Wednesday, November 28, 2012

New version of pcsc-lite: 1.8.7

I just released a new version of pcsc-lite 1.8.7.

Changes:
pcsc-lite-1.8.7: Ludovic Rousseau
28 November 2012

Fix a problem when a reader is unplugged (and the reader is still in use)

Friday, November 23, 2012

New UI design for the online ATR parser

I made some graphical design (using CSS) for my Smart card ATR parsing online application.

I am not a web designer (you may have noticed). But I tried to make the interface nicer.

The new interface looks like:

If you want to work on a better design you are welcome. Contact me.

Related articles:

Friday, November 2, 2012

PCSC sample in lua

To continue the list of PC/SC wrapper initiated more than two years ago with "PC/SC sample in different languages" I now present a PC/SC sample in lua.

In a previous blog article "cardpeek: A tool to read the contents of smartcards" I presented an application using the lua language to interact with smart cards.

PC/SC access from lua

Cardpeek is a complete application and not a PC/SC wrapper. The cardpeek author implemented only what was needed for the application instead of a general PC/SC wrapper.

The card functions available from lua are:

connect
disconnect
warm_reset
last_atr
info
send
set_command_interval
make_file_path

One important missing function is an equivalent of SCardListReaders(). The list of available readers and selection of the reader to use is not available from the lua code. The reader selection is done by the cardpeek application using C code directly.

Some work is missing in order to have a complete PC/SC wrapper for lua.

Source code

function hex_tostring(data)
 local r = ""
 local i
 for i=0,#data-1 do
  r = r .. string.char(data[i]) 
 end 
 return r
end

if card.connect() then
 card.tree_startup("ATR")

 -- Select applet
 select = bytes.new(8, "00 A4 04 00 0A A0 00 00 00 62 03 01 0C 06 01")
 sw, resp = card.send(select)
 print(string.format("SW: %X", sw))
 print(resp)

 -- Send command
 command = bytes.new(8, "00 00 00 00")
 sw, resp = card.send(command)
 print(string.format("SW: %X", sw))
 print(hex_tostring(resp))

 card.disconnect()
end

Remarks

The output is sent to the console using the lua print() statement. You could also send the output to cardpeek using log.print() instead.

Output

In the console

SW: 9000

SW: 9000
Hello world!

In cardpeek

Conclusion

I reported some improvements for cardpeek (issues 13, 14, 15 and 16). One month after, the issues are still open and the proposed patches not applied or reviewed. A bad news concerning the state of the cardpeek project :-(.

This pseudo-wrapper is the 12th wrapper for PC/SC. What will be the next language?

Friday, October 26, 2012

cardpeek: A tool to read the contents of smartcards

A few days ago I discovered a nice tool: cardpeek.

Project

The project is hosted at http://code.google.com/p/cardpeek/.
It is Free Software and uses the GNU GPL v3 licence.

From the project web site:

Cardpeek is a Linux/Windows tool to read the contents of ISO7816 smartcards. It features a GTK GUI to represent card data is a tree view, and is extendable with a scripting language (LUA).

The goal of this project is to allow smartcard owners to be better informed about what type of personal information is stored in these devices.

The tool currently reads the contents of :

EMV cards, including NFC ones.

Navigo public transport cards (partially supports MOBIB as well)

The French health card "Vitale 2"

Electronic/Biometric passports in BAC security mode.

It can also read the following cards with limited interpretation of data:

Some Mifare cards (such as the Thalys card);

Moneo, the French electronic purse;

GSM SIM cards.

More info on the Wiki here: http://code.google.com/p/cardpeek/wiki/Main

Installation

It is easy to install under Debian GNU/Linux. You may need to install some dependencies related to the lua language. The program is written in C and lua. The parts sending smart card commands are lua scripts. I do not yet have lua in my list of languages for PC/SC.

You may be unable to run the ./configure script. I already reported this problem. run autoreconf -vis to get correct symlinks.

Examples

EMV

I tried with an EMV card.

The application gives a lot of information. For example you have access to the card transaction records.

In this example I payed 48.11€ on the August 30th of 2012. This transaction was to fil the tank with gasoline but the card do not store information about the merchant.

Navigo Pass

I do not have a Navigo Pass myself so I reused the screen copy from the cardpeek project navigo page.

From the project:

The "calypso" script included in cardpeek can read the content of Navigo cards used in Paris. It provides enhanced "event log" analysis notably with subway/train station names, as illustrated in the screenshot above. It has been successfully tested on Navigo Découverte, Navigo and Navigo Intégrale cards.

SIM

The support is SIM card is indicated as beta but does work quiet well.

For example you can dump the phone book stored in your SIM card.

I guess it is in beta mode because not all the fields are parsed and displayed in a human readable format.

Conclusion

Cardpeek is a very nice tool to explore many common kinds of smart cards. It is tech savvy oriented.

Sunday, October 7, 2012

New version of libccid: 1.4.8

I just released a version 1.4.8 of libccid the free software CCID class smart card reader driver.

1.4.8 - 22 June 2012, Ludovic Rousseau

Add support of
- SCR3310-NTTCom USB (was removed in version 1.4.6)
- Inside Secure VaultIC 420 Smart Object
- Inside Secure VaultIC 440 Smart Object
Wait up to 3 seconds for reader start up
Add support of new PC/SC V2 part 10 properties:
- dwMaxAPDUDataSize
- wIdVendor
- wIdProduct
Use helper functions from libPCSCv2part10 to parse the PC/SC v2 part 10 features

Monday, October 1, 2012

Parsing an ATR: now in color

Since 2010 I provide a way to parse an ATR online using a web page. I also provide a Python script to do the same using a command line tool.

I am not a user interface design expert. But I like to have important elements in color. Syntax colorization is a great invention. So I decided to add color to the ATR parsing results.

Web page

Available at http://smartcard-atr.appspot.com/

Before

Parsing ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1

TS = 0x3B	Direct Convention
T0 = 0xFA	Y(1): b1111, K: 10 (historical bytes)
TA(1) = 0x13	Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
TB(1) = 0x00	VPP is not electrically connected
TC(1) = 0xFF	Extra guard time: 255 (special value)
TD(1) = 0x81	Y(i+1) = b1000, Protocol T=1
----
TD(2) = 0x31	Y(i+1) = b0011, Protocol T=1
----
TA(3) = 0x80	IFSC: 128
TB(3) = 0x45	Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes	00 31 C1 73 C0 01 00 00 90 00
Category indicator byte: 0x00	(compact TLV data object) Tag: 3, Len: 1 (card service data byte) Card service data byte: 193 - Application selection: by full DF name - Application selection: by partial DF name - EF.DIR and EF.ATR access services: by GET RECORD(s) command - Card without MF Tag: 7, Len: 3 (card capabilities) Selection methods: 192 - DF selection by partial DF name - DF selection by full DF name Data coding byte: 1 - Behaviour of write functions: one-time write - Value 'FF' for the first byte of BER-TLV tag fields: valid - Data unit in quartets: 1 Command chaining, length fields and logical channels: 0 - Logical channel number assignment: No logical channel - Maximum number of logical channels: 0 Mandatory status indicator (3 last bytes) LCS (life card cycle): 0 (No information given) SW: 9000 ()
TCK = 0xB1	(correct checksum)

