Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Wednesday, November 28, 2012

New version of pcsc-lite: 1.8.7

I just released a new version of pcsc-lite 1.8.7.

Changes:
pcsc-lite-1.8.7: Ludovic Rousseau
28 November 2012
  • Fix a problem when a reader is unplugged (and the reader is still in use)

Friday, November 23, 2012

New UI design for the online ATR parser

I made some graphical design (using CSS) for my Smart card ATR parsing online application.

I am not a web designer (you may have noticed). But I tried to make the interface nicer.

The new interface looks like:


If you want to work on a better design you are welcome. Contact me.

Related articles:

Friday, November 2, 2012

PCSC sample in lua

To continue the list of PC/SC wrapper initiated more than two years ago with "PC/SC sample in different languages" I now present a PC/SC sample in lua.

In a previous blog article "cardpeek: A tool to read the contents of smartcards" I presented an application using the lua language to interact with smart cards.

PC/SC access from lua

Cardpeek is a complete application and not a PC/SC wrapper. The cardpeek author implemented only what was needed for the application instead of a general PC/SC wrapper.

The card functions available from lua are:
  • connect
  • disconnect
  • warm_reset
  • last_atr
  • info
  • send
  • set_command_interval
  • make_file_path

One important missing function is an equivalent of SCardListReaders(). The list of available readers and selection of the reader to use is not available from the lua code. The reader selection is done by the cardpeek application using C code directly.

Some work is missing in order to have a complete PC/SC wrapper for lua.

Source code

function hex_tostring(data)
 local r = ""
 local i
 for i=0,#data-1 do
  r = r .. string.char(data[i]) 
 end 
 return r
end

if card.connect() then
 card.tree_startup("ATR")

 -- Select applet
 select = bytes.new(8, "00 A4 04 00 0A A0 00 00 00 62 03 01 0C 06 01")
 sw, resp = card.send(select)
 print(string.format("SW: %X", sw))
 print(resp)

 -- Send command
 command = bytes.new(8, "00 00 00 00")
 sw, resp = card.send(command)
 print(string.format("SW: %X", sw))
 print(hex_tostring(resp))

 card.disconnect()
end

Remarks

The output is sent to the console using the lua print() statement. You could also send the output to cardpeek using log.print() instead.

Output

In the console


SW: 9000

SW: 9000
Hello world!

In cardpeek




Conclusion

I reported some improvements for cardpeek (issues 13, 14, 15 and 16). One month after, the issues are still open and the proposed patches not applied or reviewed. A bad news concerning the state of the cardpeek project :-(.

This pseudo-wrapper is the 12th wrapper for PC/SC. What will be the next language?

Friday, October 26, 2012

cardpeek: A tool to read the contents of smartcards

A few days ago I discovered a nice tool: cardpeek.






Project

The project is hosted at http://code.google.com/p/cardpeek/.
It is Free Software and uses the GNU GPL v3 licence.

From the project web site:
Cardpeek is a Linux/Windows tool to read the contents of ISO7816 smartcards. It features a GTK GUI to represent card data is a tree view, and is extendable with a scripting language (LUA).

The goal of this project is to allow smartcard owners to be better informed about what type of personal information is stored in these devices.

The tool currently reads the contents of :
  • EMV cards, including NFC ones.
  • Navigo public transport cards (partially supports MOBIB as well)
  • The French health card "Vitale 2"
  • Electronic/Biometric passports in BAC security mode.

It can also read the following cards with limited interpretation of data:
  • Some Mifare cards (such as the Thalys card);
  • Moneo, the French electronic purse;
  • GSM SIM cards.

More info on the Wiki here: http://code.google.com/p/cardpeek/wiki/Main

Installation

It is easy to install under Debian GNU/Linux. You may need to install some dependencies related to the lua language. The program is written in C and lua. The parts sending smart card commands are lua scripts. I do not yet have lua in my list of languages for PC/SC.

You may be unable to run the ./configure script. I already reported this problem. run autoreconf -vis to get correct symlinks.

Examples

EMV

I tried with an EMV card.

The application gives a lot of information. For example you have access to the card transaction records.
In this example I payed 48.11€ on the August 30th of 2012. This transaction was to fil the tank with gasoline but the card do not store information about the merchant.

Navigo Pass

I do not have a Navigo Pass myself so I reused the screen copy from the cardpeek project navigo page.

From the project:
The "calypso" script included in cardpeek can read the content of Navigo cards used in Paris. It provides enhanced "event log" analysis notably with subway/train station names, as illustrated in the screenshot above. It has been successfully tested on Navigo Découverte, Navigo and Navigo Intégrale cards.

SIM

The support is SIM card is indicated as beta but does work quiet well.

For example you can dump the phone book stored in your SIM card.

I guess it is in beta mode because not all the fields are parsed and displayed in a human readable format.

Conclusion

Cardpeek is a very nice tool to explore many common kinds of smart cards. It is tech savvy oriented.

Sunday, October 7, 2012

New version of libccid: 1.4.8

I just released a version 1.4.8 of libccid the free software CCID class smart card reader driver.

1.4.8 - 22 June 2012, Ludovic Rousseau
  • Add support of
    • SCR3310-NTTCom USB (was removed in version 1.4.6)
    • Inside Secure VaultIC 420 Smart Object
    • Inside Secure VaultIC 440 Smart Object
  • Wait up to 3 seconds for reader start up
  • Add support of new PC/SC V2 part 10 properties:
    • dwMaxAPDUDataSize
    • wIdVendor
    • wIdProduct
  • Use helper functions from libPCSCv2part10 to parse the PC/SC v2 part 10 features

Monday, October 1, 2012

Parsing an ATR: now in color

Since 2010 I provide a way to parse an ATR online using a web page. I also provide a Python script to do the same using a command line tool.

I am not a user interface design expert. But I like to have important elements in color. Syntax colorization is a great invention. So I decided to add color to the ATR parsing results.

