PC/SC on Linux and Mac OS X with Mono

Introduction

One the goals of the Mono project is to make Microsoft .NET applications runnable on Unix systems. Using Mono, it is therefore now possible to maintain a single C#/.NET code base, that runs on Linux, Mac OS X and Windows.

In this context, SpringCard’s PC/SC SDK (https://www.springcard.com/en/download/find/file/pcsc-sdk) has been updated, so that it now enables developers to write PC/SC applications in C#/.NET, that can execute on Windows, as well as on Linux and Mac OS X platforms.

Read More

SCardSniffer spies the exchanges between a PC/SC application and the card readers

SCardSniffer is a new tool used to spy the exchanges between Windows applications and the smart cards or NFC tags that are accessed through a PC/SC reader (or coupler).

SCardSniffer
SCardSniffer main window

On a Windows computer, all card-aware applications communicate with smart cards or NFC tags through the system’s PC/SC library, winscard.dll.

Read More

SpringCard PC/SC solution for Android has been released

SpringCard R&D team is proud to release a simple software solution to add support for SpringCard USB PC/SC Couplers to Android tablets (or smartphone).

nexus9-with-springcard-pcsc-reader

A Nexus 9 Android tablet, with a SpringCard Prox’N’Roll PC/SC reader on the USB port, and a Desfire contactless smartcard

The software is made of two parts:

googleplaystore

The SpringCard USB PC/SC Service’s page on Google Play store

This software suite is compliant with all SpringCard USB PC/SC Couplers, for instance SpringCard Prox’N’Roll PC/SC, Prox’N’Roll HSP PC/SC, TwistyWriter HSP, CrazyWriter HSP, CSB HSP… Note that the current version of the Service and Library allows to work only with the Coupler’s contactless slot. Don’t hesitate to contact us if you have an interest into addressing the smartcard / SAM slots of the Couplers.

To communicate with a USB PC/SC Coupler -which is basically a USB device, the Android tablet (or smartphone) must provide a USB Host stack. This should be the case of all tablets running Android 3.1 and higher. We recommend Nexus 7 and Nexus 9 tablets, running Android 5.0 or 5.1, which are the reference platforms we use to develop and test the solution. An adapter cable is required to connect the Coupler if your tablet doesn’t provide a full-size USB host connector.

usb-adapter-for-tablets-proxnroll

The USB adapter to use a SpringCard USB PC/SC smartcard reader with a tablet featuring only an USB on-the-go (OTG) mini type B female port

Tip: if you’re not sure whether your tablet supports USB Host or not, just install the Service and the Demo application from Google Play, and check that your SpringCard Coupler is correctly activated by your tablet’s system. Remember that the Coupler will be powered by the tablet’s battery. Some tablets could be powered (by their mains adapter) even when an USB device is present, but most don’t; choose your tablet accordingly if you’re designing a kiosk or public-use system that should be mains-powered 24/7).

Icon of the SpringCard PC/SC Service for Android

Icon of the SpringCard PC/SC Service for Android

To develop your own application using a SpringCard Coupler from Android, download the library (and the sample Demo application) from GitHub, and follow the Quick Start Guide (ref. SpringCard PMD15240) which is included in the GitHub project, or available directly here.

github

The SpringCard SDK for PC/SC on Android is an open-source project hosted on GitHub

We welcome your feedback!

 

scpcsc_feed completes MultiConf

scpcsc_feed is a command-line utility for Windows which is a companion-tool for MultiConf in case you need to configure numerous SpringCard PC/SC couplers in batch mode, or change the settings quickly without a needing a full-featured GUI.

scpcsc_feed is available at https://files.springcard.com/pub/scpcsc_cfg.zip. Just unzip the archive in the folder you want, and open a command prompt (cmd.exe) in this folder to use the tool from the command line.