Possibly identified card: OpenPGP

After

Parsing ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1

TS = 0x3B	Direct Convention
T0 = 0xFA	Y(1): b1111, K: 10 (historical bytes)
TA(1) = 0x13	Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
TB(1) = 0x00	VPP is not electrically connected
TC(1) = 0xFF	Extra guard time: 255 (special value)
TD(1) = 0x81	Y(i+1) = b1000, Protocol T=1
----
TD(2) = 0x31	Y(i+1) = b0011, Protocol T=1
----
TA(3) = 0x80	IFSC: 128
TB(3) = 0x45	Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes	00 31 C1 73 C0 01 00 00 90 00
Category indicator byte: 0x00	(compact TLV data object) Tag: 3, Len: 1 (card service data byte) Card service data byte: 193 - Application selection: by full DF name - Application selection: by partial DF name - EF.DIR and EF.ATR access services: by GET RECORD(s) command - Card without MF Tag: 7, Len: 3 (card capabilities) Selection methods: 192 - DF selection by partial DF name - DF selection by full DF name Data coding byte: 1 - Behaviour of write functions: one-time write - Value 'FF' for the first byte of BER-TLV tag fields: valid - Data unit in quartets: 1 Command chaining, length fields and logical channels: 0 - Logical channel number assignment: No logical channel - Maximum number of logical channels: 0 Mandatory status indicator (3 last bytes) LCS (life card cycle): 0 (No information given) SW: 90 00 ()
TCK = 0xB1	correct checksum

Possibly identified card: OpenPGP

Command line

The same software is also available as a command line tool: parseATR.py

Before

ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
TS = 0x3B --> Direct Convention
T0 = 0xFA --> Y(1): b1111, K: 10 (historical bytes)
 TA(1) = 0x13 --> Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
 TB(1) = 0x00 --> VPP is not electrically connected
 TC(1) = 0xFF --> Extra guard time: 255 (special value)
 TD(1) = 0x81 --> Y(i+1) = b1000, Protocol T=1
----
 TD(2) = 0x31 --> Y(i+1) = b0011, Protocol T=1
----
 TA(3) = 0x80 --> IFSC: 128
 TB(3) = 0x45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes --> 00 31 C1 73 C0 01 00 00 90 00
  Category indicator byte: 0x00 -->  (compact TLV data object)
    Tag: 3, Len: 1 (card service data byte)
      Card service data byte: 193
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card without MF
    Tag: 7, Len: 3 (card capabilities)
      Selection methods: 192
        - DF selection by partial DF name
        - DF selection by full DF name
      Data coding byte: 1
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: valid
        - Data unit in quartets: 1
      Command chaining, length fields and logical channels: 0
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 0
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0 (No information given)
      SW: 9000 ()
TCK = 0xB1  --> (correct checksum)
Possibly identified card: OpenPGP

After

ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
TS = 0x3B --> Direct Convention
T0 = 0xFA --> Y(1): b1111, K: 10 (historical bytes)
 TA(1) = 0x13 --> Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
 TB(1) = 0x00 --> VPP is not electrically connected
 TC(1) = 0xFF --> Extra guard time: 255 (special value)
 TD(1) = 0x81 --> Y(i+1) = b1000, Protocol T=1
----
 TD(2) = 0x31 --> Y(i+1) = b0011, Protocol T=1
----
 TA(3) = 0x80 --> IFSC: 128
 TB(3) = 0x45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes --> 00 31 C1 73 C0 01 00 00 90 00
  Category indicator byte: 0x00 -->  (compact TLV data object)
    Tag: 3, Len: 1 (card service data byte)
      Card service data byte: 193
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card without MF
    Tag: 7, Len: 3 (card capabilities)
      Selection methods: 192
        - DF selection by partial DF name
        - DF selection by full DF name
      Data coding byte: 1
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: valid
        - Data unit in quartets: 1
      Command chaining, length fields and logical channels: 0
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 0
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0 (No information given)
      SW: 90 00 ()
TCK = 0xB1  --> correct checksum
Possibly identified card: OpenPGP

Conclusion

I like colorization.

Friday, September 28, 2012

Adobe signature system was compromised

Adobe just published an article "Inappropriate Use of Adobe Code Signing Certificate" describing the inappropriate use of their code signature private key.

Adobe uses a Hardware Security Module (HSM) to store the private key. The signature requests are sent by build servers and signed by the HSM.

Unfortunately one build server has been compromised and malicious software has been signed.

Lessons

Maybe the lesson is that automatic code signing, without human verification, is an error. Of course the human verification shall be smart enough to avoid repetitive and boring tasks.

In general smart card doing cryptographic signature with a legal value (eID or citizen cards) are configured so that the user PIN has to be entered before each signature. And the use of a pinpad reader is a big security improvement. So even if the user computer is compromised the attacker cannot sign many documents without the user noticing something wrong.
But:

only one signed document may be enough for the attacker
noticing something is wrong requests some user intelligence

Conclusion

The best security architects can do is:

provide systems simple to understand
provide some kind of detection of strange events
provide a way to easily revoke a compromised key

Tuesday, September 18, 2012

Tokend installer for Mac OS X Mountain Lion

2 months after the release of Mountain Lion, Apple (Shawn Gedddis) just released a new (beta) tokend package installer for Mountain Lion (10.8).

From http://smartcardservices.macosforge.org/trac/wiki/installers

« This installs the Tokend modules which no longer ship from Apple as part of Mac OS X beginning with OS X Lion (v10.7). Note that this installer will ONLY install onto OS X Mountain Lion v10.8. The Tokend modules installed are: BELPIC, CAC, CACNG, JPKI and PIV.

New to this release:
• JPKI.Tokend - Build 38522 added to the update to support LASCOM in Japan.
• cacloginconfig.plist - Default configuration file as optional install for those using Attribute Matching or PKINIT configurations.
• SystemCACertificates.keychain - Automatically added to the Keychain Search List if not already present. »

Related post "Mac OS X Mountain Lion and smart card status".

Thursday, August 30, 2012

New version of pcsc-lite: 1.8.6

I just released a new version of pcsc-lite 1.8.6.

Changes:
pcsc-lite-1.8.6: Ludovic Rousseau
30 August 2012

Fix a problem when only serial drivers are used (no hotplug/USB driver)
increase log buffer size from 160 to 2048. Some "long" log lines where truncated.
Fix redirection of stdin, stdout and stderr to /dev/null when pcscd is started as a daemon (default)
Some other minor improvements and bug corrections

Tuesday, August 28, 2012

Comments on my blog and bug reports

I sometimes get comments on articles of my blog. I can classify them in 3 different categories:

spam
comments about the article
comments about something else

Spam

Spams are (manually) rejected.
I do not get many spams.

Comments about the article

I like comments about the article. I accept questions about the article or about a specific point. In general I add an answer immediately (if I know the answer).

Comments about something else

Sometimes I have to moderate comments about something not related to the article.
The blogger.com application do not allow me to reject the comment and explain why I rejected the comment to the comment author. So I reject the comment and the comment author has no idea of what happened.

