Communication with Turkey Identity Card (TCKK) for e-Devlet Authentication

Accessing e-Devlet with the Turkish Identity Card (TCKK) requires a computer running a JAVA application and a smart card reader. It would be nice if it could be as simple as a bank security token.

Introduction

In this research, we need to figure out the following:

  1. What information are involved in e-Devlet authentication
  2. Data flows and commands for smart card communication
  3. Encryption and encoding algorithms

Analysis

Software

e-Devlet JNLP shortcut

e-Devlet Website

The download link from the e-Devlet website is pointing to the following URL:

1
https://cdn.e-devlet.gov.tr/downloads/e-kimlik/edevlet-ekimlik.jnlp

The Java Network Launch Protocol (JNLP) enables an application to be launched on a client desktop by using resources that are hosted on a remote web server.

e-Kimlik JAR

JNLP Shortcut File

From the JNLP shortcut contents can piece together the real running JAR application hosting URL:

1
https://static.turkiye.gov.tr/downloads/e-kimlik/ekimlik.jar

Authorisation Process

First, need to enter the T.C. Kimlik No on the e-Devlet website to generate a transaction code.

Transaction Code

The JAR application will request a challenge related to the transaction code based on the Identity No.

Validation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
// tr.gov.turkiye.ekds.manager.LogicManager

public class LogicManager implements Runnable {
    private IBasicServiceContainer4Std serviceContainer;

    private void validateCertificate() throws EKKAPIException, LocalException {
        // ...
        ICertificateService certificateService = this.serviceContainer.getCertificateService();
        // get Authentication Certificate
        X509Certificate certificateAtClient = certificateService.getKimlikDogrulamaCertificate();
        String kimlikNo = certificateService.getKimlikNumarasi(certificateAtClient);
        // ...
        this.challenge = HttpManager.getInstance().getChallenge(kimlikNo, this.transId);
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
// tr.gov.tubitak.bilgem.uekae.ekds.tckk.api.v2_5.operational.service.CertificateServiceBase

public abstract class CertificateServiceBase implements ICertificateService {
    protected final ICertificateReader certificateReader;

    public X509Certificate getKimlikDogrulamaCertificate() throws EKKAPIException {
        try {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509", this.getProvider());
            // read Authentication Certificate from Smart Card
            InputStream in = new ByteArrayInputStream(this.certificateReader.readKimlikDogrulamaCertificate());
            return (X509Certificate)certFactory.generateCertificate(in);
        } catch (Exception var3) {
            // ...
        }
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
// tr.gov.tubitak.bilgem.uekae.ekds.tckk.api.v2_5.operational.communication.apdu.CertificateReader

public class CertificateReader extends a implements ICertificateReader {
    public byte[] readKimlikDogrulamaCertificate() throws EKKAPIException {
        try {
            // select APDU Application
            this.selectApplication(TCKKAddress.FID_MF);
            this.selectApplication(TCKKAddress.FID_KDU);
            return this.readFile(TCKKAddress.FID_PKCS15_CERT1);
        } catch (Exception var2) {
            // ...
        }
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
// tr.gov.tubitak.bilgem.uekae.ekds.tckk.api.v2_5.operational.communication.apdu.TCKKCommander

public final class TCKKCommander {
    private AbstractAkisCommands a;

    public final void selectApplication(byte[] fidApp) throws EKKAPIException {
        try {
            // prepare APDU command
            if (Arrays.equals(fidApp, TCKKAddress.FID_MF)) {
                this.a.selectMF();
                this.b = TCKKAddress.FID_MF;
            } else {
                this.a.selectFileUnderMF(fidApp);
                this.b = Arrays.copyOf(fidApp, fidApp.length);
            }
        } catch (Exception var3) {
            // ...
        }
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
// tr.gov.tubitak.bilgem.uekae.akis.akisCIF.commands.CommandsV20

public class CommandsV20 extends AbstractAkisCommands {
    public FCI selectMF() throws AkisException, CardException {
        byte[] selectFileCommand = new byte[]{0, -92, 0, 0, 0};
        // send APDU command
        ResponseAPDU response = this.sendCommand(selectFileCommand);
        byte[] responseData = response.getData();
        this.lastFCI.setFCI(responseData);
        return new FCI(responseData);
    }
}

Send a POST request to the API to get a challenge.

Challenge

Hardware

Smart Card Pinout

References

Research
#Reverse Engineering
Communication with Turkey Identity Card (TCKK) for e-Devlet Authentication
https://blog.hardfury.com/communication-with-turkey-identity-card-tckk-for-e-devlet-authentication/
Posted on
September 20, 2023
Licensed under