Calypso Cards embrace PKI: a practical demo with SpringCard couplers and Python

Public transport cards are going PKI In a previous article, we introduced the MIFARE DESFire DuoX in its VDE EV configuration for secure e-mobility services. That demo illustrated a broader trend: asymmetric cryptography schemes are gaining ground over symmetric schemes. With ECC now fully mature, and silicon costs low enough to run ECDSA and/or ECDH … Read more

Secure EV-Charging Cards: a practical demo with SpringCard couplers and MIFARE DuoX

Why EV charging security matters The electric vehicle (EV) revolution is underway — and in Europe, it’s accelerating fast. With ambitious targets for phasing out internal combustion engines, EV charging infrastructure is booming. But more charging stations means more opportunities for frauds and cyberattacks. For too long, many EV-charging systems have relied on nothing more … Read more

How to read RFID/NFC passes with SpringCard PC/SC couplers

SpringCard contactless PC/SC couplers (NFC/RFID HF) can be used to read contactless passes carried by NFC smartphones.

In particular, the Prox’N’Roll HSP PC/SC and the PUCK configured as PC/SC have been certified :

  • by Apple for reading NFC passes stored in the Apple Wallet application (“Apple VAS” protocol, formerly branded as “PassKit”),
  • by Google for reading NFC passes stored in the Google Pay application (“Google VAS” protocol, still branded as “Smart Tap” or now “Google Wallet”).

Read more

SCardSniffer2 spies the exchanges between a PC/SC application and a smart card

5 years ago, SpringCard introduced SCardSniffer, a tool that spies the exchanges between Windows applications and the PC/SC subsystem. SCardSniffer works by introducing a hook over winscard.dll.

Although this method is still perfectly working in most cases, it comes with some technical complexity (1. the sniffer and the sniffed application must both run on the same subsystem, either Win32 or Win64, hence 2 versions of the sniffer and 2. the injection of the hook is likely to be disabled on security-enforced computers and 3. it may also triggers some antivirus/malware detection tools, which leads to an unnecessary stress).

SCardSniffer2 is a new tool that offers basically the same function, but with a much simpler architecture.

SCardSniffer2 installs a new virtual smart card reader and acts as a relay between this virtual reader and the real reader, where the real card is.

The application to be spied must be reconfigured to connect to the virtual reader (instead of the real reader); SCardSniffer2 is then able to record all the APDUs exhanged between the application and the card.

Read more

Using NXP RFIDDiscover with SpringCard PC/SC Couplers

RFIDDiscover (formerly MifareDiscover) is a GUI software provided by NXP to help the developers explore the features of their contactless cards (Mifare, Desfire, NTAG and ICode) and learn how-to use them from a real application.

This software is available to customers under NDA with NXP, through the DocStore document delivery platform (ref. SW1866).

This article shows how-to get started with this RFIDDiscover, in the aim of using it together with SpringCard devices. This is the preferred method to learn how those cards work, before starting the development of any software that would use them for data storage and/or secure transactions.

Read more

Using NXP Card Test Framework with SpringCard PC/SC Couplers

Card Test Framework is a GUI software provided by NXP to help the developers explore the features of their contactless cards (Mifare, Desfire, NTAG and ICode) and learn how-to use them from a real application.

This software is available to customers under NDA (non-disclosure agreement) with NXP, through the DocStore document delivery platform (ref. SW5434).

This article shows how-to get started with this Card Test Framework, in the aim of using it together with SpringCard devices.

Read more