Example

For example I got, for the second time, a comment on the Mac OS X Mountain Lion and smart card status article. The comment is:

" Anyone having issues with reading encrypted messages via a CAC within Mountain Lion and Outlook?

I can sign and encrypt, and people can read them, but I cannot decrypt. It is not the card or reader, it works fine on the PC.

It is very strange because if an encrypted email comes in, I briefly can read it in the window pane, but if I revisit the message or double click to open, I get an error and the message is lost forever. Everything worked fine under Lion, only appeared after ML upgrade. "

This comment is not about the article itself and is not a spam.

Problems with Mountain Lion or any other Apple components shall be reported to Apple using https://bugreport.apple.com/, or maybe the Apple CDSA mailing list in this case.

Since I cannot contact the comment author (Mike) and explain why his comment is misplaced I wrote this blog entry.

Documentation

Just above the comments text array I added a documentation:

Please, do only post comments related to the article above.

For general questions, subscribe to and use the muscle mailing list.

Your comment may be moderated and will not appear until then. No need to repost the same comment.

Maybe the documentation is not visible enough, or not clear enough. Please add your comments :-)

Conclusion

My blog is not a forum.

I do not work at Apple and do not plan to provide Apple support for free.

Thursday, August 9, 2012

libPCSCv2part10

PC/SC v2 part 10 standard "Part 10 IFDs with Secure PIN Entry Capabilities" offers a way to get some information from a smart card driver.

I already blogged about this service in

Using the SCardControl(FEATURE_GET_TLV_PROPERTIES, ...) require some code to parse the result TLV buffer.

Library API

The idea of libPCSCv2part10 is to allow application programmers to use a function as simple as give_me_the_value_of_tag_x().

The library provides two functions:

PCSCv2Part10_find_TLV_property_by_tag_from_buffer() "low" level
PCSCv2Part10_find_TLV_property_by_tag_from_hcard() "high" level

The difference between the two functions is that PCSCv2Part10_find_TLV_property_by_tag_from_hcard() uses a SCARDHANDLE hCard and PCSCv2Part10_find_TLV_property_by_tag_from_buffer() uses a buffer already retrieved using SCardControl(FEATURE_GET_TLV_PROPERTIES, ...)

The API is documented at libPCSCv2part10.

The project is hosted in the contrib/libPCSCv2part10/ directory of the pcsc-lite project.

Sample code

/*
    sample.c: example of use of libPCSCv2part10 helper functions
    Copyright (C) 2012   Ludovic Rousseau

    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    License as published by the Free Software Foundation; either
    version 2.1 of the License, or (at your option) any later version.

    This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    Lesser General Public License for more details.

    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/

/*
 * $Id: sample.c 6416 2012-08-08 09:49:00Z rousseau $
 */

#include <stdio.h>

#ifdef __APPLE__
#include <PCSC/winscard.h>
#include <PCSC/wintypes.h>
#else
#include <winscard.h>
#endif
#include <reader.h>


#include "PCSCv2part10.h"

/* PCSC error */
#define PCSC_ERROR_EXIT(rv) \
if (rv != SCARD_S_SUCCESS) \
{ \
 printf("Failed at line %d with %s (0x%lX)\n", __LINE__, pcsc_stringify_error(rv), rv); \
 goto end; \
}

int main(void)
{
 LONG rv;
 SCARDCONTEXT hContext;
 SCARDHANDLE hCard;
 int value, ret = -1;
 DWORD dwReaders, dwPref;
 char *mszReaders;

 rv = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);
 PCSC_ERROR_EXIT(rv)

 dwReaders = SCARD_AUTOALLOCATE;
 rv = SCardListReaders(hContext, NULL, (LPSTR)&mszReaders, &dwReaders);
 PCSC_ERROR_EXIT(rv)

 /* use first reader */
 printf("Using reaer: %s\n", mszReaders);

 rv = SCardConnect(hContext, mszReaders,
  SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1,
  &hCard, &dwPref);

 /* the interesting part is here */
 ret = PCSCv2Part10_find_TLV_property_by_tag_from_hcard(hCard,
  PCSCv2_PART10_PROPERTY_wIdVendor, &value);
 printf("ret: %d\n", ret);
 printf("value for PCSCv2_PART10_PROPERTY_wIdVendor: 0x%04X\n", value),

 rv = SCardDisconnect(hCard, SCARD_LEAVE_CARD);
 PCSC_ERROR_EXIT(rv)

 rv = SCardFreeMemory(hContext, mszReaders);
 PCSC_ERROR_EXIT(rv)

 rv = SCardReleaseContext(hContext);
 PCSC_ERROR_EXIT(rv)

end:
 return ret;
}

How to use it

The code is very short. I don't think it is a good idea to make a library with just two functions. My idea is that a project FooBar using the function will just integrate the two files (PCSCv2part10.c and PCSCv2part10.h) into the project FooBar.

License

The license is GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

Conclusion

Feel free to use the code, make comments or improvements.

Saturday, August 4, 2012

New version of pcsc-lite: 1.8.5

I just released a new version of pcsc-lite 1.8.5.

Changes:
pcsc-lite-1.8.5: Ludovic Rousseau
4 August 2012

Fix crash when a reader is unplugged while pcscd is in the middle of a PC/SC function
SCardBeginTransaction(): fix a bug introduced in version 1.8.4 related to sharing
Some other minor improvements and bug corrections

Thursday, August 2, 2012

Mac OS X Mountain Lion and smart card status

The new version of Mac OS X 10.8 called Mountain Lion is now available since July 25th 2012.

Mac OS X Mountain Lion

As I did with the previous major version of OS X Lion I will list changes in Mountain Lion regarding the smart card world.

pcsc-lite

Same as in Lion.

CCID driver

Same as in Lion.
CCID driver version 1.3.11.

Source code

The source code is provided by Apple from the web site Mac OS X 10.8 Source. The two components are available in:

The source code is not yet available in the subversion repository of the SmartCard Services project.

Changes

In Lion 10.7 the versions were 55000 for both SmartCardServices and SmartcardCCID.

So in Mountain Lion the CCID driver has not changed.

The SmartCardServices component (mainly pcsc-lite) has marginally changed. The source code is the same and only build files have been updated:

$ diff -ru SmartCardServices-55000 SmartCardServices-55105|diffstat 
 Info-PCSC.plist                             |    2 
 Makefile-exec.installPhase                  |only
 Makefile.installPhase                       |    3 
 SmartCardServices.xcodeproj/project.pbxproj |  939 +++++-----------------------
 config                                      |only
 5 files changed, 194 insertions(+), 750 deletions(-)

Conclusion

Apple has not updated the smart card components in Mountain Lion. No bug or limitation has been fixed. And no new bug have been introduced.

The CCID driver provided (version 1.3.11) has been released on July 2009, 3 years ago. Since this version 97 readers have been added (72% more).

Tuesday, June 26, 2012

New version of pcsc-lite: 1.8.4

I just released a new version of pcsc-lite 1.8.4.

