Unblock Pin
This command allows a user to unblock a previously blocked PIN using a valid PUK and simultaneously set a new PIN. This is only available when the user PIN is in a blocked state and PinAuth is enabled.
def unblock_pin(puk: str, new_pin: str)
card.unblock_pin(puk, new_pin)
For example, unblock_pin("09875789012", "132456122")
Application Protocol Data Unit (APDU) Components
The following table outlines the components of the Application Protocol Data Unit (APDU).
Field | Description | Value |
CLA | This field specifies the class of the instruction. | 0x80 |
INS | This field specifies the particular command or operation that the smart card or secure element should execute. | 0x22 |
P1 | First parameter of the instruction that specifies the details about the operation being requested. | 0x00 |
P2 | Second parameter of the instruction that specifies additional details about the operation being requested. | 0x00 |
Data | Key data | The PUK followed by the new PIN |
📘 Note
- This command is used to unblock the user PIN when it has been locked due to repeated incorrect attempts.
- Requires Secure Channel to be opened.
- The PIN must be blocked and PinAuth must be enabled.
- After success, the PIN is reset and authenticated for the session.
- PUK retry is limited to 12 attempts per power cycle.
- Card must be power-cycled to retry if 0x63C0 is returned due to exhaustion.
Input Validation Rules
- PUK must be:
- 12 bytes long
- PIN must be:
- 9 characters long
- Begin with at least 4 digits (‘0’-‘9’)
- Padded with 0x00 to fill 9 bytes if shorter
- Total Data: Exactly 21 bytes
Data = PUK (12 bytes) + new PIN (9 bytes)
Response
The following table outlines the possible responses that you will receive:
Response Code | Description |
0x9000 | Success |
0x6A80 | Invalid data format (must be exactly 21 bytes) |
0x6985 | PIN is not blocked or PinAuth is disabled |
0x63Cx | Invalid PUK — x = remaining tries (up to 12 per power cycle) |
0x63C0 | No more tries left in current session — power cycle required to continue |