SCardSniffer2 spies the exchanges between a PC/SC application and a smart card

5 years ago, SpringCard introduced SCardSniffer, a tool that spies the exchanges between Windows applications and the PC/SC subsystem. SCardSniffer works by introducing a hook over winscard.dll.

Although this method is still perfectly working in most cases, it comes with some technical complexity (1. the sniffer and the sniffed application must both run on the same subsystem, either Win32 or Win64, hence 2 versions of the sniffer and 2. the injection of the hook is likely to be disabled on security-enforced computers and 3. it may also triggers some antivirus/malware detection tools, which leads to an unnecessary stress).

SCardSniffer2 is a new tool that offers basically the same function, but with a much simpler architecture.

SCardSniffer2 installs a new virtual smart card reader and acts as a relay between this virtual reader and the real reader, where the real card is.

The application to be spied must be reconfigured to connect to the virtual reader (instead of the real reader); SCardSniffer2 is then able to record all the APDUs exhanged between the application and the card.

Read More