Changes:
pcsc-lite-1.8.4: Ludovic Rousseau
26 June 2012

Add [ and ] in the list of accepted characters for a reader name
truncates the reader name if it is too long instead of rejecting the
reader
The restriction to have to call SCardEstablishContext() in each thread
has been removed. Threads could now share a PC/SC context.
Fix compiler failure for static driver
Update IFDHandler API Doxygen regarding the "libusb-1.0" naming scheme
Some other minor improvements and bug corrections

Friday, June 22, 2012

New version of libccid: 1.4.7

I just released a version 1.4.7 of libccid.

1.4.7 - 22 June 2012, Ludovic Rousseau

Add support of

ACS ACR101 ICC Reader
ACS CryptoMate64
Alcor Micro AU9522
Bit4id CKey4
Bit4id cryptokey
Bit4id iAM
Bit4id miniLector
Bit4id miniLector-s
CCB eSafeLD
Gemalto Ezio Shield Branch
KOBIL Systems IDToken
NXP PR533

KOBIL Systems IDToken special cases:

Give more time (3 seconds instead of 2) to the reader to answer
Hack for the Kobil IDToken and Geman eID card. The German eID card is bogus and need to be powered off before a power on
Add Reader-Info-Commands special APDU/command

Manufacturer command
Product name command
Firmware version command
Driver version command

Use auto suspend for CCID devices only (Closes Alioth bug [#313445] "Do not activate USB suspend for composite devices: keyboard")
Fix some error management in the T=1 TPDU state machine
some minor bugs removed
some minor improvements added

Wednesday, June 20, 2012

More EMV tools

I discovered 2 other tools for interacting with EMV smart cards

javaemvreader

It is an application written in Java. The project is hosted at http://code.google.com/p/javaemvreader/ and using the Apache License 2.0 licence.

I have not yet tried to use the software. According to the web site the application is able to perform:

EMV function name	Command
Initialize card	SELECT FILE "1PAY.SYS.DDF01"
	READ RECORD (to read all records in the specified SFI)
Application Selection	SELECT
Initiate Application Processing	GET PROCESSING OPTIONS
Read Application Data	READ RECORD (all records listed in the AFL)
(Read other application data)	GET DATA (ATC, Last online ATC, PIN Try Counter, Log Format)
Dynamic Data Authentication	INTERNAL AUTHENTICATE
Offline verification	VERIFY (only plaintext PIN verification is supported)
Read Transaction Log	GET DATA/READ RECORD
N/A	READ RECORD (brute force all valid SFI values and record numbers)

The application uses the javax.smartcardio API to talk to PC/SC.

emvlab.org

It is not an application but different web services to parse EMV data.

EMV tag search	Look up EMV tags in this handy database. Search by keyword e.g. for all tags that contain the word "currency" or "cryptogram" in the description, or look up a hex tag e.g "9F20".
TLV decoder	Decode EMV TLV (Tag, Length Value) byte strings into their constituent tags and sub-tags. Useful for analysing APDU traces, responses and so on.
CAP calculator	Generate CAP codes using an emulated banking card and CAP calculator, to test against real gadgets or for testing authentication servers.
Cryptogram calculator	Generate and verify EMV ARQC, ARPC and TC cryptograms, calculated using the vital parameters of the card, UDKs, ATC etc.
DES calculator	Encrypt and decrypt hex strings using DES and 3DES, using the basic modes of operation, ECB, CBC.
ASN1 decoder	Decode a binary file into an ASN1 dump using an online interface to Peter Gutmann's dumpasn1 tool
PIN translation tools	Encrypt, decrypt and translate ISO PINblocks between different encryption keys. PINs, PANs, padding... all sorts of fun!
Keyshare generation tools	Automatically generate test keys of various lengths, and split into components. KCVs are automatically provided for each component and the whole key.
Truecolour hex dump tool	This hex dump tool will create a multicoloured, annotated hex dump of the provided file, making it easy to spot strings, markers, and high and low entropy areas of the file. Very useful for when you don't have your favourite hex dump tool to hand.
Character set encoding conversion	Convert strings of text and hex between ASCII, ECBDIC and hex representations. Suprising how often you need one of these!
ePassport MRZ calculator	Generate passport Machine Readable Zones (MRZs) from biographical details including name, date of birth, and passport numbers, expiry dates etc. Randomly created identities can also be used.
Contact us	Let us know what you think of the site, and if you have any problem reports or suggestions.

I have not yet tried this service.

Saturday, June 16, 2012

new version of pcsc-tools: 1.4.20

I just released a (two in fact) new version of pcsc-tools. The major change is the move of the personal litst of ATR used by ATR_analysis from ~ to ~/.cache/.

If you do not know what pcsc-tools is, it contains 4 tools:

pcsc_scan(1) regularly scans every PC/SC reader connected to the host if a card is inserted or removed a "line" is printed.
ATR_analysis(1) is a Perl script used to parse the smart card ATR. This script is called (by default) by pcsc_scan.
scriptor(1) is a Perl script to send commands to a smart card using a batch file or stdin.
gscriptor(1) the same idea as scriptor.pl(1) but with a Perl-Gtk2 GUI.

An equivalent of ATR_analysis is available online http://smartcard-atr.appspot.com/

Changes:
1.4.20 - 16 June 2012, Ludovic ROUSSEAU

Makefile: Add arguments to CFLAGS instead of overwritting them
3 new ATRs

1.4.19 - 13 June 2012, Ludovic ROUSSEAU

ATR_analysis: use XDG_CACHE_HOME env variable
The smartcard_list.txt file is now searched in ~/.cache/ by default
115 new ATRs

Friday, June 15, 2012

Debian multi-arch and pcsc-lite

64-bits Intel and AMD CPUs are able to run 32 and 64 bits programs at the same time. Different OS uses different strategies to use this feature.

Apple Mac OS X

Mac OS X uses what they call a Universal Binary. This format has been designed during the transition from 680x0 to PowerPC two decades ago. The idea is to have the code for both 680x0 and PowerPC in the same executable file. So a user do not have to select any thing. The system will use the correct version transparently.

This Universal Binary concept has also been used for the PowerPC to Intel migration and now for the support of 32 and 64 bits Intel CPU.

The idea is very nice and easy to use. It works for both libraries and binaries. You can use the file command line tool to check what is inside a binary.

$ file /bin/ls
/bin/ls: Mach-O universal binary with 2 architectures
/bin/ls (for architecture x86_64): Mach-O 64-bit executable x86_64
/bin/ls (for architecture i386): Mach-O executable i386

The ls command is available in both 32 and 64-bits.

$ cd /System/Library/Frameworks/PCSC.framework
$ file PCSC 
PCSC: Mach-O universal binary with 2 architectures
PCSC (for architecture x86_64): Mach-O 64-bit dynamically linked shared library x86_64
PCSC (for architecture i386): Mach-O dynamically linked shared library i386

The PCSC framework is available for both 32-bits applications (i386) and 64-bits applications (x86_64).

Microsoft Windows

Microsoft has a System32 directory to store system files. The surprise is that on a 64-bits machine the System32 is used to store 64-bits system files and the 32-bits system files are stored in a SysWow64 directory. I am not a Windows expert (or even user). I got the information from friends and it is confirmed here.

