Skip to content

Home

Jump to bottom Edit New page
Luka Logar edited this page Jun 1, 2020 · 6 revisions

IsoApplet jcardsim cheat sheet

Here are the steps to compile and use/test IsoApplet with a jcardsim simulator and vpcd - virtual smartcard pcsc-lite driver.

Prerequisites

I'll be using Ubuntu 20.04 LTS, so if you are using another Linux flavour adjust accordingly...

Install needed packages:

~$ sudo apt install git build-essential maven default-jdk ant autoconf libtool-bin pkg-config help2man opensc pcscd libpcsclite-dev
[sudo] password for iso: ****
...
done.

Disable pcscd auto-exit function as it does not play well in this scenario:

~$ sudo sed "s/--auto-exit//g" -i /lib/systemd/system/pcscd.service 

~$ sudo service pcscd restart

Compiling IsoApplet

Get the source:

~$ git clone https://github.com/philipWendland/IsoApplet
Cloning into 'IsoApplet'...
remote: Enumerating objects: 9, done.
remote: Counting objects: 100% (9/9), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 821 (delta 1), reused 6 (delta 1), pack-reused 812
Receiving objects: 100% (821/821), 265.13 KiB | 893.00 KiB/s, done.
Resolving deltas: 100% (309/309), done.

Just for the record, let's check the revision we'll be using:

~$ cd ~/IsoApplet

~/IsoApplet$ git log -1
commit 4fb99788c77d531f1ebba162de231ee9c472d0ee (HEAD -> master, origin/master, origin/HEAD)
Author: Philip Wendland <wendlandphilip@gmail.com>
Date:   Wed Dec 4 21:50:29 2019 +0100

    update usage of ant-javacard: use GET task

Get the needed javacard sdks:

~/IsoApplet$ git submodule init
Submodule 'ext/sdks' (https://github.com/martinpaljak/oracle_javacard_sdks) registered for path 'ext/sdks'

~/IsoApplet$ git submodule update
Cloning into '/home/iso/IsoApplet/ext/sdks'...
Submodule path 'ext/sdks': checked out '494164ea8470f49f44be19f49dab3af7c83e39e2'

Build IsoApplet:

~/IsoApplet$ ant
Buildfile: /home/iso/IsoApplet/build.xml
      [get] Getting: https://github.com/martinpaljak/ant-javacard/releases/latest/download/ant-javacard.jar
      [get] To: /home/iso/IsoApplet/ant-javacard.jar
      [get] https://github.com/martinpaljak/ant-javacard/releases/latest/download/ant-javacard.jar moved to https://github.com/martinpaljak/ant-javacard/releases/download/v20.02.19/ant-javacard.jar
      [get] https://github.com/martinpaljak/ant-javacard/releases/download/v20.02.19/ant-javacard.jar moved to https://github-production-release-asset-2e65be.s3.amazonaws.com/28853876/0a3d0580-5303-11ea-9304-fe0a3d16e902?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200321%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200321T124651Z&X-Amz-Expires=300&X-Amz-Signature=323541bcb27722cfefe812e8852ef4f0633f41690106478e767432072c882a0b&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dant-javacard.jar&response-content-type=application%2Foctet-stream
      [cap] INFO: using JavaCard 3.0.5 SDK in /home/iso/IsoApplet/ext/sdks/jc305u3_kit
      [cap] INFO: targeting JavaCard 2.2.2 SDK in ext/sdks/jc222_kit
      [cap] INFO: Setting package name to net.pwendland.javacard.pki.isoapplet
      [cap] Building CAP with 1 applet from package net.pwendland.javacard.pki.isoapplet (AID: F276A288BCFBA69D34F310)
      [cap] net.pwendland.javacard.pki.isoapplet.IsoApplet F276A288BCFBA69D34F31001
  [compile] Compiling files from /home/iso/IsoApplet/src
  [compile] Compiling 14 source files to /tmp/jccpro980078902120380472
  [convert] [ INFO: ] Converter [v3.0.5]
  [convert] [ INFO: ]     Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
  [convert]     
  [convert]     
  [convert] [ INFO: ] conversion completed with 0 errors and 0 warnings.
   [verify] Verification passed
      [cap] CAP saved to /home/iso/IsoApplet/IsoApplet.cap

BUILD SUCCESSFUL
Total time: 6 seconds

Compiling vpcd

Get the source:

~$ git clone https://github.com/frankmorgner/vsmartcard
Cloning into 'vsmartcard'...
remote: Enumerating objects: 138, done.
remote: Counting objects: 100% (138/138), done.
remote: Compressing objects: 100% (81/81), done.
remote: Total 11854 (delta 64), reused 92 (delta 39), pack-reused 11716
Receiving objects: 100% (11854/11854), 18.83 MiB | 295.00 KiB/s, done.
Resolving deltas: 100% (7488/7488), done.

~$ cd ~/vsmartcard/virtualsmartcard

Just for the record, let's check the revision we'll be using:

~/vsmartcard/virtualsmartcard$ git log -1
commit edad4b961faf7b3d335e959de2bf7175e5600b78 (HEAD -> master, origin/master, origin/HEAD)
Author: Frank Morgner <frankmorgner@gmail.com>
Date:   Sun Oct 27 00:01:53 2019 +0200

    appveyor: wdk workaround not needed anymore

Build vsmartcard:

~/vsmartcard/virtualsmartcard$ autoreconf -vis 
...

