I want to block my card
for further development.
Does anyone know how to do
that with GPShell?
I found this command:
open_sc -security 3 -keyind 0 -keyver 0 -key "currentKey" -keyDerivation visa2 // Open secure channel
put_sc_key -keyver 0 -newkeyver 0 -mac_key "newKey" -enc_key "newKey" -kek_key "newKey"-current_kek "currentKey"
but got this error:
put_secure_channel_keys() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.)
I also tried:
put_sc_key -keyver 1 -newkeyver 1 -key "newKey" -keyDerivation visa2
but got this error:
put_secure_channel_keys() returns 0x80206A88 (6A88: Referenced data not found.)
I was dealing with the same problem about two years ago with GPShell and Gemalto card (not so sure if I was getting 0x6A80, but probably yes) -- if I remember correctly, GPShell used wrong diversification data for new keys and (which is worse) wrong KEK for put_sc_key command with -keyDerivation option.
Maybe this was fixed in upstream -- you might want to consider trying the latest svn version (UPDATE: I was told that the problem is fixed now).
That time I used the following ugly modifications against svn revision 419:
--- globalplatform/src/globalplatform.c (revision 419)
+++ globalplatform/src/globalplatform.c (working copy)
## -61,6 +61,10 ##
#ifndef MAX_PATH
#define MAX_PATH 257
#endif
+
+static BYTE savedKEK[16];
+
+
static BYTE C_MACDerivationConstant[2] = {0x01, 0x01}; //!< Constant for C-MAC session key calculation.
static BYTE ENCDerivationConstant[2] = {0x01, 0x82};//!< Constant for encryption session key calculation.
## -3309,6 +3313,15 ##
OPGP_LOG_START(_T("VISA2_derive_keys"));
OPGP_LOG_HEX(_T("VISA2_derive_keys: Base Key Diversification Data: "), baseKeyDiversificationData, 10);
+ static BYTE savedBaseKeyDiversificationData[10];
+ if(memcmp(baseKeyDiversificationData, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 10)==0) {
+ // In trouble -> patch
+ memcpy(baseKeyDiversificationData, savedBaseKeyDiversificationData, 10);
+ } else {
+ memcpy(savedBaseKeyDiversificationData, baseKeyDiversificationData, 10);
+ }
+
+ OPGP_LOG_HEX(_T("VISA2_derive_keys: Base Key Diversification Data2: "), baseKeyDiversificationData, 10);
/* Key Diversification data VISA 2
KDCAUTH/ENC xxh xxh || IC serial number || F0h 01h ||xxh xxh || IC serial number
## -3971,6 +3984,9 ##
OPGP_LOG_MSG(_T("mutual_authentication: S-MAC Session Key: "), secInfo->C_MACSessionKey, 16);
+ if (secInfo->secureChannelProtocol == GP211_SCP01) {
+ memcpy(savedKEK, secInfo->dataEncryptionSessionKey, 16);
+ }
#ifdef OPGP_DEBUG
if (secInfo->secureChannelProtocol == GP211_SCP01) {
OPGP_LOG_HEX(_T("mutual_authentication: Data Encryption Key: "), secInfo->dataEncryptionSessionKey, 16);
## -4513,6 +4529,12 ##
OPGP_ERROR_STATUS status;
GP211_SECURITY_INFO gp211secInfo;
mapOP201ToGP211SecurityInfo(*secInfo, &gp211secInfo);
+
+ if(memcmp(KEK, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 10)==0) {
+ // In trouble -> patch
+ memcpy(KEK, savedKEK, 16);
+ }
+
memcpy(gp211secInfo.dataEncryptionSessionKey, KEK, 16);
status = put_secure_channel_keys(cardContext, cardInfo, &gp211secInfo, keySetVersion, newKeySetVersion,
NULL, new_encKey, new_macKey, new_KEK);
Which worked for me with this script:
mode_201
....skipped...
open_sc -security 3 -keyind 0 -keyver 0 -key <motherKey> -keyDerivation visa2
put_sc_key -scp 1 -keyver 1 -newkeyver 1 -key <newMotherKey> -keyDerivation visa2 -current_kek 00000000000000000000000000000000
If my memory serves me well the patch does the following:
saves key diversification data during the first authentication (i.e. the open_sc) and then uses them when diversifying new keys for put_sc_key.
saves the derived KEK during the first authentication and then uses it as KEK for new key values encryption (this triggers by using the 0000....0000 KEK).