It was too simple for Microsoft to use System32 for 32-bits files and System64 for 64-bits files. Never underestimate Microsoft on its ability to find a complex solution to a given problem.

Another example of Microsoft complexity is the use of UTF-16 instead of UTF-8 for Unicode strings and then the duplication every API with A and W variants like SCardListReadersA() and SCardListReadersW().

RedHat

RedHat, and other GNU/Linux distributions, use /usr/lib32/ to store 32-bits libraries and /usr/lib64/ to store 64-bits libraries. This scheme is know as multi lib or biarch.

This scheme is simple (more logical than the one from Microsoft :-) but it is also limited. For example it is limited to one specific architecture: Intel/AMD.

Debian

Debian is working on the problem since 2004 (see History in Debian multi arch support). The solution is to avoid a limitation to only 2 architectures and generalize the solution to any CPU architecture.

The libraries are then stored in /usr/lib/<triplet>/. The <triplet> being something like i386-linux-gnu or x86_64-linux-gnu or mipsel-linux-gnu.

pcsc-lite

Since version 1.8.3-1 of the Debian pcsc-lite package the multiarch system is supported.

The package libpcsclite1_1.8.3-3_i386.deb provides the files:

/usr/lib/i386-linux-gnu/libpcsclite.so.1

/usr/lib/i386-linux-gnu/libpcsclite.so.1.0.0

/usr/share/doc/libpcsclite1/changelog.Debian.gz

/usr/share/doc/libpcsclite1/changelog.gz

/usr/share/doc/libpcsclite1/copyright

The package libpcsclite1_1.8.3-3_amd64.deb provides the files:

/usr/lib/x86_64-linux-gnu/libpcsclite.so.1

/usr/lib/x86_64-linux-gnu/libpcsclite.so.1.0.0

/usr/share/doc/libpcsclite1/changelog.Debian.gz

/usr/share/doc/libpcsclite1/changelog.gz

/usr/share/doc/libpcsclite1/copyright

And it is possible to install the two packages at the same time (after configuring the system for multiarch).

pcscd

One complexity is that pcsc-lite has a client/server architecture. The client is libpcsclite.so.1 and the server is pcscd.

Since at least four years we have:

pcsc-lite-1.4.99: Ludovic Rousseau
9 January 2008
- add support of mix 32/64 bits platforms.  Thanks to Jacob Berkman for
  the big patch

So a 32-bit library can talk to a 64-bit pcscd. That is nice since, even with multi-arch, it is not possible to install two pcscd (for i386 and x86_64) at the same time. You only need to install one pcscd and one (or more) libpcsclite.so.1.

Example

I have a amd64 Debian system.

I have installed the Debian package pcsc-tools to have the pcsc_scan command.

$ file /usr/bin/pcsc_scan
/usr/bin/pcsc_scan: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0x50bda59b9b9a86b312e59fd3022cd4da87b87265, stripped

The file is a 64-bits binary.

$ ldd /usr/bin/pcsc_scan 
 linux-vdso.so.1 =>  (0x00007fff7c75f000)
 libpcsclite.so.1 => /usr/lib/x86_64-linux-gnu/libpcsclite.so.1 (0x00007f022ca9d000)
 libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f022c716000)
 librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f022c50d000)
 libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f022c2f1000)
 /lib64/ld-linux-x86-64.so.2 (0x00007f022ccb1000)

And it is linked with the 64-bits library at /usr/lib/x86_64-linux-gnu/libpcsclite.so.1.

And the execution works:

$ pcsc_scan 
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau 
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...^C

I also fetched the i386 version of the pcsc-tools package. I can not install it since it will conflict with the amd64 version of the package (same filename /usr/bin/pcsc_scan but different content). So I unpack the Debian package in a temporary directory.

$ mkdir foobar
$ cd foobar
$ dpkg -x ../pcsc-tools_1.4.18-1_i386.deb .
$ file usr/bin/pcsc_scan 
usr/bin/pcsc_scan: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0xcbf386965c3541f0557c913c5aead05512d4b75c, stripped

The binary is a 32-bit executable.

$ usr/bin/pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau 
Compiled with PC/SC lite version: 1.8.1
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...^C

And the execution also works. The 32-bit binary is talking to the 64-bit pcscd server.

Conclusion

With multiarch it will/should be easy to install and execute on the same system programs for different architectures.

Maybe the new Linux x86 architecture (taking best parts from the i386 and x86_64 worlds) will also be available as a new in architecture in the multiarch word.

Thursday, June 14, 2012

libusb-1.0.9 released and libusbx

libusb

libusb-1.0.9 has now been released on 2012-04-20, 2 years after version 1.0.8.

This can now end my blog serie about libusb:

"new" version of libusb, March 30, 2011
"new" version of libusb, part 2, May 5, 2011
libusb 1.0.9-rc1, September 18, 2011
libusb-1.0.9-rc3, December 3, 2011

libusbx

The other good news is that this libusb-1.0.9 release is linked to the released of a fork of libusb called libusbx.

libusbx is the source code of libusb but with active maintainers. libusbx has already made 4 releases in 3 months (1.0.9, 1.0.10, 1.0.11 and 1.0.12).

Many Linux distributions have already switched to libusbx or are planning to do so.

Future

The way to go is to use libusbx.

Friday, April 6, 2012

New version of libccid: 1.4.6

I just released a new version of libccid.

1.4.6 - 6 April 2012, Ludovic Rousseau

Add support of
- Avtor SC Reader 371
- Avtor SecureToken
- DIGIPASS KEY 202
- Fujitsu SmartCase KB SCR eSIG
- Giesecke & Devrient StarSign CUT
- Inside Secure VaultIC 460 Smart Object
- Macally NFC CCID eNetPad reader
- OmniKey 6321 USB
- SCM SDI 011
- Teridian TSC12xxF
- Vasco DIGIPASS KEY 101
Remove support of readers without a USB CCID descriptor file
- 0x08E6:0x34C1:Gemalto Ezio Shield Secure Channel
- 0x08E6:0x34C4:Gemalto Ezio Generic
- 0x04E6:0x511A:SCM SCR 3310 NTTCom
- 0x0783:0x0008:C3PO LTC32 USBv2 with keyboard support
- 0x0783:0x9002:C3PO TLTC2USB
- 0x047B:0x020B:Silitek SK-3105
Disable SPE for HP USB CCID Smartcard Keyboard. The reader is bogus and unsafe.
Convert "&" in a reader name into "&" to fix a problem on Mac OS X
Fix a problem with ICCD type A devices. We now wait for device ready
Secure PIN Verify and PIN Modify: set the minimum timeout to 90 seconds
Add support of wIdVendor and wIdProduct properties
Add support of dwMaxAPDUDataSize
Add support of Gemalto firmware features
some minor bugs removed

You can download it here.

Thursday, April 5, 2012

Extended APDU support reported by PC/SC (part 2)

In a previous article "Extended APDU support reported by PC/SC" I described a proposal for the PC/SC workgroup to report to the application if a couple reader/driver do support extended APDU or not.

History

The proposal was accepted at the November 2011 meeting.

This feature is implemented in the CCID reader revision 6258 and will be available in the next CCID driver release.

