is 0x04 indicates that the Lc must have a value between 0x01 and 0x10.

The Le is given in APDU Command as variable.  FCI data is returned only if it is present for an application and in the cases where P1 and P2 are 0x04 0x00 or 0x04 0x02.

If MULTOS cannot successfully process the command, and an application is currently selected, MULTOS passes the command to the selected application to handle or reject as appropriate.

The application selection process will operate over all of the loaded applications and not just the first application that has an AID that (partially) matches the AID in the SELECT command.  The command will reply with “file not found” only if there are no loaded applications that have an AID that (partially) matches and which are permitted over the selected interface.

If the MULTOS device is blocked then the command is not available and a status response of 6A81 is returned.

If the application has the “Process Events” permission, MULTOS does not test the most significant 6 bits of P2.  The processing of the least significant 2 bits of P2 remain unchanged. For more details on Process Events please see [MDG].

NOTE*: Processed by the currently selected application, if there is one.

NOTE**: Always processed by MULTOS and any currently selected application is deselected.

The MULTOS AID is 0xA0000001444D554C544F53.


File Mode Type

This is a one byte value used in Load and Delete certificates which provides information about the characteristics of the application being loaded.

b7 b6 b5 b4 b3 b2 b1 b0 Meaning (MULTOS 4.2.1 and earlier)
0 0 0 0 0 0 0 0 Standard application (0x00)
0 1 0 1 1 0 1 0 Shell application (0x5A)
1 0 1 0 0 1 0 1 Default application (0xA5)
b7 b6 b5 b4 b3 b2 b1 b0 Meaning (MULTOS 4.3 and later)
0 Single FCI application
1 Dual FCI application
0 0 Static memory size given in bytes
0 1 Static memory size given in 255-byte blocks
1 0 Static memory size given in bytes
1 1 Static memory size given in bytes
0 0 Standard application
0 1 Default application
1 0 Shell application
1 1 Proprietary application type
0 Standard application loading
1 Controls the loading of the application in some proprietary implementation-specific way.
0 0 Fixed


Access List

The bits in this two byte value (used in the Application Load Certificate) define the application’s permissions and have the following meaning (set to 1 when the application has that permission).

    • bit0 – Strong Cryptographic functions
    • bit1 – Contact IFD interface
    • bit2 – Contactless PCD interface
    • bit3 – GSM Authenticate (deprecated)
    • bit4 – Card Block
    • bit5 – Card Unblock
    • bit6 – Retain session data
    • bit7 – Maintain selection
    • bit8 – PIN Access Level  } 00 = Application, 01 = Global / Basic
    • bit9 – PIN Access Level  } 10 = Global / Write, 11 = Global / Full
    • bit10 – Process Events permission
    • bit11 – Card Manager application (deprecated)
    • bit12 – Allow access to peripheral devices (where supported)
    • bits13 to 15 – RFU


Application ATR Type

A 1 byte value (used in the Application Load Certificate) that indicates whether the application wishes to contribute to the historical bytes of the primary or alternative ATR* and the ATS*.

  • None = 0x00,
  • Primary ATR = 0x41,
  • Secondary ATR = 0x42,
  • Both ATRs = 0x43,
  • Primary ATS = 0x44,
  • Primary ATR and ATS = 0x45,
  • Secondary ATR and ATS = 0x46,
  • Both ATRs and ATSs = 0x47

*ATR = Answer to Reset, ATS  = Answer to Select


APDU Command Routing

Only the OS can process an MSM command. These commands include all of the commands used for loading an application, deleting an application or enabling a card.

The third step “Can OS process the command?” is best illustrated by the SELECT FILE command. So, if a select command is sent the OS will check to see if there is an existing application with the ID given and, if so, will select the file indicated.

The implication of the previous point is that a shell application will have to handle all command routing because it receives all incoming commands.


Process Events

When bit 10 of the application’s access list is set then the application will be executed by MULTOS for each of the following process events.

Number Process Event
0 An APDU has been received and is to be executed by the application.  Note that this is the only possible process event for applications that do not have bit 10 of the application’s access list set.
1 The application has been selected by a SELECT APDU.  It is the responsibility of the application to call Check Case (case 3 or 4) as required and to return the SELECT response data (e.g. FCI) and SW.
2 The application has been automatically selected by MULTOS (e.g. following a reset because it is a shell application or default application).
3 The application has been reselected by a SELECT APDU.  It is the responsibility of the application to call Check Case (case 3 or 4) as required and to return the SELECT response data (e.g. FCI) and SW.
4 The application has been deselected by a SELECT APDU (e.g. because another application has been selected).
5 The application has just been created.  Note that this will result in the MF being selected if there is no shell application loaded.  If there is a shell application loaded then it is automatically reselected.
6 The application is about to be deleted.  Note that this will result in the MF being selected if there is no shell application loaded.  If there is a shell application loaded then it is automatically reselected.

 

An application can call the Reject Process Event primitive to request that the current application process event is rejected by MULTOS.  The effect of this primitive depends upon the event that is being rejected as below.

Number Process Event Effect of Event Rejection Request
0 An APDU has been received and is to be executed by the application. MULTOS returns 6D00.
1 The application has been selected by a SELECT APDU. The MF is selected.
2 The application has been automatically selected by MULTOS (e.g. following a reset because it is a shell application). No effect (i.e. it is not possible to prevent an automatic select).
3 The application has been reselected by a SELECT APDU. The MF is selected.
4 The application has been deselected. No effect (i.e. it is not possible to prevent an automatic deselect).
5 The application has just been created. The application is automatically deleted and an SW of 9D1C (application conditions not satisfied) is returned.
6 The application is about to be deleted. The application is not deleted and an SW of 9D1C (application conditions not satisfied) is returned.