How to configure a Puck as a reader to read a SpringPass virtual card using keyboard emulation?

SpringCard Puck family products can be used to read contactless passes carried by NFC smartphones. In the SmartReader operating mode, the reader is standalone to run and the computer receives RFID/NFC pass data as if someone would type it on the keyboard.

SpringPass by SpringCard is a service for generating NFC passes in order to dematerialize contactless cards or RFID badges by virtualizing them on mobile phones (smartphones). On Apple iOS (iPhone) architectures, the system is based on Apple VAS technology. On Android architectures, the system is based on Google Smart Tap technology.

Read More

How to read RFID/NFC passes with SpringCard PC/SC couplers

SpringCard contactless PC/SC couplers (NFC/RFID HF) can be used to read contactless passes carried by NFC smartphones.

In particular, the Prox'N'Roll HSP PC/SC and the PUCK configured as PC/SC have been certified :

  • by Apple for reading NFC passes stored in the Apple Wallet application ("Apple VAS" protocol, formerly branded as "PassKit"),
  • by Google for reading NFC passes stored in the Google Pay application ("Google VAS" protocol, still branded as "Smart Tap" or now "Google Wallet").

Read More

Using SpringCard PC/SC Couplers with a Raspberry Pi 4

SpringCard PC/SC Couplers like the H663 family (CrazyWriter HSP, Prox'N'Roll HSP, TwistyWriter HSP...) and the new SpringCore family (PUCK...) are well supported by Linux systems thanks the open-source PCSC-Lite stack and its CCID driver. All these devices are easy to operate on early Raspberry Pi with little to no specificities.

This has changed on Raspberry Pi 4 and Raspian Bullseye and their new power-saving policy: by default, the system now shuts down any USB device that appears as being "unused" -- which is namely the case of any PC/SC Coupler until a card is inserted or presented ;-).

For correct operations of any SpringCard PC/SC Coupler with a Raspberry Pi 4 and Raspian Bullseye, the integrator must therefore disable the USB power control, and this article explains how to do so. It may also be useful to anyone trying to troubleshoot disconnection issues affecting any PC/SC device when used together with an embedded Linux system where USB power saving is enabled by default.

Read More

SCardSniffer2 spies the exchanges between a PC/SC application and a smart card

5 years ago, SpringCard introduced SCardSniffer, a tool that spies the exchanges between Windows applications and the PC/SC subsystem. SCardSniffer works by introducing a hook over winscard.dll.

Although this method is still perfectly working in most cases, it comes with some technical complexity (1. the sniffer and the sniffed application must both run on the same subsystem, either Win32 or Win64, hence 2 versions of the sniffer and 2. the injection of the hook is likely to be disabled on security-enforced computers and 3. it may also triggers some antivirus/malware detection tools, which leads to an unnecessary stress).

SCardSniffer2 is a new tool that offers basically the same function, but with a much simpler architecture.

SCardSniffer2 installs a new virtual smart card reader and acts as a relay between this virtual reader and the real reader, where the real card is.

The application to be spied must be reconfigured to connect to the virtual reader (instead of the real reader); SCardSniffer2 is then able to record all the APDUs exhanged between the application and the card.

Read More

Using master cards to configure the SpringCore devices

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. All the devices in this family could be configured easily and securely thanks to SpringCard 2nd generation of master cards.

A master card v2 is a Desfire EV1 (or later) contactless card, that contains the configuration parameters you want to apply to many devices. The data are protected by AES128 for authentication and secure communication, and their authenticity is validated by an ECC256 digital signature.

Thanks to this robust security scheme, only your devices can read and accept your master cards, while refusing (and being actually unable to read) master cards created by 3rd parties. Symmetrically, only the devices that you have commissioned with your own key-set are able to read your master cards, thus protecting your assets (secret keys and specific configuration parameters) against any unwanted disclosure, even if the master card is lost or stolen.

This article shows how-to create master cards v2 using springcoremastercard.exe tool and/or SpringCard Companion, and what are the best practices to use them efficiently and securely.

Read More

PCSCCheck, the all-in-one tool to validate and tune your PC/SC installation

An analysis of the questions that are the most frequently asked to our technical support shows that many issues and concerns are due to the settings or the behaviour of Windows operating system itself.

This is particularly the case in security-enforced corporate environments, where strict administrative policies may prevent the user to install the right driver, or even prevent the applications to access local smart card readers.

The fact that Windows raises a couple of notifications ("Setting up a device", then "The smart card requires drivers that are not present on this system") every time a card is inserted in a PC/SC reader for the first time is also the source of many questions, that this article will address.

Read More

How to be sure that the SpringCard PC/SC driver is installed on Windows?

Since all SpringCard USB PC/SC couplers comply with the USB CCID specification, they are supported by the generic CCID driver supplied by Microsoft as a part of the Windows operating system. As a consequence, when connecting a SpringCard PC/SC coupler to a computer for the first time, this coupler is associated to the generic "Microsoft Usbccid Smartcard Reader (WUDF)" driver by default.

This is a problem for many users, since this generic driver has many limitations that make it un-suitable for most of the use cases.

In this article, we'll expose its 3 most obvious limitations, and expose the 2 different methods to installing the right driver.

Read More

Securing the connection to the MQTT broker using TLS and SpringCore client certificates

The aim of this tutorial is to configure a SpringPark as a Network SmartReader/MQTT client with a mosquitto broker. The SpringPark in this configuration acts as an MQTT client (using TLS). It sends its tags to the mosquitto broker hosted at mqtt.springcard.com. 

For this howto, we will assume that:

  • your SpringPark is using a default (from factory) configuration.
  • you have some networking basis.
  • you have some MQTT basis.

Read More

How to setup and use a SpringPark as an Amazon AWS client

The aim of this demonstration is to configure a SpringPark as a Network SmartReader/AWS client. The SpringPark in this configuration acts as an AWS IOT Core client (using TLS). It sends its tags/informations to Amazon's cloud and can also receive commands.

We won't cover the AWS's side (lamba function, certificates, policies, ...) but focuse on the device's side.

For this howto, we will assume that:

  • your SpringPark is using a default (from factory) configuration.
  • you have some networking basis.
  • you have some MQTT basis.

Read More