Web page

Available at http://smartcard-atr.appspot.com/

Before

Parsing ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1

TS = 0x3BDirect Convention
T0 = 0xFAY(1): b1111, K: 10 (historical bytes)
TA(1) = 0x13Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
TB(1) = 0x00VPP is not electrically connected
TC(1) = 0xFFExtra guard time: 255 (special value)
TD(1) = 0x81Y(i+1) = b1000, Protocol T=1
----
TD(2) = 0x31Y(i+1) = b0011, Protocol T=1
----
TA(3) = 0x80IFSC: 128
TB(3) = 0x45Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes00 31 C1 73 C0 01 00 00 90 00
Category indicator byte: 0x00
(compact TLV data object)
    Tag: 3, Len: 1 (card service data byte)
      Card service data byte: 193
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card without MF
    Tag: 7, Len: 3 (card capabilities)
      Selection methods: 192
        - DF selection by partial DF name
        - DF selection by full DF name
      Data coding byte: 1
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: valid
        - Data unit in quartets: 1
     Command chaining, length fields and logical channels: 0
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 0
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0 (No information given)
      SW: 9000 ()
TCK = 0xB1 (correct checksum)

Possibly identified card: OpenPGP

After

Parsing ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1

TS = 0x3BDirect Convention
T0 = 0xFAY(1): b1111, K: 10 (historical bytes)
TA(1) = 0x13Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
TB(1) = 0x00VPP is not electrically connected
TC(1) = 0xFFExtra guard time: 255 (special value)
TD(1) = 0x81Y(i+1) = b1000, Protocol T=1
----
TD(2) = 0x31Y(i+1) = b0011, Protocol T=1
----
TA(3) = 0x80IFSC: 128
TB(3) = 0x45Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes00 31 C1 73 C0 01 00 00 90 00
Category indicator byte: 0x00
(compact TLV data object)
    Tag: 3, Len: 1 (card service data byte)
      Card service data byte: 193
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card without MF
    Tag: 7, Len: 3 (card capabilities)
      Selection methods: 192
        - DF selection by partial DF name
        - DF selection by full DF name
      Data coding byte: 1
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: valid
        - Data unit in quartets: 1
      Command chaining, length fields and logical channels: 0
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 0
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0 (No information given)
      SW: 90 00 ()
TCK = 0xB1 correct checksum

Possibly identified card: OpenPGP

Command line

The same software is also available as a command line tool: parseATR.py

Before

ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
TS = 0x3B --> Direct Convention
T0 = 0xFA --> Y(1): b1111, K: 10 (historical bytes)
 TA(1) = 0x13 --> Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
 TB(1) = 0x00 --> VPP is not electrically connected
 TC(1) = 0xFF --> Extra guard time: 255 (special value)
 TD(1) = 0x81 --> Y(i+1) = b1000, Protocol T=1
----
 TD(2) = 0x31 --> Y(i+1) = b0011, Protocol T=1
----
 TA(3) = 0x80 --> IFSC: 128
 TB(3) = 0x45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes --> 00 31 C1 73 C0 01 00 00 90 00
  Category indicator byte: 0x00 -->  (compact TLV data object)
    Tag: 3, Len: 1 (card service data byte)
      Card service data byte: 193
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card without MF
    Tag: 7, Len: 3 (card capabilities)
      Selection methods: 192
        - DF selection by partial DF name
        - DF selection by full DF name
      Data coding byte: 1
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: valid
        - Data unit in quartets: 1
      Command chaining, length fields and logical channels: 0
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 0
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0 (No information given)
      SW: 9000 ()
TCK = 0xB1  --> (correct checksum)
Possibly identified card: OpenPGP

After

ATR: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
TS = 0x3B --> Direct Convention
T0 = 0xFA --> Y(1): b1111, K: 10 (historical bytes)
 TA(1) = 0x13 --> Fi=372, Di=4, 93 cycles/ETU (43010 bits/s at 4.00 MHz, 53763 bits/s for fMax=5 MHz)
 TB(1) = 0x00 --> VPP is not electrically connected
 TC(1) = 0xFF --> Extra guard time: 255 (special value)
 TD(1) = 0x81 --> Y(i+1) = b1000, Protocol T=1
----
 TD(2) = 0x31 --> Y(i+1) = b0011, Protocol T=1
----
 TA(3) = 0x80 --> IFSC: 128
 TB(3) = 0x45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
----
Historical bytes --> 00 31 C1 73 C0 01 00 00 90 00
  Category indicator byte: 0x00 -->  (compact TLV data object)
    Tag: 3, Len: 1 (card service data byte)
      Card service data byte: 193
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card without MF
    Tag: 7, Len: 3 (card capabilities)
      Selection methods: 192
        - DF selection by partial DF name
        - DF selection by full DF name
      Data coding byte: 1
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: valid
        - Data unit in quartets: 1
      Command chaining, length fields and logical channels: 0
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 0
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0 (No information given)
      SW: 90 00 ()
TCK = 0xB1  --> correct checksum
Possibly identified card: OpenPGP

Conclusion

I like colorization.

Friday, September 28, 2012

Adobe signature system was compromised

Adobe just published an article "Inappropriate Use of Adobe Code Signing Certificate" describing the inappropriate use of their code signature private key.

Adobe uses a Hardware Security Module (HSM) to store the private key. The signature requests are sent by build servers and signed by the HSM.

Unfortunately one build server has been compromised and malicious software has been signed.

Lessons

Maybe the lesson is that automatic code signing, without human verification, is an error. Of course the human verification shall be smart enough to avoid repetitive and boring tasks.

In general smart card doing cryptographic signature with a legal value (eID or citizen cards) are configured so that the user PIN has to be entered before each signature. And the use of a pinpad reader is a big security improvement. So even if the user computer is compromised the attacker cannot sign many documents without the user noticing something wrong.
But:
  • only one signed document may be enough for the attacker
  • noticing something is wrong requests some user intelligence

Conclusion

The best security architects can do is:
  • provide systems simple to understand
  • provide some kind of detection of strange events
  • provide a way to easily revoke a compromised key

Tuesday, September 18, 2012

Tokend installer for Mac OS X Mountain Lion

2 months after the release of Mountain Lion, Apple (Shawn Gedddis) just released a new (beta) tokend package installer for Mountain Lion (10.8).

From http://smartcardservices.macosforge.org/trac/wiki/installers

« This installs the Tokend modules which no longer ship from Apple as part of Mac OS X beginning with OS X Lion (v10.7). Note that this installer will ONLY install onto OS X Mountain Lion v10.8. The Tokend modules installed are: BELPIC, CAC, CACNG, JPKI and PIV.

New to this release:
JPKI.Tokend - Build 38522 added to the update to support LASCOM in Japan.
cacloginconfig.plist - Default configuration file as optional install for those using Attribute Matching or PKINIT configurations.
SystemCACertificates.keychain - Automatically added to the Keychain Search List if not already present. »

Related post "Mac OS X Mountain Lion and smart card status".

Thursday, August 30, 2012

New version of pcsc-lite: 1.8.6

I just released a new version of pcsc-lite 1.8.6.

Changes:
pcsc-lite-1.8.6: Ludovic Rousseau
30 August 2012
  • Fix a problem when only serial drivers are used (no hotplug/USB driver)
  • increase log buffer size from 160 to 2048. Some "long" log lines where truncated.
  • Fix redirection of stdin, stdout and stderr to /dev/null when pcscd is started as a daemon (default)
  • Some other minor improvements and bug corrections

Tuesday, August 28, 2012

Comments on my blog and bug reports

I sometimes get comments on articles of my blog. I can classify them in 3 different categories:
  • spam
  • comments about the article
  • comments about something else

Spam

Spams are (manually) rejected.
I do not get many spams.