~/vsmartcard/virtualsmartcard$ ./configure --prefix=/usr --enable-serialdropdir=/usr/lib/pcsc/drivers/vpcd --enable-serialconfdir=/etc/reader.conf.d
...

~/vsmartcard/virtualsmartcard$ make
...

Install:

~/vsmartcard/virtualsmartcard$ sudo make install

Building jcardsim

The original jcardsim does not support vpcd, so I'll use the arekinath fork which has vpcd support built in.

Edit1: the arekinath patch was merged into licel's repo, so we can use it

Edit2: ...or we can also use my fork which has some fixes and can also simulate card insertion and removal

~$ git clone https://github.com/licel/jcardsim
loning into 'jcardsim'...
remote: Enumerating objects: 12, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 4377 (delta 0), reused 8 (delta 0), pack-reused 4365
Receiving objects: 100% (4377/4377), 4.87 MiB | 2.11 MiB/s, done.
Resolving deltas: 100% (2305/2305), done.

~$ cd ~/jcardsim

Just for the record, let's check the revision we'll be using:

~/jcardsim$ git log -1
commit 6c0cd78d2e4059a9198379cc4fc1123920600430 (HEAD -> master, origin/master, origin/HEAD)
Merge: 6b438bc a47a980
Author: Licel Corporation <licel@users.noreply.github.com>
Date:   Tue May 5 12:07:15 2020 +0100

    Merge pull request #154 from arekinath/vpcd-pr
    
    Add basic support for connecting to vsmartcard/vpcd

Tell jcardsim where javacard sdks can be found:

~/jcardsim$ export JC_CLASSIC_HOME=$HOME/IsoApplet/ext/sdks/jc305u3_kit
~/jcardsim$ export JC_CLASSPATH=$JC_CLASSIC_HOME/lib

Compile the jcardsim:

~/jcardsim$ mvn initialize
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  4.909 s
[INFO] Finished at: 2020-03-21T14:01:12+01:00
[INFO] ------------------------------------------------------------------------

~/jcardsim$ mvn install
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  58.197 s
[INFO] Finished at: 2020-03-21T14:02:58+01:00
[INFO] ------------------------------------------------------------------------

Prepare IsoApplet to be used with jcardsim

IsoApplet now has to be compiled with the jcardism libraries instead of those from sdk (-g enables a debug build)

~$ javac -g -classpath "$HOME/jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar" ~/IsoApplet/src/net/pwendland/javacard/pki/isoapplet/*.java
Note: /home/iso/IsoApplet/src/net/pwendland/javacard/pki/isoapplet/IsoApplet.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.

Also a jcardsim configuration file has to be created:

~$ cat << EOF > ~/jcardsim/jcardsim_IsoApplet.cfg
com.licel.jcardsim.card.applet.0.AID=F276A288BCFBA69D34F31001
com.licel.jcardsim.card.applet.0.Class=net.pwendland.javacard.pki.isoapplet.IsoApplet
com.licel.jcardsim.card.ATR=3B80800101
com.licel.jcardsim.vsmartcard.host=localhost
com.licel.jcardsim.vsmartcard.port=35963
EOF

That's all. Let's see if it works...

Testing the IsoApplet with jcardsim

First the simulator has to be started:

~$ java -classpath "$HOME/jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar:$HOME/IsoApplet/src" com.licel.jcardsim.remote.VSmartCard ~/jcardsim/jcardsim_IsoApplet.cfg

One could use jdb instead of java to start a debugging session.

Then the applet has to be installed using the opensc-tool (from another shell window):

~$ opensc-tool --card-driver default --send-apdu "80:B8:00:00:1A:0C:F2:76:A2:88:BC:FB:A6:9D:34:F3:10:01:0C:F2:76:A2:88:BC:FB:A6:9D:34:F3:10:01:00"
Using reader with a card: Virtual PCD 00 00
Sending: 80 B8 00 00 1A 0C F2 76 A2 88 BC FB A6 9D 34 F3 10 01 0C F2 76 A2 88 BC FB A6 9D 34 F3 10 01 00 
Received (SW1=0x90, SW2=0x00):
F2 76 A2 88 BC FB A6 9D 34 F3 10 01 .v......4...

Finally we can initialize the simulated card, as we would the real one:

~$ pkcs15-init --create-pkcs15
Using reader with a card: Virtual PCD 00 00
New User PIN.
Please enter User PIN: ****
Please type again to verify: ****
Unblock Code for New User PIN (Optional - press return for no PIN).

The virtual card is also recognized via the pkcs11 interface:

~$ pkcs11-tool --list-slots
Available slots:
Slot 0 (0x0): Virtual PCD 00 00
  token label        : User PIN (JavaCard isoApplet)
  token manufacturer : unknown
  token model        : PKCS#15
  token flags        : login required, rng, token initialized, PIN initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 0000
  pin min/max        : 4/16
Slot 1 (0x4): Virtual PCD 00 01
  (empty)

That's all folks. Enjoy.

Add a custom footer
Add a custom sidebar
Clone this wiki locally