Connect a SpringCard PC/SC coupler to your computer, and invoke scpsc_feed without any parameter to see the integrated help:

C:\springcard>scpcsc_feed
SpringCard -- scpcsc_feed
-------------------------
Read/write data in the non-volatile memory of a SpringCard PC/SC Reader

Build : Apr 15 2015
Copyright (c) 2010-2013 Pro Active SAS, France
Go to www.springcard.com for information and updates.

Connected through PC/SC.
Connected, device : SpringCard Prox'N'Roll HSP 2.00 [1]
Firmware features : 0073232F

Usage: scpcsc_feed -d            dump configuration registers
scpcsc_feed -r XX         show value of register XX
scpcsc_feed -s XX=YYYY... write register XX with value YYYY...
scpcsc_feed -e            erase all configuration registers
scpcsc_feed -sf FILE      write register(s) from config FILE
scpcsc_feed -t XX=YYYY... set temporarily register XX with value YYYY...
scpcsc_feed -tf FILE      set temporarily register(s) from config FILE

C:\springcard>

A few interesting commands

Read-back the current configuration

scpcsc_feed -d

Restore the factory configuration (blank all registers)

scpcsc_feed -e

Apply the configuration from a MultiConf project

scpcsc_feed -sf [file.multiconf]

New firmware for all SpringCard PC/SC couplers based on the H663 core

SpringCard has just released a new firmware version, tagged 2.00, for its H663 core.

The H663 core is a versatile contactless+contact module, which supports virtually all proximity/RFID HF chip cards (ISO 14443 & ISO 15693 standards, including Mifare, Calypso, etc), NFC-enabled mobile phones or other objects (ISO 18092, peer-to-peer in initiator mode, passive communication scheme), and could also accept up to 5 contact smartcards (ISO 7816, one ID-1 card and up to 4 SIM/SAM ID-000 cards).

SpringCard H663 is the foundation of the largest family of RFID/NFC USB PC/SC readers on the market:

  • The H663S and H663A “bare” modules (designed respectively for either a Symetrical – balanced or an Asymetrical – unbalanced antenna)
  • The H663-USB OEM PC/SC ready-to-use contactless coupler (H663 core + antenna)
  • The CrazyWriter HSP, a complete multi-slot contactless+5 contact PC/SC coupler made for OEMs
  • The TwistyWriter HSP, a contactless+ID-000 PC/SC coupler made for OEMs
  • The CSB HSP, a desktop PC/SC coupler featuring contactless, 1 smartcard slot and 3 ID-000 slots
  • The Prox’N’Roll HSP, a brand new version of SpringCard’s best selling desktop contactless coupler.

This new firmware version provides only a few new features, but introduces a new software architecture based on FreeRTOS which dramatically increases the device’s performance for a better transaction time – particulary when accessing numerous slots in the same transaction.

freertos

How to upgrade

To upgrade your H663-based product with this new version, please refer to our H663/H512 Firmware Upgrade Procedure.

The 2.00 firmware file is here: uc3b0256_rc663_h663_2-00.hex

(note for future readers: please always use the latest firmware version using this permanent link).

From 30/04/2015, all H663-based products will ship with this version (instead of earlier 1.81).

Some new feature

Adding the reader’s serial number to the slot names under Windows

Starting with version 2.00, the H663 family is able to insert the reader’s serial number in the name of the PC/SC readers as exposed by Windows’ SCardListReaders API call. On machines with numerous readers attached, this makes it possible to know which physical reader is actually bound to a logical slot without querying the reader through a SCardControl call.

To enable this feature, download the latest version of MultifConf; create a new project for the H663-product you own (CrazyWriter HSP typically), and in this project scroll down to “Misc. tricks”. Then find the “Insert the serial number in the name of the slots” entry and turn it ON. apply the configuration to the reader(s) (Project -> Write Configuration into Reader), restart the reader, and enjoy!

multiconf-h663-tricks

 

 

Using Mifare Classic EV1 with SpringCard PC/SC readers

NXP has recently started shipping a new generation of Mifare Classic chips, called Mifare Classic EV1 (part numbers MF1S50yyX/V1 for Mifare Classic EV1 1K and MF1S70yyX/V1 for Mifare Classic EV1 4K).

