GIDS Cards are wonderful gifts from Vincent Le Toux (@mysmartlogon), they can transform JavaCards (2.2.1 or +) into universal SmartCards for Windows (7/2008r2 or +), without any middleware/crappy software to install.
You can find more information at: https://www.mysmartlogon.com/generic-identity-device-specification-gids-smart-card/ & https://docs.microsoft.com/previous-versions/windows/hardware/design/dn642100(v=vs.85)
Prerequisites
- GIDS Applet – https://github.com/vletoux/GidsApplet
- Java SE Development Kit 8 – https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html
- Java Card Development Kit 2.2.1 – https://www.oracle.com/java/technologies/java-archive-downloads-javame-downloads.html#javacardkitv221
- Global Platform Pro – https://javacard.pro/globalplatform/
- OpenSC – https://github.com/OpenSC/OpenSC (
gids-tool.exe
,opensc-tool.exe
,opensc.dll
are enough)
Building the applet
Download Vincent’s GIDS applet source code (clone the repository, download master branch, …) then go to its directory.
After adjusting line 1 & 2 to correct paths, you can build the binary.
set JC_HOME=c:\security\javacard\java_card_kit-2_2_1 set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_291 set PATH=%JC_HOME%\bin;%JAVA_HOME%\bin;%PATH% javac -Xlint:-options -g -source 1.2 -target 1.2 ^ -classpath %JC_HOME%\lib\api.jar ^ src\com\mysmartlogon\gidsApplet\*.java java -classpath %JC_HOME%\lib\converter.jar;%JC_HOME%\lib\offcardverifier.jar com.sun.javacard.converter.Converter ^ -out CAP -exportpath %JC_HOME%\api_export_files -classdir src ^ -applet 0xa0:0x00:0x00:0x03:0x97:0x42:0x54:0x46:0x59:0x02:0x01 com.mysmartlogon.gidsApplet.GidsApplet ^ com.mysmartlogon.gidsApplet 0xa0:0x00:0x00:0x03:0x97:0x42:0x54:0x46:0x59 1.0
Applet will be in: src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap
You can check some informations:
c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --info --cap src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap GlobalPlatformPro v20.01.23-0-g5ad373b Running on Windows 10 10.0 amd64, Java 1.8.0_291 by Oracle Corporation **** CAP info of gidsApplet.cap CAP file (v2.1), contains: applets for JavaCard 2.2.1 Package: com.mysmartlogon.gidsApplet A00000039742544659 v1.0 Applet: A000000397425446590201 Import: A0000000620001 v1.0 java.lang Import: A0000000620101 v1.2 javacard.framework Import: A0000000620102 v1.2 javacard.security Import: A0000000620201 v1.2 javacardx.crypto Generated by Sun Microsystems Inc. converter 1.3 On Thu Jun 24 14:29:36 CEST 2021 with JDK 1.8.0_291 (Oracle Corporation) Code size 14965 bytes (17973 with debug) SHA-256 ec1a1a642dbac5087ae9051c04c13c33734bd83a89139d5d30cfc238ea8d9832 SHA-1 a4379a1880e6f28c4dd3f6d4105b5ede5e59d8c9
Automated build
An automated build is available at: https://ci.appveyor.com/project/gentilkiwi/gidsapplet (for logs & artifacts).
Installing the applet in a JavaCard
- Tests were made with:
- Feitan JavaCOS A40 (Infineon chipset) – https://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/
ICFabricator=4090, ICType=7892, OperatingSystemID=86AA
Global Platform card, GP Version: 2.1.1, GP SCP02 i=55, JavaCard v2 - Feitan JavaCOS A22 (NXP chipset) – https://www.smartcardfocus.com/shop/ilp/id~712/javacos-a22-dual-interface-java-card-150k/p/
ICFabricator=4790, ICType=0503, OperatingSystemID=8211
Global Platform card, GP Version: 2.1.1, GP SCP02 i=55, JavaCard v2
SCP02 i=55, SCP03 i=00 i=10 with AES-128 AES-196 AES-256
- Feitan JavaCOS A40 (Infineon chipset) – https://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/
- Prefer contact readers to avoid problems during installations (or even key generations) – if interface includes contactless too, you’ll be able to use it after.
- Interacting with an incorect authentication key can brick the card, examples here are with default keys
Selecting reader
In case of multiple smartcard readers, you can list them to know their names
java -jar gp.jar --verbose 2>NUL | findstr /i Reader Reader: ACS ACR122 0 # ACS ACR39U ICC Reader 0 Reader: ACS ACR39U ICC Reader 0 Reader: certgate GmbH AirID BLE 0 # HID Global OMNIKEY 5022 Smart Card Reader 0 Reader: HID Global OMNIKEY 5022 Smart Card Reader 0 Reader: OMNIKEY CardMan 3x21 0 Reader: Windows Hello for Business 1
List content
For A40
c:\security\javacard>java -jar gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list ISD: A000000003000000 (OP_READY) Privs: SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement
For A22 – one default applet is present
c:\security\javacard>java -jar gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list ISD: A000000003000000 (OP_READY) Parent: A000000003000000 From: A0000000620001 Privs: SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration PKG: A0000001515350 (LOADED) Applet: A000000151535041
Installing
… then listing
c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --install src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap CAP loaded c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list ISD: A000000003000000 (OP_READY) Privs: SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement APP: A000000397425446590201 (SELECTABLE) Privs: PKG: A00000039742544659 (LOADED) Version: 1.0 Applet: A000000397425446590201
(optional) Delete the applet (optional)
java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --delete A00000039742544659
Card initialization
Identifying smartcard readers
c:\security\javacard>opensc_tool --list-readers # Detected readers (pcsc) Nr. Card Features Name 0 Yes ACS ACR122 0 1 Yes ACS ACR39U ICC Reader 0 2 Yes certgate GmbH AirID BLE 0 3 Yes HID Global OMNIKEY 5022 Smart Card Reader 0 4 Yes OMNIKEY CardMan 3x21 0 5 Yes Windows Hello for Business 1
Initialization
…change values, of course!
c:\security\javacard>gids_tool --reader 1 --initialize ^ --admin-key 000000000000000000000000000000000000000000000000 ^ --pin 0000 ^ --serial-number 00000000000000000000000000000000
Test
c:\security\javacard>certutil -scinfo "ACS ACR39U ICC Reader 0" Le gestionnaire de ressource des cartes à puce est en cours d’exécution. État de la carte/lecteur actuel : Lecteurs : 1 0: ACS ACR39U ICC Reader 0 --- Lecteur : ACS ACR39U ICC Reader 0 --- Statut : SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED --- Statut : Carte disponible pour utilisation. --- Carte : Identity Device (Microsoft Generic Profile) --- ATR : 3b 9f 95 81 31 fe 9f 00 66 46 53 05 10 00 ff 71 ;...1...fFS....q df 00 00 00 00 00 ec .......