Windows 7 complains on missing driver for smartcards - a practical workaround

Smartcards and smartcard-aware applications using application level commands (APDUs) are older than Windows and worked very well in the past, until Microsoft suddently decided that a smartcard shouldn't be handheld directly by the applications anymore, and introduced the concept of smartcard driver software (ICC Service Provider withing the PC/SC framework). This issue sometimes occurs with our products in the SpringCard CSB6 Family (CSB6Prox’N’Roll PC/SCEasyFinger and CrazyWriter) and our NFC readers/encoders (H512NFC’Roll).

With Windows Seven, Microsoft goes one step further and mandates that every smartcard has its own driver (a 'minidriver' actually, i.e. a DLL running in user mode and not a SYS binary running in kernel mode). Everytime you put a smartcard on a contactless reader, or in a contact reader, the system tries to locate the appropriate driver, and this generally ends up with a red mark in the tray bar and this annoying message in the tray bar : "Device driver software was not successfully installed. Click here for details." Luckily, smartcard-aware applications keep on working as usual on top of PC/SC API, thanks to classical SCardConnect / SCardTransmit function calls.

According to Microsoft, smartcard-issuers should provide a minidriver for their cards. The point is, the ICC Service Provider architecture is meaningfull to let security-sensitive applications access security features (digital signature, secure login) in an interoperable and high-level way, but it appears useless in other cases, when only one single software has to communicate with a single smartcard. And this is the case in 99% of the systems using contactless smartcards or contactless memory cards.

A techninal article has been published in Microsoft Knowledge base (http://support.microsoft.com/kb/976832/en-us) giving different solutions to prevent the system from looking for a driver and issuing the warning message. In this article we are detailing two solution :

  • 1st solution is to disable SmartCard PnP feature through a Group Policy. The side effect is that there's not choice but to disable this feature for every cards, not only for the one that do not have a minidriver,
  • 2nd solution is to write in the system registry the list of cards that will not have a minidriver. In this article we do this through a small utility that makes it easier than entering the required lines in the registry one after the other.

Using a Group Policy to disable the smartcard PnP feature

Just follow this five steps :

  1. Run MMC.exe (Microsoft Management Console)
  2. Add Group Policy snap-in to the console
  3. Open Local Computer
  4. Browse to Policy\Computer Configuration\Windows Settings\Administrative Templates\Windows Components\Smart Card
  5. Disable Turn On Smart Card Plug And Play Services.

Command-line utility to selectively disable some smartcard minidrivers

The principle is to register in the system registry the ATRs of every smartcard we don't want to go through the PnP feature, and to associate them to a dummy minidriver.

Here's the technical part (details are to be found in MS' reference article (http://support.microsoft.com/kb/976832/en-us),

  1. Create a branch under HKLM\Software\Microsoft\Cryptography\Calais\Smartcards, name the branch with any clever name that will describe the related smartcard
  2. In this branch create a REG_BINARY entry named ATR in which you put the smartcard's ATR
  3. Create a REG_SZ entry named Crypto Provider and put the value $DisableSCPnP$ in it.

You may also add a REG_BINARY entry named ATRMask to associate this entry with more than one ATR. In the ATRMask, bits set to 1 means that the bits in ATR are relevant, and bits set to 0 act as wildcards.

 

A sample source code to do so is provided by MS' with the article. We've  implemented this source code in a small command line tool, and added a lot of modifications to ease its use and to make it possible to disable smartcard PnP for any arbitrary-entered smartcard ATR, and not only for the smartcards physically inserted in the readers at the time of execution.

There are two binaries : pcsc_no_minidriver32.exe for 32-bit systems, and pcsc_no_minidriver64.exe for 64-bit systems. Invoke either software with the -h parameter to get help. With the -m parameter, the software starts monitoring all the PC/SC readers. For every card inserted, it disables the plug and play. Alternatively, the -a parameter let you specify the ATR (hexadecimal string) ; you may optionally use the -n parameter to specify a name for your smartcard (this is convenient if you want to remove it from the registry later on !).

Note, you must run this program as an administrator.

We supplied the software with 2 command line scripts (.CMD),

  • pcsc_no_minidriver_memory.cmd disables every memory card (ATR constructed according to PC/SC v.2 specification for memory cards)
  • pcsc_no_minidriver_well_known.cmd disables  some well-known contactless cards that do not have a minidriver (NXP Desfire, NXP Mifare Plus, various Calypso cards, ...).

