Wednesday, May 13, 2015

New version of libccid: 1.4.19

I just released a version 1.4.19 of libccid the free software CCID class smart card reader driver.

Direct download here.

Changes:
1.4.19 - 13 May 2014, Ludovic Rousseau
  • Add support of
    • AK910 CKey (idProduct 0x0001)
    • AK910 CKey (idProduct 0x0011)
    • AK910 IDONE
    • Broadcom Corp 5880 (idProduct: 0x5804)
    • CASTLES EZCCID Smart Card Reader
    • Cherry KC 1000 SC
    • Cherry KC 1000 SC Z
    • Cherry KC 1000 SC/DI
    • Cherry KC 1000 SC/DI Z
    • Cherry TC 1300
    • Chicony USB Smart Card Keyboard
    • Elatec TWN4 SmartCard NFC
    • Feitian 502-CL
    • Feitian eJAVA Token
    • FujitsuTechnologySolutions GmbH Keyboard KB100 SCR
    • FujitsuTechnologySolutions GmbH Keyboard KB100 SCR eSIG
    • Hewlett-Packard HP lt4112 Gobi 4G Module
    • Identive SCT3522CC token
    • OMNIKEY AG 6121 USB mobile
    • PIVKey T800
    • REINER SCT tanJack Bluetooth
    • Watchdata USB Key
  • Add syslog(3) debug for Mac OS X Yosemite.
    Use: sudo syslog -c "com.apple.ifdreader PID" -d to change the logging level.
    See also "Change syslog logging level on Yosemite" http://ludovicrousseau.blogspot.com/2015/03/change-syslog-logging-level-on-yosemite.html
  • Remove ZLP patch for Gemalto IDBridge CT30 and K30. The patch was causing problems with the K50. A new reader firmware (version F) solved the problem so the patch is no more needed.
  • Fix a memory leak in an error path
  • some minor bugs removed

Sunday, April 12, 2015

pcsc-lite and CCID driver source code moved from SVN to GIT

The major projects hosted at https://alioth.debian.org/projects/pcsclite/ have moved from SVN (subversion) to GIT as the Version Control System (VCS).

Alioth.debian.org

The new URLs for the source code are:

The source code at the SVN server is still available at https://anonscm.debian.org/viewvc/pcsclite/trunk/ but will not be updated any more.

Github

I also provide a github version of the source codes at:

You can either use use the alioth or github server to clone the repositories.

Master repository is alioth

But be careful that they are different repositories. One repo is NOT the mirror of the other repo. They are both handled by hand.

The "official" repository should be the one at alioth.debian.org.

Conclusion

Maybe this change will bring new blood to the development :-)

The real reason for the move is that alioth only provides an ssh access to push code. So it is not possible to work from places where connecting to an Internet server using ssh is not allowed. I should be able to push code to github from anywhere (since github can use https) and then merge it and push it to alioth from more net-friendly places.

Thursday, April 9, 2015

Some PC/SC bugs of Yosemite 10.10 fixed in 10.10.3

The 10.10.3 release of Yosemite solves some (1 - one) of the PC/SC bugs introduced in 10.10 and that I reported in "OS X Yosemite and smart cards: known bugs".

I updated the main article with the list and also each individual bug documentation.

Some PC/SC bugs are still present in 10.10.3 but they are "minor".

Wednesday, April 1, 2015

Smart card reader p0rn pictures

Federal Communications Commission

Devices emitting radio frequency signals must be declared at the FCC to be sold in the USA (or something like that). Smart card readers are such devices since they use electricity.

I let you read the wikipedia page to know more about the FCC.

Search engine

The Office of Engineering and Technology (part of the FCC) provides a search engine at Equipment Authorization Search.

Example: Gemalto MESPROXDUB

I searched for all the Gemalto devices. The list contains 381 results.

I found the MESPROXDUB also known as IDBridge CL300 (previously known as Prox-DU) smart card reader. I have it in my own list at Gemalto Prox Dual USB PC Link Reader.

