SCardSniffer2 spies the exchanges between a PC/SC application and a smart card

5 years ago, SpringCard introduced SCardSniffer, a tool that spies the exchanges between Windows applications and the PC/SC subsystem. SCardSniffer works by introducing a hook over winscard.dll.

Although this method is still perfectly working in most cases, it comes with some technical complexity (1. the sniffer and the sniffed application must both run on the same subsystem, either Win32 or Win64, hence 2 versions of the sniffer and 2. the injection of the hook is likely to be disabled on security-enforced computers and 3. it may also triggers some antivirus/malware detection tools, which leads to an unnecessary stress).

SCardSniffer2 is a new tool that offers basically the same function, but with a much simpler architecture.

SCardSniffer2 installs a new virtual smart card reader and acts as a relay between this virtual reader and the real reader, where the real card is.

The application to be spied must be reconfigured to connect to the virtual reader (instead of the real reader); SCardSniffer2 is then able to record all the APDUs exhanged between the application and the card.

Read More

Using NXP RFIDDiscover with SpringCard PC/SC Couplers

RFIDDiscover (formerly MifareDiscover) is a GUI software provided by NXP to help the developers explore the features of their contactless cards (Mifare, Desfire, NTAG and ICode) and learn how-to use them from a real application.

This software is available to customers under NDA with NXP, through the DocStore document delivery platform (ref. SW1866).

This article shows how-to get started with this RFIDDiscover, in the aim of using it together with SpringCard devices. This is the preferred method to learn how those cards work, before starting the development of any software that would use them for data storage and/or secure transactions.

Read More

Using NXP Card Test Framework with SpringCard PC/SC Couplers

Card Test Framework is a GUI software provided by NXP to help the developers explore the features of their contactless cards (Mifare, Desfire, NTAG and ICode) and learn how-to use them from a real application.

This software is available to customers under NDA (non-disclosure agreement) with NXP, through the DocStore document delivery platform (ref. SW5434).

This article shows how-to get started with this Card Test Framework, in the aim of using it together with SpringCard devices.

Read More

Using NXP TapLinx SDK with SpringCard PC/SC couplers

NXP TapLinx SDK (formerly Mifare SDK) is an high-level sofware library provided by NXP to work with their Mifare, Desfire, NTAG and ICode products.

Written in Java, the TapLinx library has been initially developed for Android, running over Android's NfcAdapter object to communicate with the contactless cards or NFC tags through the tablet's or smartphone's integrated NFC interface.

Recently, the library has been ported to the standard JDK, making it usable in any Java desktop applications thanks to the JRE available on Windows, macOs, Linux, and more. In desktop applications, the TapLinx library relies on the system's PC/SC stack (javax.smartcardio API in Java) to access the contactless cards or NFC tags through a standard-compliant PC/SC coupler.

This makes TapLinx an interesting solution for developers of desktop applications that have to process NXP cards or tags. This article shows how-to get started with this SDK, in the aim of using it together with SpringCard devices.

Read More

Storing ECC private keys in the SpringCore's Secure Element

Devices in the SpringCore family feature on or more Secure Elements (SE) to store the security keys that are involved in your system. This covers both the keys used by the Smart Reader template engine or a PC/SC application for authenticating and validating the user credentials (contactless card or NFC pass) and the keys used for securing the communication between the device and the back-end system (MQTT over TLS to interact with a cloud system, secure BLE, secure UDP or TCP protocols, etc.).

Both Puck and SpringPark feature a Microchip ATECC chip (formerly an Atmel reference) to store ECC private keys (NIST P-256 curve a.k.a. secp256r1 and prime256v1). Such private keys are typically involved in three use cases:

  • To authenticate and decipher (decrypt) an Apple VAS NFC pass (Passkit),
  • To activate, authenticate and decipher (decrypt) a Google VAS NFC pass (Smart Tap),
  • To open a SSL/TLS secure communication channel with a server over a TCP/IP network, providing client-side authentication of the device.

This article shows how-to insert existing ECC private keys into the SpringCore's ATECC.

Read More

Using master cards to configure the SpringCore devices

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. All the devices in this family could be configured easily and securely thanks to SpringCard 2nd generation of master cards.

A master card v2 is a Desfire EV1 (or later) contactless card, that contains the configuration parameters you want to apply to many devices. The data are protected by AES128 for authentication and secure communication, and their authenticity is validated by an ECC256 digital signature.

Thanks to this robust security scheme, only your devices can read and accept your master cards, while refusing (and being actually unable to read) master cards created by 3rd parties. Symmetrically, only the devices that you have commissioned with your own key-set are able to read your master cards, thus protecting your assets (secret keys and specific configuration parameters) against any unwanted disclosure, even if the master card is lost or stolen.

This article shows how-to create master cards v2 using springcoremastercard.exe tool and/or SpringCard Companion, and what are the best practices to use them efficiently and securely.

Read More

Writing a configuration with springcoreconfig.exe

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. springcoreconfig.exe, a software from the SpringCore Tools suite, is the command-line utility to manipulate device configurations. It is typically intended to upload a complete configuration at once, but is also able to edit registers one by one.

This article shows how springcoreconfig.exe works.

Read More

Flashing a new firmware with springcoreflash.exe

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. springcoreflash.exe, a software from the SpringCore Tools suite, is the command-line utility to change a device's firmware (i.e. to "flash" a firmware).

This article shows how springcoreflash.exe works.

Read More

Retrieving device's data with springcoretool.exe

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. springcoretool.exe, a software from the SpringCore Tools suite, is the command-line utility to retrieve and display all device's technical data.

This article shows how springcoretool.exe works.

Read More

Installing the SpringCore Tools on Windows, macOS and Linux

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture.

To manage, configure and update these devices, SpringCard has developed SpringCard Companion, a complete and versatile hybrid solution that combines the ergonomics of a modern web application with the power of a gateway service running on Windows 10 (or later).

Read More