Comments about the article

I like comments about the article. I accept questions about the article or about a specific point. In general I add an answer immediately (if I know the answer).

Comments about something else

Sometimes I have to moderate comments about something not related to the article.
The blogger.com application do not allow me to reject the comment and explain why I rejected the comment to the comment author. So I reject the comment and the comment author has no idea of what happened.

Example

For example I got, for the second time, a comment on the Mac OS X Mountain Lion and smart card status article. The comment is:
" Anyone having issues with reading encrypted messages via a CAC within Mountain Lion and Outlook?

I can sign and encrypt, and people can read them, but I cannot decrypt. It is not the card or reader, it works fine on the PC.

It is very strange because if an encrypted email comes in, I briefly can read it in the window pane, but if I revisit the message or double click to open, I get an error and the message is lost forever. Everything worked fine under Lion, only appeared after ML upgrade. "
This comment is not about the article itself and is not a spam.

Problems with Mountain Lion or any other Apple components shall be reported to Apple using https://bugreport.apple.com/, or maybe the Apple CDSA mailing list in this case.

Since I cannot contact the comment author (Mike) and explain why his comment is misplaced I wrote this blog entry.

Documentation

Just above the comments text array I added a documentation:
Please, do only post comments related to the article above.

For general questions, subscribe to and use the muscle mailing list.

Your comment may be moderated and will not appear until then. No need to repost the same comment.

Maybe the documentation is not visible enough, or not clear enough. Please add your comments :-)

Conclusion

My blog is not a forum.

I do not work at Apple and do not plan to provide Apple support for free.

Thursday, August 9, 2012

libPCSCv2part10

PC/SC v2 part 10 standard "Part 10 IFDs with Secure PIN Entry Capabilities" offers a way to get some information from a smart card driver.

I already blogged about this service in

Using the SCardControl(FEATURE_GET_TLV_PROPERTIES, ...) require some code to parse the result TLV buffer.

Library API

The idea of libPCSCv2part10 is to allow application programmers to use a function as simple as give_me_the_value_of_tag_x().

The library provides two functions:
  • PCSCv2Part10_find_TLV_property_by_tag_from_buffer() "low" level
  • PCSCv2Part10_find_TLV_property_by_tag_from_hcard() "high" level

The difference between the two functions is that PCSCv2Part10_find_TLV_property_by_tag_from_hcard() uses a SCARDHANDLE hCard and PCSCv2Part10_find_TLV_property_by_tag_from_buffer() uses a buffer already retrieved using SCardControl(FEATURE_GET_TLV_PROPERTIES, ...)

The API is documented at libPCSCv2part10.

The project is hosted in the contrib/libPCSCv2part10/ directory of the pcsc-lite project.

Sample code


/*
    sample.c: example of use of libPCSCv2part10 helper functions
    Copyright (C) 2012   Ludovic Rousseau

    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    License as published by the Free Software Foundation; either
    version 2.1 of the License, or (at your option) any later version.

    This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    Lesser General Public License for more details.

    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/

/*
 * $Id: sample.c 6416 2012-08-08 09:49:00Z rousseau $
 */

#include <stdio.h>

#ifdef __APPLE__
#include <PCSC/winscard.h>
#include <PCSC/wintypes.h>
#else
#include <winscard.h>
#endif
#include <reader.h>


#include "PCSCv2part10.h"

/* PCSC error */
#define PCSC_ERROR_EXIT(rv) \
if (rv != SCARD_S_SUCCESS) \
{ \
 printf("Failed at line %d with %s (0x%lX)\n", __LINE__, pcsc_stringify_error(rv), rv); \
 goto end; \
}

int main(void)
{
 LONG rv;
 SCARDCONTEXT hContext;
 SCARDHANDLE hCard;
 int value, ret = -1;
 DWORD dwReaders, dwPref;
 char *mszReaders;

 rv = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);
 PCSC_ERROR_EXIT(rv)

 dwReaders = SCARD_AUTOALLOCATE;
 rv = SCardListReaders(hContext, NULL, (LPSTR)&mszReaders, &dwReaders);
 PCSC_ERROR_EXIT(rv)

 /* use first reader */
 printf("Using reaer: %s\n", mszReaders);

 rv = SCardConnect(hContext, mszReaders,
  SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1,
  &hCard, &dwPref);

 /* the interesting part is here */
 ret = PCSCv2Part10_find_TLV_property_by_tag_from_hcard(hCard,
  PCSCv2_PART10_PROPERTY_wIdVendor, &value);
 printf("ret: %d\n", ret);
 printf("value for PCSCv2_PART10_PROPERTY_wIdVendor: 0x%04X\n", value),

 rv = SCardDisconnect(hCard, SCARD_LEAVE_CARD);
 PCSC_ERROR_EXIT(rv)

 rv = SCardFreeMemory(hContext, mszReaders);
 PCSC_ERROR_EXIT(rv)

 rv = SCardReleaseContext(hContext);
 PCSC_ERROR_EXIT(rv)

end:
 return ret;
}

How to use it

The code is very short. I don't think it is a good idea to make a library with just two functions. My idea is that a project FooBar using the function will just integrate the two files (PCSCv2part10.c and PCSCv2part10.h) into the project FooBar.

License

The license is GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

Conclusion

Feel free to use the code, make comments or improvements.

Saturday, August 4, 2012

New version of pcsc-lite: 1.8.5

I just released a new version of pcsc-lite 1.8.5.

Changes:
pcsc-lite-1.8.5: Ludovic Rousseau
4 August 2012
  • Fix crash when a reader is unplugged while pcscd is in the middle of a PC/SC function
  • SCardBeginTransaction(): fix a bug introduced in version 1.8.4 related to sharing
  • Some other minor improvements and bug corrections

Thursday, August 2, 2012

Mac OS X Mountain Lion and smart card status

The new version of Mac OS X 10.8 called Mountain Lion is now available since July 25th 2012.

Mac OS X Mountain Lion

As I did with the previous major version of OS X Lion I will list changes in Mountain Lion regarding the smart card world.

pcsc-lite

Same as in Lion.

CCID driver

Same as in Lion.
CCID driver version 1.3.11.

Source code

The source code is provided by Apple from the web site Mac OS X 10.8 Source. The two components are available in:
The source code is not yet available in the subversion repository of the SmartCard Services project.

Changes

In Lion 10.7 the versions were 55000 for both SmartCardServices and SmartcardCCID.

So in Mountain Lion the CCID driver has not changed.

The SmartCardServices component (mainly pcsc-lite) has marginally changed. The source code is the same and only build files have been updated:
$ diff -ru SmartCardServices-55000 SmartCardServices-55105|diffstat 
 Info-PCSC.plist                             |    2 
 Makefile-exec.installPhase                  |only
 Makefile.installPhase                       |    3 
 SmartCardServices.xcodeproj/project.pbxproj |  939 +++++-----------------------
 config                                      |only
 5 files changed, 194 insertions(+), 750 deletions(-)

Conclusion

Apple has not updated the smart card components in Mountain Lion. No bug or limitation has been fixed. And no new bug have been introduced.

