Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Friday, March 27, 2015

Gemalto smart card readers

Now that Gemalto bought SafeNet it has become a big company with a lot of different brands.

Some of the brands in the Gemalto group are used by CCID readers listed in the big matrix. I will only talk about CCID compliant readers. So readers produced before the CCID specification was available (around 2001) are not listed here.

Short history of Gemalto fusions and acquisitions

  • 1926: creation of Schlumberger
  • 1988: creation of Gemplus
  • 2001: Schlumberger buys Sema Group plc and becomes SchlumbergerSema
  • 2004: Axalto is a spin-off of SchlumbergerSema
  • 2006: Axalto and Gemalto merge to become Gemalto
  • 2009: Gemalto buys XIRING’s banking activity
  • 2010: SafeNet buys Aladdin
  • 2010: Gemalto buys Todos AB in Sweden
  • 2015: Gemalto buys SafeNet
I only list the fusions and acquisitions related to smart card reader manufacturers.

VendorID

VendorVendorID# of readers
Total31
Aladdin0x05291
Axalto?1
Gemalto0x08E617
Gemplus0x08E68
SafeNet?1
SchlumbergerSema0x09731
Todos0x0B0C2
Xiring0x0F140

Each USB device is identified by a VendorID.
It looks like Axalto and SafeNet do not have their own VendorID.

Xiring

All the Xiring readers I have in my list are now sold by ingenico Healthcare e-ID (ex Xiring healthcare).
They are available at ingenico technical support page.

So Gemalto bought XIRING’s banking activity but it looks like this division of Xiring had no CCID reader.

Reader list


Aladdin


  1. eToken PRO USB 72K Java (Aladdin_eToken_PRO_USB_72K_Java.txt)


Axalto


  1. Reflex USB v3 (AxaltoV3.txt)


Note that the VendorID used by this reader is 0x04E6 and is the VendorID used by SCM (now Identive) for its readers. I guess the reader is a SCM one rebranded as Axalto.

Gemalto


  1. SA .NET Dual (Gemalto_SA_dotNet_Dual.txt)

  2. Ezio Shield Branch Reader (Gemalto_Ezio_Branch.txt)
  3. Ezio Shield (Gemalto_Ezio_Shield_PinPad.txt)

  4. Ezio Shield (Gemalto_Ezio_Shield.txt)

  5. EZIO CB+ (Gemalto_Ezio_CB+.txt)

  6. ING Shield Pro SC (Gemalto_Ezio_Shield_Secure_Channel.txt)

  7. Ezio Shield Pro SC (Gemalto_Ezio_Shield_Pro_SC.txt)

  8. IDBridge CT30 (Gemalto_IDBridge_CT30.txt)

  9. PDT (Gemalto_PDT.txt)
  10. Hybrid Smartcard Reader (Gemalto_HybridSmartcardReader.txt)
  11. IDBridge K30 (Gemalto_IDBridge_K30.txt)

  12. Smart Enterprise Guardian Secure USB Device (GemaltoSmartEnterpriseGuardian.txt)

  13. USB GemPCPinpad SmartCard Reader (GemPCPinpadv2.txt)

  14. IDBridge K3000 (Gemalto_IDBridge_K3000.txt)

  15. Smart Enterprise Guardian Secure USB Device (Gemalto_SG.txt)

  16. Prox Dual USB PC Link Reader (GemProxDU.txt)

  17. Prox SU USB PC LinkReader (GemProxSU.txt)


Gemplus


  1. Gemplus USB SmartCard Reader 433-Swap (GemPC433_SL.txt)

  2. USB GemPCPinpad SmartCard Reader (GemPCPinpad.txt)

  3. GemCore SIM Pro Smart Card Reader (GemCoreSIMPro.txt)

  4. GemCore POS Pro Smart Card Reader (GemCorePOSPro.txt)
  5. USB Shell Token V2 (GemPCKey.txt)

  6. PC Twin Reader (GemPCTwin.txt)

  7. GemPC Express (GemPC_Express.txt)

  8. Gem e-Seal Pro USB Token (Gem_e-SealPro.txt)

SafeNet


  1. SmartMX Sample (Philips_SmartMX.txt)


Similar remark as for Axalto. Here the iManufacturer is: Philips Semiconductors. The vendorID is 0x04B9 which should be Rainbow Technologies.

SchlumbergerSema


  1. SchlumbergerSema Cyberflex Access (e-gate.txt)

Todos


  1. CX00 (Todos_Cx00.txt)

  2. Argos Mini II (Todos_AGM2_CCID.txt)


Conclusion

After so much fusion and acquisitions in the smart card industry it may be difficult to know where to get manufacturer support for a given reader.

Gemalto provides a drivers support page where you can find most of the "Gemalto" readers.

Tuesday, March 24, 2015

Change syslog logging level on Yosemite

In "Debug a smart card application on Yosemite" we have seen how Apple provides a way to get the ATR and exchanged APDU from the com.apple.ifdreader process (new on Yosemite).

syslog(3)

In some cases you need more than just ATR and APDU. That is why my CCID driver also uses syslog() to log debug messages.

According to syslog(3) manual page syslog() prototype is: void syslog(int priority, const char *message, ...);

The priority parameter is used to tell if the syslog message is important or not. For example messages of level LOG_EMERG are "A panic condition. This is normally broadcast to all users."

You can use the syslog(1) command line tool to log a message. To log an emergency message just do:
$ syslog -s -l 0 Read http://ludovicrousseau.blogspot.fr/
  • -s to send a message
  • -l 0 to use level 0 i.e. Emergency

You should see a message broadcasted in every Terminal console and a message in /var/log/system.log. You can use the Console application to read the /var/log/system.log file.

By default messages with level Info (6) or Debug (7) are just ignored.

Logging low level messages

To log messages of level Info and Debug from the CCID driver you need to tell syslog to accept them. We could change the global configuration to accept debug messages from every running process but that may generate a lot of noise. Each process has its own syslog filter. We will use that feature instead.

First step is to get the process identification (PID) of the com.apple.ifdreader process. I use something like:
$ ps -Aww | grep com.apple.ifdreader
28775 ??         0:00.74 /System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.apple.ifdreader
28803 ttys000    0:00.00 grep com.apple.ifdreader

In my case the PID is 28775.

You can see the syslog filter for the process using:
$ syslog -c 28775
Process 28775 syslog filter mask: Off

Change the filter using:
$ sudo syslog -c 28775 -d
-d indicates: set the filter level to cause to log messages from Emergency up to Debug.

And verify the filter has changed:
$ syslog -c 28775 
Process 28775 syslog filter mask: Emergency - Debug

Displaying logs

You can use the Console application to display the logs.

You can also use a command line program with:
$ syslog -w -k Sender com.apple.ifdreader
This will continuously display the log messages from com.apple.ifdreader as they are generated by the driver.

Conclusion

Apple removed the ability to run pcscd in foreground mode from the console on Yosemite because pcscd has been replaced by something different (See "OS X Yosemite and smart cards status").

As we have seen in this article it is still possible to log messages from a smart card reader driver. Using syslog may even be easier to use than restarting the pcscd process.