Usage

One of the planed user of this feature is OpenSC. I, sometimes, get bug reports because the OpenSC card driver is sending an extended APDU to a reader that do not support it.

The idea is to use PCSCv2_PART10_PROPERTY_dwMaxAPDUDataSize in OpenSC and display a clear message to the user.

Conclusion

PCSCv2_PART10_PROPERTY_dwMaxAPDUDataSize is now available for you. Use it if/when you need this feature.

Monday, April 2, 2012

Identifying a reader model (part 2)

In a previous article "Identifying a reader model" I described a proposal for the PC/SC workgroup to uniquely identify a (USB) reader.

History

The proposal was accepted at the November 2011 meeting.

I added the needed #define in pcsc-lite version 1.8.3 I just released 2 days ago. The support is also added in my CCID driver and a release is expected soon.

You can find sample code using the new feature in PCSC/UnitaryTests/ directory with FEATURE_CCID_ESC_COMMAND_Xiring.py.

Source code

The code is:

#! /usr/bin/env python

"""
#   FEATURE_CCID_ESC_COMMAND_Xiring.py: Unitary test for
#   FEATURE_CCID_ESC_COMMAND
#   Copyright (C) 2012  Ludovic Rousseau

"""

#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License along
#   with this program; if not, see <http://www.gnu.org/licenses/>.

# You have to enable the use of Escape commands with the
# DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED bit in the ifdDriverOptions
# option of the CCID driver Info.plist file

from smartcard.System import readers
from smartcard.pcsc.PCSCPart10 import (getFeatureRequest, hasFeature,
    getTlvProperties, FEATURE_CCID_ESC_COMMAND, SCARD_SHARE_DIRECT)

# use the first reader
card_connection = readers()[0].createConnection()
card_connection.connect(mode=SCARD_SHARE_DIRECT)

# get CCID Escape control code
feature_list = getFeatureRequest(card_connection)

ccid_esc_command = hasFeature(feature_list, FEATURE_CCID_ESC_COMMAND)
if ccid_esc_command is None:
    raise Exception("The reader does not support FEATURE_CCID_ESC_COMMAND")

# get the TLV PROPERTIES
tlv = getTlvProperties(card_connection)

# check we are using a Xiring Leo v1 or v2 reader
if tlv['PCSCv2_PART10_PROPERTY_wIdVendor'] == 0x0F14 \
    and (tlv['PCSCv2_PART10_PROPERTY_wIdProduct'] in [0x0037, 0x0038]):

    # proprietary escape command for Xiring Leo readers
    version = [ord(c) for c in "VERSION"]
    res = card_connection.control(ccid_esc_command, version)
    print res
    print "VERSION:", ''.join([chr(x) for x in res])

    serial = [ord(c) for c in "GET_SN"]
    res = card_connection.control(ccid_esc_command, serial)
    print res
    print "GET_SN:", ''.join([chr(x) for x in res])
else:
    print "Xiring Leo reader not found"

Comments

Compared to the example in example in "Identifying a reader model" the name are PCSCv2_PART10_PROPERTY_wIdVendor and PCSCv2_PART10_PROPERTY_wIdProduct instead of PCSCv2_PART10_PROPERTY_idVendor and PCSCv2_PART10_PROPERTY_idProduct. A "w" has been added to suggest a (windows) word type (16 bits).

The names have also been added in pyscard (the PC/SC Python wrapper) in revision 590. But I have no idea of when a new stable version of pyscard will be released.

Conclusion

It is now/soon possible to identify a reader model before sending a, possibly, dangerous command if sent to another reader.

Since the Escape commands are dangerous by default, they are disabled in the CCID driver. You will need to edit the Info.plist file and change the value of ifdDriverOptions to add the DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED bit.

Friday, March 30, 2012

New version of pcsc-lite: 1.8.3

I just released a new version of pcsc-lite 1.8.3. No big changes.

pcsc-lite-1.8.3: Ludovic Rousseau
30 March 2012

ignore directories and hidden (.*) files when parsing a configuration directory (like /etc/reader.conf.d/)
add Mac OS X for PC/SC spy tool
fix a bug in PC/SC spy tool when loading of the real library fails
add PCSCv2_PART10_PROPERTY_dwMaxAPDUDataSize, PCSCv2_PART10_PROPERTY_wIdVendor and PCSCv2_PART10_PROPERTY_wIdProduct from PC/SC v2 part 10 release 2.02.09 (not yet published)
Some other minor improvements and bug corrections

Monday, January 30, 2012

10 years as a Debian Developer

In September 2001 I became a Debian Developer. I do not remember the exact date.

October 2001

Of course my first Debian package upload was related to smart card. It is the first upload of the ifd-gempc package:

ifd-gempc (0.5.4-1) unstable; urgency=low

   * Initial Release.
   * close ITP (Closes: #117441)
   * add debconf scripts for gempc410

-- Ludovic Rousseau <rousseau@debian.org> Tue, 30 Oct 2001 00:16:54 +0100

June 2002

Not too much later (June 2002) I became the Debian maintainer for pcsc-lite:

pcsc-lite (1.1.1-1) unstable; urgency=low

   * New upstream release (Closes: #150994)
   * New maintainer. Thanks Carlos for your job
   * Use init.d level 50 to start _after_ usbmgr with level 45.
     see the note in /usr/share/doc/pcscd/README.Debian (Closes: #146151)
   * update pcscd(1) manpage

-- Ludovic Rousseau <rousseau@debian.org> Sun, 30 Jun 2002 14:52:27 +0200

Now

Since then I maintain some more smart card related Debian packages, also available in Ubuntu and other Debian derivatives.

I try to maintain a list of smart card related packages inside Debian.

Maybe I will still maintain smart card packages in 10 years :-)

Wednesday, January 18, 2012

New version of pcsc-lite: 1.8.2

I just released a new version of pcsc-lite 1.8.2. No big changes except for pcsc-spy I talked about in a previous article "PCSC API spy, third try".

Changelog:
pcsc-lite-1.8.2: Ludovic Rousseau
18 January 2012

rename pcsc-spy.py to pcsc-spy and install it as a normal binary (in /usr/local/bin by default)
write a pcsc-spy.1 manpage
fix a bug with a multi-slot reader
Info.plist parser: avoid a buffer read overflow in & management
Some Doxygen improvements

Friday, January 6, 2012

OpenSC mailing list statistics for 2011

After the MUSCLE mailing list statistics for 2011 I also did the operation for two OpenSC mailing lists. The opensc-users list has been merged in the opensc-devel mailing list in August 2011. So the statistics presented here represent the sum of both lists.

Comments

Number of messages

This list has 3.2 times more messages than the MUSCLE mailing list. I can propose different explanations for that:

the MUSCLE project is more mature than OpenSC
bugs/issues are reported on the OpenSC mailing list because that is what users use even if the problem is in PCSC or libccid
pcsc-lite and libccid are easy to use. No configuration is needed (no more serial port to select) and the same driver (libccid) now can be used by any modern USB reader (no more a specific driver per reader)
PKCS#11 use is developing because citizen cards are deployed in "many" countries
Problems are more complex to track in OpenSC so more emails are needed to solve them
many other reasons

1 person, 2 emails

Some people (like Viktor Tarasov) use 2 different email on the list. So his rank is not correct. I don't think that is a real problem.