The CCID driver provided (version 1.3.11) has been released on July 2009, 3 years ago. Since this version 97 readers have been added (72% more).

Tuesday, June 26, 2012

New version of pcsc-lite: 1.8.4

I just released a new version of pcsc-lite 1.8.4.

Changes:
pcsc-lite-1.8.4: Ludovic Rousseau
26 June 2012
  • Add [ and ] in the list of accepted characters for a reader name
  • truncates the reader name if it is too long instead of rejecting the
    reader
  • The restriction to have to call SCardEstablishContext() in each thread
    has been removed. Threads could now share a PC/SC context.
  • Fix compiler failure for static driver
  • Update IFDHandler API Doxygen regarding the "libusb-1.0" naming scheme
  • Some other minor improvements and bug corrections

Friday, June 22, 2012

New version of libccid: 1.4.7

I just released a version 1.4.7 of libccid.

1.4.7 - 22 June 2012, Ludovic Rousseau
  • Add support of
    • ACS ACR101 ICC Reader
    • ACS CryptoMate64
    • Alcor Micro AU9522
    • Bit4id CKey4
    • Bit4id cryptokey
    • Bit4id iAM
    • Bit4id miniLector
    • Bit4id miniLector-s
    • CCB eSafeLD
    • Gemalto Ezio Shield Branch
    • KOBIL Systems IDToken
    • NXP PR533
  • KOBIL Systems IDToken special cases:
    • Give more time (3 seconds instead of 2) to the reader to answer
    • Hack for the Kobil IDToken and Geman eID card. The German eID card is bogus and need to be powered off before a power on
    • Add Reader-Info-Commands special APDU/command
      • Manufacturer command
      • Product name command
      • Firmware version command
      • Driver version command
  • Use auto suspend for CCID devices only (Closes Alioth bug [#313445] "Do not activate USB suspend for composite devices: keyboard")
  • Fix some error management in the T=1 TPDU state machine
  • some minor bugs removed
  • some minor improvements added

Wednesday, June 20, 2012

More EMV tools

I discovered 2 other tools for interacting with EMV smart cards

javaemvreader

It is an application written in Java. The project is hosted at http://code.google.com/p/javaemvreader/ and using the Apache License 2.0 licence.

I have not yet tried to use the software. According to the web site the application is able to perform:
EMV function nameCommand
Initialize card SELECT FILE "1PAY.SYS.DDF01"
READ RECORD (to read all records in the specified SFI)
Application Selection SELECT
Initiate Application Processing GET PROCESSING OPTIONS
Read Application Data READ RECORD (all records listed in the AFL)
(Read other application data) GET DATA (ATC, Last online ATC, PIN Try Counter, Log Format)
Dynamic Data Authentication INTERNAL AUTHENTICATE
Offline verification VERIFY (only plaintext PIN verification is supported)
Read Transaction Log GET DATA/READ RECORD
N/A READ RECORD (brute force all valid SFI values and record numbers)

The application uses the javax.smartcardio API to talk to PC/SC.


emvlab.org

It is not an application but different web services to parse EMV data.

EMV tag search Look up EMV tags in this handy database. Search by keyword e.g. for all tags that contain the word "currency" or "cryptogram" in the description, or look up a hex tag e.g "9F20".
TLV decoder Decode EMV TLV (Tag, Length Value) byte strings into their constituent tags and sub-tags. Useful for analysing APDU traces, responses and so on.
CAP calculator Generate CAP codes using an emulated banking card and CAP calculator, to test against real gadgets or for testing authentication servers.
Cryptogram calculator Generate and verify EMV ARQC, ARPC and TC cryptograms, calculated using the vital parameters of the card, UDKs, ATC etc.
DES calculator Encrypt and decrypt hex strings using DES and 3DES, using the basic modes of operation, ECB, CBC.
ASN1 decoder Decode a binary file into an ASN1 dump using an online interface to Peter Gutmann's dumpasn1 tool
PIN translation tools Encrypt, decrypt and translate ISO PINblocks between different encryption keys. PINs, PANs, padding... all sorts of fun!
Keyshare generation tools Automatically generate test keys of various lengths, and split into components. KCVs are automatically provided for each component and the whole key.
Truecolour hex dump tool This hex dump tool will create a multicoloured, annotated hex dump of the provided file, making it easy to spot strings, markers, and high and low entropy areas of the file. Very useful for when you don't have your favourite hex dump tool to hand.
Character set encoding conversionConvert strings of text and hex between ASCII, ECBDIC and hex representations. Suprising how often you need one of these!
ePassport MRZ calculator Generate passport Machine Readable Zones (MRZs) from biographical details including name, date of birth, and passport numbers, expiry dates etc. Randomly created identities can also be used.
Contact us Let us know what you think of the site, and if you have any problem reports or suggestions.

I have not yet tried this service.

Saturday, June 16, 2012

new version of pcsc-tools: 1.4.20

I just released a (two in fact) new version of pcsc-tools. The major change is the move of the personal litst of ATR used by ATR_analysis from ~ to ~/.cache/.

If you do not know what pcsc-tools is, it contains 4 tools:
  • pcsc_scan(1) regularly scans every PC/SC reader connected to the host if a card is inserted or removed a "line" is printed.
  • ATR_analysis(1) is a Perl script used to parse the smart card ATR. This script is called (by default) by pcsc_scan.
  • scriptor(1) is a Perl script to send commands to a smart card using a batch file or stdin.
  • gscriptor(1) the same idea as scriptor.pl(1) but with a Perl-Gtk2 GUI.

An equivalent of ATR_analysis is available online http://smartcard-atr.appspot.com/

Changes:
1.4.20 - 16 June 2012, Ludovic ROUSSEAU
  • Makefile: Add arguments to CFLAGS instead of overwritting them
  • 3 new ATRs

1.4.19 - 13 June 2012, Ludovic ROUSSEAU
  • ATR_analysis: use XDG_CACHE_HOME env variable
    The smartcard_list.txt file is now searched in ~/.cache/ by default
  • 115 new ATRs

Friday, June 15, 2012

Debian multi-arch and pcsc-lite

64-bits Intel and AMD CPUs are able to run 32 and 64 bits programs at the same time. Different OS uses different strategies to use this feature.

Apple Mac OS X

Mac OS X uses what they call a Universal Binary. This format has been designed during the transition from 680x0 to PowerPC two decades ago. The idea is to have the code for both 680x0 and PowerPC in the same executable file. So a user do not have to select any thing. The system will use the correct version transparently.

This Universal Binary concept has also been used for the PowerPC to Intel migration and now for the support of 32 and 64 bits Intel CPU.