Of course, use this software and the related scripts with care and make sure you really do understand what it does, as it may prevent your system to work correctly with your 20$-cryptographic card that do need its minidriver to work with CryptoAPI.

Here's the link to the package : http://www.springcard.com/download/pub/pcsc_no_minidriver.zip . It comes with complete source code. Just unzip in a local folder and enjoy.

Upgrade in our PC/SC SDK (release 1.20)

The release 1.20 of SpringCard PC/SC SDK is now available in the Download section of the website (direct link to latest version : http://www.springcard.com/download/find.php?file=pcsc-sdk). This SDK is meant to be used with our products in the SpringCard CSB6 Family (CSB6Prox’N’Roll PC/SCEasyFinger and CrazyWriter).

People working in the 'emerging' NFC field will be glad to discover the updated versions of NFCTool, a .NET based application (written in C#) that makes it easy to create or to read NFC Tags compliant with the SmartPoster specification (as published by NFC Forum). Command-line nfc_create utility is also very useful to encode batches of NFC Tags.

The Desfire support library (pcsc_desfire.dll on Windows) has been upgraded; it now fully supports all the new features of NXP Desfire EV1 smartcards: AES and Triple-DES with 3 keys (3KDES), ISO 7816-4 compliant directories and files, card-level configuration. NXP Mifare UltraLight C chips are supported easily thanks to a new library (pcsc_mifulc.dll). Also, we've added in the SDK the Calypso support library (pcsc_calypso.dll) and its related sample software. All those libraries come with C source code.

New command line utilities have also been written for the ones who want to master PC/SC from its very basis, or have portability in mind. Most our C examples now run on Linux without any modification.

Cardpeek - open source tool to read the content of smartcards

We've discovered a new open source project (lead by "L1L1") that sounds promising.

Cardpeek is a Linux tool to read the contents of ISO7816 smartcards. It uses a PC/SC reader to communicate with the card, and its GTK GUI represents card data is a tree view. Cardpeek list of supported cards is expandable thanks to a scripting language. Currently, the tool can explore EMV cards, Calypso cards (including the Navigo pass from Paris area, with translation of the station names -this part developed by pterjan), Moneo cards (french ePurse) and Vitale (french health card).

Here's a few snapshot I've taken with a Prox'N'Roll PC/SC and my own Navigo card (Paris' Calypso card)

Cardpeek + Prox'N'Roll PC/SC

Selecting Prox'N'Roll PC/SC reader

Content of a Calypso card: ATR and list of contracts

Card content explained: ATR and list of contracts

Content of a Calypso card: transport log

Card content explained: transport log, with station code translated to actual names

Project homepage : http://code.google.com/p/cardpeek/

A few more explanations on freshmeat : http://freshmeat.net/projects/cardpeek

Create and read NFC tags with SpringCard NFC Tool and NFC Decoder

NFC Tags in a nutshell

An NFC Tag is a regular ISO 14443 card (either a memory card or a microprocessor-based smartcard), holding a specific content. Depending on this content, the "reader" will perform automatically a predefined action. Typical actions are :

  • open a URL (Internet address),
  • dial a number or send an SMS (if the reader is a mobile phone),
  • launch a software,
  • etc...

NFC tags are for instance embedded in Smart Posters, a new media for advertisement. Users seing the poster and touching its NFC tag with their NFC-enabled mobile phone or smartphone they may receive easily coupons or detailed information, or be prompted to buy online the advertised goods.

NFC logo : identifies NFC Compliant devices

The NFC Tag logo has been designed by the NFC Forum to identify NFC Tags.

NFC Forum, the organisation in charge of NFC standardization, has registered 4 types of NFC Tags :

  • NFC Type 1 tags :  Innovision Research & Technology TOPAZ chips (proprietary communication protocol on top of ISO 14443-A modulation)
  • NFC Type 2 tags : NXP MIFARE Ultralight and Ultralight C chips (proprietary communication protocol on top of ISO 14443-A modulation)
  • NFC Type 3 tags : Sony FELICA chips (proprietary modulation and communication)
  • NFC Type 4 tags :  standard ISO 7816-4 smartcards using ISO 14443 A or B up to layer 4

NXP and Nokia also support using NXP MIFARE Classic (1k/4k) tags. Visit NXP's website for more information on how to make NFC tags using their chips (including MIFARE DESfire as Type 4 tags).

