GIDS Cards

GIDS Cards are wonderful gifts from Vincent Le Toux (@mysmartlogon), they can transform JavaCards (2.2.1 or +) into universal SmartCards for Windows (7/2008r2 or +), without any middleware/crappy software to install.

You can find more information at: https://www.mysmartlogon.com/generic-identity-device-specification-gids-smart-card/ & https://docs.microsoft.com/previous-versions/windows/hardware/design/dn642100(v=vs.85)

Prerequisites

GIDS Applet – https://github.com/vletoux/GidsApplet
Java SE Development Kit 8 – https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html
Java Card Development Kit 2.2.1 – https://www.oracle.com/java/technologies/java-archive-downloads-javame-downloads.html#javacardkitv221
Global Platform Pro – https://javacard.pro/globalplatform/
OpenSC – https://github.com/OpenSC/OpenSC (gids-tool.exe, opensc-tool.exe, opensc.dll are enough)

Building the applet

Download Vincent’s GIDS applet source code (clone the repository, download master branch, …) then go to its directory.
After adjusting line 1 & 2 to correct paths, you can build the binary.

set JC_HOME=c:\security\javacard\java_card_kit-2_2_1
set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_291
set PATH=%JC_HOME%\bin;%JAVA_HOME%\bin;%PATH%

javac -Xlint:-options -g -source 1.2 -target 1.2 ^
-classpath %JC_HOME%\lib\api.jar ^
src\com\mysmartlogon\gidsApplet\*.java

java -classpath %JC_HOME%\lib\converter.jar;%JC_HOME%\lib\offcardverifier.jar com.sun.javacard.converter.Converter ^
-out CAP -exportpath %JC_HOME%\api_export_files -classdir src ^
-applet 0xa0:0x00:0x00:0x03:0x97:0x42:0x54:0x46:0x59:0x02:0x01 com.mysmartlogon.gidsApplet.GidsApplet ^
com.mysmartlogon.gidsApplet 0xa0:0x00:0x00:0x03:0x97:0x42:0x54:0x46:0x59 1.0

Applet will be in: src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap

You can check some informations:

c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --info --cap src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap
GlobalPlatformPro v20.01.23-0-g5ad373b
Running on Windows 10 10.0 amd64, Java 1.8.0_291 by Oracle Corporation
**** CAP info of gidsApplet.cap
CAP file (v2.1), contains: applets for JavaCard 2.2.1
Package: com.mysmartlogon.gidsApplet A00000039742544659 v1.0
Applet:  A000000397425446590201
Import:  A0000000620001                   v1.0 java.lang
Import:  A0000000620101                   v1.2 javacard.framework
Import:  A0000000620102                   v1.2 javacard.security
Import:  A0000000620201                   v1.2 javacardx.crypto
Generated by Sun Microsystems Inc. converter 1.3
On Thu Jun 24 14:29:36 CEST 2021 with JDK 1.8.0_291 (Oracle Corporation)
Code size 14965 bytes (17973 with debug)
SHA-256 ec1a1a642dbac5087ae9051c04c13c33734bd83a89139d5d30cfc238ea8d9832
SHA-1   a4379a1880e6f28c4dd3f6d4105b5ede5e59d8c9

Automated build

An automated build is available at: https://ci.appveyor.com/project/gentilkiwi/gidsapplet (for logs & artifacts).

Installing the applet in a JavaCard

Tests were made with:
- Feitan JavaCOS A40 (Infineon chipset) – https://www.smartcardfocus.com/shop/ilp/id~711/javacos-a40-dual-interface-java-card-64k/p/
  ICFabricator=4090, ICType=7892, OperatingSystemID=86AA Global Platform card, GP Version: 2.1.1, GP SCP02 i=55, JavaCard v2
- Feitan JavaCOS A22 (NXP chipset) – https://www.smartcardfocus.com/shop/ilp/id~712/javacos-a22-dual-interface-java-card-150k/p/
  ICFabricator=4790, ICType=0503, OperatingSystemID=8211 Global Platform card, GP Version: 2.1.1, GP SCP02 i=55, JavaCard v2 SCP02 i=55, SCP03 i=00 i=10 with AES-128 AES-196 AES-256
Prefer contact readers to avoid problems during installations (or even key generations) – if interface includes contactless too, you’ll be able to use it after.
Interacting with an incorect authentication key can brick the card, examples here are with default keys

Selecting reader

In case of multiple smartcard readers, you can list them to know their names

java -jar gp.jar --verbose 2>NUL | findstr /i Reader
Reader: ACS ACR122 0
# ACS ACR39U ICC Reader 0
Reader: ACS ACR39U ICC Reader 0
Reader: certgate GmbH AirID BLE 0
# HID Global OMNIKEY 5022 Smart Card Reader 0
Reader: HID Global OMNIKEY 5022 Smart Card Reader 0
Reader: OMNIKEY CardMan 3x21 0
Reader: Windows Hello for Business 1

List content

For A40

c:\security\javacard>java -jar gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list
ISD: A000000003000000 (OP_READY)
Privs:   SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement

For A22 – one default applet is present

c:\security\javacard>java -jar gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list
ISD: A000000003000000 (OP_READY)
Parent:  A000000003000000
From:    A0000000620001
Privs:   SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

PKG: A0000001515350 (LOADED)
Applet:  A000000151535041

Installing

… then listing

c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --install src\com\mysmartlogon\gidsApplet\javacard\gidsApplet.cap
CAP loaded

c:\security\javacard\GidsApplet-master>java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --list
ISD: A000000003000000 (OP_READY)
Privs:   SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement

APP: A000000397425446590201 (SELECTABLE)
Privs:

PKG: A00000039742544659 (LOADED)
Version: 1.0
Applet:  A000000397425446590201

(optional) Delete the applet (optional)

java -jar ..\gp.jar --reader "ACS ACR39U ICC Reader 0" --key 404142434445464748494a4b4c4d4e4f --delete A00000039742544659

Card initialization

Identifying smartcard readers

c:\security\javacard>opensc_tool --list-readers
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             ACS ACR122 0
1    Yes             ACS ACR39U ICC Reader 0
2    Yes             certgate GmbH AirID BLE 0
3    Yes             HID Global OMNIKEY 5022 Smart Card Reader 0
4    Yes             OMNIKEY CardMan 3x21 0
5    Yes             Windows Hello for Business 1

Initialization

…change values, of course!

c:\security\javacard>gids_tool --reader 1 --initialize ^
--admin-key 000000000000000000000000000000000000000000000000 ^
--pin 0000 ^
--serial-number 00000000000000000000000000000000

Test

c:\security\javacard>certutil -scinfo "ACS ACR39U ICC Reader 0"
Le gestionnaire de ressource des cartes à puce est en cours d’exécution.
État de la carte/lecteur actuel :
Lecteurs : 1
0: ACS ACR39U ICC Reader 0
--- Lecteur : ACS ACR39U ICC Reader 0
--- Statut : SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED
--- Statut : Carte disponible pour utilisation.
---   Carte : Identity Device (Microsoft Generic Profile)
---    ATR :
3b 9f 95 81 31 fe 9f 00  66 46 53 05 10 00 ff 71   ;...1...fFS....q
df 00 00 00 00 00 ec                               .......

Blog de Gentil Kiwi

L'aide mémoire d'un kiwi