October 2021 – SpringCard TechZone

Applications & Software tools, PC/SC couplers, Windows

SCardSniffer2 spies the exchanges between a PC/SC application and a smart card

by johann.d 22/10/2021

5 years ago, SpringCard introduced SCardSniffer, a tool that spies the exchanges between Windows applications and the PC/SC subsystem. SCardSniffer works by introducing a hook over winscard.dll.

Although this method is still perfectly working in most cases, it comes with some technical complexity (1. the sniffer and the sniffed application must both run on the same subsystem, either Win32 or Win64, hence 2 versions of the sniffer and 2. the injection of the hook is likely to be disabled on security-enforced computers and 3. it may also triggers some antivirus/malware detection tools, which leads to an unnecessary stress).

SCardSniffer2 is a new tool that offers basically the same function, but with a much simpler architecture.

SCardSniffer2 installs a new virtual smart card reader and acts as a relay between this virtual reader and the real reader, where the real card is.

The application to be spied must be reconfigured to connect to the virtual reader (instead of the real reader); SCardSniffer2 is then able to record all the APDUs exhanged between the application and the card.

External resources, Technical articles

Using NXP RFIDDiscover with SpringCard PC/SC Couplers

by johann.d 01/10/2021

RFIDDiscover (formerly MifareDiscover) is a GUI software provided by NXP to help the developers explore the features of their contactless cards (Mifare, Desfire, NTAG and ICode) and learn how-to use them from a real application.

This software is available to customers under NDA with NXP, through the DocStore document delivery platform (ref. SW1866).

This article shows how-to get started with this RFIDDiscover, in the aim of using it together with SpringCard devices. This is the preferred method to learn how those cards work, before starting the development of any software that would use them for data storage and/or secure transactions.

Definitioner

DESFire

The MIFARE DESFire is a special release of Philips SmartMX platform. It is sold already programmed with a general purpose software (the DESFire operating system).

Mifare

This trademark of NXP (formerly Philips Semiconductors) is the generic brand name of their PICC products. Billions of Mifare Classic cards have been deployed since the 90's. This is a family of wired-logic PICCs were data storage is divided into sectors and protected by a proprietary1 stream cipher called CRYPTO1. Every sector is protected by 2 access keys called 'key A' and 'key B'. NXP also offers another family of wired-logic PICCs called Mifare UltraLight (adopted by NFC Forum as Type 2 NFC Tags). Mifare SmartMX (and former Pro/ProX) is a family of microprocessor-based PICCs that may run virtually any smartcard application, typically on top a JavaCard operating system. Mifare Desfire is a particular microprocessor-based PICC that runs a single general-purpose application.

Archives October 2021