The idea is very nice and easy to use. It works for both libraries and binaries. You can use the file command line tool to check what is inside a binary.

$ file /bin/ls
/bin/ls: Mach-O universal binary with 2 architectures
/bin/ls (for architecture x86_64): Mach-O 64-bit executable x86_64
/bin/ls (for architecture i386): Mach-O executable i386
The ls command is available in both 32 and 64-bits.

$ cd /System/Library/Frameworks/PCSC.framework
$ file PCSC 
PCSC: Mach-O universal binary with 2 architectures
PCSC (for architecture x86_64): Mach-O 64-bit dynamically linked shared library x86_64
PCSC (for architecture i386): Mach-O dynamically linked shared library i386
The PCSC framework is available for both 32-bits applications (i386) and 64-bits applications (x86_64).

Microsoft Windows

Microsoft has a System32 directory to store system files. The surprise is that on a 64-bits machine the System32 is used to store 64-bits system files and the 32-bits system files are stored in a SysWow64 directory. I am not a Windows expert (or even user). I got the information from friends and it is confirmed here.

It was too simple for Microsoft to use System32 for 32-bits files and System64 for 64-bits files. Never underestimate Microsoft on its ability to find a complex solution to a given problem.

Another example of Microsoft complexity is the use of UTF-16 instead of UTF-8 for Unicode strings and then the duplication every API with A and W variants like SCardListReadersA() and SCardListReadersW().

RedHat

RedHat, and other GNU/Linux distributions, use /usr/lib32/ to store 32-bits libraries and /usr/lib64/ to store 64-bits libraries. This scheme is know as multi lib or biarch.

This scheme is simple (more logical than the one from Microsoft :-) but it is also limited. For example it is limited to one specific architecture: Intel/AMD.

Debian

Debian is working on the problem since 2004 (see History in Debian multi arch support). The solution is to avoid a limitation to only 2 architectures and generalize the solution to any CPU architecture.

The libraries are then stored in /usr/lib/<triplet>/. The <triplet> being something like i386-linux-gnu or x86_64-linux-gnu or mipsel-linux-gnu.

pcsc-lite

Since version 1.8.3-1 of the Debian pcsc-lite package the multiarch system is supported.

The package libpcsclite1_1.8.3-3_i386.deb provides the files:
/usr/lib/i386-linux-gnu/libpcsclite.so.1
/usr/lib/i386-linux-gnu/libpcsclite.so.1.0.0
/usr/share/doc/libpcsclite1/changelog.Debian.gz
/usr/share/doc/libpcsclite1/changelog.gz
/usr/share/doc/libpcsclite1/copyright


The package libpcsclite1_1.8.3-3_amd64.deb provides the files:
/usr/lib/x86_64-linux-gnu/libpcsclite.so.1
/usr/lib/x86_64-linux-gnu/libpcsclite.so.1.0.0
/usr/share/doc/libpcsclite1/changelog.Debian.gz
/usr/share/doc/libpcsclite1/changelog.gz
/usr/share/doc/libpcsclite1/copyright


And it is possible to install the two packages at the same time (after configuring the system for multiarch).

pcscd

One complexity is that pcsc-lite has a client/server architecture. The client is libpcsclite.so.1 and the server is pcscd.

Since at least four years we have:
pcsc-lite-1.4.99: Ludovic Rousseau
9 January 2008
- add support of mix 32/64 bits platforms.  Thanks to Jacob Berkman for
  the big patch

So a 32-bit library can talk to a 64-bit pcscd. That is nice since, even with multi-arch, it is not possible to install two pcscd (for i386 and x86_64) at the same time. You only need to install one pcscd and one (or more) libpcsclite.so.1.

Example

I have a amd64 Debian system.

I have installed the Debian package pcsc-tools to have the pcsc_scan command.

$ file /usr/bin/pcsc_scan
/usr/bin/pcsc_scan: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0x50bda59b9b9a86b312e59fd3022cd4da87b87265, stripped
The file is a 64-bits binary.

$ ldd /usr/bin/pcsc_scan 
 linux-vdso.so.1 =>  (0x00007fff7c75f000)
 libpcsclite.so.1 => /usr/lib/x86_64-linux-gnu/libpcsclite.so.1 (0x00007f022ca9d000)
 libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f022c716000)
 librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f022c50d000)
 libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f022c2f1000)
 /lib64/ld-linux-x86-64.so.2 (0x00007f022ccb1000)
And it is linked with the 64-bits library at /usr/lib/x86_64-linux-gnu/libpcsclite.so.1.

And the execution works:
$ pcsc_scan 
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau 
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...^C

I also fetched the i386 version of the pcsc-tools package. I can not install it since it will conflict with the amd64 version of the package (same filename /usr/bin/pcsc_scan but different content). So I unpack the Debian package in a temporary directory.

$ mkdir foobar
$ cd foobar
$ dpkg -x ../pcsc-tools_1.4.18-1_i386.deb .
$ file usr/bin/pcsc_scan 
usr/bin/pcsc_scan: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0xcbf386965c3541f0557c913c5aead05512d4b75c, stripped

The binary is a 32-bit executable.

$ usr/bin/pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau 
Compiled with PC/SC lite version: 1.8.1
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...^C

And the execution also works. The 32-bit binary is talking to the 64-bit pcscd server.

Conclusion

With multiarch it will/should be easy to install and execute on the same system programs for different architectures.

Maybe the new Linux x86 architecture (taking best parts from the i386 and x86_64 worlds) will also be available as a new in architecture in the multiarch word.

Thursday, June 14, 2012

libusb-1.0.9 released and libusbx

libusb

libusb-1.0.9 has now been released on 2012-04-20, 2 years after version 1.0.8.

This can now end my blog serie about libusb:

libusbx

The other good news is that this libusb-1.0.9 release is linked to the released of a fork of libusb called libusbx.

libusbx is the source code of libusb but with active maintainers. libusbx has already made 4 releases in 3 months (1.0.9, 1.0.10, 1.0.11 and 1.0.12).

Many Linux distributions have already switched to libusbx or are planning to do so.

Future

The way to go is to use libusbx.

Friday, April 6, 2012

New version of libccid: 1.4.6

I just released a new version of libccid.

