GIDS Cards are wonderful gifts from Vincent Le Toux (@mysmartlogon), they can transform JavaCards (2.2.1 or +) into universal SmartCards for Windows (7/2008r2 or +), without any middleware/crappy software to install. You can find more information at: https://www.mysmartlogon.com/generic-identity-device-specification-gids-smart-card/ & https://docs.microsoft.com/previous-versions/windows/hardware/design/dn642100(v=vs.85) ## Prerequisites * GIDS Applet - https://github.com/vletoux/GidsApplet * Java SE Development Kit 8 - https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html * Java Card Development Kit 2.2.1 - https://www.oracle.com/java/technologies/java-archive-downloads-javame-downloads.html#javacardkitv221 * Global Platform Pro - https://javacard.pro/globalplatform/ * OpenSC - https://github.com/OpenSC/OpenSC (`gids-tool.exe`, `opensc-tool.exe`, `opensc.dll` are enough) ## Building the applet Download Vincent's GIDS applet source code (clone the repository, download master branch, ...) then go to its directory. After adjusting line 1 & 2 to correct paths, you can build the binary. ``` set JC_HOME=c:\security\javacard\java_card_kit-2_2_1 set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_291 set PATH=%JC_HOME%\bin;%JAVA_HOME%\bin;%PATH% javac -Xlint:-options -g -source 1.2 -target 1.2 ^ -classpath %JC_HOME%\lib\api.jar ^ src\com\mysmartlogon\gidsApplet\*.java java -classpath %JC_HOME%\lib\converter.jar;%JC_HOME%\lib\offcardverifier.jar com.sun.javacard.converter.Converter ^ -out CAP -exportpath %JC_HOME%\api_export_files -classdir src ^ -applet 0xa0:0x00:0x00:0x03:0x97:0x42:0x54:0x46:0x59:0x02:0x01 com.mysmartlogon.gidsApplet.GidsApplet ^ com.mysmartlogon.gidsApplet 0xa0:0x00:0x00:0x03:0x97:0x42:0x54:0x46:0x59 1.0[/code] ``` Applet will be in: `src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap` You can check some informations: ``` c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --info --cap src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap GlobalPlatformPro v20.01.23-0-g5ad373b Running on Windows 10 10.0 amd64, Java 1.8.0_291 by Oracle Corporation **** CAP info of gidsApplet.cap CAP file (v2.1), contains: applets for JavaCard 2.2.1 Package: com.mysmartlogon.gidsApplet A00000039742544659 v1.0 Applet: A000000397425446590201 Import: A0000000620001 v1.0 java.lang Import: A0000000620101 v1.2 javacard.framework Import: A0000000620102 v1.2 javacard.security Import: A0000000620201 v1.2 javacardx.crypto Generated by Sun Microsystems Inc. converter 1.3 On Thu Jun 24 14:29:36 CEST 2021 with JDK 1.8.0_291 (Oracle Corporation) Code size 14965 bytes (17973 with debug) SHA-256 ec1a1a642dbac5087ae9051c04c13c33734bd83a89139d5d30cfc238ea8d9832 SHA-1 a4379a1880e6f28c4dd3f6d4105b5ede5e59d8c9 ``` ### Automated build An automated build is available at: https://ci.appveyor.com/project/gentilkiwi/gidsapplet (for logs & artifacts). ## Installing the applet in a JavaCard 1. Tests were made with: * Feitan JavaCOS A40 (Infineon chipset) - https://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/ ``` ICFabricator=4090, ICType=7892, OperatingSystemID=86AA Global Platform card, GP Version: 2.1.1, GP SCP02 i=55, JavaCard v2 ``` * Feitan JavaCOS A22 (NXP chipset) - https://www.smartcardfocus.com/shop/ilp/id~712/javacos-a22-dual-interface-java-card-150k/p/ ``` ICFabricator=4790, ICType=0503, OperatingSystemID=8211 Global Platform card, GP Version: 2.1.1, GP SCP02 i=55, JavaCard v2 SCP02 i=55, SCP03 i=00 i=10 with AES-128 AES-196 AES-256 ``` 2. Prefer **contact** readers to avoid problems during installations (or even key generations) - if interface includes contactless too, you'll be able to use it after. 3. Interacting with an incorect authentication key can brick the card, examples here are with default keys ### Selecting reader In case of multiple smartcard readers, you can list them to know their names ``` java -jar gp.jar --verbose 2>NUL | findstr /i Reader Reader: ACS ACR122 0 # ACS ACR39U ICC Reader 0 Reader: ACS ACR39U ICC Reader 0 Reader: certgate GmbH AirID BLE 0 # HID Global OMNIKEY 5022 Smart Card Reader 0 Reader: HID Global OMNIKEY 5022 Smart Card Reader 0 Reader: OMNIKEY CardMan 3x21 0 Reader: Windows Hello for Business 1 ``` ### List content #### For A40 ``` c:\security\javacard>java -jar gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list ISD: A000000003000000 (OP_READY) Privs: SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement ``` #### For A22 - __one default applet is present__ ``` c:\security\javacard>java -jar gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list ISD: A000000003000000 (OP_READY) Parent: A000000003000000 From: A0000000620001 Privs: SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration PKG: A0000001515350 (LOADED) Applet: A000000151535041 ``` ### Installing __... then listing__ ``` c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --install src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap CAP loaded c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list ISD: A000000003000000 (OP_READY) Privs: SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement APP: A000000397425446590201 (SELECTABLE) Privs: PKG: A00000039742544659 (LOADED) Version: 1.0 Applet: A000000397425446590201 ``` ### (optional) Delete the applet (optional) ``` java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --delete A00000039742544659 ``` ## Card initialization ### Identifying smartcard readers ``` c:\security\javacard>opensc_tool --list-readers # Detected readers (pcsc) Nr. Card Features Name 0 Yes ACS ACR122 0 1 Yes ACS ACR39U ICC Reader 0 2 Yes certgate GmbH AirID BLE 0 3 Yes HID Global OMNIKEY 5022 Smart Card Reader 0 4 Yes OMNIKEY CardMan 3x21 0 5 Yes Windows Hello for Business 1 ``` ### Initialization __...change values, of course!__ ``` c:\security\javacard>gids_tool --reader 1 --initialize ^ --admin-key 000000000000000000000000000000000000000000000000 ^ --pin 0000 ^ --serial-number 00000000000000000000000000000000 ``` ## Test ``` c:\security\javacard>certutil -scinfo "ACS ACR39U ICC Reader 0" Le gestionnaire de ressource des cartes à puce est en cours d’exécution. État de la carte/lecteur actuel : Lecteurs : 1 0: ACS ACR39U ICC Reader 0 --- Lecteur : ACS ACR39U ICC Reader 0 --- Statut : SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED --- Statut : Carte disponible pour utilisation. --- Carte : Identity Device (Microsoft Generic Profile) --- ATR : 3b 9f 95 81 31 fe 9f 00 66 46 53 05 10 00 ff 71 ;...1...fFS....q df 00 00 00 00 00 ec .......```