The chips are 100% compliant with earlier Mifare Classic 1K and 4K, with 2 subtle differences:

  • the kind of protocol-level ID to be used must be configured once for all during the pre-personalisation step. Possible choices are 7-byte UID, 4-byte fixed but non-unique ID, and 4-byte random ID,
  • the load modulation level could be set to ‘high’ or ‘low’.

In this short article we’ll show how to configure both the kind of ID and the load modulation.

Personalize UID usage

This command can be only issued once. The choosen configuration is then locked forever. If you have ordered Mifare Classic EV1 with a specific configuration, the command has been issued in factory and will always fail adterwards.

The Mifare Classic EV1′ “personalize UID usage” allows to select one of four different modes:

  1. UIDF0 (value 0x00): anti-collision and selection with the 7-B UID
  2. UIDF1 (value 0x40): anti-collision and selection with the 7-B UID plus a possible shortcut (select only the 4 first bytes and read block 0, bypassing the second step of the selection)
  3. UIDF2 (value 0x20): anti-collision and selection with a 4-B random ID
  4. UIDF3 (value 0x60): anti-collision and selection with a 4-B non-unique ID (calculated out of the 7-B UID)

The command code is 0x40 and must be sent in a CRYPTO1-ciphered stream, after a successfull authentication on sector 0.

To do so, here’s the sequence of commands that must be send to the reader in a SCardTransmit stream (you may for instance write a script for csScriptor). We assume that the card is in transport condition, i.e. that the key A of sector 0 (as well as all other sectors) is the transport key FF FF FF FF FF FF and gives full access to the sector.

# Load the transport key in the reader's volatile memory
FF 82 00 00 06 FF FF FF FF FF FF

# Get authenticated over sector 0 using the transport key as key A
FF 86 00 00 05 01 00 03 60 00

# Check that the authentication is OK by reading block 0
FF B0 00 00 10

# Send the 'personalize UID' command within an ENCAPSULATE APDU
# P1 = 0x01 -> ISO 14443-3
# P2 = 0x08 -> timeout = 125ms
# The last byte is the value to be set, here we choose 0x60 for UIDF3
FF FE 01 08 02 40 60

The reader returns 90 00 if the card acknowledges the command.

If you receive 6F 02 instead (CRC error), it is likely that the card has sent a NACK, meaning that the configuration has already been set and is therefore locked.

Set modulation strength

The Mifare Classic EV1’s “set modulation strength” command allows configuring the chip for either the strong modulation strength (default, value 0x01), or the weak modulation strength (value 0x00).

The command code is 0x43 and must be sent in a CRYPTO1-ciphered stream, after a successfull authentication on sector 0.

To do so, here’s the sequence of commands that must be send to the reader in a SCardTransmit stream (you may for instance write a script for csScriptor). We assume that the card is in transport condition, i.e. that the key A of sector 0 (as well as all other sectors) is the transport key FF FF FF FF FF FF and gives full access to the sector.

# Load the transport key in the reader's volatile memory
FF 82 00 00 06 FF FF FF FF FF FF

# Get authenticated over sector 0 using the transport key as key A
FF 86 00 00 05 01 00 03 60 00

# Check that the authentication is OK by reading block 0
FF B0 00 00 10

# Send the 'set modulation strength' command within an ENCAPSULATE APDU
# P1 = 0x01 -> ISO 14443-3
# P2 = 0x08 -> timeout = 125ms
# The last byte is the value to be set, here we choose 0x00 for weak strength
FF FE 01 08 02 43 00

Firmware release 1.75 for H512 and NFC’Roll

A new firmware version (release 1.75.2) has just been published for SpringCard H512 and NFC’Roll.

This firmware improves the behaviour in card emulation and peer-to-peer (initiator) mode, allowing more reliable exchanges with most smartphones running either in reader or peer-to-peer (target) mode.

The same version will be released very soon for H663 and Prox’N’Roll PC/SC.