1.4.6 - 6 April 2012, Ludovic Rousseau
  • Add support of
    • Avtor SC Reader 371
    • Avtor SecureToken
    • DIGIPASS KEY 202
    • Fujitsu SmartCase KB SCR eSIG
    • Giesecke & Devrient StarSign CUT
    • Inside Secure VaultIC 460 Smart Object
    • Macally NFC CCID eNetPad reader
    • OmniKey 6321 USB
    • SCM SDI 011
    • Teridian TSC12xxF
    • Vasco DIGIPASS KEY 101
  • Remove support of readers without a USB CCID descriptor file
    • 0x08E6:0x34C1:Gemalto Ezio Shield Secure Channel
    • 0x08E6:0x34C4:Gemalto Ezio Generic
    • 0x04E6:0x511A:SCM SCR 3310 NTTCom
    • 0x0783:0x0008:C3PO LTC32 USBv2 with keyboard support
    • 0x0783:0x9002:C3PO TLTC2USB
    • 0x047B:0x020B:Silitek SK-3105
  • Disable SPE for HP USB CCID Smartcard Keyboard. The reader is bogus and unsafe.
  • Convert "&" in a reader name into "&" to fix a problem on Mac OS X
  • Fix a problem with ICCD type A devices. We now wait for device ready
  • Secure PIN Verify and PIN Modify: set the minimum timeout to 90 seconds
  • Add support of wIdVendor and wIdProduct properties
  • Add support of dwMaxAPDUDataSize
  • Add support of Gemalto firmware features
  • some minor bugs removed

You can download it here.

Thursday, April 5, 2012

Extended APDU support reported by PC/SC (part 2)

In a previous article "Extended APDU support reported by PC/SC" I described a proposal for the PC/SC workgroup to report to the application if a couple reader/driver do support extended APDU or not.

History

The proposal was accepted at the November 2011 meeting.

This feature is implemented in the CCID reader revision 6258 and will be available in the next CCID driver release.

Usage

One of the planed user of this feature is OpenSC. I, sometimes, get bug reports because the OpenSC card driver is sending an extended APDU to a reader that do not support it.

The idea is to use PCSCv2_PART10_PROPERTY_dwMaxAPDUDataSize in OpenSC and display a clear message to the user.

Conclusion

PCSCv2_PART10_PROPERTY_dwMaxAPDUDataSize is now available for you. Use it if/when you need this feature.

Monday, April 2, 2012

Identifying a reader model (part 2)

In a previous article "Identifying a reader model" I described a proposal for the PC/SC workgroup to uniquely identify a (USB) reader.

History

The proposal was accepted at the November 2011 meeting.

I added the needed #define in pcsc-lite version 1.8.3 I just released 2 days ago. The support is also added in my CCID driver and a release is expected soon.

You can find sample code using the new feature in PCSC/UnitaryTests/ directory with FEATURE_CCID_ESC_COMMAND_Xiring.py.

Source code

The code is:

#! /usr/bin/env python

"""
#   FEATURE_CCID_ESC_COMMAND_Xiring.py: Unitary test for
#   FEATURE_CCID_ESC_COMMAND
#   Copyright (C) 2012  Ludovic Rousseau

"""

#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License along
#   with this program; if not, see <http://www.gnu.org/licenses/>.

# You have to enable the use of Escape commands with the
# DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED bit in the ifdDriverOptions
# option of the CCID driver Info.plist file

from smartcard.System import readers
from smartcard.pcsc.PCSCPart10 import (getFeatureRequest, hasFeature,
    getTlvProperties, FEATURE_CCID_ESC_COMMAND, SCARD_SHARE_DIRECT)

# use the first reader
card_connection = readers()[0].createConnection()
card_connection.connect(mode=SCARD_SHARE_DIRECT)

# get CCID Escape control code
feature_list = getFeatureRequest(card_connection)

ccid_esc_command = hasFeature(feature_list, FEATURE_CCID_ESC_COMMAND)
if ccid_esc_command is None:
    raise Exception("The reader does not support FEATURE_CCID_ESC_COMMAND")

# get the TLV PROPERTIES
tlv = getTlvProperties(card_connection)

# check we are using a Xiring Leo v1 or v2 reader
if tlv['PCSCv2_PART10_PROPERTY_wIdVendor'] == 0x0F14 \
    and (tlv['PCSCv2_PART10_PROPERTY_wIdProduct'] in [0x0037, 0x0038]):

    # proprietary escape command for Xiring Leo readers
    version = [ord(c) for c in "VERSION"]
    res = card_connection.control(ccid_esc_command, version)
    print res
    print "VERSION:", ''.join([chr(x) for x in res])

    serial = [ord(c) for c in "GET_SN"]
    res = card_connection.control(ccid_esc_command, serial)
    print res
    print "GET_SN:", ''.join([chr(x) for x in res])
else:
    print "Xiring Leo reader not found"

Comments

Compared to the example in example in "Identifying a reader model" the name are PCSCv2_PART10_PROPERTY_wIdVendor and PCSCv2_PART10_PROPERTY_wIdProduct instead of PCSCv2_PART10_PROPERTY_idVendor and PCSCv2_PART10_PROPERTY_idProduct. A "w" has been added to suggest a (windows) word type (16 bits).

The names have also been added in pyscard (the PC/SC Python wrapper) in revision 590. But I have no idea of when a new stable version of pyscard will be released.

Conclusion

It is now/soon possible to identify a reader model before sending a, possibly, dangerous command if sent to another reader.

Since the Escape commands are dangerous by default, they are disabled in the CCID driver. You will need to edit the Info.plist file and change the value of ifdDriverOptions to add the DRIVER_OPTION_CCID_EXCHANGE_AUTHORIZED bit.

Friday, March 30, 2012

New version of pcsc-lite: 1.8.3

I just released a new version of pcsc-lite 1.8.3. No big changes.

pcsc-lite-1.8.3: Ludovic Rousseau
30 March 2012
  • ignore directories and hidden (.*) files when parsing a configuration directory (like /etc/reader.conf.d/)
  • add Mac OS X for PC/SC spy tool
  • fix a bug in PC/SC spy tool when loading of the real library fails
  • add PCSCv2_PART10_PROPERTY_dwMaxAPDUDataSize, PCSCv2_PART10_PROPERTY_wIdVendor and PCSCv2_PART10_PROPERTY_wIdProduct from PC/SC v2 part 10 release 2.02.09 (not yet published)
  • Some other minor improvements and bug corrections

Monday, January 30, 2012

10 years as a Debian Developer

In September 2001 I became a Debian Developer. I do not remember the exact date.

October 2001

Of course my first Debian package upload was related to smart card. It is the first upload of the ifd-gempc package:

ifd-gempc (0.5.4-1) unstable; urgency=low
   * Initial Release.
   * close ITP (Closes: #117441)
   * add debconf scripts for gempc410
 -- Ludovic Rousseau <rousseau@debian.org>  Tue, 30 Oct 2001 00:16:54 +0100

June 2002

Not too much later (June 2002) I became the Debian maintainer for pcsc-lite:

pcsc-lite (1.1.1-1) unstable; urgency=low
   * New upstream release (Closes: #150994)
   * New maintainer. Thanks Carlos for your job
   * Use init.d level 50 to start _after_ usbmgr with level 45.
     see the note in /usr/share/doc/pcscd/README.Debian (Closes: #146151)
   * update pcscd(1) manpage
 -- Ludovic Rousseau <rousseau@debian.org>  Sun, 30 Jun 2002 14:52:27 +0200

Now

Since then I maintain some more smart card related Debian packages, also available in Ubuntu and other Debian derivatives.