You may consider using another tool (GlobalPlatformPro?), but I am not sure whether it supports key diversification for PUT KEY (never tried).
Good luck!
EDIT> Regarding the block my card for further development part
This method (presumably) changes the ISD keys, which in most cases (i.e. when no other SD is in place) protect the access to the card management
my bet is that your cards initially have one of well-known javacard default keys in place -- and by changing these default keys to some other strong value you prevent attackers knowing these default keys from authenticating to your card (emphasis on strong means you should avoid using keys like 0102030405..)
changing the keys actually does not prevent the entity knowing the new keys from managing the card contents -- with the keys you can manage the card at will. The idea is that you are the only one with access to the keys
changing the (I)SD keys changes the keys used by GPSystem.getSecureChannel() if your applet uses it
The only method (I am aware of) to block the card for further management while preserving the loaded applet functionality is to block the (I)SD access by unsuccessfully attempting authentication about ~10 times -- as most cards do block access to the (I)SD under this condition (your mileage may vary). I would not recommend this way.
Related
I am currently using Dart/Flutter BLE plugin to better understand BLE devices.
Plugin:
https://pub.dartlang.org/packages/flutter_blue
When I connect to my virtual cycle trainer I select the 0x1818 service and then I subscribe to the 0x2A63 characteristic for Cycle Power Measurement.
I am struggling to align the response list I get with the GATT documentation for this service/characteristics below. There is 18 values in this list, however there is only 17 in the GATTS list. Also the values don't seem to make any sense.
I also tried to convert the first two values '52','24' to a 16 bit binary to see if that aligns with the flags for the first field, but the result was the below which again makes no sense.
0x3418 = 11010000011000
https://www.bluetooth.com/specifications/gatt/viewer?attributeXmlFile=org.bluetooth.characteristic.cycling_power_measurement.xml
This screenshot is when I first connect to the trainer.
This screenshot is when I am cycling lightly on the bike
This screenshot is when I stop cycling but the pedals and wheel are still turning.
The cycle trainer is the Cycleops Magnus, which doesn't have the Cycle Speed Cadence service 1816, but can provide virtual speed based on power.
My Question is this:
Which of the values in the list corresponding with the GATTS
characteristics and bonus question is, how would I infer speed or
cadence from the values in this service?
Based on section 3.55 of the Bluetooth GATT specs:
DEC - [52,24,40,0,58,29,59,0,0,0,107,136,23, 0,214, 81, 1,0]
BIT - 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Flag field = 24,52 (bit0 and bit1)
2452 = 00001001 10010100
section 3.55.2.1
the corresponding (1) equates to
- bit2 = Accumulated Torque Present
- bit4 = Wheel Revolution Data Present
- bit7 = Extreme Torque Magnitudes Present
- bit8 = Extreme Angles Present
- bit11 = Accumulated Energy Present
Then from section 3.55.2, you go down the list of bits based on the flags:
Instant Power is bits2 (40) and bit3 (0)
(Dec) 0040 == 00000000 00101000 == 40w
to decipher the rest of the bits, we then have to refer to the flags field since the remaining bits after the flags field and instant power have to depend on what the flags field says that the trainer is supporting.
Based on bit2 of the flags field which says that "Accumulated Torque Present" (
Present if bit 2 of Flags field set to 1) Hence the next 2 bits represents Accumulated Torque
Dec (2958)
The next data would then be based on bit4 of the flags field - Wheel Rev Data Present (Present if bit 4 of Flags field set to 1). This is wheel speed which would translate into speed once you taken into account wheel circumference. For Wheel Rev Data, this is represented by the next 6 bits.
Cumulative Wheel Revolutions - 4 bits
Last Wheel Event Time - 2 bits
like you mentioned, this trainer does not offer cadence service, hence that's why you do not see the flags field (bit5) to be 1. Hence you cannot infer cadence from this data set.