NFC’Roll

The new firmware is here: https://files.springcard.com/firmwares/springprox/1-75/2212_pn512_nfcroll-10_1-75.mot

The firmware upgrade procedure is here: https://tech.springcard.com/firmware-upgrade/csb6-firmware-upgrade/

H512

The new firmware is here: https://files.springcard.com/firmwares/springprox/1-75/uc3b0256_pn512_h512_1-75.hex

The firmware upgrade procedure is here: https://tech.springcard.com/firmware-upgrade/h663-h512-firmware-upgrade/

Using SCardControl under Linux and from a Java program

SCardControl is the PC/SC function that makes it possible for the application to invoke ‘proprietary’ functions, implemented either in the PC/SC reader itself (CSB6Prox’N’Roll PC/SCEasyFinger or CrazyWriter) , or in its driver running on the PC, or in the PC/SC middleware.

The prototype is:

LONG SCardControl(
  SCARDHANDLE hCard,
  DWORD dwControlCode,
  LPCVOID lpInBuffer,
  DWORD nInBufferSize,
  LPVOID lpOutBuffer,
  DWORD nOutBufferSize,
  LPDWORD lpBytesReturned
);

(see http://pcsclite.alioth.debian.org/api/group__API.html for the PCSC-Lite documentation, and http://msdn.microsoft.com/en-us/library/windows/desktop/aa379474%28v=vs.85%29.aspx for Microsoft’s version).

The lpInbuffer / nInBufferSize parameters hold the command buffer that will be processed by either target -reader, driver, or PC/SC middleware-.

SpringCard PC/SC Readers do provide a few ‘proprietary’ functions (called ‘Escape commands’ in the USB CCID specification). For instance, an application would send the command 58 1E 01 00 to switch the reader’s red LED ON. A question remains: what must the value of dwControlCode be, when the application wants to send the command right to the reader, bypassing both the PC/SC middleware and the driver? The answer varies with the operating system, which doesn’t help implementing portable code.

Differences between Windows and PCSC-Lite implementations

Windows

In Microsoft’s CCID driver (http://msdn.microsoft.com/en-us/library/windows/hardware/gg487509.aspx), the dwControlCode for the Escape command is defined as follows:

#define IOCTL_CCID_ESCAPE SCARD_CTL_CODE(3500)

SpringCard PC/SC Readers follow the CCID specification. SpringCard’s CCID driver (SDD480) uses the same dwControlCode as Microsoft’s.

Therefore, on Windows, the application would switch the red LED on this way:

#include <windows.h>
#include <winscard.h>

#define IOCTL_CCID_ESCAPE SCARD_CTL_CODE(3500)

(...)

const BYTE SET_RED_LED_ON[4] = { 0x58, 0x1E, 0x01, 0x00 };

SCARDCONTEXT hContext;
SCARDHANDLE hCard;
DWORD dwProtocol;
BYTE abResponse[256];
DWORD dwRespLen;
LONG rc;

(...)

/* Instanciate the winscard.dll library */
rc = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &amp;hContext);
if (rc != SCARD_S_SUCCESS) { /* TODO: handle error */ }

/* Get a direct connection to the reader (we don't need a card to send Escape commands) */
rc = SCardConnect(hContext, szReader, SCARD_SHARE_DIRECT, 0, &amp;hCard, &amp;dwProtocol);
if (rc != SCARD_S_SUCCESS) { /* TODO: handle error */ }

/* Send the command */
rc = SCardControl(hCard, IOCTL_CCID_ESCAPE, SET_RED_LED_ON, sizeof(SET_RED_LED_ON), abResponse, sizeof(abResponse), &amp;dwRespLen);
if (rc != SCARD_S_SUCCESS) { /* TODO: handle error */ }

SCardDisconnect(hCard, SCARD_LEAVE_CARD);
SCardReleaseContext(hContext);

 

Important notes:

Working with MS’ CCID driver

With Microsoft’s CCID driver, the Escape feature is disabled by default.

In order to send or receive an Escape command to a reader, the DWORD registry value EscapeCommandEnable must be added and set to a non-zero value under one of the following keys.