The format on the content stored in the tags is specified by NFC Forum in NDEF standard (NFC Data Exchange Format).

Getting started with NFC Tags thanks to SpringCard readers and software

SpringCard has developed a set of software -with sources included in the new release of the SDKs- to demonstrate how NFC tags are encoded and processed by SpringCard contactless readers.

Customize your tags using NFC Tool

NFC Tool is a desktop application (Windows) to encode and read common NFC tags. NFC Tool works with PC/SC readers (Prox'N'Roll, CrazyWriter or CSB6 namely).

NFC Tool allows you to read/write NFC content on your cards

An example of use of NFC Tool with a Mifare UltraLight Card

Easily read and write NFC content in your cards using NFC Tool : Choose between SmartPoster, Text or URI ; fill in your URL or Text ; encode it to generate the NDEF and write it to your card.

At the date of writing, NFC Tool supports the following tags :

  • MIFARE Classic cards (standard 1K/4K)  as NFC Type 2 tags ;
  • MIFARE UltraLight (MF0ICU1) and UltraLight C (MF0ICU2) cards as NFC Type 2 tags ;
  • TOPAZ by Innovision cards as NFC Type 1 tags.

NFC Tool can be found in our PC/SC SDK (C# application for .NET framework).

Read NFC tags on your Pocket PC using NFC Decoder

NFC Decoder is a lighweight application for Windows Mobile (Pocket PC) that allows you to open an URL from an NFC tag card. NFC Decoder works with either SpringProx-CF, SpringProx-CF UP or SpringWAP through SpringProx API. It supports MIFARE 1K, MIFARE 4K and MIFARE UltraLight or UltraLight C as NFC Type 2 tags.

NFC Decoder

An URL found on tag with NFC Decoder

(C# application for .NET compact framework).

Calypso Explorer now available for download

SpringCard contactless readers are often used together with Calypso cards, that are used worldwide by some major transport operators ('Navigo' in Paris for instance). We are now offering for free two software utilities we've developed to retrieve and explain the content of those cards :

  • Calypso XML Dump is a CLI written in C that reads the files of a Calypso card ('1TIC.ICA' card application), applies Intercode rules to decode the records, and export the result as XML files. This is convenient to make dumps of cards for later processing.
  • Calypso Explorer is a .NET based software with an 'explorer-like' GUI. It also reads the files and applies the Intercode rules, then directly show the result in its window.

Both software work with PC/SC readers. They make use of SpringCard library for Calypso (provided as a DLL in the package).

Download SpringCard Calypso Explorer software

Complete source code is provided, showing how you can embedd this DLL into your own sofware. It allows fast and easy development of PC-based applications using Calypso cards. Our LICENSE allows you to use the software freely (binary and/or source) provided that you use it together with one of our hardware products (to name a few : Prox'N'Roll PC/SC, CSB6 PC/SC, CrazyWriter PC/SC).

Screenshots :

Calypso Explorer : select the PC/SC reader
Calypso Explorer : choosing the PC/SC reader

Calypso Explorer : card's details
Calypso Explorer : dump of the card.
It reads Card.EnvHolder.Record #1.Environment.Network = 250901. This is a 'Navigo' card, from Paris network (subway and suburbian trains).

Calypso XML Dump
Calypso XMP Dump : the same card, shown as XML.
Call calypso_xml_dump -o xml_file.xml to redirect the output to a file.

References :

  • Calypso is a standard initially developed and promoted by Innovatron, SNCF and RATP in Paris. It is now promoted by a non-for-profit-organisation, the Calypso Network Association. Note that access to the specification of the cards is limited, and that some features of the cards have been patented by Innovatron (secure session and ratification). Our customers shall buy readers including the patent licence-fee ('-C' suffix in the part number) if they want to perform a complete Calypso transaction.
  • The Intercode specification describes how the record shall be structured (the final aim is to achieve interoperability between transport networks). It is based on the data types described by EN1515 standard. The specification is available at http://www.billettique.fr/IMG/pdf/intercode_2_amendement_1k.pdf.

Calypso Explorer has been developed with SharpDevelop IDE, a really good alternative to Microsoft Visual Studio (fast, easy, and on top of that, free and open). Calypso XML Dump has been developed with Microsoft Visual C++ 6.