For Wheel speed, you would then decode the data from the 6 bits based on Cum Wheel Rev and Last Wheel Event Time. I can't offer you code on how to decode the 6 bits as you're using flutter and I've no experience in flutter language. (I do Swift) but can likely take a look at this code from GoldenCheetah and convert accordingly.
BT40Device::getWheelRpm(QDataStream& ds)
{
quint32 wheelrevs;
quint16 wheeltime;
ds >> wheelrevs;
ds >> wheeltime;
double rpm = 0.0;
if(!prevWheelStaleness) {
quint16 time = wheeltime - prevWheelTime;
quint32 revs = wheelrevs - prevWheelRevs;
// Power sensor uses 1/2048 second time base and CSC sensor 1/1024
if (time) rpm = (has_power ? 2048 : 1024)*60*revs / double(time);
}
else prevWheelStaleness = false;
prevWheelRevs = wheelrevs;
prevWheelTime = wheeltime;
dynamic_cast<BT40Controller*>(parent)->setWheelRpm(rpm);
}
I am working on a use-case where OpenPGP is being used to generate a public key pair on a smart card (Yubikey).
The smart card is then to be shipped off to the user.
Trying to emulate this locally the following is being done:
generate keys on smart card
remove GnuPG home directory
access smart card to re-generate GnuPG home directory
The issue is that I cannot test encrypting a file after the above steps have been performed as the public key seems to be missing. fetch doesn't seem to work.
At this stage I do not want to share the public key on any online server.
Is there any way of retrieving the public key from the smart card after deleting the key rings?
Below are the steps being followed:
$ gpg --card-edit
Reader ...........: 1050:0404:X:0
Application ID ...: D2760001240102010006046314290000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 04631429
Name of cardholder: sm sm
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: sm
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: 54D4 E469 7056 B390 AE72 CAA1 A507 3320 7876 0302
created ....: 2017-10-11 13:16:52
Encryption key....: ADA3 2D7F 8D66 4F34 C04A 457C DFEB E3E4 A8F1 8611
created ....: 2017-10-11 11:14:18
Authentication key: 18B9 7AB4 0723 46F4 C23A 3DD7 E5C0 6A93 049E F6A8
created ....: 2017-10-11 11:14:18
General key info..: [none]
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) n
gpg: Note: keys are already stored on the card!
Replace existing keys? (y/N) y
What keysize do you want for the Signature key? (4096)
What keysize do you want for the Encryption key? (4096)
What keysize do you want for the Authentication key? (4096)
Key is valid for? (0) 0
Is this correct? (y/N) y
Real name: john doe
Email address: john.doe#foobar.com
Comment:
You selected this USER-ID:
"john doe <<john.doe#foobar.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: /home/xxx/.gnupg/trustdb.gpg: trustdb created
gpg: key 6825CB0EBDA94110 marked as ultimately trusted
gpg: directory '/home/xxx/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/xxx/.gnupg/openpgp-revocs.d/6858F119E93FB74BB561DE556825CB0EBDA94110.rev'
public and secret key created and signed.