The result of the search is a list:

9 Matches found for FCC ID MESPROXDUB
View Attachment Exhibit Type Date Submitted to FCC Display Type Date Available
Confidentiality Request Cover Letter(s) 01/17/2011 pdf 01/17/2011
External Photos External Photos 01/17/2011 pdf 01/17/2011
Label ID Label/Location Info 01/17/2011 pdf 01/17/2011
Internal Photos Internal Photos 01/17/2011 pdf 01/17/2011
Operational Description Operational Description 01/17/2011 pdf 01/17/2011
Test Report Test Report 01/17/2011 pdf 01/17/2011
Test Setup Photos Test Setup Photos 01/17/2011 pdf 01/17/2011
User Manual - Prox-DU Users Manual 01/17/2011 pdf 01/17/2011
User Manual - Prox-SU Users Manual 01/17/2011 pdf 01/17/2011

For a strange reason it is not possible to directly access the referenced PDF documents. You will get a "You are not authorized to access this page." if you click on the links in the table above. You need to get them from the real result page itself.

Pictures

What is interesting for a hardware hacker are the "Internal Photos". This is called "hardware p0rn".

You can search "hardware p0rn" in Google. Maybe some pictures from Google are NSFW. There is also a tumblr dedicated to hardware porn with nice (and safe) pictures.

Pictures of the Gemalto MESPROXDUB

I will not include all the pictures here, just "best of" a selection.






Conclusion

You can also search for "Apple" in the search engine. You will find photos of the internal of the iPhone. But pictures from iFixit are of a much better quality. I do not know an equivalent of iFixit for smart card readers.

Friday, March 27, 2015

Gemalto smart card readers

Now that Gemalto bought SafeNet it has become a big company with a lot of different brands.

Some of the brands in the Gemalto group are used by CCID readers listed in the big matrix. I will only talk about CCID compliant readers. So readers produced before the CCID specification was available (around 2001) are not listed here.

Short history of Gemalto fusions and acquisitions

  • 1926: creation of Schlumberger
  • 1988: creation of Gemplus
  • 2001: Schlumberger buys Sema Group plc and becomes SchlumbergerSema
  • 2004: Axalto is a spin-off of SchlumbergerSema
  • 2006: Axalto and Gemalto merge to become Gemalto
  • 2009: Gemalto buys XIRING’s banking activity
  • 2010: SafeNet buys Aladdin
  • 2010: Gemalto buys Todos AB in Sweden
  • 2015: Gemalto buys SafeNet
I only list the fusions and acquisitions related to smart card reader manufacturers.

VendorID

VendorVendorID# of readers
Total31
Aladdin0x05291
Axalto?1
Gemalto0x08E617
Gemplus0x08E68
SafeNet?1
SchlumbergerSema0x09731
Todos0x0B0C2
Xiring0x0F140

Each USB device is identified by a VendorID.
It looks like Axalto and SafeNet do not have their own VendorID.

Xiring

All the Xiring readers I have in my list are now sold by ingenico Healthcare e-ID (ex Xiring healthcare).
They are available at ingenico technical support page.

So Gemalto bought XIRING’s banking activity but it looks like this division of Xiring had no CCID reader.

Reader list


Aladdin


  1. eToken PRO USB 72K Java (Aladdin_eToken_PRO_USB_72K_Java.txt)


Axalto


  1. Reflex USB v3 (AxaltoV3.txt)


Note that the VendorID used by this reader is 0x04E6 and is the VendorID used by SCM (now Identive) for its readers. I guess the reader is a SCM one rebranded as Axalto.

Gemalto


  1. SA .NET Dual (Gemalto_SA_dotNet_Dual.txt)

  2. Ezio Shield Branch Reader (Gemalto_Ezio_Branch.txt)
  3. Ezio Shield (Gemalto_Ezio_Shield_PinPad.txt)

  4. Ezio Shield (Gemalto_Ezio_Shield.txt)

  5. EZIO CB+ (Gemalto_Ezio_CB+.txt)

  6. ING Shield Pro SC (Gemalto_Ezio_Shield_Secure_Channel.txt)

  7. Ezio Shield Pro SC (Gemalto_Ezio_Shield_Pro_SC.txt)

  8. IDBridge CT30 (Gemalto_IDBridge_CT30.txt)

  9. PDT (Gemalto_PDT.txt)
  10. Hybrid Smartcard Reader (Gemalto_HybridSmartcardReader.txt)
  11. IDBridge K30 (Gemalto_IDBridge_K30.txt)