I try to maintain a list of smart card related packages inside Debian.

Maybe I will still maintain smart card packages in 10 years :-)

Wednesday, January 18, 2012

New version of pcsc-lite: 1.8.2


I just released a new version of pcsc-lite 1.8.2. No big changes except for pcsc-spy I talked about in a previous article "PCSC API spy, third try".

Changelog:
pcsc-lite-1.8.2: Ludovic Rousseau
18 January 2012
  • rename pcsc-spy.py to pcsc-spy and install it as a normal binary (in /usr/local/bin by default)
  • write a pcsc-spy.1 manpage
  • fix a bug with a multi-slot reader
  • Info.plist parser: avoid a buffer read overflow in &amp; management
  • Some Doxygen improvements

Friday, January 6, 2012

OpenSC mailing list statistics for 2011

After the MUSCLE mailing list statistics for 2011 I also did the operation for two OpenSC mailing lists. The opensc-users list has been merged in the opensc-devel mailing list in August 2011. So the statistics presented here represent the sum of both lists.

Comments

Top poster

I am also the top poster on the OpenSC mailing list. I am surprised by this result. Maybe because many questions are related to PCSC?

Number of messages

This list has 3.2 times more messages than the MUSCLE mailing list. I can propose different explanations for that:

  • the MUSCLE project is more mature than OpenSC
  • bugs/issues are reported on the OpenSC mailing list because that is what users use even if the problem is in PCSC or libccid
  • pcsc-lite and libccid are easy to use. No configuration is needed (no more serial port to select) and the same driver (libccid) now can be used by any modern USB reader (no more a specific driver per reader)
  • PKCS#11 use is developing because citizen cards are deployed in "many" countries
  • Problems are more complex to track in OpenSC so more emails are needed to solve them
  • many other reasons

1 person, 2 emails

Some people (like Viktor Tarasov) use 2 different email on the list. So his rank is not correct. I don't think that is a real problem.

Cross posts

From the top 30 threads, 7 threads are cross posted to the MUSCLE list. From the MUSCLE statistics only 1 of the 30 top threads is a cross post.
I don't know how to interpret this result.



Statistics from 1.1.2011 to 31.12.2011
for OpenSC lists


People who have written most messages:

 Author  Msg  Percent 
1ludovic.rousseau@gmail.com43513.53 %
2martin@martinpaljak.net43113.41 %
3jmpoure@gooze.eu2648.21 %
4deengert@anl.gov2036.32 %
5viktor.tarasov@opentrust.com1504.67 %
6viktor.tarasov@gmail.com922.86 %
7andre.zepezauer@student.uni-halle.de822.55 %
8ndk.clanbo@gmail.com772.40 %
9alon.barlev@gmail.com732.27 %
10peter@stuge.se652.02 %
11morgner@informatik.hu-berlin.de461.43 %
12aj@dungeon.inka.de451.40 %
13anders.rundgren@telia.com381.18 %
14jonsito@terra.es341.06 %
15development@aventra.fi341.06 %
16stefw@collabora.co.uk270.84 %
17helpcrypto@gmail.com260.81 %
18Johannes.Becker@hrz.uni-giessen.de220.68 %
19mr.dash.four@googlemail.com210.65 %
20JONSITO@terra.es210.65 %
21squalyl@gmail.com200.62 %
22aquamaniac@gmx.de200.62 %
23B.Thomas@astronautics.com200.62 %
24kalev@smartlink.ee190.59 %
25peter@adpm.de190.59 %
26ruckuus@gmail.com180.56 %
27wrosenauer@gmail.com180.56 %
28William.HOURY@atosorigin.com180.56 %
29kalevlember@gmail.com170.53 %
30mstjohns@comcast.net160.50 %
other84326.23 %

Best authors, by total size of their messages (w/o quoting):

 Author  KBytes 
1alon.barlev@gmail.com1538.0
2jmpoure@gooze.eu615.8
3martin@martinpaljak.net560.2
4deengert@anl.gov436.3
5William.HOURY@atosorigin.com398.0
6ludovic.rousseau@gmail.com338.1
7viktor.tarasov@opentrust.com273.2
8hardik.shah@jetmobile.com261.2
9development@aventra.fi249.7
10viktor.tarasov@gmail.com160.2
11andre.zepezauer@student.uni-halle.de157.1
12peter@adpm.de143.0
13jonsito@terra.es136.4
14lk@tms.pl129.8
15ndk.clanbo@gmail.com115.5
16morgner@informatik.hu-berlin.de112.2
17lyall.pearce@hp.com109.7
18business@reebs.org103.7
19kgo@grant-olson.net97.8
20B.Thomas@astronautics.com97.0
21fmb@inf.ufsc.br96.7
22kalev@smartlink.ee85.7
23marc_m@gmx.at83.4
24lyall.pearce@gmail.com83.1
25helpcrypto@gmail.com78.9
26ruckuus@gmail.com78.8
27JONSITO@terra.es78.2
28Alexei.Soloview@intech.natm.ru76.6
29stefw@collabora.co.uk71.9
30mhayk@m2smart.com.br69.4

Best authors, by average size of their message (w/o quoting):

 Author  bytes 
1mgfranco@gmail.com33252
2hardik.shah@jetmobile.com29719
3lyall.pearce@hp.com28091
4felixcodeboy@gmail.com26476
5William.HOURY@atosorigin.com22642
6thorsten.engel@matrix-computer.com21641
7alon.barlev@gmail.com21574
8lyall.pearce@gmail.com21277
9wiking@maeth.com20496
10lk@tms.pl18989
11SERGE.GADIOUX@atosorigin.com18307
12Jonatan =?ISO-8859-1?Q?=C5kerlind?=15755
13marc_m@gmx.at14239
14dom_fischer@web.de13490
15joel.hockey@gmail.com11705
16mescheryakov@rutoken.ru11521
17bendrich@dfn-cert.de11001
18kiefer@flexsecure.de10379
19rolf.wald@lug-balista.de10293
20rrelyea@redhat.com10203
21fgoulart@fmagj.com.br9974
22gblanc@linagora.com9662
23business@reebs.org9654
24mariano.benedettini@qmas.com8632
25benallemand@gmail.com8553
26detlef.graef@yahoo.de8402
27mike@sentex.net8240
28marte@compunet.it8219
29iuridiniz@gmail.com8151
30brenojac@gmail.com7984

Table showing the most successful subjects:

 Subject  Msg  Percent 
1[opensc-devel] sc_ctx_detect_readers patch491.52 %
2[Muscle] Access to multiple contactless cards using PCSC-Lite361.12 %
3[opensc-devel] How to make proper use of sc_card_cache341.06 %
4[opensc-user] Newbie help310.96 %
5[Muscle] PCSC Daemon cannot access Cyberjack reader300.93 %
6[Muscle] PC/SC workgroup, November 2011 meeting300.93 %
7[opensc-devel] Multiple certs on a MyEID card?300.93 %
8[opensc-devel] First Smartcard logon issue on XP SP3 with300.93 %
9[opensc-user] /usr/bin/pkcs15-tool -c failed ..290.90 %
10[opensc-devel] Cardmod: classic form for the container's ID290.90 %
11[opensc-devel] Moving master forward280.87 %
12[opensc-devel] Problem with CardMan4040 and OpenSC270.84 %
13[Muscle] GlobalPlatform Library & GPShell documentation now online260.81 %
14[Muscle] PCSCD got segmentation fault on ARM v5 with uClibc260.81 %
15[opensc-devel] Consistence between the OpenSC and proprietary250.78 %
16[opensc-devel] Feitian PKI speed240.75 %
17[opensc-devel] Status of PINPAD support in OpenSC / libccid240.75 %
18[opensc-devel] Proposed cardmod patch230.72 %
19[opensc-devel] OpenSC shared mode230.72 %
20[opensc-devel] usb p11 token220.68 %
21[opensc-devel] --insecure ?210.65 %
22[opensc-devel] Status installing and using opensc + minidriver210.65 %
23[opensc-devel] Java and pkcs11210.65 %
24[Muscle] Woxter SmartCard reader200.62 %
25[opensc-user] Is ePass2000-FT12 supported?200.62 %
26[opensc-devel] Gnome smartcard manager200.62 %
27[opensc-devel] pkcs15-tool --list-public-keys200.62 %
28[opensc-devel] Static link for opensc-pkcs11.dll190.59 %
29[opensc-devel] Problems with opensc+openvpn builds from Alon190.59 %
30[Muscle] Speed detection patch when reader has no baud rates180.56 %
other243975.89 %

Most used email clients:

 Mailer  Msg  Percent 
1(unknown)124038.58 %
2Mozilla/5.x89027.69 %
3KMail1524.73 %
4Apple Mail (2.1082)1394.32 %
5Apple Mail (2.1084)1263.92 %
6Evolution 2.32.3 882.74 %
7Evolution 2.30.3 812.52 %
8Evolution 2.22.3.1802.49 %
9Evolution 2.32.2 742.30 %
10Microsoft Office Outlook 12.0521.62 %
11Evolution 2.32.2 (2.32.2-1.fc14) 240.75 %
12Apple Mail (2.1244.3)200.62 %
13QUALCOMM Windows Eudora160.50 %
14Lotus Notes Release 8.0150.47 %
15Evolution 3.0.2- 140.44 %
16Evolution 3.0.3-2 130.40 %
17RoundCube Webmail/0.4110.34 %
18Apple Mail (2.936)100.31 %
19Evolution 2.30.3 (2.30.3-1.fc13) 100.31 %
20Mutt100.31 %
21Apple Mail (2.1078)90.28 %
22git-send-email 1.7.5.480.25 %
23Lotus Notes Release 8.570.22 %
24Mew version 6.3.50 on Emacs 23.3 / Mule 6.0 (HANACHIRUSATO)60.19 %
25Zarafa 6.40.5-2486060.19 %
26Alpine 2.00 (DEB 1167 2008-08-23)50.16 %
27git-send-email 1.7.3.450.16 %
28Evolution 3.0.3-3 50.16 %
29YahooMailWebService/0.8.113.31361940.12 %
30Thunderbird 2.0.0.24 (Windows/20100228)40.12 %
other902.80 %

Table of maximal quoting:

 Author  Percent 
1karlssoj@arcada.fi98.17 %
2menezes.gabryella@gmail.com90.35 %
3jesus.guerrero.botella@gmail.com81.57 %
4janjust@nikhef.nl79.62 %
5extramrdo@gmail.com75.88 %
6fabeisageek@googlemail.com73.39 %
7david.mattes@boeing.com73.17 %
8s.ferey@wanadoo.fr72.48 %
9andreas.schwier.ml@cardcontact.de72.35 %
10sebastien@lorquet.fr71.47 %
11lionel@mamane.lu68.69 %
12michaelbender@me.com64.76 %
13fundu_1999@yahoo.com63.71 %
14richter@ecos.de62.73 %
15etthom0@gmail.com62.19 %
16edward.middleton@vortorus.net59.70 %
17andreas.schwier@cardcontact.de58.79 %
18resoli@libero.it55.63 %
19peter.ordonez@gmail.com55.37 %
20widerstand@t-online.de54.61 %
21francois.leblanc@cev-sa.com54.28 %
22bjoernk2@googlemail.com53.67 %
23nmav@gnutls.org52.51 %
24opensc@secure-edge.com50.88 %
25weitao@ftsafe.com50.48 %
26tomasg@primekey.se50.10 %
27ffred69@gmail.com50.08 %
28vladimir.davydov@promwad.com49.51 %
29weizhongqiang@gmail.com49.37 %
30Jean-Pierre.Szikora@uclouvain.be48.86 %
average21.77 %

Graph showing number of messages written during hours of day:

msgs64
|
24
|
18
|
15
|
10
|
7
|
12
|
39
|
110
|
241
|
275
|
258
|
186
|
249
|
233
|
258
|
236
|
173
|
171
|
141
|
118
|
118
|
148
|
110
|
hour 01234567891011121314151617181920212223

Graph showing number of messages written during days of month:

msgs72
|
50
|
112
|
126
|
114
|
101
|
108
|
177
|
122
|
120
|
108
|
115
|
122
|
127
|
74
|
98
|
74
|
98
|
94
|
102
|
107
|
106
|
74
|
72
|
165
|
147
|
89
|
110
|
92
|
72
|
66
|
day 12345678910111213141516171819202122232425262728293031

Graph showing number of messages written during days of week:

msgs431
|
568
|
521
|
572
|
626
|
260
|
236
|

MonTueWedThuFriSatSun


Maximal quoting:

Author : alon.barlev@gmail.com
Subject : [opensc-devel] Problems with opensc+openvpn builds from Alon
Date : Wed, 28 Sep 2011 15:40:00 +0300
Quote ratio: 98.91% / 22784 bytes

Longest message:

Author : alon.barlev@gmail.com
Subject : [opensc-devel] Problems with opensc+openvpn builds from Alon
Date : Fri, 30 Sep 2011 18:45:31 +0300
Size : 1402547 bytes

Most successful subject:

Subject : [opensc-devel] sc_ctx_detect_readers patch
No. of msgs: 49
Total size : 191734 bytes

Final summary:

Total number of messages: 3214
Total number of different authors: 241
Total number of different subjects: 687
Total size of messages (w/o headers): 12199358 bytes
Average size of a message: 3795 bytes


Input file last updated: Fri Jan 6 14:45:58 2012Generated by MailListStat v1.3