gpg/card> list
Reader ...........: 1050:0404:X:0
Application ID ...: D2760001240102010006046314290000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 04631429
Name of cardholder: sm sm
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: sm
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 4
Signature key ....: 6858 F119 E93F B74B B561 DE55 6825 CB0E BDA9 4110
created ....: 2017-10-11 13:18:11
Encryption key....: BE05 7FDF 9ACD 05F0 B75A 570F 4711 4B69 A622 C1DC
created ....: 2017-10-11 13:18:11
Authentication key: 7275 2C47 B1EF BFB5 1E6D 0E65 31C7 7DBE 2D22 7E32
created ....: 2017-10-11 13:18:11
General key info..: pub rsa4096/6825CB0EBDA94110 2017-10-11 john doe <<john.doe#foobar.com>
sec> rsa4096/6825CB0EBDA94110 created: 2017-10-11 expires: never
card-no: 0006 04631429
ssb> rsa4096/31C77DBE2D227E32 created: 2017-10-11 expires: never
card-no: 0006 04631429
ssb> rsa4096/47114B69A622C1DC created: 2017-10-11 expires: never
card-no: 0006 04631429
gpg/card> quit
$ rm -rf .gnupg/
$ gpg --card-status
gpg: directory '/home/smalatho/.gnupg' created
gpg: new configuration file '/home/smalatho/.gnupg/dirmngr.conf' created
gpg: new configuration file '/home/smalatho/.gnupg/gpg.conf' created
gpg: keybox '/home/smalatho/.gnupg/pubring.kbx' created
Reader ...........: 1050:0404:X:0
Application ID ...: D2760001240102010006046314290000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: 04631429
Name of cardholder: sm sm
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: sm
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 4
Signature key ....: 6858 F119 E93F B74B B561 DE55 6825 CB0E BDA9 4110
created ....: 2017-10-11 13:18:11
Encryption key....: BE05 7FDF 9ACD 05F0 B75A 570F 4711 4B69 A622 C1DC
created ....: 2017-10-11 13:18:11
Authentication key: 7275 2C47 B1EF BFB5 1E6D 0E65 31C7 7DBE 2D22 7E32
created ....: 2017-10-11 13:18:11
General key info..: [none]
OpenPGP smart cards do not store enough information to reconstruct a full OpenPGP public key. You must import the public key separately -- sharing it on a key servers is one solution, but you can also gpg --export the key and later gpg --import it again for testing.
It requires the user to manually export the public key before deleting GNUPGHOME directory and then re-importing the public key in the smart card.
$ gpg --armor --export j.doe#example.com > public.asc
$ rm -rf ~/.gnupg
$ gpg --import public.asc
According to the maintainer of GnuPG, it is technically possible to reconstruct the public key using only information from the card but it isn't easy:
However, if you really lost the public key and you need it back, it is possible to re-create the public key with the same fingerprint. There is no code for this, you need to hack the source.
What you need is the creation timestamp and the public key parameters
from the card. You can gather this information using
$ gpg-connect-agent
> scd learn --force
S SERIALNO D276000124010101000100xxxxxxxxxx 0
S APPTYPE OPENPGP
[...]
S KEY-TIME 1 1136130759
S KEY-TIME 2 1136132140
S KEY-TIME 3 1136131786
[...]
OK
> /decode
> /hex
> scd readkey OPENPGP.1
D[0000] 28 31 30 3A 70 75 62 6C 69 63 2D 6B 65 79 28 33 (10:public-key(3
D[0010] 3A 72 73 61 28 31 3A 6E 31 32 39 3A 00 D0 99 19 :rsa(1:n129:....
[...]
OK
Take the creation time from the KEY-TIME lines. I used /decode and /hex above only for readability. You should use
> /datafile out
> scd readkey OPENPGP.1
OK
> /bye
instead which writes the s-expression with the public key to the file out. The Libgcrypt functions take those s-expressions as arguments. Now you need to feed it to gpg to create the public key part and the self-signatures.
I'm trying to set my microphone to 50% with autohotkey but it only sets my master volume. I've tried
SoundSet 1, Microphone, 50
but it doesn't work. I also tried all the numbers up to 6.
I actually wrote something for this a while ago on the AHK subreddit. You can use this to toggle your mic volume to 50%. Pressing it again will set the volume back to whatever the original value was.
Give it a shot. If it doesn't work, let me know.
If it does, then you can mark your question answered.
Set your mic volume to something easy to remember but not common like 77. This is a temporary step to get the right audio device. You can change this later.
Run this script. PProvost wrote this and it can be found in the AHK Docs, too.
Look for the volume level that's set to 77. Note the component type (should look like Master:1), control type (most likely Volume or Microphone), and the mixer (which varies on each system. Mine was 10.)
;=============== Set This Stuff ===============
; Get this info from PProvost's script. If you lose the URL later, it's:
; https://github.com/PProvost/AutoHotKey/blob/master/SoundCardAnalysis.ahk
; Component Type
compType := "Master:1"
; Control Type
conType := "Volume"
; Mixer Number
mixer := 10
;Toggle tracker
toggle := 0
;=============== End "Set This Stuff" Section ===============
; Hotkey to set/toggle volume
F1::
; Tracks sound status
toggle = !toggle
; If toggle is turned on
if (toggle = 1){
; Save old setting
SoundGet, oldSound, % compType, % conType, % mixer
; Set new setting
SoundSet, 50, % compType, % conType, % mixer
; If toggle is off
}Else
; Revert to the old setting
SoundSet, % oldSound, % compType, % conType, % mixer
return
; Shift+Escape kills the app.