Cross posts

From the top 30 threads, 7 threads are cross posted to the MUSCLE list. From the MUSCLE statistics only 1 of the 30 top threads is a cross post.
I don't know how to interpret this result.

Statistics from 1.1.2011 to 31.12.2011
for OpenSC lists

People who have written most messages:

	Author	Msg	Percent
1	ludovic.rousseau@gmail.com	435	13.53 %
2	martin@martinpaljak.net	431	13.41 %
3	jmpoure@gooze.eu	264	8.21 %
4	deengert@anl.gov	203	6.32 %
5	viktor.tarasov@opentrust.com	150	4.67 %
6	viktor.tarasov@gmail.com	92	2.86 %
7	andre.zepezauer@student.uni-halle.de	82	2.55 %
8	ndk.clanbo@gmail.com	77	2.40 %
9	alon.barlev@gmail.com	73	2.27 %
10	peter@stuge.se	65	2.02 %
11	morgner@informatik.hu-berlin.de	46	1.43 %
12	aj@dungeon.inka.de	45	1.40 %
13	anders.rundgren@telia.com	38	1.18 %
14	jonsito@terra.es	34	1.06 %
15	development@aventra.fi	34	1.06 %
16	stefw@collabora.co.uk	27	0.84 %
17	helpcrypto@gmail.com	26	0.81 %
18	Johannes.Becker@hrz.uni-giessen.de	22	0.68 %
19	mr.dash.four@googlemail.com	21	0.65 %
20	JONSITO@terra.es	21	0.65 %
21	squalyl@gmail.com	20	0.62 %
22	aquamaniac@gmx.de	20	0.62 %
23	B.Thomas@astronautics.com	20	0.62 %
24	kalev@smartlink.ee	19	0.59 %
25	peter@adpm.de	19	0.59 %
26	ruckuus@gmail.com	18	0.56 %
27	wrosenauer@gmail.com	18	0.56 %
28	William.HOURY@atosorigin.com	18	0.56 %
29	kalevlember@gmail.com	17	0.53 %
30	mstjohns@comcast.net	16	0.50 %
	other	843	26.23 %

Best authors, by total size of their messages (w/o quoting):

	Author	KBytes
1	alon.barlev@gmail.com	1538.0
2	jmpoure@gooze.eu	615.8
3	martin@martinpaljak.net	560.2
4	deengert@anl.gov	436.3
5	William.HOURY@atosorigin.com	398.0
6	ludovic.rousseau@gmail.com	338.1
7	viktor.tarasov@opentrust.com	273.2
8	hardik.shah@jetmobile.com	261.2
9	development@aventra.fi	249.7
10	viktor.tarasov@gmail.com	160.2
11	andre.zepezauer@student.uni-halle.de	157.1
12	peter@adpm.de	143.0
13	jonsito@terra.es	136.4
14	lk@tms.pl	129.8
15	ndk.clanbo@gmail.com	115.5
16	morgner@informatik.hu-berlin.de	112.2
17	lyall.pearce@hp.com	109.7
18	business@reebs.org	103.7
19	kgo@grant-olson.net	97.8
20	B.Thomas@astronautics.com	97.0
21	fmb@inf.ufsc.br	96.7
22	kalev@smartlink.ee	85.7
23	marc_m@gmx.at	83.4
24	lyall.pearce@gmail.com	83.1
25	helpcrypto@gmail.com	78.9
26	ruckuus@gmail.com	78.8
27	JONSITO@terra.es	78.2
28	Alexei.Soloview@intech.natm.ru	76.6
29	stefw@collabora.co.uk	71.9
30	mhayk@m2smart.com.br	69.4

Best authors, by average size of their message (w/o quoting):

	Author	bytes
1	mgfranco@gmail.com	33252
2	hardik.shah@jetmobile.com	29719
3	lyall.pearce@hp.com	28091
4	felixcodeboy@gmail.com	26476
5	William.HOURY@atosorigin.com	22642
6	thorsten.engel@matrix-computer.com	21641
7	alon.barlev@gmail.com	21574
8	lyall.pearce@gmail.com	21277
9	wiking@maeth.com	20496
10	lk@tms.pl	18989
11	SERGE.GADIOUX@atosorigin.com	18307
12	Jonatan =?ISO-8859-1?Q?=C5kerlind?=	15755
13	marc_m@gmx.at	14239
14	dom_fischer@web.de	13490
15	joel.hockey@gmail.com	11705
16	mescheryakov@rutoken.ru	11521
17	bendrich@dfn-cert.de	11001
18	kiefer@flexsecure.de	10379
19	rolf.wald@lug-balista.de	10293
20	rrelyea@redhat.com	10203
21	fgoulart@fmagj.com.br	9974
22	gblanc@linagora.com	9662
23	business@reebs.org	9654
24	mariano.benedettini@qmas.com	8632
25	benallemand@gmail.com	8553
26	detlef.graef@yahoo.de	8402
27	mike@sentex.net	8240
28	marte@compunet.it	8219
29	iuridiniz@gmail.com	8151
30	brenojac@gmail.com	7984

Table showing the most successful subjects:

	Subject	Msg	Percent
1	[opensc-devel] sc_ctx_detect_readers patch	49	1.52 %
2	[Muscle] Access to multiple contactless cards using PCSC-Lite	36	1.12 %
3	[opensc-devel] How to make proper use of sc_card_cache	34	1.06 %
4	[opensc-user] Newbie help	31	0.96 %
5	[Muscle] PCSC Daemon cannot access Cyberjack reader	30	0.93 %
6	[Muscle] PC/SC workgroup, November 2011 meeting	30	0.93 %
7	[opensc-devel] Multiple certs on a MyEID card?	30	0.93 %
8	[opensc-devel] First Smartcard logon issue on XP SP3 with	30	0.93 %
9	[opensc-user] /usr/bin/pkcs15-tool -c failed ..	29	0.90 %
10	[opensc-devel] Cardmod: classic form for the container's ID	29	0.90 %
11	[opensc-devel] Moving master forward	28	0.87 %
12	[opensc-devel] Problem with CardMan4040 and OpenSC	27	0.84 %
13	[Muscle] GlobalPlatform Library & GPShell documentation now online	26	0.81 %
14	[Muscle] PCSCD got segmentation fault on ARM v5 with uClibc	26	0.81 %
15	[opensc-devel] Consistence between the OpenSC and proprietary	25	0.78 %
16	[opensc-devel] Feitian PKI speed	24	0.75 %
17	[opensc-devel] Status of PINPAD support in OpenSC / libccid	24	0.75 %
18	[opensc-devel] Proposed cardmod patch	23	0.72 %
19	[opensc-devel] OpenSC shared mode	23	0.72 %
20	[opensc-devel] usb p11 token	22	0.68 %
21	[opensc-devel] --insecure ?	21	0.65 %
22	[opensc-devel] Status installing and using opensc + minidriver	21	0.65 %
23	[opensc-devel] Java and pkcs11	21	0.65 %
24	[Muscle] Woxter SmartCard reader	20	0.62 %
25	[opensc-user] Is ePass2000-FT12 supported?	20	0.62 %
26	[opensc-devel] Gnome smartcard manager	20	0.62 %
27	[opensc-devel] pkcs15-tool --list-public-keys	20	0.62 %
28	[opensc-devel] Static link for opensc-pkcs11.dll	19	0.59 %
29	[opensc-devel] Problems with opensc+openvpn builds from Alon	19	0.59 %
30	[Muscle] Speed detection patch when reader has no baud rates	18	0.56 %
	other	2439	75.89 %