  • HKLM\SYSTEM\CCS\Enum\USB\Vid*Pid*\*\Device Parameters (prior to Windows 7).
  • HKLM\SYSTEM\CCS\Enum\USB\Vid*Pid*\*\Device Parameters\WUDFUsbccidDriver (Windows 7 and later).

This is clearly explained in the Developer’s Manual for every PC/SC reader.

Using SpringCard’s SDD480 CCID driver shall be preferred.

Early versions of SDD480

Branch -Ax of SpringCard’s SDD480 CCID driver uses a different value for the dwControlCode parameter.

#define IOCTL_CCID_ESCAPE SCARD_CTL_CODE(2048)

Switching to the latest version of SpringCard’s SDD480 CCID driver (branch -Bx and onwards) shall be preferred.

Linux, MacOS and other Unix*

In Ludovic Rousseau’s open-source CCID driver (http://pcsclite.alioth.debian.org/ccid.html), the dwControlCode for the Escape command is defined as follows:

#define IOCTL_CCID_ESCAPE SCARD_CTL_CODE(1)

(See http://anonscm.debian.org/viewvc/pcsclite/trunk/Drivers/ccid/SCARDCONTOL.txt?view=markup for details)

Therefore, when working with PCSC-Lite, the application would switch the red LED on this way:

#ifdef __APPLE__
#include <pcsc/winscard.h>
#include <pcsc/wintypes.h>
#else
#include <winscard.h>
#endif

#define IOCTL_CCID_ESCAPE SCARD_CTL_CODE(1)

(...)

const BYTE SET_RED_LED_ON[4] = { 0x58, 0x1E, 0x01, 0x00 };

SCARDCONTEXT hContext;
SCARDHANDLE hCard;
DWORD dwProtocol;
BYTE abResponse[256];
DWORD dwRespLen;
LONG rc;

(...)

/* Instanciate the winscard.dll library */
rc = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);
if (rc != SCARD_S_SUCCESS) { /* TODO: handle error */ }

/* Get a direct connection to the reader (we don't need a card to send Escape commands) */
rc = SCardConnect(hContext, szReader, SCARD_SHARE_DIRECT, 0, &hCard, &dwProtocol);
if (rc != SCARD_S_SUCCESS) { /* TODO: handle error */ }

/* Send the command */
rc = SCardControl(hCard, IOCTL_CCID_ESCAPE, SET_RED_LED_ON, sizeof(SET_RED_LED_ON), abResponse, sizeof(abResponse), &dwRespLen);
if (rc != SCARD_S_SUCCESS) { /* TODO: handle error */ }

SCardDisconnect(hCard, SCARD_LEAVE_CARD);
SCardReleaseContext(hContext);

Enabling the Escape commands

With this CCID driver, the Escape feature is also disabled by default.

You’ll have to edit the CCID driver’s Info.plist file to enable this feature:

  • Open /usr/local/lib/pcsc/drivers/ccid/Info.plist in edit mode with root priviledge,
  • Locate the line <key>ifdDriverOptions</key>,
  • The following line is typically <string>0000</string>,
  • Define the new value: <string>0001</string>,
  • Save the file and restard pcscd.

(More details on http://ludovicrousseau.blogspot.fr/2011/10/featureccidesccommand.html)

Writing portable code

The idea is only to use a #ifdef to compile the correct value:

#ifdef WIN32
#define IOCTL_CCID_ESCAPE SCARD_CTL_CODE(3500)
#else
#define IOCTL_CCID_ESCAPE SCARD_CTL_CODE(1)
#endif

Java

The javax.smartcardio API provides Java methods that are stricly bound to the underlying PC/SC subsystem. The Card.transmitControlCommand method is the wrapper for SCardControl. The prototype is coherent:

java decode:true">public abstract byte[] transmitControlCommand(
  int controlCode,
  byte[] command)
    throws CardException

Now the same question: what must the value of controlCode be? The answer is short: it depends on the PC/SC stack! SCARD_CTL_CODE(3500) for Windows, and SCARD_CTL_CODE(1) for PCSC-Lite. But with another difference: the macro SCARD_CTL_CODE is not computed the same way between both systems!