+Escape::ExitApp
I made my owm AHK with the response's help. I set it in my startup file and it sets my microphone volume to 30% every time I start up my computer (since my microphone is standard pretty loud)
Here is the code:
;=============== sauce ===============
; https://stackoverflow.com/questions/44330795/autohotkey-soundset-doesnt-change-mic
; https://github.com/PProvost/AutoHotKey/blob/master/SoundCardAnalysis.ahk
; Component Type
compType := "MASTER:1"
; Control Type
conType := "VOLUME"
; Mixer Number
mixer := 7
SoundSet, 31, % compType, % conType, % mixer
Am running my ALSA Driver on Ubuntu 14.04, 64bit, 3.16.0-30-generic Kernel.
Hardware is proprietary hardware, hence cant give much details.
Following is the existing driver implementation:
Driver is provided sample format, sample rate, channel_count as input via module parameter. (Due to requirements need to provide inputs via module parameters)
Initial snd_pcm_hardware structure for playback path.
#define DEFAULT_PERIOD_SIZE (4096)
#define DEFAULT_NO_OF_PERIODS (1024)
static struct snd_pcm_hardware xxx_playback =
{
.info = SNDRV_PCM_INFO_MMAP |
SNDRV_PCM_INFO_INTERLEAVED |
SNDRV_PCM_INFO_MMAP_VALID |
SNDRV_PCM_INFO_SYNC_START,
.formats = SNDRV_PCM_FMTBIT_S16_LE,
.rates = (SNDRV_PCM_RATE_8000 | \
SNDRV_PCM_RATE_16000 | \
SNDRV_PCM_RATE_48000 | \
SNDRV_PCM_RATE_96000),
.rate_min = 8000,
.rate_max = 96000,
.channels_min = 1,
.channels_max = 1,
.buffer_bytes_max = (DEFAULT_PERIOD_SIZE * DEFAULT_NO_OF_PERIODS),
.period_bytes_min = DEFAULT_PERIOD_SIZE,
.period_bytes_max = DEFAULT_PERIOD_SIZE,
.periods_min = DEFAULT_NO_OF_PERIODS,
.periods_max = DEFAULT_NO_OF_PERIODS,
};
Similar values for captures side snd_pcm_hardware structure.
Please, note that the following below values are replaced in playback open entry point, based on the current audio test configuration:
(user provides audio format, audio rate, ch count via module parameters as inputs to the driver, which are refilled in snd_pcm_hardware structure)
xxx_playback.formats = user_format_input
xxx_playback.rates = xxx_playback.rate_min, xxx_playback.rate_max = user_sample_rate_input
xxx_playback.channels_min = xxx_playback.channels_max = user_channel_input
Similarly values are re-filled for capture snd_pcm_hardware structure in capture open entry point.
Hardware is configured for clocks based on channel_count, format, sample_rate and driver registers successfully with ALSA layer
Found aplay/arecord working fine for channel_count = 1 or 2 or 4
During aplay/arecord, in driver when "runtime->channels" value is checked, it reflects the channel_count configured, which sounds correct to me.
Record data matches with played, since its a loop back test.
But when i use channel_count = 3, Both aplay or arecord reports
"Broken configuration for this PCM: no configurations available"!! for a wave file with channel_count '3'
ex: Playing WAVE './xxx.wav' : Signed 16 bit Little Endian, Rate 48000 Hz, Channels 3
ALSA lib pcm_params.c:2162:(snd1_pcm_hw_refine_slave) Slave PCM not usable
aplay: set_params:1204: Broken configuration for this PCM: no configurations available
With Following changes I was able to move ahead a bit:
.........................