  12. Smart Enterprise Guardian Secure USB Device (GemaltoSmartEnterpriseGuardian.txt)

  13. USB GemPCPinpad SmartCard Reader (GemPCPinpadv2.txt)

  14. IDBridge K3000 (Gemalto_IDBridge_K3000.txt)

  15. Smart Enterprise Guardian Secure USB Device (Gemalto_SG.txt)

  16. Prox Dual USB PC Link Reader (GemProxDU.txt)

  17. Prox SU USB PC LinkReader (GemProxSU.txt)


Gemplus


  1. Gemplus USB SmartCard Reader 433-Swap (GemPC433_SL.txt)

  2. USB GemPCPinpad SmartCard Reader (GemPCPinpad.txt)

  3. GemCore SIM Pro Smart Card Reader (GemCoreSIMPro.txt)

  4. GemCore POS Pro Smart Card Reader (GemCorePOSPro.txt)
  5. USB Shell Token V2 (GemPCKey.txt)

  6. PC Twin Reader (GemPCTwin.txt)

  7. GemPC Express (GemPC_Express.txt)

  8. Gem e-Seal Pro USB Token (Gem_e-SealPro.txt)

SafeNet


  1. SmartMX Sample (Philips_SmartMX.txt)


Similar remark as for Axalto. Here the iManufacturer is: Philips Semiconductors. The vendorID is 0x04B9 which should be Rainbow Technologies.

SchlumbergerSema


  1. SchlumbergerSema Cyberflex Access (e-gate.txt)

Todos


  1. CX00 (Todos_Cx00.txt)

  2. Argos Mini II (Todos_AGM2_CCID.txt)


Conclusion

After so much fusion and acquisitions in the smart card industry it may be difficult to know where to get manufacturer support for a given reader.

Gemalto provides a drivers support page where you can find most of the "Gemalto" readers.

Tuesday, March 24, 2015

Change syslog logging level on Yosemite

In "Debug a smart card application on Yosemite" we have seen how Apple provides a way to get the ATR and exchanged APDU from the com.apple.ifdreader process (new on Yosemite).

syslog(3)

In some cases you need more than just ATR and APDU. That is why my CCID driver also uses syslog() to log debug messages.

According to syslog(3) manual page syslog() prototype is: void syslog(int priority, const char *message, ...);

The priority parameter is used to tell if the syslog message is important or not. For example messages of level LOG_EMERG are "A panic condition. This is normally broadcast to all users."

You can use the syslog(1) command line tool to log a message. To log an emergency message just do:
$ syslog -s -l 0 Read http://ludovicrousseau.blogspot.fr/
  • -s to send a message
  • -l 0 to use level 0 i.e. Emergency

You should see a message broadcasted in every Terminal console and a message in /var/log/system.log. You can use the Console application to read the /var/log/system.log file.

By default messages with level Info (6) or Debug (7) are just ignored.

Logging low level messages

To log messages of level Info and Debug from the CCID driver you need to tell syslog to accept them. We could change the global configuration to accept debug messages from every running process but that may generate a lot of noise. Each process has its own syslog filter. We will use that feature instead.

First step is to get the process identification (PID) of the com.apple.ifdreader process. I use something like:
$ ps -Aww | grep com.apple.ifdreader
28775 ??         0:00.74 /System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader
28803 ttys000    0:00.00 grep com.apple.ifdreader

In my case the PID is 28775.

You can see the syslog filter for the process using:
$ syslog -c 28775
Process 28775 syslog filter mask: Off

Change the filter using:
$ sudo syslog -c 28775 -d
-d indicates: set the filter level to cause to log messages from Emergency up to Debug.

And verify the filter has changed:
$ syslog -c 28775 
Process 28775 syslog filter mask: Emergency - Debug

Displaying logs

You can use the Console application to display the logs.

You can also use a command line program with:
$ syslog -w -k Sender com.apple.ifdreader
This will continuously display the log messages from com.apple.ifdreader as they are generated by the driver.

Conclusion

Apple removed the ability to run pcscd in foreground mode from the console on Yosemite because pcscd has been replaced by something different (See "OS X Yosemite and smart cards status").

As we have seen in this article it is still possible to log messages from a smart card reader driver. Using syslog may even be easier to use than restarting the pcscd process.

Thursday, February 26, 2015

Some PC/SC bugs of Yosemite 10.10 fixed in 10.10.2

The 10.10.2 release of Yosemite solves some of the PC/SC bugs introduced in 10.10 and I reported in "OS X Yosemite and smart cards: known bugs".

I updated the main article with the list and also each individual bug documentation.

Maybe the 10.10.3 release will solve the other PC/SC bugs.