 

As a consequence, the Java application must detect the OS, and compute the controlCode parameter accordingly.

Same example to switch the red LED on:

java decode:true">import javax.smartcardio.*;

(...)

static boolean isWindows()
{
  String os_name = System.getProperty("os.name").toLowerCase();
  if (os_name.indexOf("windows") > -1) return true;
  return false;
}

static int SCARD_CTL_CODE(int code)
{
  int ioctl;
  if (isWindows())
  {
    ioctl = (0x31 < < 16 | (code) << 2);
  } else
  {
    ioctl = 0x42000000 + (code);
  }
  return ioctl;
}

static int IOCTL_CCID_ESCAPE()
{
  if (isWindows())
  {
    return SCARD_CTL_CODE(3500);
  } else
  {
    return SCARD_CTL_CODE(1);
  }
}

static final byte[] SET_RED_LED_ON = { (byte) 0x58, (byte) 0x1E, (byte) 0x01, (byte) 0x00 };

(...)

String readerName;

/* Note that the reader's name vary with the OS too!!! */
if (isWindows())
  readerName = "SpringCard Prox'N'Roll Contactless 0";
else
  readerName = "SpringCard Prox'N'Roll (00000000) 00 00";

CardTerminal terminal = CardTerminals.getTerminal(readerName);

Card virtualCard = terminal.connect("DIRECT");

virtualCard.transmitControlCommand(IOCTL_CCID_ESCAPE(), SET_RED_LED_ON);

virtualCard.disconnect(false);

Of course this code works only if the Escape feature is enable by the underlying CCID driver, as seen above.

SpringCard introduces new SDK for NFC-enabled PC/SC readers

It’s now the final countdown before the launch of new SpringCard NFC products, H512 and NFC’Roll. Both products are not only able to read/write NFC Tags, but they also introduce NFC peer-to-peer communication and an innovative Card emulation mode.

The developers who already have an early release of either product, or who want to start evaluating the development process, are welcomed to download the first version of the SDK, which has been made available today, together with its documentation.

The NFC SDK for PC/SC includes
NFcTool, a Tag read/write Utility,
NFcBeam, implementing the NFC Forum ‘Simple NDEF Exchange Protocol’ (SNEP) on top of NFC Forum LLCP (Logical Link Control Protocol), itself on top of NFC-DEP, i.e. the NFCIP1 peer-to-peer layer (ISO 18092 chapter 12). A typical use-case would be to retrieve a contact entry (VCard) from an Android smartphone, or to push a SmartPoster from the PC to the smartphone,
NfcTagEmul, showing how easy it is for either H512 or NFC’Roll to emulate a NFC Forum Tag (type 2 or type 4). This makes it possible to push a SmartPoster, URI, Text, VCard… from the PC to the smartphone, as smoothly as if the phone was reading a static Tag,
– and much more!

Edit 15/10/2013: starting with PC/SC SDK version 2.12, the NFC extensions are now included in the PC/SC SDK itself. Please read this article for details.

Those software are available with complete source (C# for .NET) in the SDK. Please download and read PMD2228: NFC SDK for PC/SC – Getting Started Guide for a guided tour and a few technical details.

Click here to download SpringCard NFC SDK for PC/SC

The reference manual for operating the readers from PC/SC applications is here: PMD2176: H512 (and NFC’Roll) Developer’s Reference Manual.

An installer is also available (SQ2211: QuickStart for H512 and NFC’Roll) for people who want to try the products but don’t need the full SDK.

Warning: a few changes have been on the specifications since the Alpha version of the firmware (1.6x branch). Products shall be updated to firmware v1.70 in order to be compliant with the final specifications, and to work with this SDK. Current 1.7x branch doesn’t include peer-to-peer in Target mode (only Initiator mode is currently implemented). This will be added in 1.8x branch.