Method1:
Driver is provided channel_count '3' as input via module parameter
Modified Driver to fill snd_pcm_hardware structure as payback->channels_min = 2 & playback->channels_min = 3; Similar values for capture path
aplay/arecord reports as 'channel count not available', though the wave file in use has 3 channels
ex: aplay -D hw:CARD=xxx,DEV=0 ./xxx.wav Playing WAVE './xxx.wav' : Signed 16 bit Little Endian, Rate 48000 Hz, Channels 3
aplay: set_params:1239: Channels count non available
Tried aplay/arecord with plughw, and aplay/arecord moved ahead
arecord -D plughw:CARD=xxx,DEV=0 -d 3 -f S16_LE -r 48000 -c 3 ./xxx_rec0.wav
aplay -D plughw:CARD=xxx,DEV=0 ./xxx.wav
Recording WAVE './xxx_rec0.wav' : Signed 16 bit Little Endian, Rate 48000 Hz, Channels 3
Playing WAVE './xxx.wav' : Signed 16 bit Little Endian, Rate 48000 Hz, Channels 3
End of Test
During aplay/arecord, In driver when "runtime->channels" value is checked it returns value 2!!! But played wavefile has ch count 3...
When data in recorded file is checked its all silence
.........................
Method2:
Driver is provided channel_count '3' as input via module parameter
Modified Driver to fill snd_pcm_hardware structure as playback->channels_min = 3 & playback->channels_min = 4; Similar values for capture path
aplay/arecord reports as 'channel count not available', though the wave file in use has 3 channels
Tried aplay/arecord with plughw, and aplay/arecord moved ahead
During aplay/arecord, In driver when "runtime->channels" value is checked it returns value 4!!! But played wavefile has ch count 3...
When data in recorded file is checked its all silence
.........................
So from above observations, the runtime->channels is either 2 or 4, but never 3 channels was used by alsa stack though requested. When used Plughw, alsa is converting data to run under 2 or 4 channel.
Can anyone help why am unable to use channel count 3.
Will provide more information if needed.
Thanks in Advance.
A period (and the entire buffer) must contain an integral number of frames, i.e., you cannot have partial frames.
With three channels, one frame has six bytes. The fixed period size (4096) is not divisible by six without remainder.
Thanks CL.
I used period size 4092 for this particular test case with channel count 3, and was able to do loop back successfully (without using plughw).
One last question, when I used plughw earlier, and when runtime->channels was either 2 or 4, why was the recorded data not showing?
In Cassandra, I have the following Column Family:
<ColumnFamily CompareWith="TimeUUIDType" Name="Posts"/>
I'm trying to insert a record into it as follows using a C++ generated function generated by Thrift:
ColumnPath new_col;
new_col.__isset.column = true; /* this is required! */
new_col.column_family.assign("Posts");
new_col.super_column.assign("");
new_col.column.assign("1968ec4a-2a73-11df-9aca-00012e27a270");
client.insert("Keyspace1", "somekey", new_col, "Random Value", 1234, ONE);
However, I'm getting the following error: "UUIDs must be exactly 16 bytes"
I've even tried the Cassandra CLI with the following command:
set Keyspace1.Posts['somekey']['1968ec4a-2a73-11df-9aca-00012e27a270'] = 'Random Value'
but I still get the following error:
Exception null
InvalidRequestException(why:UUIDs must be exactly 16 bytes)
at org.apache.cassandra.thrift.Cassandra$insert_result.read(Cassandra.java:11994)
at org.apache.cassandra.thrift.Cassandra$Client.recv_insert(Cassandra.java:659)
at org.apache.cassandra.thrift.Cassandra$Client.insert(Cassandra.java:632)
at org.apache.cassandra.cli.CliClient.executeSet(CliClient.java:420)
at org.apache.cassandra.cli.CliClient.executeCLIStmt(CliClient.java:80)
at org.apache.cassandra.cli.CliMain.processCLIStmt(CliMain.java:132)
at org.apache.cassandra.cli.CliMain.main(CliMain.java:173)
Thrift is a binary protocol; 16 bytes means 16 bytes. "1968ec4a-2a73-11df-9aca-00012e27a270" is 36 bytes. You need to get your library to give you the raw, 16 bytes form.
I don't use C++ myself, but "version 1 uuid" is the magic string you want to google for when looking for a library that can do this. http://www.google.com/search?q=C%2B%2B+version+1+uuid