Most used email clients:

	Mailer	Msg	Percent
1	(unknown)	1240	38.58 %
2	Mozilla/5.x	890	27.69 %
3	KMail	152	4.73 %
4	Apple Mail (2.1082)	139	4.32 %
5	Apple Mail (2.1084)	126	3.92 %
6	Evolution 2.32.3	88	2.74 %
7	Evolution 2.30.3	81	2.52 %
8	Evolution 2.22.3.1	80	2.49 %
9	Evolution 2.32.2	74	2.30 %
10	Microsoft Office Outlook 12.0	52	1.62 %
11	Evolution 2.32.2 (2.32.2-1.fc14)	24	0.75 %
12	Apple Mail (2.1244.3)	20	0.62 %
13	QUALCOMM Windows Eudora	16	0.50 %
14	Lotus Notes Release 8.0	15	0.47 %
15	Evolution 3.0.2-	14	0.44 %
16	Evolution 3.0.3-2	13	0.40 %
17	RoundCube Webmail/0.4	11	0.34 %
18	Apple Mail (2.936)	10	0.31 %
19	Evolution 2.30.3 (2.30.3-1.fc13)	10	0.31 %
20	Mutt	10	0.31 %
21	Apple Mail (2.1078)	9	0.28 %
22	git-send-email 1.7.5.4	8	0.25 %
23	Lotus Notes Release 8.5	7	0.22 %
24	Mew version 6.3.50 on Emacs 23.3 / Mule 6.0 (HANACHIRUSATO)	6	0.19 %
25	Zarafa 6.40.5-24860	6	0.19 %
26	Alpine 2.00 (DEB 1167 2008-08-23)	5	0.16 %
27	git-send-email 1.7.3.4	5	0.16 %
28	Evolution 3.0.3-3	5	0.16 %
29	YahooMailWebService/0.8.113.313619	4	0.12 %
30	Thunderbird 2.0.0.24 (Windows/20100228)	4	0.12 %
	other	90	2.80 %

Table of maximal quoting:

	Author	Percent
1	karlssoj@arcada.fi	98.17 %
2	menezes.gabryella@gmail.com	90.35 %
3	jesus.guerrero.botella@gmail.com	81.57 %
4	janjust@nikhef.nl	79.62 %
5	extramrdo@gmail.com	75.88 %
6	fabeisageek@googlemail.com	73.39 %
7	david.mattes@boeing.com	73.17 %
8	s.ferey@wanadoo.fr	72.48 %
9	andreas.schwier.ml@cardcontact.de	72.35 %
10	sebastien@lorquet.fr	71.47 %
11	lionel@mamane.lu	68.69 %
12	michaelbender@me.com	64.76 %
13	fundu_1999@yahoo.com	63.71 %
14	richter@ecos.de	62.73 %
15	etthom0@gmail.com	62.19 %
16	edward.middleton@vortorus.net	59.70 %
17	andreas.schwier@cardcontact.de	58.79 %
18	resoli@libero.it	55.63 %
19	peter.ordonez@gmail.com	55.37 %
20	widerstand@t-online.de	54.61 %
21	francois.leblanc@cev-sa.com	54.28 %
22	bjoernk2@googlemail.com	53.67 %
23	nmav@gnutls.org	52.51 %
24	opensc@secure-edge.com	50.88 %
25	weitao@ftsafe.com	50.48 %
26	tomasg@primekey.se	50.10 %
27	ffred69@gmail.com	50.08 %
28	vladimir.davydov@promwad.com	49.51 %
29	weizhongqiang@gmail.com	49.37 %
30	Jean-Pierre.Szikora@uclouvain.be	48.86 %
	average	21.77 %

Graph showing number of messages written during hours of day:

msgs	64	24	18	15	10	7	12	39	110	241	275	258	186	249	233	258	236	173	171	141	118	118	148	110
hour	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23

Graph showing number of messages written during days of month:

msgs	72	50	112	126	114	101	108	177	122	120	108	115	122	127	74	98	74	98	94	102	107	106	74	72	165	147	89	110	92	72	66
day	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31

Graph showing number of messages written during days of week:

msgs	431	568	521	572	626	260	236
	Mon	Tue	Wed	Thu	Fri	Sat	Sun

Maximal quoting:

Author :	alon.barlev@gmail.com
Subject :	[opensc-devel] Problems with opensc+openvpn builds from Alon
Date :	Wed, 28 Sep 2011 15:40:00 +0300
Quote ratio:	98.91% / 22784 bytes

Longest message:

Author :	alon.barlev@gmail.com
Subject :	[opensc-devel] Problems with opensc+openvpn builds from Alon
Date :	Fri, 30 Sep 2011 18:45:31 +0300
Size :	1402547 bytes

Most successful subject:

Subject :	[opensc-devel] sc_ctx_detect_readers patch
No. of msgs:	49
Total size :	191734 bytes

Final summary:

Total number of messages:	3214
Total number of different authors:	241
Total number of different subjects:	687
Total size of messages (w/o headers):	12199358 bytes
Average size of a message:	3795 bytes

Input file last updated: Fri Jan 6 14:45:58 2012

Generated by MailListStat v1.3

Important!

Wednesday, November 28, 2012

Friday, November 23, 2012

Friday, November 2, 2012

PC/SC access from lua

Source code

Remarks

Output

In the console

In cardpeek

Conclusion

Friday, October 26, 2012

Project

Installation

Examples

EMV

Navigo Pass

SIM

Conclusion

Sunday, October 7, 2012

Monday, October 1, 2012

Web page

Before

After

Command line

Before

After

Conclusion

Friday, September 28, 2012

Lessons

Conclusion

Tuesday, September 18, 2012

Thursday, August 30, 2012

Tuesday, August 28, 2012

Spam

Comments about the article

Comments about something else

Example

Documentation

Conclusion

Thursday, August 9, 2012

Library API

Sample code

How to use it

License

Conclusion

Saturday, August 4, 2012

Thursday, August 2, 2012

pcsc-lite

CCID driver

Source code

Changes

Conclusion

Tuesday, June 26, 2012

Friday, June 22, 2012

Wednesday, June 20, 2012

javaemvreader

emvlab.org

Saturday, June 16, 2012

Friday, June 15, 2012

Apple Mac OS X

Microsoft Windows

RedHat

Debian

pcsc-lite

pcscd

Example

Conclusion

Thursday, June 14, 2012

libusb

libusbx

Future

Friday, April 6, 2012

Thursday, April 5, 2012

History

Usage

Conclusion

Monday, April 2, 2012

History

Source code

Statistics from 1.1.2011 to 31.12.2011
for OpenSC lists